int main(int argc, char **argv)
{
int i = 0;
chdir(BBSHOME);
initsetproctitle(argc, argv, environ);
if( argc >= 2 ){
if( strcmp(argv[1], "init") == 0 ){
/* in this case, do NOT run attach_SHM here.
because uhash_loader is not run yet. */
return SHMinit(argc - 1, &argv[1]);
}
attach_SHM();
/* shmctl doesn't need resolve_boards() first */
//resolve_boards();
resolve_garbage();
resolve_fcache();
for( i = 0 ; cmd[i].func != NULL ; ++i )
if( strcmp(cmd[i].cmd, argv[1]) == 0 ){
return cmd[i].func(argc - 1, &argv[1]);
}
}
if( argc == 1 || cmd[i].func == NULL ){
/* usage */
printf("usage: shmctl [command] [options]\n");
printf("commands:\n");
for( i = 0 ; cmd[i].func != NULL ; ++i )
printf("\t%-15s%s\n", cmd[i].cmd, cmd[i].descript);
}
return 0;
}
int main(int argc, char **argv, char **envp) {
int ch;
signal(SIGHUP, wakeup);
initsetproctitle(argc, argv, envp);
if(chdir(BBSHOME))
return 1;
while((ch = getopt(argc, argv, "qh")) != -1) {
switch(ch) {
case 'q':
listQueue();
return 0;
default:
usage();
return 0;
}
}
for(;;) {
sendMail();
setproctitle("outmail: sleeping");
sleep(60 * 3); /* send mail every 3 minute */
}
return 0;
}
static void shell_login(int argc, char *argv[], char *envp[]) {
/* Give up root privileges: no way back from here */
setgid(BBSGID);
setuid(BBSUID);
chdir(BBSHOME);
/* mmap passwd file */
if(passwd_mmap())
exit(1);
use_shell_login_mode=1;
initsetproctitle(argc, argv, envp);
/* copy from the original "bbs" */
if(argc > 1) {
strcpy(fromhost, argv[1]);
#if 0
if(argc > 2)
strcpy(tty_name, argv[2]);
#endif
if(argc > 3)
strcpy(remoteusername, argv[3]);
}
{
char cmd[80] = "??@";
if(!getenv("RFC931"))
setenv("RFC931", strcat(cmd, fromhost), 1);
}
close(2);
/* don't close fd 1, at least init_tty need it */
init_tty();
if(check_ban_and_load(0)) exit(0);
}
int main(int argc,char **argv, char **envp)
{
struct plugins_list_entry *list;
char config_file[SRVBUFLEN];
int logf;
/* getopt() stuff */
extern char *optarg;
extern int optind, opterr, optopt;
int errflag, cp;
#if defined HAVE_MALLOPT
mallopt(M_CHECK_ACTION, 0);
#endif
umask(077);
compute_once();
memset(cfg_cmdline, 0, sizeof(cfg_cmdline));
memset(&config, 0, sizeof(struct configuration));
memset(&config_file, 0, sizeof(config_file));
log_notifications_init(&log_notifications);
config.acct_type = ACCT_PMBGP;
find_id_func = NULL;
plugins_list = NULL;
errflag = 0;
rows = 0;
/* getting commandline values */
while (!errflag && ((cp = getopt(argc, argv, ARGS_PMBGPD)) != -1)) {
cfg_cmdline[rows] = malloc(SRVBUFLEN);
switch (cp) {
case 'L':
strlcpy(cfg_cmdline[rows], "bgp_daemon_ip: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'l':
strlcpy(cfg_cmdline[rows], "bgp_daemon_port: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'D':
strlcpy(cfg_cmdline[rows], "daemonize: true", SRVBUFLEN);
rows++;
break;
case 'd':
debug = TRUE;
strlcpy(cfg_cmdline[rows], "debug: true", SRVBUFLEN);
rows++;
break;
case 'f':
strlcpy(config_file, optarg, sizeof(config_file));
break;
case 'F':
strlcpy(cfg_cmdline[rows], "pidfile: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'S':
strlcpy(cfg_cmdline[rows], "syslog: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'h':
usage_daemon(argv[0]);
exit(0);
break;
case 'V':
version_daemon(PMBGPD_USAGE_HEADER);
exit(0);
break;
default:
usage_daemon(argv[0]);
exit(1);
break;
}
}
/* post-checks and resolving conflicts */
if (strlen(config_file)) {
if (parse_configuration_file(config_file) != SUCCESS)
exit(1);
}
else {
if (parse_configuration_file(NULL) != SUCCESS)
exit(1);
}
list = plugins_list;
while (list) {
list->cfg.acct_type = ACCT_PMBGP;
set_default_preferences(&list->cfg);
if (!strcmp(list->type.string, "core")) {
memcpy(&config, &list->cfg, sizeof(struct configuration));
config.name = list->name;
config.type = list->type.string;
}
list = list->next;
}
if (config.files_umask) umask(config.files_umask);
if (config.daemon) {
if (debug || config.debug)
printf("WARN ( %s/core ): debug is enabled; forking in background. Logging to standard error (stderr) will get lost.\n", config.name);
daemonize();
}
initsetproctitle(argc, argv, envp);
if (config.syslog) {
logf = parse_log_facility(config.syslog);
if (logf == ERR) {
config.syslog = NULL;
printf("WARN ( %s/core ): specified syslog facility is not supported. Logging to standard error (stderr).\n", config.name);
}
else openlog(NULL, LOG_PID, logf);
Log(LOG_INFO, "INFO ( %s/core ): Start logging ...\n", config.name);
}
if (config.logfile)
{
config.logfile_fd = open_output_file(config.logfile, "a", FALSE);
while (list) {
list->cfg.logfile_fd = config.logfile_fd ;
list = list->next;
}
}
if (config.proc_priority) {
int ret;
ret = setpriority(PRIO_PROCESS, 0, config.proc_priority);
if (ret) Log(LOG_WARNING, "WARN ( %s/core ): proc_priority failed (errno: %d)\n", config.name, errno);
else Log(LOG_INFO, "INFO ( %s/core ): proc_priority set to %d\n", config.name, getpriority(PRIO_PROCESS, 0));
}
if (strlen(config_file)) {
char canonical_path[PATH_MAX], *canonical_path_ptr;
canonical_path_ptr = realpath(config_file, canonical_path);
if (canonical_path_ptr) Log(LOG_INFO, "INFO ( %s/core ): Reading configuration file '%s'.\n", config.name, canonical_path);
}
else Log(LOG_INFO, "INFO ( %s/core ): Reading configuration from cmdline.\n", config.name);
pm_setproctitle("%s [%s]", "Core Process", config.proc_name);
if (config.pidfile) write_pid_file(config.pidfile);
/* signal handling we want to inherit to plugins (when not re-defined elsewhere) */
signal(SIGCHLD, startup_handle_falling_child); /* takes note of plugins failed during startup phase */
signal(SIGHUP, reload); /* handles reopening of syslog channel */
signal(SIGUSR1, SIG_IGN);
signal(SIGUSR2, reload_maps); /* sets to true the reload_maps flag */
signal(SIGPIPE, SIG_IGN); /* we want to exit gracefully when a pipe is broken */
signal(SIGINT, my_sigint_handler);
signal(SIGTERM, my_sigint_handler);
if (!config.nfacctd_bgp) config.nfacctd_bgp = BGP_DAEMON_ONLINE;
if (!config.nfacctd_bgp_port) config.nfacctd_bgp_port = BGP_TCP_PORT;
bgp_prepare_daemon();
skinny_bgp_daemon();
}
int main(int argc,char **argv, char **envp)
{
bpf_u_int32 localnet, netmask; /* pcap library stuff */
struct bpf_program filter;
struct pcap_device device;
char errbuf[PCAP_ERRBUF_SIZE];
int index, logf;
struct plugins_list_entry *list;
struct plugin_requests req;
char config_file[SRVBUFLEN];
int psize = ULOG_BUFLEN;
struct id_table bpas_table;
struct id_table blp_table;
struct id_table bmed_table;
struct id_table biss_table;
struct id_table bta_table;
struct id_table idt;
struct pcap_callback_data cb_data;
/* getopt() stuff */
extern char *optarg;
extern int optind, opterr, optopt;
int errflag, cp;
/* ULOG stuff */
int ulog_fd, one = 1;
struct nlmsghdr *nlh;
struct sockaddr_nl nls;
ulog_packet_msg_t *ulog_pkt;
ssize_t len = 0;
socklen_t alen;
unsigned char *ulog_buffer;
struct pcap_pkthdr hdr;
struct timeval tv;
char jumbo_container[10000];
u_int8_t mac_len;
#if defined ENABLE_IPV6
struct sockaddr_storage client;
#else
struct sockaddr client;
#endif
#if defined HAVE_MALLOPT
mallopt(M_CHECK_ACTION, 0);
#endif
umask(077);
compute_once();
/* a bunch of default definitions */
have_num_memory_pools = FALSE;
reload_map = FALSE;
tag_map_allocated = FALSE;
bpas_map_allocated = FALSE;
blp_map_allocated = FALSE;
bmed_map_allocated = FALSE;
biss_map_allocated = FALSE;
bta_map_caching = FALSE;
sampling_map_caching = FALSE;
find_id_func = PM_find_id;
errflag = 0;
memset(cfg_cmdline, 0, sizeof(cfg_cmdline));
memset(&config, 0, sizeof(struct configuration));
memset(&device, 0, sizeof(struct pcap_device));
memset(&config_file, 0, sizeof(config_file));
memset(&failed_plugins, 0, sizeof(failed_plugins));
memset(&req, 0, sizeof(req));
memset(dummy_tlhdr, 0, sizeof(dummy_tlhdr));
memset(sll_mac, 0, sizeof(sll_mac));
memset(&bpas_table, 0, sizeof(bpas_table));
memset(&blp_table, 0, sizeof(blp_table));
memset(&bmed_table, 0, sizeof(bmed_table));
memset(&biss_table, 0, sizeof(biss_table));
memset(&bta_table, 0, sizeof(bta_table));
memset(&client, 0, sizeof(client));
memset(&cb_data, 0, sizeof(cb_data));
memset(&tunnel_registry, 0, sizeof(tunnel_registry));
memset(&reload_map_tstamp, 0, sizeof(reload_map_tstamp));
config.acct_type = ACCT_PM;
rows = 0;
glob_pcapt = NULL;
/* getting commandline values */
while (!errflag && ((cp = getopt(argc, argv, ARGS_UACCTD)) != -1)) {
cfg_cmdline[rows] = malloc(SRVBUFLEN);
switch (cp) {
case 'P':
strlcpy(cfg_cmdline[rows], "plugins: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'D':
strlcpy(cfg_cmdline[rows], "daemonize: true", SRVBUFLEN);
rows++;
break;
case 'd':
debug = TRUE;
strlcpy(cfg_cmdline[rows], "debug: true", SRVBUFLEN);
rows++;
break;
case 'n':
strlcpy(cfg_cmdline[rows], "networks_file: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'o':
strlcpy(cfg_cmdline[rows], "ports_file: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'O':
strlcpy(cfg_cmdline[rows], "print_output: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'u':
strlcpy(cfg_cmdline[rows], "print_num_protos: true", SRVBUFLEN);
rows++;
break;
case 'f':
strlcpy(config_file, optarg, sizeof(config_file));
break;
case 'F':
strlcpy(cfg_cmdline[rows], "pidfile: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'c':
strlcpy(cfg_cmdline[rows], "aggregate: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'b':
strlcpy(cfg_cmdline[rows], "imt_buckets: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'm':
strlcpy(cfg_cmdline[rows], "imt_mem_pools_number: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
have_num_memory_pools = TRUE;
rows++;
break;
case 'p':
strlcpy(cfg_cmdline[rows], "imt_path: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'r':
strlcpy(cfg_cmdline[rows], "sql_refresh_time: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'v':
strlcpy(cfg_cmdline[rows], "sql_table_version: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 's':
strlcpy(cfg_cmdline[rows], "imt_mem_pools_size: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'S':
strlcpy(cfg_cmdline[rows], "syslog: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'g':
strlcpy(cfg_cmdline[rows], "uacctd_group: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'L':
strlcpy(cfg_cmdline[rows], "snaplen: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'R':
strlcpy(cfg_cmdline[rows], "sfacctd_renormalize: true", SRVBUFLEN);
rows++;
break;
case 'h':
usage_daemon(argv[0]);
exit(0);
break;
case 'V':
version_daemon(UACCTD_USAGE_HEADER);
exit(0);
break;
default:
usage_daemon(argv[0]);
exit(1);
break;
}
}
/* post-checks and resolving conflicts */
if (strlen(config_file)) {
if (parse_configuration_file(config_file) != SUCCESS)
exit(1);
}
else {
if (parse_configuration_file(NULL) != SUCCESS)
exit(1);
}
/* XXX: glue; i'm conscious it's a dirty solution from an engineering viewpoint;
someday later i'll fix this */
list = plugins_list;
while (list) {
list->cfg.acct_type = ACCT_PM;
set_default_preferences(&list->cfg);
if (!strcmp(list->name, "default") && !strcmp(list->type.string, "core")) {
memcpy(&config, &list->cfg, sizeof(struct configuration));
config.name = list->name;
config.type = list->type.string;
}
list = list->next;
}
if (config.files_umask) umask(config.files_umask);
if (!config.snaplen) config.snaplen = psize;
if (!config.uacctd_nl_size) config.uacctd_nl_size = psize;
/* Let's check whether we need superuser privileges */
if (getuid() != 0) {
printf("%s\n\n", UACCTD_USAGE_HEADER);
printf("ERROR ( default/core ): You need superuser privileges to run this command.\nExiting ...\n\n");
exit(1);
}
if (!config.uacctd_group) {
config.uacctd_group = DEFAULT_ULOG_GROUP;
list = plugins_list;
while (list) {
list->cfg.uacctd_group = DEFAULT_ULOG_GROUP;
list = list->next;
}
}
if (config.daemon) {
list = plugins_list;
while (list) {
if (!strcmp(list->type.string, "print")) printf("WARN ( default/core ): Daemonizing. Hmm, bye bye screen.\n");
list = list->next;
}
if (debug || config.debug)
printf("WARN ( default/core ): debug is enabled; forking in background. Console logging will get lost.\n");
daemonize();
}
initsetproctitle(argc, argv, envp);
if (config.syslog) {
logf = parse_log_facility(config.syslog);
if (logf == ERR) {
config.syslog = NULL;
printf("WARN ( default/core ): specified syslog facility is not supported; logging to console.\n");
}
else openlog(NULL, LOG_PID, logf);
Log(LOG_INFO, "INFO ( default/core ): Start logging ...\n");
}
if (config.logfile)
{
config.logfile_fd = open_logfile(config.logfile);
list = plugins_list;
while (list) {
list->cfg.logfile_fd = config.logfile_fd ;
list = list->next;
}
}
/* Enforcing policies over aggregation methods */
list = plugins_list;
while (list) {
if (list->type.id != PLUGIN_ID_CORE) {
/* applies to all plugins */
if (config.classifiers_path && (list->cfg.sampling_rate || config.ext_sampling_rate)) {
Log(LOG_ERR, "ERROR ( default/core ): Packet sampling and classification are mutual exclusive.\n");
exit(1);
}
if (list->cfg.sampling_rate && config.ext_sampling_rate) {
Log(LOG_ERR, "ERROR ( default/core ): Internal packet sampling and external packet sampling are mutual exclusive.\n");
exit(1);
}
if (list->type.id == PLUGIN_ID_TEE) {
