argus-2.0.6.fixes.1/0000775000076600007660000000000010047733611007675 5argus-2.0.6.fixes.1/COPYING0000664000076600007660000004577307464544761010707 GNU General Public License ************************** GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 675 Mass Ave, Cambridge, MA 02139, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS Appendix: How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) 19yy This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) 19yy name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. argus-2.0.6.fixes.1/CREDITS0000664000076600007660000000073610046170227010640 CREDITS An amazing amount of work, comments and bug fixes were provided by the members of the argus mailing list. Kudos especially to: Peter Van Epp Russell Fulton Andrew Pollock Neil Long Eric Pancer William Setzer Olaf Gellert Philip Brown Of course much thanks to the continued support of Mark Poepping, Kevin Miller, Walter Wong, and Larry Greenfield at CMU for their help with all things, resources, configuration, SASL, and debugging support. argus-2.0.6.fixes.1/ChangeLog0000664000076600007660000004564210047733546011411 Mon May 10 13:02:46 EDT 2004 * bug in -F processing fixed. Wed May 5 09:15:34 EDT 2004 * argus-2.0.6 released. Fri Apr 30 14:06:01 EDT 2004 * argus-2.0.6.rc4 Fixed error with arp flow generation when there are encapsulations Fixed oversight in pcap offline reading status checking. needed to avoid libpcap-0.8.x issues and version 7 Tue Apr 13 01:18:02 EDT 2004 * argus-2.0.6.rc3 Removed clients and fixed a powerpc64 reference in ./configure.in After considerable effort, upgrading the clients to versions in argus-clients distribution proved to introduce to many changes. Concept is to bundle the argus and argus-clients in the same tar file so clients are available for the server. Mon Feb 23 09:37:57 EST 2004 * argus-2.0.6 Mods to configure.in and aclocal.m4 to fix/ remove bash specific test directives. Fix Mac OS X issues with multiple bpf.h includes. Mon Feb 16 21:39:02 EST 2004 * argus-2.0.6 Added alignment mods to icmp processing, als William Seltzer. Fri Dec 5 11:25:21 EST 2003 * argus-2.0.6 Modified top most Makefile.in to descend into subdirs only once. Updated ./include/compat.h for BSD's. Removed calling getopt() twice in argus.c. Wed Dec 3 16:36:57 EST 2003 * argus-2.0.6 Modified ArgusLog reporting for failures in ArgusWriteOutputSocket. Modified some constants in ArgusUtil.c for better recovery. Wed Aug 20 10:09:27 EDT 2003 * argus-2.0.6.beta.14 Updated the autoconfig files, config.guess/config.sub Sun Aug 17 22:39:53 EDT 2003 * argus-2.0.6.beta.13 Made change to gencode.c to fix poor 'proto value' parsing. Tue Jul 15 23:27:56 EDT 2003 * argus-2.0.6.beta.11 Made changes for FreeBSD getopt() peculiarities. Fixed omission setting Input type. Added test for __APPLE__ in compat.h. Thu Jul 10 13:50:20 EDT 2003 * argus-2.0.6.beta.10 Made changes to support --prefix=dir searching for pcap.h in the prefix directories, ala Philip Brown. Wed Jul 9 13:07:24 EDT 2003 * argus-2.0.6.beta.10 Changed default configuration file strategies, so as to remove the surprises. Basically take out ARGUSPATH support, and not read /etc/argus.conf if a configuration file is provided. Fri May 2 01:15:57 EDT 2003 * argus-2.0.6.beta.9 Fixed RTP loss reporting. Wed Mar 26 08:56:09 EST 2003 * argus-2.0.6.beta.8 Fixed MULTIPATH status indicators for ether address changes. Mods for 1.8 compatibility problems in ra* programs. Wed Mar 19 12:51:42 EST 2003 * argus-2.0.6.beta.7 Modified -C so that it looks for Cisco wire format whether its a file "-r" or off the wire "-S". Tue Dec 17 09:15:51 EST 2002 * argus-2.0.6.beta.6 Modified -L so that -1 turns labels off. Modified ra() usage() output for -nn. Sun Dec 1 21:50:46 EST 2002 * argus-2.0.6.beta.5 Modified ./Makefile.in to fix alpha make problem. Modified type for error() routine in ./include/argus_filter.h Sun Nov 10 09:11:59 EST 2002 * argus-2.0.6.beta.4 Added ArgusSllPacket to handle DLT_LINUX_SLL type. Updated autoconf config.* files. Mon Jul 22 10:19:48 EDT 2002 * argus-2.0.6.beta.3 Added Olaf's mods to rapolicy, man page and Makefile.in changes to actually make it from the distribution. Fri Jul 19 08:55:56 EDT 2002 * argus-2.0.6.beta.2 Fix problem with not setting filter correctly. Exit after reporting filter with -b option. Fri Jul 01 13:12:31 EDT 2002 * argus-2.0.6.beta.1 Modify -n printing behavior to support -n, -nn and -nnn. Fri May 31 07:39:21 EDT 2002 * argus-2.0.5 Fix configure.in and aclocal.m4 issues with LARGEFILE support. Removed special case for solaris 2.8 and above. Wed May 22 07:19:31 EDT 2002 * argus-2.0.5 Fix problem where libpcap returns bogus IP packet length. Adjust modes for all open's using CREAT, use 0644 Assign tv_sec and tv_usec independantly rather than whole timeval in one swoop. Tue May 21 22:07:07 EDT 2002 * argus-2.0.5 Removed ./include/net/bpf.h Minor variation to compat.h for OS X Thu May 16 12:05:20 EDT 2002 * argus-2.0.5 More Mods for Mac OS X port. Thu May 16 10:33:49 EDT 2002 * argus-2.0.5 Mods for Mac OS X port. Mods for RTCP tracking Minor format change for wildcarded ports in TCP Tue May 7 09:43:40 EDT 2002 * argus-2.0.5 Mods for native Solaris compiler "--without-gcc". Mods to ignore /usr/include as pcap.h search path. Mods to remove dependancy on pcap-int.h Having to declare an arguspcap struct and provide declarations for pcap_read() and pcap_read_offline() because the tcpdump.org guys are somewhat brain dead on what should be private and public. Mods for NetBSD port, minor issues in compat.h. Fixed bug with snoop capture file processing. Mon May 6 12:47:32 EDT 2002 * argus-2.0.5 Slight mods for NetBSD port. Fri May 3 08:45:15 EDT 2002 * argus-2.0.5 Modified configure to check for pcap-int.h Fixed core dump on argus command line kill. Closing socket twice. Wed Apr 24 19:02:35 EDT 2002 * argus-2.0.5 Fixed jitter issue. Tue Mar 19 14:11:31 EST 2002 * argus-2.0.5.beta.6 Implement Yotam's pid file option. Modified argus.conf file for new options, and added new command line. Changed default number of instances, which changed the default pid file format. Tue Mar 05 09:26:43 EST 2002 * argus-2.0.5.beta.6 Put in missing break on Cisco parsing routines. Tue Feb 26 11:54:48 EST 2002 * argus-2.0.5.beta.5 Major omission in open for ArgusWriteNewOutfile..... Mon Feb 25 16:50:41 EST 2002 * argus-2.0.5.beta.4 Fixed Cisco netflow record reading, problem passing buf instead of pointer to buf. Also change stat to fstat in ArgusWriteNewLog ... Problem with file going away. Sat Feb 23 16:52:12 EST 2002 * argus-2.0.5.beta.3 Fixed Cisco netflow record reading. Somehow the beta.1 stuff didn't take so well. Tue Feb 19 09:49:38 EST 2002 * argus-2.0.5.beta.2 Deallocated ArgusOutputList records on ArgusSocketClose(); Wed Jan 16 09:37:06 EST 2002 * argus-2.0.5.beta.1 Fixed Cisco netflow reading off the wire. Reenabled LBL_ALIGN testing in configure.in and aclocal.m4 Fri Jan 11 10:56:02 EST 2002 * argus-2.0.4 Added creating man/man1 dir in install logic. Wed Jan 2 23:45:11 EST 2002 * argus-2.0.4 Fixed time parsing problem with explicit dates (where explicit day is specified) Wed Jan 2 08:36:13 EST 2002 * argus-2.0.4 Modified server/Makefile.in to install argus_V_PCAP as /usr/local/sbin/argus, and updated the INSTALL program. Wed Dec 26 10:45:06 EST 2001 * argus-2.0.4 Last modification to raxml() to get clean compile on FreeBSD. Mon Nov 26 14:54:30 EST 2001 * argus-2.0.4 Added new raxml() and updated all the schemas. Mon Nov 26 14:54:30 EST 2001 * argus-2.0.4.beta.5 Partially fixed Cisco NetFlow parsing from UDP port, and generating argus converted datafile from NetFlow stream. Added Russell's perl scripts and modules to the distribution. Tue Nov 13 14:08:21 EST 2001 (carter@qosient.com) * argus-2.0.4.beta.4 Fixed ArgusIpPacket() as a DLT_RAW decoder placeholder in decoder array. Moved NULL entry just pass DLT_RAW. Fixed major record reading problem in ArgusReadSaslStreamSocket. Added tests for LFS in ./configure.in Fri Nov 9 10:57:01 EST 2001 (carter@qosient.com) * argus-2.0.4.beta.3 Added ArgusIpPacket() as a DLT_RAW decoder for Linux PPP and SLIP. Mon Nov 5 10:15:39 EST 2001 (carter@qosient.com) * argus-2.0.4.beta.2 Adopted argus-clients configure.in strategy Fixed problem with dport being assigned 0xFFFF rather than testing if its 0xFFFF, in common/argus_util.c. Turned on HOSTS_ACCESS in ArgusOutput.c, and fixed issue with RH Linux having dependancy on NIS for native -lwrap so that ./configure figures it out. Fri Nov 2 09:08:40 EST 2001 (carter@qosient.com) * argus-2.0.4.beta.1 Fixed problem with file status checking in ArgusWriteOutSocket Problem writing to removed file if we had queued records waiting to go out the file before it was removed. Wed Oct 31 09:27:16 EST 2001 (carter@qosient.com) * argus-2.0.4 Fixed so that you can attach to interface that isn't configured with an address. Changed pcap_open_live() to use 250 millisecond timeout. Modified clients to print 0xffff port value when not merged record. Sun Oct 14 11:43:16 EDT 2001 (carter@qosient.com) * argus-2.0.4 Fixed bug when reading from file generated by SASL enabled server. Fixed server side filtering problem, filtering against ArgusRecord, rather than canonical record. Fri Oct 12 09:45:12 EDT 2001 (carter@qosient.com) * argus-2.0.3 Fixed issues with Solaris port of Kevin's patch converted to using gethostbyname(). Fixed filtering problem when reading from multiple interfaces. We were only filtering the first interface. Thu Oct 11 15:44:48 EDT 2001 (carter@qosient.com) * argus-2.0.3 Fixed issues with OpenBSD port via Peter mail Added Kevin Miller's -B option support for specifying the bind address for the remote access listen. Mon Oct 1 09:27:55 EDT 2001 (carter@qosient.com) * argus-2.0.2redux Changed to GPL for entire release. Fixed issues with OpenBSD port, maybe, this time ;o) Mon Sep 17 14:37:54 EDT 2001 (carter@qosient.com) * argus-2.0.2a Fixed memory leak problems with UserData Buffer Fri Sep 7 08:51:53 EDT 2001 (carter@qosient.com) * argus-2.0.2a Fixed typo problems with OpenBSD fixes. Mon Aug 27 12:39:11 EDT 2001 (carter@qosient.com) * argus-2.0.2 Fixed libwrap.a linking problem. Fixed problems with OpenBSD port. Mon Aug 20 09:57:22 EDT 2001 (carter@qosient.com) * argus-2.0.2 Fixed ./configure bug with --with-sasl=yes but not installed. Mon Jul 23 09:06:09 EDT 2001 (carter@qosient.com) * argus-2.0.2-beta.7 Fixed compiler parsing error for hosts with numbers in their name. Fixed SASL configure support. Compile with SASL by using "./configure --with-sasl=yes" Wed Jul 18 08:34:29 EDT 2001 (carter@qosient.com) * argus-2.0.2-beta.6 Fixed malformed IP packet parsing bug. Tue Jul 17 08:30:05 EDT 2001 (carter@qosient.com) * argus-2.0.2-beta.5 Fixed file creation problem with BLOCKING I/O. Seemed to have fixed file overwrite problem. Tue Jul 17 08:30:05 EDT 2001 (carter@qosient.com) * argus-2.0.2-beta.5 Updated bin/config.guess and bin/config.sub. Mods to fix Solaris and FreeBSD ports. Remove ./include/linux-include from includes and adjusted ./include directory. Created ./include/netinet,net and modified ./configure. Adjusted include files in ./server/ArgusModeler.h. Fri Jul 13 18:25:35 EDT 2001 (carter@qosient.com) * argus-2.0.2-beta.4 Fix to avoid kill (-1, HUP) call, which really does a number to your shell, etc... Tue Jul 10 09:57:12 EDT 2001 (carter@qosient.com) * argus-2.0.2-beta.3 Mods to remove extraneous characters from #endif statements. Mods to fix little endian issues in FreeBSD. Thu Jun 14 09:49:57 EDT 2001 (carter@qosient.com) * argus-2.0.2-beta.2 Mods for ARGUS_MAXERROR being reached possibly in error. Increased threshold for list getting big message to 50000 Sat Jun 9 12:51:27 EDT 2001 * argus-2.0.2 Added contrib files "hostpair.dist" back to distribution Fixed problem with ra* growing when reading a lot of archive files. Fix filter support for ether proto names. Fixed loop as keyword. Thu Jun 7 11:35:27 EDT 2001 * argus-2.0.2 Fixed potential problem with output record truncation. Increased ArgusMaxListLength an order of magnitude. Fixed ./suppport/Config/argus.conf error. Fri May 4 06:26:50 EDT 2001 (carter@qosient.com) * argus-2.0.1 Fixed multiple interface support. Tue Apr 24 08:29:17 EDT 2001 (carter@qosient.com) * argus-2.0.1.beta.4 Added range checking for ra* input. Added Src ip_id reporting in all IP Flows. Ported for Client Only compile to Cygwin. (no libpcap). Added -v option to rasort() for inverse sorting rules. Updated ragator/ramon and raxml to handle ip_id. Updated all Support/Xml/* schema, dtd and ancillary files. Tue Apr 24 08:29:17 EDT 2001 (carter@qosient.com) * argus-2.0.1.beta.3 Fix some problems with user data reporting. Improved ragrep-2.1.0 support. Wed Apr 18 17:04:58 EDT 2001 (carter@qosient.com) * argus-2.0.1.beta.3 Fix some problems with ragator aggregation. Process output queue even if we are over the limit. Sat Apr 14 18:35:31 EDT 2001 (carter@qosient.com) * argus-2.0.1.beta.2 Completely overhauled socket record reading strategy. Added argus writing out tcpdump formatted packet file for packets of interest. Currently all packets are of interest. Thu Apr 5 20:50:09 EDT 2001 (carter@qosient.com) * argus-2.0.1.beta.1 Reinstated SIGCHLD processing in ArgusOutputProcess (Multiplexor) to fix problem with remote access causing argus() to terminate. Improved ArgusOutputProcess queue processing strategy. Sync all select()'s to use 200000 usec timeout. Modified queue constants for better performance under load. Fixed problem with wrong size reported for Vlan DSR. Fixed problem with MOAT packet processing, not clearing ArgusThisFlow before processing. Turned off client exit message when not in daemon mode. Thu Mar 15 15:04:12 EST 2001 (carter@qosient.com) * argus-2.0.0 Fixed problems reading 1.8x data files. Wed Mar 14 10:15:50 EST 2001 (carter@qosient.com) * argus-2.0.0.beta.13 Added 30 second watermark triggered syslog() reporting when an output queue is above 1024 records. Instrumented throwing records away when output Queue is too large reporting to syslog. Tuned queue failure mechansisms. MAXQUEUE is now 8096, MAXERROR is now 5000, added lastOutput timer on output list, and sleeping for usleep(200) instead of usleep(1). Mods so that Argus will not blow away log file when it is restarted. Fix to raxml() to not print IMPLIED IcmpType for ECO types. Was printing "(null)" on Linux, and dying on Solaris. Tue Mar 13 21:22:51 EST 2001 (carter@qosient.com) * argus-2.0.0.beta.12 Mods to ArgusWriteOutSocket() to fix "just stops writing" bug. Put copy of if_arp.h in ./include/linux-include/net Added configure support for BSDI port. Fixed argusbug 'install-bug' omission Fri Mar 9 12:56:01 EST 2001 (carter@qosient.com) * argus-2.0.0.beta.11 release Added MOAT Time Sequence Header file support. argus -t option. Improved Fragment User data buffer support. Fix for rarp filter expression problems. Wed Mar 7 09:24:14 EST 2001 (carter@qosient.com) * argus-2.0.0.beta.10 release Mods to improve racount() with updated man page. Fix for -F config.file error reporting and termination. Fix for negative byte count reporting in ramon(). Shifted from %d to %u in argus_util.c. Remove fstat() on socket in argus for NetBSD port. Mon Mar 5 10:45:24 EST 2001 carter (carter@qosient.com) * argus-2.0.0.beta.9 Mods for read() loop in ra* clients. Added Mpls and Vlan tag reporting in raxml(). Updated XML schema definations and support files. Tue Feb 27 17:52:29 EST 2001 carter (carter@qosient.com) * argus-2.0.0.beta.8 Mods for OpenBSD port. Fixes for coredump reported by Russell. ArgusUtil.c queue pointer value checking added, and ArgusModeler.c now reallocates fragment extension buffer if not there. This probably happens if fragments are retransmitted but we've already update the parent flow. Wed Feb 21 10:00:09 EST 2001 carter (carter@qosient.com) * argus-2.0.0.beta.7 Added Mpls and Vlan DSR parsing and filtering support. Added Mpls and Vlan DSR value reporting support. Modified gencode.c to support new Canonical Record format. Finalized argus.out file to be in /var/log/argus. Removed 'frag' protocol overide and added 'f' indicator. Fixed RaPackQueue in rasort(), ramon() and rapath(). Added debugging for rasort() RaCopyArgusRecord(). Updated man pages for web site html versions Modified flow scheduling algorithms. Fixed(?) Fragment tracking error. Fix ./configure for when libpcap isn't found. Fri Feb 16 18:36:36 EST 2001 carter (carter@qosient.com) * argus-2.0.0.beta.6 Add new argus flow scheduler under heavy loads. Force ArgusTcpWrapper section to use ArgusLog() for access logging. Mods to fix ArgusNtoH and ArgusHtoN for Mar record, ntohll(). Mods to get clean compile on Solaris Mods to ./support/Config/argus.conf and rarc for readability. Added MPLS, 802.1Q and PPPoE DSR types in ./include/argus_defs.h. Fixed ramon() output problem on FreeBSD. Fixed rasort() and rapath() dump problems. Moved ./docs directory to ./doc. Modification to default paths. Decided to follow Yotam's suggestions regarding default installation, and so I had to update Makefile.in, ./configure, argusarchive(), Scripts/* and all the docs. Installing in /usr/local/argus, /usr/local/[s]bin. Additions to the FAQ Fixed possible memory leak with extremely high loads. check all allocated variables before assignment. Wed Feb 14 12:54:11 EST 2001 carter (carter@qosient.com) * argus-2.0.0.beta.5 Added new version of ./contrib/hostpairs Modified ./support/Archive/argusarchive to use rasort before putting into archive. should aggregate as well, but hold off for that right now. Fixed counting problem with ragator(). Removed ArgusChildExit as signal handler for SIGCHLD in argus. Updated the VERSION number to argus-2.0.0.beta.5. Forgot last time. Updated rasort() to support -A option (application bytes). Updated ragator() RaMergeArgusRecord() deal with counter rollover. Updated rapath() and ramon() to use new RaMergeArgusRecord(); Added ramon.1 man page, needs work. Fixed Segmentation Fault in raxml() with TCP frag_only records. Tue Feb 13 18:50:50 EST 2001 carter (carter@qosient.com) * argus-2.0.0.beta.4 Fixed 'retrans' and 'normal' ra* compiler code generation for these keywords. Fixed condition where internal queues could be filled without being processed. Added more gracious processing logic when internal queues get full. Fixed possible NULL pointer scenario in RTP stream processing. Sun Feb 11 21:22:28 EST 2001 carter (carter@qosient.com) * argus-2.0.0.beta.3 Fixed time value problems with merged records in ragator(). Added decoding for PPPoE encapsulation Added processing and printing of Aggregation struct in raxml and ragator(). Added encapsulation reporting in ra* clients. Modified argus output constants to free up some bits. Fixed argus() ArgusClientProcess select calls to fix premature exit(). Added a few new ArgusDebug calls for clarity. Added exception processing for EINTR around read() in argus_parse.c to fix problem with ra() prematurely exiting. Thu Feb 8 15:22:41 EST 2001 carter (carter@qosient.com) * argus-2.0.0.beta.2 Fixed all compiler warnings. Man and Doc page updates (still needs work). Html version of man pages added to doc/html Xml Support file completion. Wed Feb 7 12:38:03 EST 2001 carter (carter@qosient.com) * Started ChangeLog with argus-2.0.0.beta.1 Mods to ESP flow reporting in argus() and ra*() clients. argus-2.0.6.fixes.1/INSTALL0000664000076600007660000002614410036675612010661 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ * */ QUICK MAKE If all things are ready, distribution untarred, and you have libpcap and bison installed on your system, you should be able to make argus by simply typing: % ./configure % make If you have any problems with this procedure, read further, if not congratulations. You can proceed to INSTALLATION. DEPENDENCIES The Argus server is dependant on two public domain packages; libpcap, which provides Argus's portable packet capture interface, and bison(). Both of these packages must be installed in order to compile argus. Below is the offical source of libpcap: LIBPCAP-0.6.2 http://www.tcpdump.org And the official site for bison is: bison-1.28 http://www.gnu.org/software/bison/bison.html Because the Argus is dependant on libpcap and bison, you will need to have installed these packages prior to building the Argus server. Please refer to the individual packages for their specific installation instructions. If you are not interested in performing a system installtion for libpcap, then we highly recommend untaring libpcap in the same directory that you untared Argus. Argus's ./configure can then easily find the package. If your interest is to simply use the ra* tools on a chosen platform, then libpcap is not needed. Argus client tools are, however, dependant on bison. Argus can link to the public domain package tcp_wrappers to provide remote access control. At this time, the lastest version is tcp_wrappers-7.6. If tcp_wrappers in not installed on your system, then installing this package in the same directory as libpcap and argus is recommended. tcp_wrappers.7.6 Wietse Venema (wietse@wzv.win.tue.nl) Department of Mathematics and Computing Science Eindhoven University of Technology P.O. Box 513 5600 MB Eindhoven The Netherlands ftp://ftp.porcupine.org/pub/security Argus can also link to the cryptographic package SASL, the Simple Authentication and Security Layer, which provides strong authentication and wireline confidentiality for argus data. Because of its features and flexibility, we highly recommend using SASL, and becoming experienced with its administration. cyrus-sasl-1.5.24 Carnegie Mellon Univeristy http://asg.web.cmu.edu/sasl ftp://ftp.andrew.cmu.edu/pub/cyrus-mail If you want to link Argus to SASL, you'll need to have sasl installed and configured for use. This is not trivial, but with newer linuxes, the process is painless. To enable SASL security, on a clean distribution, simply type: % ./configure --with-sasl=yes % make CONFIGURE The program, ./configure, will scan the file system, looking for the libpcap and tcp_wrapper directories and libraries and make assumptions about the platform. ./configure will try to choose between gcc, acc, cc, flex, lex, bison and yacc. The choice of libpcap interface, whether it is bpf, pf, enet, snit, nit, snoop or dlpi, will be made automatically, based on the libpcap library that is found. If the libpcap or tcpwrapper packages are not discovered, the ./configure script will create Makefiles so that you can build the client programs for Argus, as these programs do not have dependancies on these packages. Configure will create links for the libpcap.a and libwrap.a libraries in ./lib, and will create links to the distribution directories as ./libpcap and ./wrapper. Configure will attempt to find the libpcap and tcp_wrappers distribution directories, and their corresponding libraries. The path used to find these dependancies is ./libpcap, ./wrapper, /usr/lib, /usr/local/lib, ../libpcap, ../wrapper, ../tcp_wrappers, ../libpcap-[0-9]*.[0-9ab]*, and ../tcp_wrappers[-.][0-9]*.[0-9ab]*. Because of major changes between tcp_wrappers-6 and tcp_wrappers-7, ./configure needs to discover the tcp_wrappers version number. It does this by scanning the patchlevel.h file in the tcp_wrapper distribution, as a result, ./configure will attempt to find and then establish a link to your tcp_wrappers distribution directory. Again, we recommend that you install your libpcap and tcp_wrappers distribution directories, or links to them, in either the same directory as the Argus distribution, or as the directories ./libpcap and ./wrapper, in the Argus directory. Additionally, for linux, the linux-include directory available in the patched libpcap-0.0.6 distribution has been included in the distribution. It comes with comes with libpcap-0.0.6, however missing some crucial files that have been added. Configure will determine what interface will be used by Argus, by scanning the libpcap.a library. The resulting Argus server will be named with an interface specific label. This is done to assist those who will build multiple versions of Argus from a single machine. BUILDING ARGUS So, after all that, to build Argus on a supported platform, first run ./configure. ./configure will determine your system attributes and generate subdirectories and the appropriate Makefiles from the Makefile.in files found in the distribution. After this, run "make". If everything goes well, appropriate libraries and binaries will be found in the ./bin and ./lib subdirectories. So, .... % ./configure % make Argus will be found as ./bin/argus_"libpcap_interface_name". So for a libpcap.a that is built to support the /dev/snit interface, argus will be named ./bin/argus_snit. For linux, it will be name ./bin/argus_linux, for Solaris it will be named, ./bin/argus_dlpi. The libpcap package library determines the interface type for argus, so if you want to make argus for another interface, you will have to make the appropriate libpcap.a for it, and install the appropriate libpcap library in a place so that the ./configure script to find it. After you do that: % make clobber % ./configure % make So, at this point you should have all the execuables needed. But, if you are having problems, it may be related to your compiler or the flex and bison utilities. So, ... You will need an ANSI C compiler to build argus. If your compiler is not ANSI compliant, we highly recommend using the GNU C compiler, available via anonymous ftp: ftp://prep.ai.mit.edu/pub/gnu/gcc-*.tar.gz Argus requires bison and flex. For flex, version 2.4.6 or higher is recommended. The current version of flex and bison are available via anonymous ftp: ftp://prep.ai.mit.edu/pub/gnu/bison-*.tar.gz ftp://prep.ai.mit.edu/pub/non-gnu/flex/flex-*.tar.gz Now, if you are still having problems, ..., well its hard to say from here what it might be. So, you may want to send us some mail. INSTALLATION QUICK INSTALL If all things are well at this point, and you will be using the installation strategy that we use, all you need do now is: # make install This will create the /usr/argus directory and move all the binaries, supporting programs, man pages and documenation into /usr/local/bin, /usr/local/sbin, or /usr/argus. At the end, you will find argus as /usr/local/sbin/argus. If you are unsure about the standard installtion, run % make -n install to review what make will try to do. If you would like to do something other than the standard install, then please continue to read through this file. At this point your ready to run argus.. If you are planning on running argus as a persistant daemon on your machine, then one additional step is recommended, and that is setting up /etc/argus.conf. # cp ./support/Config/argus.conf /etc You must edit /etc/argus.conf file for argus to work, as the default configuration will have argus do a lot of work but not output anything. We recommend at least specifying a value for ARGUS_OUTPUT_FILE=. If you want to attach to the running argus in realtime, then also uncomment the line #ARGUS_ACCESS_PORT=561 But if you wanted to do something different, then read on. INSTALLATION NOTES Argus does not have any installation retrictions, so you can install Argus anywhere. There are some conventions that have been established, and I'll present them here, but you can, of course, do your own thing. I have found it useful to have an argus home directory to hold the binaries, argus configuration files, the argus output file, and hold my argus data archive. If you would like to use this strategy, create your directory, and create the environment variable ARGUSHOME and set it to this directory. I have used /usr/argus on some systems, and people like that as an alternative to the default of using /usr/local. I prefer putting the argus ra* client binaries in /usr/argus/bin and argus itself, in /usr/argus/sbin, but that is just me. After making, as root, I just: # mkdir /usr/argus /usr/argus/bin /usr/argus/sbin # cp bin/ra* /usr/argus/bin # cp bin/argusbug /usr/argus/bin # cp bin/argus_* /usr/argus/sbin/argus It is convenient to chmod argus so that it is "setuid root", but many feel that this is a major security problem, as any user could then start an argus on the system, or worse, start any program, using argus as a gate. Although Argus is designed to prevent this type of abuse, you never know, so use this technique at at your discretion. # chmod 4755 /usr/argus/sbin/argus Argus has a system configuration file that normally resides as /etc/argus.conf. You can install this file anywhere, but the argus itself has a integrated $PATH that includes /etc/argus.conf and scripts that are provided in the ./support directory will assume that the configuration is at /etc/argus.conf. # cp ./support/Config/argus.conf /etc/argus.conf You will want to edit this file to choose values of your liking. The sample has all the common values set and has enough description of the variable to get you started. Copying the man and doc directories is nice. # tar cf - doc man | (cd /usr/argus; tar xvpf -) This should handle the basic installion. Any comments, patches, bug reports or additions should be sent to argus@lists.andrew.cmu.edu. PORTABILITY Argus and its supporting routines have been developed on Sparc architectures under SunOS 4.1.x and Solaris 2.7, and have been successfully ported to Solaris, SGI, Ultrix, Linux, Debian, OpenBSD, NetBSD and FreeBSD platforms. The client programs have also been ported to Cygwin, the GNU unix environment for Windows. No claim is made as to the portability of Argus to other platforms, although it is much easier now that we've addressed the big endian little endian issues. If you make any modifications to support installing and running Argus in any other environment, please send us comments and/or patches. We will be most grateful. argus-2.0.6.fixes.1/MANIFEST0000664000076600007660000002660510046177220010754 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ * */ Argus Software Distribution .: total 372 -rw-rw-r-- 1 argus argus 19451 May 3 2002 COPYING -rw-rw-r-- 1 argus argus 7429 Feb 23 10:00 COPYRIGHT -rw-rw-r-- 1 argus argus 478 May 5 09:48 CREDITS -rw-rw-r-- 1 argus argus 19301 May 5 09:15 ChangeLog -rw-rw-r-- 1 argus argus 11364 Apr 13 01:32 INSTALL -rw-rw-r-- 1 argus argus 11653 May 5 10:47 MANIFEST -rw-rw-r-- 1 argus argus 5547 Apr 13 01:32 Makefile.in -rw-rw-r-- 1 argus argus 3715 Feb 23 10:00 README -rw-rw-r-- 1 argus argus 6 May 5 09:54 VERSION -rw-rw-r-- 1 argus argus 21733 Feb 23 10:00 aclocal.m4 -rwxrwxr-x 1 argus argus 203315 May 5 10:27 configure -rw-rw-r-- 1 argus argus 5561 May 5 10:27 configure.in drwxrwxr-x 3 argus argus 4096 Apr 30 14:14 bin drwxrwxr-x 3 argus argus 4096 Apr 30 13:43 clients drwxrwxr-x 3 argus argus 4096 May 5 10:47 common drwxrwxr-x 3 argus argus 4096 Apr 30 13:43 config drwxrwxr-x 5 argus argus 4096 Apr 30 13:43 contrib drwxrwxr-x 4 argus argus 4096 Apr 30 13:43 doc drwxrwxr-x 7 argus argus 4096 Apr 30 13:43 include drwxrwxr-x 3 argus argus 4096 May 5 10:47 lib drwxrwxr-x 6 argus argus 4096 Apr 30 13:43 man drwxrwxr-x 3 argus argus 4096 May 5 10:47 server drwxrwxr-x 9 argus argus 4096 May 5 09:51 support ./bin: total 100 -rwxrwxr-x 1 argus argus 9328 May 3 2002 argusbug -rwxrwxr-x 1 argus argus 38862 Feb 28 2001 config.guess -rwxrwxr-x 1 argus argus 27150 Feb 28 2001 config.sub -rwxrwxr-x 1 argus argus 4778 May 5 2001 configure.in -rwxrwxr-x 1 argus argus 5585 Aug 7 2000 install-sh -rwxrwxr-x 1 argus argus 2350 Aug 23 2000 mkdep ./clients: total 0 ./common: total 448 -rwxrwxr-x 1 argus argus 5515 Feb 23 10:00 Makefile.in -rwxrwxr-x 1 argus argus 13951 Feb 23 10:00 argus_auth.c -rwxrwxr-x 1 argus argus 141171 Feb 23 10:00 argus_filter.c -rwxrwxr-x 1 argus argus 120313 Feb 23 10:00 argus_parse.c -rwxrwxr-x 1 argus argus 88099 Feb 23 10:00 argus_util.c -rwxrwxr-x 1 argus argus 43727 Feb 23 10:00 gencode.c -rwxrwxr-x 1 argus argus 9331 Apr 13 00:30 grammar.y -rwxrwxr-x 1 argus argus 5481 Feb 23 10:00 scanner.l ./config: total 88 -rwxrwxr-x 1 argus argus 40969 Aug 20 2003 config.guess -rwxrwxr-x 1 argus argus 29636 Aug 20 2003 config.sub -rwxrwxr-x 1 argus argus 5585 May 3 2002 install-sh -rwxrwxr-x 1 argus argus 616 May 3 2002 mkinstalldirs ./contrib: total 8 drwxrwxr-x 5 argus argus 4096 Apr 30 13:43 Argus-perl-2.00 drwxrwxr-x 3 argus argus 4096 Apr 30 13:43 hostpairs.dist ./contrib/Argus-perl-2.00: total 8 drwxrwxr-x 3 argus argus 4096 Apr 30 13:43 Argus drwxrwxr-x 3 argus argus 4096 Apr 30 13:43 t ./contrib/Argus-perl-2.00/Argus: total 0 ./contrib/Argus-perl-2.00/t: total 0 ./contrib/hostpairs.dist: total 0 ./doc: total 56 -rw-rw-r-- 1 argus argus 1822 Feb 20 2001 CHANGES -rw-rw-r-- 1 argus argus 25737 Apr 13 01:33 FAQ -rw-rw-r-- 1 argus argus 13193 Apr 13 01:33 HOW-TO -rw-rw-r-- 1 argus argus 1196 Apr 13 01:33 README drwxrwxr-x 4 argus argus 4096 Apr 30 13:43 html ./doc/html: total 4 drwxrwxr-x 3 argus argus 4096 Apr 30 13:43 man ./doc/html/man: total 32 -rw-rw-r-- 1 argus argus 5414 Mar 15 2001 argus.5.html -rw-rw-r-- 1 argus argus 9828 Mar 15 2001 argus.8.html -rw-rw-r-- 1 argus argus 10321 Mar 15 2001 argus.conf.5.html ./include: total 240 -rwxrwxr-x 1 argus argus 17956 May 3 2002 CflowdFlowPdu.h -rwxrwxr-x 1 argus argus 3849 Feb 23 10:00 argus-namedb.h -rwxrwxr-x 1 argus argus 11461 Feb 23 10:00 argus_def.h -rwxrwxr-x 1 argus argus 8270 Feb 23 10:00 argus_filter.h -rwxrwxr-x 1 argus argus 4022 May 3 2002 argus_llc.h -rwxrwxr-x 1 argus argus 9140 Feb 23 10:00 argus_out.h -rwxrwxr-x 1 argus argus 51590 Feb 23 10:00 argus_parse.h -rwxrwxr-x 1 argus argus 8039 Feb 23 10:00 argus_util.h -rwxrwxr-x 1 argus argus 3716 Oct 13 2000 bootp.h -rwxrwxr-x 1 argus argus 6756 Feb 23 10:00 compat.h -rwxrwxr-x 1 argus argus 4414 Feb 23 10:00 cons_def.h -rwxrwxr-x 1 argus argus 5161 Feb 23 10:00 cons_out.h -rwxrwxr-x 1 argus argus 10253 Feb 23 10:00 ethernames.h -rwxrwxr-x 1 argus argus 3466 Jan 10 2001 ethertype.h -rwxrwxr-x 1 argus argus 2762 Feb 23 10:00 extract.h -rwxrwxr-x 1 argus argus 3671 Feb 23 10:00 fddi.h -rwxrwxr-x 1 argus argus 6711 Feb 23 10:00 gencode.h -rwxrwxr-x 1 argus argus 5130 Feb 23 10:00 interface.h -rwxrwxr-x 1 argus argus 4200 Feb 23 10:00 os.h -rwxrwxr-x 1 argus argus 2406 Sep 26 2000 ppp.h -rwxrwxr-x 1 argus argus 4700 May 3 2002 saslint.h -rwxrwxr-x 1 argus argus 5506 Dec 1 2002 sll.h drwxrwxr-x 8 argus argus 4096 Apr 30 13:43 linux-include drwxrwxr-x 3 argus argus 4096 Apr 30 13:43 net drwxrwxr-x 4 argus argus 4096 Apr 30 13:43 netbsd-include drwxrwxr-x 3 argus argus 4096 Apr 30 13:43 netinet ./include/linux-include: total 20 drwxrwxr-x 3 argus argus 4096 Apr 30 13:43 linux drwxrwxr-x 3 argus argus 4096 Apr 30 13:43 net drwxrwxr-x 3 argus argus 4096 Apr 30 13:43 netinet drwxrwxr-x 3 argus argus 4096 Apr 30 13:43 protocols drwxrwxr-x 3 argus argus 4096 Apr 30 13:43 sys ./include/linux-include/linux: total 4 -rwxrwxr-x 1 argus argus 1679 Aug 7 2000 if_arp.h ./include/linux-include/net: total 12 -rw-rw-r-- 1 argus argus 1679 Mar 12 2001 if_arp.h -rwxrwxr-x 1 argus argus 3879 May 16 2002 slcompress.h -rwxrwxr-x 1 argus argus 177 Aug 7 2000 slip.h ./include/linux-include/netinet: total 56 -rwxrwxr-x 1 argus argus 1855 May 5 2001 if_ether.h -rwxrwxr-x 1 argus argus 600 Aug 7 2000 in_systm.h -rwxrwxr-x 1 argus argus 3941 May 3 2002 ip.h -rwxrwxr-x 1 argus argus 4964 Nov 16 2000 ip_icmp.h -rwxrwxr-x 1 argus argus 3149 May 3 2002 ip_var.h -rwxrwxr-x 1 argus argus 1521 Oct 17 2000 rtp.h -rwxrwxr-x 1 argus argus 1356 May 3 2002 tcp.h -rwxrwxr-x 1 argus argus 2060 Aug 7 2000 tcp_fsm.h -rwxrwxr-x 1 argus argus 6331 Aug 7 2000 tcp_var.h -rwxrwxr-x 1 argus argus 984 Aug 7 2000 tcpip.h -rwxrwxr-x 1 argus argus 567 Aug 7 2000 udp.h -rwxrwxr-x 1 argus argus 1037 Aug 7 2000 udp_var.h ./include/linux-include/protocols: total 4 -rwxrwxr-x 1 argus argus 2291 Aug 7 2000 routed.h ./include/linux-include/sys: total 0 -rwxrwxr-x 1 argus argus 0 Aug 7 2000 mbuf.h ./include/net: total 8 -rwxrwxr-x 1 argus argus 3866 May 3 2002 slcompress.h -rwxrwxr-x 1 argus argus 177 May 3 2002 slip.h ./include/netbsd-include: total 4 drwxrwxr-x 3 argus argus 4096 Apr 30 13:43 netinet ./include/netbsd-include/netinet: total 4 -rwxrwxr-x 1 argus argus 1521 Dec 19 2000 rtp.h ./include/netinet: total 8 -rwxrwxr-x 1 argus argus 1524 May 3 2002 rtp.h -rwxrwxr-x 1 argus argus 2060 May 3 2002 tcp_fsm.h ./lib: total 4 -rw-rw-r-- 1 argus argus 2090 May 5 10:19 argus.spec ./man: total 12 drwxrwxr-x 3 argus argus 4096 Apr 30 13:43 man1 drwxrwxr-x 3 argus argus 4096 May 5 09:51 man5 drwxrwxr-x 3 argus argus 4096 May 5 09:50 man8 ./man/man1: total 0 ./man/man5: total 20 -rwxrwxr-x 1 argus argus 4816 May 5 09:50 argus.5 -rwxrwxr-x 1 argus argus 9708 May 5 09:51 argus.conf.5 ./man/man8: total 12 -rwxrwxr-x 1 argus argus 8715 May 5 09:50 argus.8 ./server: total 376 -rwxrwxr-x 1 argus argus 11052 Feb 23 10:00 ArgusAuth.c -rwxrwxr-x 1 argus argus 59284 Apr 30 14:04 ArgusModeler.c -rwxrwxr-x 1 argus argus 20308 Apr 30 14:04 ArgusModeler.h -rwxrwxr-x 1 argus argus 40468 Feb 23 10:00 ArgusOutput.c -rwxrwxr-x 1 argus argus 6807 Feb 23 10:00 ArgusOutput.h -rwxrwxr-x 1 argus argus 33970 Apr 30 14:11 ArgusSource.c -rwxrwxr-x 1 argus argus 10336 Feb 23 10:00 ArgusSource.h -rwxrwxr-x 1 argus argus 31941 Feb 23 10:00 ArgusUtil.c -rwxrwxr-x 1 argus argus 7631 Feb 23 10:00 ArgusUtil.h -rwxrwxr-x 1 argus argus 17307 Feb 23 10:00 Argus_app.c -rwxrwxr-x 1 argus argus 4833 Apr 30 14:03 Argus_arp.c -rwxrwxr-x 1 argus argus 4419 Feb 23 10:00 Argus_esp.c -rwxrwxr-x 1 argus argus 12990 Feb 23 10:00 Argus_frag.c -rwxrwxr-x 1 argus argus 11936 Feb 23 10:00 Argus_icmp.c -rwxrwxr-x 1 argus argus 1340 Feb 23 10:00 Argus_mac.c -rwxrwxr-x 1 argus argus 26763 Feb 23 10:00 Argus_tcp.c -rwxrwxr-x 1 argus argus 3533 Feb 23 10:00 Argus_udp.c -rwxrwxr-x 1 argus argus 5162 Feb 23 10:00 Makefile.in -rwxrwxr-x 1 argus argus 30159 Feb 23 10:00 argus.c -rwxrwxr-x 1 argus argus 2514 Feb 23 10:00 argus.h ./support: total 28 -rw-rw-r-- 1 argus argus 1937 May 5 09:51 README drwxrwxr-x 3 argus argus 4096 May 5 10:44 Archive drwxrwxr-x 3 argus argus 4096 May 5 10:46 Config drwxrwxr-x 3 argus argus 4096 May 5 10:45 Deployment drwxrwxr-x 3 argus argus 4096 May 5 10:45 Startup drwxrwxr-x 3 argus argus 4096 May 5 10:45 System drwxrwxr-x 3 argus argus 4096 Apr 30 13:43 Xml ./support/Archive: total 4 -rwxrwxr-x 1 argus argus 3214 May 5 10:44 argusarchive ./support/Config: total 12 -rwxrwxr-x 1 argus argus 9561 May 5 10:44 argus.conf ./support/Deployment: total 4 -rwxrwxr-x 1 argus argus 3975 May 5 10:45 sample ./support/Startup: total 8 -rw-rw-r-- 1 argus argus 1775 May 5 10:45 README -rw-rw-r-- 1 argus argus 2794 May 5 10:45 argus ./support/System: total 8 -rwxrwxr-x 1 argus argus 892 May 5 10:45 crontab -rwxrwxr-x 1 argus argus 1146 May 5 10:45 magic ./support/Xml: total 0 argus-2.0.6.fixes.1/Makefile.in0000664000076600007660000001265310036675612011675 # Makefile for GNU hello. -*- Indented-Text -*- # Copyright (C) 1992, 1993 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. #### Start of system configuration section. #### @SET_MAKE@ CC = @CC@ INSTALL = @INSTALL@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_DATA = @INSTALL_DATA@ DEFS = @DEFS@ LIBS = @LIBS@ CFLAGS = -g LDFLAGS = -g prefix = $(DESTDIR)@prefix@ exec_prefix = @exec_prefix@ srcdir = @srcdir@ docdir = $(prefix)/share/doc/argus-2.0 #### End of system configuration section. #### SHELL = /bin/sh DIRS = ./common ./server DISTFILES = COPYING CREDITS ChangeLog INSTALL MANIFEST Makefile.in \ README VERSION bin common server clients doc include lib man \ support aclocal.m4 contrib config configure configure.in .c.o: $(CC) -c $(CPPFLAGS) $(DEFS) $(CFLAGS) $< .PHONY: install installdirs all: $(DIRS) @-for d in $(DIRS); \ do \ (cd $$d; echo "### Making in" `pwd`; \ $(MAKE) $(MFLAGS) ; \ echo "### Done with" `pwd`); \ done .PHONY: all install: force ${MAKE} installdirs [ -d $(prefix) ] || \ (mkdir -p $(prefix); chmod 755 $(prefix)) [ -d @sbindir@ ] || \ (mkdir -p @sbindir@; chmod 755 @sbindir@) [ -d $(exec_prefix)/argus ] || \ (mkdir -p $(exec_prefix)/argus; chmod 755 $(exec_prefix)/argus) [ -d $(exec_prefix)/argus/archive ] || \ (mkdir -p $(exec_prefix)/argus/archive; chmod 755 $(exec_prefix)/argus/archive) [ -d $(docdir) ] || \ (mkdir -p $(docdir); chmod 755 $(docdir)) [ -d $(docdir)/html ] || \ (mkdir -p $(docdir)/html; chmod 755 $(docdir)/html) [ -d $(docdir)/html/man ] || \ (mkdir -p $(docdir)/html/man; chmod 755 $(docdir)/html/man) @-for d in $(DIRS); \ do \ (cd $$d; echo "### Make install in" `pwd`; \ $(MAKE) $(MFLAGS) install; \ echo "### Done with" `pwd`); \ done $(INSTALL) -m 0644 $(srcdir)/doc/FAQ $(docdir) $(INSTALL) -m 0644 $(srcdir)/doc/HOW-TO $(docdir) $(INSTALL) -m 0644 $(srcdir)/doc/html/man/*.html $(docdir)/html/man $(INSTALL) -m 0644 $(srcdir)/README $(prefix)/argus $(INSTALL) -m 0644 $(srcdir)/README $(docdir) $(INSTALL) -m 0644 $(srcdir)/COPYING $(prefix)/argus $(INSTALL) -m 0644 $(srcdir)/COPYING $(docdir) $(INSTALL) -m 0755 $(srcdir)/bin/argusbug @bindir@/argusbug [ -d @mandir@ ] || \ (mkdir -p @mandir@; chmod 755 @mandir@) [ -d @mandir@/man1 ] || \ (mkdir -p @mandir@/man1; chmod 755 @mandir@/man1) [ -d @mandir@/man5 ] || \ (mkdir -p @mandir@/man5; chmod 755 @mandir@/man5) [ -d @mandir@/man8 ] || \ (mkdir -p @mandir@/man8; chmod 755 @mandir@/man8) $(INSTALL) -m 0644 $(srcdir)/man/man5/argus.5 @mandir@/man5/argus.5 $(INSTALL) -m 0644 $(srcdir)/man/man5/argus.conf.5 @mandir@/man5/argus.conf.5 $(INSTALL) -m 0644 $(srcdir)/man/man5/rarc.5 @mandir@/man5/rarc.5 $(INSTALL) -m 0644 $(srcdir)/man/man8/argus.8 @mandir@/man8/argus.8 $(INSTALL) -m 0644 $(srcdir)/man/man1/ra.1 @mandir@/man1/ra.1 $(INSTALL) -m 0644 $(srcdir)/man/man1/racount.1 @mandir@/man1/racount.1 $(INSTALL) -m 0644 $(srcdir)/man/man1/ragator.1 @mandir@/man1/ragator.1 $(INSTALL) -m 0644 $(srcdir)/man/man1/ramon.1 @mandir@/man1/ramon.1 $(INSTALL) -m 0644 $(srcdir)/man/man1/rasort.1 @mandir@/man1/rapolicy.1 $(INSTALL) -m 0644 $(srcdir)/man/man1/rasort.1 @mandir@/man1/rasort.1 $(INSTALL) -m 0644 $(srcdir)/man/man1/raxml.1 @mandir@/man1/raxml.1 uninstall: rm -f @mandir@/man5/argus.5 rm -f @mandir@/man5/argus.conf.5 rm -f @mandir@/man8/argus.8 rm -rf $(docdir) rm -f $(exec_prefix)/argus/COPYING rm -f $(exec_prefix)/argus/README installdirs: ${srcdir}/config/mkinstalldirs $(bindir) $(infodir) Makefile: Makefile.in config.status $(SHELL) config.status config.status: configure $(srcdir)/configure --no-create TAGS: $(SRCS) etags $(SRCS) .PHONY: clean mostlyclean distclean realclean dist mostlyclean: clean clean: $(CLEAN-DIRS) @-for d in $(DIRS); \ do \ (cd $$d; echo "### Making" clean "in" `pwd`; \ $(MAKE) $(MFLAGS) DESTDIR=$(DESTDIR) clean ; \ echo "### Done with" `pwd`); \ done distclean: force @-for d in $(DIRS); \ do \ (cd $$d; echo "### Making" distclean "in" `pwd`; \ $(MAKE) $(MFLAGS) DESTDIR=$(DESTDIR) distclean ; \ echo "### Done with" `pwd`); \ done rm -f config.* rm -f TAGS rm -f lib/*.a rm -f include/config.h clobber realclean: distclean rm -rf log rm -f ./Makefile config.* dist: distclean echo argus-`cat VERSION` > .fname rm -rf `cat .fname` mkdir `cat .fname` tar cf - $(DISTFILES) | (cd `cat .fname`; tar xpf -) ls -lR `cat .fname` | fgrep CVS: | sed 's/:$///' > exfile tar -X exfile -chozf `cat .fname`.tar.gz `cat .fname` rm -rf `cat .fname` .fname exfile force: /tmp depend: $(GENSRC) force @for i in $(DIRS) ; do \ if [ -d $$i ] ; then \ cd $$i; \ ${MAKE} depend || exit 1; \ cd ..; \ fi; \ done # Prevent GNU make v3 from overflowing arg limit on SysV. .NOEXPORT: argus-2.0.6.fixes.1/README0000664000076600007660000000720310016412615010471 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ * */ Argus 2.0.6 QoSient, LLC argus-info@lists.andrew.cmu.edu http:/qosient.com/argus ftp:/qosient.com/pub/argus This directory contains source code for Argus, the Audit Record Generation and Utilization System. Argus is an IP network transaction auditing tool that generates audit data for every network transaction that is in a stream of network datagrams. The data that Argus generates provides availability, capacity, responsiveness, loss, delay and jitter information in a format that is easy to store, manipulate and analyze. The data has been used for a wide range of tasks including Network Operations, Security Assurance and Performance Management. To install the software and get started, see the ./INSTALL file. For answers to many questions, please see the ./docs/FAQ file. Argus 2.0 is incompatible with previous versions of Argus, and should be considered a significant improvement over prior releases. The ra*() applications included in the 2.0 release are backward compatible with Argus 1.8. Some key modifications include: 1. Modification of the format and size of Argus Output Data. 2. Multi-threaded implementation for performance and reliability. 3. Multiprotocol support. 4. Application oriented performance metrics. 5. Cisco Netflow record support. The Argus 2.0 server has been ported to SunOS and Solaris, Linux, FreeBSD, OpenBSD, NetBSD and Irix, and the sample client code has been successfully used under most variants of Unix, as well as Cygwin. If you port Argus to another system, please let us know on the mailing list. Problems, bugs, questions, desirable enhancements, source code contributions, etc., should be sent to the Argus mailing list email address, "argus@lists.andrew.cmu.edu". ************************************************************ IMPORTANT: Send bug (error) reports, questions and comments to the mailing list at argus-info@lists.andrew.cmu.edu. Please use the './bin/argusbug' script when posting bug reports about Argus. Argusbug will gather some information about your system and start your editor with a form in which you can describe your problem. Delete information that you consider non-relevant to your problem. Bug reports not generated by Argusbug might be silently ignored by the Argus maintainers, so please use the tool. A report that says 'Argus does not work. Why?' will not be considered a valid bug report. ************************************************************ Comprehensive network transaction auditing is an extremely powerful network management tool, and a large number of sites can benefit from the prototype work that has been done through the Argus Project. Argus 2.0 is an open source project, and you are invited to become a part of the Argus project. Please become a member by joining the argus mailing list today. Again, thank you for your interest in Argus. I hope that you find the software useful. Carter Bullard carter@qosient.com argus-2.0.6.fixes.1/VERSION0000664000076600007660000000001610047733564010671 2.0.6.fixes.1 argus-2.0.6.fixes.1/bin/0000775000076600007660000000000010047702454010446 5argus-2.0.6.fixes.1/bin/argusbug0000775000076600007660000002216007464544761012152 #!/bin/sh # Create a bug report and mail it to the argus mailing list # A completely plagaristic move on my part by using the # mysql bug reporting script. Thanks guys!!!! echo "Finding system information for a Argus bug report" VERSION="2.0" BUGARGUS="argus-info@lists.andrew.cmu.edu" LIBC_INFO="" for pat in /lib/libc.* /lib/libc-* /usr/lib/libc.* /usr/lib/libc-* do TMP=`ls -l $pat 2>/dev/null` if test $? = 0 then LIBC_INFO="$LIBC_INFO $TMP" fi done PATH=../:$PATH:/bin:/usr/bin:/usr/local/bin export PATH BUGADDR=${1-$BUGARGUS} ENVIRONMENT=`uname -a` : ${USER=${LOGNAME-`whoami`}} COMMAND=`echo $0|sed 's%.*/\([^/]*\)%\1%'` # Try to create a secure tmpfile umask 077 TEMPDIR=/tmp/argusbug-$$ mkdir $TEMPDIR || (echo "can not create directory in /tmp, aborting"; exit 1;) TEMP=${TEMPDIR}/argusbug trap 'rm -f $TEMP $TEMP.x; rmdir $TEMPDIR; exit 1' 1 2 3 13 15 trap 'rm -f $TEMP $TEMP.x; rmdir $TEMPDIR' 0 # How to read the passwd database. PASSWD="cat /etc/passwd" if test -f /usr/lib/sendmail then MAIL_AGENT="/usr/lib/sendmail -oi -t" elif test -f /usr/sbin/sendmail then MAIL_AGENT="/usr/sbin/sendmail -oi -t" else MAIL_AGENT="rmail $BUGARGUS" fi # Figure out how to echo a string without a trailing newline N=`echo 'hi there\c'` case "$N" in *c) ECHON1='echo -n' ECHON2= ;; *) ECHON1=echo ECHON2='\c' ;; esac # Find out the name of the originator of this PR. if test -n "$NAME" then ORIGINATOR="$NAME" elif test -f $HOME/.fullname then ORIGINATOR="`sed -e '1q' $HOME/.fullname`" else # Must use temp file due to incompatibilities in quoting behavior # and to protect shell metacharacters in the expansion of $LOGNAME $PASSWD | grep "^$LOGNAME:" | awk -F: '{print $5}' | sed -e 's/,.