Log(LOG_ERR, "ERROR ( default/core ): 'tee' plugin not supported in 'uacctd'.\n");
exit(1);
}
else if (list->type.id == PLUGIN_ID_NFPROBE) {
/* If we already renormalizing an external sampling rate,
we cancel the sampling information from the probe plugin */
if (config.sfacctd_renormalize && list->cfg.ext_sampling_rate) list->cfg.ext_sampling_rate = 0;
config.handle_fragments = TRUE;
list->cfg.nfprobe_what_to_count = list->cfg.what_to_count;
list->cfg.nfprobe_what_to_count_2 = list->cfg.what_to_count_2;
list->cfg.what_to_count = 0;
list->cfg.what_to_count_2 = 0;
#if defined (HAVE_L2)
if (list->cfg.nfprobe_version == 9 || list->cfg.nfprobe_version == 10) {
list->cfg.what_to_count |= COUNT_SRC_MAC;
list->cfg.what_to_count |= COUNT_DST_MAC;
list->cfg.what_to_count |= COUNT_VLAN;
}
#endif
list->cfg.what_to_count |= COUNT_SRC_HOST;
list->cfg.what_to_count |= COUNT_DST_HOST;
if (list->cfg.networks_file || list->cfg.networks_mask || list->cfg.nfacctd_net) {
list->cfg.what_to_count |= COUNT_SRC_NMASK;
list->cfg.what_to_count |= COUNT_DST_NMASK;
}
list->cfg.what_to_count |= COUNT_SRC_PORT;
list->cfg.what_to_count |= COUNT_DST_PORT;
list->cfg.what_to_count |= COUNT_IP_TOS;
list->cfg.what_to_count |= COUNT_IP_PROTO;
if (list->cfg.networks_file || (list->cfg.nfacctd_bgp && list->cfg.nfacctd_as == NF_AS_BGP)) {
list->cfg.what_to_count |= COUNT_SRC_AS;
list->cfg.what_to_count |= COUNT_DST_AS;
list->cfg.what_to_count |= COUNT_PEER_DST_IP;
}
if ((list->cfg.nfprobe_version == 9 || list->cfg.nfprobe_version == 10) && list->cfg.classifiers_path) {
list->cfg.what_to_count |= COUNT_CLASS;
config.handle_flows = TRUE;
}
if (list->cfg.pre_tag_map) {
list->cfg.what_to_count |= COUNT_ID;
list->cfg.what_to_count |= COUNT_ID2;
}
list->cfg.what_to_count |= COUNT_IN_IFACE;
list->cfg.what_to_count |= COUNT_OUT_IFACE;
if (list->cfg.what_to_count & (COUNT_STD_COMM|COUNT_EXT_COMM|COUNT_LOCAL_PREF|COUNT_MED|COUNT_AS_PATH|
COUNT_PEER_SRC_AS|COUNT_PEER_DST_AS|COUNT_PEER_SRC_IP|COUNT_SRC_STD_COMM|
COUNT_SRC_EXT_COMM|COUNT_SRC_AS_PATH|COUNT_SRC_MED|COUNT_SRC_LOCAL_PREF|
COUNT_MPLS_VPN_RD)) {
Log(LOG_ERR, "ERROR ( default/core ): 'src_as', 'dst_as' and 'peer_dst_ip' are currently the only BGP-related primitives supported within the 'nfprobe' plugin.\n");
exit(1);
}
list->cfg.what_to_count |= COUNT_COUNTERS;
list->cfg.data_type = PIPE_TYPE_METADATA;
list->cfg.data_type |= PIPE_TYPE_EXTRAS;
}
else if (list->type.id == PLUGIN_ID_SFPROBE) {
/* If we already renormalizing an external sampling rate,
we cancel the sampling information from the probe plugin */
if (config.sfacctd_renormalize && list->cfg.ext_sampling_rate) list->cfg.ext_sampling_rate = 0;
if (psize < 128) psize = config.snaplen = 128; /* SFL_DEFAULT_HEADER_SIZE */
list->cfg.what_to_count = COUNT_PAYLOAD;
list->cfg.what_to_count_2 = 0;
if (list->cfg.classifiers_path) {
list->cfg.what_to_count |= COUNT_CLASS;
config.handle_fragments = TRUE;
config.handle_flows = TRUE;
}
if (list->cfg.nfacctd_bgp && list->cfg.nfacctd_as == NF_AS_BGP) {
list->cfg.what_to_count |= COUNT_SRC_AS;
list->cfg.what_to_count |= COUNT_DST_AS;
list->cfg.what_to_count |= COUNT_PEER_DST_IP;
}
if ((list->cfg.nfacctd_bgp && list->cfg.nfacctd_net == NF_NET_BGP) ||
(list->cfg.nfacctd_isis && list->cfg.nfacctd_net == NF_NET_IGP)) {
list->cfg.what_to_count |= COUNT_SRC_NMASK;
list->cfg.what_to_count |= COUNT_DST_NMASK;
}
if (list->cfg.pre_tag_map) {
list->cfg.what_to_count |= COUNT_ID;
list->cfg.what_to_count |= COUNT_ID2;
}
if (list->cfg.what_to_count & (COUNT_STD_COMM|COUNT_EXT_COMM|COUNT_LOCAL_PREF|COUNT_MED|COUNT_AS_PATH|
COUNT_PEER_SRC_AS|COUNT_PEER_DST_AS|COUNT_PEER_SRC_IP|COUNT_SRC_STD_COMM|
COUNT_SRC_EXT_COMM|COUNT_SRC_AS_PATH|COUNT_SRC_MED|COUNT_SRC_LOCAL_PREF|
COUNT_MPLS_VPN_RD)) {
Log(LOG_ERR, "ERROR ( default/core ): 'src_as', 'dst_as' and 'peer_dst_ip' are currently the only BGP-related primitives supported within the 'sfprobe' plugin.\n");
exit(1);
}
#if defined (HAVE_L2)
list->cfg.what_to_count |= COUNT_VLAN;
list->cfg.what_to_count |= COUNT_COS;
#endif
list->cfg.data_type = PIPE_TYPE_PAYLOAD;
}
else {
if (list->cfg.what_to_count_2 & (COUNT_POST_NAT_SRC_HOST|COUNT_POST_NAT_DST_HOST|
COUNT_POST_NAT_SRC_PORT|COUNT_POST_NAT_DST_PORT|COUNT_NAT_EVENT|
COUNT_TIMESTAMP_START|COUNT_TIMESTAMP_END))
list->cfg.data_type |= PIPE_TYPE_NAT;
evaluate_sums(&list->cfg.what_to_count, list->name, list->type.string);
if (list->cfg.what_to_count & (COUNT_SRC_PORT|COUNT_DST_PORT|COUNT_SUM_PORT|COUNT_TCPFLAGS))
config.handle_fragments = TRUE;
if (list->cfg.what_to_count & COUNT_FLOWS) {
config.handle_fragments = TRUE;
config.handle_flows = TRUE;
}
if (list->cfg.what_to_count & COUNT_CLASS) {
config.handle_fragments = TRUE;
config.handle_flows = TRUE;
}
if (!list->cfg.what_to_count && !list->cfg.what_to_count_2) {
Log(LOG_WARNING, "WARN ( %s/%s ): defaulting to SRC HOST aggregation.\n", list->name, list->type.string);
list->cfg.what_to_count |= COUNT_SRC_HOST;
}
if (list->cfg.what_to_count & (COUNT_SRC_AS|COUNT_DST_AS|COUNT_SUM_AS)) {
if (!list->cfg.networks_file && list->cfg.nfacctd_as != NF_AS_BGP) {
Log(LOG_ERR, "ERROR ( %s/%s ): AS aggregation selected but NO 'networks_file' or 'uacctd_as' are specified. Exiting...\n\n", list->name, list->type.string);
exit(1);
}
if (list->cfg.nfacctd_as & NF_AS_FALLBACK && list->cfg.networks_file)
list->cfg.nfacctd_as |= NF_AS_NEW;
}
if (list->cfg.what_to_count & (COUNT_SRC_NET|COUNT_DST_NET|COUNT_SUM_NET|COUNT_SRC_NMASK|COUNT_DST_NMASK|COUNT_PEER_DST_IP)) {
if (!list->cfg.nfacctd_net) {
if (list->cfg.networks_file) list->cfg.nfacctd_net |= NF_NET_NEW;
if (list->cfg.networks_mask) list->cfg.nfacctd_net |= NF_NET_STATIC;
if (!list->cfg.nfacctd_net) {
Log(LOG_ERR, "ERROR ( %s/%s ): network aggregation selected but none of 'uacctd_net', 'networks_file', 'networks_mask' is specified. Exiting ...\n\n", list->name, list->type.string);
exit(1);
}
}
else {
if ((list->cfg.nfacctd_net == NF_NET_NEW && !list->cfg.networks_file) ||
(list->cfg.nfacctd_net == NF_NET_STATIC && !list->cfg.networks_mask) ||
(list->cfg.nfacctd_net == NF_NET_BGP && !list->cfg.nfacctd_bgp) ||
(list->cfg.nfacctd_net == NF_NET_IGP && !list->cfg.nfacctd_isis) ||
(list->cfg.nfacctd_net == NF_NET_KEEP)) {
Log(LOG_ERR, "ERROR ( %s/%s ): network aggregation selected but none of 'bgp_daemon', 'isis_daemon', 'networks_file', 'networks_mask' is specified. Exiting ...\n\n", list->name, list->type.string);
exit(1);
}
if (list->cfg.nfacctd_net & NF_NET_FALLBACK && list->cfg.networks_file)
list->cfg.nfacctd_net |= NF_NET_NEW;
}
}
if (list->cfg.what_to_count & COUNT_CLASS && !list->cfg.classifiers_path) {
Log(LOG_ERR, "ERROR ( %s/%s ): 'class' aggregation selected but NO 'classifiers' key specified. Exiting...\n\n", list->name, list->type.string);
exit(1);
}
bgp_config_checks(&list->cfg);
list->cfg.what_to_count |= COUNT_COUNTERS;
list->cfg.data_type |= PIPE_TYPE_METADATA;
}
}
list = list->next;
}
/* plugins glue: creation (since 094) */
if (config.classifiers_path) {
init_classifiers(config.classifiers_path);
init_conntrack_table();
}
load_plugins(&req);
if (config.handle_fragments) init_ip_fragment_handler();
if (config.handle_flows) init_ip_flow_handler();
load_networks(config.networks_file, &nt, &nc);
#if defined (HAVE_L2)
device.link_type = DLT_EN10MB;
#else
device.link_type = DLT_RAW;
#endif
for (index = 0; _devices[index].link_type != -1; index++) {
if (device.link_type == _devices[index].link_type)
device.data = &_devices[index];
}
load_plugin_filters(device.link_type);
cb_data.device = &device;
/* signal handling we want to inherit to plugins (when not re-defined elsewhere) */
signal(SIGCHLD, startup_handle_falling_child); /* takes note of plugins failed during startup phase */
signal(SIGHUP, reload); /* handles reopening of syslog channel */
signal(SIGUSR1, push_stats); /* logs various statistics via Log() calls */
signal(SIGUSR2, reload_maps); /* sets to true the reload_maps flag */
signal(SIGPIPE, SIG_IGN); /* we want to exit gracefully when a pipe is broken */
ulog_fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_NFLOG);
if (ulog_fd == -1) {
Log(LOG_ERR, "ERROR ( default/core ): Failed to create Netlink ULOG socket\n");
exit_all(1);
}
Log(LOG_INFO, "INFO ( default/core ): Successfully connected Netlink ULOG socket\n");
/* Turn off netlink errors from overrun. */
if (setsockopt(ulog_fd, SOL_NETLINK, NETLINK_NO_ENOBUFS, &one, sizeof(one)))
Log(LOG_ERR, "ERROR ( default/core ): Failed to turn off netlink ENOBUFS\n");
if (config.uacctd_nl_size > ULOG_BUFLEN) {
/* If configured buffer size is larger than default 4KB */
if (setsockopt(ulog_fd, SOL_SOCKET, SO_RCVBUF, &config.uacctd_nl_size, sizeof(config.uacctd_nl_size)))
Log(LOG_ERR, "ERROR ( default/core ): Failed to set Netlink receive buffer size\n");
else
Log(LOG_INFO, "INFO ( default/core ): Netlink receive buffer size set to %u\n", config.uacctd_nl_size);
}
ulog_buffer = malloc(config.snaplen);
if (ulog_buffer == NULL) {
Log(LOG_ERR, "ERROR ( default/core ): ULOG buffer malloc() failed\n");
close(ulog_fd);
exit_all(1);
}
memset(&nls, 0, sizeof(nls));
nls.nl_family = AF_NETLINK;
nls.nl_pid = getpid();
nls.nl_groups = config.uacctd_group;
alen = sizeof(nls);
if (bind(ulog_fd, (struct sockaddr *) &nls, sizeof(nls))) {
Log(LOG_ERR, "ERROR ( default/core ): bind() to Netlink ULOG socket failed\n");
close(ulog_fd);
exit_all(1);
}
Log(LOG_INFO, "INFO ( default/core ): Netlink ULOG: binding to group %x\n", config.uacctd_group);
/* loading pre-tagging map, if any */
if (config.pre_tag_map) {
load_id_file(config.acct_type, config.pre_tag_map, &idt, &req, &tag_map_allocated);
cb_data.idt = (u_char *) &idt;
}
else {
memset(&idt, 0, sizeof(idt));
cb_data.idt = NULL;
}
#if defined ENABLE_THREADS
/* starting the ISIS threa */
if (config.nfacctd_isis) {
req.bpf_filter = TRUE;
nfacctd_isis_wrapper();
/* Let's give the ISIS thread some advantage to create its structures */
sleep(5);
}
/* starting the BGP thread */
if (config.nfacctd_bgp) {
req.bpf_filter = TRUE;
load_comm_patterns(&config.nfacctd_bgp_stdcomm_pattern, &config.nfacctd_bgp_extcomm_pattern, &config.nfacctd_bgp_stdcomm_pattern_to_asn);
if (config.nfacctd_bgp_peer_as_src_type == BGP_SRC_PRIMITIVES_MAP) {
if (config.nfacctd_bgp_peer_as_src_map) {
load_id_file(MAP_BGP_PEER_AS_SRC, config.nfacctd_bgp_peer_as_src_map, &bpas_table, &req, &bpas_map_allocated);
cb_data.bpas_table = (u_char *) &bpas_table;
}
else {
Log(LOG_ERR, "ERROR: bgp_peer_as_src_type set to 'map' but no map defined. Exiting.\n");
exit(1);
}
}
else cb_data.bpas_table = NULL;
if (config.nfacctd_bgp_src_local_pref_type == BGP_SRC_PRIMITIVES_MAP) {
if (config.nfacctd_bgp_src_local_pref_map) {
load_id_file(MAP_BGP_SRC_LOCAL_PREF, config.nfacctd_bgp_src_local_pref_map, &blp_table, &req, &blp_map_allocated);
cb_data.blp_table = (u_char *) &blp_table;
}
else {
Log(LOG_ERR, "ERROR: bgp_src_local_pref_type set to 'map' but no map defined. Exiting.\n");
exit(1);
}
}
else cb_data.bpas_table = NULL;
if (config.nfacctd_bgp_src_med_type == BGP_SRC_PRIMITIVES_MAP) {
if (config.nfacctd_bgp_src_med_map) {
load_id_file(MAP_BGP_SRC_MED, config.nfacctd_bgp_src_med_map, &bmed_table, &req, &bmed_map_allocated);
cb_data.bmed_table = (u_char *) &bmed_table;
}
else {
Log(LOG_ERR, "ERROR: bgp_src_med_type set to 'map' but no map defined. Exiting.\n");
exit(1);
}
}
else cb_data.bmed_table = NULL;
if (config.nfacctd_bgp_to_agent_map) {
load_id_file(MAP_BGP_TO_XFLOW_AGENT, config.nfacctd_bgp_to_agent_map, &bta_table, &req, &bta_map_allocated);
cb_data.bta_table = (u_char *) &bta_table;
}
else {
Log(LOG_ERR, "ERROR ( default/core ): 'bgp_daemon' configured but no 'bgp_agent_map' has been specified. Exiting.\n");
exit(1);
}
/* Limiting BGP peers to only two: one would suffice in pmacctd
but in case maps are reloadable (ie. bta), it could be handy
to keep a backup feed in memory */
config.nfacctd_bgp_max_peers = 2;
if (config.nfacctd_bgp_iface_to_rd_map) {
Log(LOG_ERR, "ERROR ( default/core ): 'bgp_iface_to_rd_map' is not supported by this daemon. Exiting.\n");
exit(1);
}
cb_data.f_agent = (char *)&client;
nfacctd_bgp_wrapper();
/* Let's give the BGP thread some advantage to create its structures */
sleep(5);
}
#else
if (config.nfacctd_isis) {
Log(LOG_ERR, "ERROR ( default/core ): 'isis_daemon' is available only with threads (--enable-threads). Exiting.\n");
exit(1);
}
if (config.nfacctd_bgp) {
Log(LOG_ERR, "ERROR ( default/core ): 'bgp_daemon' is available only with threads (--enable-threads). Exiting.\n");
exit(1);
}
#endif
#if defined WITH_GEOIP
if (config.geoip_ipv4_file || config.geoip_ipv6_file) {
req.bpf_filter = TRUE;
}
#endif
/* plugins glue: creation (until 093) */
evaluate_packet_handlers();
pm_setproctitle("%s [%s]", "Core Process", "default");
if (config.pidfile) write_pid_file(config.pidfile);
/* signals to be handled only by pmacctd;
we set proper handlers after plugin creation */
signal(SIGINT, my_sigint_handler);
signal(SIGTERM, my_sigint_handler);
signal(SIGCHLD, handle_falling_child);
kill(getpid(), SIGCHLD);
/* Main loop: if pcap_loop() exits maybe an error occurred; we will try closing
and reopening again our listening device */
for (;;) {
if (len == -1) {
if (errno != EAGAIN) {
/* We can't deal with permanent errors.