*//' > $TEMP ORIGINATOR="`cat $TEMP`" rm -f $TEMP fi if test -n "$ORGANIZATION" then if test -f "$ORGANIZATION" then ORGANIZATION="`cat $ORGANIZATION`" fi else if test -f $HOME/.organization then ORGANIZATION="`cat $HOME/.organization`" elif test -f $HOME/.signature then ORGANIZATION=`sed -e "s/^/ /" $HOME/.signature; echo ">"` fi fi PATH_DIRS=`echo $PATH | sed -e 's/^:/. /' -e 's/:$/ ./' -e 's/::/ . /g' -e 's/:/ /g' ` which_1 () { for cmd do # Absolute path ?. if expr "x$cmd" : "x/" > /dev/null then echo "$cmd" exit 0 else for d in $PATH_DIRS do file="$d/$cmd" if test -x "$file" -a ! -d "$file" then echo "$file" exit 0 fi done fi done exit 1 } change_editor () { echo "You can change editor by setting the environment variable VISUAL." echo "If your shell is a bourne shell (sh) do" echo "VISUAL=your_editors_name; export VISUAL" echo "If your shell is a C shell (csh) do" echo "setenv VISUAL your_editors_name" } # If they don't have a preferred editor set, then use emacs if test -z "$VISUAL" then if test -z "$EDITOR" then EDIT=emacs else EDIT="$EDITOR" fi else EDIT="$VISUAL" VISUALSET="true" fi #which_1 $EDIT used_editor=`which_1 $EDIT` echo "test -x $used_editor" if test -x "$used_editor" then echo "Using editor $used_editor"; change_editor sleep 2 else echo "Could not find a text editor. (tried $EDIT)" change_editor exit 1 fi # Find out some information. SYSTEM=`( test -f /bin/uname && /bin/uname -a ) || \ ( test -f /usr/bin/uname && /usr/bin/uname -a ) || echo ""` ARCH=`test -f /bin/arch && /bin/arch` MACHINE=`test -f /bin/machine && /bin/machine` FILE_PATHS= for cmd in argus ra tcpdump libpcap.a make gmake gcc cc do file=`which_1 $cmd` if test $? = 0 then if test $cmd = "argus" then ARGUS_INFO=`$file -h 2>&1 | grep -i version 2>&1` elif test $cmd = "ra" then RA_INFO=`$file -h 2>&1 | grep -i version 2>&1` elif test $cmd = "tcpdump" then TCPDUMP_INFO=`$file -h 2>&1 | grep -i version 2>&1 | tr "\n" " "` elif test $cmd = "gcc" then GCC_INFO=`$file -v 2>&1` fi FILE_PATHS="$FILE_PATHS $file" fi done SUBJECT_C="ArgusBug <50 character or so descriptive subject here (for reference)>" ORGANIZATION_C='' LICENCE_C='[none | licence | email support | extended email support ]' SYNOPSIS_C='' SEVERITY_C='<[ non-critical | serious | critical ] (one line)>' PRIORITY_C='<[ low | medium | high ] (one line)>' CLASS_C='<[ install-bug | sw-bug | doc-bug | change-request | support ] (one line)>' PRODUCT_C='<[ argus | ra | ragator | ramon | rapath | rasort | racount | rasrvstats | raxml] (one line)>' RELEASE_C='' ENVIRONMENT_C='' DESCRIPTION_C='' INSTALL_C='' HOW_TO_REPEAT_C='' FIX_C='' cat > $TEMP <'). SEND-PR: From: ${USER} To: ${BUGADDR} Subject: $SUBJECT_C >Description: $DESCRIPTION_C $INSTALL_C >How-To-Repeat: $HOW_TO_REPEAT_C >Fix: $FIX_C >Submitter-Id: >Originator: ${ORIGINATOR} >Organization: ${ORGANIZATION- $ORGANIZATION_C} >Argus support: $LICENCE_C >Release: argus-${VERSION} >Product: $PRODUCT_C >Synopsis: $SYNOPSIS_C >Class: $CLASS_C >Severity: $SEVERITY_C >Priority: $PRIORITY_C >Environment: $ENVIRONMENT_C `test -n "$SYSTEM" && echo "System: $SYSTEM"` `test -n "$ARCH" && echo "Arch: $ARCH"` `test -n "$MACHINE" && echo "Mach: $MACHINE"` `test -n "$FILE_PATHS" && echo "Paths: $FILE_PATHS"` `test -n "$ARGUS_INFO" && echo "ARGUS: $ARGUS_INFO"` `test -n "$RA_INFO" && echo "RA: $RA_INFO"` `test -n "$TCPDUMP_INFO" && echo "TCPDUMP: $TCPDUMP_INFO"` `test -n "$GCC_INFO" && echo "GCC: $GCC_INFO"` `test -n "$LIBC_INFO" && echo "LIBC: $LIBC_INFO"` EOF chmod u+w $TEMP cp $TEMP $TEMP.x eval $EDIT $TEMP if cmp -s $TEMP $TEMP.x then echo "File not changed, no bug report submitted." echo "File saved as /tmp/argus-bugreport-template." mv $TEMP /tmp/argus-bugreport-template exit 1 fi # # Check the enumeration fields # This is a "sed-subroutine" with one keyword parameter # (with workaround for Sun sed bug) # SED_CMD=' /$PATTERN/{ s||| s|<.*>|| s|^[ ]*|| s|[ ]*$|| p q }' while :; do CNT=0 # # 1) Severity # PATTERN=">Severity:" SEVERITY=`eval sed -n -e "\"$SED_CMD\"" $TEMP` case "$SEVERITY" in ""|non-critical|serious|critical) CNT=`expr $CNT + 1` ;; *) echo "$COMMAND: \`$SEVERITY' is not a valid value for \`Severity'." esac # # 2) Priority # PATTERN=">Priority:" PRIORITY=`eval sed -n -e "\"$SED_CMD\"" $TEMP` case "$PRIORITY" in ""|low|medium|high) CNT=`expr $CNT + 1` ;; *) echo "$COMMAND: \`$PRIORITY' is not a valid value for \`Priority'." esac # # 3) Class # PATTERN=">Class:" CLASS=`eval sed -n -e "\"$SED_CMD\"" $TEMP` case "$CLASS" in ""|install-bug|sw-bug|doc-bug|change-request|support) CNT=`expr $CNT + 1` ;; *) echo "$COMMAND: \`$CLASS' is not a valid value for \`Class'." esac # # 4) Synopsis # VALUE=`grep "^>Synopsis:" $TEMP | sed 's/>Synopsis:[ ]*//'` case "$VALUE" in "$SYNOPSIS_C") echo "$COMMAND: \`$VALUE' is not a valid value for \`Synopsis'." ;; *) CNT=`expr $CNT + 1` esac test $CNT -lt 4 && echo "Errors were found with the problem report." # Check if subject of mail was changed, if not, use Synopsis field # subject=`grep "^Subject" $TEMP| sed 's/^Subject:[ ]*//'` if [ X"$subject" = X"$SUBJECT_C" -o X"$subject" = X"$SYNOPSIS_C" ]; then subject=`grep Synopsis $TEMP | sed 's/>Synopsis:[ ]*//'` sed "s/^Subject:[ ]*.*/Subject: $subject/" $TEMP > $TEMP.tmp mv -f $TEMP.tmp $TEMP fi while :; do $ECHON1 "a)bort, e)dit or s)end? $ECHON2" read input case "$input" in a*) echo "$COMMAND: problem report saved in $HOME/dead.argusbug." cat $TEMP >> $HOME/dead.argusbug xs=1; exit ;; e*) eval $EDIT $TEMP continue 2 ;; s*) break 2 ;; esac done done # # Remove comments and send the problem report # (we have to use patterns, where the comment contains regex chars) # # /^>Originator:/s;$ORIGINATOR;; sed -e " /^SEND-PR:/d /^>Organization:/,/^>[A-Za-z-]*:/s;$ORGANIZATION_C;; /^>Confidential:/s;<.*>;; /^>Synopsis:/s;$SYNOPSIS_C;; /^>Severity:/s;<.*>;; /^>Priority:/s;<.*>;; /^>Class:/s;<.*>;; /^>Release:/,/^>[A-Za-z-]*:/s;$RELEASE_C;; /^>Environment:/,/^>[A-Za-z-]*:/s;$ENVIRONMENT_C;; /^>Description:/,/^>[A-Za-z-]*:/s;$DESCRIPTION_C;; /^>How-To-Repeat:/,/^>[A-Za-z-]*:/s;$HOW_TO_REPEAT_C;; /^>Fix:/,/^>[A-Za-z-]*:/s;$FIX_C;; " $TEMP > $TEMP.x if $MAIL_AGENT < $TEMP.x then echo "$COMMAND: problem report sent" xs=0; exit else echo "$COMMAND: mysterious mail failure, report not sent." echo "$COMMAND: problem report saved in $HOME/dead.argusbug." cat $TEMP >> $HOME/dead.argusbug fi exit 0 argus-2.0.6.fixes.1/bin/config.guess0000775000076600007660000011371607247207563012730 #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000 # Free Software Foundation, Inc. timestamp='2000-12-15' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Written by Per Bothner . # Please send patches to . # # This script attempts to guess a canonical system name similar to # config.sub. If it succeeds, it prints the system name on stdout, and # exits with 0. Otherwise, it exits with 1. # # The plan is that this can be called by configure scripts if you # don't specify an explicit build system type. # # Only a few systems have been added to this list; please add others # (but try to keep the structure clean). # me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] Output the configuration name of the system \`$me' is run on. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. Copyright (C) 1992, 93, 94, 95, 96, 97, 98, 99, 2000 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit 0 ;; --version | -v ) echo "$version" ; exit 0 ;; --help | --h* | -h ) echo "$usage"; exit 0 ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" >&2 exit 1 ;; * ) break ;; esac done if test $# != 0; then echo "$me: too many arguments$help" >&2 exit 1 fi dummy=dummy-$$ trap 'rm -f $dummy.c $dummy.o $dummy; exit 1' 1 2 15 # CC_FOR_BUILD -- compiler used by this script. # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still # use `HOST_CC' if defined, but it is deprecated. case $CC_FOR_BUILD,$HOST_CC,$CC in ,,) echo "int dummy(){}" > $dummy.c for c in cc gcc c89 ; do ($c $dummy.c -c -o $dummy.o) >/dev/null 2>&1 if test $? = 0 ; then CC_FOR_BUILD="$c"; break fi done rm -f $dummy.c $dummy.o if test x"$CC_FOR_BUILD" = x ; then CC_FOR_BUILD=no_compiler_found fi ;; ,,*) CC_FOR_BUILD=$CC ;; ,*,*) CC_FOR_BUILD=$HOST_CC ;; esac # This is needed to find uname on a Pyramid OSx when run in the BSD universe. # (ghazi@noc.rutgers.edu 8/24/94.) if (test -f /.attbin/uname) >/dev/null 2>&1 ; then PATH=$PATH:/.attbin ; export PATH fi UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in *:NetBSD:*:*) # Netbsd (nbsd) targets should (where applicable) match one or # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently # switched to ELF, *-*-netbsd* would select the old # object file format. This provides both forward # compatibility and a consistent mechanism for selecting the # object file format. # Determine the machine/vendor (is the vendor relevant). case "${UNAME_MACHINE}" in amiga) machine=m68k-unknown ;; arm32) machine=arm-unknown ;; atari*) machine=m68k-atari ;; sun3*) machine=m68k-sun ;; mac68k) machine=m68k-apple ;; macppc) machine=powerpc-apple ;; hp3[0-9][05]) machine=m68k-hp ;; ibmrt|romp-ibm) machine=romp-ibm ;; *) machine=${UNAME_MACHINE}-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently, or will in the future. case "${UNAME_MACHINE}" in i386|sparc|amiga|arm*|hp300|mvme68k|vax|atari|luna68k|mac68k|news68k|next68k|pc532|sun3*|x68k) if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep __ELF__ >/dev/null then # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). # Return netbsd for either. FIX? os=netbsd else os=netbsdelf fi ;; *) os=netbsd ;; esac # The OS release release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. echo "${machine}-${os}${release}" exit 0 ;; alpha:OSF1:*:*) if test $UNAME_RELEASE = "V4.0"; then UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` fi # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. cat <$dummy.s .data \$Lformat: .byte 37,100,45,37,120,10,0 # "%d-%x\n" .text .globl main .align 4 .ent main main: .frame \$30,16,\$26,0 ldgp \$29,0(\$27) .prologue 1 .long 0x47e03d80 # implver \$0 lda \$2,-1 .long 0x47e20c21 # amask \$2,\$1 lda \$16,\$Lformat mov \$0,\$17 not \$1,\$18 jsr \$26,printf ldgp \$29,0(\$26) mov 0,\$16 jsr \$26,exit .end main EOF $CC_FOR_BUILD $dummy.s -o $dummy 2>/dev/null if test "$?" = 0 ; then case `./$dummy` in 0-0) UNAME_MACHINE="alpha" ;; 1-0) UNAME_MACHINE="alphaev5" ;; 1-1) UNAME_MACHINE="alphaev56" ;; 1-101) UNAME_MACHINE="alphapca56" ;; 2-303) UNAME_MACHINE="alphaev6" ;; 2-307) UNAME_MACHINE="alphaev67" ;; esac fi rm -f $dummy.s $dummy echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` exit 0 ;; Alpha\ *:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # Should we change UNAME_MACHINE based on the output of uname instead # of the specific Alpha model? echo alpha-pc-interix exit 0 ;; 21064:Windows_NT:50:3) echo alpha-dec-winnt3.5 exit 0 ;; Amiga*:UNIX_System_V:4.0:*) echo m68k-unknown-sysv4 exit 0;; amiga:OpenBSD:*:*) echo m68k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; *:[Aa]miga[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-amigaos exit 0 ;; arc64:OpenBSD:*:*) echo mips64el-unknown-openbsd${UNAME_RELEASE} exit 0 ;; arc:OpenBSD:*:*) echo mipsel-unknown-openbsd${UNAME_RELEASE} exit 0 ;; hkmips:OpenBSD:*:*) echo mips-unknown-openbsd${UNAME_RELEASE} exit 0 ;; pmax:OpenBSD:*:*) echo mipsel-unknown-openbsd${UNAME_RELEASE} exit 0 ;; sgi:OpenBSD:*:*) echo mips-unknown-openbsd${UNAME_RELEASE} exit 0 ;; wgrisc:OpenBSD:*:*) echo mipsel-unknown-openbsd${UNAME_RELEASE} exit 0 ;; *:OS/390:*:*) echo i370-ibm-openedition exit 0 ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit 0;; SR2?01:HI-UX/MPP:*:*) echo hppa1.1-hitachi-hiuxmpp exit 0;; Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. if test "`(/bin/universe) 2>/dev/null`" = att ; then echo pyramid-pyramid-sysv3 else echo pyramid-pyramid-bsd fi exit 0 ;; NILE*:*:*:dcosx) echo pyramid-pyramid-svr4 exit 0 ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; i86pc:SunOS:5.*:*) echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in Series*|S4*) UNAME_RELEASE=`uname -v` ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` exit 0 ;; sun3*:SunOS:*:*) echo m68k-sun-sunos${UNAME_RELEASE} exit 0 ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(head -1 /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 case "`/bin/arch`" in sun3) echo m68k-sun-sunos${UNAME_RELEASE} ;; sun4) echo sparc-sun-sunos${UNAME_RELEASE} ;; esac exit 0 ;; aushp:SunOS:*:*) echo sparc-auspex-sunos${UNAME_RELEASE} exit 0 ;; atari*:OpenBSD:*:*) echo m68k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not # "atarist" or "atariste" at least should have a processor # > m68000). The system name ranges from "MiNT" over "FreeMiNT" # to the lowercase version "mint" (or "freemint"). Finally # the system name "TOS" denotes a system which is actually not # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit 0 ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit 0 ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit 0 ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) echo m68k-milan-mint${UNAME_RELEASE} exit 0 ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) echo m68k-hades-mint${UNAME_RELEASE} exit 0 ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) echo m68k-unknown-mint${UNAME_RELEASE} exit 0 ;; sun3*:OpenBSD:*:*) echo m68k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; mac68k:OpenBSD:*:*) echo m68k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; mvme68k:OpenBSD:*:*) echo m68k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; mvme88k:OpenBSD:*:*) echo m88k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; powerpc:machten:*:*) echo powerpc-apple-machten${UNAME_RELEASE} exit 0 ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 exit 0 ;; RISC*:ULTRIX:*:*) echo mips-dec-ultrix${UNAME_RELEASE} exit 0 ;; VAX*:ULTRIX*:*:*) echo vax-dec-ultrix${UNAME_RELEASE} exit 0 ;; 2020:CLIX:*:* | 2430:CLIX:*:*) echo clipper-intergraph-clix${UNAME_RELEASE} exit 0 ;; mips:*:*:UMIPS | mips:*:*:RISCos) sed 's/^ //' << EOF >$dummy.c #ifdef __cplusplus #include /* for printf() prototype */ int main (int argc, char *argv[]) { #else int main (argc, argv) int argc; char *argv[]; { #endif #if defined (host_mips) && defined (MIPSEB) #if defined (SYSTYPE_SYSV) printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_SVR4) printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); #endif #endif exit (-1); } EOF $CC_FOR_BUILD $dummy.c -o $dummy \ && ./$dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ && rm $dummy.c $dummy && exit 0 rm -f $dummy.c $dummy echo mips-mips-riscos${UNAME_RELEASE} exit 0 ;; Night_Hawk:Power_UNIX:*:*) echo powerpc-harris-powerunix exit 0 ;; m88k:CX/UX:7*:*) echo m88k-harris-cxux7 exit 0 ;; m88k:*:4*:R4*) echo m88k-motorola-sysv4 exit 0 ;; m88k:*:3*:R3*) echo m88k-motorola-sysv3 exit 0 ;; AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] then if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ [ ${TARGET_BINARY_INTERFACE}x = x ] then echo m88k-dg-dgux${UNAME_RELEASE} else echo m88k-dg-dguxbcs${UNAME_RELEASE} fi else echo i586-dg-dgux${UNAME_RELEASE} fi exit 0 ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 exit 0 ;; M88*:*:R3*:*) # Delta 88k system running SVR3 echo m88k-motorola-sysv3 exit 0 ;; XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) echo m88k-tektronix-sysv3 exit 0 ;; Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) echo m68k-tektronix-bsd exit 0 ;; *:IRIX*:*:*) echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` exit 0 ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' i?86:AIX:*:*) echo i386-ibm-aix exit 0 ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then sed 's/^ //' << EOF >$dummy.c #include main() { if (!__power_pc()) exit(1); puts("powerpc-ibm-aix3.2.5"); exit(0); } EOF $CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm $dummy.c $dummy && exit 0 rm -f $dummy.c $dummy echo rs6000-ibm-aix3.2.5 elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then echo rs6000-ibm-aix3.2.4 else echo rs6000-ibm-aix3.2 fi exit 0 ;; *:AIX:*:4) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | head -1 | awk '{ print $1 }'` if /usr/sbin/lsattr -EHl ${IBM_CPU_ID} | grep POWER >/dev/null 2>&1; then IBM_ARCH=rs6000 else IBM_ARCH=powerpc fi if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=4.${UNAME_RELEASE} fi echo ${IBM_ARCH}-ibm-aix${IBM_REV} exit 0 ;; *:AIX:*:5) case "`lsattr -El proc0 -a type -F value`" in PowerPC*) IBM_ARCH=powerpc IBM_MANUF=ibm ;; Itanium) IBM_ARCH=ia64 IBM_MANUF=unknown ;; POWER*) IBM_ARCH=power IBM_MANUF=ibm ;; *) IBM_ARCH=powerpc IBM_MANUF=ibm ;; esac echo ${IBM_ARCH}-${IBM_MANUF}-aix${UNAME_VERSION}.${UNAME_RELEASE} exit 0 ;; *:AIX:*:*) echo rs6000-ibm-aix exit 0 ;; ibmrt:4.4BSD:*|romp-ibm:BSD:*) echo romp-ibm-bsd4.4 exit 0 ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to exit 0 ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx exit 0 ;; DPX/2?00:B.O.S.:*:*) echo m68k-bull-sysv3 exit 0 ;; 9000/[34]??:4.3bsd:1.*:*) echo m68k-hp-bsd exit 0 ;; hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) echo m68k-hp-bsd4.4 exit 0 ;; 9000/[34678]??:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` case "${UNAME_MACHINE}" in 9000/31? ) HP_ARCH=m68000 ;; 9000/[34]?? ) HP_ARCH=m68k ;; 9000/[678][0-9][0-9]) case "${HPUX_REV}" in 11.[0-9][0-9]) if [ -x /usr/bin/getconf ]; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` case "${sc_cpu_version}" in 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 case "${sc_kernel_bits}" in 32) HP_ARCH="hppa2.0n" ;; 64) HP_ARCH="hppa2.0w" ;; esac ;; esac fi ;; esac if [ "${HP_ARCH}" = "" ]; then sed 's/^ //' << EOF >$dummy.c #define _HPUX_SOURCE #include #include int main () { #if defined(_SC_KERNEL_BITS) long bits = sysconf(_SC_KERNEL_BITS); #endif long cpu = sysconf (_SC_CPU_VERSION); switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0"); break; case CPU_PA_RISC1_1: puts ("hppa1.1"); break; case CPU_PA_RISC2_0: #if defined(_SC_KERNEL_BITS) switch (bits) { case 64: puts ("hppa2.0w"); break; case 32: puts ("hppa2.0n"); break; default: puts ("hppa2.0"); break; } break; #else /* !defined(_SC_KERNEL_BITS) */ puts ("hppa2.0"); break; #endif default: puts ("hppa1.0"); break; } exit (0); } EOF (CCOPTS= $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null ) && HP_ARCH=`./$dummy` if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi rm -f $dummy.c $dummy fi ;; esac echo ${HP_ARCH}-hp-hpux${HPUX_REV} exit 0 ;; 3050*:HI-UX:*:*) sed 's/^ //' << EOF >$dummy.c #include int main () { long cpu = sysconf (_SC_CPU_VERSION); /* The order matters, because CPU_IS_HP_MC68K erroneously returns true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct results, however. */ if (CPU_IS_PA_RISC (cpu)) { switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; default: puts ("hppa-hitachi-hiuxwe2"); break; } } else if (CPU_IS_HP_MC68K (cpu)) puts ("m68k-hitachi-hiuxwe2"); else puts ("unknown-hitachi-hiuxwe2"); exit (0); } EOF $CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm $dummy.c $dummy && exit 0 rm -f $dummy.c $dummy echo unknown-hitachi-hiuxwe2 exit 0 ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) echo hppa1.1-hp-bsd exit 0 ;; 9000/8??:4.3bsd:*:*) echo hppa1.0-hp-bsd exit 0 ;; *9??*:MPE/iX:*:*) echo hppa1.0-hp-mpeix exit 0 ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) echo hppa1.1-hp-osf exit 0 ;; hp8??:OSF1:*:*) echo hppa1.0-hp-osf exit 0 ;; i?86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then echo ${UNAME_MACHINE}-unknown-osf1mk else echo ${UNAME_MACHINE}-unknown-osf1 fi exit 0 ;; parisc*:Lites*:*:*) echo hppa1.1-hp-lites exit 0 ;; hppa*:OpenBSD:*:*) echo hppa-unknown-openbsd exit 0 ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd exit 0 ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit 0 ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd exit 0 ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd exit 0 ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd exit 0 ;; CRAY*X-MP:*:*:*) echo xmp-cray-unicos exit 0 ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} exit 0 ;; CRAY*[A-Z]90:*:*:*) echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ exit 0 ;; CRAY*TS:*:*:*) echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit 0 ;; CRAY*T3D:*:*:*) echo alpha-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit 0 ;; CRAY*T3E:*:*:*) echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit 0 ;; CRAY*SV1:*:*:*) echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit 0 ;; CRAY-2:*:*:*) echo cray2-cray-unicos exit 0 ;; F300:UNIX_System_V:*:*) FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "f300-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit 0 ;; F301:UNIX_System_V:*:*) echo f301-fujitsu-uxpv`echo $UNAME_RELEASE | sed 's/ .*//'` exit 0 ;; hp300:OpenBSD:*:*) echo m68k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; i?86:BSD/386:*:* | i?86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} exit 0 ;; sparc*:BSD/OS:*:*) echo sparc-unknown-bsdi${UNAME_RELEASE} exit 0 ;; *:BSD/OS:*:*) echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} exit 0 ;; *:FreeBSD:*:*) echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` exit 0 ;; *:OpenBSD:*:*) echo ${UNAME_MACHINE}-unknown-openbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` exit 0 ;; i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit 0 ;; i*:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit 0 ;; i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit 0 ;; i*:Windows_NT*:* | Pentium*:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we # UNAME_MACHINE based on the output of uname instead of i386? echo i386-pc-interix exit 0 ;; i*:UWIN*:*) echo ${UNAME_MACHINE}-pc-uwin exit 0 ;; p*:CYGWIN*:*) echo powerpcle-unknown-cygwin exit 0 ;; prep*:SunOS:5.*:*) echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; *:GNU:*:*) echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit 0 ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit 0 ;; *:Linux:*:*) # The BFD linker knows what the default object file format is, so # first see if it will tell us. cd to the root directory to prevent # problems with other programs or directories called `ld' in the path. ld_supported_emulations=`cd /; ld --help 2>&1 \ | sed -ne '/supported emulations:/!d s/[ ][ ]*/ /g s/.*supported emulations: *// s/ .*// p'` case "$ld_supported_emulations" in *ia64) echo "${UNAME_MACHINE}-unknown-linux" exit 0 ;; i?86linux) echo "${UNAME_MACHINE}-pc-linux-gnuaout" exit 0 ;; elf_i?86) TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" ;; i?86coff) echo "${UNAME_MACHINE}-pc-linux-gnucoff" exit 0 ;; sparclinux) echo "${UNAME_MACHINE}-unknown-linux-gnuaout" exit 0 ;; elf32_sparc) echo "${UNAME_MACHINE}-unknown-linux-gnu" exit 0 ;; armlinux) echo "${UNAME_MACHINE}-unknown-linux-gnuaout" exit 0 ;; elf32arm*) echo "${UNAME_MACHINE}-unknown-linux-gnuoldld" exit 0 ;; armelf_linux*) echo "${UNAME_MACHINE}-unknown-linux-gnu" exit 0 ;; m68klinux) echo "${UNAME_MACHINE}-unknown-linux-gnuaout" exit 0 ;; elf32ppc | elf32ppclinux) # Determine Lib Version cat >$dummy.c < #if defined(__GLIBC__) extern char __libc_version[]; extern char __libc_release[]; #endif main(argc, argv) int argc; char *argv[]; { #if defined(__GLIBC__) printf("%s %s\n", __libc_version, __libc_release); #else printf("unkown\n"); #endif return 0; } EOF LIBC="" $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null if test "$?" = 0 ; then ./$dummy | grep 1\.99 > /dev/null if test "$?" = 0 ; then LIBC="libc1" fi fi rm -f $dummy.c $dummy echo powerpc-unknown-linux-gnu${LIBC} exit 0 ;; shelf_linux) echo "${UNAME_MACHINE}-unknown-linux-gnu" exit 0 ;; esac if test "${UNAME_MACHINE}" = "alpha" ; then cat <$dummy.s .data \$Lformat: .byte 37,100,45,37,120,10,0 # "%d-%x\n" .text .globl main .align 4 .ent main main: .frame \$30,16,\$26,0 ldgp \$29,0(\$27) .prologue 1 .long 0x47e03d80 # implver \$0 lda \$2,-1 .long 0x47e20c21 # amask \$2,\$1 lda \$16,\$Lformat mov \$0,\$17 not \$1,\$18 jsr \$26,printf ldgp \$29,0(\$26) mov 0,\$16 jsr \$26,exit .end main EOF LIBC="" $CC_FOR_BUILD $dummy.s -o $dummy 2>/dev/null if test "$?" = 0 ; then case `./$dummy` in 0-0) UNAME_MACHINE="alpha" ;; 1-0) UNAME_MACHINE="alphaev5" ;; 1-1) UNAME_MACHINE="alphaev56" ;; 1-101) UNAME_MACHINE="alphapca56" ;; 2-303) UNAME_MACHINE="alphaev6" ;; 2-307) UNAME_MACHINE="alphaev67" ;; esac objdump --private-headers $dummy | \ grep ld.so.1 > /dev/null if test "$?" = 0 ; then LIBC="libc1" fi fi rm -f $dummy.s $dummy echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} ; exit 0 elif test "${UNAME_MACHINE}" = "mips" ; then cat >$dummy.c < /* for printf() prototype */ int main (int argc, char *argv[]) { #else int main (argc, argv) int argc; char *argv[]; { #endif #ifdef __MIPSEB__ printf ("%s-unknown-linux-gnu\n", argv[1]); #endif #ifdef __MIPSEL__ printf ("%sel-unknown-linux-gnu\n", argv[1]); #endif return 0; } EOF $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy "${UNAME_MACHINE}" && rm $dummy.c $dummy && exit 0 rm -f $dummy.c $dummy elif test "${UNAME_MACHINE}" = "s390"; then echo s390-ibm-linux && exit 0 elif test "${UNAME_MACHINE}" = "x86_64"; then echo x86_64-unknown-linux-gnu && exit 0 elif test "${UNAME_MACHINE}" = "parisc" -o "${UNAME_MACHINE}" = "hppa"; then # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in PA7*) echo hppa1.1-unknown-linux-gnu ;; PA8*) echo hppa2.0-unknown-linux-gnu ;; *) echo hppa-unknown-linux-gnu ;; esac exit 0 else # Either a pre-BFD a.out linker (linux-gnuoldld) # or one that does not give us useful --help. # GCC wants to distinguish between linux-gnuoldld and linux-gnuaout. # If ld does not provide *any* "supported emulations:" # that means it is gnuoldld. test -z "$ld_supported_emulations" \ && echo "${UNAME_MACHINE}-pc-linux-gnuoldld" && exit 0 case "${UNAME_MACHINE}" in i?86) VENDOR=pc; ;; *) VENDOR=unknown; ;; esac # Determine whether the default compiler is a.out or elf cat >$dummy.c < #ifdef __cplusplus #include /* for printf() prototype */ int main (int argc, char *argv[]) { #else int main (argc, argv) int argc; char *argv[]; { #endif #ifdef __ELF__ # ifdef __GLIBC__ # if __GLIBC__ >= 2 printf ("%s-${VENDOR}-linux-gnu\n", argv[1]); # else printf ("%s-${VENDOR}-linux-gnulibc1\n", argv[1]); # endif # else printf ("%s-${VENDOR}-linux-gnulibc1\n", argv[1]); # endif #else printf ("%s-${VENDOR}-linux-gnuaout\n", argv[1]); #endif return 0; } EOF $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy "${UNAME_MACHINE}" && rm $dummy.c $dummy && exit 0 rm -f $dummy.c $dummy test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0 fi ;; # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. earlier versions # are messed up and put the nodename in both sysname and nodename. i?86:DYNIX/ptx:4*:*) echo i386-sequent-sysv4 exit 0 ;; i?86:UNIX_SV:4.2MP:2.*) # Unixware is an offshoot of SVR4, but it has its own version # number series starting with 2... # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} exit 0 ;; i?86:*:4.*:* | i?86:SYSTEM_V:4.*:*) UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} else echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} fi exit 0 ;; i?86:*:5:7*) # Fixed at (any) Pentium or better UNAME_MACHINE=i586 if [ ${UNAME_SYSTEM} = "UnixWare" ] ; then echo ${UNAME_MACHINE}-sco-sysv${UNAME_RELEASE}uw${UNAME_VERSION} else echo ${UNAME_MACHINE}-pc-sysv${UNAME_RELEASE} fi exit 0 ;; i?86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then UNAME_REL=`(/bin/uname -X|egrep Release|sed -e 's/.*= //')` (/bin/uname -X|egrep i80486 >/dev/null) && UNAME_MACHINE=i486 (/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \ && UNAME_MACHINE=i586 (/bin/uname -X|egrep '^Machine.*Pent ?II' >/dev/null) \ && UNAME_MACHINE=i686 (/bin/uname -X|egrep '^Machine.*Pentium Pro' >/dev/null) \ && UNAME_MACHINE=i686 echo ${UNAME_MACHINE}-pc-sco$UNAME_REL else echo ${UNAME_MACHINE}-pc-sysv32 fi exit 0 ;; i?86:*DOS:*:*) echo ${UNAME_MACHINE}-pc-msdosdjgpp exit 0 ;; pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about # the processor, so we play safe by assuming i386. echo i386-pc-msdosdjgpp exit 0 ;; Intel:Mach:3*:*) echo i386-pc-mach3 exit 0 ;; paragon:*:*:*) echo i860-intel-osf1 exit 0 ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 fi exit 0 ;; mini*:CTIX:SYS*5:*) # "miniframe" echo m68010-convergent-sysv exit 0 ;; M68*:*:R3V[567]*:*) test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 4850:*:4.0:3.0) OS_REL='' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && echo i486-ncr-sysv4.3${OS_REL} && exit 0 /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && echo i486-ncr-sysv4 && exit 0 ;; m68*:LynxOS:2.*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit 0 ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 exit 0 ;; i?86:LynxOS:2.*:* | i?86:LynxOS:3.[01]*:*) echo i386-unknown-lynxos${UNAME_RELEASE} exit 0 ;; TSUNAMI:LynxOS:2.*:*) echo sparc-unknown-lynxos${UNAME_RELEASE} exit 0 ;; rs6000:LynxOS:2.*:* | PowerPC:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} exit 0 ;; SM[BE]S:UNIX_SV:*:*) echo mips-dde-sysv${UNAME_RELEASE} exit 0 ;; RM*:ReliantUNIX-*:*:*) echo mips-sni-sysv4 exit 0 ;; RM*:SINIX-*:*:*) echo mips-sni-sysv4 exit 0 ;; *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` echo ${UNAME_MACHINE}-sni-sysv4 else echo ns32k-sni-sysv fi exit 0 ;; PENTIUM:CPunix:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort # says echo i586-unisys-sysv4 exit 0 ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm echo hppa1.1-stratus-sysv4 exit 0 ;; *:*:*:FTX*) # From seanf@swdc.stratus.com. echo i860-stratus-sysv4 exit 0 ;; mc68*:A/UX:*:*) echo m68k-apple-aux${UNAME_RELEASE} exit 0 ;; news*:NEWS-OS:6*:*) echo mips-sony-newsos6 exit 0 ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then echo mips-nec-sysv${UNAME_RELEASE} else echo mips-unknown-sysv${UNAME_RELEASE} fi exit 0 ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. echo powerpc-be-beos exit 0 ;; BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. echo powerpc-apple-beos exit 0 ;; BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos exit 0 ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit 0 ;; SX-5:SUPER-UX:*:*) echo sx5-nec-superux${UNAME_RELEASE} exit 0 ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit 0 ;; *:Rhapsody:*:*) echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} exit 0 ;; *:Darwin:*:*) echo `uname -p`-apple-darwin${UNAME_RELEASE} exit 0 ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) if test "${UNAME_MACHINE}" = "x86pc"; then UNAME_MACHINE=pc fi echo `uname -p`-${UNAME_MACHINE}-nto-qnx exit 0 ;; *:QNX:*:4*) echo i386-pc-qnx exit 0 ;; NSR-[KW]:NONSTOP_KERNEL:*:*) echo nsr-tandem-nsk${UNAME_RELEASE} exit 0 ;; *:NonStop-UX:*:*) echo mips-compaq-nonstopux exit 0 ;; BS2000:POSIX*:*:*) echo bs2000-siemens-sysv exit 0 ;; DS/*:UNIX_System_V:*:*) echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} exit 0 ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. if test "$cputype" = "386"; then UNAME_MACHINE=i386 else UNAME_MACHINE="$cputype" fi echo ${UNAME_MACHINE}-unknown-plan9 exit 0 ;; i?86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. echo ${UNAME_MACHINE}-pc-os2-emx exit 0 ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 #echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 cat >$dummy.c < # include #endif main () { #if defined (sony) #if defined (MIPSEB) /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, I don't know.... */ printf ("mips-sony-bsd\n"); exit (0); #else #include printf ("m68k-sony-newsos%s\n", #ifdef NEWSOS4 "4" #else "" #endif ); exit (0); #endif #endif #if defined (__arm) && defined (__acorn) && defined (__unix) printf ("arm-acorn-riscix"); exit (0); #endif #if defined (hp300) && !defined (hpux) printf ("m68k-hp-bsd\n"); exit (0); #endif #if defined (NeXT) #if !defined (__ARCHITECTURE__) #define __ARCHITECTURE__ "m68k" #endif int version; version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; if (version < 4) printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); else printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); exit (0); #endif #if defined (MULTIMAX) || defined (n16) #if defined (UMAXV) printf ("ns32k-encore-sysv\n"); exit (0); #else #if defined (CMU) printf ("ns32k-encore-mach\n"); exit (0); #else printf ("ns32k-encore-bsd\n"); exit (0); #endif #endif #endif #if defined (__386BSD__) printf ("i386-pc-bsd\n"); exit (0); #endif #if defined (sequent) #if defined (i386) printf ("i386-sequent-dynix\n"); exit (0); #endif #if defined (ns32000) printf ("ns32k-sequent-dynix\n"); exit (0); #endif #endif #if defined (_SEQUENT_) struct utsname un; uname(&un); if (strncmp(un.version, "V2", 2) == 0) { printf ("i386-sequent-ptx2\n"); exit (0); } if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ printf ("i386-sequent-ptx1\n"); exit (0); } printf ("i386-sequent-ptx\n"); exit (0); #endif #if defined (vax) #if !defined (ultrix) printf ("vax-dec-bsd\n"); exit (0); #else printf ("vax-dec-ultrix\n"); exit (0); #endif #endif #if defined (alliant) && defined (i860) printf ("i860-alliant-bsd\n"); exit (0); #endif exit (1); } EOF $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy && rm $dummy.c $dummy && exit 0 rm -f $dummy.c $dummy # Apollos put the system type in the environment. test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } # Convex versions that predate uname can use getsysinfo(1) if [ -x /usr/convex/getsysinfo ] then case `getsysinfo -f cpu_type` in c1*) echo c1-convex-bsd exit 0 ;; c2*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit 0 ;; c34*) echo c34-convex-bsd exit 0 ;; c38*) echo c38-convex-bsd exit 0 ;; c4*) echo c4-convex-bsd exit 0 ;; esac fi cat >&2 < in order to provide the needed information to handle your system. config.guess version = $version uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` /bin/uname -X = `(/bin/uname -X) 2>/dev/null` hostinfo = `(hostinfo) 2>/dev/null` /bin/universe = `(/bin/universe) 2>/dev/null` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` /bin/arch = `(/bin/arch) 2>/dev/null` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` UNAME_MACHINE = ${UNAME_MACHINE} UNAME_RELEASE = ${UNAME_RELEASE} UNAME_SYSTEM = ${UNAME_SYSTEM} UNAME_VERSION = ${UNAME_VERSION} EOF exit 1 # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: argus-2.0.6.fixes.1/bin/config.sub0000775000076600007660000006501607247207563012372 #! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000 # Free Software Foundation, Inc. timestamp='2000-12-15' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software # can handle that machine. It does not imply ALL GNU software can. # # This file is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, # Boston, MA 02111-1307, USA. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Please send patches to . # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. # Otherwise, we print the canonical config type on stdout and succeed. # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases # that are meaningful with *any* GNU software. # Each package is responsible for reporting which valid configurations # it does not support. The user should be able to distinguish # a failure to support a valid configuration from a meaningless # configuration. # The goal of this file is to map all the various variations of a given # machine specification into a single specification in the form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM # or in some cases, the newer four-part form: # CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM # It is wrong to echo any other type of specification. me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] CPU-MFR-OPSYS $0 [OPTION] ALIAS Canonicalize a configuration name. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.sub ($timestamp) Copyright (C) 1992, 93, 94, 95, 96, 97, 98, 99, 2000 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit 0 ;; --version | -v ) echo "$version" ; exit 0 ;; --help | --h* | -h ) echo "$usage"; exit 0 ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" exit 1 ;; *local*) # First pass through any local machine types. echo $1 exit 0;; * ) break ;; esac done case $# in 0) echo "$me: missing argument$help" >&2 exit 1;; 1) ;; *) echo "$me: too many arguments$help" >&2 exit 1;; esac # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | storm-chaos*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; *) basic_machine=`echo $1 | sed 's/-[^-]*$//'` if [ $basic_machine != $1 ] then os=`echo $1 | sed 's/.*-/-/'` else os=; fi ;; esac ### Let's recognize common machines as not being operating systems so ### that things like config.sub decstation-3100 work. We also ### recognize some manufacturers as not being operating systems, so we ### can provide default operating systems below. case $os in -sun*os*) # Prevent following clause from handling this invalid input. ;; -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ -apple | -axis) os= basic_machine=$1 ;; -sim | -cisco | -oki | -wec | -winbond) os= basic_machine=$1 ;; -scout) ;; -wrs) os=-vxworks basic_machine=$1 ;; -hiux*) os=-hiuxwe2 ;; -sco5) os=-sco3.2v5 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco4) os=-sco3.2v4 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2.[4-9]*) os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2v[4-9]*) # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco*) os=-sco3.2v2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -udk*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -isc) os=-isc2.2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -clix*) basic_machine=clipper-intergraph ;; -isc*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -lynx*) os=-lynxos ;; -ptx*) basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` ;; -windowsnt*) os=`echo $os | sed -e 's/windowsnt/winnt/'` ;; -psos*) os=-psos ;; -mint | -mint[0-9]*) basic_machine=m68k-atari os=-mint ;; esac # Decode aliases for certain CPU-COMPANY combinations. case $basic_machine in # Recognize the basic CPU types without company name. # Some are omitted here because they have special meanings below. tahoe | i860 | ia64 | m32r | m68k | m68000 | m88k | ns32k | arc \ | arm | arme[lb] | arm[bl]e | armv[2345] | armv[345][lb] | strongarm | xscale \ | pyramid | mn10200 | mn10300 | tron | a29k \ | 580 | i960 | h8300 \ | x86 | ppcbe | mipsbe | mipsle | shbe | shle \ | hppa | hppa1.0 | hppa1.1 | hppa2.0 | hppa2.0w | hppa2.0n \ | hppa64 \ | alpha | alphaev[4-8] | alphaev56 | alphapca5[67] \ | alphaev6[78] \ | we32k | ns16k | clipper | i370 | sh | sh[34] \ | powerpc | powerpcle \ | 1750a | dsp16xx | pdp11 | mips16 | mips64 | mipsel | mips64el \ | mips64orion | mips64orionel | mipstx39 | mipstx39el \ | mips64vr4300 | mips64vr4300el | mips64vr4100 | mips64vr4100el \ | mips64vr5000 | miprs64vr5000el | mcore \ | sparc | sparclet | sparclite | sparc64 | sparcv9 | v850 | c4x \ | thumb | d10v | d30v | fr30 | avr) basic_machine=$basic_machine-unknown ;; m6811 | m68hc11 | m6812 | m68hc12) # Motorola 68HC11/12. basic_machine=$basic_machine-unknown os=-none ;; m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | z8k | v70 | h8500 | w65 | pj | pjl) ;; # We use `pc' rather than `unknown' # because (1) that's what they normally are, and # (2) the word "unknown" tends to confuse beginning users. i[234567]86 | x86_64) basic_machine=$basic_machine-pc ;; # Object if more than one company name word. *-*-*) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; # Recognize the basic CPU types with company name. # FIXME: clean up the formatting here. vax-* | tahoe-* | i[234567]86-* | i860-* | ia64-* | m32r-* | m68k-* | m68000-* \ | m88k-* | sparc-* | ns32k-* | fx80-* | arc-* | c[123]* \ | arm-* | armbe-* | armle-* | armv*-* | strongarm-* | xscale-* \ | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* \ | power-* | none-* | 580-* | cray2-* | h8300-* | h8500-* | i960-* \ | xmp-* | ymp-* \ | x86-* | ppcbe-* | mipsbe-* | mipsle-* | shbe-* | shle-* \ | hppa-* | hppa1.0-* | hppa1.1-* | hppa2.0-* | hppa2.0w-* \ | hppa2.0n-* | hppa64-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphapca5[67]-* \ | alphaev6[78]-* \ | we32k-* | cydra-* | ns16k-* | pn-* | np1-* | xps100-* \ | clipper-* | orion-* \ | sparclite-* | pdp11-* | sh-* | powerpc-* | powerpcle-* \ | sparc64-* | sparcv9-* | sparc86x-* | mips16-* | mips64-* | mipsel-* \ | mips64el-* | mips64orion-* | mips64orionel-* \ | mips64vr4100-* | mips64vr4100el-* | mips64vr4300-* | mips64vr4300el-* \ | mipstx39-* | mipstx39el-* | mcore-* \ | f30[01]-* | s390-* | sv1-* | t3e-* \ | m88110-* | m680[01234]0-* | m683?2-* | m68360-* | z8k-* | d10v-* \ | thumb-* | v850-* | d30v-* | tic30-* | c30-* | fr30-* \ | bs2000-* | tic54x-* | c54x-* | x86_64-*) ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. 386bsd) basic_machine=i386-unknown os=-bsd ;; 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) basic_machine=m68000-att ;; 3b*) basic_machine=we32k-att ;; a29khif) basic_machine=a29k-amd os=-udi ;; adobe68k) basic_machine=m68010-adobe os=-scout ;; alliant | fx80) basic_machine=fx80-alliant ;; altos | altos3068) basic_machine=m68k-altos ;; am29k) basic_machine=a29k-none os=-bsd ;; amdahl) basic_machine=580-amdahl os=-sysv ;; amiga | amiga-*) basic_machine=m68k-unknown ;; amigaos | amigados) basic_machine=m68k-unknown os=-amigaos ;; amigaunix | amix) basic_machine=m68k-unknown os=-sysv4 ;; apollo68) basic_machine=m68k-apollo os=-sysv ;; apollo68bsd) basic_machine=m68k-apollo os=-bsd ;; aux) basic_machine=m68k-apple os=-aux ;; balance) basic_machine=ns32k-sequent os=-dynix ;; convex-c1) basic_machine=c1-convex os=-bsd ;; convex-c2) basic_machine=c2-convex os=-bsd ;; convex-c32) basic_machine=c32-convex os=-bsd ;; convex-c34) basic_machine=c34-convex os=-bsd ;; convex-c38) basic_machine=c38-convex os=-bsd ;; cray | ymp) basic_machine=ymp-cray os=-unicos ;; cray2) basic_machine=cray2-cray os=-unicos ;; [ctj]90-cray) basic_machine=c90-cray os=-unicos ;; crds | unos) basic_machine=m68k-crds ;; cris | cris-* | etrax*) basic_machine=cris-axis ;; da30 | da30-*) basic_machine=m68k-da30 ;; decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) basic_machine=mips-dec ;; delta | 3300 | motorola-3300 | motorola-delta \ | 3300-motorola | delta-motorola) basic_machine=m68k-motorola ;; delta88) basic_machine=m88k-motorola os=-sysv3 ;; dpx20 | dpx20-*) basic_machine=rs6000-bull os=-bosx ;; dpx2* | dpx2*-bull) basic_machine=m68k-bull os=-sysv3 ;; ebmon29k) basic_machine=a29k-amd os=-ebmon ;; elxsi) basic_machine=elxsi-elxsi os=-bsd ;; encore | umax | mmax) basic_machine=ns32k-encore ;; es1800 | OSE68k | ose68k | ose | OSE) basic_machine=m68k-ericsson os=-ose ;; fx2800) basic_machine=i860-alliant ;; genix) basic_machine=ns32k-ns ;; gmicro) basic_machine=tron-gmicro os=-sysv ;; h3050r* | hiux*) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; h8300hms) basic_machine=h8300-hitachi os=-hms ;; h8300xray) basic_machine=h8300-hitachi os=-xray ;; h8500hms) basic_machine=h8500-hitachi os=-hms ;; harris) basic_machine=m88k-harris os=-sysv3 ;; hp300-*) basic_machine=m68k-hp ;; hp300bsd) basic_machine=m68k-hp os=-bsd ;; hp300hpux) basic_machine=m68k-hp os=-hpux ;; hp3k9[0-9][0-9] | hp9[0-9][0-9]) basic_machine=hppa1.0-hp ;; hp9k2[0-9][0-9] | hp9k31[0-9]) basic_machine=m68000-hp ;; hp9k3[2-9][0-9]) basic_machine=m68k-hp ;; hp9k6[0-9][0-9] | hp6[0-9][0-9]) basic_machine=hppa1.0-hp ;; hp9k7[0-79][0-9] | hp7[0-79][0-9]) basic_machine=hppa1.1-hp ;; hp9k78[0-9] | hp78[0-9]) # FIXME: really hppa2.0-hp basic_machine=hppa1.1-hp ;; hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) # FIXME: really hppa2.0-hp basic_machine=hppa1.1-hp ;; hp9k8[0-9][13679] | hp8[0-9][13679]) basic_machine=hppa1.1-hp ;; hp9k8[0-9][0-9] | hp8[0-9][0-9]) basic_machine=hppa1.0-hp ;; hppa-next) os=-nextstep3 ;; hppaosf) basic_machine=hppa1.1-hp os=-osf ;; hppro) basic_machine=hppa1.1-hp os=-proelf ;; i370-ibm* | ibm*) basic_machine=i370-ibm ;; # I'm not sure what "Sysv32" means. Should this be sysv3.2? i[34567]86v32) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv32 ;; i[34567]86v4*) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv4 ;; i[34567]86v) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv ;; i[34567]86sol2) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-solaris2 ;; i386mach) basic_machine=i386-mach os=-mach ;; i386-vsta | vsta) basic_machine=i386-unknown os=-vsta ;; i386-go32 | go32) basic_machine=i386-unknown os=-go32 ;; i386-mingw32 | mingw32) basic_machine=i386-unknown os=-mingw32 ;; i[34567]86-pw32 | pw32) basic_machine=i586-unknown os=-pw32 ;; iris | iris4d) basic_machine=mips-sgi case $os in -irix*) ;; *) os=-irix4 ;; esac ;; isi68 | isi) basic_machine=m68k-isi os=-sysv ;; m88k-omron*) basic_machine=m88k-omron ;; magnum | m3230) basic_machine=mips-mips os=-sysv ;; merlin) basic_machine=ns32k-utek os=-sysv ;; miniframe) basic_machine=m68000-convergent ;; *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) basic_machine=m68k-atari os=-mint ;; mipsel*-linux*) basic_machine=mipsel-unknown os=-linux-gnu ;; mips*-linux*) basic_machine=mips-unknown os=-linux-gnu ;; mips3*-*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` ;; mips3*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown ;; mmix*) basic_machine=mmix-knuth os=-mmixware ;; monitor) basic_machine=m68k-rom68k os=-coff ;; msdos) basic_machine=i386-unknown os=-msdos ;; mvs) basic_machine=i370-ibm os=-mvs ;; ncr3000) basic_machine=i486-ncr os=-sysv4 ;; netbsd386) basic_machine=i386-unknown os=-netbsd ;; netwinder) basic_machine=armv4l-rebel os=-linux ;; news | news700 | news800 | news900) basic_machine=m68k-sony os=-newsos ;; news1000) basic_machine=m68030-sony os=-newsos ;; news-3600 | risc-news) basic_machine=mips-sony os=-newsos ;; necv70) basic_machine=v70-nec os=-sysv ;; next | m*-next ) basic_machine=m68k-next case $os in -nextstep* ) ;; -ns2*) os=-nextstep2 ;; *) os=-nextstep3 ;; esac ;; nh3000) basic_machine=m68k-harris os=-cxux ;; nh[45]000) basic_machine=m88k-harris os=-cxux ;; nindy960) basic_machine=i960-intel os=-nindy ;; mon960) basic_machine=i960-intel os=-mon960 ;; nonstopux) basic_machine=mips-compaq os=-nonstopux ;; np1) basic_machine=np1-gould ;; nsr-tandem) basic_machine=nsr-tandem ;; op50n-* | op60c-*) basic_machine=hppa1.1-oki os=-proelf ;; OSE68000 | ose68000) basic_machine=m68000-ericsson os=-ose ;; os68k) basic_machine=m68k-none os=-os68k ;; pa-hitachi) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; paragon) basic_machine=i860-intel os=-osf ;; pbd) basic_machine=sparc-tti ;; pbb) basic_machine=m68k-tti ;; pc532 | pc532-*) basic_machine=ns32k-pc532 ;; pentium | p5 | k5 | k6 | nexgen) basic_machine=i586-pc ;; pentiumpro | p6 | 6x86 | athlon) basic_machine=i686-pc ;; pentiumii | pentium2) basic_machine=i686-pc ;; pentium-* | p5-* | k5-* | k6-* | nexgen-*) basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumpro-* | p6-* | 6x86-* | athlon-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumii-* | pentium2-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pn) basic_machine=pn-gould ;; power) basic_machine=power-ibm ;; ppc) basic_machine=powerpc-unknown ;; ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppcle | powerpclittle | ppc-le | powerpc-little) basic_machine=powerpcle-unknown ;; ppcle-* | powerpclittle-*) basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ps2) basic_machine=i386-ibm ;; rom68k) basic_machine=m68k-rom68k os=-coff ;; rm[46]00) basic_machine=mips-siemens ;; rtpc | rtpc-*) basic_machine=romp-ibm ;; sa29200) basic_machine=a29k-amd os=-udi ;; sequent) basic_machine=i386-sequent ;; sh) basic_machine=sh-hitachi os=-hms ;; sparclite-wrs) basic_machine=sparclite-wrs os=-vxworks ;; sps7) basic_machine=m68k-bull os=-sysv2 ;; spur) basic_machine=spur-unknown ;; st2000) basic_machine=m68k-tandem ;; stratus) basic_machine=i860-stratus os=-sysv4 ;; sun2) basic_machine=m68000-sun ;; sun2os3) basic_machine=m68000-sun os=-sunos3 ;; sun2os4) basic_machine=m68000-sun os=-sunos4 ;; sun3os3) basic_machine=m68k-sun os=-sunos3 ;; sun3os4) basic_machine=m68k-sun os=-sunos4 ;; sun4os3) basic_machine=sparc-sun os=-sunos3 ;; sun4os4) basic_machine=sparc-sun os=-sunos4 ;; sun4sol2) basic_machine=sparc-sun os=-solaris2 ;; sun3 | sun3-*) basic_machine=m68k-sun ;; sun4) basic_machine=sparc-sun ;; sun386 | sun386i | roadrunner) basic_machine=i386-sun ;; sv1) basic_machine=sv1-cray os=-unicos ;; symmetry) basic_machine=i386-sequent os=-dynix ;; t3e) basic_machine=t3e-cray os=-unicos ;; tic54x | c54x*) basic_machine=tic54x-unknown os=-coff ;; tx39) basic_machine=mipstx39-unknown ;; tx39el) basic_machine=mipstx39el-unknown ;; tower | tower-32) basic_machine=m68k-ncr ;; udi29k) basic_machine=a29k-amd os=-udi ;; ultra3) basic_machine=a29k-nyu os=-sym1 ;; v810 | necv810) basic_machine=v810-nec os=-none ;; vaxv) basic_machine=vax-dec os=-sysv ;; vms) basic_machine=vax-dec os=-vms ;; vpp*|vx|vx-*) basic_machine=f301-fujitsu ;; vxworks960) basic_machine=i960-wrs os=-vxworks ;; vxworks68) basic_machine=m68k-wrs os=-vxworks ;; vxworks29k) basic_machine=a29k-wrs os=-vxworks ;; w65*) basic_machine=w65-wdc os=-none ;; w89k-*) basic_machine=hppa1.1-winbond os=-proelf ;; xmp) basic_machine=xmp-cray os=-unicos ;; xps | xps100) basic_machine=xps100-honeywell ;; z8k-*-coff) basic_machine=z8k-unknown os=-sim ;; none) basic_machine=none-none os=-none ;; # Here we handle the default manufacturer of certain CPU types. It is in # some cases the only manufacturer, in others, it is the most popular. w89k) basic_machine=hppa1.1-winbond ;; op50n) basic_machine=hppa1.1-oki ;; op60c) basic_machine=hppa1.1-oki ;; mips) if [ x$os = x-linux-gnu ]; then basic_machine=mips-unknown else basic_machine=mips-mips fi ;; romp) basic_machine=romp-ibm ;; rs6000) basic_machine=rs6000-ibm ;; vax) basic_machine=vax-dec ;; pdp11) basic_machine=pdp11-dec ;; we32k) basic_machine=we32k-att ;; sh3 | sh4) basic_machine=sh-unknown ;; sparc | sparcv9) basic_machine=sparc-sun ;; cydra) basic_machine=cydra-cydrome ;; orion) basic_machine=orion-highlevel ;; orion105) basic_machine=clipper-highlevel ;; mac | mpw | mac-mpw) basic_machine=m68k-apple ;; pmac | pmac-mpw) basic_machine=powerpc-apple ;; c4x*) basic_machine=c4x-none os=-coff ;; *) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; esac # Here we canonicalize certain aliases for manufacturers. case $basic_machine in *-digital*) basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` ;; *-commodore*) basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` ;; *) ;; esac # Decode manufacturer-specific aliases for certain operating systems. if [ x"$os" != x"" ] then case $os in # First match some system type aliases # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; -solaris) os=-solaris2 ;; -svr4*) os=-sysv4 ;; -unixware*) os=-sysv4.2uw ;; -gnu/linux*) os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ;; # First accept the basic system types. # The portable systems comes first. # Each alternative MUST END IN A *, to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ | -aos* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \ | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \ | -interix* | -uwin* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* | -storm-chaos*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) case $basic_machine in x86-* | i[34567]86-*) ;; *) os=-nto$os ;; esac ;; -nto*) os=-nto-qnx ;; -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ | -windows* | -osx | -abug | -netware* | -os9* | -beos* \ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) ;; -mac*) os=`echo $os | sed -e 's|mac|macos|'` ;; -linux*) os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; -sunos5*) os=`echo $os | sed -e 's|sunos5|solaris2|'` ;; -sunos6*) os=`echo $os | sed -e 's|sunos6|solaris3|'` ;; -opened*) os=-openedition ;; -wince*) os=-wince ;; -osfrose*) os=-osfrose ;; -osf*) os=-osf ;; -utek*) os=-bsd ;; -dynix*) os=-bsd ;; -acis*) os=-aos ;; -386bsd) os=-bsd ;; -ctix* | -uts*) os=-sysv ;; -ns2 ) os=-nextstep2 ;; -nsk*) os=-nsk ;; # Preserve the version number of sinix5. -sinix5.