* Just sleep a bit.
*/
Log(LOG_ERR, "ERROR ( default/core ): Syscall returned %d: %s. Sleeping for 1 sec.\n", errno, strerror(errno));
sleep(1);
}
}
len = recvfrom(ulog_fd, ulog_buffer, config.snaplen, 0, (struct sockaddr*) &nls, &alen);
/*
* Read timeout or failure condition.
*/
if (len < (int)sizeof(struct nlmsghdr)) continue;
if (alen != sizeof(nls)) continue;
nlh = (struct nlmsghdr*) ulog_buffer;
if ((nlh->nlmsg_flags & MSG_TRUNC) || ((size_t)len > config.snaplen)) continue;
gettimeofday(&tv, NULL);
while (NLMSG_OK(nlh, (size_t)len)) {
ulog_pkt = NLMSG_DATA(nlh);
hdr.ts = tv;
hdr.caplen = MIN(ulog_pkt->data_len, config.snaplen);
hdr.len = ulog_pkt->data_len;
if (strlen(ulog_pkt->indev_name) > 1) {
cb_data.ifindex_in = cache_ifindex(ulog_pkt->indev_name, tv.tv_sec);
}
else cb_data.ifindex_in = 0;
if (strlen(ulog_pkt->outdev_name) > 1) {
cb_data.ifindex_out = cache_ifindex(ulog_pkt->outdev_name, tv.tv_sec);
}
else cb_data.ifindex_out = 0;
#if defined (HAVE_L2)
if (ulog_pkt->mac_len) {
memcpy(jumbo_container, ulog_pkt->mac, ulog_pkt->mac_len);
memcpy(jumbo_container+ulog_pkt->mac_len, ulog_pkt->payload, hdr.caplen);
// XXX
hdr.caplen += ulog_pkt->mac_len;
hdr.len += ulog_pkt->mac_len;
}
else {
memset(jumbo_container, 0, ETHER_HDRLEN);
memcpy(jumbo_container+ETHER_HDRLEN, ulog_pkt->payload, hdr.caplen);
hdr.caplen += ETHER_HDRLEN;
hdr.len += ETHER_HDRLEN;
switch (IP_V((struct my_iphdr *) ulog_pkt->payload)) {
case 4:
((struct eth_header *)jumbo_container)->ether_type = ntohs(ETHERTYPE_IP);
break;
case 6:
((struct eth_header *)jumbo_container)->ether_type = ntohs(ETHERTYPE_IPV6);
break;
}
}
pcap_cb((u_char *) &cb_data, &hdr, jumbo_container);
#else
pcap_cb((u_char *) &cb_data, &hdr, ulog_pkt->payload);
#endif
if (nlh->nlmsg_type == NLMSG_DONE || !(nlh->nlmsg_flags & NLM_F_MULTI)) {
/* Last part of the multilink message */
break;
}
nlh = NLMSG_NEXT(nlh, len);
}
}
}
int main(int argc,char **argv, char **envp)
{
bpf_u_int32 localnet, netmask; /* pcap library stuff */
struct bpf_program filter;
struct pcap_device device;
char errbuf[PCAP_ERRBUF_SIZE];
int index, logf;
struct plugins_list_entry *list;
struct plugin_requests req;
char config_file[SRVBUFLEN];
int psize = DEFAULT_SNAPLEN;
struct id_table bpas_table;
struct id_table blp_table;
struct id_table bmed_table;
struct id_table biss_table;
struct id_table bta_table;
struct id_table idt;
struct pcap_callback_data cb_data;
/* getopt() stuff */
extern char *optarg;
extern int optind, opterr, optopt;
int errflag, cp;
#if defined ENABLE_IPV6
struct sockaddr_storage client;
#else
struct sockaddr client;
#endif
umask(077);
compute_once();
/* a bunch of default definitions */
have_num_memory_pools = FALSE;
reload_map = FALSE;
tag_map_allocated = FALSE;
bpas_map_allocated = FALSE;
blp_map_allocated = FALSE;
bmed_map_allocated = FALSE;
biss_map_allocated = FALSE;
find_id_func = PM_find_id;
errflag = 0;
memset(cfg_cmdline, 0, sizeof(cfg_cmdline));
memset(&config, 0, sizeof(struct configuration));
memset(&device, 0, sizeof(struct pcap_device));
memset(&config_file, 0, sizeof(config_file));
memset(&failed_plugins, 0, sizeof(failed_plugins));
memset(&req, 0, sizeof(req));
memset(dummy_tlhdr, 0, sizeof(dummy_tlhdr));
memset(sll_mac, 0, sizeof(sll_mac));
memset(&bpas_table, 0, sizeof(bpas_table));
memset(&blp_table, 0, sizeof(blp_table));
memset(&bmed_table, 0, sizeof(bmed_table));
memset(&biss_table, 0, sizeof(biss_table));
memset(&bta_table, 0, sizeof(bta_table));
memset(&client, 0, sizeof(client));
memset(&cb_data, 0, sizeof(cb_data));
memset(&tunnel_registry, 0, sizeof(tunnel_registry));
config.acct_type = ACCT_PM;
rows = 0;
glob_pcapt = NULL;
/* getting commandline values */
while (!errflag && ((cp = getopt(argc, argv, ARGS_PMACCTD)) != -1)) {
cfg_cmdline[rows] = malloc(SRVBUFLEN);
switch (cp) {
case 'P':
strlcpy(cfg_cmdline[rows], "plugins: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'D':
strlcpy(cfg_cmdline[rows], "daemonize: true", SRVBUFLEN);
rows++;
break;
case 'd':
debug = TRUE;
strlcpy(cfg_cmdline[rows], "debug: true", SRVBUFLEN);
rows++;
break;
case 'n':
strlcpy(cfg_cmdline[rows], "networks_file: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'o':
strlcpy(cfg_cmdline[rows], "ports_file: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'O':
strlcpy(cfg_cmdline[rows], "print_output: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'u':
strlcpy(cfg_cmdline[rows], "print_num_protos: true", SRVBUFLEN);
rows++;
break;
case 'N':
strlcpy(cfg_cmdline[rows], "promisc: false", SRVBUFLEN);
rows++;
break;
case 'f':
strlcpy(config_file, optarg, sizeof(config_file));
break;
case 'F':
strlcpy(cfg_cmdline[rows], "pidfile: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'c':
strlcpy(cfg_cmdline[rows], "aggregate: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'b':
strlcpy(cfg_cmdline[rows], "imt_buckets: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'm':
strlcpy(cfg_cmdline[rows], "imt_mem_pools_number: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
have_num_memory_pools = TRUE;
rows++;
break;
case 'p':
strlcpy(cfg_cmdline[rows], "imt_path: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'r':
strlcpy(cfg_cmdline[rows], "sql_refresh_time: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
cfg_cmdline[rows] = malloc(SRVBUFLEN);
strlcpy(cfg_cmdline[rows], "print_refresh_time: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'v':
strlcpy(cfg_cmdline[rows], "sql_table_version: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 's':
strlcpy(cfg_cmdline[rows], "imt_mem_pools_size: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'S':
strlcpy(cfg_cmdline[rows], "syslog: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'i':
strlcpy(cfg_cmdline[rows], "interface: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'I':
strlcpy(cfg_cmdline[rows], "pcap_savefile: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'w':
strlcpy(cfg_cmdline[rows], "interface_wait: true", SRVBUFLEN);
rows++;
break;
case 'W':
strlcpy(cfg_cmdline[rows], "savefile_wait: true", SRVBUFLEN);
rows++;
break;
case 'L':
strlcpy(cfg_cmdline[rows], "snaplen: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'R':
strlcpy(cfg_cmdline[rows], "sfacctd_renormalize: true", SRVBUFLEN);
rows++;
break;
case 'h':
usage_daemon(argv[0]);
exit(0);
break;
default:
usage_daemon(argv[0]);
exit(1);
break;
}
}
/* post-checks and resolving conflicts */
if (strlen(config_file)) {
if (parse_configuration_file(config_file) != SUCCESS)
exit(1);
}
else {
if (parse_configuration_file(NULL) != SUCCESS)
exit(1);
}
/* XXX: glue; i'm conscious it's a dirty solution from an engineering viewpoint;
someday later i'll fix this */
list = plugins_list;
while(list) {
list->cfg.acct_type = ACCT_PM;
set_default_preferences(&list->cfg);
if (!strcmp(list->name, "default") && !strcmp(list->type.string, "core"))
memcpy(&config, &list->cfg, sizeof(struct configuration));
list = list->next;
}
if (config.files_umask) umask(config.files_umask);
/* Let's check whether we need superuser privileges */
if (config.snaplen) psize = config.snaplen;
else config.snaplen = psize;
if (!config.pcap_savefile) {
if (getuid() != 0) {
printf("%s\n\n", PMACCTD_USAGE_HEADER);
printf("ERROR ( default/core ): You need superuser privileges to run this command.\nExiting ...\n\n");
exit(1);
}
}
if (config.daemon) {
list = plugins_list;
while (list) {
if (!strcmp(list->type.string, "print")) printf("WARN ( default/core ): Daemonizing. Hmm, bye bye screen.\n");
list = list->next;
}
if (debug || config.debug)
printf("WARN ( default/core ): debug is enabled; forking in background. Console logging will get lost.\n");
daemonize();
}
initsetproctitle(argc, argv, envp);
if (config.syslog) {
logf = parse_log_facility(config.syslog);
if (logf == ERR) {
config.syslog = NULL;
printf("WARN ( default/core ): specified syslog facility is not supported; logging to console.\n");
}
else openlog(NULL, LOG_PID, logf);
Log(LOG_INFO, "INFO ( default/core ): Start logging ...\n");
}
if (config.logfile)
{
config.logfile_fd = open_logfile(config.logfile);
list = plugins_list;
while (list) {
list->cfg.logfile_fd = config.logfile_fd ;
list = list->next;
}
}
/* Enforcing policies over aggregation methods */
list = plugins_list;
while (list) {
if (list->type.id != PLUGIN_ID_CORE) {
/* applies to all plugins */
if (config.classifiers_path && (list->cfg.sampling_rate || config.ext_sampling_rate)) {
Log(LOG_ERR, "ERROR ( default/core ): Packet sampling and classification are mutual exclusive.\n");
exit(1);
}
if (list->cfg.sampling_rate && config.ext_sampling_rate) {
Log(LOG_ERR, "ERROR ( default/core ): Internal packet sampling and external packet sampling are mutual exclusive.\n");
exit(1);
}
if (list->type.id == PLUGIN_ID_TEE) {
Log(LOG_ERR, "ERROR ( default/core ): 'tee' plugin not supported in 'pmacctd'.\n");
exit(1);
}
else if (list->type.id == PLUGIN_ID_NFPROBE) {
/* If we already renormalizing an external sampling rate,
we cancel the sampling information from the probe plugin */
if (config.sfacctd_renormalize && list->cfg.ext_sampling_rate) list->cfg.ext_sampling_rate = 0;
config.handle_fragments = TRUE;
list->cfg.nfprobe_what_to_count = list->cfg.what_to_count;
list->cfg.what_to_count = 0;
#if defined (HAVE_L2)
if (list->cfg.nfprobe_version == 9 || list->cfg.nfprobe_version == 10) {
list->cfg.what_to_count |= COUNT_SRC_MAC;
list->cfg.what_to_count |= COUNT_DST_MAC;
list->cfg.what_to_count |= COUNT_VLAN;
}
#endif
list->cfg.what_to_count |= COUNT_SRC_HOST;
list->cfg.what_to_count |= COUNT_DST_HOST;
if (list->cfg.networks_file || list->cfg.networks_mask || list->cfg.nfacctd_net) {
list->cfg.what_to_count |= COUNT_SRC_NMASK;
list->cfg.what_to_count |= COUNT_DST_NMASK;
}
list->cfg.what_to_count |= COUNT_SRC_PORT;
list->cfg.what_to_count |= COUNT_DST_PORT;
list->cfg.what_to_count |= COUNT_IP_TOS;
list->cfg.what_to_count |= COUNT_IP_PROTO;
if (list->cfg.networks_file || (list->cfg.nfacctd_bgp && list->cfg.nfacctd_as == NF_AS_BGP)) {
list->cfg.what_to_count |= COUNT_SRC_AS;
list->cfg.what_to_count |= COUNT_DST_AS;
list->cfg.what_to_count |= COUNT_PEER_DST_IP;
}
if ((list->cfg.nfprobe_version == 9 || list->cfg.nfprobe_version == 10) && list->cfg.classifiers_path) {
list->cfg.what_to_count |= COUNT_CLASS;
config.handle_flows = TRUE;
}
if (list->cfg.pre_tag_map) {
list->cfg.what_to_count |= COUNT_ID;
list->cfg.what_to_count |= COUNT_ID2;
}
list->cfg.what_to_count |= COUNT_IN_IFACE;
list->cfg.what_to_count |= COUNT_OUT_IFACE;
if (list->cfg.what_to_count & (COUNT_STD_COMM|COUNT_EXT_COMM|COUNT_LOCAL_PREF|COUNT_MED|COUNT_AS_PATH|
COUNT_PEER_SRC_AS|COUNT_PEER_DST_AS|COUNT_PEER_SRC_IP|COUNT_SRC_STD_COMM|
COUNT_SRC_EXT_COMM|COUNT_SRC_AS_PATH|COUNT_SRC_MED|COUNT_SRC_LOCAL_PREF|
COUNT_MPLS_VPN_RD)) {
Log(LOG_ERR, "ERROR ( default/core ): 'src_as', 'dst_as' and 'peer_dst_ip' are currently the only BGP-related primitives supported within the 'nfprobe' plugin.\n");
exit(1);
}
list->cfg.what_to_count |= COUNT_COUNTERS;
list->cfg.data_type = PIPE_TYPE_METADATA;
list->cfg.data_type |= PIPE_TYPE_EXTRAS;
}
else if (list->type.id == PLUGIN_ID_SFPROBE) {
/* If we already renormalizing an external sampling rate,
we cancel the sampling information from the probe plugin */
if (config.sfacctd_renormalize && list->cfg.ext_sampling_rate) list->cfg.ext_sampling_rate = 0;
if (psize < 128) psize = config.snaplen = 128; /* SFL_DEFAULT_HEADER_SIZE */
list->cfg.what_to_count = COUNT_PAYLOAD;
if (list->cfg.classifiers_path) {
list->cfg.what_to_count |= COUNT_CLASS;
config.handle_fragments = TRUE;
config.handle_flows = TRUE;
}
if (list->cfg.nfacctd_bgp && list->cfg.nfacctd_as == NF_AS_BGP) {
list->cfg.what_to_count |= COUNT_SRC_AS;
list->cfg.what_to_count |= COUNT_DST_AS;
list->cfg.what_to_count |= COUNT_PEER_DST_IP;
}
if (list->cfg.nfacctd_bgp && list->cfg.nfacctd_net == NF_NET_BGP) {
list->cfg.what_to_count |= COUNT_SRC_NMASK;
list->cfg.what_to_count |= COUNT_DST_NMASK;
}
if (list->cfg.pre_tag_map) {
list->cfg.what_to_count |= COUNT_ID;
list->cfg.what_to_count |= COUNT_ID2;
}
if (list->cfg.what_to_count & (COUNT_STD_COMM|COUNT_EXT_COMM|COUNT_LOCAL_PREF|COUNT_MED|COUNT_AS_PATH|
COUNT_PEER_SRC_AS|COUNT_PEER_DST_AS|COUNT_PEER_SRC_IP|COUNT_SRC_STD_COMM|
COUNT_SRC_EXT_COMM|COUNT_SRC_AS_PATH|COUNT_SRC_MED|COUNT_SRC_LOCAL_PREF|
COUNT_MPLS_VPN_RD)) {
Log(LOG_ERR, "ERROR ( default/core ): 'src_as', 'dst_as' and 'peer_dst_ip' are currently the only BGP-related primitives supported within the 'sfprobe' plugin.\n");
exit(1);
}
#if defined (HAVE_L2)
list->cfg.what_to_count |= COUNT_VLAN;
list->cfg.what_to_count |= COUNT_COS;
#endif
list->cfg.data_type = PIPE_TYPE_PAYLOAD;
}
else {
evaluate_sums(&list->cfg.what_to_count, list->name, list->type.string);
if (list->cfg.what_to_count & (COUNT_SRC_PORT|COUNT_DST_PORT|COUNT_SUM_PORT|COUNT_TCPFLAGS))
config.handle_fragments = TRUE;
if (list->cfg.what_to_count & COUNT_FLOWS) {
config.handle_fragments = TRUE;
config.handle_flows = TRUE;
}
if (list->cfg.what_to_count & COUNT_CLASS) {
config.handle_fragments = TRUE;
config.handle_flows = TRUE;
}
if (!list->cfg.what_to_count) {
Log(LOG_WARNING, "WARN ( %s/%s ): defaulting to SRC HOST aggregation.\n", list->name, list->type.string);
list->cfg.what_to_count |= COUNT_SRC_HOST;
}
if ((list->cfg.what_to_count & (COUNT_SRC_AS|COUNT_DST_AS|COUNT_SUM_AS)) && !list->cfg.networks_file && list->cfg.nfacctd_as != NF_AS_BGP) {
Log(LOG_ERR, "ERROR ( %s/%s ): AS aggregation selected but NO 'networks_file' or 'pmacctd_as' are specified. Exiting...\n\n", list->name, list->type.string);
exit(1);
}
if (list->cfg.what_to_count & (COUNT_SRC_NET|COUNT_DST_NET|COUNT_SUM_NET|COUNT_SRC_NMASK|COUNT_DST_NMASK)) {
if (!list->cfg.nfacctd_net) {
if (list->cfg.networks_file) list->cfg.nfacctd_net |= NF_NET_NEW;
if (list->cfg.networks_mask) list->cfg.nfacctd_net |= NF_NET_STATIC;
if (!list->cfg.nfacctd_net) {
Log(LOG_ERR, "ERROR ( %s/%s ): network aggregation selected but none of 'pmacctd_net', 'networks_file', 'networks_mask' is specified. Exiting ...\n\n", list->name, list->type.string);
exit(1);
}
}
else {
if ((list->cfg.nfacctd_net == NF_NET_NEW && !list->cfg.networks_file) ||
(list->cfg.nfacctd_net == NF_NET_STATIC && !list->cfg.networks_mask) ||
(list->cfg.nfacctd_net == NF_NET_BGP && !list->cfg.nfacctd_bgp) ||
(list->cfg.nfacctd_net == NF_NET_KEEP)) {
Log(LOG_ERR, "ERROR ( %s/%s ): network aggregation selected but none of 'bgp_daemon', 'networks_file', 'networks_mask' is specified. Exiting ...\n\n", list->name, list->type.string);
exit(1);
}
}
}
if (list->cfg.what_to_count & COUNT_CLASS && !list->cfg.classifiers_path) {
Log(LOG_ERR, "ERROR ( %s/%s ): 'class' aggregation selected but NO 'classifiers' key specified. Exiting...\n\n", list->name, list->type.string);
exit(1);
}
bgp_config_checks(&list->cfg);
list->cfg.what_to_count |= COUNT_COUNTERS;
list->cfg.data_type |= PIPE_TYPE_METADATA;
}
}
list = list->next;
}
/* plugins glue: creation (since 094) */
if (config.classifiers_path) {
init_classifiers(config.classifiers_path);
init_conntrack_table();
}
load_plugins(&req);
if (config.handle_fragments) init_ip_fragment_handler();
if (config.handle_flows) init_ip_flow_handler();
load_networks(config.networks_file, &nt, &nc);
/* If any device/savefile have been specified, choose a suitable device
where to listen for traffic */
if (!config.dev && !config.pcap_savefile) {
Log(LOG_WARNING, "WARN ( default/core ): Selecting a suitable device.\n");
config.dev = pcap_lookupdev(errbuf);
if (!config.dev) {
Log(LOG_WARNING, "WARN ( default/core ): Unable to find a suitable device. Exiting.\n");
exit_all(1);
}
else Log(LOG_DEBUG, "DEBUG ( default/core ): device is %s\n", config.dev);
}
/* reading filter; if it exists, we'll take an action later */
if (!strlen(config_file)) config.clbuf = copy_argv(&argv[optind]);
if (config.dev && config.pcap_savefile) {
Log(LOG_ERR, "ERROR ( default/core ): 'interface' (-i) and 'pcap_savefile' (-I) directives are mutually exclusive. Exiting.\n");
exit_all(1);
}
throttle_startup:
if (config.dev) {
if ((device.dev_desc = pcap_open_live(config.dev, psize, config.promisc, 1000, errbuf)) == NULL) {
if (!config.if_wait) {
Log(LOG_ERR, "ERROR ( default/core ): pcap_open_live(): %s\n", errbuf);
exit_all(1);
}
else {
sleep(5); /* XXX: user defined ? */
goto throttle_startup;
}
}
}
else if (config.pcap_savefile) {
if ((device.dev_desc = pcap_open_offline(config.pcap_savefile, errbuf)) == NULL) {
Log(LOG_ERR, "ERROR ( default/core ): pcap_open_offline(): %s\n", errbuf);
exit_all(1);
}
}
device.active = TRUE;
glob_pcapt = device.dev_desc; /* SIGINT/stats handling */
if (config.pipe_size) {
int slen = sizeof(config.pipe_size), x;
#if defined (PCAP_TYPE_linux) || (PCAP_TYPE_snoop)
Setsocksize(pcap_fileno(device.dev_desc), SOL_SOCKET, SO_RCVBUF, &config.pipe_size, slen);
getsockopt(pcap_fileno(device.dev_desc), SOL_SOCKET, SO_RCVBUF, &x, &slen);
Log(LOG_DEBUG, "DEBUG ( default/core ): PCAP buffer: obtained %d / %d bytes.\n", x, config.pipe_size);
#endif
}
device.link_type = pcap_datalink(device.dev_desc);
for (index = 0; _devices[index].link_type != -1; index++) {
if (device.link_type == _devices[index].link_type)
device.data = &_devices[index];
}
load_plugin_filters(device.link_type);
/* we need to solve some link constraints */
if (device.data == NULL) {
Log(LOG_ERR, "ERROR ( default/core ): data link not supported: %d\n", device.link_type);
exit_all(1);
}
else Log(LOG_INFO, "OK ( default/core ): link type is: %d\n", device.link_type);
if (device.link_type != DLT_EN10MB && device.link_type != DLT_IEEE802 && device.link_type != DLT_LINUX_SLL) {
list = plugins_list;
while (list) {
if ((list->cfg.what_to_count & COUNT_SRC_MAC) || (list->cfg.what_to_count & COUNT_DST_MAC)) {
Log(LOG_ERR, "ERROR ( default/core ): MAC aggregation not available for link type: %d\n", device.link_type);
exit_all(1);
}
list = list->next;
}
}
cb_data.device = &device;
/* doing pcap stuff */
if (!config.dev || pcap_lookupnet(config.dev, &localnet, &netmask, errbuf) < 0) {
localnet = 0;
netmask = 0;
Log(LOG_WARNING, "WARN ( default/core ): %s\n", errbuf);
}
if (pcap_compile(device.dev_desc, &filter, config.clbuf, 0, netmask) < 0)
Log(LOG_WARNING, "WARN: %s\nWARN ( default/core ): going on without a filter\n", pcap_geterr(device.dev_desc));
else {
if (pcap_setfilter(device.dev_desc, &filter) < 0)
Log(LOG_WARNING, "WARN: %s\nWARN ( default/core ): going on without a filter\n", pcap_geterr(device.dev_desc));
}
/* signal handling we want to inherit to plugins (when not re-defined elsewhere) */
signal(SIGCHLD, startup_handle_falling_child); /* takes note of plugins failed during startup phase */
signal(SIGHUP, reload); /* handles reopening of syslog channel */
signal(SIGUSR1, push_stats); /* logs various statistics via Log() calls */
signal(SIGUSR2, reload_maps); /* sets to true the reload_maps flag */
signal(SIGPIPE, SIG_IGN); /* we want to exit gracefully when a pipe is broken */
/* loading pre-tagging map, if any */
if (config.pre_tag_map) {
load_id_file(config.acct_type, config.pre_tag_map, &idt, &req, &tag_map_allocated);
cb_data.idt = (u_char *) &idt;
}
else {
memset(&idt, 0, sizeof(idt));
cb_data.idt = NULL;
}
#if defined ENABLE_THREADS
/* starting the BGP thread */
if (config.nfacctd_bgp) {
req.bpf_filter = TRUE;
load_comm_patterns(&config.nfacctd_bgp_stdcomm_pattern, &config.nfacctd_bgp_extcomm_pattern, &config.nfacctd_bgp_stdcomm_pattern_to_asn);
if (config.nfacctd_bgp_peer_as_src_type == BGP_SRC_PRIMITIVES_MAP) {
if (config.nfacctd_bgp_peer_as_src_map) {
load_id_file(MAP_BGP_PEER_AS_SRC, config.nfacctd_bgp_peer_as_src_map, &bpas_table, &req, &bpas_map_allocated);
cb_data.bpas_table = (u_char *) &bpas_table;
}
else {
Log(LOG_ERR, "ERROR: bgp_peer_as_src_type set to 'map' but no map defined. Exiting.\n");
exit(1);
}
}
else cb_data.bpas_table = NULL;
if (config.nfacctd_bgp_src_local_pref_type == BGP_SRC_PRIMITIVES_MAP) {
if (config.nfacctd_bgp_src_local_pref_map) {
load_id_file(MAP_BGP_SRC_LOCAL_PREF, config.nfacctd_bgp_src_local_pref_map, &blp_table, &req, &blp_map_allocated);
cb_data.blp_table = (u_char *) &blp_table;
}
else {
Log(LOG_ERR, "ERROR: bgp_src_local_pref_type set to 'map' but no map defined. Exiting.\n");
exit(1);
}
}
else cb_data.blp_table = NULL;
if (config.nfacctd_bgp_src_med_type == BGP_SRC_PRIMITIVES_MAP) {
if (config.nfacctd_bgp_src_med_map) {
load_id_file(MAP_BGP_SRC_MED, config.nfacctd_bgp_src_med_map, &bmed_table, &req, &bmed_map_allocated);
cb_data.bmed_table = (u_char *) &bmed_table;
}
else {
Log(LOG_ERR, "ERROR: bgp_src_med_type set to 'map' but no map defined. Exiting.\n");
exit(1);
}
}
else cb_data.bmed_table = NULL;
if (config.nfacctd_bgp_to_agent_map) {
load_id_file(MAP_BGP_TO_XFLOW_AGENT, config.nfacctd_bgp_to_agent_map, &bta_table, &req, &bta_map_allocated);
cb_data.bta_table = (u_char *) &bta_table;
}
else {
Log(LOG_ERR, "ERROR ( default/core ): 'bgp_daemon' configured but no 'bgp_agent_map' has been specified. Exiting.\n");
exit(1);
}
/* Limiting BGP peers to only two: one would suffice in pmacctd
but in case maps are reloadable (ie. bta), it could be handy
to keep a backup feed in memory */
config.nfacctd_bgp_max_peers = 2;
if (config.nfacctd_bgp_iface_to_rd_map) {
Log(LOG_ERR, "ERROR ( default/core ): 'bgp_iface_to_rd_map' is not supported by this daemon. Exiting.\n");
exit(1);
}
cb_data.f_agent = (char *)&client;
nfacctd_bgp_wrapper();
/* Let's give the BGP thread some advantage to create its structures */
sleep(5);
}
#else
if (config.nfacctd_bgp) {
Log(LOG_ERR, "ERROR ( default/core ): 'bgp_daemon' is available only with threads (--enable-threads). Exiting.\n");
exit(1);
}
#endif
/* Init tunnel handlers */
tunnel_registry_init();
/* plugins glue: creation (until 093) */
evaluate_packet_handlers();
pm_setproctitle("%s [%s]", "Core Process", "default");
if (config.pidfile) write_pid_file(config.pidfile);
/* signals to be handled only by pmacctd;
we set proper handlers after plugin creation */
signal(SIGINT, my_sigint_handler);
signal(SIGTERM, my_sigint_handler);
signal(SIGCHLD, handle_falling_child);
kill(getpid(), SIGCHLD);
/* When reading packets from a savefile, things are lightning fast; we will sit
here just few seconds, thus allowing plugins to complete their startup operations */
if (config.pcap_savefile) {
Log(LOG_INFO, "INFO ( default/core ): PCAP capture file, sleeping for 2 seconds\n");
sleep(2);
}
/* Main loop: if pcap_loop() exits maybe an error occurred; we will try closing
and reopening again our listening device */
for(;;) {
if (!device.active) {
Log(LOG_WARNING, "WARN ( default/core ): %s has become unavailable; throttling ...\n", config.dev);
throttle_loop:
sleep(5); /* XXX: user defined ? */
if ((device.dev_desc = pcap_open_live(config.dev, psize, config.promisc, 1000, errbuf)) == NULL)
goto throttle_loop;
pcap_setfilter(device.dev_desc, &filter);
device.active = TRUE;
}
pcap_loop(device.dev_desc, -1, pcap_cb, (u_char *) &cb_data);
pcap_close(device.dev_desc);
if (config.pcap_savefile) {
if (config.sf_wait) {
fill_pipe_buffer();
Log(LOG_INFO, "INFO ( default/core ): finished reading PCAP capture file\n");
wait(NULL);
}
stop_all_childs();
}
device.active = FALSE;
}
}
int main(int argc,char **argv, char **envp)
{
struct pcap_device device;
int index, logf, ret;
struct plugins_list_entry *list;
struct plugin_requests req;
char config_file[SRVBUFLEN];
struct id_table bpas_table;
struct id_table blp_table;
struct id_table bmed_table;
struct id_table biss_table;
struct id_table bta_table;
struct pcap_callback_data cb_data;
/* getopt() stuff */
extern char *optarg;
extern int optind, opterr, optopt;
int errflag, cp;
/* NFLOG stuff */
struct nflog_handle *nfh = NULL;
struct nflog_g_handle *nfgh = NULL;
int one = 1;
ssize_t len = 0;
unsigned char *nflog_buffer;
#if defined ENABLE_IPV6
struct sockaddr_storage client;
#else
struct sockaddr client;
#endif
#if defined HAVE_MALLOPT
mallopt(M_CHECK_ACTION, 0);
#endif
umask(077);
compute_once();
/* a bunch of default definitions */
reload_map = FALSE;
reload_geoipv2_file = FALSE;
bpas_map_allocated = FALSE;
blp_map_allocated = FALSE;
bmed_map_allocated = FALSE;
biss_map_allocated = FALSE;
bta_map_caching = FALSE;
sampling_map_caching = FALSE;
custom_primitives_allocated = FALSE;
find_id_func = PM_find_id;
plugins_list = NULL;
errflag = 0;
memset(cfg_cmdline, 0, sizeof(cfg_cmdline));
memset(&config, 0, sizeof(struct configuration));
memset(&device, 0, sizeof(struct pcap_device));
memset(&config_file, 0, sizeof(config_file));
memset(&failed_plugins, 0, sizeof(failed_plugins));
memset(&req, 0, sizeof(req));
memset(dummy_tlhdr, 0, sizeof(dummy_tlhdr));
memset(sll_mac, 0, sizeof(sll_mac));
memset(&bpas_table, 0, sizeof(bpas_table));
memset(&blp_table, 0, sizeof(blp_table));
memset(&bmed_table, 0, sizeof(bmed_table));
memset(&biss_table, 0, sizeof(biss_table));