*) os=`echo $os | sed -e 's|sinix|sysv|'` ;; -sinix*) os=-sysv4 ;; -triton*) os=-sysv3 ;; -oss*) os=-sysv3 ;; -svr4) os=-sysv4 ;; -svr3) os=-sysv3 ;; -sysvr4) os=-sysv4 ;; # This must come after -sysvr4. -sysv*) ;; -ose*) os=-ose ;; -es1800*) os=-ose ;; -xenix) os=-xenix ;; -*mint | -*MiNT) os=-mint ;; -none) ;; *) # Get rid of the `-' at the beginning of $os. os=`echo $os | sed 's/[^-]*-//'` echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 exit 1 ;; esac else # Here we handle the default operating systems that come with various machines. # The value should be what the vendor currently ships out the door with their # machine or put another way, the most popular os provided with the machine. # Note that if you're going to try to match "-MANUFACTURER" here (say, # "-sun"), then you have to tell the case statement up towards the top # that MANUFACTURER isn't an operating system. Otherwise, code above # will signal an error saying that MANUFACTURER isn't an operating # system, and we'll never get to this point. case $basic_machine in *-acorn) os=-riscix1.2 ;; arm*-rebel) os=-linux ;; arm*-semi) os=-aout ;; pdp11-*) os=-none ;; *-dec | vax-*) os=-ultrix4.2 ;; m68*-apollo) os=-domain ;; i386-sun) os=-sunos4.0.2 ;; m68000-sun) os=-sunos3 # This also exists in the configure program, but was not the # default. # os=-sunos4 ;; m68*-cisco) os=-aout ;; mips*-cisco) os=-elf ;; mips*-*) os=-elf ;; *-tti) # must be before sparc entry or we get the wrong os. os=-sysv3 ;; sparc-* | *-sun) os=-sunos4.1.1 ;; *-be) os=-beos ;; *-ibm) os=-aix ;; *-wec) os=-proelf ;; *-winbond) os=-proelf ;; *-oki) os=-proelf ;; *-hp) os=-hpux ;; *-hitachi) os=-hiux ;; i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) os=-sysv ;; *-cbm) os=-amigaos ;; *-dg) os=-dgux ;; *-dolphin) os=-sysv3 ;; m68k-ccur) os=-rtu ;; m88k-omron*) os=-luna ;; *-next ) os=-nextstep ;; *-sequent) os=-ptx ;; *-crds) os=-unos ;; *-ns) os=-genix ;; i370-*) os=-mvs ;; *-next) os=-nextstep3 ;; *-gould) os=-sysv ;; *-highlevel) os=-bsd ;; *-encore) os=-bsd ;; *-sgi) os=-irix ;; *-siemens) os=-sysv4 ;; *-masscomp) os=-rtu ;; f30[01]-fujitsu) os=-uxpv ;; *-rom68k) os=-coff ;; *-*bug) os=-coff ;; *-apple) os=-macos ;; *-atari*) os=-mint ;; *) os=-none ;; esac fi # Here we handle the case where we know the os, and the CPU type, but not the # manufacturer. We pick the logical manufacturer. vendor=unknown case $basic_machine in *-unknown) case $os in -riscix*) vendor=acorn ;; -sunos*) vendor=sun ;; -aix*) vendor=ibm ;; -beos*) vendor=be ;; -hpux*) vendor=hp ;; -mpeix*) vendor=hp ;; -hiux*) vendor=hitachi ;; -unos*) vendor=crds ;; -dgux*) vendor=dg ;; -luna*) vendor=omron ;; -genix*) vendor=ns ;; -mvs* | -opened*) vendor=ibm ;; -ptx*) vendor=sequent ;; -vxsim* | -vxworks*) vendor=wrs ;; -aux*) vendor=apple ;; -hms*) vendor=hitachi ;; -mpw* | -macos*) vendor=apple ;; -*mint | -*MiNT) vendor=atari ;; esac basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` ;; esac echo $basic_machine$os exit 0 # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: argus-2.0.6.fixes.1/bin/configure.in0000775000076600007660000001125207274777576012734 dnl @(#) $Header: /usr/local/cvsroot/argus/bin/configure.in,v 1.2 2001/05/05 13:26:22 argus Exp $ (LBL) dnl dnl Copyright (c) 1994, 1995, 1996, 1997 dnl The Regents of the University of California. All rights reserved. dnl dnl Process this file with autoconf to produce a configure script. dnl AC_REVISION($Revision: 1.2 $) AC_INIT(server/argus.c) AC_CANONICAL_SYSTEM AC_LBL_C_INIT(V_CCOPT, V_INCLS) AC_C_INLINE AC_C___ATTRIBUTE__ AC_LBL_CHECK_TYPE(u_int8_t, u_char) AC_LBL_CHECK_TYPE(u_int16_t, u_short) AC_LBL_CHECK_TYPE(u_int32_t, u_int) AC_CHECK_HEADERS(netinet/if_ether.h) AC_CHECK_FUNCS(ether_hostton strerror freeifaddrs strlcpy) dnl dnl Not all versions of test support -c (character special) but it's a dnl better way of testing since the device might be protected. So we dnl check in our normal order using -r and then check the for the /dev dnl guys again using -c. dnl dnl XXX This could be done for cross-compiling, but for now it's not. dnl if test -z "$with_pcap" && test "$cross_compiling" = yes; then AC_MSG_ERROR(pcap type not determined when cross-compiling; use --with-pcap=...) fi AC_ARG_WITH(pcap, [ --with-pcap=TYPE use packet capture TYPE]) AC_MSG_CHECKING(packet capture type) if test ! -z "$with_pcap" ; then V_PCAP="$withval" elif test -r /dev/bpf0 ; then V_PCAP=bpf elif test -r /usr/include/net/pfilt.h ; then V_PCAP=pf elif test -r /dev/enet ; then V_PCAP=enet elif test -r /dev/nit ; then V_PCAP=snit elif test -r /usr/include/sys/net/nit.h ; then V_PCAP=nit elif test -r /usr/include/net/raw.h ; then V_PCAP=snoop elif test -r /usr/include/sys/dlpi.h ; then V_PCAP=dlpi elif test -r /usr/include/linux/socket.h ; then V_PCAP=linux elif test -c /dev/bpf0 ; then # check again in case not readable V_PCAP=bpf elif test -c /dev/enet ; then # check again in case not readable V_PCAP=enet elif test -c /dev/nit ; then # check again in case not readable V_PCAP=snit else V_PCAP=null fi AC_MSG_RESULT($V_PCAP) AC_MSG_CHECKING(if --enable-ipv6 option is specified) AC_ARG_ENABLE(ipv6, [ --enable-ipv6 build IPv6-capable version]) if test "$enable_ipv6" = "yes"; then AC_DEFINE(INET6,1,[IPv6]) fi AC_MSG_RESULT(${enable_ipv6-no}) case "$V_PCAP" in dlpi) AC_CHECK_HEADERS(sys/bufmod.h sys/dlpi_ext.h) AC_MSG_CHECKING(for /dev/dlpi device) if test -c /dev/dlpi ; then AC_MSG_RESULT(yes) AC_DEFINE(HAVE_DEV_DLPI, 1, [define if you have a /dev/dlpi]) else AC_MSG_RESULT(no) dir="/dev/dlpi" AC_MSG_CHECKING(for $dir directory) if test -d $dir ; then AC_MSG_RESULT(yes) AC_DEFINE_UNQUOTED(PCAP_DEV_PREFIX, "$dir", [/dev/dlpi directory]) else AC_MSG_RESULT(no) fi fi ;; linux) AC_CHECK_HEADERS(netpacket/packet.h) AC_MSG_CHECKING(Linux kernel version) if test "$cross_compiling" = yes; then AC_CACHE_VAL(ac_cv_linux_vers, ac_cv_linux_vers=unknown) else AC_CACHE_VAL(ac_cv_linux_vers, ac_cv_linux_vers=`uname -r 2>&1 | \ sed -n -e '$s/.* //' -e '$s/\..*//p'`) fi AC_MSG_RESULT($ac_cv_linux_vers) if test $ac_cv_linux_vers = unknown ; then AC_MSG_ERROR(cannot determine linux version when cross-compiling) fi if test $ac_cv_linux_vers -lt 2 ; then AC_MSG_ERROR(version 2 or higher required; see the INSTALL doc for more info) fi ;; null) AC_MSG_WARN(cannot determine packet capture interface) AC_MSG_WARN((see the INSTALL doc for more info)) ;; esac AC_LBL_LEX_AND_YACC(V_LEX, V_YACC, pcap_) if test "$V_LEX" = lex ; then AC_MSG_ERROR([Argus requires flex and bison. flex is a lex replacement that has many advantages, including being able to compile libpcap. For more information, see http://www.gnu.org/software/flex/flex.html .]) fi case "$target_os" in aix*) dnl Workaround to enable certain features AC_DEFINE(_SUN,1,[define on AIX to get certain functions]) ;; hpux9*) AC_DEFINE(HAVE_HPUX9,1,[on HP-UX 9.x]) ;; hpux10.0*) ;; hpux10.1*) ;; hpux*) dnl HPUX 10.20 and above is similar to HPUX 9... AC_DEFINE(HAVE_HPUX10_20,1,[on HP-UX 10.20]) ;; sinix*) AC_MSG_CHECKING(if SINIX compiler defines sinix) AC_CACHE_VAL(ac_cv_cc_sinix_defined, AC_TRY_COMPILE( [], [int i = sinix;], ac_cv_cc_sinix_defined=yes, ac_cv_cc_sinix_defined=no)) AC_MSG_RESULT($ac_cv_cc_sinix_defined) if test $ac_cv_cc_sinix_defined = no ; then AC_DEFINE(sinix,1,[on sinix]) fi ;; solaris*) AC_DEFINE(HAVE_SOLARIS,1,[On solaris]) ;; esac AC_PROG_RANLIB AC_LBL_DEVEL(V_CCOPT) AC_LBL_SOCKADDR_SA_LEN AC_LBL_HP_PPA_INFO_T_DL_MODULE_ID_1 AC_LBL_UNALIGNED_ACCESS AC_SUBST(V_CCOPT) AC_SUBST(V_INCLS) AC_SUBST(V_LEX) AC_SUBST(V_PCAP) AC_SUBST(V_RANLIB) AC_SUBST(V_YACC) AC_PROG_INSTALL AC_CONFIG_HEADER(config.h) AC_OUTPUT(Makefile) if test -f .devel ; then make depend fi exit 0 argus-2.0.6.fixes.1/bin/install-sh0000775000076600007660000001272107143534007012375 #! /bin/sh # # install - install a program, script, or datafile # This comes from X11R5 (mit/util/scripts/install.sh). # # Copyright 1991 by the Massachusetts Institute of Technology # # Permission to use, copy, modify, distribute, and sell this software and its # documentation for any purpose is hereby granted without fee, provided that # the above copyright notice appear in all copies and that both that # copyright notice and this permission notice appear in supporting # documentation, and that the name of M.I.T. not be used in advertising or # publicity pertaining to distribution of the software without specific, # written prior permission. M.I.T. makes no representations about the # suitability of this software for any purpose. It is provided "as is" # without express or implied warranty. # # Calling this script install-sh is preferred over install.sh, to prevent # `make' implicit rules from creating a file called install from it # when there is no Makefile. # # This script is compatible with the BSD install script, but was written # from scratch. It can only install one file at a time, a restriction # shared with many OS's install programs. # set DOITPROG to echo to test this script # Don't use :- since 4.3BSD and earlier shells don't like it. doit="${DOITPROG-}" # put in absolute paths if you don't have them in your path; or use env. vars. mvprog="${MVPROG-mv}" cpprog="${CPPROG-cp}" chmodprog="${CHMODPROG-chmod}" chownprog="${CHOWNPROG-chown}" chgrpprog="${CHGRPPROG-chgrp}" stripprog="${STRIPPROG-strip}" rmprog="${RMPROG-rm}" mkdirprog="${MKDIRPROG-mkdir}" transformbasename="" transform_arg="" instcmd="$mvprog" chmodcmd="$chmodprog 0755" chowncmd="" chgrpcmd="" stripcmd="" rmcmd="$rmprog -f" mvcmd="$mvprog" src="" dst="" dir_arg="" while [ x"$1" != x ]; do case $1 in -c) instcmd="$cpprog" shift continue;; -d) dir_arg=true shift continue;; -m) chmodcmd="$chmodprog $2" shift shift continue;; -o) chowncmd="$chownprog $2" shift shift continue;; -g) chgrpcmd="$chgrpprog $2" shift shift continue;; -s) stripcmd="$stripprog" shift continue;; -t=*) transformarg=`echo $1 | sed 's/-t=//'` shift continue;; -b=*) transformbasename=`echo $1 | sed 's/-b=//'` shift continue;; *) if [ x"$src" = x ] then src=$1 else # this colon is to work around a 386BSD /bin/sh bug : dst=$1 fi shift continue;; esac done if [ x"$src" = x ] then echo "install: no input file specified" exit 1 else true fi if [ x"$dir_arg" != x ]; then dst=$src src="" if [ -d $dst ]; then instcmd=: else instcmd=mkdir fi else # Waiting for this to be detected by the "$instcmd $src $dsttmp" command # might cause directories to be created, which would be especially bad # if $src (and thus $dsttmp) contains '*'. if [ -f $src -o -d $src ] then true else echo "install: $src does not exist" exit 1 fi if [ x"$dst" = x ] then echo "install: no destination specified" exit 1 else true fi # If destination is a directory, append the input filename; if your system # does not like double slashes in filenames, you may need to add some logic if [ -d $dst ] then dst="$dst"/`basename $src` else true fi fi ## this sed command emulates the dirname command dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` # Make sure that the destination directory exists. # this part is taken from Noah Friedman's mkinstalldirs script # Skip lots of stat calls in the usual case. if [ ! -d "$dstdir" ]; then defaultIFS=' ' IFS="${IFS-${defaultIFS}}" oIFS="${IFS}" # Some sh's can't handle IFS=/ for some reason. IFS='%' set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` IFS="${oIFS}" pathcomp='' while [ $# -ne 0 ] ; do pathcomp="${pathcomp}${1}" shift if [ ! -d "${pathcomp}" ] ; then $mkdirprog "${pathcomp}" else true fi pathcomp="${pathcomp}/" done fi if [ x"$dir_arg" != x ] then $doit $instcmd $dst && if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi else # If we're going to rename the final executable, determine the name now. if [ x"$transformarg" = x ] then dstfile=`basename $dst` else dstfile=`basename $dst $transformbasename | sed $transformarg`$transformbasename fi # don't allow the sed command to completely eliminate the filename if [ x"$dstfile" = x ] then dstfile=`basename $dst` else true fi # Make a temp file name in the proper directory. dsttmp=$dstdir/#inst.$$# # Move or copy the file name to the temp name $doit $instcmd $src $dsttmp && trap "rm -f ${dsttmp}" 0 && # and set any options; do chmod last to preserve setuid bits # If any of these fail, we abort the whole thing. If we want to # ignore errors from any of these, just make sure not to ignore # errors from the above "$doit $instcmd $src $dsttmp" command. if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && # Now rename the file to the real destination. $doit $rmcmd -f $dstdir/$dstfile && $doit $mvcmd $dsttmp $dstdir/$dstfile fi && exit 0 argus-2.0.6.fixes.1/bin/mkdep0000775000076600007660000000445607151001146011415 #!/bin/sh - # # Copyright (c) 1994, 1996 # The Regents of the University of California. All rights reserved. # # Redistribution and use in source and binary forms are permitted # provided that this notice is preserved and that due credit is given # to the University of California at Berkeley. The name of the University # may not be used to endorse or promote products derived from this # software without specific prior written permission. This software # is provided ``as is'' without express or implied warranty. # # @(#)mkdep.sh 5.11 (Berkeley) 5/5/88 # PATH=/bin:/usr/bin:/usr/ucb:/usr/local:/usr/local/bin export PATH MAKE=Makefile # default makefile name is "Makefile" CC=cc # default C compiler is "cc" while : do case "$1" in # -c allows you to specify the C compiler -c) CC=$2 shift; shift ;; # -f allows you to select a makefile name -f) MAKE=$2 shift; shift ;; # the -p flag produces "program: program.c" style dependencies # so .o's don't get produced -p) SED='s;\.o;;' shift ;; *) break ;; esac done if [ $# = 0 ] ; then echo 'usage: mkdep [-p] [-c cc] [-f makefile] [flags] file ...' exit 1 fi if [ ! -w $MAKE ]; then echo "mkdep: no writeable file \"$MAKE\"" exit 1 fi TMP=/tmp/mkdep$$ trap 'rm -f $TMP ; exit 1' 1 2 3 13 15 cp $MAKE ${MAKE}.bak sed -e '/DO NOT DELETE THIS LINE/,$d' < $MAKE > $TMP cat << _EOF_ >> $TMP # DO NOT DELETE THIS LINE -- mkdep uses it. # DO NOT PUT ANYTHING AFTER THIS LINE, IT WILL GO AWAY. _EOF_ # If your compiler doesn't have -M, add it. If you can't, the next two # lines will try and replace the "cc -M". The real problem is that this # hack can't deal with anything that requires a search path, and doesn't # even try for anything using bracket (<>) syntax. # # egrep '^#include[ ]*".*"' /dev/null $* | # sed -e 's/:[^"]*"\([^"]*\)".*/: \1/' -e 's/\.c/.o/' | # XXX this doesn't work with things like "-DDECLWAITSTATUS=union\ wait" $CC -M $* | sed " s; \./; ;g $SED" | awk '{ if ($1 != prev) { if (rec != "") print rec; rec = $0; prev = $1; } else { if (length(rec $2) > 78) { print rec; rec = $0; } else rec = rec " " $2 } } END { print rec }' >> $TMP cat << _EOF_ >> $TMP # IF YOU PUT ANYTHING HERE IT WILL GO AWAY _EOF_ # copy to preserve permissions cp $TMP $MAKE rm -f ${MAKE}.bak $TMP exit 0 argus-2.0.6.fixes.1/common/0000775000076600007660000000000010047733611011165 5argus-2.0.6.fixes.1/common/Makefile.in0000775000076600007660000001261310016412624013152 # # Copyright (c) 2000-2004 QoSient, LLC # All rights reserved. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # # # Copyright (c) 1993, 1994, 1995, 1996 # The Regents of the University of California. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that: (1) source code distributions # retain the above copyright notice and this paragraph in its entirety, (2) # distributions including binary code include the above copyright notice and # this paragraph in its entirety in the documentation or other materials # provided with the distribution, and (3) all advertising materials mentioning # features or use of this software display the following acknowledgement: # ``This product includes software developed by the University of California, # Lawrence Berkeley Laboratory and its contributors.'' Neither the name of # the University nor the names of its contributors may be used to endorse # or promote products derived from this software without specific prior # written permission. # THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED # WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. # # @(#) $Header: /usr/local/cvsroot/argus/common/Makefile.in,v 1.22 2004/02/23 15:00:36 argus Exp $ (LBL) # # Various configurable paths (remember to edit Makefile.in, not Makefile) # # Top level hierarchy prefix = @prefix@ exec_prefix = @exec_prefix@ # Pathname of directory to install the include files INCLDEST = @includedir@ # Pathname of directory to install the library LIBDEST = @libdir@ # Pathname of directory to install the man page MANDEST = @mandir@ # VPATH srcdir = @srcdir@ VPATH = @srcdir@ # # You shouldn't need to edit anything below. # CC = @CC@ CCOPT = @V_CCOPT@ INCLS = -I. -I../include @V_INCLS@ DEFS = @DEFS@ -DARGUS_SYSLOG=1 # Standard CFLAGS CFLAGS = $(CCOPT) $(INCLS) $(DEFS) INSTALL = @INSTALL@ RANLIB = @V_RANLIB@ # # Flex and bison allow you to specify the prefixes of the global symbols # used by the generated parser. This allows programs to use lex/yacc # and link against libpcap. If you don't have flex or bison, get them. # LEX = @V_LEX@ YACC = @V_YACC@ # Explicitly define compilation rule since SunOS 4's make doesn't like gcc. # Also, gcc does not remove the .o before forking 'as', which can be a # problem if you don't own the file but can write to the directory. .c.o: @rm -f $@ $(CC) $(CFLAGS) -c $(srcdir)/$*.c # We would like to say "OBJ = $(SRC:.c=.o)" but Ultrix's make cannot # hack the extra indirection VSRC = version.c LSRC = scanner.l YSRC = grammar.y GENSRC = $(LSRC:.l=.c) $(YSRC:.y=.c) $(VSRC) GENHDR = tokdefs.h TAGHDR = bpf/net/bpf.h TAGFILES = $(SRC) $(HDR) $(TAGHDR) LIBS = @INSTALL_LIB@/argus_parse.a @INSTALL_LIB@/argus_common.a OBJ = $(COMMONOBJ) $(PARSEOBJ) CLEANFILES = $(LIBS) $(OBJ) $(GENSRC) $(GENHDR) lex.yy.c COMMONSRC = gencode.c argus_filter.c $(GENSRC) COMMONOBJ = gencode.o argus_filter.o scanner.o grammar.o version.o PARSESRC = argus_parse.c argus_util.c argus_auth.c PARSEOBJ = argus_parse.o argus_util.o argus_auth.o SRC = $(COMMONSRC) $(PARSESRC) all: $(LIBS) @INSTALL_LIB@/argus_common.a: $(COMMONOBJ) rm -f $@; ar qc $@ $(COMMONOBJ) -$(RANLIB) $@ @INSTALL_LIB@/argus_parse.a: $(PARSEOBJ) rm -f $@; ar qc $@ $(PARSEOBJ) -$(RANLIB) $@ scanner.c: scanner.l @rm -f $@ $(LEX) -t $< > $$$$.$@; mv $$$$.$@ $@ scanner.o: scanner.c tokdefs.h tokdefs.h: grammar.c grammar.c: grammar.y @rm -f grammar.c tokdefs.h $(YACC) -d $< mv y.tab.c grammar.c mv y.tab.h tokdefs.h grammar.o: grammar.c $(CC) $(CFLAGS) -Dyylval=argus_lval -c grammar.c version.o: version.c version.c: $(srcdir)/../VERSION @rm -f $@ sed -e 's/.*/char version[] = "&";/' $(srcdir)/../VERSION > $@ install: force [ -d $(LIBDEST) ] || \ (mkdir -p $(LIBDEST); chmod 755 $(LIBDEST)) $(INSTALL) $(srcdir)/../lib/argus_common.a $(LIBDEST)/argus_common.a $(INSTALL) $(srcdir)/../lib/argus_parse.a $(LIBDEST)/argus_parse.a $(RANLIB) $(LIBDEST)/argus_common.a $(RANLIB) $(LIBDEST)/argus_parse.a clean: rm -f $(CLEANFILES) distclean: rm -f $(CLEANFILES) Makefile tags: $(TAGFILES) ctags -wtd $(TAGFILES) tar: force @cwd=`pwd` ; dir=`basename $$cwd` ; name=libpcap-`cat VERSION` ; \ list="" ; tar="tar chFFf" ; \ for i in `cat FILES` ; do list="$$list $$name/$$i" ; done; \ echo \ "rm -f ../$$name; ln -s $$dir ../$$name" ; \ rm -f ../$$name; ln -s $$dir ../$$name ; \ echo \ "(cd .. ; $$tar - [lots of files]) | compress > /tmp/$$name.tar.Z" ; \ (cd .. ; $$tar - $$list) | compress > /tmp/$$name.tar.Z ; \ echo \ "rm -f ../$$name" ; \ rm -f ../$$name force: /tmp depend: $(GENSRC) force ../bin/mkdep -c $(CC) $(DEFS) $(INCLS) $(SRC) argus-2.0.6.fixes.1/common/argus_auth.c0000775000076600007660000003317710016412624013423 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 2000 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* * Modified by Carter Bullard * QoSient, LLC * */ #ifndef ArgusAuth #define ArgusAuth #endif #include #include #include #include #ifdef ARGUS_SASL #include #include #include #endif /* ARGUS_SASL */ #include #include #include #include #include #include #include #include extern void ArgusLog (int, char *, ...); int ArgusInitializeAuthentication (struct ARGUS_INPUT *); int ArgusAuthenticate (struct ARGUS_INPUT *); #ifdef ARGUS_SASL static int RaGetRealm(void *context, int, const char **, const char **); static int RaSimple(void *context, int, const char **, unsigned *); static int RaGetSecret(sasl_conn_t *, void *context, int, sasl_secret_t **); int RaSaslNegotiate(FILE *, FILE *, sasl_conn_t *); int RaGetSaslString (FILE *, char *, int); int RaSendSaslString (FILE *, const char *, int); /* RaCallBacks we support */ static sasl_callback_t RaCallBacks[] = { { SASL_CB_GETREALM, &RaGetRealm, NULL }, { SASL_CB_USER, &RaSimple, NULL }, { SASL_CB_AUTHNAME, &RaSimple, NULL }, { SASL_CB_PASS, &RaGetSecret, NULL }, { SASL_CB_LIST_END, NULL, NULL } }; char *RaSaslMech = NULL; #endif #if defined(HAVE_SOLARIS) extern int getdomainname(char *name, size_t len); #endif int ArgusInitializeAuthentication (struct ARGUS_INPUT *input) { int retn = 1; #ifdef ARGUS_SASL struct sockaddr_in localaddr, remoteaddr; int salen, fd = input->fd; char *localhostname = NULL; if ((retn = sasl_client_init(RaCallBacks)) != SASL_OK) ArgusLog (LOG_ERR, "ArgusInitializeAuthentication() sasl_client_init %d", retn); localhostname = ArgusCalloc (1, 1024); gethostname(localhostname, 1024); if (!strchr (localhostname, '.')) { strcat (localhostname, "."); getdomainname (&localhostname[strlen(localhostname)], 1024 - strlen(localhostname)); } if ((retn = sasl_client_new("argus", localhostname, NULL, SASL_SECURITY_LAYER, &input->sasl_conn)) != SASL_OK) ArgusLog (LOG_ERR, "ArgusInitializeAuthentication() sasl_client_new %d", retn); /* set external properties here sasl_setprop(input->sasl_conn, SASL_SSF_EXTERNAL, &extprops); */ /* set required security properties here sasl_setprop(input->sasl_conn, SASL_SEC_PROPS, &secprops); */ /* set ip addresses */ salen = sizeof(localaddr); if (getsockname(fd, (struct sockaddr *)&localaddr, &salen) < 0) perror("getsockname"); salen = sizeof(remoteaddr); if (getpeername(fd, (struct sockaddr *)&remoteaddr, &salen) < 0) perror("getpeername"); if ((retn = sasl_setprop(input->sasl_conn, SASL_IP_LOCAL, &localaddr)) != SASL_OK) ArgusLog (LOG_ERR, "ArgusInitializeAuthentication() error setting localaddr %d", retn); if ((retn = sasl_setprop(input->sasl_conn, SASL_IP_REMOTE, &remoteaddr)) != SASL_OK) ArgusLog (LOG_ERR, "ArgusInitializeAuthentication() error setting remoteaddr %d", retn); retn = 1; #endif #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusInitializeAuthentication () returning %d\n", retn); #endif return (retn); } int ArgusAuthenticate (struct ARGUS_INPUT *input) { int retn = 0; if (ArgusInitializeAuthentication(input)) { #ifdef ARGUS_SASL int fd = input->fd; if ((input->in = fdopen(fd, "r")) == NULL) ArgusLog (LOG_ERR, "ArgusAuthenticate(0x%x) fdopen in failed %s", strerror(errno)); if ((input->out = fdopen(fd, "w")) == NULL) ArgusLog (LOG_ERR, "ArgusAuthenticate(0x%x) fdopen out failed %s", strerror(errno)); if ((retn = RaSaslNegotiate(input->in, input->out, input->sasl_conn)) == SASL_OK) retn = 1; else retn = 0; #endif } #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusAuthenticate (0x%x) returning %d\n", input, retn); #endif return (retn); } #ifdef ARGUS_SASL static void RaChop (char *s) /* remove \r\n at end of the line */ { char *p; assert(s); p = s + strlen(s) - 1; if (p[0] == '\n') *p-- = '\0'; if (p >= s && p[0] == '\r') *p-- = '\0'; } static int RaGetRealm(void *context __attribute__((unused)), int id, const char **availrealms, const char **result) { static char buf[1024]; if (id != SASL_CB_GETREALM) return SASL_BADPARAM; if (!result) return SASL_BADPARAM; printf("please choose a realm (available:"); while (*availrealms) { printf(" %s", *availrealms); availrealms++; } printf("): "); fgets(buf, sizeof buf, stdin); RaChop(buf); *result = buf; return SASL_OK; } static char RaSimpleBuf[1024]; static int RaSimple(void *context __attribute__((unused)), int id, const char **result, unsigned *len) { char *ptr = NULL; if (! result) return SASL_BADPARAM; switch (id) { case SASL_CB_USER: if (ustr == NULL) { printf("please enter an authorization id: "); fgets(RaSimpleBuf, sizeof RaSimpleBuf, stdin); } else { if ((ptr = strchr(ustr, '/')) != NULL) *ptr = '\0'; sprintf (RaSimpleBuf, "%s", ustr); if (ptr) *ptr = '/'; } break; case SASL_CB_AUTHNAME: if (ustr != NULL) if ((ptr = strchr(ustr, '/')) != NULL) ptr++; if (ptr == NULL) { printf("please enter an authentication id: "); fgets(RaSimpleBuf, sizeof RaSimpleBuf, stdin); } else sprintf (RaSimpleBuf, "%s", ptr); break; default: return SASL_BADPARAM; } RaChop(RaSimpleBuf); *result = RaSimpleBuf; if (len) *len = strlen(RaSimpleBuf); return SASL_OK; } #ifndef HAVE_GETPASSPHRASE char * getpassphrase(const char *prompt) { return getpass(prompt); } #endif static int RaGetSecret(sasl_conn_t *conn, void *context __attribute__((unused)), int id, sasl_secret_t **psecret) { char *password; size_t len; static sasl_secret_t *x; if (! conn || ! psecret || id != SASL_CB_PASS) return SASL_BADPARAM; if (pstr != NULL) password = pstr; else password = getpassphrase("Password: "); if (! password) return SASL_FAIL; len = strlen(password); x = (sasl_secret_t *) realloc(x, sizeof(sasl_secret_t) + len); if (!x) { memset(password, 0, len); return SASL_NOMEM; } x->len = len; strcpy(x->data, password); memset(password, 0, len); *psecret = x; return SASL_OK; } int RaSaslNegotiate(FILE *in, FILE *out, sasl_conn_t *conn) { int retn = 0; char buf[8192]; char *data; const char *chosenmech; int len, c; #ifdef ARGUSDEBUG ArgusDebug (1, "RaSaslNegotiate(0x%x, 0x%x, 0x%x) receiving capability list... ", in, out, conn); #endif if ((len = RaGetSaslString(in, buf, sizeof(buf))) <= 0) ArgusLog (LOG_ERR, "RaSaslNegotiate: RaGetSaslString(0x%x, 0x%x, %d) error %s\n", in, buf, sizeof(buf), strerror(errno)); if (RaSaslMech) { /* make sure that 'RaSaslMech' appears in 'buf' */ if (!strstr(buf, RaSaslMech)) { printf("server doesn't offer mandatory mech '%s'\n", RaSaslMech); return 0; } } else RaSaslMech = buf; #ifdef ARGUSDEBUG ArgusDebug (1, "RaSaslNegotiate(0x%x, 0x%x, 0x%x) calling sasl_client_start()", in, out, conn); #endif retn = sasl_client_start(conn, RaSaslMech, NULL, NULL, &data, &len, &chosenmech); if ((retn != SASL_OK) && (retn != SASL_CONTINUE)) { fputc ('N', out); fflush(out); ArgusLog (LOG_ERR, "RaSaslNegotiate: error starting SASL negotiation"); } if (retn == SASL_INTERACT) ArgusLog (LOG_ERR, "RaSaslNegotiate: returned SASL_INTERACT\n"); #ifdef ARGUSDEBUG ArgusDebug (1, "RaSaslNegotiate: using mechanism %s\n", chosenmech); #endif /* we send two strings; the mechanism chosen and the initial response */ RaSendSaslString(out, chosenmech, strlen(chosenmech)); RaSendSaslString(out, data, len); for (;;) { #ifdef ARGUSDEBUG ArgusDebug (2, "waiting for server reply...\n"); #endif switch (c = fgetc(in)) { case 'O': goto done_ok; case 'N': goto done_no; case 'C': /* continue authentication */ break; default: printf("bad protocol from server (%c %x)\n", c, c); return 0; } if ((len = RaGetSaslString(in, buf, sizeof(buf))) <= 0) ArgusLog (LOG_ERR, "RaSaslNegotiate: RaGetSaslString(0x%x, 0x%x, %d) returned %d\n", in, buf, sizeof(buf), len); retn = sasl_client_step(conn, buf, len, NULL, &data, &len); if ((retn != SASL_OK) && (retn != SASL_CONTINUE)) { fputc ('N', out); fflush(out); ArgusLog (LOG_ERR, "RaSaslNegotiate: error performing SASL negotiation"); } if (data) { #ifdef ARGUSDEBUG ArgusDebug (2, "sending response length %d...\n", len); #endif RaSendSaslString(out, data, len); free(data); } else { #ifdef ARGUSDEBUG ArgusDebug (2, "sending null response...\n"); #endif RaSendSaslString(out, "", 0); } } done_ok: #ifdef ARGUSDEBUG ArgusDebug (1, "successful authentication"); #endif return SASL_OK; done_no: #ifdef ARGUSDEBUG ArgusDebug (1, "authentication failed"); #endif return -1; } /* send/recv library for IMAP4 style literals. */ int RaSendSaslString (FILE *f, const char *s, int l) { char saslbuf[MAXSTRLEN]; int len, al = 0; bzero (saslbuf, MAXSTRLEN); sprintf(saslbuf, "{%d}\r\n", l); len = strlen(saslbuf); bcopy (s, &saslbuf[len], l); len += l; al = fwrite(saslbuf, 1, len, f); fflush(f); #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusSendSaslString(0x%x, 0x%x, %d)\n", f, s, l); s = saslbuf; if (3 <= Argusdflag) { while (len--) { if (isprint((int)((unsigned char) *s))) { printf("%c ", *s); } else { printf("%x ", (unsigned char) *s); } s++; } printf("\n"); } #endif return al; } int RaGetSaslString (FILE *f, char *buf, int buflen) { int c, len, l; char *s; if ((c = fgetc(f)) != '{') return -1; /* read length */ len = 0; c = fgetc(f); while (isdigit(c)) { len = len * 10 + (c - '0'); c = fgetc(f); } if (c != '}') return -1; if ((c = fgetc(f)) != '\r') return -1; if ((c = fgetc(f)) != '\n') return -1; /* read string */ if (buflen <= len) { fread(buf, buflen - 1, 1, f); buf[buflen - 1] = '\0'; /* discard oversized string */ len -= buflen - 1; while (len--) (void)fgetc(f); len = buflen - 1; } else { fread(buf, len, 1, f); buf[len] = '\0'; } l = len; s = buf; #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusGetSaslString(0x%x, 0x%x, %d)\n", f, s, l); if (3 <= Argusdflag) { while (l--) { if (isprint((int)((unsigned char) *s))) { printf("%c ", *s); } else { printf("%X ", (unsigned char) *s); } s++; } printf("\n"); } #endif return len; } #endif argus-2.0.6.fixes.1/common/argus_filter.c0000775000076600007660000042357310047701646013763 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1990, 1991, 1992, 1993 * The Regents of the University of California. All rights reserved. * * This code is derived from the Stanford/CMU enet packet filter, * (net/enet.c) distributed as part of 4.3BSD, and code contributed * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence * Berkeley Laboratory. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)bpf.c 7.5 (Berkeley) 7/15/91 * */ #ifndef ArgusFilter #define ArgusFilter #endif #include #include #include #include #include #include #include #if defined(HAVE_SOLARIS) #include #endif #include #include #if !defined(__OpenBSD__) || (defined(__OpenBSD__) && !defined(_NETINET_IF_SYSTEM_H_)) #define _NETINET_IF_SYSTEM_H_ #include #endif #if defined(__OpenBSD__) #ifndef _NETINET_IP_H_ #define _NETINET_IP_H_ #include #endif #ifndef _NETINET_IP_ICMP_H_ #define _NETINET_IP_ICMP_H_ #include #endif #else #include #include #endif #include #include #include #include #include #include /* #include */ #include #ifdef sun #include #endif #include extern void ArgusLog (int, char *, ...); #if defined(sparc) || defined(mips) || defined(ibm032) || defined(__alpha)\ || defined(AIX) #define BPF_ALIGN #endif #ifndef BPF_ALIGN #define EXTRACT_SHORT(p) ((arg_uint16)ntohs(*(arg_uint16 *)p)) #define EXTRACT_LONG(p) (ntohl(*(unsigned int *)p)) #else #define EXTRACT_SHORT(p)\ ((arg_uint16)\ ((arg_uint16)*((u_char *)p+0)<<8|\ (arg_uint16)*((u_char *)p+1)<<0)) #define EXTRACT_LONG(p)\ ((unsigned int)*((u_char *)p+0)<<24|\ (unsigned int)*((u_char *)p+1)<<16|\ (unsigned int)*((u_char *)p+2)<<8|\ (unsigned int)*((u_char *)p+3)<<0) #endif #include /* Hex digit to integer. */ static inline int xdtoi(int c) { if (isdigit(c)) return c - '0'; else if (islower(c)) return c - 'a' + 10; else return c - 'A' + 10; } /* * Execute the filter program starting at pc on the packet p * wirelen is the length of the original packet * buflen is the amount of data present */ unsigned int ArgusIndexRecord (struct ArgusRecord *argus, struct ArgusFarHeaderStruct **hdrs) { unsigned int retn = 0; struct ArgusFarHeaderStruct *far = (struct ArgusFarHeaderStruct *) &argus->argus_far; unsigned int length = argus->ahdr.length - sizeof(argus->ahdr); unsigned int farlen; bzero ((char *) hdrs, 32 * sizeof(struct ArgusFarHeaderStruct *)); if (argus->ahdr.type & ARGUS_FAR) { while ((length > 0) && (length >= far->length)) { switch (far->type) { case ARGUS_FAR: if (retn & ARGUS_FAR_DSR_STATUS) return(retn); retn |= ARGUS_FAR_DSR_STATUS; hdrs[ARGUS_FAR_DSR_INDEX] = far; break; case ARGUS_MAC_DSR: if (retn & ARGUS_MAC_DSR_STATUS) return(retn); retn |= ARGUS_MAC_DSR_STATUS; hdrs[ARGUS_MAC_DSR_INDEX] = far; break; case ARGUS_VLAN_DSR: if (retn & ARGUS_VLAN_DSR_STATUS) return(retn); retn |= ARGUS_VLAN_DSR_STATUS; hdrs[ARGUS_VLAN_DSR_INDEX] = far; break; case ARGUS_MPLS_DSR: if (retn & ARGUS_MPLS_DSR_STATUS) return(retn); retn |= ARGUS_MPLS_DSR_STATUS; hdrs[ARGUS_MPLS_DSR_INDEX] = far; break; case ARGUS_AGR_DSR: if (retn & ARGUS_AGR_DSR_STATUS) return(retn); retn |= ARGUS_AGR_DSR_STATUS; hdrs[ARGUS_AGR_DSR_INDEX] = far; break; case ARGUS_TIME_DSR: if (retn & ARGUS_TIME_DSR_STATUS) return(retn); retn |= ARGUS_TIME_DSR_STATUS; hdrs[ARGUS_TIME_DSR_INDEX] = far; break; case ARGUS_SRCUSRDATA_DSR: if (retn & ARGUS_SRCUSRDATA_DSR_STATUS) return(retn); retn |= ARGUS_SRCUSRDATA_DSR_STATUS; hdrs[ARGUS_SRCUSRDATA_DSR_INDEX] = far; break; case ARGUS_DSTUSRDATA_DSR: if (retn & ARGUS_DSTUSRDATA_DSR_STATUS) return(retn); retn |= ARGUS_DSTUSRDATA_DSR_STATUS; hdrs[ARGUS_DSTUSRDATA_DSR_INDEX] = far; break; case ARGUS_TCP_DSR: if (retn & ARGUS_TCP_DSR_STATUS) return(retn); retn |= ARGUS_TCP_DSR_STATUS; hdrs[ARGUS_TCP_DSR_INDEX] = far; break; case ARGUS_ICMP_DSR: if (retn & ARGUS_ICMP_DSR_STATUS) return(retn); retn |= ARGUS_ICMP_DSR_STATUS; hdrs[ARGUS_ICMP_DSR_INDEX] = far; break; case ARGUS_RTP_DSR: if (retn & ARGUS_RTP_DSR_STATUS) return(retn); retn |= ARGUS_RTP_DSR_STATUS; hdrs[ARGUS_RTP_DSR_INDEX] = far; break; case ARGUS_IGMP_DSR: if (retn & ARGUS_IGMP_DSR_STATUS) return(retn); retn |= ARGUS_IGMP_DSR_STATUS; hdrs[ARGUS_IGMP_DSR_INDEX] = far; break; case ARGUS_ARP_DSR: if (retn & ARGUS_ARP_DSR_STATUS) return(retn); retn |= ARGUS_ARP_DSR_STATUS; hdrs[ARGUS_ARP_DSR_INDEX] = far; break; case ARGUS_FRG_DSR: if (retn & ARGUS_FRG_DSR_STATUS) return(retn); retn |= ARGUS_FRG_DSR_STATUS; hdrs[ARGUS_FRG_DSR_INDEX] = far; break; case ARGUS_ESP_DSR: if (retn & ARGUS_ESP_DSR_STATUS) return(retn); retn |= ARGUS_ESP_DSR_STATUS; hdrs[ARGUS_ESP_DSR_INDEX] = far; break; } if ((farlen = far->length) == 0) break; if ((far->type == ARGUS_SRCUSRDATA_DSR) || (far->type == ARGUS_DSTUSRDATA_DSR)) farlen = farlen * 4; length -= farlen; far = (struct ArgusFarHeaderStruct *)((char *)far + farlen); } } return (retn); } void ArgusGenerateCanonicalRecord (struct ArgusRecord *ptr, struct ArgusCanonicalRecord *canon) { int i, index = 0; struct ArgusFarHeaderStruct **hdrs = NULL; struct ArgusRecord *ar = (struct ArgusRecord *) canon; ptr->ahdr.length = ntohs(ptr->ahdr.length); ArgusThisFarStatus = ArgusIndexRecord (ptr, ArgusThisFarHdrs); ptr->ahdr.length = htons(ptr->ahdr.length); hdrs = ArgusThisFarHdrs; bzero ((char *)canon, sizeof(*canon)); if (ptr->ahdr.type & ARGUS_MAR) { bcopy ((char *)ptr, (char *)canon, sizeof(*ptr)); } else { bcopy ((char *)&ptr->ahdr, (char *)&canon->ahdr, sizeof(canon->ahdr)); for (i = 1; i < 33; i++) { index = 1 << (i - 1); switch (index) { case ARGUS_FAR_DSR_STATUS: if (ArgusThisFarStatus & ARGUS_FAR_DSR_STATUS) bcopy((char *) hdrs[ARGUS_FAR_DSR_INDEX], (char *)&ar->argus_far, sizeof (ar->argus_far)); break; case ARGUS_MAC_DSR_STATUS: if (ArgusThisFarStatus & ARGUS_MAC_DSR_STATUS) bcopy((char *) hdrs[ARGUS_MAC_DSR_INDEX], (char *)&canon->mac, sizeof(canon->mac)); break; case ARGUS_VLAN_DSR_STATUS: if (ArgusThisFarStatus & ARGUS_VLAN_DSR_STATUS) bcopy((char *) hdrs[ARGUS_VLAN_DSR_INDEX], (char *)&canon->vlan, sizeof(canon->vlan)); break; case ARGUS_MPLS_DSR_STATUS: if (ArgusThisFarStatus & ARGUS_MPLS_DSR_STATUS) bcopy((char *) hdrs[ARGUS_MPLS_DSR_INDEX], (char *)&canon->mpls, sizeof(canon->mpls)); break; case ARGUS_AGR_DSR_STATUS: if (ArgusThisFarStatus & ARGUS_AGR_DSR_STATUS) bcopy((char *) hdrs[ARGUS_AGR_DSR_INDEX], (char *)&canon->agr, sizeof(canon->agr)); break; case ARGUS_TIME_DSR_STATUS: if (ArgusThisFarStatus & ARGUS_TIME_DSR_STATUS) bcopy((char *) hdrs[ARGUS_TIME_DSR_INDEX], (char *)&canon->time, sizeof(canon->time)); break; case ARGUS_TCP_DSR_STATUS: if (ArgusThisFarStatus & ARGUS_TCP_DSR_STATUS) bcopy((char *) hdrs[ARGUS_TCP_DSR_INDEX], (char *)&canon->acr_tcp, sizeof(canon->acr_tcp)); break; case ARGUS_ICMP_DSR_STATUS: if (ArgusThisFarStatus & ARGUS_ICMP_DSR_STATUS) bcopy((char *) hdrs[ARGUS_ICMP_DSR_INDEX], (char *)&canon->acr_icmp, sizeof(canon->acr_icmp)); break; case ARGUS_RTP_DSR_STATUS: if (ArgusThisFarStatus & ARGUS_RTP_DSR_STATUS) bcopy((char *) hdrs[ARGUS_RTP_DSR_INDEX], (char *)&canon->acr_rtp, sizeof(canon->acr_rtp)); break; case ARGUS_IGMP_DSR_STATUS: if (ArgusThisFarStatus & ARGUS_IGMP_DSR_STATUS) bcopy((char *) hdrs[ARGUS_IGMP_DSR_INDEX], (char *)&canon->acr_igmp, sizeof(canon->acr_igmp)); break; case ARGUS_ARP_DSR_STATUS: if (ArgusThisFarStatus & ARGUS_ARP_DSR_STATUS) bcopy((char *) hdrs[ARGUS_ARP_DSR_INDEX], (char *)&canon->acr_arp, sizeof(canon->acr_arp)); break; case ARGUS_FRG_DSR_STATUS: if (ArgusThisFarStatus & ARGUS_FRG_DSR_STATUS) bcopy((char *) hdrs[ARGUS_FRG_DSR_INDEX], (char *)&canon->acr_frag, sizeof(canon->acr_frag)); break; case ARGUS_ESP_DSR_STATUS: if (ArgusThisFarStatus & ARGUS_ESP_DSR_STATUS) bcopy((char *) hdrs[ARGUS_ESP_DSR_INDEX], (char *)&canon->acr_esp, sizeof(canon->acr_esp)); break; } } } #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusGenerateCanonicalRecord (0x%x, 0x%x) returning\n", ptr, canon); #endif } unsigned int argus_filter (struct bpf_insn *pc, u_char *p) { struct ArgusCanonicalRecord canonbuf, *canon = &canonbuf; ArgusGenerateCanonicalRecord ((struct ArgusRecord *) p, canon); return argus_filter_orig (pc, (u_char *)canon, sizeof(*canon), sizeof(*canon)); } unsigned int argus_filter_orig (pc, p, wirelen, buflen) struct bpf_insn *pc; u_char *p; int wirelen, buflen; { unsigned int A = 0, X = 0; int k; int mem [BPF_MEMWORDS]; if (pc == 0) /* * No filter means accept all. */ return (unsigned int) -1; --pc; while (1) { ++pc; switch (pc->code) { default: #ifdef KERNEL return 0; #else abort(); #endif case BPF_RET|BPF_K: return (unsigned int)pc->k; case BPF_RET|BPF_A: return (unsigned int)A; case BPF_LD|BPF_W|BPF_ABS: k = pc->k; if (k + sizeof(int) > buflen) { #ifdef KERNEL int merr; if (buflen != 0) return 0; A = m_xword((struct mbuf *)p, k, &merr); if (merr != 0) return 0; continue; #else return 0; #endif } A = EXTRACT_LONG(&p[k]); continue; case BPF_LD|BPF_H|BPF_ABS: k = pc->k; if (k + sizeof(short) > buflen) { #ifdef KERNEL int merr; if (buflen != 0) return 0; A = m_xhalf((struct mbuf *)p, k, &merr); continue; #else return 0; #endif } A = EXTRACT_SHORT(&p[k]); continue; case BPF_LD|BPF_B|BPF_ABS: k = pc->k; if (k >= buflen) { #ifdef KERNEL struct mbuf *m; if (buflen != 0) return 0; m = (struct mbuf *)p; MINDEX(m, k); A = mtod(m, u_char *)[k]; continue; #else return 0; #endif } A = p[k]; continue; case BPF_LD|BPF_W|BPF_LEN: A = wirelen; continue; case BPF_LDX|BPF_W|BPF_LEN: X = wirelen; continue; case BPF_LD|BPF_W|BPF_IND: k = X + pc->k; if (k + sizeof(int) > buflen) { #ifdef KERNEL int merr; if (buflen != 0) return 0; A = m_xword((struct mbuf *)p, k, &merr); if (merr != 0) return 0; continue; #else return 0; #endif } A = EXTRACT_LONG(&p[k]); continue; case BPF_LD|BPF_H|BPF_IND: k = X + pc->k; if (k + sizeof(short) > buflen) { #ifdef KERNEL int merr; if (buflen != 0) return 0; A = m_xhalf((struct mbuf *)p, k, &merr); if (merr != 0) return 0; continue; #else return 0; #endif } A = EXTRACT_SHORT(&p[k]); continue; case BPF_LD|BPF_B|BPF_IND: k = X + pc->k; if (k >= buflen) { #ifdef KERNEL struct mbuf *m; if (buflen != 0) return 0; m = (struct mbuf *)p; MINDEX(m, k); A = mtod(m, char *)[k]; continue; #else return 0; #endif } A = p[k]; continue; case BPF_LDX|BPF_MSH|BPF_B: k = pc->k; if (k >= buflen) { #ifdef KERNEL struct mbuf *m; if (buflen != 0) return 0; m = (struct mbuf *)p; MINDEX(m, k); X = (mtod(m, char *)[k] & 0xf) << 2; continue; #else return 0; #endif } X = (p[pc->k] & 0xf) << 2; continue; case BPF_LD|BPF_IMM: A = pc->k; continue; case BPF_LDX|BPF_IMM: X = pc->k; continue; case BPF_LD|BPF_MEM: A = mem[pc->k]; continue; case BPF_LDX|BPF_MEM: X = mem[pc->k]; continue; case BPF_ST: mem[pc->k] = A; continue; case BPF_STX: mem[pc->k] = X; continue; case BPF_JMP|BPF_JA: pc += pc->k; continue; case BPF_JMP|BPF_JGT|BPF_K: pc += (A > pc->k) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JGE|BPF_K: pc += (A >= pc->k) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JEQ|BPF_K: pc += (A == pc->k) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JSET|BPF_K: pc += (A & pc->k) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JGT|BPF_X: pc += (A > X) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JGE|BPF_X: pc += (A >= X) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JEQ|BPF_X: pc += (A == X) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JSET|BPF_X: pc += (A & X) ? pc->jt : pc->jf; continue; case BPF_ALU|BPF_ADD|BPF_X: A += X; continue; case BPF_ALU|BPF_SUB|BPF_X: A -= X; continue; case BPF_ALU|BPF_MUL|BPF_X: A *= X; continue; case BPF_ALU|BPF_DIV|BPF_X: if (X == 0) return 0; A /= X; continue; case BPF_ALU|BPF_AND|BPF_X: A &= X; continue; case BPF_ALU|BPF_OR|BPF_X: A |= X; continue; case BPF_ALU|BPF_LSH|BPF_X: A <<= X; continue; case BPF_ALU|BPF_RSH|BPF_X: A >>= X; continue; case BPF_ALU|BPF_ADD|BPF_K: A += pc->k; continue; case BPF_ALU|BPF_SUB|BPF_K: A -= pc->k; continue; case BPF_ALU|BPF_MUL|BPF_K: A *= pc->k; continue; case BPF_ALU|BPF_DIV|BPF_K: A /= pc->k; continue; case BPF_ALU|BPF_AND|BPF_K: A &= pc->k; continue; case BPF_ALU|BPF_OR|BPF_K: A |= pc->k; continue; case BPF_ALU|BPF_LSH|BPF_K: A <<= pc->k; continue; case BPF_ALU|BPF_RSH|BPF_K: A >>= pc->k; continue; case BPF_ALU|BPF_NEG: A = -A; continue; case BPF_MISC|BPF_TAX: X = A; continue; case BPF_MISC|BPF_TXA: A = X; continue; } } } #ifdef KERNEL /* * Return true if the 'fcode' is a valid filter program. * The constraints are that each jump be forward and to a valid * code. The code must terminate with either an accept or reject. * 'valid' is an array for use by the routine (it must be at least * 'len' bytes long). * * The kernel needs to be able to verify an application's filter code. * Otherwise, a bogus program could easily crash the system. */ int bpf_validate(f, len) struct bpf_insn *f; int len; { int i; struct bpf_insn *p; for (i = 0; i < len; ++i) { /* * Check that that jumps are forward, and within * the code block. */ p = &f[i]; if (BPF_CLASS(p->code) == BPF_JMP) { int from = i + 1; if (BPF_OP(p->code) == BPF_JA) { if (from + p->k >= len) return 0; } else if (from + p->jt >= len || from + p->jf >= len) return 0; } /* * Check that memory operations use valid addresses. */ if ((BPF_CLASS(p->code) == BPF_ST || (BPF_CLASS(p->code) == BPF_LD && (p->code & 0xe0) == BPF_MEM)) && (p->k >= BPF_MEMWORDS || p->k < 0)) return 0; /* * Check for constant division by 0. */ if (p->code == (BPF_ALU|BPF_DIV|BPF_K) && p->k == 0) return 0; } return BPF_CLASS(f[len - 1].code) == BPF_RET; } #endif /* * Copyright (c) 1990, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ /* #include */ #ifndef __GNUC__ #define inline #endif static inline int skip_space(FILE *); static inline int skip_line(FILE *); static inline int skip_space(f) FILE *f; { int c; do { c = getc(f); } while (isspace(c) && c != '\n'); return c; } static inline int skip_line(f) FILE *f; { int c; do c = getc(f); while (c != '\n' && c != EOF); return c; } #include struct pcap_etherent * argus_next_etherent(FILE *fp) { int c, d, i; char *bp; static struct pcap_etherent e; static int nline = 1; top: while (nline) { /* Find addr */ c = skip_space(fp); if (c == '\n') continue; /* If this is a comment, or first thing on line cannot be ethernet address, skip the line. */ else if (!isxdigit(c)) c = skip_line(fp); else { /* must be the start of an address */ for (i = 0; i < 6; i += 1) { d = xdtoi(c); c = getc(fp); if (c != ':') { d <<= 4; d |= xdtoi(c); c = getc(fp); } e.addr[i] = d; if (c != ':') break; c = getc(fp); } nline = 0; } if (c == EOF) return 0; } /* If we started a new line, 'c' holds the char past the ether addr, which we assume is white space. If we are continuing a line, 'c' is garbage. In either case, we can throw it away. */ c = skip_space(fp); if (c == '\n') { nline = 1; goto top; } else if (c == '#') { (void)skip_line(fp); nline = 1; goto top; } else if (c == EOF) return 0; /* Must be a name. */ bp = e.name; /* Use 'd' to prevent argus_strbuffer overflow. */ d = sizeof(e.name) - 1; do { *bp++ = c; c = getc(fp); } while (!isspace(c) && c != EOF && --d > 0); *bp = '\0'; if (c == '\n') nline = 1; return &e; } /* * Copyright (c) 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the Computer Systems * Engineering Group at Lawrence Berkeley Laboratory. * 4. Neither the name of the University nor of the Laboratory may be used * to endorse or promote products derived from this software without * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_SOLARIS #include #endif /* Not all systems have IFF_LOOPBACK */ #ifdef IFF_LOOPBACK #define ISLOOPBACK(p) ((p)->ifr_flags & IFF_LOOPBACK) #else #define ISLOOPBACK(p) (strcmp((p)->ifr_name, "lo0") == 0) #endif #if !defined(__OpenBSD__) || !defined(_NET_IF_H_) #define _NET_IF_H_ #include #endif /* * Return the name of a network interface attached to the system, or NULL * if none can be found. The interface must be configured up; the * lowest unit number is preferred; loopback is ignored. */ char * argus_lookupdev(ebuf) char *ebuf; { int fd, minunit, n; char *cp; struct ifreq *ifrp, *ifend, *ifnext, *mp; struct ifconf ifc; struct ifreq ibuf[16], ifr; static char device[sizeof(ifrp->ifr_name) + 1]; fd = socket(AF_INET, SOCK_DGRAM, 0); if (fd < 0) { (void)sprintf(ebuf, "socket: %s", argus_strerror(errno)); return (NULL); } ifc.ifc_len = sizeof ibuf; ifc.ifc_buf = (caddr_t)ibuf; if (ioctl(fd, SIOCGIFCONF, (char *)&ifc) < 0 || ifc.ifc_len < sizeof(struct ifreq)) { (void)sprintf(ebuf, "SIOCGIFCONF: %s", argus_strerror(errno)); (void)close(fd); return (NULL); } ifrp = ibuf; ifend = (struct ifreq *)((char *)ibuf + ifc.ifc_len); mp = NULL; minunit = 666; for (; ifrp < ifend; ifrp = ifnext) { #if BSD - 0 >= 199006 n = ifrp->ifr_addr.sa_len + sizeof(ifrp->ifr_name); if (n < sizeof(*ifrp)) ifnext = ifrp + 1; else ifnext = (struct ifreq *)((char *)ifrp + n); if (ifrp->ifr_addr.sa_family != AF_INET) continue; #else ifnext = ifrp + 1; #endif /* * Need a template to preserve address info that is * used below to locate the next entry. (Otherwise, * SIOCGIFFLAGS stomps over it because the requests * are returned in a union.) */ strncpy(ifr.ifr_name, ifrp->ifr_name, sizeof(ifr.ifr_name)); if (ioctl(fd, SIOCGIFFLAGS, (char *)&ifr) < 0) { (void)sprintf(ebuf, "SIOCGIFFLAGS: %s", argus_strerror(errno)); (void)close(fd); return (NULL); } /* Must be up and not the loopback */ if ((ifr.ifr_flags & IFF_UP) == 0 || ISLOOPBACK(&ifr)) continue; for (cp = ifrp->ifr_name; !isdigit((int)*cp); ++cp) continue; n = atoi(cp); if (n < minunit) { minunit = n; mp = ifrp; } } (void)close(fd); if (mp == NULL) { (void)strcpy(ebuf, "no suitable device found"); return (NULL); } (void)strncpy(device, mp->ifr_name, sizeof(device) - 1); device[sizeof(device) - 1] = '\0'; return (device); } int argus_lookupnet(char *device, unsigned int *netp, unsigned int *maskp, char *ebuf) { int fd; struct sockaddr_in *sin; struct ifreq ifr; fd = socket(AF_INET, SOCK_DGRAM, 0); if (fd < 0) { (void)sprintf(ebuf, "socket: %s", argus_strerror(errno)); return (-1); } (void)strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); if (ioctl(fd, SIOCGIFADDR, (char *)&ifr) < 0) { (void)sprintf(ebuf, "SIOCGIFADDR: %s: %s", device, argus_strerror(errno)); (void)close(fd); return (-1); } sin = (struct sockaddr_in *)&ifr.ifr_addr; *netp = sin->sin_addr.s_addr; if (ioctl(fd, SIOCGIFNETMASK, (char *)&ifr) < 0) { (void)sprintf(ebuf, "SIOCGIFNETMASK: %s: %s", device, argus_strerror(errno)); (void)close(fd); return (-1); } (void)close(fd); *maskp = sin->sin_addr.s_addr; if (*maskp == 0) { if (IN_CLASSA(*netp)) *maskp = IN_CLASSA_NET; else if (IN_CLASSB(*netp)) *maskp = IN_CLASSB_NET; else if (IN_CLASSC(*netp)) *maskp = IN_CLASSC_NET; else { (void)sprintf(ebuf, "inet class for 0x%x unknown", *netp); return (-1); } } *netp &= *maskp; return (0); } #ifndef HAVE_SYS_ERRLIST static char argus_error[20]; #endif char * argus_strerror(int errnum) { #ifndef HAVE_SYS_ERRLIST extern int sys_nerr; extern char *sys_errlist[]; if ((unsigned int)errnum < sys_nerr) return ((char *) sys_errlist[errnum]); (void)sprintf(argus_error, "Unknown error: %d", errnum); return (argus_error); #else return (strerror(errnum)); #endif } /* * Copyright (c) 1988, 1989, 1990, 1991, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Optimization module for tcpdump intermediate representation. */ #ifdef __osf__ #include #endif #include #ifdef linux #include #endif #define BITS_PER_WORD (8*sizeof(unsigned int)) #define A_ATOM BPF_MEMWORDS #define X_ATOM (BPF_MEMWORDS+1) #define NOP -1 /* * This define is used to represent *both* the accumulator and * x register in use-def computations. * Currently, the use-def code assumes only one definition per instruction. */ #define AX_ATOM N_ATOMS /* * A flag to indicate that further optimization is needed. * Iterative passes are continued until a given pass yields no * branch movement. */ static int done; /* * A block is marked if only if its mark equals the current mark. * Rather than traverse the code array, marking each item, 'cur_mark' is * incremented. This automatically makes each element unmarked. */ static int cur_mark; #define isMarked(p) ((p)->mark == cur_mark) #define unMarkAll() cur_mark += 1 #define Mark(p) ((p)->mark = cur_mark) static void opt_init(struct block *); static void opt_cleanup(void); static void make_marks(struct block *); static void mark_code(struct block *); static void intern_blocks(struct block *); static int eq_slist(struct slist *, struct slist *); static void find_levels_r(struct block *); static void find_levels(struct block *); static void find_dom(struct block *); static void propedom(struct edge *); static void find_edom(struct block *); static void find_closure(struct block *); static int atomuse(struct stmt *); static int atomdef(struct stmt *); static void compute_local_ud(struct block *); static void find_ud(struct block *); static void init_val(void); static int F(int, int, int); static inline void vstore(struct stmt *, int *, int, int); static void opt_blk(struct block *, int); static int use_conflict(struct block *, struct block *); static void opt_j(struct edge *); static void or_pullup(struct block *); static void and_pullup(struct block *); static void opt_blks(struct block *, int); static inline void link_inedge(struct edge *, struct block *); static void find_inedges(struct block *); static void opt_root(struct block **); static void opt_loop(struct block *, int); static void fold_op(struct stmt *, int, int); static inline struct slist *this_op(struct slist *); static void opt_not(struct block *); static void opt_peep(struct block *); static void opt_stmt(struct stmt *, int[], int); static void deadstmt(struct stmt *, struct stmt *[]); static void opt_deadstores(struct block *); static void opt_blk(struct block *, int); static int use_conflict(struct block *, struct block *); static void opt_j(struct edge *); static struct block *fold_edge(struct block *, struct edge *); static inline int eq_blk(struct block *, struct block *); static int slength(struct slist *); static int count_blocks(struct block *); static void number_blks_r(struct block *); static int count_stmts(struct block *); static int convert_code_r(struct block *); static int n_blocks; struct block **blocks; static int n_edges; struct edge **edges; /* * A bit vector set representation of the dominators. * We round up the set size to the next power of two. */ static int nodewords; static int edgewords; struct block **levels; unsigned int *space; /* * True if a is in uset {p} */ #define SET_MEMBER(p, a) \ ((p)[(a) / BITS_PER_WORD] & (1 << ((a) % BITS_PER_WORD))) /* * Add 'a' to uset p. */ #define SET_INSERT(p, a) \ (p)[(a) / BITS_PER_WORD] |= (1 << ((a) % BITS_PER_WORD)) /* * Delete 'a' from uset p. */ #define SET_DELETE(p, a) \ (p)[(a) / BITS_PER_WORD] &= ~(1 << ((a) % BITS_PER_WORD)) /* * a := a intersect b */ #define SET_INTERSECT(a, b, n)\ {\ register unsigned int *_x = a, *_y = b;\ register int _n = n;\ while (--_n >= 0) *_x++ &= *_y++;\ } /* * a := a - b */ #define SET_SUBTRACT(a, b, n)\ {\ register unsigned int *_x = a, *_y = b;\ register int _n = n;\ while (--_n >= 0) *_x++ &=~ *_y++;\ } /* * a := a union b */ #define SET_UNION(a, b, n)\ {\ register unsigned int *_x = a, *_y = b;\ register int _n = n;\ while (--_n >= 0) *_x++ |= *_y++;\ } static uset all_dom_sets; static uset all_closure_sets; static uset all_edge_sets; #ifndef MAX #define MAX(a,b) ((a)>(b)?