memset(&bta_table, 0, sizeof(bta_table));
memset(&client, 0, sizeof(client));
memset(&cb_data, 0, sizeof(cb_data));
memset(&tunnel_registry, 0, sizeof(tunnel_registry));
memset(&reload_map_tstamp, 0, sizeof(reload_map_tstamp));
log_notifications_init(&log_notifications);
config.acct_type = ACCT_PM;
rows = 0;
glob_pcapt = NULL;
/* getting commandline values */
while (!errflag && ((cp = getopt(argc, argv, ARGS_UACCTD)) != -1)) {
cfg_cmdline[rows] = malloc(SRVBUFLEN);
switch (cp) {
case 'P':
strlcpy(cfg_cmdline[rows], "plugins: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'D':
strlcpy(cfg_cmdline[rows], "daemonize: true", SRVBUFLEN);
rows++;
break;
case 'd':
debug = TRUE;
strlcpy(cfg_cmdline[rows], "debug: true", SRVBUFLEN);
rows++;
break;
case 'n':
strlcpy(cfg_cmdline[rows], "networks_file: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'o':
strlcpy(cfg_cmdline[rows], "ports_file: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'O':
strlcpy(cfg_cmdline[rows], "print_output: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'u':
strlcpy(cfg_cmdline[rows], "print_num_protos: true", SRVBUFLEN);
rows++;
break;
case 'f':
strlcpy(config_file, optarg, sizeof(config_file));
break;
case 'F':
strlcpy(cfg_cmdline[rows], "pidfile: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'c':
strlcpy(cfg_cmdline[rows], "aggregate: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'b':
strlcpy(cfg_cmdline[rows], "imt_buckets: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'm':
strlcpy(cfg_cmdline[rows], "imt_mem_pools_number: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'p':
strlcpy(cfg_cmdline[rows], "imt_path: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'r':
strlcpy(cfg_cmdline[rows], "sql_refresh_time: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'v':
strlcpy(cfg_cmdline[rows], "sql_table_version: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 's':
strlcpy(cfg_cmdline[rows], "imt_mem_pools_size: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'S':
strlcpy(cfg_cmdline[rows], "syslog: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'g':
strlcpy(cfg_cmdline[rows], "uacctd_group: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'L':
strlcpy(cfg_cmdline[rows], "snaplen: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'R':
strlcpy(cfg_cmdline[rows], "sfacctd_renormalize: true", SRVBUFLEN);
rows++;
break;
case 'h':
usage_daemon(argv[0]);
exit(0);
break;
case 'V':
version_daemon(UACCTD_USAGE_HEADER);
exit(0);
break;
case 'a':
print_primitives(config.acct_type, UACCTD_USAGE_HEADER);
exit(0);
break;
default:
usage_daemon(argv[0]);
exit(1);
break;
}
}
/* post-checks and resolving conflicts */
if (strlen(config_file)) {
if (parse_configuration_file(config_file) != SUCCESS)
exit(1);
}
else {
if (parse_configuration_file(NULL) != SUCCESS)
exit(1);
}
/* XXX: glue; i'm conscious it's a dirty solution from an engineering viewpoint;
someday later i'll fix this */
list = plugins_list;
while (list) {
list->cfg.acct_type = ACCT_PM;
set_default_preferences(&list->cfg);
if (!strcmp(list->type.string, "core")) {
memcpy(&config, &list->cfg, sizeof(struct configuration));
config.name = list->name;
config.type = list->type.string;
}
list = list->next;
}
if (config.files_umask) umask(config.files_umask);
if (!config.snaplen) config.snaplen = DEFAULT_SNAPLEN;
if (!config.uacctd_nl_size) config.uacctd_nl_size = DEFAULT_NFLOG_BUFLEN;
if (!config.uacctd_threshold) config.uacctd_threshold = DEFAULT_NFLOG_THRESHOLD;
/* Let's check whether we need superuser privileges */
if (getuid() != 0) {
printf("%s (%s)\n\n", UACCTD_USAGE_HEADER, PMACCT_BUILD);
printf("ERROR ( %s/core ): You need superuser privileges to run this command.\nExiting ...\n\n", config.name);
exit(1);
}
if (!config.uacctd_group) {
config.uacctd_group = DEFAULT_NFLOG_GROUP;
list = plugins_list;
while (list) {
list->cfg.uacctd_group = DEFAULT_NFLOG_GROUP;
list = list->next;
}
}
if (config.daemon) {
list = plugins_list;
while (list) {
if (!strcmp(list->type.string, "print") && !list->cfg.print_output_file)
printf("INFO ( %s/%s ): Daemonizing. Bye bye screen.\n", list->name, list->type.string);
list = list->next;
}
if (debug || config.debug)
printf("WARN ( %s/core ): debug is enabled; forking in background. Logging to standard error (stderr) will get lost.\n", config.name);
daemonize();
}
initsetproctitle(argc, argv, envp);
if (config.syslog) {
logf = parse_log_facility(config.syslog);
if (logf == ERR) {
config.syslog = NULL;
printf("WARN ( %s/core ): specified syslog facility is not supported. Logging to standard error (stderr).\n", config.name);
}
else openlog(NULL, LOG_PID, logf);
Log(LOG_INFO, "INFO ( %s/core ): Start logging ...\n", config.name);
}
if (config.logfile)
{
config.logfile_fd = open_output_file(config.logfile, "a", FALSE);
list = plugins_list;
while (list) {
list->cfg.logfile_fd = config.logfile_fd ;
list = list->next;
}
}
if (config.proc_priority) {
int ret;
ret = setpriority(PRIO_PROCESS, 0, config.proc_priority);
if (ret) Log(LOG_WARNING, "WARN ( %s/core ): proc_priority failed (errno: %d)\n", config.name, errno);
else Log(LOG_INFO, "INFO ( %s/core ): proc_priority set to %d\n", config.name, getpriority(PRIO_PROCESS, 0));
}
if (strlen(config_file)) {
char canonical_path[PATH_MAX], *canonical_path_ptr;
canonical_path_ptr = realpath(config_file, canonical_path);
if (canonical_path_ptr) Log(LOG_INFO, "INFO ( %s/core ): Reading configuration file '%s'.\n", config.name, canonical_path);
}
else Log(LOG_INFO, "INFO ( %s/core ): Reading configuration from cmdline.\n", config.name);
/* Enforcing policies over aggregation methods */
list = plugins_list;
while (list) {
if (list->type.id != PLUGIN_ID_CORE) {
/* applies to all plugins */
plugin_pipe_check(&list->cfg);
if (config.classifiers_path && (list->cfg.sampling_rate || config.ext_sampling_rate)) {
Log(LOG_ERR, "ERROR ( %s/core ): Packet sampling and classification are mutual exclusive.\n", config.name);
exit(1);
}
if (list->cfg.sampling_rate && config.ext_sampling_rate) {
Log(LOG_ERR, "ERROR ( %s/core ): Internal packet sampling and external packet sampling are mutual exclusive.\n", config.name);
exit(1);
}
/* applies to specific plugins */
if (list->type.id == PLUGIN_ID_TEE) {
Log(LOG_ERR, "ERROR ( %s/core ): 'tee' plugin not supported in 'uacctd'.\n", config.name);
exit(1);
}
else if (list->type.id == PLUGIN_ID_NFPROBE) {
/* If we already renormalizing an external sampling rate,
we cancel the sampling information from the probe plugin */
if (config.sfacctd_renormalize && list->cfg.ext_sampling_rate) list->cfg.ext_sampling_rate = 0;
config.handle_fragments = TRUE;
list->cfg.nfprobe_what_to_count = list->cfg.what_to_count;
list->cfg.nfprobe_what_to_count_2 = list->cfg.what_to_count_2;
list->cfg.what_to_count = 0;
list->cfg.what_to_count_2 = 0;
#if defined (HAVE_L2)
if (list->cfg.nfprobe_version == 9 || list->cfg.nfprobe_version == 10) {
list->cfg.what_to_count |= COUNT_SRC_MAC;
list->cfg.what_to_count |= COUNT_DST_MAC;
list->cfg.what_to_count |= COUNT_VLAN;
}
#endif
list->cfg.what_to_count |= COUNT_SRC_HOST;
list->cfg.what_to_count |= COUNT_DST_HOST;
if (list->cfg.networks_file || list->cfg.networks_mask || list->cfg.nfacctd_net) {
list->cfg.what_to_count |= COUNT_SRC_NMASK;
list->cfg.what_to_count |= COUNT_DST_NMASK;
}
list->cfg.what_to_count |= COUNT_SRC_PORT;
list->cfg.what_to_count |= COUNT_DST_PORT;
list->cfg.what_to_count |= COUNT_IP_TOS;
list->cfg.what_to_count |= COUNT_IP_PROTO;
if (list->cfg.networks_file || (list->cfg.nfacctd_bgp && list->cfg.nfacctd_as == NF_AS_BGP)) {
list->cfg.what_to_count |= COUNT_SRC_AS;
list->cfg.what_to_count |= COUNT_DST_AS;
list->cfg.what_to_count |= COUNT_PEER_DST_IP;
}
if ((list->cfg.nfprobe_version == 9 || list->cfg.nfprobe_version == 10) && list->cfg.classifiers_path) {
list->cfg.what_to_count |= COUNT_CLASS;
config.handle_flows = TRUE;
}
if (list->cfg.pre_tag_map) {
list->cfg.what_to_count |= COUNT_TAG;
list->cfg.what_to_count |= COUNT_TAG2;
list->cfg.what_to_count_2 |= COUNT_LABEL;
}
list->cfg.what_to_count |= COUNT_IN_IFACE;
list->cfg.what_to_count |= COUNT_OUT_IFACE;
if (list->cfg.what_to_count & (COUNT_STD_COMM|COUNT_EXT_COMM|COUNT_LOCAL_PREF|COUNT_MED|COUNT_AS_PATH|
COUNT_PEER_SRC_AS|COUNT_PEER_DST_AS|COUNT_PEER_SRC_IP|COUNT_SRC_STD_COMM|
COUNT_SRC_EXT_COMM|COUNT_SRC_AS_PATH|COUNT_SRC_MED|COUNT_SRC_LOCAL_PREF|
COUNT_MPLS_VPN_RD)) {
Log(LOG_ERR, "ERROR ( %s/core ): 'src_as', 'dst_as' and 'peer_dst_ip' are currently the only BGP-related primitives supported within the 'nfprobe' plugin.\n", config.name);
exit(1);
}
list->cfg.what_to_count |= COUNT_COUNTERS;
if (list->cfg.nfacctd_as & NF_AS_FALLBACK && list->cfg.networks_file)
list->cfg.nfacctd_as |= NF_AS_NEW;
if (list->cfg.nfacctd_net & NF_NET_FALLBACK && list->cfg.networks_file)
list->cfg.nfacctd_net |= NF_NET_NEW;
list->cfg.data_type = PIPE_TYPE_METADATA;
list->cfg.data_type |= PIPE_TYPE_EXTRAS;
if (list->cfg.what_to_count_2 & (COUNT_LABEL))
list->cfg.data_type |= PIPE_TYPE_VLEN;
}
else if (list->type.id == PLUGIN_ID_SFPROBE) {
/* If we already renormalizing an external sampling rate,
we cancel the sampling information from the probe plugin */
if (config.sfacctd_renormalize && list->cfg.ext_sampling_rate) list->cfg.ext_sampling_rate = 0;
if (config.snaplen < 128) config.snaplen = 128; /* SFL_DEFAULT_HEADER_SIZE */
list->cfg.what_to_count = COUNT_PAYLOAD;
list->cfg.what_to_count_2 = 0;
if (list->cfg.classifiers_path) {
list->cfg.what_to_count |= COUNT_CLASS;
config.handle_fragments = TRUE;
config.handle_flows = TRUE;
}
if (list->cfg.networks_file || (list->cfg.nfacctd_bgp && list->cfg.nfacctd_as == NF_AS_BGP)) {
list->cfg.what_to_count |= COUNT_SRC_AS;
list->cfg.what_to_count |= COUNT_DST_AS;
list->cfg.what_to_count |= COUNT_PEER_DST_IP;
}
if (list->cfg.networks_file || list->cfg.networks_mask || list->cfg.nfacctd_net) {
list->cfg.what_to_count |= COUNT_SRC_NMASK;
list->cfg.what_to_count |= COUNT_DST_NMASK;
}
if (list->cfg.pre_tag_map) {
list->cfg.what_to_count |= COUNT_TAG;
list->cfg.what_to_count |= COUNT_TAG2;
}
if (list->cfg.what_to_count & (COUNT_STD_COMM|COUNT_EXT_COMM|COUNT_LOCAL_PREF|COUNT_MED|COUNT_AS_PATH|
COUNT_PEER_SRC_AS|COUNT_PEER_DST_AS|COUNT_PEER_SRC_IP|COUNT_SRC_STD_COMM|
COUNT_SRC_EXT_COMM|COUNT_SRC_AS_PATH|COUNT_SRC_MED|COUNT_SRC_LOCAL_PREF|
COUNT_MPLS_VPN_RD)) {
Log(LOG_ERR, "ERROR ( %s/core ): 'src_as', 'dst_as' and 'peer_dst_ip' are currently the only BGP-related primitives supported within the 'sfprobe' plugin.\n", config.name);
exit(1);
}
#if defined (HAVE_L2)
list->cfg.what_to_count |= COUNT_VLAN;
list->cfg.what_to_count |= COUNT_COS;
#endif
if (list->cfg.nfacctd_as & NF_AS_FALLBACK && list->cfg.networks_file)
list->cfg.nfacctd_as |= NF_AS_NEW;
if (list->cfg.nfacctd_net & NF_NET_FALLBACK && list->cfg.networks_file)
list->cfg.nfacctd_net |= NF_NET_NEW;
list->cfg.data_type = PIPE_TYPE_PAYLOAD;
}
else {
if (list->cfg.what_to_count_2 & (COUNT_POST_NAT_SRC_HOST|COUNT_POST_NAT_DST_HOST|
COUNT_POST_NAT_SRC_PORT|COUNT_POST_NAT_DST_PORT|COUNT_NAT_EVENT|
COUNT_TIMESTAMP_START|COUNT_TIMESTAMP_END|COUNT_TIMESTAMP_ARRIVAL))
list->cfg.data_type |= PIPE_TYPE_NAT;
if (list->cfg.what_to_count_2 & (COUNT_MPLS_LABEL_TOP|COUNT_MPLS_LABEL_BOTTOM|
COUNT_MPLS_STACK_DEPTH))
list->cfg.data_type |= PIPE_TYPE_MPLS;
if (list->cfg.what_to_count_2 & (COUNT_LABEL))
list->cfg.data_type |= PIPE_TYPE_VLEN;
evaluate_sums(&list->cfg.what_to_count, list->name, list->type.string);
if (list->cfg.what_to_count & (COUNT_SRC_PORT|COUNT_DST_PORT|COUNT_SUM_PORT|COUNT_TCPFLAGS))
config.handle_fragments = TRUE;
if (list->cfg.what_to_count & COUNT_FLOWS) {
config.handle_fragments = TRUE;
config.handle_flows = TRUE;
}
if (list->cfg.what_to_count & COUNT_CLASS) {
config.handle_fragments = TRUE;
config.handle_flows = TRUE;
}
if (!list->cfg.what_to_count && !list->cfg.what_to_count_2 && !list->cfg.cpptrs.num) {
Log(LOG_WARNING, "WARN ( %s/%s ): defaulting to SRC HOST aggregation.\n", list->name, list->type.string);
list->cfg.what_to_count |= COUNT_SRC_HOST;
}
if (((list->cfg.what_to_count & COUNT_SRC_HOST) && (list->cfg.what_to_count & COUNT_SRC_NET)) ||
((list->cfg.what_to_count & COUNT_DST_HOST) && (list->cfg.what_to_count & COUNT_DST_NET))) {
if (!list->cfg.tmp_net_own_field) {
Log(LOG_ERR, "ERROR ( %s/%s ): src_host, src_net and dst_host, dst_net are mutually exclusive: set tmp_net_own_field to true. Exiting...\n\n", list->name, list->type.string);
exit(1);
}
}
if (list->cfg.what_to_count & (COUNT_SRC_AS|COUNT_DST_AS|COUNT_SUM_AS)) {
if (!list->cfg.networks_file && list->cfg.nfacctd_as != NF_AS_BGP) {
Log(LOG_ERR, "ERROR ( %s/%s ): AS aggregation selected but NO 'networks_file' or 'uacctd_as' are specified. Exiting...\n\n", list->name, list->type.string);
exit(1);
}
if (list->cfg.nfacctd_as & NF_AS_FALLBACK && list->cfg.networks_file)
list->cfg.nfacctd_as |= NF_AS_NEW;
}
if (list->cfg.what_to_count & (COUNT_SRC_NET|COUNT_DST_NET|COUNT_SUM_NET|COUNT_SRC_NMASK|COUNT_DST_NMASK|COUNT_PEER_DST_IP)) {
if (!list->cfg.nfacctd_net) {
if (list->cfg.networks_file) list->cfg.nfacctd_net |= NF_NET_NEW;
if (list->cfg.networks_mask) list->cfg.nfacctd_net |= NF_NET_STATIC;
if (!list->cfg.nfacctd_net) {
Log(LOG_ERR, "ERROR ( %s/%s ): network aggregation selected but none of 'uacctd_net', 'networks_file', 'networks_mask' is specified. Exiting ...\n\n", list->name, list->type.string);
exit(1);
}
}
else {
if ((list->cfg.nfacctd_net == NF_NET_NEW && !list->cfg.networks_file) ||
(list->cfg.nfacctd_net == NF_NET_STATIC && !list->cfg.networks_mask) ||
(list->cfg.nfacctd_net == NF_NET_BGP && !list->cfg.nfacctd_bgp) ||
(list->cfg.nfacctd_net == NF_NET_IGP && !list->cfg.nfacctd_isis) ||
(list->cfg.nfacctd_net == NF_NET_KEEP)) {
Log(LOG_ERR, "ERROR ( %s/%s ): network aggregation selected but none of 'bgp_daemon', 'isis_daemon', 'networks_file', 'networks_mask' is specified. Exiting ...\n\n", list->name, list->type.string);
exit(1);
}
if (list->cfg.nfacctd_net & NF_NET_FALLBACK && list->cfg.networks_file)
list->cfg.nfacctd_net |= NF_NET_NEW;
}
}
if (list->cfg.what_to_count & COUNT_CLASS && !list->cfg.classifiers_path) {
Log(LOG_ERR, "ERROR ( %s/%s ): 'class' aggregation selected but NO 'classifiers' key specified. Exiting...\n\n", list->name, list->type.string);
exit(1);
}
bgp_config_checks(&list->cfg);
list->cfg.what_to_count |= COUNT_COUNTERS;
list->cfg.data_type |= PIPE_TYPE_METADATA;
}
}
list = list->next;
}
/* plugins glue: creation (since 094) */
if (config.classifiers_path) {
init_classifiers(config.classifiers_path);
init_conntrack_table();
}
if (config.aggregate_primitives) {
req.key_value_table = (void *) &custom_primitives_registry;
load_id_file(MAP_CUSTOM_PRIMITIVES, config.aggregate_primitives, NULL, &req, &custom_primitives_allocated);
}
else memset(&custom_primitives_registry, 0, sizeof(custom_primitives_registry));
/* fixing per plugin custom primitives pointers, offsets and lengths */
list = plugins_list;
while(list) {
custom_primitives_reconcile(&list->cfg.cpptrs, &custom_primitives_registry);
if (custom_primitives_vlen(&list->cfg.cpptrs)) list->cfg.data_type |= PIPE_TYPE_VLEN;
list = list->next;
}
load_plugins(&req);
if (config.handle_fragments) init_ip_fragment_handler();
if (config.handle_flows) init_ip_flow_handler();
load_networks(config.networks_file, &nt, &nc);
#if defined (HAVE_L2)
device.link_type = DLT_EN10MB;
#else
device.link_type = DLT_RAW;
#endif
for (index = 0; _devices[index].link_type != -1; index++) {
if (device.link_type == _devices[index].link_type)
device.data = &_devices[index];
}
load_plugin_filters(device.link_type);
cb_data.device = &device;
/* signal handling we want to inherit to plugins (when not re-defined elsewhere) */
signal(SIGCHLD, startup_handle_falling_child); /* takes note of plugins failed during startup phase */
signal(SIGHUP, reload); /* handles reopening of syslog channel */
signal(SIGUSR1, push_stats); /* logs various statistics via Log() calls */
signal(SIGUSR2, reload_maps); /* sets to true the reload_maps flag */
signal(SIGPIPE, SIG_IGN); /* we want to exit gracefully when a pipe is broken */
nfh = nflog_open();
if (nfh == NULL) {
Log(LOG_ERR, "ERROR ( %s/core ): Failed to create Netlink NFLOG socket\n", config.name);
nflog_close(nfh);
exit_all(1);
}
Log(LOG_INFO, "INFO ( %s/core ): Successfully connected Netlink NFLOG socket\n", config.name);
/* Bind to IPv4 (and IPv6) */
if (nflog_unbind_pf(nfh, AF_INET) < 0) {
Log(LOG_ERR, "ERROR ( %s/core ): Failed to unbind Netlink NFLOG socket from IPv4\n", config.name);
nflog_close(nfh);
exit_all(1);
}
if (nflog_bind_pf(nfh, AF_INET) < 0) {
Log(LOG_ERR, "ERROR ( %s/core ): Failed to bind Netlink NFLOG socket from IPv4\n", config.name);
nflog_close(nfh);
exit_all(1);
}
#if defined ENABLE_IPV6
if (nflog_unbind_pf(nfh, AF_INET6) < 0) {
Log(LOG_ERR, "ERROR ( %s/core ): Failed to unbind Netlink NFLOG socket from IPv6\n", config.name);
nflog_close(nfh);
exit_all(1);
}
if (nflog_bind_pf(nfh, AF_INET6) < 0) {
Log(LOG_ERR, "ERROR ( %s/core ): Failed to bind Netlink NFLOG socket from IPv6\n", config.name);
nflog_close(nfh);
exit_all(1);
}
#endif
/* Bind to group */
if ((nfgh = nflog_bind_group(nfh, config.uacctd_group)) == NULL) {
Log(LOG_ERR, "ERROR ( %s/core ): Failed to join NFLOG group %d\n", config.name, config.uacctd_group);
nflog_close(nfh);
exit_all(1);
}
/* Set snaplen */
if (nflog_set_mode(nfgh, NFULNL_COPY_PACKET, config.snaplen) < 0) {
Log(LOG_ERR, "ERROR ( %s/core ): Failed to set snaplen to %d\n", config.name, config.snaplen);
nflog_unbind_group(nfgh);
nflog_close(nfh);
exit_all(1);
}
/* Set threshold */
if (nflog_set_qthresh(nfgh, config.uacctd_threshold) < 0) {
Log(LOG_ERR, "ERROR ( %s/core ): Failed to set threshold to %d\n", config.name, config.uacctd_threshold);
nflog_unbind_group(nfgh);
nflog_close(nfh);
exit_all(1);
}
/* Set buffer size */
if (nflog_set_nlbufsiz(nfgh, config.uacctd_nl_size) < 0) {
Log(LOG_ERR, "ERROR ( %s/core ): Failed to set receive buffer size to %d\n", config.name, config.uacctd_nl_size);
nflog_unbind_group(nfgh);
nflog_close(nfh);
exit_all(1);
}
/* Turn off netlink errors from overrun. */
if (setsockopt(nflog_fd(nfh), SOL_NETLINK, NETLINK_NO_ENOBUFS, &one, sizeof(one)))
Log(LOG_ERR, "ERROR ( %s/core ): Failed to turn off netlink ENOBUFS\n", config.name);
nflog_callback_register(nfgh, &nflog_incoming, &cb_data);
nflog_buffer = malloc(config.uacctd_nl_size);
if (nflog_buffer == NULL) {
Log(LOG_ERR, "ERROR ( %s/core ): NFLOG buffer malloc() failed\n", config.name);
nflog_unbind_group(nfgh);
nflog_close(nfh);
exit_all(1);
}
#if defined ENABLE_THREADS
/* starting the ISIS threa */
if (config.nfacctd_isis) {
req.bpf_filter = TRUE;
nfacctd_isis_wrapper();
/* Let's give the ISIS thread some advantage to create its structures */
sleep(5);
}
/* starting the BGP thread */
if (config.nfacctd_bgp) {
req.bpf_filter = TRUE;
load_comm_patterns(&config.nfacctd_bgp_stdcomm_pattern, &config.nfacctd_bgp_extcomm_pattern, &config.nfacctd_bgp_stdcomm_pattern_to_asn);
if (config.nfacctd_bgp_peer_as_src_type == BGP_SRC_PRIMITIVES_MAP) {
if (config.nfacctd_bgp_peer_as_src_map) {
load_id_file(MAP_BGP_PEER_AS_SRC, config.nfacctd_bgp_peer_as_src_map, &bpas_table, &req, &bpas_map_allocated);
cb_data.bpas_table = (u_char *) &bpas_table;
}
else {
Log(LOG_ERR, "ERROR ( %s/core ): bgp_peer_as_src_type set to 'map' but no map defined. Exiting.\n", config.name);
exit(1);
}
}
else cb_data.bpas_table = NULL;
if (config.nfacctd_bgp_src_local_pref_type == BGP_SRC_PRIMITIVES_MAP) {
if (config.nfacctd_bgp_src_local_pref_map) {
load_id_file(MAP_BGP_SRC_LOCAL_PREF, config.nfacctd_bgp_src_local_pref_map, &blp_table, &req, &blp_map_allocated);
cb_data.blp_table = (u_char *) &blp_table;
}
else {
Log(LOG_ERR, "ERROR ( %s/core ): bgp_src_local_pref_type set to 'map' but no map defined. Exiting.\n", config.name);
exit(1);
}
}
else cb_data.bpas_table = NULL;
if (config.nfacctd_bgp_src_med_type == BGP_SRC_PRIMITIVES_MAP) {
if (config.nfacctd_bgp_src_med_map) {
load_id_file(MAP_BGP_SRC_MED, config.nfacctd_bgp_src_med_map, &bmed_table, &req, &bmed_map_allocated);
cb_data.bmed_table = (u_char *) &bmed_table;
}
else {
Log(LOG_ERR, "ERROR ( %s/core ): bgp_src_med_type set to 'map' but no map defined. Exiting.\n", config.name);
exit(1);
}
}
else cb_data.bmed_table = NULL;
if (config.nfacctd_bgp_to_agent_map) {
load_id_file(MAP_BGP_TO_XFLOW_AGENT, config.nfacctd_bgp_to_agent_map, &bta_table, &req, &bta_map_allocated);
cb_data.bta_table = (u_char *) &bta_table;
}
else {
Log(LOG_ERR, "ERROR ( %s/core ): 'bgp_daemon' configured but no 'bgp_agent_map' has been specified. Exiting.\n", config.name);
exit(1);
}
/* Limiting BGP peers to only two: one would suffice in pmacctd
but in case maps are reloadable (ie. bta), it could be handy
to keep a backup feed in memory */
config.nfacctd_bgp_max_peers = 2;
cb_data.f_agent = (char *)&client;
nfacctd_bgp_wrapper();
/* Let's give the BGP thread some advantage to create its structures */
sleep(5);
}
#else
if (config.nfacctd_isis) {
Log(LOG_ERR, "ERROR ( %s/core ): 'isis_daemon' is available only with threads (--enable-threads). Exiting.\n", config.name);
exit(1);
}
if (config.nfacctd_bgp) {
Log(LOG_ERR, "ERROR ( %s/core ): 'bgp_daemon' is available only with threads (--enable-threads). Exiting.\n", config.name);
exit(1);
}
#endif
#if defined WITH_GEOIP
if (config.geoip_ipv4_file || config.geoip_ipv6_file) {
req.bpf_filter = TRUE;
}
#endif
#if defined WITH_GEOIPV2
if (config.geoipv2_file) {
req.bpf_filter = TRUE;
}
#endif
if (config.nfacctd_flow_to_rd_map) {
Log(LOG_ERR, "ERROR ( %s/core ): 'flow_to_rd_map' is not supported by this daemon. Exiting.\n", config.name);
exit(1);
}
/* plugins glue: creation (until 093) */
evaluate_packet_handlers();
pm_setproctitle("%s [%s]", "Core Process", config.proc_name);
if (config.pidfile) write_pid_file(config.pidfile);
/* signals to be handled only by pmacctd;
we set proper handlers after plugin creation */
signal(SIGINT, my_sigint_handler);
signal(SIGTERM, my_sigint_handler);
signal(SIGCHLD, handle_falling_child);
kill(getpid(), SIGCHLD);
/* Main loop: if pcap_loop() exits maybe an error occurred; we will try closing
and reopening again our listening device */
for (;;) {
if (len == -1) {
if (errno != EAGAIN) {
/* We can't deal with permanent errors.
* Just sleep a bit.
*/
Log(LOG_ERR, "ERROR ( %s/core ): Syscall returned %d: %s. Sleeping for 1 sec.\n", config.name, errno, strerror(errno));
sleep(1);
}
}
len = recv(nflog_fd(nfh), nflog_buffer, config.uacctd_nl_size, 0);
if (len < 0) continue;
if (nflog_handle_packet(nfh, nflog_buffer, len) != 0) continue;
}
}
static void daemon_login(int argc, char *argv[], char *envp[]) {
int msock, csock; /* socket for Master and Child */
FILE *fp;
int listen_port = 23;
int len_of_sock_addr;
char buf[256];
/* setup standalone */
start_daemon();
signal_restart(SIGCHLD, reapchild);
/* choose port */
if(argc == 1)
listen_port = 3006;
else if(argc >= 2)
listen_port = atoi(argv[1]);
sprintf(margs, "%s %d ", argv[0],listen_port);
/* port binding */
xsin.sin_family = AF_INET;
msock = bind_port(listen_port);
if(msock<0) {
syslog(LOG_INFO, "mbbsd bind_port failed.\n");
exit(1);
}
initsetproctitle(argc, argv, envp);
setproctitle("%s: listening ", margs);
/* Give up root privileges: no way back from here */
setgid(BBSGID);
setuid(BBSUID);
chdir(BBSHOME);
/* mmap passwd file */
if(passwd_mmap())
exit(1);
sprintf(buf, "/var/run/mbbsd.%d.pid", listen_port);
if((fp = fopen(buf, "w"))) {
fprintf(fp, "%d\n", getpid());
fclose(fp);
}
/* main loop */
for(;;) {
len_of_sock_addr = sizeof(xsin);
csock = accept(msock, (struct sockaddr *)&xsin, &len_of_sock_addr);
if(csock < 0) {
if(errno!=EINTR) sleep(1);
continue;
}
if(check_ban_and_load(csock))
{
close(csock);
continue;
}
if(fork()==0)
break;
else
close(csock);
}
/* here is only child running */
close(msock);
dup2(csock, 0);
close(csock);
getremotename(&xsin, fromhost, remoteusername); /* RFC931 */
/* ban 掉 bad host / bad user shiuan88: 賣補帖的 */
if(bad_host(fromhost) || strstr(fromhost, "bbs.") ||
strstr(fromhost, "ccsun53.cc.ntu") ||
!strcmp(remoteusername, "shiuan88")) {
outs("\n 抱歉, 本站謝絕由此處來的user...\n");
refresh();
exit(1);
}
{
char RFC931[80];
sprintf(RFC931, "%s@%s", remoteusername, fromhost);
setenv("RFC931", RFC931, 1);
}
telnet_init();
setproctitle("%s: ..login..", margs);
}
int
main (int argc, char *argv[], char *env[])
{
struct sockaddr_storage from;
int on = 1, fromlen;
register int ch;
#if defined(IPPROTO_IP) && defined(IP_TOS)
int tos = -1;
#endif
initsetproctitle(argc, argv, env);
pfrontp = pbackp = ptyobuf;
netip = netibuf;
nfrontp = nbackp = netobuf;
progname = *argv;
while ((ch = getopt(argc, argv, valid_opts)) != EOF)
{
switch (ch)
{
case 'd':
if (strcmp(optarg, "ebug") == 0)
{
debug++;
break;
}
usage();
/* NOTREACHED */
break;
case 'D':
/*
* Check for desired diagnostics capabilities.