(a):(b)) #endif static void find_levels_r(b) struct block *b; { int level; if (isMarked(b)) return; Mark(b); b->link = 0; if (JT(b)) { find_levels_r(JT(b)); find_levels_r(JF(b)); level = MAX(JT(b)->level, JF(b)->level) + 1; } else level = 0; b->level = level; b->link = levels[level]; levels[level] = b; } /* * Level graph. The levels go from 0 at the leaves to * N_LEVELS at the root. The levels[] array points to the * first node of the level list, whose elements are linked * with the 'link' field of the struct block. */ static void find_levels(root) struct block *root; { memset((char *)levels, 0, n_blocks * sizeof(*levels)); unMarkAll(); find_levels_r(root); } /* * Find dominator relationships. * Assumes graph has been leveled. */ static void find_dom(root) struct block *root; { int i; struct block *b; unsigned int *x; /* * Initialize sets to contain all nodes. */ x = all_dom_sets; i = n_blocks * nodewords; while (--i >= 0) *x++ = ~0; /* Root starts off empty. */ for (i = nodewords; --i >= 0;) root->dom[i] = 0; /* root->level is the highest level no found. */ for (i = root->level; i >= 0; --i) { for (b = levels[i]; b; b = b->link) { SET_INSERT(b->dom, b->id); if (JT(b) == 0) continue; SET_INTERSECT(JT(b)->dom, b->dom, nodewords); SET_INTERSECT(JF(b)->dom, b->dom, nodewords); } } } static void propedom(ep) struct edge *ep; { SET_INSERT(ep->edom, ep->id); if (ep->succ) { SET_INTERSECT(ep->succ->et.edom, ep->edom, edgewords); SET_INTERSECT(ep->succ->ef.edom, ep->edom, edgewords); } } /* * Compute edge dominators. * Assumes graph has been leveled and predecessors established. */ static void find_edom(root) struct block *root; { int i; uset x; struct block *b; x = all_edge_sets; for (i = n_edges * edgewords; --i >= 0; ) x[i] = ~0; /* root->level is the highest level no found. */ memset(root->et.edom, 0, edgewords * sizeof(*(uset)0)); memset(root->ef.edom, 0, edgewords * sizeof(*(uset)0)); for (i = root->level; i >= 0; --i) { for (b = levels[i]; b != 0; b = b->link) { propedom(&b->et); propedom(&b->ef); } } } /* * Find the backwards transitive closure of the flow graph. These sets * are backwards in the sense that we find the set of nodes that reach * a given node, not the set of nodes that can be reached by a node. * * Assumes graph has been leveled. */ static void find_closure(root) struct block *root; { int i; struct block *b; /* * Initialize sets to contain no nodes. */ memset((char *)all_closure_sets, 0, n_blocks * nodewords * sizeof(*all_closure_sets)); /* root->level is the highest level no found. */ for (i = root->level; i >= 0; --i) { for (b = levels[i]; b; b = b->link) { SET_INSERT(b->closure, b->id); if (JT(b) == 0) continue; SET_UNION(JT(b)->closure, b->closure, nodewords); SET_UNION(JF(b)->closure, b->closure, nodewords); } } } /* * Return the register number that is used by s. If A and X are both * used, return AX_ATOM. If no register is used, return -1. * * The implementation should probably change to an array access. */ static int atomuse(s) struct stmt *s; { register int c = s->code; if (c == NOP) return -1; switch (BPF_CLASS(c)) { case BPF_RET: return (BPF_RVAL(c) == BPF_A) ? A_ATOM : (BPF_RVAL(c) == BPF_X) ? X_ATOM : -1; case BPF_LD: case BPF_LDX: return (BPF_MODE(c) == BPF_IND) ? X_ATOM : (BPF_MODE(c) == BPF_MEM) ? s->k : -1; case BPF_ST: return A_ATOM; case BPF_STX: return X_ATOM; case BPF_JMP: case BPF_ALU: if (BPF_SRC(c) == BPF_X) return AX_ATOM; return A_ATOM; case BPF_MISC: return BPF_MISCOP(c) == BPF_TXA ? X_ATOM : A_ATOM; } abort(); /* NOTREACHED */ } /* * Return the register number that is defined by 's'. We assume that * a single stmt cannot define more than one register. If no register * is defined, return -1. * * The implementation should probably change to an array access. */ static int atomdef(s) struct stmt *s; { if (s->code == NOP) return -1; switch (BPF_CLASS(s->code)) { case BPF_LD: case BPF_ALU: return A_ATOM; case BPF_LDX: return X_ATOM; case BPF_ST: case BPF_STX: return s->k; case BPF_MISC: return BPF_MISCOP(s->code) == BPF_TAX ? X_ATOM : A_ATOM; } return -1; } static void compute_local_ud(b) struct block *b; { struct slist *s; atomset def = 0, use = 0, kill = 0; int atom; for (s = b->stmts; s; s = s->next) { if (s->s.code == NOP) continue; atom = atomuse(&s->s); if (atom >= 0) { if (atom == AX_ATOM) { if (!ATOMELEM(def, X_ATOM)) use |= ATOMMASK(X_ATOM); if (!ATOMELEM(def, A_ATOM)) use |= ATOMMASK(A_ATOM); } else if (atom < N_ATOMS) { if (!ATOMELEM(def, atom)) use |= ATOMMASK(atom); } else abort(); } atom = atomdef(&s->s); if (atom >= 0) { if (!ATOMELEM(use, atom)) kill |= ATOMMASK(atom); def |= ATOMMASK(atom); } } if (!ATOMELEM(def, A_ATOM) && BPF_CLASS(b->s.code) == BPF_JMP) use |= ATOMMASK(A_ATOM); b->def = def; b->kill = kill; b->in_use = use; } /* * Assume graph is already leveled. */ static void find_ud(root) struct block *root; { int i, maxlevel; struct block *p; /* * root->level is the highest level no found; * count down from there. */ maxlevel = root->level; for (i = maxlevel; i >= 0; --i) for (p = levels[i]; p; p = p->link) { compute_local_ud(p); p->out_use = 0; } for (i = 1; i <= maxlevel; ++i) { for (p = levels[i]; p; p = p->link) { p->out_use |= JT(p)->in_use | JF(p)->in_use; p->in_use |= p->out_use &~ p->kill; } } } /* * These data structures are used in a Cocke and Shwarz style * value numbering scheme. Since the flowgraph is acyclic, * exit values can be propagated from a node's predecessors * provided it is uniquely defined. */ struct valnode { int code; int v0, v1; int val; struct valnode *next; }; #define MODULUS 213 static struct valnode *hashtbl[MODULUS]; static int curval; static int maxval; /* Integer constants mapped with the load immediate opcode. */ #define K(i) F(BPF_LD|BPF_IMM|BPF_W, i, 0L) struct vmapinfo { int is_const; int const_val; }; struct vmapinfo *vmap; struct valnode *vnode_base; struct valnode *next_vnode; static void init_val() { curval = 0; next_vnode = vnode_base; memset((char *)vmap, 0, maxval * sizeof(*vmap)); memset((char *)hashtbl, 0, sizeof hashtbl); } /* Because we really don't have an IR, this stuff is a little messy. */ static int F(code, v0, v1) int code; int v0, v1; { u_int hash; int val; struct valnode *p; hash = (u_int)code ^ (v0 << 4) ^ (v1 << 8); hash %= MODULUS; for (p = hashtbl[hash]; p; p = p->next) if (p->code == code && p->v0 == v0 && p->v1 == v1) return p->val; val = ++curval; if (BPF_MODE(code) == BPF_IMM && (BPF_CLASS(code) == BPF_LD || BPF_CLASS(code) == BPF_LDX)) { vmap[val].const_val = v0; vmap[val].is_const = 1; } p = next_vnode++; p->val = val; p->code = code; p->v0 = v0; p->v1 = v1; p->next = hashtbl[hash]; hashtbl[hash] = p; return val; } static inline void vstore(s, valp, newval, alter) struct stmt *s; int *valp; int newval; int alter; { if (alter && *valp == newval) s->code = NOP; else *valp = newval; } static void fold_op(s, v0, v1) struct stmt *s; int v0, v1; { int a, b; a = vmap[v0].const_val; b = vmap[v1].const_val; switch (BPF_OP(s->code)) { case BPF_ADD: a += b; break; case BPF_SUB: a -= b; break; case BPF_MUL: a *= b; break; case BPF_DIV: if (b == 0) ArgusLog(LOG_ERR, "division by zero"); a /= b; break; case BPF_AND: a &= b; break; case BPF_OR: a |= b; break; case BPF_LSH: a <<= b; break; case BPF_RSH: a >>= b; break; case BPF_NEG: a = -a; break; default: abort(); } s->k = a; s->code = BPF_LD|BPF_IMM; done = 0; } static inline struct slist * this_op(s) struct slist *s; { while (s != 0 && s->s.code == NOP) s = s->next; return s; } static void opt_not(b) struct block *b; { struct block *tmp = JT(b); JT(b) = JF(b); JF(b) = tmp; } static void opt_peep(b) struct block *b; { struct slist *s; struct slist *next, *last; int val; int v; s = b->stmts; if (s == 0) return; last = s; while (1) { s = this_op(s); if (s == 0) break; next = this_op(s->next); if (next == 0) break; last = next; /* * st M[k] --> st M[k] * ldx M[k] tax */ if (s->s.code == BPF_ST && next->s.code == (BPF_LDX|BPF_MEM) && s->s.k == next->s.k) { done = 0; next->s.code = BPF_MISC|BPF_TAX; } /* * ld #k --> ldx #k * tax txa */ if (s->s.code == (BPF_LD|BPF_IMM) && next->s.code == (BPF_MISC|BPF_TAX)) { s->s.code = BPF_LDX|BPF_IMM; next->s.code = BPF_MISC|BPF_TXA; done = 0; } /* * This is an ugly special case, but it happens * when you say tcp[k] or udp[k] where k is a constant. */ if (s->s.code == (BPF_LD|BPF_IMM)) { struct slist *add, *tax, *ild; /* * Check that X isn't used on exit from this * block (which the optimizer might cause). * We know the code generator won't generate * any local dependencies. */ if (ATOMELEM(b->out_use, X_ATOM)) break; if (next->s.code != (BPF_LDX|BPF_MSH|BPF_B)) add = next; else add = this_op(next->next); if (add == 0 || add->s.code != (BPF_ALU|BPF_ADD|BPF_X)) break; tax = this_op(add->next); if (tax == 0 || tax->s.code != (BPF_MISC|BPF_TAX)) break; ild = this_op(tax->next); if (ild == 0 || BPF_CLASS(ild->s.code) != BPF_LD || BPF_MODE(ild->s.code) != BPF_IND) break; /* * XXX We need to check that X is not * subsequently used. We know we can eliminate the * accumulator modifications since it is defined * by the last stmt of this sequence. * * We want to turn this sequence: * * (004) ldi #0x2 {s} * (005) ldxms [14] {next} -- optional * (006) addx {add} * (007) tax {tax} * (008) ild [x+0] {ild} * * into this sequence: * * (004) nop * (005) ldxms [14] * (006) nop * (007) nop * (008) ild [x+2] * */ ild->s.k += s->s.k; s->s.code = NOP; add->s.code = NOP; tax->s.code = NOP; done = 0; } s = next; } /* * If we have a subtract to do a comparison, and the X register * is a known constant, we can merge this value into the * comparison. */ if (last->s.code == (BPF_ALU|BPF_SUB|BPF_X) && !ATOMELEM(b->out_use, A_ATOM)) { val = b->val[X_ATOM]; if (vmap[val].is_const) { b->s.k += vmap[val].const_val; last->s.code = NOP; done = 0; } else if (b->s.k == 0) { /* * sub x -> nop * j #0 j x */ last->s.code = NOP; b->s.code = BPF_CLASS(b->s.code) | BPF_OP(b->s.code) | BPF_X; done = 0; } } /* * Likewise, a constant subtract can be simplified. */ else if (last->s.code == (BPF_ALU|BPF_SUB|BPF_K) && !ATOMELEM(b->out_use, A_ATOM)) { b->s.k += last->s.k; last->s.code = NOP; done = 0; } /* * and #k nop * jeq #0 -> jset #k */ if (last->s.code == (BPF_ALU|BPF_AND|BPF_K) && !ATOMELEM(b->out_use, A_ATOM) && b->s.k == 0) { b->s.k = last->s.k; b->s.code = BPF_JMP|BPF_K|BPF_JSET; last->s.code = NOP; done = 0; opt_not(b); } /* * If the accumulator is a known constant, we can compute the * comparison result. */ val = b->val[A_ATOM]; if (vmap[val].is_const && BPF_SRC(b->s.code) == BPF_K) { v = vmap[val].const_val; switch (BPF_OP(b->s.code)) { case BPF_JEQ: v = v == b->s.k; break; case BPF_JGT: v = v > b->s.k; break; case BPF_JGE: v = v >= b->s.k; break; case BPF_JSET: v &= b->s.k; break; default: abort(); } if (JF(b) != JT(b)) done = 0; if (v) JF(b) = JT(b); else JT(b) = JF(b); } } /* * Compute the symbolic value of expression of 's', and update * anything it defines in the value table 'val'. If 'alter' is true, * do various optimizations. This code would be cleaner if symbolic * evaluation and code transformations weren't folded together. */ static void opt_stmt(s, val, alter) struct stmt *s; int val[]; int alter; { int op; int v; switch (s->code) { case BPF_LD|BPF_ABS|BPF_W: case BPF_LD|BPF_ABS|BPF_H: case BPF_LD|BPF_ABS|BPF_B: v = F(s->code, s->k, 0L); vstore(s, &val[A_ATOM], v, alter); break; case BPF_LD|BPF_IND|BPF_W: case BPF_LD|BPF_IND|BPF_H: case BPF_LD|BPF_IND|BPF_B: v = val[X_ATOM]; if (alter && vmap[v].is_const) { s->code = BPF_LD|BPF_ABS|BPF_SIZE(s->code); s->k += vmap[v].const_val; v = F(s->code, s->k, 0L); done = 0; } else v = F(s->code, s->k, v); vstore(s, &val[A_ATOM], v, alter); break; case BPF_LD|BPF_LEN: v = F(s->code, 0L, 0L); vstore(s, &val[A_ATOM], v, alter); break; case BPF_LD|BPF_IMM: v = K(s->k); vstore(s, &val[A_ATOM], v, alter); break; case BPF_LDX|BPF_IMM: v = K(s->k); vstore(s, &val[X_ATOM], v, alter); break; case BPF_LDX|BPF_MSH|BPF_B: v = F(s->code, s->k, 0L); vstore(s, &val[X_ATOM], v, alter); break; case BPF_ALU|BPF_NEG: if (alter && vmap[val[A_ATOM]].is_const) { s->code = BPF_LD|BPF_IMM; s->k = -vmap[val[A_ATOM]].const_val; val[A_ATOM] = K(s->k); } else val[A_ATOM] = F(s->code, val[A_ATOM], 0L); break; case BPF_ALU|BPF_ADD|BPF_K: case BPF_ALU|BPF_SUB|BPF_K: case BPF_ALU|BPF_MUL|BPF_K: case BPF_ALU|BPF_DIV|BPF_K: case BPF_ALU|BPF_AND|BPF_K: case BPF_ALU|BPF_OR|BPF_K: case BPF_ALU|BPF_LSH|BPF_K: case BPF_ALU|BPF_RSH|BPF_K: op = BPF_OP(s->code); if (alter) { if (s->k == 0) { if (op == BPF_ADD || op == BPF_SUB || op == BPF_LSH || op == BPF_RSH || op == BPF_OR) { s->code = NOP; break; } if (op == BPF_MUL || op == BPF_AND) { s->code = BPF_LD|BPF_IMM; val[A_ATOM] = K(s->k); break; } } if (vmap[val[A_ATOM]].is_const) { fold_op(s, val[A_ATOM], K(s->k)); val[A_ATOM] = K(s->k); break; } } val[A_ATOM] = F(s->code, val[A_ATOM], K(s->k)); break; case BPF_ALU|BPF_ADD|BPF_X: case BPF_ALU|BPF_SUB|BPF_X: case BPF_ALU|BPF_MUL|BPF_X: case BPF_ALU|BPF_DIV|BPF_X: case BPF_ALU|BPF_AND|BPF_X: case BPF_ALU|BPF_OR|BPF_X: case BPF_ALU|BPF_LSH|BPF_X: case BPF_ALU|BPF_RSH|BPF_X: op = BPF_OP(s->code); if (alter && vmap[val[X_ATOM]].is_const) { if (vmap[val[A_ATOM]].is_const) { fold_op(s, val[A_ATOM], val[X_ATOM]); val[A_ATOM] = K(s->k); } else { s->code = BPF_ALU|BPF_K|op; s->k = vmap[val[X_ATOM]].const_val; done = 0; val[A_ATOM] = F(s->code, val[A_ATOM], K(s->k)); } break; } /* * Check if we're doing something to an accumulator * that is 0, and simplify. This may not seem like * much of a simplification but it could open up further * optimizations. * XXX We could also check for mul by 1, and -1, etc. */ if (alter && vmap[val[A_ATOM]].is_const && vmap[val[A_ATOM]].const_val == 0) { if (op == BPF_ADD || op == BPF_OR || op == BPF_LSH || op == BPF_RSH || op == BPF_SUB) { s->code = BPF_MISC|BPF_TXA; vstore(s, &val[A_ATOM], val[X_ATOM], alter); break; } else if (op == BPF_MUL || op == BPF_DIV || op == BPF_AND) { s->code = BPF_LD|BPF_IMM; s->k = 0; vstore(s, &val[A_ATOM], K(s->k), alter); break; } else if (op == BPF_NEG) { s->code = NOP; break; } } val[A_ATOM] = F(s->code, val[A_ATOM], val[X_ATOM]); break; case BPF_MISC|BPF_TXA: vstore(s, &val[A_ATOM], val[X_ATOM], alter); break; case BPF_LD|BPF_MEM: v = val[s->k]; if (alter && vmap[v].is_const) { s->code = BPF_LD|BPF_IMM; s->k = vmap[v].const_val; done = 0; } vstore(s, &val[A_ATOM], v, alter); break; case BPF_MISC|BPF_TAX: vstore(s, &val[X_ATOM], val[A_ATOM], alter); break; case BPF_LDX|BPF_MEM: v = val[s->k]; if (alter && vmap[v].is_const) { s->code = BPF_LDX|BPF_IMM; s->k = vmap[v].const_val; done = 0; } vstore(s, &val[X_ATOM], v, alter); break; case BPF_ST: vstore(s, &val[s->k], val[A_ATOM], alter); break; case BPF_STX: vstore(s, &val[s->k], val[X_ATOM], alter); break; } } static void deadstmt(s, last) register struct stmt *s; register struct stmt *last[]; { register int atom; atom = atomuse(s); if (atom >= 0) { if (atom == AX_ATOM) { last[X_ATOM] = 0; last[A_ATOM] = 0; } else last[atom] = 0; } atom = atomdef(s); if (atom >= 0) { if (last[atom]) { done = 0; last[atom]->code = NOP; } last[atom] = s; } } static void opt_deadstores(b) register struct block *b; { register struct slist *s; register int atom; struct stmt *last[N_ATOMS]; memset((char *)last, 0, sizeof last); for (s = b->stmts; s != 0; s = s->next) deadstmt(&s->s, last); deadstmt(&b->s, last); for (atom = 0; atom < N_ATOMS; ++atom) if (last[atom] && !ATOMELEM(b->out_use, atom)) { last[atom]->code = NOP; done = 0; } } static void opt_blk(b, do_stmts) struct block *b; int do_stmts; { struct slist *s; struct edge *p; int i; int aval; /* * Initialize the atom values. * If we have no predecessors, everything is undefined. * Otherwise, we inherent our values from our predecessors. * If any register has an ambiguous value (i.e. control paths are * merging) give it the undefined value of 0. */ p = b->in_edges; if (p == 0) memset((char *)b->val, 0, sizeof(b->val)); else { memcpy((char *)b->val, (char *)p->pred->val, sizeof(b->val)); while ((p = p->next) != NULL) { for (i = 0; i < N_ATOMS; ++i) if (b->val[i] != p->pred->val[i]) b->val[i] = 0; } } aval = b->val[A_ATOM]; for (s = b->stmts; s; s = s->next) opt_stmt(&s->s, b->val, do_stmts); /* * This is a special case: if we don't use anything from this * block, and we load the accumulator with value that is * already there, eliminate all the statements. */ if (do_stmts && b->out_use == 0 && aval != 0 && b->val[A_ATOM] == aval) b->stmts = 0; else { opt_peep(b); opt_deadstores(b); } /* * Set up values for branch optimizer. */ if (BPF_SRC(b->s.code) == BPF_K) b->oval = K(b->s.k); else b->oval = b->val[X_ATOM]; b->et.code = b->s.code; b->ef.code = -b->s.code; } /* * Return true if any register that is used on exit from 'succ', has * an exit value that is different from the corresponding exit value * from 'b'. */ static int use_conflict(b, succ) struct block *b, *succ; { int atom; atomset use = succ->out_use; if (use == 0) return 0; for (atom = 0; atom < N_ATOMS; ++atom) if (ATOMELEM(use, atom)) if (b->val[atom] != succ->val[atom]) return 1; return 0; } static struct block * fold_edge(child, ep) struct block *child; struct edge *ep; { int sense; int aval0, aval1, oval0, oval1; int code = ep->code; if (code < 0) { code = -code; sense = 0; } else sense = 1; if (child->s.code != code) return 0; aval0 = child->val[A_ATOM]; oval0 = child->oval; aval1 = ep->pred->val[A_ATOM]; oval1 = ep->pred->oval; if (aval0 != aval1) return 0; if (oval0 == oval1) /* * The operands are identical, so the * result is true if a true branch was * taken to get here, otherwise false. */ return sense ? JT(child) : JF(child); if (sense && code == (BPF_JMP|BPF_JEQ|BPF_K)) /* * At this point, we only know the comparison if we * came down the true branch, and it was an equality * comparison with a constant. We rely on the fact that * distinct constants have distinct value numbers. */ return JF(child); return 0; } static void opt_j(ep) struct edge *ep; { register int i, k; register struct block *target; if (JT(ep->succ) == 0) return; if (JT(ep->succ) == JF(ep->succ)) { /* * Common branch targets can be eliminated, provided * there is no data dependency. */ if (!use_conflict(ep->pred, ep->succ->et.succ)) { done = 0; ep->succ = JT(ep->succ); } } /* * For each edge dominator that matches the successor of this * edge, promote the edge successor to the its grandchild. * * XXX We violate the set abstraction here in favor a reasonably * efficient loop. */ top: for (i = 0; i < edgewords; ++i) { register unsigned int x = ep->edom[i]; while (x != 0) { k = ffs(x) - 1; x &=~ (1 << k); k += i * BITS_PER_WORD; target = fold_edge(ep->succ, edges[k]); /* * Check that there is no data dependency between * nodes that will be violated if we move the edge. */ if (target != 0 && !use_conflict(ep->pred, target)) { done = 0; ep->succ = target; if (JT(target) != 0) /* * Start over unless we hit a leaf. */ goto top; return; } } } } static void or_pullup(b) struct block *b; { int val, at_top; struct block *pull; struct block **diffp, **samep; struct edge *ep; ep = b->in_edges; if (ep == 0) return; /* * Make sure each predecessor loads the same value. * XXX why? */ val = ep->pred->val[A_ATOM]; for (ep = ep->next; ep != 0; ep = ep->next) if (val != ep->pred->val[A_ATOM]) return; if (JT(b->in_edges->pred) == b) diffp = &JT(b->in_edges->pred); else diffp = &JF(b->in_edges->pred); at_top = 1; while (1) { if (*diffp == 0) return; if (JT(*diffp) != JT(b)) return; if (!SET_MEMBER((*diffp)->dom, b->id)) return; if ((*diffp)->val[A_ATOM] != val) break; diffp = &JF(*diffp); at_top = 0; } samep = &JF(*diffp); while (1) { if (*samep == 0) return; if (JT(*samep) != JT(b)) return; if (!SET_MEMBER((*samep)->dom, b->id)) return; if ((*samep)->val[A_ATOM] == val) break; /* XXX Need to check that there are no data dependencies between dp0 and dp1. Currently, the code generator will not produce such dependencies. */ samep = &JF(*samep); } #ifdef notdef /* XXX This doesn't cover everything. */ for (i = 0; i < N_ATOMS; ++i) if ((*samep)->val[i] != pred->val[i]) return; #endif /* Pull up the node. */ pull = *samep; *samep = JF(pull); JF(pull) = *diffp; /* * At the top of the chain, each predecessor needs to point at the * pulled up node. Inside the chain, there is only one predecessor * to worry about. */ if (at_top) { for (ep = b->in_edges; ep != 0; ep = ep->next) { if (JT(ep->pred) == b) JT(ep->pred) = pull; else JF(ep->pred) = pull; } } else *diffp = pull; done = 0; } static void and_pullup(b) struct block *b; { int val, at_top; struct block *pull; struct block **diffp, **samep; struct edge *ep; ep = b->in_edges; if (ep == 0) return; /* * Make sure each predecessor loads the same value. */ val = ep->pred->val[A_ATOM]; for (ep = ep->next; ep != 0; ep = ep->next) if (val != ep->pred->val[A_ATOM]) return; if (JT(b->in_edges->pred) == b) diffp = &JT(b->in_edges->pred); else diffp = &JF(b->in_edges->pred); at_top = 1; while (1) { if (*diffp == 0) return; if (JF(*diffp) != JF(b)) return; if (!SET_MEMBER((*diffp)->dom, b->id)) return; if ((*diffp)->val[A_ATOM] != val) break; diffp = &JT(*diffp); at_top = 0; } samep = &JT(*diffp); while (1) { if (*samep == 0) return; if (JF(*samep) != JF(b)) return; if (!SET_MEMBER((*samep)->dom, b->id)) return; if ((*samep)->val[A_ATOM] == val) break; /* XXX Need to check that there are no data dependencies between diffp and samep. Currently, the code generator will not produce such dependencies. */ samep = &JT(*samep); } #ifdef notdef /* XXX This doesn't cover everything. */ for (i = 0; i < N_ATOMS; ++i) if ((*samep)->val[i] != pred->val[i]) return; #endif /* Pull up the node. */ pull = *samep; *samep = JT(pull); JT(pull) = *diffp; /* * At the top of the chain, each predecessor needs to point at the * pulled up node. Inside the chain, there is only one predecessor * to worry about. */ if (at_top) { for (ep = b->in_edges; ep != 0; ep = ep->next) { if (JT(ep->pred) == b) JT(ep->pred) = pull; else JF(ep->pred) = pull; } } else *diffp = pull; done = 0; } static void opt_blks(root, do_stmts) struct block *root; int do_stmts; { int i, maxlevel; struct block *p; init_val(); maxlevel = root->level; for (i = maxlevel; i >= 0; --i) for (p = levels[i]; p; p = p->link) opt_blk(p, do_stmts); if (do_stmts) /* * No point trying to move branches; it can't possibly * make a difference at this point. */ return; for (i = 1; i <= maxlevel; ++i) { for (p = levels[i]; p; p = p->link) { opt_j(&p->et); opt_j(&p->ef); } } for (i = 1; i <= maxlevel; ++i) { for (p = levels[i]; p; p = p->link) { or_pullup(p); and_pullup(p); } } } static inline void link_inedge(parent, child) struct edge *parent; struct block *child; { parent->next = child->in_edges; child->in_edges = parent; } static void find_inedges(root) struct block *root; { int i; struct block *b; for (i = 0; i < n_blocks; ++i) blocks[i]->in_edges = 0; /* * Traverse the graph, adding each edge to the predecessor * list of its successors. Skip the leaves (i.e. level 0). */ for (i = root->level; i > 0; --i) { for (b = levels[i]; b != 0; b = b->link) { link_inedge(&b->et, JT(b)); link_inedge(&b->ef, JF(b)); } } } static void opt_root(b) struct block **b; { struct slist *tmp, *s; s = (*b)->stmts; (*b)->stmts = 0; while (BPF_CLASS((*b)->s.code) == BPF_JMP && JT(*b) == JF(*b)) *b = JT(*b); tmp = (*b)->stmts; if (tmp != 0) Argussappend(s, tmp); (*b)->stmts = s; } static void opt_loop(root, do_stmts) struct block *root; int do_stmts; { #ifdef BDEBUG if (dflag > 1) opt_dump(root); #endif do { done = 1; find_levels(root); find_dom(root); find_closure(root); find_inedges(root); find_ud(root); find_edom(root); opt_blks(root, do_stmts); #ifdef BDEBUG if (dflag > 1) opt_dump(root); #endif } while (!done); } /* * Optimize the filter code in its dag representation. */ void Argusbpf_optimize(rootp) struct block **rootp; { struct block *root; root = *rootp; opt_init(root); opt_loop(root, 0); opt_loop(root, 1); intern_blocks(root); opt_root(rootp); opt_cleanup(); } static void make_marks(p) struct block *p; { if (!isMarked(p)) { Mark(p); if (BPF_CLASS(p->s.code) != BPF_RET) { make_marks(JT(p)); make_marks(JF(p)); } } } /* * Mark code array such that isMarked(i) is true * only for nodes that are alive. */ static void mark_code(p) struct block *p; { cur_mark += 1; make_marks(p); } /* * True iff the two stmt lists load the same value from the packet into * the accumulator. */ static int eq_slist(x, y) struct slist *x, *y; { while (1) { while (x && x->s.code == NOP) x = x->next; while (y && y->s.code == NOP) y = y->next; if (x == 0) return y == 0; if (y == 0) return x == 0; if (x->s.code != y->s.code || x->s.k != y->s.k) return 0; x = x->next; y = y->next; } } static inline int eq_blk(b0, b1) struct block *b0, *b1; { if (b0->s.code == b1->s.code && b0->s.k == b1->s.k && b0->et.succ == b1->et.succ && b0->ef.succ == b1->ef.succ) return eq_slist(b0->stmts, b1->stmts); return 0; } static void intern_blocks(root) struct block *root; { struct block *p; int i, j; int done; top: done = 1; for (i = 0; i < n_blocks; ++i) blocks[i]->link = 0; mark_code(root); for (i = n_blocks - 1; --i >= 0; ) { if (!isMarked(blocks[i])) continue; for (j = i + 1; j < n_blocks; ++j) { if (!isMarked(blocks[j])) continue; if (eq_blk(blocks[i], blocks[j])) { blocks[i]->link = blocks[j]->link ? blocks[j]->link : blocks[j]; break; } } } for (i = 0; i < n_blocks; ++i) { p = blocks[i]; if (JT(p) == 0) continue; if (JT(p)->link) { done = 0; JT(p) = JT(p)->link; } if (JF(p)->link) { done = 0; JF(p) = JF(p)->link; } } if (!done) goto top; } static void opt_cleanup() { free((void *)vnode_base); free((void *)vmap); free((void *)edges); free((void *)space); free((void *)levels); free((void *)blocks); } /* * Return the number of stmts in 's'. */ static int slength(s) struct slist *s; { int n = 0; for (; s; s = s->next) if (s->s.code != NOP) ++n; return n; } /* * Return the number of nodes reachable by 'p'. * All nodes should be initially unmarked. */ static int count_blocks(p) struct block *p; { if (p == 0 || isMarked(p)) return 0; Mark(p); return count_blocks(JT(p)) + count_blocks(JF(p)) + 1; } /* * Do a depth first search on the flow graph, numbering the * the basic blocks, and entering them into the 'blocks' array.` */ static void number_blks_r(p) struct block *p; { int n; if (p == 0 || isMarked(p)) return; Mark(p); n = n_blocks++; p->id = n; blocks[n] = p; number_blks_r(JT(p)); number_blks_r(JF(p)); } /* * Return the number of stmts in the flowgraph reachable by 'p'. * The nodes should be unmarked before calling. */ static int count_stmts(p) struct block *p; { int n; if (p == 0 || isMarked(p)) return 0; Mark(p); n = count_stmts(JT(p)) + count_stmts(JF(p)); return slength(p->stmts) + n + 1; } /* * Allocate memory. All allocation is done before optimization * is begun. A linear bound on the size of all data structures is computed * from the total number of blocks and/or statements. */ static void opt_init(root) struct block *root; { unsigned int *p; int i, n, max_stmts; /* * First, count the blocks, so we can malloc an array to map * block number to block. Then, put the blocks into the array. */ unMarkAll(); n = count_blocks(root); blocks = (struct block **)malloc(n * sizeof(*blocks)); unMarkAll(); n_blocks = 0; number_blks_r(root); n_edges = 2 * n_blocks; edges = (struct edge **)malloc(n_edges * sizeof(*edges)); /* * The number of levels is bounded by the number of nodes. */ levels = (struct block **)malloc(n_blocks * sizeof(*levels)); edgewords = n_edges / (8 * sizeof(unsigned int)) + 1; nodewords = n_blocks / (8 * sizeof(unsigned int)) + 1; /* XXX */ space = (unsigned int *)malloc(2 * n_blocks * nodewords * sizeof(*space) + n_edges * edgewords * sizeof(*space)); p = space; all_dom_sets = p; for (i = 0; i < n; ++i) { blocks[i]->dom = p; p += nodewords; } all_closure_sets = p; for (i = 0; i < n; ++i) { blocks[i]->closure = p; p += nodewords; } all_edge_sets = p; for (i = 0; i < n; ++i) { register struct block *b = blocks[i]; b->et.edom = p; p += edgewords; b->ef.edom = p; p += edgewords; b->et.id = i; edges[i] = &b->et; b->ef.id = n_blocks + i; edges[n_blocks + i] = &b->ef; b->et.pred = b; b->ef.pred = b; } max_stmts = 0; for (i = 0; i < n; ++i) max_stmts += slength(blocks[i]->stmts) + 1; /* * We allocate at most 3 value numbers per statement, * so this is an upper bound on the number of valnodes * we'll need. */ maxval = 3 * max_stmts; vmap = (struct vmapinfo *)malloc(maxval * sizeof(*vmap)); vnode_base = (struct valnode *)malloc(maxval * sizeof(*vmap)); } /* * Some pointers used to convert the basic block form of the code, * into the array form that BPF requires. 'fstart' will point to * the malloc'd array while 'ftail' is used during the recursive traversal. */ static struct bpf_insn *fstart; static struct bpf_insn *ftail; extern void ArgusLog (int, char *, ...); #ifdef BDEBUG int bids[1000]; #endif static int convert_code_r(p) struct block *p; { struct bpf_insn *dst; struct slist *src; int slen; u_int off; int extrajmps; /* number of extra jumps inserted */ struct slist **offset = NULL; if (p == 0 || isMarked(p)) return (1); Mark(p); if (convert_code_r(JF(p)) == 0) return (0); if (convert_code_r(JT(p)) == 0) return (0); slen = slength(p->stmts); dst = ftail -= (slen + 1 + p->longjt + p->longjf); /* inflate length by any extra jumps */ p->offset = dst - fstart; /* generate offset[] for convenience */ if (slen) { offset = (struct slist **)calloc(sizeof(struct slist *), slen); if (!offset) { ArgusLog (LOG_ERR, "not enough core"); /*NOTREACHED*/ } } src = p->stmts; for (off = 0; off < slen && src; off++) { #if 0 printf("off=%d src=%x\n", off, src); #endif offset[off] = src; src = src->next; } off = 0; for (src = p->stmts; src; src = src->next) { if (src->s.code == NOP) continue; dst->code = (u_short)src->s.code; dst->k = src->s.k; /* fill block-local relative jump */ if ((BPF_CLASS(src->s.code) != BPF_JMP) || (src->s.code == (BPF_JMP|BPF_JA))) { #if 0 if (src->s.jt || src->s.jf) { ArgusLog (LOG_ERR, "illegal jmp destination"); /*NOTREACHED*/ } #endif goto filled; } if (off == slen - 2) /*???*/ goto filled; { int i; int jt, jf; char *ljerr = "%s for block-local relative jump: off=%d"; #if 0 printf("code=%x off=%d %x %x\n", src->s.code, off, src->s.jt, src->s.jf); #endif if (!src->s.jt || !src->s.jf) { ArgusLog (LOG_ERR, ljerr, "no jmp destination", off); /*NOTREACHED*/ } jt = jf = 0; for (i = 0; i < slen; i++) { if (offset[i] == src->s.jt) { if (jt) { ArgusLog (LOG_ERR, ljerr, "multiple matches", off); /*NOTREACHED*/ } dst->jt = i - off - 1; jt++; } if (offset[i] == src->s.jf) { if (jf) { ArgusLog (LOG_ERR, ljerr, "multiple matches", off); /*NOTREACHED*/ } dst->jf = i - off - 1; jf++; } } if (!jt || !jf) { ArgusLog (LOG_ERR, ljerr, "no destination found", off); /*NOTREACHED*/ } } filled: ++dst; ++off; } if (offset) free(offset); #ifdef BDEBUG bids[dst - fstart] = p->id + 1; #endif dst->code = (u_short)p->s.code; dst->k = p->s.k; if (JT(p)) { extrajmps = 0; off = JT(p)->offset - (p->offset + slen) - 1; if (off >= 256) { /* offset too large for branch, must add a jump */ if (p->longjt == 0) { /* mark this instruction and retry */ p->longjt++; return(0); } /* branch if T to following jump */ dst->jt = extrajmps; extrajmps++; dst[extrajmps].code = BPF_JMP|BPF_JA; dst[extrajmps].k = off - extrajmps; } else dst->jt = off; off = JF(p)->offset - (p->offset + slen) - 1; if (off >= 256) { /* offset too large for branch, must add a jump */ if (p->longjf == 0) { /* mark this instruction and retry */ p->longjf++; return(0); } /* branch if F to following jump */ /* if two jumps are inserted, F goes to second one */ dst->jf = extrajmps; extrajmps++; dst[extrajmps].code = BPF_JMP|BPF_JA; dst[extrajmps].k = off - extrajmps; } else dst->jf = off; } return (1); } /* * Convert flowgraph intermediate representation to the * BPF array representation. Set *lenp to the number of instructions. */ struct bpf_insn * Argusicode_to_fcode(root, lenp) struct block *root; int *lenp; { int n; struct bpf_insn *fp; /* * Loop doing convert_codr_r() until no branches remain * with too-large offsets. */ while (1) { unMarkAll(); n = *lenp = count_stmts(root); fp = (struct bpf_insn *)malloc(sizeof(*fp) * n); memset((char *)fp, 0, sizeof(*fp) * n); fstart = fp; ftail = fp + n; unMarkAll(); if (convert_code_r(root)) break; free(fp); } return fp; } #ifdef BDEBUG opt_dump(root) struct block *root; { struct bpf_program f; memset(bids, 0, sizeof bids); f.bf_insns = Argusicode_to_fcode(root, &f.bf_len); bpf_dump(&f, 1); putchar('\n'); free((char *)f.bf_insns); } #endif /* * Copyright (c) 1990, 1991, 1992, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ static char *Argusbpf_image(struct bpf_insn *, int); static char * Argusbpf_image(p, n) struct bpf_insn *p; int n; { int v; char *fmt, *op; static char image[256]; char operand[64]; v = p->k; switch (p->code) { default: op = "unimp"; fmt = "0x%x"; v = p->code; break; case BPF_RET|BPF_K: op = "ret"; fmt = "#%d"; break; case BPF_RET|BPF_A: op = "ret"; fmt = ""; break; case BPF_LD|BPF_W|BPF_ABS: op = "ld"; fmt = "[%d]"; break; case BPF_LD|BPF_H|BPF_ABS: op = "ldh"; fmt = "[%d]"; break; case BPF_LD|BPF_B|BPF_ABS: op = "ldb"; fmt = "[%d]"; break; case BPF_LD|BPF_W|BPF_LEN: op = "ld"; fmt = "#pktlen"; break; case BPF_LD|BPF_W|BPF_IND: op = "ld"; fmt = "[x + %d]"; break; case BPF_LD|BPF_H|BPF_IND: op = "ldh"; fmt = "[x + %d]"; break; case BPF_LD|BPF_B|BPF_IND: op = "ldb"; fmt = "[x + %d]"; break; case BPF_LD|BPF_IMM: op = "ld"; fmt = "#0x%x"; break; case BPF_LDX|BPF_IMM: op = "ldx"; fmt = "#0x%x"; break; case BPF_LDX|BPF_MSH|BPF_B: op = "ldxb"; fmt = "4*([%d]&0xf)"; break; case BPF_LD|BPF_MEM: op = "ld"; fmt = "M[%d]"; break; case BPF_LDX|BPF_MEM: op = "ldx"; fmt = "M[%d]"; break; case BPF_ST: op = "st"; fmt = "M[%d]"; break; case BPF_STX: op = "stx"; fmt = "M[%d]"; break; case BPF_JMP|BPF_JA: op = "ja"; fmt = "%d"; v = n + p->k; break; case BPF_JMP|BPF_JGT|BPF_K: op = "jgt"; fmt = "#0x%x"; break; case BPF_JMP|BPF_JGE|BPF_K: op = "jge"; fmt = "#0x%x"; break; case BPF_JMP|BPF_JEQ|BPF_K: op = "jeq"; fmt = "#0x%x"; break; case BPF_JMP|BPF_JSET|BPF_K: op = "jset"; fmt = "#0x%x"; break; case BPF_JMP|BPF_JGT|BPF_X: op = "jgt"; fmt = "x"; break; case BPF_JMP|BPF_JGE|BPF_X: op = "jge"; fmt = "x"; break; case BPF_JMP|BPF_JEQ|BPF_X: op = "jeq"; fmt = "x"; break; case BPF_JMP|BPF_JSET|BPF_X: op = "jset"; fmt = "x"; break; case BPF_ALU|BPF_ADD|BPF_X: op = "add"; fmt = "x"; break; case BPF_ALU|BPF_SUB|BPF_X: op = "sub"; fmt = "x"; break; case BPF_ALU|BPF_MUL|BPF_X: op = "mul"; fmt = "x"; break; case BPF_ALU|BPF_DIV|BPF_X: op = "div"; fmt = "x"; break; case BPF_ALU|BPF_AND|BPF_X: op = "and"; fmt = "x"; break; case BPF_ALU|BPF_OR|BPF_X: op = "or"; fmt = "x"; break; case BPF_ALU|BPF_LSH|BPF_X: op = "lsh"; fmt = "x"; break; case BPF_ALU|BPF_RSH|BPF_X: op = "rsh"; fmt = "x"; break; case BPF_ALU|BPF_ADD|BPF_K: op = "add"; fmt = "#%d"; break; case BPF_ALU|BPF_SUB|BPF_K: op = "sub"; fmt = "#%d"; break; case BPF_ALU|BPF_MUL|BPF_K: op = "mul"; fmt = "#%d"; break; case BPF_ALU|BPF_DIV|BPF_K: op = "div"; fmt = "#%d"; break; case BPF_ALU|BPF_AND|BPF_K: op = "and"; fmt = "#%d"; break; case BPF_ALU|BPF_OR|BPF_K: op = "or"; fmt = "#%d"; break; case BPF_ALU|BPF_LSH|BPF_K: op = "lsh"; fmt = "#%d"; break; case BPF_ALU|BPF_RSH|BPF_K: op = "rsh"; fmt = "#%d"; break; case BPF_ALU|BPF_NEG: op = "neg"; fmt = ""; break; case BPF_MISC|BPF_TAX: op = "tax"; fmt = ""; break; case BPF_MISC|BPF_TXA: op = "txa"; fmt = ""; break; } (void)sprintf(operand, fmt, v); (void)sprintf(image, (BPF_CLASS(p->code) == BPF_JMP && BPF_OP(p->code) != BPF_JA) ? "(%03d) %-8s %-16s jt %d\tjf %d" : "(%03d) %-8s %s", n, op, operand, n + 1 + p->jt, n + 1 + p->jf); return image; } /* * Convert string to integer. Just like atoi(), but checks for * preceding 0x or 0 and uses hex or octal instead of decimal. */ int stoi(s) char *s; { int base = 10; int n = 0; if (*s == '0') { if (s[1] == 'x' || s[1] == 'X') { s += 2; base = 16; } else { base = 8; s += 1; } } while (*s) n = n * base + xdtoi(*s++); return n; } #ifdef NOVFPRINTF /* * Stock 4.3 doesn't have vfprintf. * This routine is due to Chris Torek. */ vfprintf(f, fmt, args) FILE *f; char *fmt; va_list args; { int ret; if ((f->_flag & _IOWRT) == 0) { if (f->_flag & _IORW) f->_flag |= _IOWRT; else return EOF; } ret = _doprnt(fmt, args, f); return ferror(f) ? EOF : ret; } #endif /* VARARGS */ /* VARARGS */ void #if defined(__STDC__) error(const char *fmt, ...) #else error(fmt, va_alist) const char *fmt; va_dcl #endif { va_list ap; #if defined(__STDC__) va_start(ap, fmt); #else va_start(ap); #endif (void)vfprintf(stderr, fmt, ap); va_end(ap); if (*fmt) { fmt += strlen(fmt); if (fmt[-1] != '\n') (void)fputc('\n', stderr); } exit(1); /* NOTREACHED */ } /* A replacement for strdup() that cuts down on malloc() overhead */ char * savestr(const char *str) { u_int size; char *p; static char *strptr = NULL; static u_int strsize = 0; size = strlen(str) + 1; if (size > strsize) { strsize = 1024; if (strsize < size) strsize = size; strptr = (char *) malloc(strsize); if (strptr == NULL) error("savestr: malloc"); } (void)strcpy(strptr, str); p = strptr; strptr += size; strsize -= size; return (p); } /* * Copy arg vector into a new argus_strbuffer, concatenating arguments with spaces. */ char * copy_argv(argv) char **argv; { char **p; int len = 0; char *argus_strbuf; char *src, *dst; p = argv; if (*p == 0) return 0; while (*p) len += strlen(*p++) + 1; argus_strbuf = (char *) malloc (len); p = argv; dst = argus_strbuf; while ((src = *p++) != NULL) { while ((*dst++ = *src++) != '\0') ; dst[-1] = ' '; } dst[-1] = '\0'; return argus_strbuf; } char * read_infile(char *fname) { struct stat argus_strbuf; int fd; char *p; fd = open(fname, O_RDONLY); if (fd < 0) error("can't open '%s'", fname); if (fstat(fd, &argus_strbuf) < 0) error("can't state '%s'", fname); p = (char *) calloc(1, (unsigned)argus_strbuf.st_size + 1); if (read(fd, p, (int)argus_strbuf.st_size) != argus_strbuf.st_size) error("problem reading '%s'", fname); return p; } /* * Left justify 'addr' and return its resulting network mask. unsigned int net_mask(addr) unsigned int *addr; { unsigned int m = 0xffffffff; if (*addr) while ((*addr & 0xff000000) == 0) *addr <<= 8, m <<= 8; return m; } */ unsigned int ipaddrtonetmask(addr) unsigned int addr; { if (IN_CLASSA (addr)) return IN_CLASSA_NET; if (IN_CLASSB (addr)) return IN_CLASSB_NET; if (IN_CLASSC (addr)) return IN_CLASSC_NET; else return 0; } unsigned int getnetnumber(addr) unsigned int addr; { if (IN_CLASSA (addr)) return (addr >> 24 ); if (IN_CLASSB (addr)) return (addr >> 16 ); if (IN_CLASSC (addr)) return (addr >> 8 ); else return 0; } /* * Copyright (c) 1992, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #include #include extern void bpf_dump(struct bpf_program *, int); void bpf_dump(struct bpf_program *p, int option) { struct bpf_insn *insn; int i; int n = p->bf_len; insn = p->bf_insns; if (option > 2) { printf("%d\n", n); for (i = 0; i < n; ++insn, ++i) { printf("%lu %lu %lu %lu\n", (long)insn->code, (long)insn->jt, (long)insn->jf, (long)insn->k); } return ; } if (option > 1) { for (i = 0; i < n; ++insn, ++i) printf("{ 0x%x, %d, %d, 0x%08x },\n", insn->code, insn->jt, insn->jf, insn->k); return; } for (i = 0; i < n; ++insn, ++i) { #ifdef BDEBUG extern int bids[]; printf(bids[i] > 0 ? "[%02d]" : " -- ", bids[i] - 1); #endif puts(Argusbpf_image(insn, i)); } } /* * Copyright (c) 1990, 1991, 1992, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Internet, ethernet, port, and protocol string to address * and address to string conversion routines */ #ifndef ArgusAddrtoName #define ArgusAddrtoName #endif #include #include #include #include #include #include #include static SIGRET nohostname(int); #ifdef ETHER_SERVICE struct ether_addr; #if defined(HAVE_SOLARIS) #include #include #include extern int ether_ntohost(char *, struct ether_addr *); extern int ether_hostton(char *, struct ether_addr *); #endif #if !defined(HAVE_ETHER_HOSTTON) && !defined(linux) && !defined(CYGWIN) && !defined(__NetBSD__) extern int ether_ntohost(char *, struct ether_addr *); extern int ether_hostton(char *, struct ether_addr *); #endif #endif /* * hash tables for whatever-to-name translations */ #define HASHNAMESIZE 4096 struct hnamemem { unsigned int addr; char *name; struct hnamemem *nxt; }; struct hnamemem hnametable[HASHNAMESIZE]; struct hnamemem tporttable[HASHNAMESIZE]; struct hnamemem uporttable[HASHNAMESIZE]; struct hnamemem eprototable[HASHNAMESIZE]; struct hnamemem nnametable[HASHNAMESIZE]; struct hnamemem llcsaptable[HASHNAMESIZE]; struct enamemem { u_short e_addr0; u_short e_addr1; u_short e_addr2; char *e_name; u_char *e_nsap; /* used only for nsaptable[] */ struct enamemem *e_nxt; }; struct enamemem enametable[HASHNAMESIZE]; struct enamemem nsaptable[HASHNAMESIZE]; struct protoidmem { unsigned int p_oui; arg_uint16 p_proto; char *p_name; struct protoidmem *p_nxt; }; struct protoidmem protoidtable[HASHNAMESIZE]; /* * A faster replacement for inet_ntoa(). */ char * intoa(unsigned int addr) { char *cp; u_int byte; int n; static char buf[sizeof(".xxx.xxx.xxx.xxx")]; addr = ntohl(addr); cp = &buf[sizeof buf]; *--cp = '\0'; n = 4; do { byte = addr & 0xff; *--cp = byte % 10 + '0'; byte /= 10; if (byte > 0) { *--cp = byte % 10 + '0'; byte /= 10; if (byte > 0) *--cp = byte + '0'; } *--cp = '.'; addr >>= 8; } while (--n > 0); return cp + 1; } static unsigned int f_netmask; static unsigned int f_localnet; static unsigned int netmask; /* * "getname" is written in this atrocious way to make sure we don't * wait forever while trying to get hostnames from yp. */ #include jmp_buf getname_env; static SIGRET nohostname(int signo) { longjmp(getname_env, 1); } /* * Return a name for the IP address pointed to by ap. This address * is assumed to be in network byte order. */ char * getname(u_char *ap) { struct hostent *hp; char *cp; unsigned int addr; static struct hnamemem *p; /* static for longjmp() */ #ifndef TCPDUMP_ALIGN addr = *(const unsigned int *)ap; #else /* * Deal with alignment. */ switch ((int)ap & 3) { case 0: addr = *(unsigned int *)ap; break; case 2: #if BYTES_BIG_ENDIAN == FALSE addr = ((unsigned int)*(u_short *)(ap + 2) << 16) | (unsigned int)*(u_short *)ap; #else addr = ((unsigned int)*(u_short *)ap << 16) | (unsigned int)*(u_short *)(ap + 2); #endif break; default: #if BYTES_BIG_ENDIAN == FALSE addr = ((unsigned int)ap[0] << 24) | ((unsigned int)ap[1] << 16) | ((unsigned int)ap[2] << 8) | (unsigned int)ap[3]; #else addr = ((unsigned int)ap[3] << 24) | ((unsigned int)ap[2] << 16) | ((unsigned int)ap[1] << 8) | (unsigned int)ap[0]; #endif break; } #endif p = &hnametable[addr & (HASHNAMESIZE-1)]; for (; p->nxt; p = p->nxt) { if (p->addr == addr) return (p->name); } p->addr = addr; p->nxt = (struct hnamemem *)calloc(1, sizeof (*p)); /* * Only print names when: * (1) -n was not given. * (2) Address is foreign and -f was given. If -f was not * present, f_netmask and f_local are 0 and the second * test will succeed. * (3) The host portion is not 0 (i.e., a network address). * (4) The host portion is not broadcast. */ if (!