*/
if (!strcmp(optarg, "report")) {
diagnostic |= TD_REPORT|TD_OPTIONS;
} else if (!strcmp(optarg, "exercise")) {
diagnostic |= TD_EXERCISE;
} else if (!strcmp(optarg, "netdata")) {
diagnostic |= TD_NETDATA;
} else if (!strcmp(optarg, "ptydata")) {
diagnostic |= TD_PTYDATA;
} else if (!strcmp(optarg, "options")) {
diagnostic |= TD_OPTIONS;
} else {
usage();
/* NOT REACHED */
}
break;
case 'g':
gettyname = optarg;
break;
case 'h':
hostinfo = 0;
break;
#ifdef LINEMODE
case 'l':
alwayslinemode = 1;
break;
#endif /* LINEMODE */
case 'L':
loginprg = strdup (optarg);
break;
#if defined(LINEMODE) && defined(KLUDGELINEMODE)
case 'k':
lmodetype = NO_AUTOKLUDGE;
break;
#endif /* defined(LINEMODE) && defined(KLUDGELINEMODE) */
case 'n':
keepalive = 0;
break;
case 'S':
#ifdef HAS_GETTOS
if ((tos = parsetos (optarg, "tcp")) < 0)
fprintf(stderr, "%s%s%s\n",
"telnetd: Bad TOS argument '", optarg,
"'; will try to use default TOS");
#else
fprintf(stderr, "%s%s\n", "TOS option unavailable; ",
"-S flag not supported\n");
#endif
break;
case 'u':
utmp_len = atoi(optarg);
break;
case 'U':
registerd_host_only = 1;
break;
case '4':
family = AF_INET;
break;
case '6':
family = AF_INET6;
break;
default:
fprintf(stderr, "telnetd: %c: unknown option\n", ch);
/* FALLTHROUGH */
case '?':
usage();
/* NOTREACHED */
}
}
argc -= optind;
argv += optind;
if (debug)
{
int s, ns, foo, error;
char *service = "telnet";
struct addrinfo hints, *res;
if (argc > 1)
{
usage();
/* NOT REACHED */
}
else if (argc == 1)
service = *argv;
memset(&hints, 0, sizeof(hints));
hints.ai_flags = AI_PASSIVE;
hints.ai_family = family;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = 0;
error = getaddrinfo(NULL, service, &hints, &res);
if (error)
{
fprintf(stderr, "tcp/%s: %s\n", service, gai_strerror(error));
exit(1);
}
s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
if (s < 0)
{
perror("telnetd: socket");
exit(1);
}
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof(on));
if (bind(s, res->ai_addr, res->ai_addrlen) < 0)
{
perror ("bind");
exit (1);
}
if (listen (s, 1) < 0)
{
perror ("listen");
exit (1);
}
foo = res->ai_addrlen;
ns = accept(s, res->ai_addr, &foo);
if (ns < 0)
{
perror("accept");
exit(1);
}
dup2(ns, 0);
close(ns);
close(s);
}
else if (argc > 0)
{
usage();
/* NOT REACHED */
}
openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
fromlen = sizeof (from);
if (getpeername (0, (struct sockaddr *)&from, &fromlen) < 0)
{
fprintf(stderr, "%s: ", progname);
perror("getpeername");
_exit(1);
}
if (keepalive &&
setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on, sizeof (on)) < 0)
syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
#if defined(IPPROTO_IP) && defined(IP_TOS)
if (from.ss_family == AF_INET) {
# if defined(HAS_GETTOS)
struct tosent *tp;
if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
tos = tp->t_tos;
# endif
if (tos < 0)
tos = 020; /* Low Delay bit */
if (tos
&& (setsockopt(0, IPPROTO_IP, IP_TOS,
(char *)&tos, sizeof(tos)) < 0)
&& (errno != ENOPROTOOPT) )
syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
}
#endif /* defined(IPPROTO_IP) && defined(IP_TOS) */
net = 0;
doit((struct sockaddr *)&from);
/* NOTREACHED */
return 0;
} /* end of main */
int main (int argc, char *argv[])
#endif
{
char tmp[128];
#if defined(HAVE_FORK)
char **saved_argv;
mypid = getpid();
/* save argv as setproctitle() under some systems will change it */
saved_argv = mkargv (argc, argv);
configpath = parseargs(argc, saved_argv);
#else
configpath = parseargs(argc, argv);
#endif
saved_envp = mkargv (-1, environ);
#ifdef WIN32
if (service_flag==w32_installservice && !configpath)
Log (0, "%s: invalid command line: config name must be specified", extract_filename(argv[0]));
w32Init();
#ifdef BINKD9X
{
int win9x_rc;
win9x_rc = win9x_process(argc, argv);
if (win9x_rc != -1)
return win9x_rc;
}
#endif
#endif
tzset();
if (poll_flag && server_flag)
Log (0, "-p and -s cannot be used together");
#if defined(WIN32) && !defined(BINKD9X)
if (service_flag!=w32_noservice)
if (service(argc, argv, environ) && service_flag!=w32_run_as_service) {
Log(0, "Windows NT service error");
}
if (tray_flag)
do_tray_flag();
else
{
atexit(UnloadBinkdIcon);
LoadBinkdIcon();
}
#endif
/* No command line options: run both client and server */
if (!client_flag && !server_flag)
client_flag = server_flag = 1;
InitSem (&hostsem);
InitSem (&resolvsem);
InitSem (&lsem);
InitSem (&blsem);
InitSem (&varsem);
InitSem (&config_sem);
InitEventSem (&eothread);
InitEventSem (&wakecmgr);
#ifdef OS2
InitSem (&fhsem);
#endif
/* Init for ftnnode.c */
nodes_init ();
if (configpath)
{
current_config = readcfg (configpath);
if (!current_config)
Log (0, "error in configuration, aborting");
if (dumpcfg_flag)
{
debug_readcfg ();
exit(0);
}
InitLog(current_config->loglevel, current_config->conlog,
current_config->logpath, current_config->nolog.first);
}
else if (verbose_flag)
{
#if defined(WIN32) && defined(BINKD9X)
AllocTempConsole();
#endif
printf ("Binkd " MYVER " (" __DATE__ " " __TIME__ "%s)\n", get_os_string ());
if (verbose_flag>1)
{
printf ("Compilation flags: " _DBNKD ".\n");
printf ("Facilities: "
#ifndef srv_getaddrinfo
"fsp1035 "
#endif
#ifndef HAVE_GETADDRINFO
"rfc2553emu "
#else
"ipv6 "
#endif
"\n");
}
exit (0);
}
else if (argc > 1)
Log (0, "%s: invalid command line: config name must be specified", extract_filename(argv[0]));
else
usage ();
print_args (tmp, sizeof (tmp), argv + 1);
#ifdef WIN32
if (service_flag==w32_run_as_service)
Log (4, "BEGIN service '%s', " MYNAME "/" MYVER "%s%s", service_name, get_os_string(), tmp);
else
Log (4, "BEGIN standalone, " MYNAME "/" MYVER "%s%s", get_os_string(), tmp);
#else
Log (4, "BEGIN, " MYNAME "/" MYVER "%s%s", get_os_string(), tmp);
#endif
if (sock_init ())
Log (0, "sock_init: %s", TCPERR ());
bsy_init ();
rnd ();
initsetproctitle (argc, argv, environ);
#ifdef WIN32
SetFileApisToOEM();
#endif
/* Set up break handler, set up exit list if needed */
if (!set_break_handlers ())
Log (0, "cannot install break handlers");
#if defined(SIGPIPE)
signal(SIGPIPE, SIG_IGN);
#endif
#if defined(WITH_ZLIB) && defined(ZLIBDL)
if (current_config->zlib_dll[0]) {
if (!zlib_init(current_config->zlib_dll))
Log (2, "cannot load %s, GZ compression disabled", current_config->zlib_dll);
else
Log (6, "%s loaded successfully", current_config->zlib_dll);
} else
Log (current_config->zrules.first ? 3 : 5, "zlib-dll not defined, GZ compression disabled");
#endif
#if defined(WITH_BZLIB2) && defined(ZLIBDL)
if (current_config->bzlib2_dll[0]) {
if (!bzlib2_init(current_config->bzlib2_dll))
Log (2, "cannot load %s, BZ2 compression disabled", current_config->bzlib2_dll);
else
Log (6, "%s loaded successfully", current_config->bzlib2_dll);
} else
Log (current_config->zrules.first
#ifdef WITH_ZLIB
&& !zlib_loaded
#endif
? 3 : 5, "bzlib2-dll not defined, BZ2 compression disabled");
#endif
#ifdef WITH_PERL
if (current_config->perl_script[0]) {
if (!perl_init(current_config->perl_script, current_config)) {
if (current_config->perl_strict)
Log (0, "error parsing Perl script %s", current_config->perl_script);
} else {
perl_on_start(current_config);
perl_config_loaded(current_config);
}
}
#endif
#ifdef HAVE_FORK
signal (SIGCHLD, sighandler);
#endif
{ /* Create polls and release polls list */
struct maskchain *psP;
for (psP = psPolls.first; psP; psP = psP->next)
poll_node (psP->mask, current_config);
simplelist_free(&psPolls.linkpoint, destroy_maskchain);
}
if (no_flag)
Log (0, "Exit on option '-n'");
if (inetd_flag)
{
FTN_ADDR ftn_addr, *pftn_addr;
int tempfd;
pftn_addr = NULL;
if (remote_node)
{
if (parse_ftnaddress (remote_node, &ftn_addr, current_config->pDomains.first))
{
char szFTNAddr[FTN_ADDR_SZ + 1];
exp_ftnaddress (&ftn_addr, current_config->pAddr, current_config->nAddr, current_config->pDomains.first);
pftn_addr = &ftn_addr;
ftnaddress_to_str (szFTNAddr, pftn_addr);
Log (3, "Session with %s", szFTNAddr);
}
else
Log (1, "`%s' cannot be parsed as a Fido-style address", remote_node);
}
if (!remote_addr)
{
char *p = getenv("SSH_CONNECTION");
if (p)
{
remote_addr = strdup(p);
p = strchr(remote_addr, ' ');
if (p) *p = '\0';
}
}
/* not using stdin/stdout itself to avoid possible collisions */
if (inetd_socket_in == -1)
inetd_socket_in = dup(fileno(stdin));
if (inetd_socket_out == -1)
inetd_socket_out = dup(fileno(stdout));
#ifdef UNIX
tempfd = open("/dev/null", O_RDWR);
#else
tempfd = open("nul", O_RDWR);
#endif
if (tempfd != -1)
{
dup2(tempfd, fileno(stdin));
dup2(tempfd, fileno(stdout));
close(tempfd);
}
protocol (inetd_socket_in, inetd_socket_out, NULL, pftn_addr, remote_addr, current_config);
soclose (inetd_socket_out);
exit (0);
}
#ifdef BINKD_DAEMONIZE
if (daemon_flag)
{
if (binkd_daemonize(1) < 0)
Log (0, "Cannot daemonize");
else
mypid = getpid();
}
#endif
#if defined(HAVE_FORK)
signal (SIGHUP, sighandler);
#endif
if (client_flag && !server_flag)
{
clientmgr (0);
exit (0);
}
pidsmgr = (int) getpid ();
if (client_flag && (pidcmgr = branch (clientmgr, 0, 0)) < 0)
{
Log (0, "cannot branch out");
}
if (*current_config->pid_file)
{
if ( unlink (current_config->pid_file) == 0 ) /* successfully unlinked, i.e.
an old pid_file was found */
Log (1, "unexpected pid_file: %s: unlinked", current_config->pid_file);
else
{
int current_log_level = 1;
switch ( errno )
{
case ENOENT : /* file not found or null pathname */
current_log_level = 8; /* it's ok */
break;
default :
break;
}
Log (current_log_level, "unlink_pid_file: %s: %s", current_config->pid_file, strerror (errno));
}
create_sem_file (current_config->pid_file, 1);
}
servmgr ();
return 0;
}
int
main (int argc, char *argv[], char **envp)
{
int index;
set_program_name (argv[0]);
#ifdef HAVE_TZSET
tzset (); /* In case no timezone database in ~ftp. */
#endif
#ifdef HAVE_INITSETPROCTITLE
/* Save start and extent of argv for setproctitle. */
initsetproctitle (argc, argv, envp);
#endif /* HAVE_INITSETPROCTITLE */
/* Parse the command line */
iu_argp_init ("ftpd", default_program_authors);
argp_parse (&argp, argc, argv, 0, &index, NULL);
/* Bail out, wrong usage */
argc -= index;
if (argc != 0)
error (1, 0, "surplus arguments; try `%s --help' for more info",
program_name);
/* LOG_NDELAY sets up the logging connection immediately,
necessary for anonymous ftp's that chroot and can't do it later. */
openlog ("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP);
freopen (PATH_DEVNULL, "w", stderr);
/* If not running via inetd, we detach and dup(fd, 0), dup(fd, 1) the
fd = accept(). tcpd is check if compile with the support */
if (daemon_mode)
{
if (server_mode (pid_file, &his_addr) < 0)
exit (1);
}
else
{
socklen_t addrlen = sizeof (his_addr);
if (getpeername (STDIN_FILENO, (struct sockaddr *) &his_addr,
&addrlen) < 0)
{
syslog (LOG_ERR, "getpeername (%s): %m", program_name);
exit (1);
}
}
signal (SIGHUP, sigquit);
signal (SIGINT, sigquit);
signal (SIGQUIT, sigquit);
signal (SIGTERM, sigquit);
signal (SIGPIPE, lostconn);
signal (SIGCHLD, SIG_IGN);
if (signal (SIGURG, myoob) == SIG_ERR)
syslog (LOG_ERR, "signal: %m");
/* Get info on the ctrl connection. */
{
socklen_t addrlen = sizeof (ctrl_addr);
if (getsockname (STDIN_FILENO, (struct sockaddr *) &ctrl_addr,
&addrlen) < 0)
{
syslog (LOG_ERR, "getsockname (%s): %m", program_name);
exit (1);
}
}
#if defined (IP_TOS) && defined (IPTOS_LOWDELAY) && defined (IPPROTO_IP)
/* To minimize delays for interactive traffic. */
{
int tos = IPTOS_LOWDELAY;
if (setsockopt (STDIN_FILENO, IPPROTO_IP, IP_TOS,
(char *) &tos, sizeof (int)) < 0)
syslog (LOG_WARNING, "setsockopt (IP_TOS): %m");
}
#endif
#ifdef SO_OOBINLINE
/* Try to handle urgent data inline. */
{
int on = 1;
if (setsockopt (STDIN_FILENO, SOL_SOCKET, SO_OOBINLINE,
(char *) &on, sizeof (on)) < 0)
syslog (LOG_ERR, "setsockopt: %m");
}
#endif
#ifdef SO_KEEPALIVE
/* Set keepalives on the socket to detect dropped connections. */
{
int keepalive = 1;
if (setsockopt (STDIN_FILENO, SOL_SOCKET, SO_KEEPALIVE,
(char *) &keepalive, sizeof (keepalive)) < 0)
syslog (LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
}
#endif
#ifdef F_SETOWN
if (fcntl (STDIN_FILENO, F_SETOWN, getpid ()) == -1)
syslog (LOG_ERR, "fcntl F_SETOWN: %m");
#endif
dolog (&his_addr, &cred);
/* Deal with login disable. */
if (display_file (PATH_NOLOGIN, 530) == 0)
{
reply (530, "System not available.");
exit (0);
}
/* Display a Welcome message if exists,
N.B. reply(220,) must follow. */
display_file (PATH_FTPWELCOME, 220);
hostname = localhost ();
if (!hostname)
perror_reply (550, "Local resource failure: malloc");
/* Tell them we're ready to roll. */
if (!no_version)
reply (220, "%s FTP server (%s %s) ready.",
hostname, PACKAGE_NAME, PACKAGE_VERSION);
else
reply (220, "%s FTP server ready.", hostname);
/* Set the jump, if we have an error parsing,
come here and start fresh. */
setjmp (errcatch);
/* Roll. */
for (;;)
yyparse ();
}
int
main(int argc, char *argv[], char *env[])
{
struct sockaddr_in from;
int on = 1;
socklen_t fromlen;
register int ch;
#if defined(HAS_IPPROTO_IP) && defined(IP_TOS)
int tos = -1;
#endif
initsetproctitle(argc, argv, env);
pfrontp = pbackp = ptyobuf;
netip = netibuf;
nfrontp = nbackp = netobuf;
#if defined(ENCRYPT)
nclearto = 0;
#endif
progname = *argv;
while ((ch = getopt(argc, argv, "d:a:e:lhnr:I:D:B:sS:a:X:L:")) != EOF) {
switch(ch) {
#ifdef AUTHENTICATE
case 'a':
/*
* Check for required authentication level
*/
if (strcmp(optarg, "debug") == 0) {
extern int auth_debug_mode;
auth_debug_mode = 1;
} else if (strcasecmp(optarg, "none") == 0) {
auth_level = 0;
} else if (strcasecmp(optarg, "other") == 0) {
auth_level = AUTH_OTHER;
} else if (strcasecmp(optarg, "user") == 0) {
auth_level = AUTH_USER;
} else if (strcasecmp(optarg, "valid") == 0) {
auth_level = AUTH_VALID;
} else if (strcasecmp(optarg, "off") == 0) {
/*
* This hack turns off authentication
*/
auth_level = -1;
} else {
fprintf(stderr,
"telnetd: unknown authorization level for -a\n");
}
break;
#endif /* AUTHENTICATE */
#ifdef BFTPDAEMON
case 'B':
bftpd++;
break;
#endif /* BFTPDAEMON */
case 'd':
if (strcmp(optarg, "ebug") == 0) {
debug++;
break;
}
usage();
/* NOTREACHED */
break;
#ifdef DIAGNOSTICS
case 'D':
/*
* Check for desired diagnostics capabilities.