(nflag)) if ((addr & f_netmask) == f_localnet) if ((addr &~ netmask) != 0) if ((addr | netmask) != 0xffffffff) if (!setjmp(getname_env)) { (void)signal(SIGALRM, nohostname); (void)alarm(20); addr = ntohl(addr); hp = gethostbyaddr((char *)&addr, 4, AF_INET); addr = htonl(addr); (void)alarm(0); if (hp) { char *dotp; p->name = savestr(hp->h_name); if (Dflag) { /* Remove domain qualifications */ dotp = strchr(p->name, '.'); if (dotp) *dotp = 0; } return (p->name); } } #if BYTES_BIG_ENDIAN == FALSE addr = ((unsigned int)ap[0] << 24) | ((unsigned int)ap[1] << 16) | ((unsigned int)ap[2] << 8) | (unsigned int)ap[3]; #endif cp = intoa(addr); p->name = savestr(cp); return (p->name); } static char hex[] = "0123456789abcdef"; /* Find the hash node that corresponds the ether address 'ep'. */ static inline struct enamemem * lookup_emem(const u_char *ep) { u_int i, j, k; struct enamemem *tp; k = (ep[0] << 8) | ep[1]; j = (ep[2] << 8) | ep[3]; i = (ep[4] << 8) | ep[5]; tp = &enametable[(i ^ j) & (HASHNAMESIZE-1)]; while (tp->e_nxt) if (tp->e_addr0 == i && tp->e_addr1 == j && tp->e_addr2 == k) return tp; else tp = tp->e_nxt; tp->e_addr0 = i; tp->e_addr1 = j; tp->e_addr2 = k; tp->e_nxt = (struct enamemem *)calloc(1, sizeof(*tp)); return tp; } /* Find the hash node that corresponds the NSAP 'nsap'. */ static inline struct enamemem * lookup_nsap(const u_char *nsap) { u_int i, j, k; int nlen = *nsap; struct enamemem *tp; const u_char *ensap = nsap + nlen - 6; if (nlen > 6) { k = (ensap[0] << 8) | ensap[1]; j = (ensap[2] << 8) | ensap[3]; i = (ensap[4] << 8) | ensap[5]; } else i = j = k = 0; tp = &nsaptable[(i ^ j) & (HASHNAMESIZE-1)]; while (tp->e_nxt) if (tp->e_addr0 == i && tp->e_addr1 == j && tp->e_addr2 == k && tp->e_nsap[0] == nlen && bcmp((char *)&(nsap[1]), (char *)&(tp->e_nsap[1]), nlen) == 0) return tp; else tp = tp->e_nxt; tp->e_addr0 = i; tp->e_addr1 = j; tp->e_addr2 = k; tp->e_nsap = (u_char *) calloc(1, nlen + 1); bcopy(nsap, tp->e_nsap, nlen + 1); tp->e_nxt = (struct enamemem *)calloc(1, sizeof(*tp)); return tp; } /* Find the hash node that corresponds the protoid 'pi'. */ static inline struct protoidmem * lookup_protoid(const u_char *pi) { u_int i, j; struct protoidmem *tp; /* 5 octets won't be aligned */ i = (((pi[0] << 8) + pi[1]) << 8) + pi[2]; j = (pi[3] << 8) + pi[4]; /* XXX should be endian-insensitive, but do big-endian testing XXX */ tp = &protoidtable[(i ^ j) & (HASHNAMESIZE-1)]; while (tp->p_nxt) if (tp->p_oui == i && tp->p_proto == j) return tp; else tp = tp->p_nxt; tp->p_oui = i; tp->p_proto = j; tp->p_nxt = (struct protoidmem *)calloc(1, sizeof(*tp)); return tp; } char * etheraddr_string(u_char *ep) { u_int i, j; char *cp; struct enamemem *tp; tp = lookup_emem(ep); if (tp->e_name) return (tp->e_name); #if defined(ETHER_SERVICE) && !defined(linux) && !defined(CYGWIN) if (!nflag) { char buf[128]; if (ether_ntohost(buf, (struct ether_addr *)ep) == 0) { tp->e_name = savestr(buf); return (tp->e_name); } } #endif tp->e_name = cp = (char *)malloc(sizeof("00:00:00:00:00:00")); if ((j = *ep >> 4) != 0) *cp++ = hex[j]; *cp++ = hex[*ep++ & 0xf]; for (i = 5; (int)--i >= 0;) { *cp++ = ':'; if ((j = *ep >> 4) != 0) *cp++ = hex[j]; *cp++ = hex[*ep++ & 0xf]; } *cp = '\0'; return (tp->e_name); } #define ARGUS_MAXEPROTODB 0x10000 struct ArgusEtherTypeStruct *argus_eproto_db[ARGUS_MAXEPROTODB]; char * etherproto_string(u_short port) { struct ArgusEtherTypeStruct *p; char *retn = NULL, *cp = NULL; if ((p = argus_eproto_db[port]) != NULL) { retn = p->tag; } else { if ((p = (struct ArgusEtherTypeStruct *) calloc (1, sizeof(*p))) != NULL) { if (nflag < 2) p->tag = "unknown"; else { p->tag = cp = (char *)malloc(sizeof("000000")); sprintf (cp, "%d", port); } p->range = cp; argus_eproto_db[port] = p; retn = p->tag; } } return (retn); } char * protoid_string(const u_char *pi) { u_int i, j; char *cp; struct protoidmem *tp; tp = lookup_protoid(pi); if (tp->p_name) return tp->p_name; tp->p_name = cp = (char *)malloc(sizeof("00:00:00:00:00")); if ((j = *pi >> 4) != 0) *cp++ = hex[j]; *cp++ = hex[*pi++ & 0xf]; for (i = 4; (int)--i >= 0;) { *cp++ = ':'; if ((j = *pi >> 4) != 0) *cp++ = hex[j]; *cp++ = hex[*pi++ & 0xf]; } *cp = '\0'; return (tp->p_name); } char * llcsap_string(u_char sap) { char *cp; struct hnamemem *tp; unsigned int i = sap; for (tp = &llcsaptable[i & (HASHNAMESIZE-1)]; tp->nxt; tp = tp->nxt) if (tp->addr == i) return (tp->name); tp->name = cp = (char *)malloc(sizeof("00000")); tp->addr = i; tp->nxt = (struct hnamemem *)calloc(1, sizeof (*tp)); *cp++ = '0'; *cp++ = 'x'; *cp++ = hex[sap >> 4 & 0xf]; *cp++ = hex[sap & 0xf]; *cp++ = '\0'; return (tp->name); } char * isonsap_string(const u_char *nsap) { u_int i, nlen = nsap[0]; char *cp; struct enamemem *tp; tp = lookup_nsap(nsap); if (tp->e_name) return tp->e_name; tp->e_name = cp = (char *)malloc(nlen * 2 + 2); nsap++; *cp++ = '/'; for (i = nlen; (int)--i >= 0;) { *cp++ = hex[*nsap >> 4]; *cp++ = hex[*nsap++ & 0xf]; } *cp = '\0'; return (tp->e_name); } char * tcpport_string(arg_uint16 port) { struct hnamemem *tp; unsigned int i = port; for (tp = &tporttable[i & (HASHNAMESIZE-1)]; tp->nxt; tp = tp->nxt) if (tp->addr == i) return (tp->name); tp->name = (char *)malloc(sizeof("00000")); tp->addr = i; tp->nxt = (struct hnamemem *)calloc(1, sizeof (*tp)); (void)sprintf(tp->name, "%d", i); return (tp->name); } char * udpport_string(u_short port) { struct hnamemem *tp; unsigned int i = port; if (port) { for (tp = &uporttable[i & (HASHNAMESIZE-1)]; tp->nxt; tp = tp->nxt) if (tp->addr == i) return (tp->name); tp->name = (char *)malloc(sizeof("00000")); tp->addr = i; tp->nxt = (struct hnamemem *)calloc(1, sizeof(*tp)); (void)sprintf(tp->name, "%d", i); return (tp->name); } else return ("*"); } static void init_servarray(void) { #if !defined(CYGWIN) struct servent *sv; struct hnamemem *table; int i; while ((sv = getservent()) != NULL) { int port = ntohs(sv->s_port); i = port & (HASHNAMESIZE-1); if (strcmp(sv->s_proto, "tcp") == 0) table = &tporttable[i]; else if (strcmp(sv->s_proto, "udp") == 0) table = &uporttable[i]; else continue; while (table->name) table = table->nxt; if (nflag > 0) { char buf[32]; (void)sprintf(buf, "%d", port); table->name = savestr(buf); } else table->name = savestr(sv->s_name); table->addr = port; table->nxt = (struct hnamemem *)calloc(1, sizeof(*table)); } endservent(); #endif } static void init_eprotoarray(void) { struct ArgusEtherTypeStruct *p = argus_ethertype_names; bzero ((char *)argus_eproto_db, sizeof (argus_eproto_db)); while (p->range != NULL) { int i, start, end; char *ptr; start = atoi(p->range); if ((ptr = strchr(p->range, '-')) != NULL) end = atoi(ptr + 1); else end = start; for (i = start; i < (end + 1); i++) argus_eproto_db[i] = p; p++; } } /* * SNAP proto IDs with org code 0:0:0 are actually encapsulated Ethernet * types. */ static void init_protoidarray(void) { struct ArgusEtherTypeStruct *p; int i; struct protoidmem *tp; u_char protoid[5]; protoid[0] = 0; protoid[1] = 0; protoid[2] = 0; for (i = 0; i < ARGUS_MAXEPROTODB; i++) { if ((p = argus_eproto_db[i]) != NULL) { protoid[3] = i; tp = lookup_protoid(protoid); tp->p_name = p->tag; } } } static struct etherlist { u_char addr[6]; char *name; } etherlist[] = { {{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, "Broadcast" }, {{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, NULL } }; /* * Initialize the ethers hash table. We take two different approaches * depending on whether or not the system provides the ethers name * service. If it does, we just wire in a few names at startup, * and etheraddr_string() fills in the table on demand. If it doesn't, * then we suck in the entire /etc/ethers file at startup. The idea * is that parsing the local file will be fast, but spinning through * all the ethers entries via NIS & next_etherent might be very slow. * * XXX argus_next_etherent doesn't belong in the pcap interface, but * since the pcap module already does name-to-address translation, * it's already does most of the work for the ethernet address-to-name * translation, so we just argus_next_etherent as a convenience. */ static void init_etherarray(void) { struct etherlist *el; struct enamemem *tp; #ifndef ETHER_SERVICE struct argus_etherent *ep; FILE *fp; /* Suck in entire ethers file */ fp = fopen(PCAP_ETHERS_FILE, "r"); if (fp != NULL) { while ((ep = argus_next_etherent(fp)) != NULL) { tp = lookup_emem(ep->addr); tp->e_name = savestr(ep->name); } (void)fclose(fp); } #endif /* Hardwire some ethernet names */ for (el = etherlist; el->name != NULL; ++el) { #if defined(ETHER_SERVICE) && !defined(linux) && !defined(CYGWIN) /* Use yp/nis version of name if available */ char wrk[256]; if (ether_ntohost(wrk, (struct ether_addr *)el->addr) == 0) { tp = lookup_emem(el->addr); tp->e_name = savestr(wrk); } #else /* install if not already present */ tp = lookup_emem(el->addr); if (tp->e_name == NULL) tp->e_name = el->name; #endif } } static struct ArgusTokenStruct llcsap_db[] = { { LLCSAP_NULL, "null" }, { LLCSAP_8021B_I, "gsap" }, { LLCSAP_8021B_G, "isap" }, { LLCSAP_SNAPATH, "snapath" }, { LLCSAP_IP, "ipsap" }, { LLCSAP_SNA1, "sna1" }, { LLCSAP_SNA2, "sna2" }, { LLCSAP_PROWAYNM, "p-nm" }, { LLCSAP_TI, "ti" }, { LLCSAP_BPDU, "stp" }, { LLCSAP_RS511, "eia" }, { LLCSAP_ISO8208, "x25" }, { LLCSAP_XNS, "xns" }, { LLCSAP_NESTAR, "nestar" }, { LLCSAP_PROWAYASLM, "p-aslm" }, { LLCSAP_ARP, "arp" }, { LLCSAP_SNAP, "snap" }, { LLCSAP_VINES1, "vine1" }, { LLCSAP_VINES2, "vine2" }, { LLCSAP_NETWARE, "netware" }, { LLCSAP_NETBIOS, "netbios" }, { LLCSAP_IBMNM, "ibmnm" }, { LLCSAP_RPL1, "rpl1" }, { LLCSAP_UB, "ub" }, { LLCSAP_RPL2, "rpl2" }, { LLCSAP_ISONS, "clns" }, { LLCSAP_GLOBAL, "gbl" }, { 0, NULL } }; static void init_llcsaparray(void) { int i; struct hnamemem *table; for (i = 0; llcsap_db[i].s != NULL; i++) { table = &llcsaptable[llcsap_db[i].v]; while (table->name) table = table->nxt; table->name = llcsap_db[i].s; table->addr = llcsap_db[i].v; table->nxt = (struct hnamemem *)calloc(1, sizeof(*table)); } } /* * Initialize the address to name translation machinery. We map all * non-local IP addresses to numeric addresses if fflag is true (i.e., * to prevent blocking on the nameserver). localnet is the IP address * of the local network. mask is its subnet mask. */ void init_addrtoname(int fflag, unsigned int localnet, unsigned int mask) { netmask = mask; if (fflag) { f_localnet = localnet; f_netmask = mask; } if (nflag > 1) /* * Simplest way to suppress names. */ return; init_etherarray(); init_servarray(); init_eprotoarray(); init_llcsaparray(); init_protoidarray(); } /* * Copyright (c) 1990, 1991, 1992, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Name to id translation routines used by the scanner. * These functions are not time critical. */ #include #ifndef __GNUC__ #define inline #endif #ifndef NTOHL #define NTOHL(x) (x) = ntohl(x) #define NTOHS(x) (x) = ntohs(x) #endif static unsigned int argus_haddr = 0; static unsigned int *argus_hlist[2]; unsigned int ** argus_nametoaddr(char *name) { unsigned int **p; struct hostent *hp; bzero ((char *) argus_hlist, sizeof(argus_hlist)); if (!(strncmp(name, "0.0.0.0", 7))) { argus_haddr = 0; argus_hlist[0] = &argus_haddr; return argus_hlist; } else { if ((hp = gethostbyname(name)) != NULL) { #ifndef h_addr argus_hlist[0] = (unsigned int *)hp->h_addr; NTOHL(hp->h_addr); return argus_hlist; #else for (p = (unsigned int **)hp->h_addr_list; *p; ++p) NTOHL(**p); return (unsigned int **)hp->h_addr_list; #endif } } return 0; } /* * Convert net name to internet address. * Return 0 upon failure. */ unsigned int argus_nametonetaddr(char *name) { #if !defined(CYGWIN) struct netent *np; if ((np = getnetbyname(name)) != NULL) return np->n_net; else #endif return 0; } /* * Convert a port name to its port and protocol numbers. * We assume only TCP or UDP. * Return 0 upon failure. */ int argus_nametoport(char *name, int *port, int *proto) { struct servent *sp; char *other; sp = getservbyname(name, (char *)0); if (sp != NULL) { NTOHS(sp->s_port); *port = sp->s_port; *proto = argus_nametoproto(sp->s_proto); /* * We need to check /etc/services for ambiguous entries. * If we find the ambiguous entry, and it has the * same port number, change the proto to PROTO_UNDEF * so both TCP and UDP will be checked. */ if (*proto == IPPROTO_TCP) other = "udp"; else other = "tcp"; sp = getservbyname(name, other); if (sp != 0) { NTOHS(sp->s_port); if (*port != sp->s_port) /* Can't handle ambiguous names that refer to different port numbers. */ error("ambiguous port %s in /etc/services", name); *proto = PROTO_UNDEF; } return 1; } #if defined(ultrix) || defined(__osf__) /* Special hack in case NFS isn't in /etc/services */ if (strcmp(name, "nfs") == 0) { *port = 2049; *proto = PROTO_UNDEF; return 1; } #endif return 0; } int argus_nametoproto(char *str) { struct protoent *p; p = getprotobyname(str); if (p != 0) return p->p_proto; else return PROTO_UNDEF; } int argus_nametoeproto(char *s) { struct ArgusEtherTypeStruct *p = argus_ethertype_names; while (p->tag != 0) { if (strcmp(p->tag, s) == 0) { return atoi(p->range); } p += 1; } return PROTO_UNDEF; } unsigned int __argus_atoin(char *s, unsigned int *addr) { u_int n; int len; *addr = 0; len = 0; while (1) { n = 0; while (*s && *s != '.') n = n * 10 + *s++ - '0'; *addr <<= 8; *addr |= n & 0xff; len += 8; if (*s == '\0') return len; ++s; } /* NOTREACHED */ } unsigned int __argus_atodn(char *s) { #define AREASHIFT 10 #define AREAMASK 0176000 #define NODEMASK 01777 unsigned int addr = 0; u_int node, area; if (sscanf((char *)s, "%d.%d", (int *) &area, (int *) &node) != 2) ArgusLog(LOG_ERR, "malformed decnet address '%s'", s); addr = (area << AREASHIFT) & AREAMASK; addr |= (node & NODEMASK); return(addr); } /* * Convert 's' which has the form "xx:xx:xx:xx:xx:xx" into a new * ethernet address. Assumes 's' is well formed. */ u_char * argus_ether_aton(char *s) { register u_char *ep, *e; register u_int d; e = ep = (u_char *)malloc(6); while (*s) { if (*s == ':') s += 1; d = xdtoi(*s++); if (isxdigit((int)*s)) { d <<= 4; d |= xdtoi(*s++); } *ep++ = d; } return (e); } #if !defined(ETHER_SERVICE) || defined(linux) || defined(CYGWIN) /* Roll our own */ u_char * argus_ether_hostton(char *name) { register struct pcap_etherent *ep; register u_char *ap; static FILE *fp = NULL; static int init = 0; if (!init) { fp = fopen(PCAP_ETHERS_FILE, "r"); ++init; if (fp == NULL) return (NULL); } else if (fp == NULL) return (NULL); else rewind(fp); while ((ep = argus_next_etherent(fp)) != NULL) { if (strcmp(ep->name, name) == 0) { ap = (u_char *)malloc(6); if (ap != NULL) { memcpy(ap, ep->addr, 6); return (ap); } break; } } return (NULL); } #else /* Use the os supplied routines */ u_char * argus_ether_hostton(char *name) { register u_char *ap; u_char a[6]; #if !defined(HAVE_ETHER_HOSTTON) && !defined(__NetBSD__) extern int ether_hostton(char *, struct ether_addr *); #endif ap = NULL; if (ether_hostton((char*)name, (struct ether_addr *)a) == 0) { ap = (u_char *)malloc(6); if (ap != NULL) memcpy(ap, a, 6); } return (ap); } #endif u_short __argus_nametodnaddr(char *name) { #ifndef DECNETLIB ArgusLog(LOG_ERR, "decnet name support not included, '%s' cannot be translated\n", name); return(0); #else struct nodeent *getnodebyname(); struct nodeent *nep; unsigned short res; nep = getnodebyname(name); if (nep == ((struct nodeent *)0)) ArgusLog(LOG_ERR, "unknown decnet host name '%s'\n", name); memcpy((char *)&res, (char *)nep->n_addr, sizeof(unsigned short)); return(res); #endif } #include extern char *ArgusProgramName; char ArgusPrintTimeBuf[64]; char * print_time(struct timeval *tvp) { char timeZoneBuf[32]; char *retn = ArgusPrintTimeBuf, *ptr; struct tm *tm; bzero (timeZoneBuf, sizeof(timeZoneBuf)); bzero (ArgusPrintTimeBuf, sizeof(ArgusPrintTimeBuf)); if ((tm = localtime ((time_t *)&tvp->tv_sec)) != NULL) { if (uflag) sprintf (retn, "%9d", (int) tvp->tv_sec); else strftime ((char *) retn, 64, RaTimeFormat, tm); if (pflag) { ptr = &retn[strlen(retn)]; if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) { if (uflag) { sprintf (ptr, ".%06d", (int) tvp->tv_usec); ptr[pflag + 1] = '\0'; } else { sprintf (ptr, "%c0.%06d", RaFieldDelimiter, (int) tvp->tv_usec); ptr[pflag + 3] = '\0'; } } else { sprintf (ptr, ".%06d", (int) tvp->tv_usec); ptr[pflag + 1] = '\0'; } } } else retn = NULL; return (retn); } #ifdef ARGUSDEBUG void ArgusDebug (int d, char *fmt, ...) { char buf[1024], *ptr; struct timeval now; va_list ap; if (d <= Argusdflag) { gettimeofday(&now, 0L); (void) sprintf (buf, "%s[%d]: %s ", ArgusProgramName, (int)getpid(), print_time(&now)); ptr = &buf[strlen(buf)]; va_start (ap, fmt); (void) vsprintf (ptr, fmt, ap); ptr = &buf[strlen(buf)]; va_end (ap); if (*fmt) { fmt += (int) strlen (fmt); if (fmt[-1] != '\n') sprintf (ptr, "\n"); } fprintf (stderr, "%s", buf); } } #endif #if defined(_LITTLE_ENDIAN) #if !defined(ntohll) long long ntohll (long long); long long ntohll (long long data) { long long retn; unsigned char *ptr1, *ptr2; int i, len; ptr1 = (unsigned char *) &data; ptr2 = (unsigned char *) &retn; for (i = 0, len = sizeof(retn); i < len; i++) ptr2[(len - 1) - i] = ptr1[i]; return(retn); } #endif #if !defined(htonll) long long htonll (long long); long long htonll (long long data) { long long retn; unsigned char *ptr1, *ptr2; int i, len; ptr1 = (unsigned char *) &data; ptr2 = (unsigned char *) &retn; for (i = 0, len = sizeof(retn); i < len; i++) ptr2[(len - 1) - i] = ptr1[i]; return(retn); } #endif void ArgusNtoH (struct ArgusRecord *argus) { int farlen = 0; argus->ahdr.length = ntohs(argus->ahdr.length); argus->ahdr.argusid = ntohl(argus->ahdr.argusid); argus->ahdr.seqNumber = ntohl(argus->ahdr.seqNumber); argus->ahdr.status = ntohl(argus->ahdr.status); if (argus->ahdr.type & ARGUS_MAR) { argus->argus_mar.startime.tv_sec = ntohl(argus->argus_mar.startime.tv_sec); argus->argus_mar.startime.tv_usec = ntohl(argus->argus_mar.startime.tv_usec); argus->argus_mar.now.tv_sec = ntohl(argus->argus_mar.now.tv_sec); argus->argus_mar.now.tv_usec = ntohl(argus->argus_mar.now.tv_usec); argus->argus_mar.reportInterval = ntohs(argus->argus_mar.reportInterval); argus->argus_mar.argusMrInterval = ntohs(argus->argus_mar.argusMrInterval); argus->argus_mar.argusid = ntohl(argus->argus_mar.argusid); argus->argus_mar.localnet = ntohl(argus->argus_mar.localnet); argus->argus_mar.netmask = ntohl(argus->argus_mar.netmask); argus->argus_mar.nextMrSequenceNum = ntohl(argus->argus_mar.nextMrSequenceNum); argus->argus_mar.pktsRcvd = ntohll(argus->argus_mar.pktsRcvd); argus->argus_mar.bytesRcvd = ntohll(argus->argus_mar.bytesRcvd); argus->argus_mar.pktsDrop = ntohl(argus->argus_mar.pktsDrop); argus->argus_mar.flows = ntohl(argus->argus_mar.flows); argus->argus_mar.flowsClosed = ntohl(argus->argus_mar.flowsClosed); argus->argus_mar.actIPcons = ntohl( argus->argus_mar.actIPcons); argus->argus_mar.cloIPcons = ntohl( argus->argus_mar.cloIPcons); argus->argus_mar.actICMPcons = ntohl( argus->argus_mar.actICMPcons); argus->argus_mar.cloICMPcons = ntohl( argus->argus_mar.cloICMPcons); argus->argus_mar.actIGMPcons = ntohl( argus->argus_mar.actIGMPcons); argus->argus_mar.cloIGMPcons = ntohl( argus->argus_mar.cloIGMPcons); argus->argus_mar.actFRAGcons = ntohl( argus->argus_mar.actFRAGcons); argus->argus_mar.cloFRAGcons = ntohl( argus->argus_mar.cloFRAGcons); argus->argus_mar.actSECcons = ntohl( argus->argus_mar.actSECcons); argus->argus_mar.cloSECcons = ntohl( argus->argus_mar.cloSECcons); argus->argus_mar.record_len = ntohl(argus->argus_mar.record_len); } else { unsigned int status, length = argus->ahdr.length - sizeof(argus->ahdr); struct ArgusFarHeaderStruct *farhdr = (struct ArgusFarHeaderStruct *) &argus->argus_far; farhdr->status = ntohs(farhdr->status); status = argus->ahdr.status; while (length > 0) { switch (farhdr->type) { case ARGUS_FAR: { struct ArgusFarStruct *far = (struct ArgusFarStruct *) farhdr; far->ArgusTransRefNum = ntohl(far->ArgusTransRefNum); switch (status & (ETHERTYPE_IP|ETHERTYPE_IPV6|ETHERTYPE_ARP)) { case ETHERTYPE_IP: { struct ArgusIPFlow *ipflow = &far->flow.ip_flow; far->attr_ip.soptions = ntohs(far->attr_ip.soptions); far->attr_ip.doptions = ntohs(far->attr_ip.doptions); switch (ipflow->ip_p) { case IPPROTO_UDP: case IPPROTO_TCP: ipflow->ip_src = ntohl(ipflow->ip_src); ipflow->ip_dst = ntohl(ipflow->ip_dst); ipflow->sport = ntohs(ipflow->sport); ipflow->dport = ntohs(ipflow->dport); ipflow->ip_id = ntohs(ipflow->ip_id); break; case IPPROTO_ICMP: { struct ArgusICMPFlow *icmpflow = &far->flow.icmp_flow; icmpflow->ip_src = ntohl(icmpflow->ip_src); icmpflow->ip_dst = ntohl(icmpflow->ip_dst); icmpflow->id = ntohs(icmpflow->id); icmpflow->ip_id = ntohs(icmpflow->ip_id); break; } default: { ipflow->ip_src = ntohl(ipflow->ip_src); ipflow->ip_dst = ntohl(ipflow->ip_dst); break; } } break; } case ETHERTYPE_IPV6: break; case ETHERTYPE_ARP: { struct ArgusArpFlow *arpflow = &far->flow.arp_flow; arpflow->arp_tpa = ntohl(arpflow->arp_tpa); arpflow->arp_spa = ntohl(arpflow->arp_spa); break; } default: break; } far->time.start.tv_sec = ntohl(far->time.start.tv_sec); far->time.start.tv_usec = ntohl(far->time.start.tv_usec); far->time.last.tv_sec = ntohl(far->time.last.tv_sec); far->time.last.tv_usec = ntohl(far->time.last.tv_usec); far->src.count = ntohl(far->src.count); far->src.bytes = ntohl(far->src.bytes); far->src.appbytes = ntohl(far->src.appbytes); far->dst.count = ntohl(far->dst.count); far->dst.bytes = ntohl(far->dst.bytes); far->dst.appbytes = ntohl(far->dst.appbytes); break; } case ARGUS_MAC_DSR: { struct ArgusMacStruct *mac = (struct ArgusMacStruct *) farhdr; mac->status = ntohs(mac->status); break; } case ARGUS_VLAN_DSR: { struct ArgusVlanStruct *vlan = (struct ArgusVlanStruct *) farhdr; if (vlan->length != sizeof (struct ArgusVlanStruct)) /* fix for pre 2.0.1 len problem */ vlan->length = sizeof (struct ArgusVlanStruct); vlan->status = ntohs(vlan->status); vlan->sid = ntohs(vlan->sid); vlan->did = ntohs(vlan->did); break; } case ARGUS_MPLS_DSR: { struct ArgusMplsStruct *mpls = (struct ArgusMplsStruct *) farhdr; mpls->status = ntohs(mpls->status); mpls->slabel = ntohl(mpls->slabel); mpls->dlabel = ntohl(mpls->dlabel); break; } case ARGUS_TCP_DSR: { struct ArgusTCPObject *tcp = (struct ArgusTCPObject *) farhdr; tcp->status = ntohs(tcp->status); tcp->state = ntohl(tcp->state); tcp->synAckuSecs = ntohl(tcp->synAckuSecs); tcp->ackDatauSecs = ntohl(tcp->ackDatauSecs); tcp->options = ntohl(tcp->options); tcp->src.seqbase = ntohl(tcp->src.seqbase); tcp->src.ackbytes = ntohl(tcp->src.ackbytes); tcp->src.rpkts = ntohl(tcp->src.rpkts); tcp->src.win = ntohs(tcp->src.win); tcp->dst.seqbase = ntohl(tcp->dst.seqbase); tcp->dst.ackbytes = ntohl(tcp->dst.ackbytes); tcp->dst.rpkts = ntohl(tcp->dst.rpkts); tcp->dst.win = ntohs(tcp->dst.win); break; } case ARGUS_ICMP_DSR: { struct ArgusICMPObject *icmp = (struct ArgusICMPObject *) farhdr; icmp->status = ntohs(icmp->status); icmp->iseq = ntohs(icmp->iseq); icmp->osrcaddr = ntohl(icmp->osrcaddr); icmp->odstaddr = ntohl(icmp->odstaddr); icmp->isrcaddr = ntohl(icmp->isrcaddr); icmp->idstaddr = ntohl(icmp->idstaddr); icmp->igwaddr = ntohl(icmp->igwaddr); break; } case ARGUS_TIME_DSR: { struct ArgusTimeStruct *time = (void *) farhdr; time->status = ntohs(time->status); time->src.act.n = ntohl(time->src.act.n); time->src.act.min = ntohl(time->src.act.min); time->src.act.mean = ntohl(time->src.act.mean); time->src.act.stdev = ntohl(time->src.act.stdev); time->src.act.max = ntohl(time->src.act.max); time->src.idle.n = ntohl(time->src.idle.n); time->src.idle.min = ntohl(time->src.idle.min); time->src.idle.mean = ntohl(time->src.idle.mean); time->src.idle.stdev = ntohl(time->src.idle.stdev); time->src.idle.max = ntohl(time->src.idle.max); time->dst.act.n = ntohl(time->dst.act.n); time->dst.act.min = ntohl(time->dst.act.min); time->dst.act.mean = ntohl(time->dst.act.mean); time->dst.act.stdev = ntohl(time->dst.act.stdev); time->dst.act.max = ntohl(time->dst.act.max); time->dst.idle.n = ntohl(time->dst.idle.n); time->dst.idle.min = ntohl(time->dst.idle.min); time->dst.idle.mean = ntohl(time->dst.idle.mean); time->dst.idle.stdev = ntohl(time->dst.idle.stdev); time->dst.idle.max = ntohl(time->dst.idle.max); break; } case ARGUS_SRCUSRDATA_DSR: { struct ArgusUserStruct *user = (struct ArgusUserStruct *) farhdr; user->status = ntohs(user->status); break; } case ARGUS_DSTUSRDATA_DSR: { struct ArgusUserStruct *user = (struct ArgusUserStruct *) farhdr; user->status = ntohs(user->status); break; } case ARGUS_ESP_DSR: { struct ArgusESPStruct *esp = (struct ArgusESPStruct *) farhdr; esp->status = ntohs(esp->status); esp->src.spi = ntohl(esp->src.spi); esp->src.lastseq = ntohl(esp->src.lastseq); esp->src.lostseq = ntohl(esp->src.lostseq); esp->dst.spi = ntohl(esp->dst.spi); esp->dst.lastseq = ntohl(esp->dst.lastseq); esp->dst.lostseq = ntohl(esp->dst.lostseq); break; } case ARGUS_AGR_DSR: { struct ArgusAGRStruct *agr = (struct ArgusAGRStruct *) farhdr; agr->status = ntohs(agr->status); agr->count = ntohl(agr->count); agr->laststartime.tv_sec = ntohl(agr->laststartime.tv_sec); agr->laststartime.tv_usec = ntohl(agr->laststartime.tv_usec); agr->lasttime.tv_sec = ntohl(agr->lasttime.tv_sec); agr->lasttime.tv_usec = ntohl(agr->lasttime.tv_usec); agr->act.min = ntohl(agr->act.min); agr->act.mean = ntohl(agr->act.mean); agr->act.stdev = ntohl(agr->act.stdev); agr->act.max = ntohl(agr->act.max); agr->idle.min = ntohl(agr->idle.min); agr->idle.mean = ntohl(agr->idle.mean); agr->idle.stdev = ntohl(agr->idle.stdev); agr->idle.max = ntohl(agr->idle.max); break; } } if ((farlen = farhdr->length) == 0) break; if ((farhdr->type == ARGUS_SRCUSRDATA_DSR) || (farhdr->type == ARGUS_DSTUSRDATA_DSR)) farlen = farlen * 4; length -= farlen; farhdr = (struct ArgusFarHeaderStruct *)((char *)farhdr + farlen); } } } void ArgusHtoN (struct ArgusRecord *argus) { int farlen = 0; unsigned int length = argus->ahdr.length - sizeof(argus->ahdr); unsigned int status = argus->ahdr.status; argus->ahdr.length = htons(argus->ahdr.length); argus->ahdr.argusid = htonl(argus->ahdr.argusid); argus->ahdr.seqNumber = htonl(argus->ahdr.seqNumber); argus->ahdr.status = htonl(argus->ahdr.status); if (argus->ahdr.type & ARGUS_MAR) { argus->argus_mar.startime.tv_sec = htonl(argus->argus_mar.startime.tv_sec); argus->argus_mar.startime.tv_usec = htonl(argus->argus_mar.startime.tv_usec); argus->argus_mar.now.tv_sec = htonl(argus->argus_mar.now.tv_sec); argus->argus_mar.now.tv_usec = htonl(argus->argus_mar.now.tv_usec); argus->argus_mar.reportInterval = htons(argus->argus_mar.reportInterval); argus->argus_mar.argusMrInterval = htons(argus->argus_mar.argusMrInterval); argus->argus_mar.argusid = htonl(argus->argus_mar.argusid); argus->argus_mar.localnet = htonl(argus->argus_mar.localnet); argus->argus_mar.netmask = htonl(argus->argus_mar.netmask); argus->argus_mar.nextMrSequenceNum = htonl(argus->argus_mar.nextMrSequenceNum); argus->argus_mar.pktsRcvd = htonll(argus->argus_mar.pktsRcvd); argus->argus_mar.bytesRcvd = htonll(argus->argus_mar.bytesRcvd); argus->argus_mar.pktsDrop = htonl(argus->argus_mar.pktsDrop); argus->argus_mar.flows = htonl(argus->argus_mar.flows); argus->argus_mar.flowsClosed = htonl(argus->argus_mar.flowsClosed); argus->argus_mar.actIPcons = htonl( argus->argus_mar.actIPcons); argus->argus_mar.cloIPcons = htonl( argus->argus_mar.cloIPcons); argus->argus_mar.actICMPcons = htonl( argus->argus_mar.actICMPcons); argus->argus_mar.cloICMPcons = htonl( argus->argus_mar.cloICMPcons); argus->argus_mar.actIGMPcons = htonl( argus->argus_mar.actIGMPcons); argus->argus_mar.cloIGMPcons = htonl( argus->argus_mar.cloIGMPcons); argus->argus_mar.actFRAGcons = htonl( argus->argus_mar.actFRAGcons); argus->argus_mar.cloFRAGcons = htonl( argus->argus_mar.cloFRAGcons); argus->argus_mar.actSECcons = htonl( argus->argus_mar.actSECcons); argus->argus_mar.cloSECcons = htonl( argus->argus_mar.cloSECcons); argus->argus_mar.record_len = htonl(argus->argus_mar.record_len); } else { struct ArgusFarHeaderStruct *farhdr = (struct ArgusFarHeaderStruct *) &argus->argus_far; farhdr->status = htons(farhdr->status); while (length > 0) { switch (farhdr->type) { case ARGUS_FAR: { struct ArgusFarStruct *far = (struct ArgusFarStruct *) farhdr; far->ArgusTransRefNum = htonl(far->ArgusTransRefNum); switch (status & (ETHERTYPE_IP|ETHERTYPE_IPV6|ETHERTYPE_ARP)) { case ETHERTYPE_IP: { struct ArgusIPFlow *ipflow = &far->flow.ip_flow; far->attr_ip.soptions = htons(far->attr_ip.soptions); far->attr_ip.doptions = htons(far->attr_ip.doptions); switch (ipflow->ip_p) { case IPPROTO_UDP: case IPPROTO_TCP: ipflow->ip_src = htonl(ipflow->ip_src); ipflow->ip_dst = htonl(ipflow->ip_dst); ipflow->sport = htons(ipflow->sport); ipflow->dport = htons(ipflow->dport); ipflow->ip_id = htons(ipflow->ip_id); break; case IPPROTO_ICMP: { struct ArgusICMPFlow *icmpflow = &far->flow.icmp_flow; icmpflow->ip_src = htonl(icmpflow->ip_src); icmpflow->ip_dst = htonl(icmpflow->ip_dst); icmpflow->id = htons(icmpflow->id); icmpflow->ip_id = htons(icmpflow->ip_id); break; } default: { ipflow->ip_src = htonl(ipflow->ip_src); ipflow->ip_dst = htonl(ipflow->ip_dst); break; } } break; } case ETHERTYPE_IPV6: break; case ETHERTYPE_ARP: { struct ArgusArpFlow *arpflow = &far->flow.arp_flow; arpflow->arp_tpa = htonl(arpflow->arp_tpa); arpflow->arp_spa = htonl(arpflow->arp_spa); break; } default: break; } far->time.start.tv_sec = htonl(far->time.start.tv_sec); far->time.start.tv_usec = htonl(far->time.start.tv_usec); far->time.last.tv_sec = htonl(far->time.last.tv_sec); far->time.last.tv_usec = htonl(far->time.last.tv_usec); far->src.count = htonl(far->src.count); far->src.bytes = htonl(far->src.bytes); far->src.appbytes = htonl(far->src.appbytes); far->dst.count = htonl(far->dst.count); far->dst.bytes = htonl(far->dst.bytes); far->dst.appbytes = htonl(far->dst.appbytes); break; } case ARGUS_MAC_DSR: { struct ArgusMacStruct *mac = (struct ArgusMacStruct *) farhdr; mac->status = htons(mac->status); break; } case ARGUS_VLAN_DSR: { struct ArgusVlanStruct *vlan = (struct ArgusVlanStruct *) farhdr; if (vlan->length != sizeof (struct ArgusVlanStruct)) vlan->length = sizeof (struct ArgusVlanStruct); vlan->status = ntohs(vlan->status); vlan->sid = ntohs(vlan->sid); vlan->did = ntohs(vlan->did); break; } case ARGUS_MPLS_DSR: { struct ArgusMplsStruct *mpls = (struct ArgusMplsStruct *) farhdr; mpls->status = ntohs(mpls->status); mpls->slabel = ntohl(mpls->slabel); mpls->dlabel = ntohl(mpls->dlabel); break; } case ARGUS_TCP_DSR: { struct ArgusTCPObject *tcp = (struct ArgusTCPObject *) farhdr; tcp->status = htons(tcp->status); tcp->state = htonl(tcp->state); tcp->synAckuSecs = htonl(tcp->synAckuSecs); tcp->ackDatauSecs = htonl(tcp->ackDatauSecs); tcp->options = htonl(tcp->options); tcp->src.seqbase = htonl(tcp->src.seqbase); tcp->src.ackbytes = htonl(tcp->src.ackbytes); tcp->src.rpkts = htonl(tcp->src.rpkts); tcp->src.win = htons(tcp->src.win); tcp->dst.seqbase = htonl(tcp->dst.seqbase); tcp->dst.ackbytes = htonl(tcp->dst.ackbytes); tcp->dst.rpkts = htonl(tcp->dst.rpkts); tcp->dst.win = htons(tcp->dst.win); break; } case ARGUS_ICMP_DSR: { struct ArgusICMPObject *icmp = (struct ArgusICMPObject *) farhdr; icmp->status = htons(icmp->status); icmp->iseq = htons(icmp->iseq); icmp->osrcaddr = htonl(icmp->osrcaddr); icmp->odstaddr = htonl(icmp->odstaddr); icmp->isrcaddr = htonl(icmp->isrcaddr); icmp->idstaddr = htonl(icmp->idstaddr); icmp->igwaddr = htonl(icmp->igwaddr); break; } case ARGUS_TIME_DSR: { struct ArgusTimeStruct *time = (void *) farhdr; time->status = htons(time->status); time->src.act.n = htonl(time->src.act.n); time->src.act.min = htonl(time->src.act.min); time->src.act.mean = htonl(time->src.act.mean); time->src.act.stdev = htonl(time->src.act.stdev); time->src.act.max = htonl(time->src.act.max); time->src.idle.n = htonl(time->src.idle.n); time->src.idle.min = htonl(time->src.idle.min); time->src.idle.mean = htonl(time->src.idle.mean); time->src.idle.stdev = htonl(time->src.idle.stdev); time->src.idle.max = htonl(time->src.idle.max); time->dst.act.n = htonl(time->dst.act.n); time->dst.act.min = htonl(time->dst.act.min); time->dst.act.mean = htonl(time->dst.act.mean); time->dst.act.stdev = htonl(time->dst.act.stdev); time->dst.act.max = htonl(time->dst.act.max); time->dst.idle.n = htonl(time->dst.idle.n); time->dst.idle.min = htonl(time->dst.idle.min); time->dst.idle.mean = htonl(time->dst.idle.mean); time->dst.idle.stdev = htonl(time->dst.idle.stdev); time->dst.idle.max = htonl(time->dst.idle.max); break; } case ARGUS_SRCUSRDATA_DSR: { struct ArgusUserStruct *user = (struct ArgusUserStruct *) farhdr; user->status = htons(user->status); break; } case ARGUS_DSTUSRDATA_DSR: { struct ArgusUserStruct *user = (struct ArgusUserStruct *) farhdr; user->status = htons(user->status); break; } case ARGUS_ESP_DSR: { struct ArgusESPStruct *esp = (struct ArgusESPStruct *) farhdr; esp->status = htons(esp->status); esp->src.spi = htonl(esp->src.spi); esp->src.lastseq = htonl(esp->src.lastseq); esp->src.lostseq = htonl(esp->src.lostseq); esp->dst.spi = htonl(esp->dst.spi); esp->dst.lastseq = htonl(esp->dst.lastseq); esp->dst.lostseq = htonl(esp->dst.lostseq); break; } case ARGUS_AGR_DSR: { struct ArgusAGRStruct *agr = (struct ArgusAGRStruct *) farhdr; agr->status = htons(agr->status); agr->count = htonl(agr->count); agr->laststartime.tv_sec = htonl(agr->laststartime.tv_sec); agr->laststartime.tv_usec = htonl(agr->laststartime.tv_usec); agr->lasttime.tv_sec = htonl(agr->lasttime.tv_sec); agr->lasttime.tv_usec = htonl(agr->lasttime.tv_usec); agr->act.min = htonl(agr->act.min); agr->act.mean = htonl(agr->act.mean); agr->act.stdev = htonl(agr->act.stdev); agr->act.max = htonl(agr->act.max); agr->idle.min = htonl(agr->idle.min); agr->idle.mean = htonl(agr->idle.mean); agr->idle.stdev = htonl(agr->idle.stdev); agr->idle.max = htonl(agr->idle.max); break; } } if ((farlen = farhdr->length) == 0) break; if ((farhdr->type == ARGUS_SRCUSRDATA_DSR) || (farhdr->type == ARGUS_DSTUSRDATA_DSR)) farlen = farlen * 4; length -= farlen; farhdr = (struct ArgusFarHeaderStruct *)((char *)farhdr + farlen); } } } #endif void ArgusPrintHex (const u_char *bp, u_int length) { const u_short *sp; u_int i; int nshorts; sp = (u_short *)bp; nshorts = (u_int) length / sizeof(u_short); i = 0; while (--nshorts >= 0) { if ((i++ % 8) == 0) { (void)printf("\n\t"); } (void)printf(" %04x", ntohs(*sp++)); } if (length & 1) { if ((i % 8) == 0) (void)printf("\n\t"); (void)printf(" %02x", *(u_char *)sp); } (void)printf("\n"); fflush(stdout); } int ArgusCallocTotal = 0; int ArgusFreeTotal = 0; #define ARGUS_ALLOC 0x3210123 void * ArgusCalloc (int nitems, int size) { void *retn = NULL; if (size) { ArgusCallocTotal++; retn = calloc (nitems, size); } #ifdef ARGUSDEBUG ArgusDebug (7, "ArgusCalloc (%d, %d) returning 0x%x\n", nitems, size, retn); #endif return (retn); } void ArgusFree (void *buf) { if (buf) { ArgusFreeTotal++; free (buf); } #ifdef ARGUSDEBUG ArgusDebug (7, "ArgusFree (0x%x) returning\n", buf); #endif } extern char *print_time(struct timeval *); #include struct ArgusLogPriorityStruct { int priority; char *label; }; #define ARGUSPRIORITYSTR 8 struct ArgusLogPriorityStruct ArgusPriorityStr[ARGUSPRIORITYSTR] = { { LOG_EMERG, "ArgusEmergency" }, { LOG_ALERT, " ArgusAlert" }, { LOG_CRIT, " ArgusCritical" }, { LOG_ERR, " ArgusError" }, { LOG_WARNING, " ArgusWarning" }, { LOG_NOTICE, " ArgusNotice" }, { LOG_INFO, " ArgusInfo" }, { LOG_DEBUG, " ArgusDebug" }, }; void ArgusLog (int priority, char *fmt, ...) { va_list ap; char buf[1024], *ptr = buf; #ifdef ARGUS_SYSLOG #ifndef LOG_PERROR #define LOG_PERROR LOG_CONS #endif openlog (ArgusProgramName, LOG_PID | LOG_PERROR, LOG_DAEMON); #else int i; char *label; if (priority == LOG_NOTICE) return; sprintf (buf, "%s[%d]: %s ", ArgusProgramName, (int)getpid(), print_time(&ArgusGlobalTime)); ptr = &buf[strlen(buf)]; #endif va_start (ap, fmt); (void) vsprintf (ptr, fmt, ap); ptr = &buf[strlen(buf)]; va_end (ap); if (*ptr) { if (ptr[-1] != '\n') sprintf (ptr, "\n"); } #ifdef ARGUS_SYSLOG syslog (priority, buf, strlen(buf)); closelog (); #else for (i = 0; i < ARGUSPRIORITYSTR; i++) if (ArgusPriorityStr[i].priority == priority) { label = ArgusPriorityStr[i].label; break; } fprintf (stderr, "%s: %s", label, buf); #endif switch (priority) { case LOG_ERR: ArgusShutDown(-1); break; default: break; } } argus-2.0.6.fixes.1/common/argus_parse.c0000775000076600007660000035277110016412624013600 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1993, 1994 Carnegie Mellon University. * All rights reserved. * * Permission to use, copy, modify, and distribute this software and * its documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and * that both that copyright notice and this permission notice appear * in supporting documentation, and that the name of CMU not be * used in advertising or publicity pertaining to distribution of the * software without specific, written prior permission. * * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. * */ /* * argus_parse - parse argus output. * this module performs all the argus(1) related connection parsing, * selects datum from a set of criteria, and then calls specific * protocol dependant routines, depending on the selected datum. * at the end of processing, argus_parse calls an application * specific finish routine, RaParseComplete(), and when * connected to a remote data source, it supplies a periodic * timeout routine; * * this module defines all things, except: * * (void) usage ((char *) argv[0]); * this routine should print the standard usage message * for the specific application. * * ArgusClientInit (); this is the application specific init * routine, which is called after all parsing * initialization is done, prior to reading the * first monitor(1) datum. * * (void) ArgusClientTimeout (); * this routine is called every second, when * argus_parse is connected to a remote data source. * * process_man ((struct ArgusRecord *) ptr); * this routine should process management control events; * * process_tcp ((struct ArgusRecord *) ptr); * this routine should process tcp events; * * process_udp ((struct ArgusRecord *) ptr); * this routine should process tcp events; * * process_icmp ((struct ArgusRecord *) ptr); * this routine should process tcp events; * * process_ip ((struct ArgusRecord *) ptr); * this routine should process tcp events; * * process_arp ((struct ArgusRecord *) ptr); * this routine should process arp events; * * process_non_ip ((struct ArgusRecord *) ptr); * this routine should process all other events; * * (void) RaParseComplete (0); * this routine will be called after all the * monitor data has been read. * * * written by Carter Bullard * QoSient, LLC * */ #define ArgusParse #include #include #include #if defined(CYGWIN) #include #endif #include #include #include #include #include #include #include #include int ArgusParseResourceFile (char *); unsigned char *ArgusRemoteFilter = NULL; extern void ArgusLog (int, char *, ...); int ArgusParseInit = 0; extern void ArgusClientTimeout (void); #define ARGUS_READINGPREHDR 1 #define ARGUS_READINGHDR 2 #define ARGUS_READINGBLOCK 4 void argus_parse_init (struct ARGUS_INPUT *input) { char errbuf[MAXSTRLEN]; char *device = NULL; struct tm *tm; struct argtimeval tvpbuf, *tvp = &tvpbuf; unsigned int net, mask; int i, fd = 0; if (input != NULL) fd = input->fd; if (initCon) { input->ArgusLocalNet = htonl(initCon->argus_mar.localnet); input->ArgusNetMask = htonl(initCon->argus_mar.netmask); if (tflag && timearg) { tvp->tv_sec = ntohl(initCon->argus_mar.now.tv_sec); tm = localtime((time_t *) &tvp->tv_sec); if (check_time_format (tm, timearg)) ArgusLog (LOG_ERR, "time syntax error %s\n", timearg); } } else { if ((device = argus_lookupdev (errbuf)) != NULL) { argus_lookupnet(device, &net, &mask, errbuf); input->ArgusLocalNet = net; input->ArgusNetMask = mask; } } if ((input->ArgusReadBuffer = (unsigned char *)ArgusCalloc (1, MAXSTRLEN)) == NULL) ArgusLog (LOG_ERR, "ArgusCalloc error %s\n", strerror(errno)); if ((input->ArgusConvBuffer = (u_char *)ArgusCalloc (1, MAXSTRLEN)) == NULL) ArgusLog (LOG_ERR, "ArgusCalloc error %s\n", strerror(errno)); input->ArgusReadPtr = input->ArgusReadBuffer; input->ArgusConvPtr = input->ArgusConvBuffer; if (Cflag) { input->ArgusReadSocketState = ARGUS_READINGPREHDR; /* input->ArgusReadSize = k_maxFlowPacketSize; */ input->ArgusReadSize = 4; } else { if (major_version > 1) input->ArgusReadSocketState = ARGUS_READINGHDR; else { input->ArgusReadSocketState = ARGUS_READINGBLOCK; input->ArgusReadSize = 60; } } input->ArgusReadSocketSize = (input->ArgusReadSize < 0) ? sizeof(struct ArgusRecordHeader) : input->ArgusReadSize; if (!ArgusParseInit++) for (i = 0; i < ARGUS_MAX_REMOTE_CONN; i++) ArgusRemoteFDs[i] = NULL; #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusParseInit (0x%x) returning\n", input); #endif } int ArgusPortNum = 0; char *getoptStr = "aAbB:cCd:D:E:e:f:F:gGhHiIL:lmM:nN:p:P:qr:RS:s:t:T:uU:vVw:zZ:"; #define RaEnvItems 2 char *RaResourceEnvStr [] = { "HOME", "ARGUSHOME", }; int main (int argc, char **argv) { int i, cc, op, retn = 0, fd = 0, Scmdline = 0, rcmdline = 0; char *cmdbuf = NULL, *infile = NULL; char *envstr = NULL, *homepath = NULL; struct stat statbuf; static char path[MAXPATHNAMELEN]; struct timeval now; struct timezone tz; extern char *optarg; extern int optind, opterr; opterr = 0; for (i = 0, cc = 0; i < argc; i++) cc += strlen(argv[i]); if (cc > 0) { int len = cc + (argc + 1); if ((cmdline = (char *) ArgusCalloc (len, sizeof(char))) != NULL) { for (i = 0, *cmdline = '\0'; i < argc; i++) { strcat (cmdline, argv[i]); strcat (cmdline, " "); } } else ArgusLog (LOG_ERR, "ArgusCalloc(%d, %d) failed %s\n", len, sizeof(char), strerror(errno)); } if (strchr (argv[0], '/')) argv[0] = strrchr(argv[0], '/') + 1; if (gettimeofday(&now, &tz) < 0) error("gettimeofday"); ArgusGlobalTime = now; ArgusNowTime = now; thiszone = tz.tz_minuteswest * -60; if ((RaTmStruct = localtime ((time_t *)&now.tv_sec))) { if (RaTmStruct->tm_isdst) thiszone += 3600; } else { fprintf (stderr, "%s: localtime: error %s \n", *argv, strerror(errno)); exit (1); } ArgusProgramName = argv[0]; snprintf (path, MAXPATHNAMELEN - 1, "/etc/ra.conf"); if (stat (path, &statbuf) == 0) ArgusParseResourceFile (path); if ((homepath = getenv("ARGUSHOME")) != NULL) { snprintf (path, MAXPATHNAMELEN - 1, "%s/ra.conf", homepath); if (stat (path, &statbuf) == 0) { ArgusParseResourceFile (path); } } if ((envstr = getenv("ARGUSPATH")) != NULL) { while ((homepath = strtok(envstr, ":")) != NULL) { snprintf (path, MAXPATHNAMELEN - 1, "%s/.rarc", homepath); if (stat (path, &statbuf) == 0) { ArgusParseResourceFile (path); break; } envstr = NULL; } } else { for (i = 0; i < RaEnvItems; i++) { envstr = RaResourceEnvStr[i]; if ((homepath = getenv(envstr)) != NULL) { sprintf (path, "%s/.rarc", homepath); if (stat (path, &statbuf) == 0) { ArgusParseResourceFile (path); break; } } } } if ((argv[optind]) != NULL) ArgusProgramOptions = strdup(copy_argv (&argv[optind])); while ((op = getopt (argc, argv, getoptStr)) != EOF) { switch (op) { case 'a': ++aflag; break; case 'A': ++Aflag; break; case 'b': ++bflag; break; case 'B': Bflag = atoi(optarg); break; case 'c': ++cflag; break; case 'C': ++Cflag; break; case 'D': Argusdflag = atoi (optarg); break; case 'd': ++dflag; if ((dataarg = optarg) != NULL) { if ((retn = parseUserDataArg (&dataarg, argv, optind)) < 0) { usage (); } else { optind += retn; } } break; case 'e': estr = optarg; if (strncmp(ArgusProgramName, "ragrep", 6)) { if (!(strncasecmp(optarg, "ascii", 5))) eflag = ARGUS_ENCODE_ASCII; else if (!(strncasecmp(optarg, "encode64", 8))) eflag = ARGUS_ENCODE_64; else usage(); } else { ArgusGrepSource++; ArgusGrepDestination++; if ((estr[0] == 's') && (estr[1] == ':')) { ArgusGrepDestination = 0; estr = &estr[2]; } if ((estr[0] == 'd') && (estr[1] == ':')) { ArgusGrepSource = 0; estr = &estr[2]; } } break; case 'E': exceptfile = optarg; break; case 'f': ArgusFlowModelFile = optarg; break; case 'F': if (!(ArgusParseResourceFile (optarg))) ArgusLog (LOG_ERR, "ArgusParseResourceFile(%s) error. %s\n", optarg, strerror(errno)); break; case 'g': ++gflag; Gflag = 0; break; case 'G': ++Gflag; gflag = 0; break; case 'H': ++Hflag; break; case 'i': ++idflag; break; case 'I': ++Iflag; break; case 'L': switch (Lflag = atoi(optarg)) { case 0: Lflag = -1; break; case -1: Lflag = 0; break; } break; case 'l': ++lflag; break; case 'm': ++mflag; break; case 'M': Mflag = optarg; break; case 'n': ++nflag; break; case 'N': Nflag = atoi (optarg); break; case 'p': pflag = atoi (optarg); break; case 'P': ArgusPortNum = atoi (optarg); break; case 'q': ++qflag; break; case 'r': ++rflag; Sflag = 0; if ((!rcmdline++) && (ArgusInputFileList != NULL)) ArgusDeleteFileList(); if (optarg == NULL) optarg = "-"; do { if (!(ArgusAddFileList (optarg))) { fprintf (stderr, "%s: error: file arg %s \n", *argv, optarg); exit (1); } if ((optarg = argv[optind]) != NULL) if (*optarg != '-') optind++; } while (optarg && (*optarg != '-')); break; case 'R': ++Rflag; break; case 's': if (RaSortIndex < ARGUS_MAX_SORT_ALG) RaSortAlgorithmStrings[RaSortIndex++] = optarg; else ArgusLog (LOG_ERR, "usage: number of sort options exceeds %d\n", ARGUS_MAX_SORT_ALG); break; case 'S': ++Sflag; if ((!Scmdline++) && (ArgusRemoteHostList != NULL)) ArgusDeleteHostList(); if (!(ArgusAddHostList (optarg))) { fprintf (stderr, "%s: host %s unknown\n", *argv, optarg); exit (1); } break; case 't': ++tflag; if ((timearg = optarg) != NULL) { if ((retn = parseTimeArg (&timearg, argv, optind, RaTmStruct)) < 0) { usage (); } else { optind += retn; } } break; case 'T': Tflag = atoi(optarg); break; case 'u': uflag++; break; case 'U': ustr = optarg; break; case 'v': vflag++; break; case 'V': Vflag++; break; case 'w': if ((wfile = optarg) == NULL) if (!strcmp (argv[optind], "-")) { wfile = "-"; } break; case 'z': ++zflag; break; case 'Z': Zflag = *optarg; break; case 'h': default: usage (); /* NOTREACHED */ } } if (infile) cmdbuf = read_infile (infile); else { char *str; if ((str = argv[optind]) != NULL) { if (strcmp(str, "-") == 0) optind++; cmdbuf = copy_argv (&argv[optind]); } } if (cmdbuf) { if (RaInputFilter != NULL) ArgusFree(RaInputFilter); RaInputFilter = cmdbuf; } init_addrtoname (fflag, ArgusLocalNet, ArgusNetMask); bzero ((char *) &ArgusFilterCode, sizeof (ArgusFilterCode)); if (!(ArgusFilterCompile (&ArgusFilterCode, RaInputFilter, 1, ArgusNetMask) < 0)) { if (cmdbuf) ArgusRemoteFilter = (unsigned char *) strdup(cmdbuf); else ArgusRemoteFilter = NULL; } if (bflag) { bpf_dump(&ArgusFilterCode, bflag); exit (0); } ArgusClientInit (); if (Sflag) { register struct ARGUS_INPUT *addr; if ((addr = ArgusRemoteHostList) != NULL) { while (addr != NULL) { if ((addr->fd = ArgusGetServerSocket (addr)) >= 0) if ((ArgusReadConnection (addr, NULL)) >= 0) ArgusRemoteFDs[ArgusActiveServers++] = addr; addr = addr->nxt; } } ArgusReadStream(); } else { struct ARGUS_INPUT *addr; if (ArgusInputFileList == NULL) if (!(ArgusAddFileList ("-"))) ArgusLog (LOG_ERR, "ArgusAddFilelist('-') error %s\n", strerror(errno)); if ((addr = ArgusInputFileList) != NULL) { while (addr) { if (strcmp (addr->filename, "-")) { if ((addr->fd = open(addr->filename, O_RDONLY)) >= 0) { if (((ArgusReadConnection (addr, addr->filename)) >= 0)) { ArgusRemoteFDs[0] = addr; ArgusReadStream(); close(addr->fd); } } else { fprintf (stderr, "%s: open '%s': %s\n", ArgusProgramName, addr->filename, strerror(errno)); } } else { addr->fd = 0; if (((ArgusReadConnection (addr, NULL)) >= 0)) { ArgusRemoteFDs[0] = addr; ArgusReadStream(); } } addr = addr->nxt; } } else { struct ARGUS_INPUT addrbuf, *addr = &addrbuf; bzero ((char *) addr, sizeof (*addr)); addr->fd = 0; if (((ArgusReadConnection (addr, NULL)) >= 0)) { ArgusRemoteFDs[0] = addr; ArgusReadStream(); } } } if (fd >= 0) { ArgusShutDown (0); } else retn = 1; #ifdef ARGUSDEBUG ArgusDebug (1, "main () exiting with %d\n", retn); #endif exit (retn); } void ArgusShutDown (int value) { #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusShutDown (%d)\n", value); #endif if (value >= 0) RaParseComplete (value); _exit (value); } unsigned int ArgusTotalCount = 0; unsigned int ArgusTotalBytes = 0; static int firstWrite = 1; int ArgusHandleDatum (struct ArgusRecord *ptr, struct bpf_program *filter) { int retn = 0; if (ptr != NULL) { int len = ntohs(ptr->ahdr.length); struct bpf_insn *fcode = filter->bf_insns; u_char buf[MAXSTRLEN]; totalrecords++; if (len > MAXSTRLEN) ArgusLog (LOG_ERR, "ArgusHandleDatum(0x%x) input record %d size = %d\n", totalrecords, len); bcopy ((char *)ptr, (char *)ArgusOriginal, len); bcopy ((char *)ptr, (char *)&buf, len); switch (ptr->ahdr.type) { case ARGUS_MAR: case (ARGUS_MAR | ARGUS_CISCO_NETFLOW): case ARGUS_INDEX: case ARGUS_EVENT: marrecords++; break; case ARGUS_FAR: case ARGUS_DATASUP: farrecords++; break; } if ((retn = argus_filter (fcode, (unsigned char *) ptr)) != 0) { #ifdef _LITTLE_ENDIAN ArgusNtoH ((struct ArgusRecord *)&buf); #endif ArgusThisFarStatus = ArgusIndexRecord ((struct ArgusRecord *)&buf, ArgusThisFarHdrs); if ((retn = check_time ((struct ArgusRecord *)&buf)) != 0) { struct ArgusRecord *argus = (struct ArgusRecord *)&buf; if (!(ptr->ahdr.type & ARGUS_MAR)) { unsigned int count, bytes; #define ARGUSMAXPACKETSIZE 65536 /* correct for 1.8x byte count bug */ if ((count = argus->argus_far.src.count) > 0) if ((bytes = argus->argus_far.src.bytes) > 0) if ((bytes/count) > ARGUSMAXPACKETSIZE) argus->argus_far.src.bytes = 0; if ((count = argus->argus_far.dst.count) > 0) if ((bytes = argus->argus_far.dst.bytes) > 0) if ((bytes/count) > ARGUSMAXPACKETSIZE) argus->argus_far.dst.bytes = 0; ArgusTotalCount += (argus->argus_far.src.count + argus->argus_far.dst.count); if (Aflag) ArgusTotalBytes += (argus->argus_far.src.appbytes + argus->argus_far.dst.appbytes); else ArgusTotalBytes += (argus->argus_far.src.bytes + argus->argus_far.dst.bytes); } if (wfile) { if (RaWriteOut) { if (!(firstWrite && ((argus->ahdr.type & ARGUS_MAR) && (argus->ahdr.cause & ARGUS_START)))) if (ArgusWriteNewLogfile (wfile, ArgusOriginal)) { fprintf (stderr, "ArgusWriteNewLogfile: error\n"); exit (1); } } else ArgusProcessRecord ((struct ArgusRecord *)&buf); } else ArgusProcessRecord ((struct ArgusRecord *)&buf); } } else { if (exceptfile) { if (ArgusWriteNewLogfile (exceptfile, ArgusOriginal)) { fprintf (stderr, "ArgusWriteNewLogfile: error using file %s\n", exceptfile); exit (1); } } } retn = 0; if (ptr->ahdr.type & ARGUS_MAR) { switch (ptr->ahdr.cause) { case ARGUS_STOP: case ARGUS_SHUTDOWN: case ARGUS_ERROR: { #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusHandleDatum (0x%x, 0x%x) received closing Mar\n", ptr, filter); #endif if (Sflag) retn = 1; break; } } } } #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusHandleDatum (0x%x, 0x%x) returning %d\n", ptr, filter, retn); #endif return (retn); } #include struct ArgusRecord *ArgusNetFlowCallRecord (u_char **); struct ArgusRecord *ArgusNetFlowDetailInt (u_char **); struct ArgusRecord *ArgusParseCiscoRecord (u_char **); struct ArgusRecord *ArgusParseCiscoRecordV1 (u_char **); struct ArgusRecord *ArgusParseCiscoRecordV5 (u_char **); struct ArgusRecord *ArgusParseCiscoRecordV6 (u_char **); unsigned char *ArgusNetFlowRecordHeader = NULL; unsigned char ArgusNetFlowArgusRecordBuf[1024]; struct ArgusRecord *ArgusNetFlowArgusRecord = (struct ArgusRecord *) ArgusNetFlowArgusRecordBuf; struct ArgusRecord * ArgusParseCiscoRecordV1 (u_char **ptr) { CiscoFlowEntryV1_t *entryPtrV1 = (CiscoFlowEntryV1_t *) *ptr; CiscoFlowHeaderV1_t *hdrPtrV1 = (CiscoFlowHeaderV1_t *) ArgusNetFlowRecordHeader; struct ArgusRecord *argus = ArgusNetFlowArgusRecord; struct ArgusMacStruct mac; *ptr += sizeof(CiscoFlowEntryV1_t); bzero ((char *) argus, sizeof (*argus)); argus->ahdr.type = ARGUS_FAR | ARGUS_CISCO_NETFLOW; argus->ahdr.cause = ARGUS_STATUS; argus->ahdr.length = sizeof(argus->ahdr) + sizeof(argus->argus_far); argus->ahdr.status |= ETHERTYPE_IP; argus->argus_far.type = ARGUS_FAR; argus->argus_far.length = sizeof(argus->argus_far); if (hdrPtrV1) { long time; time = ntohl(entryPtrV1->first); argus->argus_far.time.start.tv_sec = (time - (long)hdrPtrV1->sysUptime)/1000; argus->argus_far.time.start.tv_sec += hdrPtrV1->unix_secs; argus->argus_far.time.start.tv_usec = ((time - (long)hdrPtrV1->sysUptime)%1000) * 1000; argus->argus_far.time.start.tv_usec += hdrPtrV1->unix_nsecs/1000; if (argus->argus_far.time.start.tv_usec >= 1000000) { argus->argus_far.time.start.tv_sec++; argus->argus_far.time.start.tv_usec -= 1000000; } if (argus->argus_far.time.start.tv_usec < 0) { argus->argus_far.time.start.tv_sec--; argus->argus_far.time.start.tv_usec += 1000000; } time = ntohl(entryPtrV1->last); argus->argus_far.time.last.tv_sec = (time - (long)hdrPtrV1->sysUptime)/1000; argus->argus_far.time.last.tv_sec += hdrPtrV1->unix_secs; argus->argus_far.time.last.tv_usec = ((time - (long)hdrPtrV1->sysUptime)%1000) * 1000; argus->argus_far.time.last.tv_usec += hdrPtrV1->unix_nsecs/1000; if (argus->argus_far.time.last.tv_usec >= 1000000) { argus->argus_far.time.last.tv_sec++; argus->argus_far.time.last.tv_usec -= 1000000; } if (argus->argus_far.time.last.tv_usec < 0) { argus->argus_far.time.last.tv_sec--; argus->argus_far.time.last.tv_usec += 1000000; } argus->argus_far.time.start.tv_usec = (argus->argus_far.time.start.tv_usec / 1000) * 1000; argus->argus_far.time.last.tv_usec = (argus->argus_far.time.last.tv_usec / 1000) * 1000; } argus->argus_far.flow.ip_flow.ip_src = ntohl(entryPtrV1->srcaddr); argus->argus_far.flow.ip_flow.ip_dst = ntohl(entryPtrV1->dstaddr); argus->argus_far.flow.ip_flow.ip_p = entryPtrV1->prot; argus->argus_far.attr_ip.stos = entryPtrV1->tos; argus->argus_far.src.count = ntohl(entryPtrV1->pkts); argus->argus_far.src.bytes = ntohl(entryPtrV1->bytes); argus->argus_far.src.appbytes = 0; switch (argus->argus_far.flow.ip_flow.ip_p) { case IPPROTO_TCP: { struct ArgusTCPObject tcpbuf, *tcp = &tcpbuf; bzero ((char *) tcp, sizeof(*tcp)); tcp->type = ARGUS_TCP_DSR; tcp->length = sizeof(struct ArgusTCPObject); tcp->src.flags = entryPtrV1->flags; if (tcp->src.flags & TH_RST) { if (argus->argus_far.src.count == 1) { if (tcp->src.flags == (TH_RST | TH_ACK)) tcp->state |= ARGUS_DST_RESET; else tcp->state |= ARGUS_SRC_RESET; } else tcp->state |= ARGUS_RESET; } if (tcp->src.flags & TH_FIN) tcp->state |= ARGUS_FIN; if ((tcp->src.flags & TH_ACK) || (tcp->src.flags & TH_PUSH) || (tcp->src.flags & TH_URG)) tcp->state |= ARGUS_CON_ESTABLISHED; switch (tcp->src.flags & (TH_SYN|TH_ACK|TH_FIN|TH_PUSH|TH_URG)) { case (TH_SYN): tcp->state |= ARGUS_SAW_SYN; break; case (TH_SYN|TH_ACK): if (argus->argus_far.src.count == 1) tcp->state |= ARGUS_SAW_SYN_SENT; break; } bcopy ((char *)tcp, &((char *)argus)[argus->ahdr.length], sizeof(*tcp)); argus->ahdr.length += sizeof(*tcp); } /* fall through to UDP switch to get the ports */ case IPPROTO_UDP: argus->argus_far.flow.ip_flow.sport = ntohs(entryPtrV1->srcport); argus->argus_far.flow.ip_flow.dport = ntohs(entryPtrV1->dstport); break; case IPPROTO_ICMP: { argus->argus_far.flow.icmp_flow.type = ((char *)&entryPtrV1->dstport)[0]; argus->argus_far.flow.icmp_flow.code = ((char *)&entryPtrV1->dstport)[1]; } break; } bzero ((char *)&mac, sizeof (mac)); mac.type = ARGUS_MAC_DSR; mac.length = sizeof(mac); mac.status = 0; entryPtrV1->input = ntohs(entryPtrV1->input); entryPtrV1->output = ntohs(entryPtrV1->output); bcopy((char *)&entryPtrV1->input, (char *)&mac.phys_union.ether.ethersrc[4], 2); bcopy((char *)&entryPtrV1->output,(char *)&mac.phys_union.ether.etherdst[4], 2); bcopy ((char *)&mac, &((char *)argus)[argus->ahdr.length], sizeof(mac)); argus->ahdr.length += sizeof(mac); #ifdef _LITTLE_ENDIAN ArgusHtoN(argus); #endif #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusParseCiscoRecordV1 (0x%x) returning 0x%x\n", *ptr, argus); #endif return(argus); } struct ArgusRecord * ArgusParseCiscoRecordV5 (u_char **ptr) { CiscoFlowEntryV5_t *entryPtrV5 = ((CiscoFlowEntryV5_t *) *ptr); CiscoFlowHeaderV5_t *hdrPtrV5 = (CiscoFlowHeaderV5_t *) ArgusNetFlowRecordHeader; struct ArgusRecord *argus = ArgusNetFlowArgusRecord; struct ArgusMacStruct mac; *ptr += sizeof(CiscoFlowEntryV5_t); bzero ((char *) argus, sizeof (*argus)); argus->ahdr.type = ARGUS_FAR | ARGUS_CISCO_NETFLOW; argus->ahdr.cause = ARGUS_STATUS; argus->ahdr.length = sizeof(argus->ahdr) + sizeof(argus->argus_far); argus->ahdr.status |= ETHERTYPE_IP; argus->argus_far.type = ARGUS_FAR; argus->argus_far.length = sizeof(argus->argus_far); if (hdrPtrV5) { long time; time = ntohl(entryPtrV5->first); argus->argus_far.time.start.tv_sec = (time - (long)hdrPtrV5->sysUptime)/1000; argus->argus_far.time.start.tv_sec += hdrPtrV5->unix_secs; argus->argus_far.time.start.tv_usec = ((time - (long)hdrPtrV5->sysUptime)%1000) * 1000; argus->argus_far.time.start.tv_usec += hdrPtrV5->unix_nsecs/1000; if (argus->argus_far.time.start.tv_usec >= 1000000) { argus->argus_far.time.start.tv_sec++; argus->argus_far.time.start.tv_usec -= 1000000; } if (argus->argus_far.time.start.tv_usec < 0) { argus->argus_far.time.start.tv_sec--; argus->argus_far.time.start.tv_usec += 1000000; } time = ntohl(entryPtrV5->last); argus->argus_far.time.last.tv_sec = (time - (long)hdrPtrV5->sysUptime)/1000; argus->argus_far.time.last.tv_sec += hdrPtrV5->unix_secs; argus->argus_far.time.last.tv_usec = ((time - (long)hdrPtrV5->sysUptime)%1000) * 1000; argus->argus_far.time.last.tv_usec += hdrPtrV5->unix_nsecs/1000; if (argus->argus_far.time.last.tv_usec >= 1000000) { argus->argus_far.time.last.tv_sec++; argus->argus_far.time.last.tv_usec -= 1000000; } if (argus->argus_far.time.last.tv_usec < 0) { argus->argus_far.time.last.tv_sec--; argus->argus_far.time.last.tv_usec += 1000000; } argus->argus_far.time.start.tv_usec = (argus->argus_far.time.start.tv_usec / 1000) * 1000; argus->argus_far.time.last.tv_usec = (argus->argus_far.time.last.tv_usec / 1000) * 1000; } argus->argus_far.flow.ip_flow.ip_src = ntohl(entryPtrV5->srcaddr); argus->argus_far.flow.ip_flow.ip_dst = ntohl(entryPtrV5->dstaddr); argus->argus_far.flow.ip_flow.sport = ntohs(entryPtrV5->srcport); argus->argus_far.flow.ip_flow.dport = ntohs(entryPtrV5->dstport); argus->argus_far.flow.ip_flow.ip_p = entryPtrV5->prot; argus->argus_far.attr_ip.stos = entryPtrV5->tos; argus->argus_far.src.count = ntohl(entryPtrV5->pkts); argus->argus_far.src.bytes = ntohl(entryPtrV5->bytes); argus->argus_far.src.appbytes = 0; switch (argus->argus_far.flow.ip_flow.ip_p) { case IPPROTO_TCP: { struct ArgusTCPObject tcpbuf, *tcp = &tcpbuf; bzero ((char *) tcp, sizeof(*tcp)); tcp->type = ARGUS_TCP_DSR; tcp->length = sizeof(struct ArgusTCPObject); tcp->src.flags = entryPtrV5->tcp_flags; if (tcp->src.flags & TH_RST) tcp->status |= ARGUS_RESET; if (tcp->src.flags & TH_FIN) tcp->status |= ARGUS_FIN; if ((tcp->src.flags & TH_ACK) || (tcp->src.flags & TH_PUSH) || (tcp->src.flags & TH_URG)) tcp->status |= ARGUS_CON_ESTABLISHED; switch (tcp->src.flags & (TH_SYN|TH_ACK|TH_FIN|TH_PUSH|TH_URG)) { case (TH_SYN): tcp->status |= ARGUS_SAW_SYN; break; } bcopy ((char *)tcp, &((char *)argus)[argus->ahdr.length], sizeof(*tcp)); argus->ahdr.length += sizeof(*tcp); } break; } bzero ((char *)&mac, sizeof (mac)); mac.type = ARGUS_MAC_DSR; mac.length = sizeof(mac); mac.status = 0; entryPtrV5->input = ntohs(entryPtrV5->input); entryPtrV5->output = ntohs(entryPtrV5->output); bcopy((char *)&entryPtrV5->input, (char *)&mac.phys_union.ether.ethersrc[4], 2); bcopy((char *)&entryPtrV5->output,(char *)&mac.phys_union.ether.etherdst[4], 2); bcopy ((char *)&mac, &((char *)argus)[argus->ahdr.length], sizeof(mac)); argus->ahdr.length += sizeof(mac); #ifdef _LITTLE_ENDIAN ArgusHtoN(argus); #endif #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusParseCiscoRecordV5 (0x%x) returning 0x%x\n", *ptr, argus); #endif return (argus); } struct ArgusRecord * ArgusParseCiscoRecordV6 (u_char **ptr) { CiscoFlowEntryV6_t *entryPtrV6 = (CiscoFlowEntryV6_t *) *ptr; CiscoFlowHeaderV6_t *hdrPtrV6 = (CiscoFlowHeaderV6_t *) ArgusNetFlowRecordHeader; struct ArgusRecord *argus = ArgusNetFlowArgusRecord; struct ArgusMacStruct mac; *ptr += sizeof(CiscoFlowEntryV6_t); bzero ((char *) argus, sizeof (*argus)); argus->ahdr.type = ARGUS_FAR | ARGUS_CISCO_NETFLOW; argus->ahdr.cause = ARGUS_STATUS; argus->ahdr.length = sizeof(argus->ahdr) + sizeof(argus->argus_far); argus->ahdr.status |= ETHERTYPE_IP; argus->argus_far.type = ARGUS_FAR; argus->argus_far.length = sizeof(argus->argus_far); if (hdrPtrV6) { long time; time = ntohl(entryPtrV6->first); argus->argus_far.time.start.tv_sec = (time - (long)hdrPtrV6->sysUptime)/1000; argus->argus_far.time.start.tv_sec += hdrPtrV6->unix_secs; argus->argus_far.time.start.tv_usec = ((time - (long)hdrPtrV6->sysUptime)%1000) * 1000; argus->argus_far.time.start.tv_usec += hdrPtrV6->unix_nsecs/1000; if (argus->argus_far.time.start.tv_usec >= 1000000) { argus->argus_far.time.start.tv_sec++; argus->argus_far.time.start.tv_usec -= 1000000; } if (argus->argus_far.time.start.tv_usec < 0) { argus->argus_far.time.start.tv_sec--; argus->argus_far.time.start.tv_usec += 1000000; } time = ntohl(entryPtrV6->last); argus->argus_far.time.last.tv_sec = (time - (long)hdrPtrV6->sysUptime)/1000; argus->argus_far.time.last.tv_sec += hdrPtrV6->unix_secs; argus->argus_far.time.last.tv_usec = ((time - (long)hdrPtrV6->sysUptime)%1000) * 1000; argus->argus_far.time.last.tv_usec += hdrPtrV6->unix_nsecs/1000; if (argus->argus_far.time.last.tv_usec >= 1000000) { argus->argus_far.time.last.tv_sec++; argus->argus_far.time.last.tv_usec -= 1000000; } if (argus->argus_far.time.last.tv_usec < 0) { argus->argus_far.time.last.tv_sec--; argus->argus_far.time.last.tv_usec += 1000000; } argus->argus_far.time.start.tv_usec = (argus->argus_far.time.start.tv_usec / 1000) * 1000; argus->argus_far.time.last.tv_usec = (argus->argus_far.time.last.tv_usec / 1000) * 1000; } argus->argus_far.flow.ip_flow.ip_src = ntohl(entryPtrV6->srcaddr); argus->argus_far.flow.ip_flow.ip_dst = ntohl(entryPtrV6->dstaddr); argus->argus_far.flow.ip_flow.sport = ntohs(entryPtrV6->srcport); argus->argus_far.flow.ip_flow.dport = ntohs(entryPtrV6->dstport); argus->argus_far.flow.ip_flow.ip_p = entryPtrV6->prot; argus->argus_far.attr_ip.stos = entryPtrV6->tos; argus->argus_far.src.count = ntohl(entryPtrV6->pkts); argus->argus_far.src.bytes = ntohl(entryPtrV6->bytes); argus->argus_far.src.appbytes = 0; switch (argus->argus_far.flow.ip_flow.ip_p) { case IPPROTO_TCP: { struct ArgusTCPObject tcpbuf, *tcp = &tcpbuf; bzero ((char *) tcp, sizeof(*tcp)); tcp->type = ARGUS_TCP_DSR; tcp->length = sizeof(struct ArgusTCPObject); tcp->src.flags = entryPtrV6->tcp_flags; if (tcp->src.flags & TH_RST) tcp->status |= ARGUS_RESET; if (tcp->src.flags & TH_FIN) tcp->status |= ARGUS_FIN; if ((tcp->src.flags & TH_ACK) || (tcp->src.flags & TH_PUSH) || (tcp->src.flags & TH_URG)) tcp->status |= ARGUS_CON_ESTABLISHED; switch (tcp->src.flags & (TH_SYN|TH_ACK|TH_FIN|TH_PUSH|TH_URG)) { case (TH_SYN): tcp->status |= ARGUS_SAW_SYN; break; } bcopy ((char *)tcp, &((char *)argus)[argus->ahdr.length], sizeof(*tcp)); argus->ahdr.length += sizeof(*tcp); } break; } bzero ((char *)&mac, sizeof (mac)); mac.type = ARGUS_MAC_DSR; mac.length = sizeof(mac); mac.status = 0; entryPtrV6->input = ntohs(entryPtrV6->input); entryPtrV6->output = ntohs(entryPtrV6->output); bcopy((char *)&entryPtrV6->input, (char *)&mac.phys_union.ether.ethersrc[4], 2); bcopy((char *)&entryPtrV6->output,(char *)&mac.phys_union.ether.etherdst[4], 2); bcopy ((char *)&mac, &((char *)argus)[argus->ahdr.length], sizeof(mac)); argus->ahdr.length += sizeof(mac); #ifdef _LITTLE_ENDIAN ArgusHtoN(argus); #endif #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusParseCiscoRecord (0x%x) returning 0x%x\n", *ptr, argus); #endif return(argus); } struct ArgusRecord * ArgusParseCiscoRecord (u_char **ptr) { struct ArgusRecord *argus = ArgusNetFlowArgusRecord; unsigned short *sptr = (unsigned short *) *ptr; #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusParseCiscoRecord (0x%x) version %h\n", *ptr, *sptr); #endif switch (*sptr) { case Version1: { CiscoFlowHeaderV1_t *hdrPtrV1 = (CiscoFlowHeaderV1_t *) *ptr; CiscoFlowEntryV1_t *entryPtrV1 = (CiscoFlowEntryV1_t *) (hdrPtrV1 + 1); bzero ((char *) argus, sizeof (*argus)); argus->ahdr.type = ARGUS_FAR | ARGUS_CISCO_NETFLOW; argus->ahdr.cause = ARGUS_STATUS; argus->ahdr.length = sizeof(argus->ahdr) + sizeof(argus->argus_far); argus->ahdr.status |= ETHERTYPE_IP; argus->argus_far.type = ARGUS_FAR; argus->argus_far.length = sizeof(argus->argus_far); if (hdrPtrV1) { long time; time = ntohl(entryPtrV1->first); argus->argus_far.time.start.tv_sec = (time - (long)hdrPtrV1->sysUptime)/1000; argus->argus_far.time.start.tv_sec += hdrPtrV1->unix_secs; argus->argus_far.time.start.tv_usec = ((time - (long)hdrPtrV1->sysUptime)%1000) * 1000; argus->argus_far.time.start.tv_usec += hdrPtrV1->unix_nsecs/1000; if (argus->argus_far.time.start.tv_usec >= 1000000) { argus->argus_far.time.start.tv_sec++; argus->argus_far.time.start.tv_usec -= 1000000; } if (argus->argus_far.time.start.tv_usec < 0) { argus->argus_far.time.start.tv_sec--; argus->argus_far.time.start.tv_usec += 1000000; } time = ntohl(entryPtrV1->last); argus->argus_far.time.last.tv_sec = (time - (long)hdrPtrV1->sysUptime)/1000; argus->argus_far.time.last.tv_sec += hdrPtrV1->unix_secs; argus->argus_far.time.last.tv_usec = ((time - (long)hdrPtrV1->sysUptime)%1000) * 1000; argus->argus_far.time.last.tv_usec += hdrPtrV1->unix_nsecs/1000; if (argus->argus_far.time.last.tv_usec >= 1000000) { argus->argus_far.time.last.tv_sec++; argus->argus_far.time.last.tv_usec -= 1000000; } if (argus->argus_far.time.last.tv_usec < 0) { argus->argus_far.time.last.tv_sec--; argus->argus_far.time.last.tv_usec += 1000000; } argus->argus_far.time.start.tv_usec = (argus->argus_far.time.start.tv_usec / 1000) * 1000; argus->argus_far.time.last.tv_usec = (argus->argus_far.time.last.tv_usec / 1000) * 1000; } argus->argus_far.flow.ip_flow.ip_src = ntohl(entryPtrV1->srcaddr); argus->argus_far.flow.ip_flow.ip_dst = ntohl(entryPtrV1->dstaddr); argus->argus_far.flow.ip_flow.sport = ntohs(entryPtrV1->srcport); argus->argus_far.flow.ip_flow.dport = ntohs(entryPtrV1->dstport); argus->argus_far.flow.ip_flow.ip_p = entryPtrV1->prot; argus->argus_far.attr_ip.stos = entryPtrV1->tos; argus->argus_far.src.count = ntohl(entryPtrV1->pkts); argus->argus_far.src.bytes = ntohl(entryPtrV1->bytes); #ifdef _LITTLE_ENDIAN ArgusHtoN(argus); #endif break; } case Version5: { CiscoFlowHeaderV5_t *hdrPtrV5 = (CiscoFlowHeaderV5_t *) ptr; CiscoFlowEntryV5_t *entryPtrV5 = (CiscoFlowEntryV5_t *) (hdrPtrV5 + 1); bzero ((char *) argus, sizeof (*argus)); argus->ahdr.type = ARGUS_FAR | ARGUS_CISCO_NETFLOW; argus->ahdr.cause = ARGUS_STATUS; argus->ahdr.length = sizeof(argus->ahdr) + sizeof(argus->argus_far); argus->ahdr.status |= ETHERTYPE_IP; argus->argus_far.type = ARGUS_FAR; argus->argus_far.length = sizeof(argus->argus_far); if (hdrPtrV5) { long time; time = ntohl(entryPtrV5->first); argus->argus_far.time.start.tv_sec = (time - (long)hdrPtrV5->sysUptime)/1000; argus->argus_far.time.start.tv_sec += hdrPtrV5->unix_secs; argus->argus_far.time.start.tv_usec = ((time - (long)hdrPtrV5->sysUptime)%1000) * 1000; argus->argus_far.time.start.tv_usec += hdrPtrV5->unix_nsecs/1000; if (argus->argus_far.time.start.tv_usec >= 1000000) { argus->argus_far.time.start.tv_sec++; argus->argus_far.time.start.tv_usec -= 1000000; } if (argus->argus_far.time.start.tv_usec < 0) { argus->argus_far.time.start.tv_sec--; argus->argus_far.time.start.tv_usec += 1000000; } time = ntohl(entryPtrV5->last); argus->argus_far.time.last.tv_sec = (time - (long)hdrPtrV5->sysUptime)/1000; argus->argus_far.time.last.tv_sec += hdrPtrV5->unix_secs; argus->argus_far.time.last.tv_usec = ((time - (long)hdrPtrV5->sysUptime)%1000) * 1000; argus->argus_far.time.last.tv_usec += hdrPtrV5->unix_nsecs/1000; if (argus->argus_far.time.last.tv_usec >= 1000000) { argus->argus_far.time.last.tv_sec++; argus->argus_far.time.last.tv_usec -= 1000000; } if (argus->argus_far.time.last.tv_usec < 0) { argus->argus_far.time.last.tv_sec--; argus->argus_far.time.last.tv_usec += 1000000; } argus->argus_far.time.start.tv_usec = (argus->argus_far.time.start.tv_usec / 1000) * 1000; argus->argus_far.time.last.tv_usec = (argus->argus_far.time.last.tv_usec / 1000) * 1000; } argus->argus_far.flow.ip_flow.ip_src = ntohl(entryPtrV5->srcaddr); argus->argus_far.flow.ip_flow.ip_dst = ntohl(entryPtrV5->dstaddr); argus->argus_far.flow.ip_flow.sport = ntohs(entryPtrV5->srcport); argus->argus_far.flow.ip_flow.dport = ntohs(entryPtrV5->dstport); argus->argus_far.flow.ip_flow.ip_p = entryPtrV5->prot; argus->argus_far.attr_ip.stos = entryPtrV5->tos; argus->argus_far.src.count = ntohl(entryPtrV5->pkts); argus->argus_far.src.bytes = ntohl(entryPtrV5->bytes); argus->argus_far.src.appbytes = 0; #ifdef _LITTLE_ENDIAN ArgusHtoN(argus); #endif break; } case Version6: { CiscoFlowHeaderV6_t *hdrPtrV6 = (CiscoFlowHeaderV6_t *) ptr; CiscoFlowEntryV6_t *entryPtrV6 = (CiscoFlowEntryV6_t *) (hdrPtrV6 + 1); bzero ((char *) argus, sizeof (*argus)); argus->ahdr.type = ARGUS_FAR | ARGUS_CISCO_NETFLOW; argus->ahdr.cause = ARGUS_STATUS; argus->ahdr.length = sizeof(argus->ahdr) + sizeof(argus->argus_far); argus->ahdr.status |= ETHERTYPE_IP; argus->argus_far.type = ARGUS_FAR; argus->argus_far.length = sizeof(argus->argus_far); if (hdrPtrV6) { long time; time = ntohl(entryPtrV6->first); argus->argus_far.time.start.tv_sec = (time - (long)hdrPtrV6->sysUptime)/1000; argus->argus_far.time.start.tv_sec += hdrPtrV6->unix_secs; argus->argus_far.time.start.tv_usec = ((time - (long)hdrPtrV6->sysUptime)%1000) * 1000; argus->argus_far.time.start.tv_usec += hdrPtrV6->unix_nsecs/1000; if (argus->argus_far.time.start.tv_usec >= 1000000) { argus->argus_far.time.start.tv_sec++; argus->argus_far.time.start.tv_usec -= 1000000; } if (argus->argus_far.time.start.tv_usec < 0) { argus->argus_far.time.start.tv_sec--; argus->argus_far.time.start.tv_usec += 1000000; } time = ntohl(entryPtrV6->last); argus->argus_far.time.last.tv_sec = (time - (long)hdrPtrV6->sysUptime)/1000; argus->argus_far.time.last.tv_sec += hdrPtrV6->unix_secs; argus->argus_far.time.last.tv_usec = ((time - (long)hdrPtrV6->sysUptime)%1000) * 1000; argus->argus_far.time.last.tv_usec += hdrPtrV6->unix_nsecs/1000; if (argus->argus_far.time.last.tv_usec >= 1000000) { argus->argus_far.time.last.tv_sec++; argus->argus_far.time.last.tv_usec -= 1000000; } if (argus->argus_far.time.last.tv_usec < 0) { argus->argus_far.time.last.tv_sec--; argus->argus_far.time.last.tv_usec += 1000000; } argus->argus_far.time.start.tv_usec = (argus->argus_far.time.start.tv_usec / 1000) * 1000; argus->argus_far.time.last.tv_usec = (argus->argus_far.time.last.tv_usec / 1000) * 1000; } argus->argus_far.flow.ip_flow.ip_src = ntohl(entryPtrV6->srcaddr); argus->argus_far.flow.ip_flow.ip_dst = ntohl(entryPtrV6->dstaddr); argus->argus_far.flow.ip_flow.sport = ntohs(entryPtrV6->srcport); argus->argus_far.flow.ip_flow.dport = ntohs(entryPtrV6->dstport); argus->argus_far.flow.ip_flow.ip_p = entryPtrV6->prot; argus->argus_far.attr_ip.stos = entryPtrV6->tos; argus->argus_far.src.count = ntohl(entryPtrV6->pkts); argus->argus_far.src.bytes = ntohl(entryPtrV6->bytes); argus->argus_far.src.appbytes = 0; #ifdef _LITTLE_ENDIAN ArgusHtoN(argus); #endif break; } case Version8: { break; } } #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusParseCiscoRecord (0x%x) returning 0x%x\n", *ptr, argus); #endif return (argus); } struct ArgusRecord * ArgusNetFlowCallRecord (u_char **ptr) { struct ArgusRecord *argus = ArgusNetFlowArgusRecord; BinaryRecord_CallRecord_V1 *call = (BinaryRecord_CallRecord_V1 *) *ptr; if (*ptr) { bzero ((char *) argus, sizeof (*argus)); argus->ahdr.type = ARGUS_FAR | ARGUS_CISCO_NETFLOW; argus->ahdr.cause = ARGUS_STATUS; argus->ahdr.length = sizeof(argus->ahdr) + sizeof(argus->argus_far); argus->ahdr.status |= ETHERTYPE_IP; argus->argus_far.type = ARGUS_FAR; argus->argus_far.length = sizeof(argus->argus_far); argus->argus_far.time.start.tv_sec = ntohl(call->starttime); argus->argus_far.time.last.tv_sec = ntohl(call->endtime); argus->argus_far.time.last.tv_usec = ntohl(call->activetime) % 1000000; argus->argus_far.time.last.tv_sec += ntohl(call->activetime) / 1000000; argus->argus_far.flow.ip_flow.ip_src = ntohl(call->srcaddr); argus->argus_far.flow.ip_flow.ip_dst = ntohl(call->dstaddr); argus->argus_far.flow.ip_flow.sport = ntohs(call->srcport); argus->argus_far.flow.ip_flow.dport = ntohs(call->dstport); argus->argus_far.flow.ip_flow.ip_p = call->prot; argus->argus_far.attr_ip.stos = call->tos; argus->argus_far.src.count = ntohl(call->pkts); argus->argus_far.src.bytes = ntohl(call->octets); argus->argus_far.src.appbytes = 0; #ifdef _LITTLE_ENDIAN ArgusHtoN(argus); #endif } #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusNetFlowCallRecord (0x%x) returns 0x%x\n", *ptr, argus); #endif return (argus); } struct ArgusRecord * ArgusNetFlowDetailInt (u_char **ptr) { struct ArgusRecord *argus = ArgusNetFlowArgusRecord; BinaryRecord_DetailInterface_V1 *dint = (BinaryRecord_DetailInterface_V1 *) *ptr; if (*ptr) { dint = NULL; bzero ((char *) argus, sizeof (*argus)); } #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusNetFlowDetailInt (0x%x) returns 0x%x\n", *ptr, argus); #endif return (argus); } ArgusNetFlowHandler ArgusLookUpNetFlow(struct ARGUS_INPUT *, int); struct ArgusNetFlowParsers { int type, size; ArgusNetFlowHandler proc; }; struct ArgusNetFlowParsers ArgusNetFlowParsers [] = { { SourceNode, 0, NULL }, { DestNode, 0, NULL }, { HostMatrix, 0, NULL }, { SourcePort, 0, NULL }, { DestPort, 0, NULL }, { Protocol, 0, NULL }, { DetailDestNode, 0, NULL }, { DetailHostMatrix, 0, NULL }, { DetailInterface, sizeof(BinaryRecord_DetailInterface_V1), ArgusNetFlowDetailInt }, { CallRecord, sizeof(BinaryRecord_CallRecord_V1), ArgusNetFlowCallRecord }, { ASMatrix, 0, NULL }, { NetMatrix, 0, NULL }, { DetailSourceNode, 0, NULL }, { DetailASMatrix, 0, NULL }, { ASHostMatrix, 0, NULL }, { HostMatrixInterface, 0, NULL }, { DetailCallRecord, 0, NULL }, { RouterAS, 0, NULL }, { RouterProtoPort, 0, NULL }, { RouterSrcPrefix, 0, NULL }, { RouterDstPrefix, 0, NULL }, { RouterPrefix, 0, NULL }, { -1, 0, NULL }, }; ArgusNetFlowHandler ArgusCiscoNetFlowParse = NULL; int ArgusWriteConnection (struct ARGUS_INPUT *, unsigned char *, int); ArgusNetFlowHandler ArgusLookUpNetFlow(struct ARGUS_INPUT *input, int type) { ArgusNetFlowHandler retn = NULL; struct ArgusNetFlowParsers *p = ArgusNetFlowParsers; do { if (type == p->type) { retn = p->proc; input->ArgusReadSize = p->size; break; } p++; } while (p->type != -1); #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusLookUpNetFlow (0x%x, %d) returning 0x%x\n", input, type, retn); #endif return (retn); } extern char *ArgusVersionStr; int ArgusReadConnection (struct ARGUS_INPUT *input, char *filename) { struct ArgusCanonicalRecord canonbuf, *canon = &canonbuf; struct ArgusRecord argus; u_char *ptr = (u_char *)&argus; unsigned char buf[MAXSTRLEN]; int cnt, fd = -1; if (input != NULL) fd = input->fd; else fd = 0; if (fd >= 0) { switch (input->status & (ARGUS_DATA_SOURCE | ARGUS_CISCO_DATA_SOURCE)) { case ARGUS_DATA_SOURCE: bzero ((char *) &argus, sizeof(argus)); if ((cnt = read (fd, &argus, sizeof(argus.ahdr))) == sizeof(argus.ahdr)) { #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusReadConnection() read %d bytes\n", cnt); #endif if (filename) { if (((ptr[0] == 0x1F) && ((ptr[1] == 0x8B) || (ptr[1] == 0x9D))) || ((ptr[0] == 'B') && (ptr[1] == 'Z') && (ptr[2] == 'h'))) { char cmd[256]; bzero(cmd, 256); close(fd); if (ptr[0] == 'B') strcpy(cmd, "bzip2 -dc "); else if (ptr[1] == 0x8B) strcpy(cmd, "gzip -dc "); else strcpy(cmd, "zcat "); strcat(cmd, filename); if ((input->pipe = popen(cmd, "r")) == NULL) { ArgusLog (LOG_ERR, "ArgusReadConnection: popen(%s) failed. %s\n", cmd, strerror(errno)); close (fd); return (-1); } else { fd = fileno(input->pipe); if ((cnt = read (fd, &argus, sizeof(argus.ahdr))) != sizeof(argus.ahdr)) { ArgusLog (LOG_ERR, "ArgusReadConnection: read from '%s' failed. %s\n", cmd, strerror(errno)); pclose(input->pipe); input->pipe = NULL; close (fd); return (-1); } } } } if (argus.ahdr.type & ARGUS_MAR) { unsigned short length = ntohs(argus.ahdr.length); unsigned int argusid = ntohl(argus.ahdr.argusid); unsigned int sequence = ntohl(argus.ahdr.seqNumber); unsigned int status = ntohl(argus.ahdr.status); if (argus.ahdr.cause & ARGUS_ERROR) { #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusReadConnection() ARGUS_ERROR Mar.\n"); #endif if (status & ARGUS_MAXLISTENEXCD) { fprintf (stderr, "%s: remote exceed listen error.\n", ArgusProgramName); close (fd); return (-1); } } if (argus.ahdr.cause == ARGUS_START) { #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusReadConnection() ARGUS_START Mar.\n"); #endif input->status |= ARGUS_DATA_SOURCE; if ((argusid == ARGUS_COOKIE) && (sequence == 0)) { int size = length - sizeof(argus.ahdr); if ((cnt = read (fd, &argus.argus_mar, size)) != size) { #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusReadConnection() read failed for ARGUS_START Mar %s.\n", strerror(errno)); #endif close (fd); return (-1); } bcopy ((char *) &argus, (char *)&input->ArgusInitCon, sizeof (argus)); bcopy ((char *) &argus, (char *) ArgusOriginal, length); ArgusInput = input; ArgusHandleDatum ((struct ArgusRecord *)&argus, &ArgusFilterCode); #ifdef _LITTLE_ENDIAN ArgusNtoH(&argus); #endif bcopy ((char *) &argus, (char *)&input->ArgusManStart, sizeof (argus)); input->major_version = MAJOR_VERSION_2; input->minor_version = MINOR_VERSION_0; input->ArgusReadSize = argus.argus_mar.record_len; argus_parse_init (input); if (Sflag && (input->major_version >= MAJOR_VERSION_2)) { if (ntohl(argus.ahdr.status) & ARGUS_SASL_AUTHENTICATE) { if (!(ArgusAuthenticate(input))) { fprintf (stderr, "%s: incorrect password\n", ArgusProgramName); close(fd); return (-1); } } if ((ArgusRemoteFilter != NULL) && (filename == NULL) && (fd != 0)) { int len; snprintf ((char *) buf, MAXSTRLEN-1, "FILTER: man or %s", (char *) ArgusRemoteFilter); len = strlen((char *) buf); if ((cnt = write (fd, buf, len)) != len) { fprintf (stderr, "%s: write remote filter error %s.\n", ArgusProgramName, strerror(errno)); close(fd); return (-1); } } } } else { fprintf (stderr, "%s: not Argus-2.0 data stream.\n", ArgusProgramName); close(fd); fd = -1; } } else { struct WriteStruct *ws = NULL; char *ptr; int size; bcopy ((char *)&argus, buf, sizeof(argus.ahdr)); size = sizeof(*ws) - sizeof(argus.ahdr); if ((cnt = read (fd, &buf[sizeof(argus.ahdr)], size)) != size) { fprintf (stderr, "%s: reading %d bytes, got %d bytes. %s", ArgusProgramName, size, cnt, strerror(errno)); close (fd); return (-1); } else ws = (struct WriteStruct *) buf; if ((ptr = strstr (ws->ws_init.initString, ArgusVersionStr)) != NULL) { ArgusConvertInitialWriteStruct (ws, &argus); input->major_version = argus.argus_mar.major_version; input->minor_version = argus.argus_mar.minor_version; input->ArgusReadSize = sizeof(*ws); if (initCon == NULL) { if ((initCon = (struct ArgusRecord *) calloc (1, sizeof (argus))) != NULL) bcopy ((char *) &argus, (char *) initCon, sizeof (argus)); } bcopy ((char *) &argus, (char *)&input->ArgusInitCon, sizeof (argus)); bcopy ((char *)&argus, (char *) ArgusOriginal, sizeof(argus)); ArgusInput = input; ArgusHandleDatum ((struct ArgusRecord *)&argus, &ArgusFilterCode); #ifdef _LITTLE_ENDIAN ArgusNtoH(&argus); #endif argus_parse_init (input); input->status |= ARGUS_DATA_SOURCE; } else { fprintf (stderr, "%s: not Argus-2.0 data stream.\n", ArgusProgramName); close(fd); fd = -1; } } } else { char *ptr = (char *)&argus; #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusReadConnection() testing for CISCO records\n"); #endif if (!(strncmp(&ptr[3], "SOURCE", 6))) { BinaryHeaderF2 *ArgusNetFlow = (BinaryHeaderF2 *) buf; int size; bcopy ((char *)&argus, buf, sizeof(argus.ahdr)); size = sizeof(*ArgusNetFlow) - sizeof(argus.ahdr); if ((cnt = read (fd, &buf[sizeof(argus.ahdr)], size)) != size) { fprintf (stderr, "%s: reading %d bytes, got %d bytes. %s", ArgusProgramName, size, cnt, strerror(errno)); close (fd); return (-1); } else { #ifdef _LITTLE_ENDIAN ArgusNetFlow->starttime = ntohl(ArgusNetFlow->starttime); ArgusNetFlow->endtime = ntohl(ArgusNetFlow->endtime); ArgusNetFlow->flows = ntohl(ArgusNetFlow->flows); ArgusNetFlow->missed = ntohl(ArgusNetFlow->missed); ArgusNetFlow->records = ntohl(ArgusNetFlow->records); #endif bzero ((char *)&argus, sizeof(argus)); argus.ahdr.type = ARGUS_MAR | ARGUS_CISCO_NETFLOW; argus.ahdr.length = sizeof (argus); argus.ahdr.cause = ARGUS_START; argus.ahdr.argusid = ARGUS_COOKIE; argus.argus_mar.startime.tv_sec = ArgusNetFlow->starttime; argus.argus_mar.now.tv_sec = ArgusNetFlow->starttime; argus.argus_mar.major_version = major_version; argus.argus_mar.minor_version = minor_version; argus.argus_mar.flows = ArgusNetFlow->flows; argus.argus_mar.pktsDrop = ArgusNetFlow->missed; argus.argus_mar.record_len = -1; input->major_version = argus.argus_mar.major_version; input->minor_version = argus.argus_mar.minor_version; if ((input->ArgusCiscoNetFlowParse = ArgusLookUpNetFlow(input, ArgusNetFlow->aggregation)) != NULL) { #ifdef _LITTLE_ENDIAN ArgusHtoN(&argus); #endif if (initCon == NULL) { if ((initCon = (struct ArgusRecord *) calloc (1, sizeof (argus))) != NULL) bcopy ((char *) &argus, (char *) initCon, sizeof (argus)); } bcopy ((char *) &argus, (char *)&input->ArgusInitCon, sizeof (argus)); bcopy ((char *) &argus, (char *) ArgusOriginal, sizeof(argus)); ArgusInput = input; ArgusGenerateCanonicalRecord (&argus, canon); #ifdef _LITTLE_ENDIAN ArgusNtoH(&argus); #endif argus_parse_init (input); if (check_time (&argus)) { if (!(wfile) || !(wfile || RaWriteOut)) ArgusProcessRecord(&argus); } input->status |= ARGUS_CISCO_DATA_SOURCE; } else { fprintf (stderr, "%s: not supported Cisco data stream.\n", ArgusProgramName); close(fd); fd = -1; } } } else { fprintf (stderr, "%s: not Argus-2.0 data stream.\n", ArgusProgramName); close(fd); fd = -1; } } } else { fprintf (stderr, "%s: no data in data stream.\n", ArgusProgramName); close(fd); fd = -1; } break; case ARGUS_CISCO_DATA_SOURCE: #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusReadConnection(0x%x) reading from Cisco Router.\n", input); #endif bzero((char *)&argus, sizeof(argus)); argus.ahdr.type = ARGUS_MAR | ARGUS_CISCO_NETFLOW; argus.ahdr.length = sizeof (argus); argus.ahdr.cause = ARGUS_START; argus.ahdr.argusid = ARGUS_COOKIE; argus.argus_mar.startime.tv_sec = ArgusGlobalTime.tv_sec; argus.argus_mar.now.tv_sec = ArgusGlobalTime.tv_sec; argus.argus_mar.major_version = major_version; argus.argus_mar.minor_version = minor_version; argus.argus_mar.record_len = -1; input->major_version = argus.argus_mar.major_version; input->minor_version = argus.argus_mar.minor_version; #ifdef _LITTLE_ENDIAN ArgusHtoN(&argus); #endif if (initCon == NULL) { if ((initCon = (struct ArgusRecord *) calloc (1, sizeof (argus))) != NULL) bcopy ((char *) &argus, (char *) initCon, sizeof (argus)); } bcopy ((char *) &argus, (char *)&input->ArgusInitCon, sizeof (argus)); bcopy ((char *) &argus, (char *) ArgusOriginal, sizeof(argus)); ArgusInput = input; argus_parse_init (input); break; } } #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusReadConnection() returning %d\n", fd); #endif return (fd); } void ArgusCloseInput(struct ARGUS_INPUT *); int ArgusReadStreamSocket (struct ARGUS_INPUT *); int ArgusReadCiscoStreamSocket (struct ARGUS_INPUT *); int ArgusReadCiscoDatagramSocket (struct ARGUS_INPUT *); void ArgusCloseInput(struct ARGUS_INPUT *input) { if (input->pipe) { pclose(input->pipe); input->pipe = NULL; } if (input->in != NULL) fclose(input->in); if (input->out != NULL) fclose(input->out); if (input->ArgusReadBuffer != NULL) ArgusFree(input->ArgusReadBuffer); if (input->ArgusConvBuffer != NULL) ArgusFree(input->ArgusConvBuffer); close (input->fd); #ifdef ARGUSDEBUG ArgusDebug (4, "ArgusCloseInput(0x%x) done\n", input); #endif } #ifdef ARGUS_SASL #include int ArgusReadSaslStreamSocket (struct ARGUS_INPUT *); int ArgusReadSaslStreamSocket (struct ARGUS_INPUT *input) { int retn = 0, fd = input->fd, cnt; unsigned int value = 0, *pvalue = &value; struct ArgusRecord *argus = NULL; char *output = NULL, *end = NULL, *ptr = NULL; unsigned int outputlen = 0; if ((retn = sasl_getprop(input->sasl_conn, SASL_MAXOUTBUF, (void **) &pvalue)) != SASL_OK) ArgusLog (LOG_ERR, "ArgusReadSaslStreamSocket: sasl_getprop %s\n", strerror(errno)); if (value == 0) value = MAXSTRLEN; if ((cnt = read (fd, input->ArgusSaslBuffer + input->ArgusSaslBufCnt, MAXSTRLEN)) > 0) { input->ArgusSaslBufCnt = cnt; ptr = input->ArgusSaslBuffer; do { cnt = (input->ArgusSaslBufCnt > value) ? value : input->ArgusSaslBufCnt; if (sasl_decode (input->sasl_conn, ptr, cnt, &output, &outputlen) == SASL_OK) { #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusReadSaslStreamSocket (0x%x) sasl_decoded %d bytes\n", input, outputlen); #endif ptr += cnt; if (outputlen) { argus = (struct ArgusRecord *) output; end = output + outputlen; while ((char *)argus < end) { input->ArgusReadSocketCnt = ntohs(argus->ahdr.length); bcopy (argus, input->ArgusReadBuffer, input->ArgusReadSocketCnt); if (ArgusHandleDatum (argus, &ArgusFilterCode) == 1) { if (!input->filename) write (fd, "DONE: ", strlen("DONE: ")); retn = 1; break; } else (char *)argus += input->ArgusReadSocketCnt; } free (output); input->ArgusSaslBufCnt -= cnt; } else { input->ArgusSaslBufCnt = 0; break; } } else { ArgusLog (LOG_ERR, "ArgusReadSaslStreamSocket: sasl_decode () failed"); break; } } while (input->ArgusSaslBufCnt > 0); } else { retn = 1; if ((cnt < 0) && ((errno == EAGAIN) || (errno == EINTR))) { retn = 0; } } #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusReadSaslStreamSocket (0x%x) returning %d\n", input, retn); #endif return (retn); } #endif /* ARGUS_SASL */ int ArgusReadStreamSocket (struct ARGUS_INPUT *input) { int retn = 0, fd = input->fd, cnt = 0; unsigned short length; #ifdef ARGUSDEBUG ArgusDebug (8, "ArgusReadStreamSocket (0x%x) starting\n", input); #endif if ((cnt = read (fd, input->ArgusReadPtr + input->ArgusReadSocketCnt, (input->ArgusReadSocketSize - input->ArgusReadSocketCnt))) > 0) { input->ArgusReadSocketCnt += cnt; #ifdef ARGUSDEBUG ArgusDebug (8, "ArgusReadStreamSocket (0x%x) read %d bytes\n", input, cnt); #endif if (input->ArgusReadSocketCnt == input->ArgusReadSocketSize) { if (input->ArgusReadSocketState == ARGUS_READINGHDR) { input->ArgusReadSocketState = ARGUS_READINGBLOCK; bcopy ((char *)&((struct ArgusRecordHeader *)input->ArgusReadPtr)->length, (char *)&length, sizeof(length)); input->ArgusReadSocketSize = ntohs(length) - sizeof(struct ArgusRecordHeader); input->ArgusReadPtr = &input->ArgusReadBuffer[input->ArgusReadSocketCnt]; input->ArgusReadSocketCnt = 0; } else { if (input->major_version < 2) { ArgusConvertWriteStruct ((struct WriteStruct *)input->ArgusReadBuffer, (struct ArgusRecord *)input->ArgusConvBuffer); bcopy (input->ArgusConvBuffer, input->ArgusReadBuffer, MAXSTRLEN); } if (ArgusHandleDatum ((struct ArgusRecord *)input->ArgusReadBuffer, &ArgusFilterCode) == 1) { if (!input->filename) { write (fd, "DONE: ", strlen("DONE: ")); retn = 1; } } if (input->major_version >= 2) { input->ArgusReadSocketState = ARGUS_READINGHDR; input->ArgusReadSocketSize = sizeof(struct ArgusRecordHeader); } input->ArgusReadPtr = input->ArgusReadBuffer; bzero (input->ArgusReadBuffer, MAXSTRLEN); input->ArgusReadSocketCnt = 0; } } } else { #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusReadStreamSocket (0x%x) read returned %d\n", input, cnt); #endif retn = 1; if ((cnt < 0) && ((errno == EAGAIN) || (errno == EINTR))) { retn = 0; } } #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusReadStreamSocket (0x%x) returning %d\n", input, retn); #endif return (retn); } int ArgusReadCiscoStreamSocket (struct ARGUS_INPUT *input) { int cnt = 0, retn = 0; #ifdef ARGUSDEBUG ArgusDebug (8, "ArgusReadCiscoStreamSocket (0x%x) starting\n", input); #endif if ((cnt = read (input->fd, input->ArgusReadPtr + input->ArgusReadSocketCnt, (input->ArgusReadSocketSize - input->ArgusReadSocketCnt))) > 0) { input->ArgusReadSocketCnt += cnt; #ifdef ARGUSDEBUG ArgusDebug (8, "ArgusReadCiscoStreamSocket (0x%x) read %d bytes, total %d need %d\n", input, cnt, input->ArgusReadSocketCnt, input->ArgusReadSocketSize); #endif if (input->ArgusReadSocketCnt == input->ArgusReadSocketSize) { switch (input->ArgusReadSocketState) { case ARGUS_READINGPREHDR: { unsigned short *sptr = (unsigned short *) input->ArgusReadPtr; input->ArgusReadCiscoVersion = ntohs(*sptr++); input->ArgusReadSocketNum = ntohs(*sptr); #define CISCO_VERSION_1 1 #define CISCO_VERSION_5 5 switch (input->ArgusReadCiscoVersion) { case CISCO_VERSION_1: input->ArgusReadSocketSize = sizeof(CiscoFlowHeaderV1_t) - 4; input->ArgusReadPtr = &input->ArgusReadBuffer[input->ArgusReadSocketCnt]; break; case CISCO_VERSION_5: input->ArgusReadSocketSize = sizeof(CiscoFlowHeaderV5_t) - 4; input->ArgusReadPtr = &input->ArgusReadBuffer[input->ArgusReadSocketCnt]; break; default: { fprintf (stderr, "input not Cisco wire format\n"); return(1); } } input->ArgusReadSocketState = ARGUS_READINGHDR; input->ArgusReadSocketCnt = 0; break; } case ARGUS_READINGHDR: { #ifdef ARGUSDEBUG ArgusDebug (7, "ArgusReadCiscoStreamSocket (0x%x) read record header\n", input); #endif switch (input->ArgusReadCiscoVersion) { case CISCO_VERSION_1: { CiscoFlowHeaderV1_t *ArgusNetFlow = (CiscoFlowHeaderV1_t *) input->ArgusReadBuffer; CiscoFlowHeaderV1_t *nfptr = ArgusNetFlow; input->ArgusCiscoNetFlowParse = ArgusParseCiscoRecordV1; input->ArgusReadSocketSize = sizeof(CiscoFlowEntryV1_t); input->ArgusReadPtr = &input->ArgusReadBuffer[sizeof(CiscoFlowHeaderV1_t)]; ArgusNetFlow->version = ntohs(nfptr->version); ArgusNetFlow->count = ntohs(nfptr->count); ArgusNetFlow->sysUptime = ntohl(nfptr->sysUptime); ArgusNetFlow->unix_secs = ntohl(nfptr->unix_secs); ArgusNetFlow->unix_nsecs = ntohl(nfptr->unix_nsecs); ArgusNetFlowRecordHeader = (unsigned char *)ArgusNetFlow; break; } case CISCO_VERSION_5: { CiscoFlowHeaderV5_t *ArgusNetFlow = (CiscoFlowHeaderV5_t *) input->ArgusReadBuffer; CiscoFlowHeaderV5_t *nfptr = ArgusNetFlow; input->ArgusCiscoNetFlowParse = ArgusParseCiscoRecordV5; input->ArgusReadSocketSize = sizeof(CiscoFlowEntryV5_t); input->ArgusReadPtr = &input->ArgusReadBuffer[sizeof(CiscoFlowHeaderV5_t)]; ArgusNetFlow->version = ntohs(nfptr->version); ArgusNetFlow->count = ntohs(nfptr->count); ArgusNetFlow->sysUptime = ntohl(nfptr->sysUptime); ArgusNetFlow->unix_secs = ntohl(nfptr->unix_secs); ArgusNetFlow->unix_nsecs = ntohl(nfptr->unix_nsecs); ArgusNetFlow->flow_sequence = ntohl(nfptr->flow_sequence); ArgusNetFlowRecordHeader = (unsigned char *)ArgusNetFlow; break; } default: { #ifdef ARGUSDEBUG ArgusDebug (7, "ArgusReadCiscoStreamSocket (0x%x) read header\n", input); #endif } } input->ArgusReadSocketState = ARGUS_READINGBLOCK; input->ArgusReadBlockPtr = input->ArgusReadPtr; input->ArgusReadSocketCnt = 0; break; } default: #ifdef ARGUSDEBUG ArgusDebug (7, "ArgusReadCiscoStreamSocket (0x%x) read record complete\n", input); #endif if (ArgusHandleDatum (input->ArgusCiscoNetFlowParse (&input->ArgusReadPtr), &ArgusFilterCode)) return(1); if (!