*/
if (!strcmp(optarg, "report")) {
diagnostic |= TD_REPORT|TD_OPTIONS;
} else if (!strcmp(optarg, "exercise")) {
diagnostic |= TD_EXERCISE;
} else if (!strcmp(optarg, "netdata")) {
diagnostic |= TD_NETDATA;
} else if (!strcmp(optarg, "ptydata")) {
diagnostic |= TD_PTYDATA;
} else if (!strcmp(optarg, "options")) {
diagnostic |= TD_OPTIONS;
} else {
usage();
/* NOT REACHED */
}
break;
#endif /* DIAGNOSTICS */
#ifdef AUTHENTICATE
case 'e':
if (strcmp(optarg, "debug") == 0) {
extern int auth_debug_mode;
auth_debug_mode = 1;
break;
}
usage();
/* NOTREACHED */
break;
#endif /* AUTHENTICATE */
case 'h':
hostinfo = 0;
break;
#ifdef LINEMODE
case 'l':
alwayslinemode = 1;
break;
#endif /* LINEMODE */
case 'L':
loginprg = strdup(optarg);
/* XXX what if strdup fails? */
break;
case 'n':
keepalive = 0;
break;
#ifdef SecurID
case 's':
/* SecurID required */
require_SecurID = 1;
break;
#endif /* SecurID */
case 'S':
#ifdef HAS_GETTOS
if ((tos = parsetos(optarg, "tcp")) < 0)
fprintf(stderr, "%s%s%s\n",
"telnetd: Bad TOS argument '", optarg,
"'; will try to use default TOS");
#else
fprintf(stderr, "%s%s\n", "TOS option unavailable; ",
"-S flag not supported\n");
#endif
break;
#ifdef AUTHENTICATE
case 'X':
/*
* Check for invalid authentication types
*/
auth_disable_name(optarg);
break;
#endif /* AUTHENTICATE */
default:
fprintf(stderr, "telnetd: %c: unknown option\n", ch);
/* FALLTHROUGH */
case '?':
usage();
/* NOTREACHED */
}
}
argc -= optind;
argv += optind;
if (debug) {
int s, ns;
socklen_t foo;
struct servent *sp;
struct sockaddr_in sn;
memset(&sn, 0, sizeof(sn));
sn.sin_family = AF_INET;
if (argc > 1) {
usage();
/* NOTREACHED */
} else if (argc == 1) {
if ((sp = getservbyname(*argv, "tcp"))!=NULL) {
sn.sin_port = sp->s_port;
}
else {
int pt = atoi(*argv);
if (pt <= 0) {
fprintf(stderr, "telnetd: %s: bad port number\n",
*argv);
usage();
/* NOTREACHED */
}
sn.sin_port = htons(pt);
}
} else {
sp = getservbyname("telnet", "tcp");
if (sp == 0) {
fprintf(stderr, "telnetd: tcp/telnet: unknown service\n");
exit(1);
}
sn.sin_port = sp->s_port;
}
s = socket(AF_INET, SOCK_STREAM, 0);
if (s < 0) {
perror("telnetd: socket");;
exit(1);
}
(void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
if (bind(s, (struct sockaddr *)&sn, sizeof(sn)) < 0) {
perror("bind");
exit(1);
}
if (listen(s, 1) < 0) {
perror("listen");
exit(1);
}
foo = sizeof(sn);
ns = accept(s, (struct sockaddr *)&sn, &foo);
if (ns < 0) {
perror("accept");
exit(1);
}
(void) dup2(ns, 0);
(void) close(ns);
(void) close(s);
} else if (argc > 0) {
usage();
/* NOT REACHED */
}
openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
fromlen = sizeof (from);
if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
fprintf(stderr, "%s: ", progname);
perror("getpeername");
_exit(1);
}
if (keepalive &&
setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof (on)) < 0) {
syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
}
#if defined(HAS_IPPROTO_IP) && defined(IP_TOS)
{
# if defined(HAS_GETTOS)
struct tosent *tp;
if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
tos = tp->t_tos;
# endif
if (tos < 0)
tos = 020; /* Low Delay bit */
if (tos
&& (setsockopt(0, IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) < 0)
&& (errno != ENOPROTOOPT) )
syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
}
#endif /* defined(HAS_IPPROTO_IP) && defined(IP_TOS) */
net = 0;
doit(&from);
/* NOTREACHED */
return 0;
} /* end of main */
int
main(int argc, char *argv[], char *env[])
{
struct sockaddr_storage from;
int on = 1;
socklen_t fromlen;
register int ch;
int i;
#if defined(HAS_IPPROTO_IP) && defined(IP_TOS)
int tos = -1;
#endif
initsetproctitle(argc, argv, env);
pfrontp = pbackp = ptyobuf;
netip = netibuf;
#ifdef USE_SSL
/* we need to know the fullpath to the location of the
* certificate that we will be running with as we cannot
* be sure of the cwd when we are launched
*/
sprintf(cert_filepath,"%s/%s",X509_get_default_cert_dir(),
"telnetd.pem");
ssl_cert_file=cert_filepath;
ssl_key_file=NULL;
#endif /* USE_SSL */
while ((ch = getopt(argc, argv, "d:a:e:lhnNr:I:D:B:sS:a:X:L:z:")) != EOF) {
switch(ch) {
#ifdef USE_SSL
case 'z':
{
char *origopt;
origopt=strdup(optarg);
optarg=strtok(origopt,",");
while(optarg!=NULL) {
if (strcmp(optarg, "debug") == 0 ) {
ssl_debug_flag=1;
} else if (strcmp(optarg, "ssl") == 0 ) {
ssl_only_flag=1;
} else if (strcmp(optarg, "certsok") == 0 ) {
ssl_certsok_flag=1;
} else if ( (strcmp(optarg, "!ssl") == 0) ||
(strcmp(optarg, "nossl") == 0) ) {
/* we may want to switch SSL negotiation off
* for testing or other reasons
*/
ssl_disabled_flag=1;
} else if (strcmp(optarg, "certrequired") == 0 ) {
ssl_cert_required=1;
} else if (strcmp(optarg, "secure") == 0 ) {
ssl_secure_flag=1;
} else if (strncmp(optarg, "verify=",
strlen("verify=")) == 0 ) {
ssl_verify_flag=atoi(optarg+strlen("verify="));
} else if (strncmp(optarg, "cert=",
strlen("cert=")) == 0 ) {
ssl_cert_file=optarg+strlen("cert=");
} else if (strncmp(optarg, "key=",
strlen("key=")) == 0 ) {
ssl_key_file=optarg+strlen("key=");
} else if (strncmp(optarg,"cipher=",
strlen("cipher="))==0) {
ssl_cipher_list=optarg+strlen("cipher=");
} else {
/* report when we are given rubbish so that
* if the user makes a mistake they have to
* correct it!
*/
fprintf(stderr,"Unknown SSL option %s\n",optarg);
fflush(stderr);
exit(1);
}
/* get the next one ... */
optarg=strtok(NULL,",");
}
/*
if (origopt!=NULL)
free(origopt);
*/
}
break;
#endif /* USE_SSL */
#ifdef AUTHENTICATE
case 'a':
/*
* Check for required authentication level
*/
if (strcmp(optarg, "debug") == 0) {
extern int auth_debug_mode;
auth_debug_mode = 1;
} else if (strcasecmp(optarg, "none") == 0) {
auth_level = 0;
} else if (strcasecmp(optarg, "other") == 0) {
auth_level = AUTH_OTHER;
} else if (strcasecmp(optarg, "user") == 0) {
auth_level = AUTH_USER;
} else if (strcasecmp(optarg, "valid") == 0) {
auth_level = AUTH_VALID;
} else if (strcasecmp(optarg, "off") == 0) {
/*
* This hack turns off authentication
*/
auth_level = -1;
} else {
fprintf(stderr,
"telnetd: unknown authorization level for -a\n");
}
break;
#endif /* AUTHENTICATE */
#ifdef BFTPDAEMON
case 'B':
bftpd++;
break;
#endif /* BFTPDAEMON */
case 'd':
if (strcmp(optarg, "ebug") == 0) {
debug++;
break;
}
usage();
/* NOTREACHED */
break;
#ifdef DIAGNOSTICS
case 'D':
/*
* Check for desired diagnostics capabilities.
*/
if (!strcmp(optarg, "report")) {
diagnostic |= TD_REPORT|TD_OPTIONS;
} else if (!strcmp(optarg, "exercise")) {
diagnostic |= TD_EXERCISE;
} else if (!strcmp(optarg, "netdata")) {
diagnostic |= TD_NETDATA;
} else if (!strcmp(optarg, "ptydata")) {
diagnostic |= TD_PTYDATA;
} else if (!strcmp(optarg, "options")) {
diagnostic |= TD_OPTIONS;
} else {
usage();
/* NOT REACHED */
}
break;
#endif /* DIAGNOSTICS */
#ifdef AUTHENTICATE
case 'e':
if (strcmp(optarg, "debug") == 0) {
extern int auth_debug_mode;
auth_debug_mode = 1;
break;
}
usage();
/* NOTREACHED */
break;
#endif /* AUTHENTICATE */
case 'h':
hostinfo = 0;
break;
#ifdef LINEMODE
case 'l':
alwayslinemode = 1;
break;
#endif /* LINEMODE */
case 'L':
loginprg = strdup(optarg);
/* XXX what if strdup fails? */
break;
case 'n':
keepalive = 0;
break;
case 'N':
numeric_hosts = 1;
break;
#ifdef SecurID
case 's':
/* SecurID required */
require_SecurID = 1;
break;
#endif /* SecurID */
case 'S':
#ifdef HAS_GETTOS
if ((tos = parsetos(optarg, "tcp")) < 0)
fprintf(stderr, "%s%s%s\n",
"telnetd: Bad TOS argument '", optarg,
"'; will try to use default TOS");
#else
fprintf(stderr, "%s%s\n", "TOS option unavailable; ",
"-S flag not supported\n");
#endif
break;
#ifdef AUTHENTICATE
case 'X':
/*
* Check for invalid authentication types
*/
auth_disable_name(optarg);
break;
#endif /* AUTHENTICATE */
default:
fprintf(stderr, "telnetd: %c: unknown option\n", ch);
/* FALLTHROUGH */
case '?':
usage();
/* NOTREACHED */
}
}
#ifdef USE_SSL
if (ssl_secure_flag || ssl_cert_required || ssl_certsok_flag) {
/* in secure mode we *must* switch on the base level
* verify checking otherwise we cannot abort connections
* at the right place!
*/
if (ssl_verify_flag==0)
ssl_verify_flag=1;
}
/* if we are not running in debug then any error
* stuff from SSL debug *must* not go down
* the socket (which 0,1,2 are all pointing to by
* default)
*/
if (ssl_debug_flag)
ssl_log_file="/telnetd.log";
if (!do_ssleay_init(1)) {
if (bio_err!=NULL) {
BIO_printf(bio_err,"do_ssleay_init() failed\n");
ERR_print_errors(bio_err);
} else {
fflush(stderr);
fprintf(stderr,"do_ssleay_init() failed\n");
ERR_print_errors_fp(stderr);
}
exit(1);
}
if (ssl_debug_flag) {
BIO_printf(bio_err,"secure %d certrequired %d verify %d\n",
ssl_secure_flag,ssl_cert_required,ssl_verify_flag);
for(i=0;i<argc;i++)
BIO_printf(bio_err,"argv[%d]=\"%s\"\n",i,argv[i]);
}
#endif /* USE_SSL */
argc -= optind;
argv += optind;
if (debug) {
if (argc > 1) {
usage();
/* NOTREACHED */
}
wait_for_connection((argc == 1) ? *argv : "telnet");
}
openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
fromlen = sizeof (from);
if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
fatalperror(2, "getpeername");
}
if (keepalive &&
setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof (on)) < 0) {
syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
}
#if defined(HAS_IPPROTO_IP) && defined(IP_TOS)
{
# if defined(HAS_GETTOS)
struct tosent *tp;
if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
tos = tp->t_tos;
# endif
if (tos < 0)
tos = 020; /* Low Delay bit */
if (tos
&& (setsockopt(0, IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) < 0)
&& (errno != ENOPROTOOPT) )
syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
}
#endif /* defined(HAS_IPPROTO_IP) && defined(IP_TOS) */
#ifdef USE_SSL
/* do the SSL stuff now ... before we play with pty's */
SSL_set_fd(ssl_con,0);
if (ssl_only_flag) {
/* hmm ... only when running talking to things like
* https servers should we hit this code and then
* we really don't care *who* we talk to :-)
*/
SSL_set_verify(ssl_con,ssl_verify_flag,NULL);
if (SSL_accept(ssl_con) <= 0) {
static char errbuf[1024];
sprintf(errbuf,"SSL_accept error %s\n",
ERR_error_string(ERR_get_error(),NULL));
syslog(LOG_WARNING, "%s", errbuf);
BIO_printf(bio_err,"%s",errbuf);
/* go to sleep to make sure we are noticed */
sleep(10);
SSL_free(ssl_con);
_exit(1);
} else {
ssl_active_flag=1;
}
}
#endif /* USE_SSL */
net = 0;
netopen();
doit((struct sockaddr *)&from, fromlen);
/* NOTREACHED */
return 0;
} /* end of main */