(--input->ArgusReadSocketNum)) { input->ArgusReadPtr = input->ArgusReadBuffer; bzero (input->ArgusReadBuffer, k_maxFlowPacketSize); input->ArgusReadSocketState = ARGUS_READINGPREHDR; input->ArgusReadSocketSize = 4; } else { switch (input->ArgusReadCiscoVersion) { case CISCO_VERSION_1: input->ArgusReadPtr = &input->ArgusReadBuffer[sizeof(CiscoFlowHeaderV1_t)]; break; case CISCO_VERSION_5: input->ArgusReadPtr = &input->ArgusReadBuffer[sizeof(CiscoFlowHeaderV5_t)]; break; default: { #ifdef ARGUSDEBUG ArgusDebug (7, "ArgusReadCiscoStreamSocket (0x%x) read header\n", input); #endif } } } input->ArgusReadSocketCnt = 0; break; } } } else { #ifdef ARGUSDEBUG if (cnt < 0) ArgusDebug (3, "ArgusReadCiscoStreamSocket (0x%x) read returned %d error %s\n", input, cnt, strerror(errno)); else ArgusDebug (3, "ArgusReadCiscoStreamSocket (0x%x) read returned %d\n", input, cnt); #endif retn = 1; if ((cnt < 0) && ((errno == EAGAIN) || (errno == EINTR))) { retn = 0; } } #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusReadCiscoStreamSocket (0x%x) returning %d\n", input, retn); #endif return (retn); } int ArgusCiscoDatagramSocketStart = 1; int ArgusReadCiscoDatagramSocket (struct ARGUS_INPUT *input) { int retn = 0, cnt = 0, count = 0, i = 0; unsigned short *sptr = NULL; unsigned char *ptr = NULL; #ifdef ARGUSDEBUG ArgusDebug (8, "ArgusReadCiscoDatagramSocket (0x%x) starting\n", input); #endif if ((cnt = read (input->fd, input->ArgusReadPtr, input->ArgusReadSocketSize)) > 0) { input->ArgusReadSocketCnt = cnt; sptr = (unsigned short *) input->ArgusReadPtr; ptr = (unsigned char *) input->ArgusReadPtr; #ifdef ARGUSDEBUG ArgusDebug (8, "ArgusReadCiscoDatagramSocket (0x%x) read %d bytes, capacity %d\n", input, cnt, input->ArgusReadSocketCnt, input->ArgusReadSocketSize); #endif #define CISCO_VERSION_1 1 #define CISCO_VERSION_5 5 #define CISCO_VERSION_6 6 #define CISCO_VERSION_8 8 switch (input->ArgusReadCiscoVersion = ntohs(*sptr)) { case CISCO_VERSION_1: { CiscoFlowHeaderV1_t *ArgusNetFlow = (CiscoFlowHeaderV1_t *) ptr; CiscoFlowHeaderV1_t *nfptr = (CiscoFlowHeaderV1_t *) sptr; input->ArgusCiscoNetFlowParse = ArgusParseCiscoRecordV1; ArgusNetFlow->version = ntohs(nfptr->version); ArgusNetFlow->count = ntohs(nfptr->count); ArgusNetFlow->sysUptime = ntohl(nfptr->sysUptime); ArgusNetFlow->unix_secs = ntohl(nfptr->unix_secs); ArgusNetFlow->unix_nsecs = ntohl(nfptr->unix_nsecs); ArgusNetFlowRecordHeader = ptr; ptr = (unsigned char *) (nfptr + 1); count = ArgusNetFlow->count; } break; case CISCO_VERSION_5: { CiscoFlowHeaderV5_t *ArgusNetFlow = (CiscoFlowHeaderV5_t *) ptr; CiscoFlowHeaderV5_t *nfptr = (CiscoFlowHeaderV5_t *) sptr; input->ArgusCiscoNetFlowParse = ArgusParseCiscoRecordV5; ArgusNetFlow->version = ntohs(nfptr->version); ArgusNetFlow->count = ntohs(nfptr->count); ArgusNetFlow->sysUptime = ntohl(nfptr->sysUptime); ArgusNetFlow->unix_secs = ntohl(nfptr->unix_secs); ArgusNetFlow->unix_nsecs = ntohl(nfptr->unix_nsecs); ArgusNetFlow->flow_sequence = ntohl(nfptr->flow_sequence); ArgusNetFlowRecordHeader = ptr; ptr = (unsigned char *) (nfptr + 1); count = ArgusNetFlow->count; } break; case CISCO_VERSION_6: { CiscoFlowHeaderV6_t *ArgusNetFlow = (CiscoFlowHeaderV6_t *) ptr; CiscoFlowHeaderV6_t *nfptr = (CiscoFlowHeaderV6_t *) sptr; input->ArgusCiscoNetFlowParse = ArgusParseCiscoRecordV6; ArgusNetFlow->version = ntohs(nfptr->version); ArgusNetFlow->count = ntohs(nfptr->count); ArgusNetFlow->sysUptime = ntohl(nfptr->sysUptime); ArgusNetFlow->unix_secs = ntohl(nfptr->unix_secs); ArgusNetFlow->unix_nsecs = ntohl(nfptr->unix_nsecs); ArgusNetFlow->flow_sequence = ntohl(nfptr->flow_sequence); ArgusNetFlowRecordHeader = ptr; ptr = (unsigned char *) (nfptr + 1); count = ArgusNetFlow->count; } break; case CISCO_VERSION_8: { CiscoFlowHeaderV8_t *ArgusNetFlow = (CiscoFlowHeaderV8_t *) ptr; CiscoFlowHeaderV8_t *nfptr = (CiscoFlowHeaderV8_t *) sptr; ArgusNetFlow->version = ntohs(nfptr->version); ArgusNetFlow->count = ntohs(nfptr->count); ArgusNetFlow->sysUptime = ntohl(nfptr->sysUptime); ArgusNetFlow->unix_secs = ntohl(nfptr->unix_secs); ArgusNetFlow->unix_nsecs = ntohl(nfptr->unix_nsecs); ArgusNetFlow->flow_sequence = ntohl(nfptr->flow_sequence); ArgusNetFlowRecordHeader = ptr; ptr = (unsigned char *) (nfptr + 1); count = ArgusNetFlow->count; if ((input->ArgusCiscoNetFlowParse = ArgusLookUpNetFlow(input, ArgusNetFlow->agg_method)) != NULL) { } } break; } for (i = 0; i < count; i++) { if (ArgusHandleDatum (input->ArgusCiscoNetFlowParse (&ptr), &ArgusFilterCode)) return(1); } } else { #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusReadCiscoDatagramSocket (0x%x) read returned %d error %s\n", input, cnt, strerror(errno)); #endif if ((cnt < 0) && ((errno == EAGAIN) || (errno == EINTR))) { retn = 0; } else retn = 1; } #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusReadCiscoDatagramSocket (0x%x) returning %d\n", input, retn); #endif return (retn); } void ArgusReadStream () { int retn = 0, width = -1, i; struct timeval now, wait, timeoutValue; struct ARGUS_INPUT *input = NULL; fd_set readmask; if (ArgusRemoteFDs[0] == NULL) { #ifdef ARGUSDEBUG ArgusDebug (4, "ArgusReadStream() ArgusRemoteFDs is empty\n"); #endif return; } if (gettimeofday (&now, NULL) == 0) { ArgusAdjustGlobalTime(&now); FD_ZERO (&readmask); for (i = 0; i < ARGUS_MAX_REMOTE_CONN; i++) if (ArgusRemoteFDs[i] != NULL) { FD_SET (ArgusRemoteFDs[i]->fd, &readmask); width = (width < ArgusRemoteFDs[i]->fd) ? ArgusRemoteFDs[i]->fd : width; } width++; wait.tv_sec = 0; wait.tv_usec = 250000; #ifdef ARGUSDEBUG ArgusDebug (4, "ArgusReadStream() starting\n"); #endif for (;;) { if ((retn = select (width, &readmask, NULL, NULL, &wait)) >= 0) { for (i = 0; i < ARGUS_MAX_REMOTE_CONN; i++) { if ((input = ArgusRemoteFDs[i]) != NULL) { if (FD_ISSET (input->fd, &readmask)) { ArgusInput = input; switch (input->status & (ARGUS_DATA_SOURCE | ARGUS_CISCO_DATA_SOURCE)) { case ARGUS_DATA_SOURCE: #ifdef ARGUS_SASL if (input->sasl_conn && (input->sasl_conn->oparams.decode != NULL)) { if (ArgusReadSaslStreamSocket (input)) { ArgusCloseInput(input); ArgusRemoteFDs[i] = NULL; } } else #endif if (ArgusReadStreamSocket (input)) { ArgusCloseInput(input); ArgusRemoteFDs[i] = NULL; } break; case ARGUS_CISCO_DATA_SOURCE: if (ArgusRemoteHostList) if (ArgusReadCiscoDatagramSocket (input)) { ArgusCloseInput(input); ArgusRemoteFDs[i] = NULL; } if (ArgusInputFileList) if (ArgusReadCiscoStreamSocket (input)) { ArgusCloseInput(input); ArgusRemoteFDs[i] = NULL; } break; } } } } if (Sflag) { gettimeofday (&now, NULL); ArgusAdjustGlobalTime(&now); } else now = ArgusGlobalTime; if (timeoutValue.tv_sec == 0) { timeoutValue = ArgusGlobalTime; timeoutValue.tv_sec += RaClientTimeout.tv_sec; timeoutValue.tv_usec += RaClientTimeout.tv_usec; if (timeoutValue.tv_usec >= 1000000) { timeoutValue.tv_sec += 1; timeoutValue.tv_usec -= 1000000; } } if ((now.tv_sec > timeoutValue.tv_sec) || ((now.tv_sec == timeoutValue.tv_sec) && (now.tv_usec > timeoutValue.tv_usec))) { ArgusClientTimeout (); if (Tflag) { if ((Tflag - 1) == 0) { ArgusShutDown(0); } Tflag--; } timeoutValue = now; timeoutValue.tv_sec += RaClientTimeout.tv_sec; timeoutValue.tv_usec += RaClientTimeout.tv_usec; } width = -1; FD_ZERO (&readmask); for (i = 0; i < ARGUS_MAX_REMOTE_CONN; i++) if (ArgusRemoteFDs[i] != NULL) { FD_SET (ArgusRemoteFDs[i]->fd, &readmask); width = (width < ArgusRemoteFDs[i]->fd) ? ArgusRemoteFDs[i]->fd : width; } if (width < 0) return; else width++; wait.tv_sec = 0; wait.tv_usec = 250000; } else { #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusReadStream() select returned %s\n", strerror(errno)); #endif if (errno != EINTR) break; } } } #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusReadStream() returning\n"); #endif } void ArgusProcessRecord (struct ArgusRecord *ptr) { if (ptr->ahdr.type & ARGUS_MAR) process_man (ptr); else { switch (ptr->ahdr.status & 0xFFFF) { case ETHERTYPE_IP: switch (ptr->argus_far.flow.ip_flow.ip_p) { case IPPROTO_TCP: process_tcp (ptr); break; case IPPROTO_UDP: process_udp (ptr); break; case IPPROTO_ICMP: process_icmp (ptr); break; default: process_ip (ptr); break; } break; case ETHERTYPE_ARP: case ETHERTYPE_REVARP: process_arp (ptr); break; default: process_non_ip (ptr); break; } } #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusProcessRecord (0x%x) returning\n", ptr); #endif } #include extern void ArgusLog (int, char *, ...); #define ARGUS_DEFAULTCISCOPORT 9995 char *ArgusRecordType = NULL; extern int ArgusInitializeAuthentication(void); #include #include int ArgusGetServerSocket (struct ARGUS_INPUT *input) { int retn = -1; struct sockaddr_in server; struct servent *sp; struct hostent *hp; int s, type = 0; unsigned short portnum = 0; switch (input->status & (ARGUS_DATA_SOURCE | ARGUS_CISCO_DATA_SOURCE)) { case ARGUS_DATA_SOURCE: { ArgusRecordType = "Argus"; type = SOCK_STREAM; if (!input->portnum) { if (!ArgusPortNum) { if ((sp = getservbyname ("monitor", "tcp")) != NULL) portnum = sp->s_port; else portnum = htons(ARGUS_DEFAULTPORT); } else portnum = htons(ArgusPortNum); input->portnum = ntohs(portnum); } else portnum = htons(input->portnum); break; } case ARGUS_CISCO_DATA_SOURCE: { struct ArgusRecord argus; ArgusRecordType = "Netflow"; type = SOCK_DGRAM; if (!input->portnum) { if (!ArgusPortNum) portnum = htons(ARGUS_DEFAULTCISCOPORT); else portnum = htons(ArgusPortNum); input->portnum = ntohs(portnum); } else portnum = htons(input->portnum); bzero ((char *)&argus, sizeof(argus)); argus.ahdr.type = ARGUS_MAR | ARGUS_CISCO_NETFLOW; argus.ahdr.length = sizeof (argus); argus.ahdr.cause = ARGUS_START; argus.ahdr.argusid = ARGUS_COOKIE; argus.argus_mar.startime.tv_sec = ArgusGlobalTime.tv_sec; argus.argus_mar.now.tv_sec = ArgusGlobalTime.tv_sec; argus.argus_mar.major_version = major_version; argus.argus_mar.minor_version = minor_version; argus.argus_mar.record_len = -1; input->major_version = argus.argus_mar.major_version; input->minor_version = argus.argus_mar.minor_version; bcopy ((char *) &argus, (char *)&input->ArgusInitCon, sizeof (argus)); bcopy ((char *) &argus, (char *) ArgusOriginal, sizeof(argus)); ArgusInput = input; break; } default: ArgusLog (LOG_ERR, "ArgusGetServerSocket(0x%x) unknown type\n", input); } bzero ((char *) &server, sizeof (server)); if ((s = socket (AF_INET, type, 0)) >= 0) { if (type == SOCK_DGRAM) { server.sin_addr.s_addr = INADDR_ANY; server.sin_family = AF_INET; server.sin_port = portnum; fprintf (stderr, "%s: Binding port %d Expecting %s records\n", ArgusProgramName, ntohs(portnum), ArgusRecordType); if ((bind (s, (struct sockaddr *)&server, sizeof(server))) < 0) ArgusLog (LOG_ERR, "bind (%d, %s:%hu, %d) failed %s\n", s, inet_ntoa(server.sin_addr), server.sin_port, sizeof(server), strerror(errno)); } else { int optval = 1; if (setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, (char *)&optval, sizeof(int)) < 0) { #ifdef ARGUSDEBUG ArgusDebug (2, "setsockopt(%d, SOL_SOCKET, SO_KEEPALIVE, 0x%x, %d) failed:", s, optval, sizeof(int)); #endif } if ((hp = gethostbyaddr ((char *)&input->addr, sizeof (input->addr), AF_INET)) != NULL) { bcopy ((char *) hp->h_addr, (char *)&server.sin_addr, hp->h_length); server.sin_family = hp->h_addrtype; server.sin_port = portnum; fprintf (stderr, "%s: Trying %s port %d Expecting %s records\n", ArgusProgramName, (hp->h_name) ? (hp->h_name) : intoa (input->addr), ntohs(portnum), ArgusRecordType); } else { server.sin_addr.s_addr = input->addr; server.sin_family = AF_INET; server.sin_port = portnum; fprintf (stderr, "%s: Trying %s port %d Expecting %s records\n", ArgusProgramName, intoa (input->addr), ntohs(portnum), ArgusRecordType); } if ((connect (s, (struct sockaddr *)&server, sizeof(server))) < 0) ArgusLog (LOG_ERR, "connect (%d, %s:%hu, %d) failed %s\n", s, inet_ntoa(server.sin_addr), server.sin_port, sizeof(server), strerror(errno)); } retn = s; input->fd = s; if (type == SOCK_DGRAM) fprintf (stderr, "%s: receiving\n", ArgusProgramName); else fprintf (stderr, "%s: connected\n", ArgusProgramName); } else { fprintf (stderr, "%s: socket() failed. %s\n", ArgusProgramName, strerror(errno)); } #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusGetServerSocket (0x%x) returning %d\n", input, retn); #endif return (retn); } int ArgusAddFileList (char *ptr) { register int retn = 0; register struct ARGUS_INPUT *file, *list; if (ptr) { if ((file = (struct ARGUS_INPUT *) ArgusCalloc (1, sizeof(struct ARGUS_INPUT))) != NULL) { if ((list = ArgusInputFileList) != NULL) { while (list->nxt) list = list->nxt; list->nxt = file; } else ArgusInputFileList = file; file->filename = strdup(ptr); file->status |= (Cflag ? ARGUS_CISCO_DATA_SOURCE : ARGUS_DATA_SOURCE); retn = 1; } } #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusAddFileList (%s) returning %d\n", ptr, retn); #endif return (retn); } void ArgusDeleteFileList () { struct ARGUS_INPUT *addr = ArgusInputFileList; while (addr) { if (addr->filename) free(addr->filename); addr = addr->nxt; ArgusFree(ArgusInputFileList); ArgusInputFileList = addr; } #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusDeleteFileList () returning\n"); #endif } #include #include #include int ArgusAddHostList (char *str) { int retn = 0; struct ARGUS_INPUT *addr = NULL; unsigned int ipaddr, **name; long int portnum = 0; char *ptr = NULL, *endptr = NULL; if ((ptr = strchr (str, (int)':')) != NULL) { *ptr++ = '\0'; portnum = strtol(ptr, &endptr, 10); if (endptr == ptr) usage(); } if ((ipaddr = (unsigned int) inet_addr (str)) == (unsigned int) -1) { if ((name = (unsigned int **) argus_nametoaddr (str)) != NULL) { if (*name) { if ((addr = (struct ARGUS_INPUT *) ArgusCalloc (1, sizeof (struct ARGUS_INPUT))) != NULL) { addr->nxt = ArgusRemoteHostList; ArgusRemoteHostList = addr; addr->addr = ntohl(**name); addr->hostname = strdup(str); addr->portnum = portnum; retn = 1; } } } } else if ((addr = (struct ARGUS_INPUT *) ArgusCalloc (1, sizeof (struct ARGUS_INPUT))) != NULL) { addr->nxt = ArgusRemoteHostList; ArgusRemoteHostList = addr; addr->addr = ipaddr; addr->portnum = portnum; retn = 1; } if (addr) addr->status |= (Cflag ? ARGUS_CISCO_DATA_SOURCE : ARGUS_DATA_SOURCE); #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusAddHostList (%s) returning %d\n", str, retn); #endif return (retn); } void ArgusDeleteHostList () { struct ARGUS_INPUT *addr = ArgusRemoteHostList; while (addr) { if (addr->hostname) free(addr->hostname); addr = addr->nxt; ArgusFree(ArgusRemoteHostList); ArgusRemoteHostList = addr; } #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusDeleteHostList () returning\n"); #endif } #include #include #include int ArgusWriteNewLogfile (char *file, struct ArgusRecord *argus) { int retn = 0, fd; struct stat buf; if (file) { if (strcmp (file, "-")) { if ((fd = open (file, O_WRONLY|O_CREAT|O_APPEND, 0644)) >= 0) { if (fstat (fd, &buf) >= 0) { if (buf.st_size == 0) if ((write (fd, (char *)&ArgusInput->ArgusInitCon, ntohs(ArgusInput->ArgusInitCon.ahdr.length))) < 0) ArgusLog (LOG_ERR, "ArgusWriteNewLogfile(%s, 0x%x) write error %s", file, argus, strerror(errno)); } else { ArgusLog (LOG_ERR, "ArgusWriteNewLogfile(%s, 0x%x) fstat error %s", file, argus, strerror(errno)); } if (argus != NULL) { if ((write (fd, argus, ntohs(argus->ahdr.length))) < 0) ArgusLog (LOG_ERR, "ArgusWriteNewLogfile(%s, 0x%x) write error %s", file, argus, strerror(errno)); } close (fd); } else { ArgusLog (LOG_ERR, "ArgusWriteNewLogfile(%s, 0x%x) open error %s", file, argus, strerror(errno)); } if (firstWrite) firstWrite = 0; } else { if (firstWrite) { if (!(fwrite ((char *)&ArgusInput->ArgusInitCon, ntohs(ArgusInput->ArgusInitCon.ahdr.length), 1, stdout))) ArgusLog (LOG_ERR, "ArgusWriteNewLogfile(%s, 0x%x) fwrite error %s", file, argus, strerror(errno)); fflush (stdout); firstWrite = 0; } if (argus) { if (!(fwrite (argus, ntohs(argus->ahdr.length), 1, stdout))) retn++; fflush (stdout); } } } #ifdef ARGUSDEBUG ArgusDebug (4, "ArgusWriteNewLogFile (%s, 0x%x) returning %d\n", file, argus, retn); #endif return (retn); } int check_time (struct ArgusRecord *ptr) { struct tm tmbuf, *tm; int retn = 0; struct timeval *start, *last, lastbuf; if (ptr->ahdr.type & ARGUS_MAR) { start = &ptr->argus_mar.startime; last = &ptr->argus_mar.now; if (!(start->tv_sec)) start = &ptr->argus_mar.now; } else { start = &ptr->argus_far.time.start; last = &ptr->argus_far.time.last; if (ArgusThisFarStatus & ARGUS_AGR_DSR_STATUS) { lastbuf = ((struct ArgusAGRStruct *)ArgusThisFarHdrs[ARGUS_AGR_DSR_INDEX])->lasttime; } } ArgusGlobalTime = *last; gettimeofday (&ArgusNowTime, 0L); if ((tm = localtime ((time_t *)&start->tv_sec)) != NULL) bcopy ((char *) tm, (char *)&tm_startime, sizeof (struct tm)); else bzero ((char *)&tm_startime, sizeof (struct tm)); if ((tm = localtime ((time_t *)&last->tv_sec)) != NULL) bcopy ((char *) tm, (char *)&tm_lasttime, sizeof (struct tm)); else bzero ((char *)&tm_startime, sizeof (struct tm)); if (tflag) { time_t *sec; if (!explicit_date) { sec = (time_t *)&start->tv_sec; tm = localtime(sec); if (tm->tm_yday != starTimeFilter.tm_yday) { bcopy ((char *) tm, (char *) &tmbuf, sizeof (struct tm)); if (check_time_format (&tmbuf, timearg)) ArgusLog (LOG_ERR, "time syntax error %s\n", timearg); } } if (ptr->ahdr.type & ARGUS_MAR) { if (ptr->ahdr.status & ARGUS_START) { if ((ptr->argus_mar.now.tv_sec >= startime_t) && (ptr->argus_mar.now.tv_sec <= lasttime_t)) retn++; } else { if ((ptr->argus_mar.now.tv_sec >= startime_t) && (ptr->argus_mar.now.tv_sec <= lasttime_t)) retn++; } } else { if (((start->tv_sec >= startime_t) && (start->tv_sec <= lasttime_t)) || ((last->tv_sec >= startime_t) && (last->tv_sec <= lasttime_t)) || ((start->tv_sec < startime_t) && (last->tv_sec > lasttime_t))) retn++; } } else retn++; return (retn); } #include int parseUserDataArg (char **arg, char *args[], int ind) { int retn = -1; char buf[64], *ptr = buf; bzero (buf, 64); strcpy (buf, *arg); ptr += strlen (buf); if ((ptr = strchr(*arg, ':')) && (*(ptr + 1) != '\0')) { retn = 0; } else { if (args) { if (args[ind] && (*args[ind] == ':')) { if (strlen (args[ind]) == 1) { strcat (buf, ":"); strcat (buf, args[ind + 1]); retn = 2; } else { ptr = args[ind]; if (isdigit((int)*(ptr + 1))) { strcat (buf, args[ind]); retn = 1; } else retn = 0; } } else retn = 0; } else retn = 0; } *arg = savestr(buf); if ((ptr = strchr (buf, ':')) != NULL) { ptr++; if (*buf == 's') ArgusSrcUserDataLen = atoi(buf + 1); else ArgusLog (LOG_ERR, "user data syntax error %s\n", buf); if (*ptr == 'd') ArgusDstUserDataLen = atoi(ptr + 1); else ArgusLog (LOG_ERR, "user data syntax error %s\n", buf); } else { if (isdigit((int)*buf)) { ArgusSrcUserDataLen = atoi(buf); ArgusDstUserDataLen = atoi(buf); } else { if (*buf == 's') ArgusSrcUserDataLen = atoi(buf + 1); if (*buf == 'd') ArgusDstUserDataLen = atoi(buf + 1); } } if (retn < 0) ArgusLog (LOG_ERR, "user data syntax error %s\n", buf); return (retn); } int parseTimeArg ( char **arg, char *args[], int ind, struct tm *tm) { int retn = -1; char buf[64], *ptr = buf; bzero (buf, 64); strcpy (buf, *arg); ptr += strlen (buf); if ((ptr = strchr(*arg, '-')) && (*(ptr + 1) != '\0')) { retn = 0; } else { if (args) { if (args[ind] && (*args[ind] == '-')) { if (strlen (args[ind]) == 1) { strcat (buf, "-"); strcat (buf, args[ind + 1]); retn = 2; } else { ptr = args[ind]; if (isdigit((int)*(ptr + 1))) { strcat (buf, args[ind]); retn = 1; } else retn = 0; } } else retn = 0; } } if ((ptr = strchr(*arg, '.')) || (ptr = strchr(*arg, '/'))) explicit_date++; if (check_time_format (tm, buf)) ArgusLog (LOG_ERR, "time syntax error %s\n", buf); *arg = savestr(buf); return (retn); } #define ARGUS_YEAR 1 #define ARGUS_MONTH 2 #define ARGUS_DAY 3 #define ARGUS_HOUR 4 #define ARGUS_MIN 5 #define ARGUS_SEC 6 int RaDaysInAMonth[12] = {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}; int check_time_format (struct tm *tm, char *str) { int retn = 0; char *ptr, buf[64]; /*[[[yyyy/]mm/]dd.]hh[:mm[:ss]] - [[[yyyy/]mm/]dd.]hh[:mm[:ss]]*/ strcpy (buf, str); if ((ptr = strchr(buf, '-')) != NULL) { *ptr = '\0'; if ((retn = parseTime (&starTimeFilter, tm, buf)) > 0) if ((retn = parseTime (&lastTimeFilter, &starTimeFilter, ptr + 1)) > 0) retn = 0; } else { if ((retn = parseTime (&starTimeFilter, tm, buf)) > 0) { bcopy ((char *)&starTimeFilter, (char *)&lastTimeFilter, sizeof(struct tm)); switch (retn) { case ARGUS_YEAR: lastTimeFilter.tm_year++; break; case ARGUS_MONTH: lastTimeFilter.tm_mon++; break; case ARGUS_DAY: lastTimeFilter.tm_mday++; break; case ARGUS_HOUR: lastTimeFilter.tm_hour++; break; case ARGUS_MIN: lastTimeFilter.tm_min++; break; case ARGUS_SEC: lastTimeFilter.tm_sec++; break; } while (tm->tm_sec > 59) {tm->tm_min++; tm->tm_sec -= 60;} while (tm->tm_min > 59) {tm->tm_hour++; tm->tm_min -= 60;} while (tm->tm_hour > 23) {tm->tm_mday++; tm->tm_hour -= 24;} while (tm->tm_mday > RaDaysInAMonth[tm->tm_mon]) {tm->tm_mday -= RaDaysInAMonth[tm->tm_mon]; tm->tm_mon++;} while (tm->tm_mon > 11) {tm->tm_year++; tm->tm_mon -= 12;} retn = 0; } } if (retn == 0) { startime_t = timelocal (&starTimeFilter); lasttime_t = timelocal (&lastTimeFilter); if (!(lasttime_t >= startime_t)) { fprintf (stderr, "error: invalid time range\n"); retn++; } } return (retn); } int parseTime (struct tm *tm, struct tm *ctm, char *str) { char *hptr = NULL, *dptr = NULL, *mptr = NULL, *yptr = NULL; char *minptr = NULL, *secptr = NULL, *ptr; int retn = 0, hour = 0, mins = 0, sec = 0, i; time_t thistime; /*[[[yyyy/]mm/]dd].]hh[:mm[:ss]]*/ bcopy ((u_char *) ctm, (u_char *) tm, sizeof (struct tm)); if ((hptr = strchr (str, '.')) != NULL) { *hptr++ = '\0'; if (!(isdigit((int)*hptr))) return -1; } if ((dptr = strrchr (str, '/')) != NULL) { /* mm/dd */ /* ^ */ *dptr++ = '\0'; if ((mptr = strrchr (str, '/')) != NULL) { /* yyyy/mm/dd */ /* ^ */ *mptr++ = '\0'; yptr = str; } else mptr = str; } else { if (hptr != NULL) dptr = str; else hptr = str; } if (yptr) { if (strlen(yptr) != 4) return -1; for (ptr = yptr, i = 0; i < strlen(yptr); i++) if (!(isdigit((int)*ptr++))) return -1; tm->tm_year = atoi(yptr) - 1900; retn = ARGUS_YEAR; } if (mptr) { if (strlen(mptr) != 2) return -1; for (ptr = mptr, i = 0; i < strlen(mptr); i++) if (!(isdigit((int)*ptr++))) return -1; tm->tm_mon = atoi(mptr) - 1; retn = ARGUS_MONTH; } if (dptr) { if (strlen(dptr) != 2) return -1; for (ptr = dptr, i = 0; i < strlen(dptr); i++) if (!(isdigit((int)*ptr++))) return -1; tm->tm_mday = atoi(dptr); retn = ARGUS_DAY; } if (hptr) { if ((minptr = strchr (hptr, ':')) != NULL) { *minptr++ = '\0'; if ((secptr = strchr (minptr, ':')) != NULL) { *secptr++ = '\0'; } } for (ptr = hptr, i = 0; i < strlen(hptr); i++) if (!(isdigit((int)*ptr++))) return -1; hour = atoi(hptr); retn = ARGUS_HOUR; if (minptr != NULL) { for (ptr = minptr, i = 0; i < strlen(minptr); i++) if (!(isdigit((int)*ptr++))) return -1; mins = atoi(minptr); retn = ARGUS_MIN; } if (secptr != NULL) { for (ptr = secptr, i = 0; i < strlen(secptr); i++) if (!(isdigit((int)*ptr++))) return -1; sec = atoi(secptr); retn = ARGUS_SEC; } } tm->tm_hour = hour; tm->tm_min = mins; tm->tm_sec = sec; #if !defined(HAVE_SOLARIS) && !defined(__sgi) && !defined(linux) && !defined(AIX) && !defined(CYGWIN) tm->tm_zone = NULL; tm->tm_gmtoff = 0; #endif if (tm->tm_year < 0) retn = -1; if ((tm->tm_mon > 11) || (tm->tm_mon < 0)) retn = -1; if ((tm->tm_mday > 31) || (tm->tm_mday < 0)) retn = -1; if ((tm->tm_hour > 23) || (tm->tm_hour < 0)) retn = -1; if ((tm->tm_min > 60) || (tm->tm_min < 0)) retn = -1; if ((tm->tm_sec > 60) || (tm->tm_sec < 0)) retn = -1; if (retn >= 0) { thistime = timelocal (tm); tm = localtime ((time_t *)&thistime); } return (retn); } #define ARGUS_RCITEMS 41 #define RA_ARGUS_SERVER 0 #define RA_CISCONETFLOW_SOURCE 1 #define RA_ARGUS_SERVERPORT 2 #define RA_INPUT_FILE 3 #define RA_NO_OUTPUT 4 #define RA_USER_AUTH 5 #define RA_AUTH_PASS 6 #define RA_OUTPUT_FILE 7 #define RA_EXCEPTION_OUTPUT_FILE 8 #define RA_TIMERANGE 9 #define RA_RUNTIME 10 #define RA_FLOW_MODEL 11 #define RA_FIELD_DELIMITER 12 #define RA_TIME_FORMAT 13 #define RA_USEC_PRECISION 14 #define RA_PRINT_LABELS 15 #define RA_PRINT_SUMMARY 16 #define RA_PRINT_ARGUSID 17 #define RA_PRINT_MACADDRS 18 #define RA_PRINT_HOSTNAMES 19 #define RA_PRINT_LOCALONLY 20 #define RA_PRINT_COUNTS 21 #define RA_PRINT_APPLICATION_BYTES 22 #define RA_PRINT_RESPONSE_DATA 23 #define RA_PRINT_UNIX_TIME 24 #define RA_PRINT_STARTIME 25 #define RA_PRINT_LASTIME 26 #define RA_PRINT_INDICATORS 27 #define RA_PRINT_DURATION 28 #define RA_PRINT_TCPSTATES 29 #define RA_PRINT_TCPFLAGS 30 #define RAGATOR_TIME_SERIES 31 #define RAGATOR_VALIDATE 32 #define RAMON_MODE 33 #define RAMON_NUMBER 34 #define RA_DEBUG_LEVEL 35 #define RA_PRINT_USERDATA 36 #define RA_USERDATA_ENCODE 37 #define RA_FILTER 38 #define RA_HOST_FIELD_LENGTH 39 #define RA_PORT_FIELD_LENGTH 40 char *ArgusResourceFileStr [] = { "RA_ARGUS_SERVER=", "RA_CISCONETFLOW_SOURCE=", "RA_ARGUS_SERVERPORT=", "RA_INPUT_FILE=", "RA_NO_OUTPUT=", "RA_USER_AUTH=", "RA_AUTH_PASS=", "RA_OUTPUT_FILE=", "RA_EXCEPTION_OUTPUT_FILE=", "RA_TIMERANGE=", "RA_RUN_TIME=", "RA_FLOW_MODEL=", "RA_FIELD_DELIMITER=", "RA_TIME_FORMAT=", "RA_USEC_PRECISION=", "RA_PRINT_LABELS=", "RA_PRINT_SUMMARY=", "RA_PRINT_ARGUSID=", "RA_PRINT_MACADDRS=", "RA_PRINT_HOSTNAMES=", "RA_PRINT_LOCALONLY=", "RA_PRINT_COUNTS=", "RA_PRINT_APPLICATION_BYTES=", "RA_PRINT_RESPONSE_DATA=", "RA_PRINT_UNIX_TIME=", "RA_PRINT_STARTIME=", "RA_PRINT_LASTIME=", "RA_PRINT_INDICATORS=", "RA_PRINT_DURATION=", "RA_PRINT_TCPSTATES=", "RA_PRINT_TCPFLAGS=", "RAGATOR_TIME_SERIES=", "RAGATOR_VALIDATE=", "RAMON_MODE=", "RAMON_NUMBER=", "RA_DEBUG_LEVEL=", "RA_PRINT_USERDATA=", "RA_USERDATA_ENCODE=", "RA_FILTER=", "RA_HOST_FIELD_LENGTH=", "RA_PORT_FIELD_LENGTH=", }; #include int ArgusParseResourceFile (char *file) { int retn = 0, i, len, Soption = 0, roption = 0, found = 0, lines = 0; char strbuf[MAXSTRLEN], *str = strbuf, *optarg = NULL, *ptr = NULL; FILE *fd; if (file) { if ((fd = fopen (file, "r")) != NULL) { retn = 1; while ((fgets(str, MAXSTRLEN, fd)) != NULL) { lines++; while (*str && isspace((int)*str)) str++; if (*str && (*str != '#') && (*str != '\n') && (*str != '!')) { found = 0; for (i = 0; i < ARGUS_RCITEMS; i++) { len = strlen(ArgusResourceFileStr[i]); if (!(strncmp (str, ArgusResourceFileStr[i], len))) { optarg = &str[len]; if (optarg[strlen(optarg) - 1] == '\n') optarg[strlen(optarg) - 1] = '\0'; if (*optarg == '\"') optarg++; if (optarg[strlen(optarg) - 1] == '\"') optarg[strlen(optarg) - 1] = '\0'; if (*optarg == '\0') optarg = NULL; if (optarg) { switch (i) { case RA_ARGUS_SERVER: ++Sflag; if (!Soption++ && (ArgusRemoteHostList != NULL)) ArgusDeleteHostList(); if (!(ArgusAddHostList (optarg))) { fprintf (stderr, "%s: host %s unknown\n", ArgusProgramName, optarg); exit (1); } break; case RA_CISCONETFLOW_SOURCE: ++Sflag; ++Cflag; if (!Soption++ && (ArgusRemoteHostList != NULL)) ArgusDeleteHostList(); if (!(ArgusAddHostList (optarg))) { fprintf (stderr, "%s: host %s unknown\n", ArgusProgramName, optarg); exit (1); } break; case RA_ARGUS_SERVERPORT: ArgusPortNum = atoi (optarg); break; break; case RA_INPUT_FILE: if ((!roption++) && (ArgusInputFileList != NULL)) ArgusDeleteFileList(); if (!(ArgusAddFileList (optarg))) { fprintf (stderr, "%s: error: file arg %s\n", ArgusProgramName, optarg); exit (1); } break; case RA_NO_OUTPUT: if (!(strncasecmp(optarg, "yes", 3))) qflag++; else qflag = 0; break; case RA_USER_AUTH: ustr = strdup(optarg); break; case RA_AUTH_PASS: pstr = strdup(optarg); break; case RA_OUTPUT_FILE: wfile = strdup(optarg); break; case RA_EXCEPTION_OUTPUT_FILE: exceptfile = optarg; break; case RA_TIMERANGE: if ((parseTimeArg (&timearg, NULL, 0, RaTmStruct)) < 0) usage (); break; case RA_RUNTIME: Tflag = atoi (optarg); break; case RA_FIELD_DELIMITER: ptr = optarg; if ((ptr = strchr (optarg, '\'')) != NULL) { ptr++; if (ptr[0] == '\'') break; } if (ptr[0] == '\\') { switch (ptr[1]) { case 'a': RaFieldDelimiter = '\a'; break; case 'b': RaFieldDelimiter = '\b'; break; case 't': RaFieldDelimiter = '\t'; break; case 'n': RaFieldDelimiter = '\n'; break; case 'v': RaFieldDelimiter = '\v'; break; case 'f': RaFieldDelimiter = '\f'; break; case 'r': RaFieldDelimiter = '\r'; break; case '\\': RaFieldDelimiter = '\\'; break; } if (RaFieldDelimiter != '\0') break; } else RaFieldDelimiter = *ptr; break; case RA_TIME_FORMAT: RaTimeFormat = strdup(optarg); case RA_USEC_PRECISION: pflag = atoi (optarg); break; case RA_PRINT_SUMMARY: if (!(strncasecmp(optarg, "yes", 3))) aflag = 1; else aflag = 0; break; case RA_PRINT_ARGUSID: if (!(strncasecmp(optarg, "yes", 3))) idflag = 1; else idflag = 0; break; case RA_PRINT_MACADDRS: if (!(strncasecmp(optarg, "yes", 3))) mflag = 1; else mflag = 0; break; case RA_PRINT_HOSTNAMES: if (!(strncasecmp(optarg, "yes", 3))) nflag = 0; else nflag = 1; break; case RA_PRINT_LOCALONLY: if (!(strncasecmp(optarg, "yes", 3))) ++fflag; else fflag = 0; break; case RA_FLOW_MODEL: ArgusFlowModelFile = strdup(optarg); break; case RA_PRINT_LABELS: switch (Lflag = atoi(optarg)) { case 0: Lflag = -1; break; case -1: Lflag = 0; break; } break; case RA_PRINT_COUNTS: if (!(strncasecmp(optarg, "yes", 3))) ++cflag; else cflag = 0; break; case RA_PRINT_APPLICATION_BYTES: if (!(strncasecmp(optarg, "yes", 3))) ++Aflag; else Aflag = 0; break; case RA_PRINT_RESPONSE_DATA: if (!(strncasecmp(optarg, "yes", 3))) Rflag++; else Rflag = 0; break; case RA_PRINT_UNIX_TIME: if (!(strncasecmp(optarg, "yes", 3))) ++uflag; else uflag = 0; break; case RA_PRINT_STARTIME: if (!(strncasecmp(optarg, "yes", 3))) ++RaPrintStartTime; else RaPrintStartTime = 0; break; case RA_PRINT_LASTIME: if (!(strncasecmp(optarg, "yes", 3))) ++RaPrintLastTime; else RaPrintLastTime = 0; break; case RA_PRINT_INDICATORS: if (!(strncasecmp(optarg, "yes", 3))) Iflag++; else Iflag = 0; break; case RA_PRINT_DURATION: if (!(strncasecmp(optarg, "yes", 3))) gflag++; break; case RA_PRINT_TCPSTATES: if (!(strncasecmp(optarg, "yes", 3))) zflag++; else zflag = 0; break; case RA_PRINT_TCPFLAGS: Zflag = *optarg; break; case RAGATOR_TIME_SERIES: if (!(strncasecmp(optarg, "yes", 3))) Hflag++; else Hflag = 0; break; case RAGATOR_VALIDATE: if (!(strncasecmp(optarg, "yes", 3))) Vflag++; else Vflag = 0; break; case RAMON_MODE: Mflag = optarg; break; case RAMON_NUMBER: Nflag = atoi (optarg); break; case RA_DEBUG_LEVEL: Argusdflag = (atoi(optarg)); break; case RA_PRINT_USERDATA: dflag++; if ((parseUserDataArg (&optarg, NULL, 0)) < 0) usage (); break; case RA_USERDATA_ENCODE: if (!(strncasecmp(optarg, "ascii", 5))) eflag = ARGUS_ENCODE_ASCII; else eflag = ARGUS_ENCODE_64; break; case RA_FILTER: { char *ptr; if ((RaInputFilter = ArgusCalloc (1, MAXSTRLEN)) != NULL) { ptr = RaInputFilter; str = optarg; while (*str) { if ((*str == '\\') && (str[1] == '\n')) { fgets(str, MAXSTRLEN, fd); while (*str && (isspace((int)*str) && (str[1] && isspace((int)str[1])))) str++; } if ((*str != '\n') && (*str != '"')) *ptr++ = *str++; else str++; } } #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusParseResourceFile: ArgusFilter \"%s\" \n", RaInputFilter); #endif break; } case RA_HOST_FIELD_LENGTH: hfield = atoi (optarg); break; case RA_PORT_FIELD_LENGTH: pfield = atoi (optarg); break; } } found++; break; } } if (!found) { ArgusLog (LOG_ERR, "ArgusParseResourceFile (%s) syntax error line %d\n", file, lines); } } } } else { #ifdef ARGUSDEBUG ArgusDebug (1, "config file '%s' %s\n", file, strerror(errno)); #endif } if (RaPrintStartTime && RaPrintLastTime) Gflag++; else if (RaPrintLastTime) lflag++; } #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusParseResourceFile (%s) returning %d\n", file, retn); #endif return (retn); } argus-2.0.6.fixes.1/common/argus_util.c0000775000076600007660000025404310016412624013434 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1988-1990 The Regents of the University of California. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #ifndef ArgusUtil #define ArgusUtil #endif #include #include #include #include #include #include #include #include #include #include #include #include #include #include int target_flags = 0; void ArgusAdjustGlobalTime (struct timeval *now) { struct timeval ArgusTimeDelta; ArgusTimeDelta.tv_sec = ArgusNowTime.tv_sec - ArgusGlobalTime.tv_sec; ArgusTimeDelta.tv_usec = ArgusNowTime.tv_usec - ArgusGlobalTime.tv_usec; ArgusGlobalTime.tv_sec = now->tv_sec - ArgusTimeDelta.tv_sec; ArgusGlobalTime.tv_usec = now->tv_usec - ArgusTimeDelta.tv_usec; if (ArgusGlobalTime.tv_usec < 0) { ArgusGlobalTime.tv_sec--; ArgusGlobalTime.tv_usec += 1000000; } else { if (ArgusGlobalTime.tv_usec > 1000000) { ArgusGlobalTime.tv_sec++; ArgusGlobalTime.tv_usec -= 1000000; } } ArgusNowTime = *now; } char *ArgusVersionStr = "Argus Version "; int ArgusConvertInitialWriteStruct (struct WriteStruct *ws, struct ArgusRecord *argus) { int retn = 0; char *ptr; if (ws && argus) { bzero ((char *) argus, sizeof (*argus)); if ((ptr = strstr (ws->ws_init.initString, ArgusVersionStr)) != NULL) { ptr = &ptr[strlen(ArgusVersionStr)]; if (sscanf (ptr, "%d.%d", &major_version, &minor_version)) { argus->ahdr.type = ARGUS_MAR | ARGUS_WRITESTRUCT; argus->ahdr.length = sizeof (*argus); argus->ahdr.length = htons(argus->ahdr.length); argus->ahdr.cause = ARGUS_START; argus->ahdr.status = htonl(ARGUS_VERSION); argus->ahdr.argusid = htonl(ARGUS_COOKIE); argus->argus_mar.startime = ws->ws_init.startime; argus->argus_mar.now = ws->ws_init.now; argus->argus_mar.major_version = major_version; argus->argus_mar.minor_version = minor_version; argus->argus_mar.interfaceType = ws->ws_init.interfaceType; argus->argus_mar.interfaceStatus = ws->ws_init.interfaceStatus; argus->argus_mar.reportInterval = ws->ws_init.reportInterval; argus->argus_mar.argusMrInterval = ws->ws_init.dflagInterval; argus->argus_mar.record_len = -1; retn = 1; } } } return (retn); } #include #if !defined(__OpenBSD__) || !defined(_NETINET_IP_ICMP_H_) #include #define _NETINET_IP_ICMP_H_ #endif extern int ArgusTotalBytes; extern int ArgusTotalCount; extern long long ntohll (long long); int ArgusConvertWriteStruct (struct WriteStruct *ws, struct ArgusRecord *argus) { int retn = 0; unsigned int status; if (ws && argus) { bzero ((char *) argus, sizeof (*argus)); status = ntohl(ws->status); if (status & ARGUSCONTROL) { argus->ahdr.type = ARGUS_MAR | ARGUS_WRITESTRUCT; argus->ahdr.length = sizeof (*argus); argus->ahdr.argusid = 0; argus->ahdr.status = ARGUS_VERSION; argus->argus_mar.major_version = VERSION_MAJOR; argus->argus_mar.minor_version = VERSION_MINOR; argus->argus_mar.interfaceType = ws->ws_stat.interfaceType; argus->argus_mar.interfaceStatus = ws->ws_stat.interfaceStatus; argus->argus_mar.reportInterval = ntohs(ws->ws_stat.reportInterval); argus->argus_mar.argusMrInterval = ntohs(ws->ws_stat.dflagInterval); if (status & CLOSE) { argus->ahdr.cause = ARGUS_STOP; argus->argus_mar.startime.tv_sec = ws->ws_stat.startime.tv_sec; argus->argus_mar.startime.tv_usec = ws->ws_stat.startime.tv_usec; argus->argus_mar.now.tv_sec = ws->ws_stat.now.tv_sec; argus->argus_mar.now.tv_usec = ws->ws_stat.now.tv_usec; argus->argus_mar.pktsRcvd = ArgusTotalCount; argus->argus_mar.bytesRcvd = ArgusTotalBytes; argus->argus_mar.pktsDrop = ntohl(ws->ws_stat.pktsDrop); argus->argus_mar.actIPcons += ntohl(ws->ws_stat.actTCPcons); argus->argus_mar.actIPcons += ntohl(ws->ws_stat.actUDPcons); argus->argus_mar.actIPcons += ntohl(ws->ws_stat.actIPcons); argus->argus_mar.cloIPcons += ntohl(ws->ws_stat.cloTCPcons); argus->argus_mar.cloIPcons += ntohl(ws->ws_stat.cloUDPcons); argus->argus_mar.cloIPcons += ntohl(ws->ws_stat.cloIPcons); argus->argus_mar.actICMPcons = ntohl(ws->ws_stat.actICMPcons); argus->argus_mar.cloICMPcons = ntohl(ws->ws_stat.cloICMPcons); argus->argus_mar.actFRAGcons = ntohl(ws->ws_stat.actFRAGcons); argus->argus_mar.cloFRAGcons = ntohl(ws->ws_stat.cloFRAGcons); } else { argus->ahdr.cause = ARGUS_STATUS; argus->argus_mar.startime.tv_sec = ntohl(ws->ws_stat.startime.tv_sec); argus->argus_mar.startime.tv_usec = ntohl(ws->ws_stat.startime.tv_usec); argus->argus_mar.now.tv_sec = ntohl(ws->ws_stat.now.tv_sec); argus->argus_mar.now.tv_usec = ntohl(ws->ws_stat.now.tv_usec); argus->argus_mar.pktsRcvd = ntohl(ws->ws_stat.pktsRcvd); argus->argus_mar.bytesRcvd = ntohl(ws->ws_stat.bytesRcvd); argus->argus_mar.pktsDrop = ntohl(ws->ws_stat.pktsDrop); argus->argus_mar.actIPcons += ntohl(ws->ws_stat.actTCPcons); argus->argus_mar.actIPcons += ntohl(ws->ws_stat.actUDPcons); argus->argus_mar.actIPcons += ntohl(ws->ws_stat.actIPcons); argus->argus_mar.cloIPcons += ntohl(ws->ws_stat.cloTCPcons); argus->argus_mar.cloIPcons += ntohl(ws->ws_stat.cloUDPcons); argus->argus_mar.cloIPcons += ntohl(ws->ws_stat.cloIPcons); argus->argus_mar.actICMPcons = ntohl(ws->ws_stat.actICMPcons); argus->argus_mar.cloICMPcons = ntohl(ws->ws_stat.cloICMPcons); argus->argus_mar.actFRAGcons = ntohl(ws->ws_stat.actFRAGcons); argus->argus_mar.cloFRAGcons = ntohl(ws->ws_stat.cloFRAGcons); } argus->argus_mar.record_len = -1; retn = 1; } else { struct ArgusMacStruct macbuffer, *mac = &macbuffer; unsigned int lasttime = 0; unsigned short difftime = 0, ttl = 0; argus->ahdr.type = ARGUS_FAR | ARGUS_WRITESTRUCT; argus->ahdr.length = sizeof (argus->ahdr) + sizeof (argus->argus_far); argus->ahdr.cause = ARGUS_STATUS; argus->ahdr.status = ARGUS_VERSION; argus->ahdr.status |= ETHERTYPE_IP; argus->ahdr.argusid = 0; argus->argus_far.type = ARGUS_FAR; argus->argus_far.length = sizeof(argus->argus_far); argus->argus_far.status = 0; argus->argus_far.ArgusTransRefNum = 0; argus->argus_far.flow.ip_flow.ip_src = ntohl(ws->ws_ip.src.s_addr); argus->argus_far.flow.ip_flow.ip_dst = ntohl(ws->ws_ip.dst.s_addr); if (!(status & (ICMPPROTO | TCPPROTO | UDPPROTO)) && (status & FRAG_ONLY)) { struct ArgusFragObject fragbuf, *frag = &fragbuf; bzero ((char *) frag, sizeof (*frag)); frag->type = ARGUS_FRG_DSR; frag->length = sizeof(*frag); frag->status = ntohs(ws->ws_ip_frag.status); argus->argus_far.flow.ip_flow.sport = ntohs(ws->ws_ip.sport); argus->argus_far.flow.ip_flow.dport = ntohs(ws->ws_ip.dport); frag->fragnum = ntohl(ws->ws_ip_frag.fragnum); frag->frag_id = ntohl(ws->ws_ip_frag.frag_id); frag->totlen = ntohs(ws->ws_ip_frag.totlen); frag->currlen = ntohs(ws->ws_ip_frag.currlen); frag->maxfraglen = ntohs(ws->ws_ip_frag.maxfraglen); argus->argus_far.status |= ARGUS_FRAGMENTS; argus->argus_far.attr_ip.soptions |= ARGUS_FRAGMENTS; argus->argus_far.src.count = frag->fragnum; argus->argus_far.src.bytes = frag->currlen; bcopy ((char *)frag, &((char *)argus)[argus->ahdr.length], sizeof(*frag)); argus->ahdr.length += sizeof(*frag); } else { switch (status & (ICMPPROTO | TCPPROTO | UDPPROTO)) { case ICMPPROTO: { struct icmpWriteStruct *icmp = &ws->ws_ip_icmp; struct ArgusICMPFlow *icmpFlow = &argus->argus_far.flow.icmp_flow; argus->argus_far.flow.ip_flow.ip_p = IPPROTO_ICMP; argus->argus_far.src.count = ntohl(ws->ws_ip_udp.src_count); argus->argus_far.src.bytes = ntohl(ws->ws_ip_udp.src_bytes); argus->argus_far.dst.count = ntohl(ws->ws_ip_udp.dst_count); argus->argus_far.dst.bytes = ntohl(ws->ws_ip_udp.dst_bytes); if (!(status & (CON_ESTABLISHED | TIMED_OUT))) { icmpFlow->type = icmp->type; icmpFlow->code = icmp->code; icmpFlow->id = icmp->data; icmpFlow->id = ntohs(icmpFlow->id); } else { icmpFlow->type = ((unsigned char *) &ws->ws_ip_udp.src_bytes)[0]; icmpFlow->code = ((unsigned char *) &ws->ws_ip_udp.src_bytes)[1]; icmpFlow->id = ((unsigned short *)&ws->ws_ip_udp.src_bytes)[1]; icmpFlow->id = ntohs(icmpFlow->id); argus->argus_far.src.bytes = 0; argus->argus_far.dst.bytes = 0; } if ((icmpFlow->type == ICMP_UNREACH) && (icmpFlow->code == ICMP_UNREACH_PORT)) argus->argus_far.flow.ip_flow.tp_p = ((char *)&ws->ws_ip_icmp.gwaddr.s_addr)[3]; break; } case TCPPROTO: { struct ArgusTCPObject tcpbuffer, *tcp = &tcpbuffer; bzero ((char *) tcp, sizeof (*tcp)); tcp->type = ARGUS_TCP_DSR; tcp->length = sizeof(*tcp); if (status & SAW_SYN) tcp->state |= ARGUS_SAW_SYN; if (status & SAW_SYN_SENT) tcp->state |= ARGUS_SAW_SYN_SENT; if (status & CON_ESTABLISHED) tcp->state |= ARGUS_CON_ESTABLISHED; if (status & SRC_RESET) tcp->state |= ARGUS_SRC_RESET; if (status & DST_RESET) tcp->state |= ARGUS_DST_RESET; if (status & CLOSE_WAITING) tcp->state |= ARGUS_FIN; if (status & NORMAL_CLOSE) tcp->state |= ARGUS_NORMAL_CLOSE; if (status & PKTS_RETRANS) { if (status & SRC_PKTS_RETRANS) tcp->state |= ARGUS_SRC_PKTS_RETRANS; if (status & DST_PKTS_RETRANS) tcp->state |= ARGUS_DST_PKTS_RETRANS; } argus->argus_far.src.count = ntohl(ws->ws_ip_tcp.src_count); argus->argus_far.dst.count = ntohl(ws->ws_ip_tcp.dst_count); if ((status & SAW_SYN) && !(status & (SAW_SYN_SENT|CON_ESTABLISHED|RESET))) { tcp->src.seqbase = ntohl(ws->ws_ip_inittcp.seq); } else { if ((status & (SAW_SYN | SAW_SYN_SENT)) && !(status & (CON_ESTABLISHED))) { tcp->dst.seqbase = ntohl(ws->ws_ip_inittcp.seq); } else { argus->argus_far.src.bytes = ntohl(ws->ws_ip_tcp.src_bytes); argus->argus_far.dst.bytes = ntohl(ws->ws_ip_tcp.dst_bytes); } } bcopy ((char *)tcp, &((char *)argus)[argus->ahdr.length], sizeof(*tcp)); argus->ahdr.length += sizeof(*tcp); argus->argus_far.flow.ip_flow.ip_p = IPPROTO_TCP; argus->argus_far.flow.ip_flow.sport = ntohs(ws->ws_ip.sport); argus->argus_far.flow.ip_flow.dport = ntohs(ws->ws_ip.dport); break; } case UDPPROTO: argus->argus_far.flow.ip_flow.ip_p = IPPROTO_UDP; argus->argus_far.flow.ip_flow.sport = ntohs(ws->ws_ip.sport); argus->argus_far.flow.ip_flow.dport = ntohs(ws->ws_ip.dport); default: argus->argus_far.src.count = ntohl(ws->ws_ip_udp.src_count); argus->argus_far.src.bytes = ntohl(ws->ws_ip_udp.src_bytes); argus->argus_far.dst.count = ntohl(ws->ws_ip_udp.dst_count); argus->argus_far.dst.bytes = ntohl(ws->ws_ip_udp.dst_bytes); break; } } if (status & TIMED_OUT) argus->ahdr.cause |= ARGUS_TIMEOUT; if (status & FRAGMENTS) argus->argus_far.status |= ARGUS_FRAGMENTS; if (status & IPOPTIONMASK) { argus->argus_far.status |= ARGUS_IPOPTIONS; if (status & SSRCROUTE) { argus->argus_far.attr_ip.soptions |= ARGUS_SSRCROUTE; argus->argus_far.attr_ip.doptions |= ARGUS_SSRCROUTE; } if (status & LSRCROUTE) { argus->argus_far.attr_ip.soptions |= ARGUS_LSRCROUTE; argus->argus_far.attr_ip.doptions |= ARGUS_LSRCROUTE; } if (status & TIMESTAMP) { argus->argus_far.attr_ip.soptions |= ARGUS_TIMESTAMP; argus->argus_far.attr_ip.doptions |= ARGUS_TIMESTAMP; } if (status & SECURITY) { argus->argus_far.attr_ip.soptions |= ARGUS_SECURITY; argus->argus_far.attr_ip.doptions |= ARGUS_SECURITY; } if (status & RECORDROUTE) { argus->argus_far.attr_ip.soptions |= ARGUS_RECORDROUTE; argus->argus_far.attr_ip.doptions |= ARGUS_RECORDROUTE; } if (status & SATNETID) { argus->argus_far.attr_ip.soptions |= ARGUS_SATNETID; argus->argus_far.attr_ip.doptions |= ARGUS_SATNETID; } } if (status & CON_ESTABLISHED) argus->ahdr.status |= ARGUS_CONNECTED; argus->argus_far.time.start.tv_sec = ntohl(ws->ws_ip.startime.tv_sec); argus->argus_far.time.start.tv_usec = ntohl(ws->ws_ip.startime.tv_usec); if ((major_version > 1) || (minor_version > 6)) { difftime = ntohs(((u_short *)&ws->ws_ip.lasttime.tv_sec)[1]); lasttime = ntohl(((arg_uint32)ws->ws_ip.startime.tv_sec)) + difftime; ttl = ((u_short *)&ws->ws_ip.lasttime.tv_sec)[0]; ws->ws_ip.lasttime.tv_sec = lasttime; } argus->argus_far.time.last.tv_sec = ws->ws_ip.lasttime.tv_sec; argus->argus_far.time.last.tv_usec = ntohl(ws->ws_ip.lasttime.tv_usec); mac->type = ARGUS_MAC_DSR; mac->length = sizeof(*mac); bcopy((char *)&ws->ws_ip.ws_phys.ethersrc, (char *)&mac->phys_union.ether.ethersrc, 6); bcopy((char *)&ws->ws_ip.ws_phys.etherdst, (char *)&mac->phys_union.ether.etherdst, 6); bcopy ((char *)mac, &((char *)argus)[argus->ahdr.length], sizeof(*mac)); argus->ahdr.length += sizeof(*mac); retn = 1; } #ifdef _LITTLE_ENDIAN ArgusHtoN(argus); #endif } return (retn); } extern char *ArgusProgramName; void print_date(struct ArgusRecord *argus, char *date) { struct ArgusAGRStruct *ArgusThisAgr = NULL; struct timeval *start = NULL, *last = NULL; struct timeval buf, *time = &buf; struct timeval zbuf, *ztime = &zbuf; struct tm *tm = NULL; char *sptr, *iptr, delim = ' '; bzero ((char *)ztime, sizeof(zbuf)); if (argus->ahdr.type & ARGUS_MAR) { start = &argus->argus_mar.startime; last = &argus->argus_mar.now; } else { start = &argus->argus_far.time.start; last = &argus->argus_far.time.last; } if (lflag && !(Gflag)) *time = *last; else *time = *start; tm = localtime ((time_t *)&time->tv_sec); if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) delim = RaFieldDelimiter; sprintf (date, " "); sprintf (date, "%s%c", print_time(time), delim); if (gflag) { ArgusThisAgr = (struct ArgusAGRStruct *)ArgusThisFarHdrs[ARGUS_AGR_DSR_INDEX]; if (Hflag && (ArgusThisAgr && (ArgusThisAgr->type == ARGUS_AGR_DSR))) { int ArgusThisMultiplier = 1000; if (ArgusThisAgr->status & ARGUS_AGR_USECACTTIME) ArgusThisMultiplier = 1000000; time->tv_sec = ArgusThisAgr->act.mean / ArgusThisMultiplier; time->tv_usec = ArgusThisAgr->act.mean % ArgusThisMultiplier; } else { *time = *last; time->tv_sec -= start->tv_sec; time->tv_usec -= start->tv_usec; if (time->tv_usec < 0) { time->tv_sec--; time->tv_usec += 1000000; } if (time->tv_usec >= 1000000) { time->tv_sec++; time->tv_usec -= 1000000; } } iptr = &date[strlen(date)]; sptr = &date[strlen(date)]; if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) sprintf(sptr, "%u", (unsigned int) time->tv_sec); else sprintf(sptr, "%8u", (unsigned int) time->tv_sec); if (pflag) { sptr = &date[strlen(date)]; sprintf(sptr, ".%06d", (int) time->tv_usec); sptr[pflag + 1] = '\0'; } if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) sprintf(&date[strlen(date)], "%c", delim); } else if (Gflag) { if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) sprintf(&date[strlen(date)], "%s%c", print_time(last), RaFieldDelimiter); else sprintf(&date[strlen(date)], " %s", print_time(last)); } } void ArgusGetIndicatorString (struct ArgusRecord *, char *); void ArgusGetIndicatorString (struct ArgusRecord *argus, char *buf) { char *ptr = buf; bzero (buf, 16); if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) { if (argus->ahdr.type & ARGUS_MAR) { } else { if (argus->ahdr.status & ARGUS_MPLS) *ptr++ = 'm'; if (argus->ahdr.status & ARGUS_PPPoE) *ptr++ = 'p'; if (argus->ahdr.status & ARGUS_VLAN) *ptr++ = 'q'; if ((argus->ahdr.status & 0xFFFF) == ETHERTYPE_IP) { if (argus->argus_far.status & ARGUS_ICMP_MAPPED) *ptr++ = 'I'; if ((argus->argus_far.attr_ip.soptions & ARGUS_FRAGMENTS) || (argus->argus_far.attr_ip.doptions & ARGUS_FRAGMENTS)) { if (argus->argus_far.flow.ip_flow.tp_p == ARGUS_FRAG_FLOWTAG) *ptr++ = 'f'; else *ptr++ = 'F'; if (argus->argus_far.attr_ip.soptions & ARGUS_FRAGOVERLAP) *ptr++ = 'V'; } if (argus->ahdr.status & ARGUS_MULTIADDR) *ptr++ = 'M'; if (ArgusThisFarStatus & ARGUS_TCP_DSR_STATUS) { struct ArgusTCPObject *tcp = NULL; unsigned int status; tcp = (struct ArgusTCPObject *)ArgusThisFarHdrs[ARGUS_TCP_DSR_INDEX]; if ((tcp != NULL) && ((status = tcp->state) != 0)) { if (status) { if (status & ARGUS_PKTS_RETRANS) { if ((status & ARGUS_SRC_PKTS_RETRANS) && (status & ARGUS_DST_PKTS_RETRANS)) *ptr++ = '*'; else { if (status & ARGUS_SRC_PKTS_RETRANS) *ptr++ = 's'; if (status & ARGUS_DST_PKTS_RETRANS) *ptr++ = 'd'; } } if (status & ARGUS_WINDOW_SHUT) { if ((status & ARGUS_SRC_WINDOW_SHUT) && (status & ARGUS_DST_WINDOW_SHUT)) *ptr++ = '@'; else { if (status & ARGUS_SRC_WINDOW_SHUT) *ptr++ = 'S'; if (status & ARGUS_DST_WINDOW_SHUT) *ptr++ = 'D'; } } if (status & ARGUS_ECN_CONGESTED) *ptr++ = 'E'; } } } if (ArgusThisFarStatus & ARGUS_ESP_DSR_STATUS) { struct ArgusESPStruct *esp = NULL; if ((esp = (struct ArgusESPStruct *)ArgusThisFarHdrs[ARGUS_ESP_DSR_INDEX]) != NULL) { if ((esp->src.lostseq > 0) && (esp->dst.lostseq > 0)) *ptr++ = '*'; else { if (esp->src.lostseq > 0) *ptr++ = 's'; if (esp->dst.lostseq > 0) *ptr++ = 'd'; } } } } } *ptr = RaFieldDelimiter; } else { int encdone = 0; if (Iflag) { bcopy (" ", buf, 9); if (argus->ahdr.type & ARGUS_MAR) { } else { if (argus->ahdr.status & ARGUS_MPLS) { buf[1] = 'm'; encdone++; } if (argus->ahdr.status & ARGUS_PPPoE) { buf[1] = 'p'; encdone++; } if (argus->ahdr.status & ARGUS_VLAN) { buf[1] = 'q'; encdone++; } if (encdone > 1) buf[1] = 'E'; if ((argus->ahdr.status & 0xFFFF) == ETHERTYPE_IP) { if (ArgusThisFarStatus & ARGUS_TCP_DSR_STATUS) { struct ArgusTCPObject *tcp = NULL; unsigned int status; tcp = (struct ArgusTCPObject *)ArgusThisFarHdrs[ARGUS_TCP_DSR_INDEX]; if ((tcp != NULL) && ((status = tcp->state) != 0)) { if (status) { if (status & ARGUS_WINDOW_SHUT) { if ((status & ARGUS_SRC_WINDOW_SHUT) && (status & ARGUS_DST_WINDOW_SHUT)) buf[3] = '@'; else { if (status & ARGUS_SRC_WINDOW_SHUT) buf[3] = 'S'; if (status & ARGUS_DST_WINDOW_SHUT) buf[3] = 'D'; } } if (status & ARGUS_PKTS_RETRANS) { if ((status & ARGUS_SRC_PKTS_RETRANS) && (status & ARGUS_DST_PKTS_RETRANS)) buf[2] = '*'; else { if (status & ARGUS_SRC_PKTS_RETRANS) buf[2] = 's'; if (status & ARGUS_DST_PKTS_RETRANS) buf[2] = 'd'; } } if (status & ARGUS_ECN_CONGESTED) { if ((status & ARGUS_SRC_CONGESTED) && (status & ARGUS_DST_CONGESTED)) buf[3] = 'E'; else { if (status & ARGUS_SRC_CONGESTED) buf[3] = 'e'; if (status & ARGUS_DST_CONGESTED) buf[3] = 'e'; } } } } } if (ArgusThisFarStatus & ARGUS_ESP_DSR_STATUS) { struct ArgusESPStruct *esp = NULL; if ((esp = (struct ArgusESPStruct *)ArgusThisFarHdrs[ARGUS_ESP_DSR_INDEX]) != NULL) { if ((esp->src.lostseq > 0) && (esp->dst.lostseq > 0)) buf[2] = '*'; else { if (esp->src.lostseq > 0) buf[2] = 's'; if (esp->dst.lostseq > 0) buf[2] = 'd'; } } } if (argus->ahdr.status & ARGUS_MULTIADDR) buf[4] = 'M'; if (argus->argus_far.status & ARGUS_ICMP_MAPPED) buf[5] = 'I'; if ((argus->argus_far.attr_ip.soptions & ARGUS_FRAGMENTS) || (argus->argus_far.attr_ip.doptions & ARGUS_FRAGMENTS)) { if (argus->argus_far.flow.ip_flow.tp_p == ARGUS_FRAG_FLOWTAG) buf[6] = 'f'; else buf[6] = 'F'; if ((argus->argus_far.attr_ip.soptions & ARGUS_FRAGOVERLAP) || (argus->argus_far.attr_ip.doptions & ARGUS_FRAGOVERLAP)) { buf[6] = 'V'; } } if ((argus->argus_far.attr_ip.soptions & ARGUS_IPOPTIONS) || (argus->argus_far.attr_ip.doptions & ARGUS_IPOPTIONS)) { switch ((argus->argus_far.attr_ip.soptions | argus->argus_far.attr_ip.doptions) & ARGUS_IPOPTIONS) { case SSRCROUTE: buf[7] = 'S'; break; case LSRCROUTE: buf[7] = 'L'; break; case TIMESTAMP: buf[7] = 'T'; break; case SECURITY: buf[7] = '+'; break; case RECORDROUTE: buf[7] = 'R'; break; case SATNETID: buf[7] = 'N'; break; case IPOPTIONMASK: buf[7] = 'E'; break; default: buf[7] = 'O'; break; } } } } } } return; } char RaUserDataStr[MAXSTRLEN]; char * RaGetUserDataString (struct ArgusRecord *argus) { char *retn = RaUserDataStr; char strbuf[MAXSTRLEN], *str = strbuf; char delim = ' '; int len = 0; bzero (RaUserDataStr, MAXSTRLEN); if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) delim = RaFieldDelimiter; if (ArgusSrcUserDataLen > 0) { len = 0; if (ArgusThisFarStatus & ARGUS_SRCUSRDATA_DSR_STATUS) { struct ArgusUserStruct *user = (struct ArgusUserStruct *) ArgusThisFarHdrs[ARGUS_SRCUSRDATA_DSR_INDEX]; len = (user->length - 1) * 4; len = (len < argus->argus_far.src.appbytes) ? len : argus->argus_far.src.appbytes; len = len > ArgusSrcUserDataLen ? ArgusSrcUserDataLen : len; if ((len = ArgusEncode (&user->data, len, str, sizeof(strbuf))) != 0) sprintf (RaUserDataStr, "%cs[%d]=%s", delim, len, str); } else if (delim != ' ') sprintf (&RaUserDataStr[strlen(RaUserDataStr)], "%c", delim); if (delim == ' ') sprintf (&RaUserDataStr[strlen(RaUserDataStr)], "%*s", (ArgusSrcUserDataLen - len) + 1, " "); } if (ArgusDstUserDataLen > 0) { len = 0; if (ArgusThisFarStatus & ARGUS_DSTUSRDATA_DSR_STATUS) { struct ArgusUserStruct *user = (struct ArgusUserStruct *) ArgusThisFarHdrs[ARGUS_DSTUSRDATA_DSR_INDEX]; len = (user->length - 1) * 4; len = (len < argus->argus_far.dst.appbytes) ? len : argus->argus_far.dst.appbytes; len = len > ArgusDstUserDataLen ? ArgusDstUserDataLen : len; if ((len = ArgusEncode (&user->data, len, str, sizeof(strbuf))) != 0) sprintf (&RaUserDataStr[strlen(RaUserDataStr)], "%cd[%d]=%s", delim, len, str); } else if (delim != ' ') sprintf (&RaUserDataStr[strlen(RaUserDataStr)], "%c", delim); } return (retn); } extern void ArgusLog (int, char *, ...); static char basis_64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????"; int ArgusEncode (const char *ptr, int len, char *str, int slen) { int retn = 0; switch (eflag) { case ARGUS_ENCODE_64: sprintf (str, "\""); retn = ArgusEncode64(ptr, len, &str[strlen(str)], slen - strlen(str)); strcat (str, "\""); break; case ARGUS_ENCODE_ASCII: sprintf (str, "\""); retn = ArgusEncodeAscii(ptr, len, &str[strlen(str)], slen - strlen(str)); strcat (str, "\""); break; default: ArgusLog (LOG_ERR, "ArgusEncode: error encode method %d unknown", eflag); break; } return (retn); } int ArgusEncode64 (const char *ptr, int len, char *str, int slen) { int retn = 0; const unsigned char *in = (const unsigned char *)ptr; unsigned char *buf = (unsigned char *) str; unsigned char oval; unsigned newlen; if (ptr && ((newlen = (len + 2) / 3 * 4) < slen)) { while (len >= 3) { *buf++ = basis_64[in[0] >> 2]; *buf++ = basis_64[((in[0] << 4) & 0x30) | (in[1] >> 4)]; *buf++ = basis_64[((in[1] << 2) & 0x3c) | (in[2] >> 6)]; *buf++ = basis_64[in[2] & 0x3f]; in += 3; len -= 3; } if (len > 0) { *buf++ = basis_64[in[0] >> 2]; oval = (in[0] << 4) & 0x30; if (len > 1) oval |= in[1] >> 4; *buf++ = basis_64[oval]; *buf++ = (len < 2) ? '=' : basis_64[(in[1] << 2) & 0x3c]; *buf++ = '='; } if (newlen < slen) *buf = '\0'; retn = newlen; } return (retn); } #include int ArgusEncodeAscii (const char *ptr, int len, char *str, int slen) { int retn = 0, newlen = len; unsigned char *buf = (unsigned char *) str; if (ptr && (len < slen)) { while (len > 0) { if (isprint((int)*ptr)) *buf = *ptr; else *buf = '.'; buf++; ptr++; len--; } if (len < slen) *buf = '\0'; retn = newlen; } return (retn); } struct ArgusInterfaceStruct interfacetypes [] = { { 0, "DLT_NULL", "no link-layer encapsulation"}, { 1, "DLT_EN10MB", "Ethernet (10Mb)"}, { 2, "DLT_EN3MB", "Experimental Ethernet (3Mb)"}, { 3, "DLT_AX25", "Amateur Radio AX.25"}, { 4, "DLT_PRONET", "Proteon ProNET Token Ring"}, { 5, "DLT_CHAOS", "Chaos"}, { 6, "DLT_IEEE802", "IEEE 802 Networks"}, { 7, "DLT_ARCNET", "ARCNET"}, { 8, "DLT_SLIP", "Serial Line IP"}, { 9, "DLT_PPP", "Point-to-point Protocol"}, { 10,"DLT_FDDI", "FDDI"}, { 11, "DLT_ATM_RFC1483", "LLC/SNAP encapsulated atm"}, { 12, "DLT_LOOP", "loopback"}, {100, "DLT_ATM_RFC1483", "LLC/SNAP encapsulated atm"}, {101, "DLT_RAW", "raw IP"}, {102, "DLT_SLIP_BSDOS", "BSD/OS Serial Line IP"}, {103, "DLT_PPP_BSDOS", "BSD/OS Point-to-point Protocol"}, {104, "DLT_CHDLC", "Cisco HDLC"}, {-1, "Undefined", "Undefined"}, }; char argus_strbuf[MAXSTRLEN]; char * get_man_string (struct ArgusRecord *ptr) { char protoStr[128], argusIDStrBuf[32], *argusIDStr = argusIDStrBuf; char probeIDStrBuf[128], *probeIDStr = probeIDStrBuf; char versionStrBuf[128]; char date [128], fmtstr[MAXSTRLEN], indStr[16]; bzero (argus_strbuf, MAXSTRLEN); bzero (fmtstr, MAXSTRLEN); print_date(ptr, date); if (mflag) { struct ArgusInterfaceStruct *interface = &interfacetypes[0]; while (interface->value >= 0) { if (ptr->argus_mar.interfaceType == interface->value) break; interface++; } sprintf(protoStr, " man InterfaceType %-*.*s", hfield, hfield, interface->label); } else sprintf(protoStr, "man"); if (ptr->ahdr.status & ARGUS_ID_IS_IPADDR) argusIDStr = strdup (ipaddr_string (&ptr->argus_mar.argusid)); else sprintf (argusIDStr, "%u", ptr->argus_mar.argusid); if (idflag) sprintf(argus_strbuf, "%-15.15s ", argusIDStr); if (!cflag && ((ptr->ahdr.type & ARGUS_RMON) && (ptr->ahdr.status & ARGUS_TOPN))) sprintf (probeIDStr, " "); else sprintf (probeIDStr, "probeid=%-*.*s %*s", hfield, hfield, argusIDStr, pfield, " "); sprintf (versionStrBuf, "version=%d.%d", ptr->argus_mar.major_version, ptr->argus_mar.minor_version); if (ptr->ahdr.cause & ARGUS_START) { if (Iflag) strcpy (fmtstr, "%s%s%4s %-*.*s %s%*s"); else strcpy (fmtstr, "%s %4s %-*.*s %s%*s"); if (cflag) { if ((ptr->ahdr.type & ARGUS_RMON) && (ptr->ahdr.status & ARGUS_TOPN)) strcat (fmtstr, " "); else strcat (fmtstr, " "); } } else { if (Iflag) #if defined(HAVE_SOLARIS) || defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) strcpy (fmtstr, "%s%s%4s pkts %9lld bytes %12lld drops %5u "); else strcpy (fmtstr, "%s %4s pkts %9lld bytes %12lld drops %5u "); #else strcpy (fmtstr, "%s%s%4s pkts %9Ld bytes %12Ld drops %5u "); else strcpy (fmtstr, "%s %4s pkts %9Ld bytes %12Ld drops %5u "); #endif if (cflag) strcat (fmtstr, "flows %-8u closed %-8u "); } if (ptr->ahdr.cause & ARGUS_START) strcat (fmtstr, "STA"); else if (ptr->ahdr.cause & ARGUS_STATUS) strcat (fmtstr, "CON"); else if (ptr->ahdr.cause & ARGUS_STOP) strcat (fmtstr, "STP"); else if (ptr->ahdr.cause & ARGUS_SHUTDOWN) strcat (fmtstr, "SHT"); else if (ptr->ahdr.cause & ARGUS_ERROR) strcat (fmtstr, "ERR"); else if (ptr->ahdr.cause & ARGUS_MAXLISTENEXCD) strcat (fmtstr, "MAX"); ArgusGetIndicatorString (ptr, indStr); if (ptr->ahdr.cause & ARGUS_START) { if (Iflag) { sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, indStr, protoStr, hfield, hfield, versionStrBuf, probeIDStr, pfield, " "); } else { sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, protoStr, hfield, hfield, versionStrBuf, probeIDStr, pfield, " "); } } else { if (Iflag) { if (cflag) { sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, indStr, protoStr, ptr->argus_mar.pktsRcvd, ptr->argus_mar.bytesRcvd, ptr->argus_mar.pktsDrop, ptr->argus_mar.flows, ptr->argus_mar.flowsClosed); } else { sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, indStr, protoStr, ptr->argus_mar.pktsRcvd, ptr->argus_mar.bytesRcvd, ptr->argus_mar.pktsDrop); } } else { if (cflag) { sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, protoStr, ptr->argus_mar.pktsRcvd, ptr->argus_mar.bytesRcvd, ptr->argus_mar.pktsDrop, ptr->argus_mar.flows, ptr->argus_mar.flowsClosed); } else { sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, protoStr, ptr->argus_mar.pktsRcvd, ptr->argus_mar.bytesRcvd, ptr->argus_mar.pktsDrop); } } } if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) { char tmpbuf[128], *ptr = tmpbuf, *str = argus_strbuf, lastchr = ' '; int len = strlen(date) - 1; bzero (tmpbuf, sizeof(tmpbuf)); bcopy (str, ptr, len); str += len; ptr += len; while (*str) { if (*str == ' ') { if (lastchr != RaFieldDelimiter) *ptr++ = RaFieldDelimiter; while (isspace((int)*str)) str++; } lastchr = *str; *ptr++ = *str++; } bzero (argus_strbuf, MAXSTRLEN); bcopy (tmpbuf, argus_strbuf, strlen(tmpbuf)); } return (argus_strbuf); } char *ArgusTCPFlags [] = { "F", "S", "R", "P", "A", "U", "7", "8" }; char * get_tcp_string (argus) struct ArgusRecord *argus; { struct ArgusFlow *flow; unsigned int status, rev = 0; int vc = 0, ahdrlen, farhdrlen; char *processStr = NULL; char statusbuf[MAXSTRLEN], *TCPStatusString = statusbuf; char SrcTCPFlagsStr[16], DstTCPFlagsStr[16], delim; char argusIDStrBuf[32], *argusIDStr = argusIDStrBuf; char *edstString = NULL, *esrcString = NULL; char dstString[256], srcString[256]; char *protoStr, indStr[16], *blankStr = " "; char date[128], fmtstr[MAXSTRLEN], protoStrargus_strbuf[16]; char portstr[128], portbuf[16]; int src_count = 0, dst_count = 0, src_bytes = 0, dst_bytes = 0; u_char proto; struct ArgusTCPObject *tcp = NULL; bzero (protoStrargus_strbuf, 16); bzero (argus_strbuf, MAXSTRLEN); bzero (statusbuf, MAXSTRLEN); bzero (fmtstr, MAXSTRLEN); bzero (SrcTCPFlagsStr, 16); bzero (DstTCPFlagsStr, 16); bzero (argusIDStrBuf, 32); bzero (dstString, 256); bzero (srcString, 256); bzero (portbuf, 16); bzero (portstr, 128); bzero (indStr, 16); bzero (date, 128); flow = &argus->argus_far.flow; if (mflag) { if (ArgusThisFarStatus & ARGUS_MAC_DSR_STATUS) { struct ArgusMacStruct *mac = (struct ArgusMacStruct *) ArgusThisFarHdrs[ARGUS_MAC_DSR_INDEX]; esrcString = etheraddr_string ((u_char *)&mac->phys_union.ether.ethersrc); edstString = etheraddr_string ((u_char *)&mac->phys_union.ether.etherdst); sprintf (srcString, "%17.17s %17.17s %*.*s", esrcString, edstString, hfield, hfield, ipaddr_string (&flow->ip_flow.ip_src)); } else sprintf (srcString, "%17.17s %17.17s %*.*s", blankStr, blankStr, hfield, hfield, ipaddr_string (&flow->ip_flow.ip_src)); } else sprintf (srcString, "%*.*s", hfield, hfield, ipaddr_string (&flow->ip_flow.ip_src)); sprintf (dstString, "%*.*s", hfield, hfield, ipaddr_string (&flow->ip_flow.ip_dst)); if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) delim = RaFieldDelimiter; else delim = '.'; if (!((flow->ip_flow.sport == 0xFFFF) && (argus->ahdr.status & ARGUS_MERGED))) sprintf (portbuf, "%c%-*.*s", delim, pfield, pfield, tcpport_string(flow->ip_flow.sport)); else if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) { sprintf (portbuf, "%c%s%c", RaFieldDelimiter, "*", RaFieldDelimiter); } else sprintf (portbuf, "%c%-*s", delim, pfield, "*"); strcat (srcString, portbuf); if (!((flow->ip_flow.dport == 0xFFFF) && (argus->ahdr.status & ARGUS_MERGED))) { sprintf (portstr, " %-*.*s", hfield, hfield, tcpport_string(flow->ip_flow.dport)); sprintf (portbuf, "%c%-*.*s", delim, pfield, pfield, tcpport_string(flow->ip_flow.dport)); } else { if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) { sprintf (portstr, "%c%s%c", RaFieldDelimiter, "*", RaFieldDelimiter); sprintf (portbuf, "%c%s%c", RaFieldDelimiter, "*", RaFieldDelimiter); } else { sprintf (portstr, " %-*s", hfield, "*"); sprintf (portbuf, "%c%-*s", delim, pfield, "*"); } } strcat (dstString, portbuf); print_date (argus, date); if (idflag) { if (ArgusInput->ArgusManStart.ahdr.status & ARGUS_ID_IS_IPADDR) argusIDStr = strdup (ipaddr_string (&argus->ahdr.argusid)); else sprintf (argusIDStr, "%u", argus->ahdr.argusid); sprintf(argus_strbuf, "%-15.15s ", argusIDStr); } if ((argus->ahdr.type & ARGUS_RMON) && (flow->ip_flow.ip_dst == 0)) { if (Iflag) { strcpy (fmtstr, "%s%s%4s %s - "); } else strcpy (fmtstr, "%s %4s %s - "); } else { if (Iflag) { strcpy (fmtstr, "%s%s%4s %s - %s "); } else strcpy (fmtstr, "%s %4s %s - %s "); } ahdrlen = sizeof(argus->ahdr); farhdrlen = sizeof(argus->argus_far); if (ArgusThisFarStatus & ARGUS_TCP_DSR_STATUS) tcp = (struct ArgusTCPObject *)ArgusThisFarHdrs[ARGUS_TCP_DSR_INDEX]; src_count = argus->argus_far.src.count; dst_count = argus->argus_far.dst.count; if (Aflag) { src_bytes = argus->argus_far.src.appbytes; dst_bytes = argus->argus_far.dst.appbytes; } else { src_bytes = argus->argus_far.src.bytes; dst_bytes = argus->argus_far.dst.bytes; } if ((tcp != NULL) && ((status = tcp->state) != 0)) { if (!(status & (ARGUS_SAW_SYN | ARGUS_SAW_SYN_SENT))) { fmtstr[12 + vc] = '?'; if (src_count) fmtstr[13 + vc] = '>'; if (dst_count) fmtstr[11 + vc] = '<'; } if (Rflag && (status & ARGUS_RESET)) { if (status & ARGUS_DST_RESET) { fmtstr[11 + vc] = '<'; fmtstr[13 + vc] = ' '; } if (status & ARGUS_SRC_RESET) { fmtstr[11 + vc] = ' '; fmtstr[13 + vc] = '>'; } fmtstr[12 + vc] = '|'; } else if (status & ARGUS_RESET) { fmtstr[11 + vc] = ' '; fmtstr[13 + vc] = '>'; processStr = process_state_strings[5]; } else if (status & ARGUS_NORMAL_CLOSE) { fmtstr[11 + vc] = ' '; fmtstr[13 + vc] = '>'; processStr = process_state_strings[3]; } else if (status & (ARGUS_FIN | ARGUS_FIN_ACK)) { fmtstr[11 + vc] = ' '; fmtstr[13 + vc] = '>'; processStr = process_state_strings[6]; } else if (argus->ahdr.cause & ARGUS_TIMEOUT) { if (src_count) fmtstr[13 + vc] = '>'; if (dst_count) fmtstr[11 + vc] = '<'; processStr = process_state_strings[4]; } else if (status & ARGUS_CON_ESTABLISHED) { fmtstr[11 + vc] = ' '; fmtstr[13 + vc] = '>'; processStr = process_state_strings[2]; } else if (status & ARGUS_SAW_SYN_SENT) { fmtstr[11 + vc] = '<'; fmtstr[13 + vc] = ' '; processStr = process_state_strings[1]; } else if (status & ARGUS_SAW_SYN) { fmtstr[13 + vc] = '>'; fmtstr[11 + vc] = ' '; processStr = process_state_strings[0]; } if (status & ARGUS_RESET) processStr = process_state_strings[5]; if (zflag) { bzero ((char *)TCPStatusString, sizeof(statusbuf)); if (status & ARGUS_SAW_SYN) strcat (TCPStatusString, "s"); if (status & ARGUS_SAW_SYN_SENT) strcat (TCPStatusString, "S"); if (status & ARGUS_CON_ESTABLISHED) strcat (TCPStatusString, "E"); if (status & ARGUS_FIN) strcat (TCPStatusString, "f"); if (status & ARGUS_FIN_ACK) strcat (TCPStatusString, "F"); if (status & ARGUS_NORMAL_CLOSE) strcat (TCPStatusString, "C"); if (status & ARGUS_RESET) strcat (TCPStatusString, "R"); } else if (Zflag) { int i, index; bzero(SrcTCPFlagsStr, sizeof(SrcTCPFlagsStr)); bzero(DstTCPFlagsStr, sizeof(DstTCPFlagsStr)); for (i = 0, index = 1; i < 8; i++) { if (tcp->src.flags & index) { strcat (SrcTCPFlagsStr, ArgusTCPFlags[i]); } if (tcp->dst.flags & index) { strcat (DstTCPFlagsStr, ArgusTCPFlags[i]); } index <<= 1; } switch (Zflag) { case 'b': sprintf(TCPStatusString, "%s_%s", SrcTCPFlagsStr, DstTCPFlagsStr); break; case 's': sprintf(TCPStatusString, "%s", SrcTCPFlagsStr); break; case 'd': sprintf(TCPStatusString, "%s", DstTCPFlagsStr); break; } } } else { if (argus->ahdr.cause & ARGUS_START) processStr = "REQ"; if (argus->ahdr.cause & ARGUS_STATUS) processStr = "CON"; if (argus->ahdr.cause & ARGUS_STOP) processStr = "CLO"; if (argus->ahdr.cause & ARGUS_TIMEOUT) processStr = "TIM"; if (argus->ahdr.cause & ARGUS_ERROR) processStr = "ERR"; if (src_count) fmtstr[13 + vc] = '>'; if (dst_count) fmtstr[11 + vc] = '<'; fmtstr[12 + vc] = '?'; if (argus->ahdr.type & ARGUS_CISCO_NETFLOW) { if (argus->argus_far.flow.ip_flow.sport < argus->argus_far.flow.ip_flow.dport) rev++; } } if (rev) { int flag = 0; char tmpString[256]; bcopy (srcString, tmpString, 256); bcopy (dstString, srcString, 256); bcopy (tmpString, dstString, 256); src_count = argus->argus_far.dst.count; dst_count = argus->argus_far.src.count; if (Aflag) { src_bytes = argus->argus_far.dst.appbytes; dst_bytes = argus->argus_far.src.appbytes; } else { src_bytes = argus->argus_far.dst.bytes; dst_bytes = argus->argus_far.src.bytes; } if (fmtstr[13 + vc] == '>') flag++; if (fmtstr[11 + vc] == '<') fmtstr[13 + vc] = '>'; else fmtstr[13 + vc] = ' '; if (flag) fmtstr[11 + vc] = '<'; else fmtstr[11 + vc] = ' '; } if (cflag) strcat (fmtstr, "%-8u %-8u %-12u %-12u"); if (processStr == NULL) processStr = "UNK"; if (zflag || Zflag) processStr = TCPStatusString; strcat (fmtstr, processStr); proto = flow->ip_flow.ip_p; sprintf (protoStrargus_strbuf, "%u", proto); protoStr = (nflag > 1) ? protoStrargus_strbuf : proto >= IPPROTOSTR ? "unas" : ip_proto_string[proto]; ArgusGetIndicatorString (argus, indStr); if ((argus->ahdr.type & ARGUS_RMON) && (flow->ip_flow.ip_dst == 0)) { fmtstr[11 + vc] = ' '; fmtstr[12 + vc] = ' '; fmtstr[13 + vc] = ' '; if ((argus->ahdr.type & ARGUS_RMON) && (flow->ip_flow.ip_src == 0)) { if (Iflag) { if (cflag) sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, indStr, protoStr, portstr, src_count, dst_count, src_bytes, dst_bytes); else sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, indStr, protoStr, portstr); } else { if (cflag) sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, protoStr, portstr, src_count, dst_count, src_bytes, dst_bytes); else sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, protoStr, portstr); } } else { if (Iflag) { if (cflag) sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, indStr, protoStr, srcString, src_count, dst_count, src_bytes, dst_bytes); else sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, indStr, protoStr, srcString); } else { if (cflag) sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, protoStr, srcString, src_count, dst_count, src_bytes, dst_bytes); else sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, protoStr, srcString); } } } else { if (Iflag) { if (cflag) sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, indStr, protoStr, srcString, dstString, src_count, dst_count, src_bytes, dst_bytes); else sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, indStr, protoStr, srcString, dstString); } else { if (cflag) sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, protoStr, srcString, dstString, src_count, dst_count, src_bytes, dst_bytes); else sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, protoStr, srcString, dstString); } } if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) { char tmpbuf[128], *ptr = tmpbuf, *str = argus_strbuf, lastchr = ' '; int len = strlen(date) - 1; bzero (tmpbuf, sizeof(tmpbuf)); bcopy (str, ptr, len); str += len; ptr += len; while (*str) { if (*str == ' ') { if (lastchr != RaFieldDelimiter) *ptr++ = RaFieldDelimiter; while (isspace((int)*str)) str++; } lastchr = *str; *ptr++ = *str++; } bzero (argus_strbuf, MAXSTRLEN); bcopy (tmpbuf, argus_strbuf, strlen(tmpbuf)); } return (argus_strbuf); } char * get_icmp_string (ptr) struct ArgusRecord *ptr; { int vc = 0, rev = 0, srccnt = 0, dstcnt = 0; int ahdrlen, farhdrlen; struct ArgusICMPObject *icmp = NULL; char fmtstr[MAXSTRLEN], icmptype[32], icmpstr[128]; char extendedstring[32], *blankStr = " "; char *edstString = NULL, *esrcString = NULL, *protoStr, indStr[16]; char argusIDStrBuf[32], *argusIDStr = argusIDStrBuf; char dstString[256], srcString[256]; char date[128]; struct ArgusICMPFlow *icmpFlow = &ptr->argus_far.flow.icmp_flow; unsigned char ra_icmp_type = 0, ra_icmp_code = 0; unsigned short ra_icmp_data = 0; unsigned int ra_src_addr = 0, ra_dst_addr = 0, ra_gw_addr = 0; bzero (extendedstring, 32); bzero (argusIDStrBuf, 32); bzero (fmtstr, MAXSTRLEN); bzero (srcString, 256); bzero (dstString, 256); bzero (indStr, 16); if (ptr) { ahdrlen = sizeof(ptr->ahdr); farhdrlen = sizeof(ptr->argus_far); if (ArgusThisFarStatus & ARGUS_ICMP_DSR_STATUS) { icmp = (struct ArgusICMPObject *)ArgusThisFarHdrs[ARGUS_ICMP_DSR_INDEX]; if (icmp->type != ARGUS_ICMP_DSR) { icmp = NULL; } else { ra_src_addr = icmp->isrcaddr; ra_dst_addr = icmp->idstaddr; ra_gw_addr = icmp->igwaddr; ra_icmp_type = icmp->icmp_type; ra_icmp_code = icmpFlow->code; } } else { ra_icmp_type = icmpFlow->type; ra_icmp_code = icmpFlow->code; } ra_icmp_data = icmpFlow->id; bzero (icmpstr, sizeof (icmpstr)); bzero (icmptype, sizeof (icmptype)); bzero (argus_strbuf, MAXSTRLEN); bzero (extendedstring, sizeof (extendedstring)); bzero (icmptype, sizeof (icmptype)); bzero (date, 128); print_date (ptr, date); if (idflag) { if (ArgusInput->ArgusManStart.ahdr.status & ARGUS_ID_IS_IPADDR) argusIDStr = strdup (ipaddr_string (&ptr->ahdr.argusid)); else sprintf (argusIDStr, "%u", ptr->ahdr.argusid); sprintf(argus_strbuf, "%-15.15s ", argusIDStr); } if (ra_icmp_type < (unsigned char) (ICMP_MAXTYPE + 1)) strcpy (icmptype, icmptypestr[ra_icmp_type]); else strcpy (icmptype, "UNK"); switch (ra_icmp_type) { case ICMP_UNREACH: switch (ra_icmp_code) { case ICMP_UNREACH_NET: strcat (icmptype, "N"); if (ra_dst_addr) { u_long addr = ra_dst_addr; sprintf (extendedstring, "net %s", ipaddr_string (&addr)); } break; case ICMP_UNREACH_HOST: strcat (icmptype, "H"); if (ra_dst_addr) sprintf (extendedstring, "host %s", ipaddr_string (&ra_dst_addr)); break; case ICMP_UNREACH_PROTOCOL: strcat (icmptype, "O"); if (ra_icmp_data && (ra_icmp_data < IPPROTOSTR)) sprintf (extendedstring,"proto %s", ip_proto_string[ra_icmp_data]); break; case ICMP_UNREACH_PORT: { int index = icmpFlow->tp_p; strcat (icmptype, "P"); if ((ra_icmp_data && ((index < IPPROTOSTR)) && (index > 0))) { sprintf (extendedstring, "%s_port %d", ip_proto_string[index], ra_icmp_data); } else if (ra_icmp_data) sprintf (extendedstring, "port %d", ra_icmp_data); break; } case ICMP_UNREACH_NEEDFRAG: strcat (icmptype, "F"); break; case ICMP_UNREACH_SRCFAIL: strcat (icmptype, "S"); break; #ifndef ICMP_UNREACH_NET_UNKNOWN #define ICMP_UNREACH_NET_UNKNOWN 6 #endif case ICMP_UNREACH_NET_UNKNOWN: strcat (icmptype, "NU"); sprintf (extendedstring, "dst_net unknown"); break; #ifndef ICMP_UNREACH_HOST_UNKNOWN #define ICMP_UNREACH_HOST_UNKNOWN 7 #endif case ICMP_UNREACH_HOST_UNKNOWN: strcat (icmptype, "HU"); sprintf (extendedstring, "dst_host unknown"); break; #ifndef ICMP_UNREACH_ISOLATED #define ICMP_UNREACH_ISOLATED 8 #endif case ICMP_UNREACH_ISOLATED: strcat (icmptype, "ISO"); sprintf (extendedstring, "src_host isolated"); break; #ifndef ICMP_UNREACH_NET_PROHIB #define ICMP_UNREACH_NET_PROHIB 9 #endif case ICMP_UNREACH_NET_PROHIB: strcat (icmptype, "NPRO"); sprintf (extendedstring, "admin_net prohib"); break; #ifndef ICMP_UNREACH_HOST_PROHIB #define ICMP_UNREACH_HOST_PROHIB 10 #endif case ICMP_UNREACH_HOST_PROHIB: strcat (icmptype, "HPRO"); sprintf (extendedstring, "admin_host prohib"); break; #ifndef ICMP_UNREACH_TOSNET #define ICMP_UNREACH_TOSNET 11 #endif case ICMP_UNREACH_TOSNET: strcat (icmptype, "NTOS"); sprintf (extendedstring, "tos_net prohib"); break; #ifndef ICMP_UNREACH_TOSHOST #define ICMP_UNREACH_TOSHOST 12 #endif case ICMP_UNREACH_TOSHOST: strcat (icmptype, "HTOS"); sprintf (extendedstring, "tos_host prohib"); break; #ifndef ICMP_UNREACH_FILTER_PROHIB #define ICMP_UNREACH_FILTER_PROHIB 13 #endif case ICMP_UNREACH_FILTER_PROHIB: strcat (icmptype, "FIL"); sprintf (extendedstring, "admin_filter prohib"); break; #ifndef ICMP_UNREACH_HOST_PRECEDENCE #define ICMP_UNREACH_HOST_PRECEDENCE 14 #endif case ICMP_UNREACH_HOST_PRECEDENCE: strcat (icmptype, "PRE"); sprintf (extendedstring, "precedence violation"); break; #ifndef ICMP_UNREACH_PRECEDENCE_CUTOFF #define ICMP_UNREACH_PRECEDENCE_CUTOFF 15 #endif case ICMP_UNREACH_PRECEDENCE_CUTOFF: strcat (icmptype, "CUT"); sprintf (extendedstring, "precedence cutoff"); break; } break; case ICMP_MASKREPLY: rev = 1; if (ra_src_addr) sprintf (extendedstring, "mask 0x%08x", ra_src_addr); break; case ICMP_REDIRECT: switch (ra_icmp_code) { case ICMP_REDIRECT_NET: (void) sprintf (extendedstring, "net %s", ipaddr_string (&ra_gw_addr)); break; case ICMP_REDIRECT_HOST: (void) sprintf (extendedstring, "host %s", ipaddr_string (&ra_gw_addr)); break; case ICMP_REDIRECT_TOSNET: (void) sprintf (extendedstring, "tosN %s", ipaddr_string (&ra_gw_addr)); break; case ICMP_REDIRECT_TOSHOST: (void) sprintf (extendedstring, "tosH %s", ipaddr_string (&ra_gw_addr)); break; } break; #ifndef ICMP_ROUTERADVERT #define ICMP_ROUTERADVERT 9 /* router advertisement */ #endif case ICMP_ROUTERADVERT: sprintf (extendedstring, "router advertisement"); break; #ifndef ICMP_ROUTERSOLICIT #define ICMP_ROUTERSOLICIT 10 /* router solicitation */ #endif case ICMP_ROUTERSOLICIT: sprintf (extendedstring, "router solicitation"); break; case ICMP_ECHOREPLY: case ICMP_TSTAMPREPLY: case ICMP_IREQREPLY: rev = 1; sprintf (extendedstring, "%-6d %-6d", ptr->argus_far.src.bytes, ptr->argus_far.dst.bytes); break; case ICMP_TIMXCEED: (void) sprintf (extendedstring, "timexceed %s", ra_icmp_code ? "reassembly" : "in-transit"); break; case ICMP_PARAMPROB: case ICMP_SOURCEQUENCH: case ICMP_ECHO: case ICMP_TSTAMP: case ICMP_IREQ: case ICMP_MASKREQ: sprintf (extendedstring, "%-6d %-6d", ptr->argus_far.src.bytes, ptr->argus_far.dst.bytes); default: sprintf (extendedstring, "%-6d %-6d", ptr->argus_far.src.bytes, ptr->argus_far.dst.bytes); break; } if (!(Rflag)) { sprintf (extendedstring, "%-6d %-6d", ptr->argus_far.src.bytes, ptr->argus_far.dst.bytes); } protoStr = (nflag > 1) ? " 1" : "icmp"; if (mflag) { if (ArgusThisFarStatus & ARGUS_MAC_DSR_STATUS) { struct ArgusMacStruct *mac = (struct ArgusMacStruct *) ArgusThisFarHdrs[ARGUS_MAC_DSR_INDEX]; esrcString = etheraddr_string ((u_char *)&mac->phys_union.ether.ethersrc); edstString = etheraddr_string ((u_char *)&mac->phys_union.ether.etherdst); sprintf (srcString, "%17.17s %17.17s %*.*s", esrcString, edstString, hfield, hfield, ipaddr_string (&icmpFlow->ip_src)); } else sprintf (srcString, "%17.17s %17.17s %*.*s", blankStr, blankStr, hfield, hfield, ipaddr_string (&icmpFlow->ip_src)); } else sprintf (srcString, "%*.*s", hfield, hfield, ipaddr_string (&icmpFlow->ip_src)); if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) sprintf (&srcString[strlen(srcString)], "%c%c", RaFieldDelimiter, RaFieldDelimiter); else sprintf (&srcString[strlen(srcString)] , " %*.*s", pfield, pfield, " "); sprintf (dstString, "%*.*s", hfield, hfield, ipaddr_string (&icmpFlow->ip_dst)); if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) sprintf (&dstString[strlen(dstString)], "%c%c", RaFieldDelimiter, RaFieldDelimiter); else sprintf (&dstString[strlen(dstString)] , " %*.*s", pfield, pfield, " "); ArgusGetIndicatorString (ptr, indStr); if ((ptr->ahdr.type & ARGUS_RMON) && (icmpFlow->ip_dst == 0)) { if (Iflag) { strcpy (fmtstr, "%s%s%4s %s - "); } else strcpy (fmtstr, "%s %4s %s - "); } else { if (Iflag) { strcpy (fmtstr, "%s%s%4s %s - %s "); } else strcpy (fmtstr, "%s %4s %s - %s "); } if (cflag) strcat (fmtstr, "%-8u %-6u %-24.24s "); if (ptr->argus_far.src.count) fmtstr[13 + vc] = '>'; if (ptr->argus_far.dst.count) fmtstr[11 + vc] = '<'; srccnt = ptr->argus_far.src.count; dstcnt = ptr->argus_far.dst.count; strcat (fmtstr, icmptype); sprintf (icmpstr, " %-*s", hfield, " "); if ((ptr->ahdr.type & ARGUS_RMON) && (icmpFlow->ip_dst == 0)) { fmtstr[11 + vc] = ' '; fmtstr[12 + vc] = ' '; fmtstr[13 + vc] = ' '; if ((ptr->ahdr.type & ARGUS_RMON) && (icmpFlow->ip_src == 0)) { if (Iflag) { if (cflag) sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, indStr, protoStr, icmpstr, srccnt, dstcnt, extendedstring); else sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, indStr, protoStr, icmpstr); } else { if (cflag) sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, protoStr, icmpstr, srccnt, dstcnt, extendedstring); else sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, protoStr, icmpstr); } } else { if (Iflag) { if (cflag) { sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, indStr, protoStr, srcString, srccnt, dstcnt, extendedstring); } else sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, indStr, protoStr, srcString); } else { if (cflag) { sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, protoStr, srcString, srccnt, dstcnt, extendedstring); } else sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, protoStr, srcString); } } } else { if (Iflag) { if (cflag) { sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, indStr, protoStr, srcString, dstString, srccnt, dstcnt, extendedstring); } else sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, indStr, protoStr, srcString, dstString); } else { if (cflag) { sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, protoStr, srcString, dstString, srccnt, dstcnt, extendedstring); } else sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, protoStr, srcString, dstString); } } } if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) { char tmpbuf[128], *ptr = tmpbuf, *str = argus_strbuf, lastchr = ' '; int len = strlen(date) - 1; bzero (tmpbuf, sizeof(tmpbuf)); bcopy (str, ptr, len); str += len; ptr += len; while (*str) { if (*str == ' ') { if (lastchr != RaFieldDelimiter) *ptr++ = RaFieldDelimiter; while (isspace((int)*str)) str++; } lastchr = *str; *ptr++ = *str++; } bzero (argus_strbuf, MAXSTRLEN); bcopy (tmpbuf, argus_strbuf, strlen(tmpbuf)); } return (argus_strbuf); } char * get_udp_string (argus) struct ArgusRecord *argus; { return (get_ip_string (argus)); } char * get_ip_string (argus) struct ArgusRecord *argus; { struct ArgusFlow *flow; int vc = 0; char *edstString = NULL, *esrcString = NULL; char dstString[128], srcString[128], delim; char protoStr[32], indStr[16], *blankStr = " "; char argusIDStrBuf[32], *argusIDStr = argusIDStrBuf; char date[128], fmtstr[MAXSTRLEN], protoStrargus_strbuf[16]; char portbuf[16], portstr[128]; int src_count, dst_count, src_bytes, dst_bytes; u_char proto; bzero (argus_strbuf, MAXSTRLEN); bzero (fmtstr, MAXSTRLEN); bzero (srcString, 128); bzero (dstString, 128); bzero (portbuf, 16); bzero (portstr, 128); bzero (date, 128); flow = &argus->argus_far.flow; proto = flow->ip_flow.ip_p; if (mflag) { if (ArgusThisFarStatus & ARGUS_MAC_DSR_STATUS) { struct ArgusMacStruct *mac = (struct ArgusMacStruct *) ArgusThisFarHdrs[ARGUS_MAC_DSR_INDEX]; esrcString = etheraddr_string ((u_char *)&mac->phys_union.ether.ethersrc); edstString = etheraddr_string ((u_char *)&mac->phys_union.ether.etherdst); sprintf (srcString, "%17.17s %17.17s %*.*s", esrcString, edstString, hfield, hfield, ipaddr_string (&flow->ip_flow.ip_src)); } else sprintf (srcString, "%17.17s %17.17s %*.*s", blankStr, blankStr, hfield, hfield, ipaddr_string (&flow->ip_flow.ip_src)); } else sprintf (srcString, "%*.*s", hfield, hfield, ipaddr_string (&flow->ip_flow.ip_src)); sprintf (dstString, "%*.*s", hfield, hfield, ipaddr_string (&flow->ip_flow.ip_dst)); if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) delim = RaFieldDelimiter; else delim = '.'; switch (proto) { case IPPROTO_TCP: if (flow->ip_flow.sport != 0xFFFF) sprintf (portbuf, "%c%-*s", delim, pfield, tcpport_string(flow->ip_flow.sport)); else if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) { sprintf (portbuf, "%c%c", RaFieldDelimiter, RaFieldDelimiter); } else sprintf (portbuf, "%-*s ", pfield, " "); strcat (srcString, portbuf); if (flow->ip_flow.dport != 0xFFFF) { sprintf (portstr, " %-*s", hfield, tcpport_string(flow->ip_flow.dport)); sprintf (portbuf, "%c%-*s", delim, pfield, tcpport_string(flow->ip_flow.dport)); } else if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) { sprintf (portstr, "%c%c", RaFieldDelimiter, RaFieldDelimiter); sprintf (portbuf, "%c%c", RaFieldDelimiter, RaFieldDelimiter); } else { sprintf (portstr, "%-*s", hfield, " "); sprintf (portbuf, "%-*s ", pfield, " "); } strcat (dstString, portbuf); break; case IPPROTO_UDP: if (flow->ip_flow.sport != 0xFFFF) sprintf (portbuf, "%c%-*.*s", delim, pfield, pfield, udpport_string(flow->ip_flow.sport)); else if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) { sprintf (portbuf, "%c%c", RaFieldDelimiter, RaFieldDelimiter); } else sprintf (portbuf, "%-*s ", pfield, " "); strcat (srcString, portbuf); if (flow->ip_flow.dport != 0xFFFF) { sprintf (portstr, " %-*.*s", hfield, hfield, udpport_string(flow->ip_flow.dport)); sprintf (portbuf, "%c%-*.*s", delim, pfield, pfield, udpport_string(flow->ip_flow.dport)); } else { if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) { sprintf (portstr, "%c%c", RaFieldDelimiter, RaFieldDelimiter); sprintf (portbuf, "%c%c", RaFieldDelimiter, RaFieldDelimiter); } else { sprintf (portstr, " %-*s", hfield, " "); sprintf (portbuf, "%-*s ", pfield, " "); } } strcat (dstString, portbuf); break; default: if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) { sprintf (portstr, "%c%c", RaFieldDelimiter, RaFieldDelimiter); sprintf (portbuf, "%c%c", RaFieldDelimiter, RaFieldDelimiter); } else { sprintf (portstr, " %*s", hfield, " "); sprintf (portbuf, "%*s ", pfield, " "); } strcat (srcString, portbuf); strcat (dstString, portbuf); break; } src_count = argus->argus_far.src.count; dst_count = argus->argus_far.dst.count; if (Aflag) { src_bytes = argus->argus_far.src.appbytes; dst_bytes = argus->argus_far.dst.appbytes; } else { src_bytes = argus->argus_far.src.bytes; dst_bytes = argus->argus_far.dst.bytes; } print_date (argus, date); if (idflag) { if (ArgusInput->ArgusManStart.ahdr.status & ARGUS_ID_IS_IPADDR) argusIDStr = strdup (ipaddr_string (&argus->ahdr.argusid)); else sprintf (argusIDStr, "%u", argus->ahdr.argusid); sprintf(argus_strbuf, "%-15.15s ", argusIDStr); } if ((argus->ahdr.type & ARGUS_RMON) && (flow->ip_flow.ip_dst == 0)) { if (Iflag) { strcpy (fmtstr, "%s%s%4s %s - "); } else strcpy (fmtstr, "%s %4s %s - "); } else { if (Iflag) { strcpy (fmtstr, "%s%s%4s %s - %s "); } else strcpy (fmtstr, "%s %4s %s - %s "); } fmtstr[11 + vc] = (dst_count) ? '<' : ' '; fmtstr[13 + vc] = (src_count) ? '>' : ' '; if (cflag) strcat (fmtstr, "%-8u %-8u %-12u %-12u"); if ((argus->ahdr.cause & ARGUS_TIMEOUT)) strcat (fmtstr, "TIM"); else if (argus->argus_far.src.count && argus->argus_far.dst.count) { if ((argus->argus_far.src.count == 1) && (argus->argus_far.dst.count == 1)) strcat (fmtstr, "ACC"); else strcat (fmtstr, "CON"); } else if (argus->ahdr.type & ARGUS_START) strcat (fmtstr, "INT"); sprintf (protoStrargus_strbuf, "%u", proto); if ((flow->ip_flow.tp_p == ARGUS_RTP_FLOWTAG) && ((src_count > 3) || (dst_count > 3))) sprintf (protoStr, "%s", ((nflag > 1) ? protoStrargus_strbuf : "rtp")); else sprintf (protoStr, "%s", ((nflag > 1) ? protoStrargus_strbuf : proto >= IPPROTOSTR ? "unas" : ip_proto_string[proto])); if ((strlen(protoStr) > 4) && !((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0'))) protoStr[4] = '\0'; ArgusGetIndicatorString (argus, indStr); if ((argus->ahdr.type & ARGUS_RMON) && (flow->ip_flow.ip_dst == 0)) { fmtstr[11 + vc] = ' '; fmtstr[12 + vc] = ' '; fmtstr[13 + vc] = ' '; if ((argus->ahdr.type & ARGUS_RMON) && (flow->ip_flow.ip_src == 0)) { if (Iflag) { if (cflag) sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, indStr, protoStr, portstr, src_count, dst_count, src_bytes, dst_bytes); else sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, indStr, protoStr, portbuf); } else { if (cflag) sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, protoStr, portstr, src_count, dst_count, src_bytes, dst_bytes); else sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, protoStr, portstr); } } else { if (Iflag) { if (cflag) sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, indStr, protoStr, srcString, src_count, dst_count, src_bytes, dst_bytes); else sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, indStr, protoStr, srcString); } else { if (cflag) sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, protoStr, srcString, src_count, dst_count, src_bytes, dst_bytes); else sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, protoStr, srcString); } } } else { if (Iflag) { if (cflag) sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, indStr, protoStr, srcString, dstString, src_count, dst_count, src_bytes, dst_bytes); else sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, indStr, protoStr, srcString, dstString); } else { if (cflag) sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, protoStr, srcString, dstString, src_count, dst_count, src_bytes, dst_bytes); else sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, protoStr, srcString, dstString); } } if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) { char tmpbuf[128], *ptr = tmpbuf, *str = argus_strbuf, lastchr = ' '; int len = strlen(date) - 1; bzero (tmpbuf, sizeof(tmpbuf)); bcopy (str, ptr, len); str += len; ptr += len; while (*str) { if (*str == ' ') { if (lastchr != RaFieldDelimiter) *ptr++ = RaFieldDelimiter; while (isspace((int)*str)) str++; } lastchr = *str; *ptr++ = *str++; } bzero (argus_strbuf, MAXSTRLEN); bcopy (tmpbuf, argus_strbuf, strlen(tmpbuf)); } return (argus_strbuf); } char * get_arp_string (argus) struct ArgusRecord *argus; { struct ArgusFlow *flow; char *targetString, *sourceString, *protoStr, indStr[16]; char *esrcString = NULL, *edstString = NULL; char srcString[256], dstString[256]; char argusIDStrBuf[32], *argusIDStr = argusIDStrBuf; char date[128], fmtstr[256], *blankStr = " "; int src_count, dst_count, src_bytes, dst_bytes; int afield, xfield; unsigned short proto; bzero (argus_strbuf, MAXSTRLEN); bzero (date, 128); flow = &argus->argus_far.flow; src_count = argus->argus_far.src.count; dst_count = argus->argus_far.dst.count; if (Aflag) { src_bytes = argus->argus_far.src.appbytes; dst_bytes = argus->argus_far.dst.appbytes; } else { src_bytes = argus->argus_far.src.bytes; dst_bytes = argus->argus_far.dst.bytes; } print_date (argus, date); if (idflag) { if (ArgusInput->ArgusManStart.ahdr.status & ARGUS_ID_IS_IPADDR) argusIDStr = strdup (ipaddr_string (&argus->ahdr.argusid)); else sprintf (argusIDStr, "%u", argus->ahdr.argusid); sprintf(argus_strbuf, "%-15.15s ", argusIDStr); } proto = argus->ahdr.status & 0xFFFF; protoStr = etherproto_string( proto); if (proto == ETHERTYPE_REVARP) { if (Rflag) { sourceString = etheraddr_string (flow->rarp_flow.tareaddr); targetString = ipaddr_string (&flow->rarp_flow.arp_tpa); if (Iflag) { strcpy (fmtstr, "%s%s%4s %s%*.*s is-at %*.*s %*.*s "); } else strcpy (fmtstr, "%s %4s %s%*.*s is-at %*.*s %*.*s "); } else { sourceString = etheraddr_string (flow->rarp_flow.srceaddr); targetString = etheraddr_string (flow->rarp_flow.tareaddr); if (Iflag) { strcpy (fmtstr, "%s%s%4s %s%*.*swho-has %*.*s %*.*s "); } else strcpy (fmtstr, "%s %4s %s%*.*swho-has %*.*s %*.*s "); } } else { if (Rflag) { sourceString = ipaddr_string (&flow->arp_flow.arp_tpa); targetString = etheraddr_string (argus->argus_far.attr_arp.response); if (Iflag) { strcpy (fmtstr, "%s%s%4s %s%*.*s is-at %*.*s %*.*s "); } else strcpy (fmtstr, "%s %4s %s%*.*s is-at %*.*s %*.*s "); } else { sourceString = ipaddr_string (&flow->arp_flow.arp_spa); targetString = ipaddr_string (&flow->arp_flow.arp_tpa); if (Iflag) { strcpy (fmtstr, "%s%s%4s %s%*.*swho-has %*.*s %*.*s "); } else strcpy (fmtstr, "%s %4s %s%*.*swho-has %*.*s %*.*s "); } } if (mflag) { if (ArgusThisFarStatus & ARGUS_MAC_DSR_STATUS) { struct ArgusMacStruct *mac = (struct ArgusMacStruct *) ArgusThisFarHdrs[ARGUS_MAC_DSR_INDEX]; esrcString = etheraddr_string ((u_char *)&mac->phys_union.ether.ethersrc); edstString = etheraddr_string ((u_char *)&mac->phys_union.ether.etherdst); sprintf (srcString, "%17.17s %17.17s %*.*s", esrcString, edstString, hfield, hfield, sourceString); } else sprintf (srcString, "%17.17s %17.17s %*.*s", blankStr, blankStr, hfield, hfield, sourceString); } else sprintf (srcString, "%*.*s", hfield, hfield, sourceString); sprintf (dstString, "%s", targetString); if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) { sprintf (&srcString[strlen(srcString)], "%c%c", RaFieldDelimiter, RaFieldDelimiter); sprintf (&dstString[strlen(dstString)], "%c%c", RaFieldDelimiter, RaFieldDelimiter); } if (cflag) strcat (fmtstr, "%-8u %-8u %-12u %-12u"); if ((argus->ahdr.cause & ARGUS_TIMEOUT)) strcat (fmtstr, "TIM"); else if (argus->argus_far.src.count && argus->argus_far.dst.count) { if ((argus->argus_far.src.count == 1) && (argus->argus_far.dst.count == 1)) strcat (fmtstr, "ACC"); else strcat (fmtstr, "CON"); } else if (argus->ahdr.type & ARGUS_START) strcat (fmtstr, "INT"); ArgusGetIndicatorString (argus, indStr); xfield = pfield; afield = hfield; if (Rflag) { afield += 2; xfield -= 2; } if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) { afield += 5; } if (Iflag) { if (cflag) sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, indStr, protoStr, srcString, pfield, pfield, " ", afield, afield, dstString, xfield, xfield, " ", src_count, dst_count, src_bytes, dst_bytes); else sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, indStr, protoStr, srcString, pfield, pfield, " ", afield, afield, dstString, xfield, xfield, " "); } else { if (cflag) sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, protoStr, srcString, pfield, pfield, " ", afield, afield, dstString, xfield, xfield, " ", src_count, dst_count, src_bytes, dst_bytes); else sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, protoStr, srcString, pfield, pfield, " ", afield, afield, dstString, xfield, xfield, " "); } if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) { char tmpbuf[128], *ptr = tmpbuf, *str = argus_strbuf, lastchr = ' '; int len = strlen(date) - 1; bzero (tmpbuf, sizeof(tmpbuf)); bcopy (str, ptr, len); str += len; ptr += len; while (*str) { if (*str == ' ') { if (lastchr != RaFieldDelimiter) *ptr++ = RaFieldDelimiter; while (isspace((int)*str)) str++; } lastchr = *str; *ptr++ = *str++; } bzero (argus_strbuf, MAXSTRLEN); bcopy (tmpbuf, argus_strbuf, strlen(tmpbuf)); } return (argus_strbuf); } char * get_nonip_string (argus) struct ArgusRecord *argus; { struct ArgusFlow *flow; int vc = 0; char srcString[256], dstString[256]; char protoStr[32], indStr[16]; char *edstString = NULL, *esrcString = NULL; char argusIDStrBuf[32], *argusIDStr = argusIDStrBuf; char date[128], fmtstr[MAXSTRLEN], *blankStr = " "; char sportbuf[16], dportbuf[16], delim; int src_count, dst_count, src_bytes, dst_bytes; unsigned short proto = 0; bzero (argus_strbuf, MAXSTRLEN); bzero (argusIDStrBuf, 32); bzero (fmtstr, MAXSTRLEN); bzero (srcString, 256); bzero (dstString, 256); bzero (protoStr, 32); bzero (sportbuf, 16); bzero (dportbuf, 16); bzero (indStr, 16); bzero (date, 128); flow = &argus->argus_far.flow; sprintf (srcString, "%17.17s", etheraddr_string((unsigned char *)&flow->mac_flow.ehdr.ether_shost)); sprintf (dstString, "%17.17s", etheraddr_string((unsigned char *)&flow->mac_flow.ehdr.ether_dhost)); src_count = argus->argus_far.src.count; dst_count = argus->argus_far.dst.count; if (Aflag) { src_bytes = argus->argus_far.src.appbytes; dst_bytes = argus->argus_far.dst.appbytes; } else { src_bytes = argus->argus_far.src.bytes; dst_bytes = argus->argus_far.dst.bytes; } print_date (argus, date); if (idflag) { if (ArgusInput->ArgusManStart.ahdr.status & ARGUS_ID_IS_IPADDR) argusIDStr = strdup (ipaddr_string (&argus->ahdr.argusid)); else sprintf (argusIDStr, "%u", argus->ahdr.argusid); sprintf(argus_strbuf, "%-15.15s ", argusIDStr); } if (mflag) { if (ArgusThisFarStatus & ARGUS_MAC_DSR_STATUS) { struct ArgusMacStruct *mac = (struct ArgusMacStruct *) ArgusThisFarHdrs[ARGUS_MAC_DSR_INDEX]; esrcString = etheraddr_string ((u_char *)&mac->phys_union.ether.ethersrc); edstString = etheraddr_string ((u_char *)&mac->phys_union.ether.etherdst); sprintf (srcString, "%17.17s %17.17s %*.*s", esrcString, edstString, hfield + 2, hfield + 2, etheraddr_string((unsigned char *)&flow->mac_flow.ehdr.ether_shost)); } else sprintf (srcString, "%17.17s %17.17s %*.*s", blankStr, blankStr, hfield + 2, hfield + 2, etheraddr_string((unsigned char *)&flow->mac_flow.ehdr.ether_shost)); } if (Iflag) strcpy (fmtstr, "%s%s%4s %s - %22.22s "); else strcpy (fmtstr, "%s %4s %s - %22.22s "); if (cflag) strcat (fmtstr, "%-8u %-8u %-12u %-12u"); if ((argus->ahdr.cause & ARGUS_TIMEOUT)) strcat (fmtstr, "TIM"); else if (argus->argus_far.src.count && argus->argus_far.dst.count) { if ((argus->argus_far.src.count == 1) && (argus->argus_far.dst.count == 1)) strcat (fmtstr, "ACC"); else strcat (fmtstr, "CON"); } else if (argus->ahdr.type & ARGUS_START) strcat (fmtstr, "INT"); proto = argus->ahdr.status & 0xFFFF; sprintf (protoStr, "%s", etherproto_string(proto)); if (src_count) fmtstr[12 + vc] = '>'; if (dst_count) fmtstr[10 + vc] = '<'; if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) delim = RaFieldDelimiter; else { if (proto == 0) { delim = '.'; } else { delim = ' '; } } if (proto == 0) { sprintf (sportbuf, "%c%-4.4s", delim, llcsap_string((unsigned char) flow->mac_flow.ssap)); sprintf (dportbuf, "%c%-4.4s", delim, llcsap_string((unsigned char) flow->mac_flow.dsap)); } else { sprintf (sportbuf, "%c ", delim); sprintf (dportbuf, "%c ", delim); if (dst_count) { if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) fmtstr[9 + vc] = RaFieldDelimiter; } else if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) fmtstr[10 + vc] = RaFieldDelimiter; if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) { fmtstr[22 + vc] = RaFieldDelimiter; } } strcat (srcString, sportbuf); strcat (dstString, dportbuf); if ((strlen(protoStr) > 4) && !((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0'))) protoStr[4] = '\0'; ArgusGetIndicatorString (argus, indStr); if (Iflag) { if (cflag) sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, indStr, protoStr, srcString, dstString, src_count, dst_count, src_bytes, dst_bytes); else sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, indStr, protoStr, srcString, dstString); } else { if (cflag) sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, protoStr, srcString, dstString, src_count, dst_count, src_bytes, dst_bytes); else sprintf (&argus_strbuf[strlen(argus_strbuf)], fmtstr, date, protoStr, srcString, dstString); } if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) { char tmpbuf[128], *ptr = tmpbuf, *str = argus_strbuf, lastchr = ' '; int len = strlen(date) - 1; bzero (tmpbuf, sizeof(tmpbuf)); bcopy (str, ptr, len); str += len; ptr += len; while (*str) { if (*str == ' ') { if (lastchr != RaFieldDelimiter) *ptr++ = RaFieldDelimiter; while (isspace((int)*str)) str++; } lastchr = *str; *ptr++ = *str++; } bzero (argus_strbuf, MAXSTRLEN); bcopy (tmpbuf, argus_strbuf, strlen(tmpbuf)); } return (argus_strbuf); } #ifdef NOVFPRINTF /* * Stock 4.3 doesn't have vfprintf. * This routine is due to Chris Torek. */ vfprintf(f, fmt, args) FILE *f; char *fmt; va_list args; { int ret; if ((f->_flag & _IOWRT) == 0) { if (f->_flag & _IORW) f->_flag |= _IOWRT; else return EOF; } ret = _doprnt(fmt, args, f); return ferror(f) ? EOF : ret; } #endif argus-2.0.6.fixes.1/common/gencode.c0000775000076600007660000012531710016412624012663 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1990, 1991, 1992, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #if defined(HAVE_SOLARIS) || defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(__APPLE_CC__) #include #include #endif #include #include #include #if !defined(__OpenBSD__) || !defined(_NET_IF_H_) #include #define _NET_IF_H_ #endif #include #include #include #include #include #include #include #include #include #ifndef __GNUC__ #define inline #endif extern void ArgusLog (int, char *, ...); #define JMP(c) ((c)|BPF_JMP|BPF_K) static jmp_buf top_ctx; static u_int off_nl = 0; static int alloc_reg(void); static void free_reg(int); static struct block *root; /* * We divy out chunks of memory rather than call malloc each time so * we don't have to worry about leaking memory. It's probably * not a big deal if all this memory was wasted but it this ever * goes into a library that would probably not be a good idea. */ #define NCHUNKS 16 #define CHUNK0SIZE 1024 struct chunk { u_int n_left; void *m; }; static struct chunk chunks[NCHUNKS]; static int cur_chunk; static void *newchunk(u_int); static void freechunks(void); static struct block *new_block(int); static struct slist *new_stmt(int); static struct block *Argusgen_retblk(int); static void syntax(void); static void backpatch(struct block *, struct block *); static void merge(struct block *, struct block *); static struct block *Argusgen_cmp(u_int, u_int, u_int); static struct block *Argusgen_mcmp(u_int, u_int, u_int, u_int); static struct block *Argusgen_bcmp(u_int, u_int, u_char *); static struct block *Argusgen_prototype(u_int); static struct block *Argusgen_hostop(u_int, u_int, int, u_int, u_int, u_int); static struct block *Argusgen_ehostop(u_char *, int); static struct block *Argusgen_host(u_int, u_int, int, int); static struct block *Argusgen_gateway(u_char *, u_int **, int, int); static struct block *Argusgen_portatom(int, long); struct block *Argusgen_portop(int, int, int); static struct block *Argusgen_port(int, u_int, int); static int lookup_proto(char *, int); static struct block *Argusgen_proto(int, int, int); static struct block *Argusgen_ttl(int, int); static struct block *Argusgen_tos(int, int); static u_int net_mask(u_int *); static struct slist *xfer_to_x(struct arth *); static struct slist *xfer_to_a(struct arth *); static struct block *Argusgen_len(int, int); static void * newchunk(n) u_int n; { struct chunk *cp; int k, size; /* XXX Round up to nearest long. */ n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1); cp = &chunks[cur_chunk]; if (n > cp->n_left) { ++cp, k = ++cur_chunk; if (k >= NCHUNKS) ArgusLog(LOG_ERR,"out of memory"); size = CHUNK0SIZE << k; cp->m = (void *)malloc(size); memset((char *)cp->m, 0, size); cp->n_left = size; if (n > size) ArgusLog(LOG_ERR,"out of memory"); } cp->n_left -= n; return (void *)((char *)cp->m + cp->n_left); } static void freechunks() { int i; for (i = 0; i < NCHUNKS; ++i) if (chunks[i].m) free(chunks[i].m); } /* * A strdup whose allocations are freed after code generation is over. */ char * Argussdup(s) char *s; { int n = strlen(s) + 1; char *cp = newchunk(n); strcpy(cp, s); return (cp); } static struct block * new_block(code) int code; { struct block *p; p = (struct block *)newchunk(sizeof(*p)); p->s.code = code; p->head = p; return p; } static struct slist * new_stmt(code) int code; { struct slist *p; p = (struct slist *)newchunk(sizeof(*p)); p->s.code = code; return p; } static struct block * Argusgen_retblk(v) int v; { struct block *b = new_block(BPF_RET|BPF_K); b->s.k = v; return b; } static void syntax() { ArgusLog(LOG_ERR,"syntax error in filter expression"); } static u_int ArgusNetMask; static int snaplen; int ArgusFilterCompile(struct bpf_program *program, char *buf, int optimize, unsigned int mask) { extern int argus_n_errors; int len; if (setjmp(top_ctx)) return (-1); ArgusNetMask = mask; snaplen = 96; argus_lex_init(buf ? buf : ""); argus_parse(); if (argus_n_errors) syntax(); if (root == NULL) root = Argusgen_retblk(snaplen); if (optimize) { Argusbpf_optimize(&root); if (root == NULL || (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) ArgusLog(LOG_ERR,"expression rejects all packets"); } program->bf_insns = Argusicode_to_fcode(root, &len); program->bf_len = len; freechunks(); return (0); } /* * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates * which of the jt and jf fields has been resolved and which is a pointer * back to another unresolved block (or nil). At least one of the fields * in each block is already resolved. */ static void backpatch(list, target) struct block *list, *target; { struct block *next; while (list) { if (!list->sense) { next = JT(list); JT(list) = target; } else { next = JF(list); JF(list) = target; } list = next; } } /* * Merge the lists in b0 and b1, using the 'sense' field to indicate * which of jt and jf is the link. */ static void merge(b0, b1) struct block *b0, *b1; { register struct block **p = &b0; /* Find end of list. */ while (*p) p = !((*p)->sense) ? &JT(*p) : &JF(*p); /* Concatenate the lists. */ *p = b1; } void Argusfinish_parse(p) struct block *p; { backpatch(p, Argusgen_retblk(snaplen)); p->sense = !p->sense; backpatch(p, Argusgen_retblk(0)); root = p->head; } void Argusgen_and(b0, b1) struct block *b0, *b1; { if (b0 != b1) { backpatch(b0, b1->head); b0->sense = !b0->sense; b1->sense = !b1->sense; merge(b1, b0); b1->sense = !b1->sense; b1->head = b0->head; } } void Argusgen_or(b0, b1) struct block *b0, *b1; { if (b0 != b1) { b0->sense = !b0->sense; backpatch(b0, b1->head); b0->sense = !b0->sense; merge(b1, b0); b1->head = b0->head; } } void Argusgen_not(b) struct block *b; { b->sense = !b->sense; } static struct block * Argusgen_cmp(offset, size, v) u_int offset, size; u_int v; { struct slist *s; struct block *b; s = new_stmt(BPF_LD|BPF_ABS|size); s->s.k = offset; b = new_block(JMP(BPF_JEQ)); b->stmts = s; b->s.k = v; return b; } static struct block * Argusgen_mcmp(offset, size, v, mask) u_int offset, size; u_int v; u_int mask; { struct block *b = Argusgen_cmp(offset, size, v); struct slist *s; if (mask != 0xffffffff) { s = new_stmt(BPF_ALU|BPF_AND|BPF_K); s->s.k = mask; b->stmts->next = s; } return b; } static struct block * Argusgen_bcmp(offset, size, v) u_int offset, size; u_char *v; { struct block *b, *tmp; b = NULL; while (size >= 4) { u_char *p = &v[size - 4]; u_int w = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; tmp = Argusgen_cmp(offset + size - 4, BPF_W, w); if (b != NULL) Argusgen_and(b, tmp); b = tmp; size -= 4; } while (size >= 2) { u_char *p = &v[size - 2]; u_int w = (p[0] << 8) | p[1]; tmp = Argusgen_cmp(offset + size - 2, BPF_H, w); if (b != NULL) Argusgen_and(b, tmp); b = tmp; size -= 2; } if (size > 0) { tmp = Argusgen_cmp(offset, BPF_B, (u_int)v[0]); if (b != NULL) Argusgen_and(b, tmp); b = tmp; } return b; } static struct block * Argusgen_espstatustype(unsigned int proto) { struct block *b0 = NULL, *b1 = NULL; b1 = Argusgen_prototype(IPPROTO_ESP); switch (proto) { case ARGUS_SRC_PKTS_RETRANS: b0 = Argusgen_cmp(116, BPF_W, 0); Argusgen_not(b0); break; case ARGUS_DST_PKTS_RETRANS: b0 = Argusgen_cmp(128, BPF_W, 0); Argusgen_not(b0); break; } if (b0) Argusgen_and(b0, b1); return (b1); } static struct block * Argusgen_tcpstatustype(unsigned int proto) { struct block *b0, *b1; unsigned int value = proto; b0 = Argusgen_prototype(IPPROTO_TCP); switch (proto) { #define ARGUS_ECN_CONGESTED 0xC000 /* SRC_CONGESTED | DST_CONGESTED */ case ARGUS_SRC_CONGESTED: case ARGUS_DST_CONGESTED: case ARGUS_SRC_RESET: case ARGUS_DST_RESET: case ARGUS_SRC_WINDOW_SHUT: case ARGUS_DST_WINDOW_SHUT: case ARGUS_NORMAL_CLOSE: case ARGUS_SAW_SYN: case ARGUS_SAW_SYN_SENT: case ARGUS_CON_ESTABLISHED: case ARGUS_CLOSE_WAITING: case ARGUS_SRC_PKTS_RETRANS: case ARGUS_DST_PKTS_RETRANS: default: b1 = Argusgen_mcmp(108, BPF_W, value, value); break; } Argusgen_and(b0, b1); return (b1); } static struct block * Argusgen_causetype(unsigned int cause) { struct block *b0 = NULL; switch (cause) { case ARGUS_START: case ARGUS_STATUS: case ARGUS_STOP: case ARGUS_TIMEOUT: b0 = Argusgen_mcmp(1, BPF_B, (u_int) cause, cause); break; } return (b0); } static struct block * Argusgen_recordtype(unsigned int proto) { struct block *b0 = NULL; switch (proto) { case ARGUS_MAR: case ARGUS_FAR: case ARGUS_DATASUP: b0 = Argusgen_mcmp(0, BPF_B, (u_int) proto, proto); break; } return (b0); } static struct block * Argusgen_Farstatustype(unsigned int proto) { struct block *b0 = NULL, *b1 = NULL; switch (proto) { case ARGUS_MULTIADDR: case ARGUS_ICMPUNREACH_MAPPED: case ARGUS_ICMPREDIREC_MAPPED: case ARGUS_ICMPTIMXCED_MAPPED: b0 = Argusgen_recordtype(ARGUS_MAR); Argusgen_not(b0); b1 = Argusgen_mcmp(18, BPF_H, (u_int) proto, proto); Argusgen_and(b0, b1); break; case ARGUS_VLAN: case ARGUS_MPLS: case ARGUS_MERGED: case ARGUS_DETAIL: case ARGUS_CONNECTED: b0 = Argusgen_recordtype(ARGUS_MAR); Argusgen_not(b0); b1 = Argusgen_mcmp(4, BPF_W, (u_int) proto, proto); Argusgen_and(b0, b1); break; default: b0 = Argusgen_recordtype(ARGUS_MAR); Argusgen_not(b0); b1 = Argusgen_cmp(6, BPF_H, (u_int) proto); Argusgen_and(b0, b1); break; } return (b1); } static struct block * Argusgen_FarAttrtype(unsigned int proto) { struct block *b0 = NULL, *b1 = NULL; switch (proto) { case ARGUS_FRAGMENTS: b0 = Argusgen_mcmp(56, BPF_H, (u_int) proto, proto); b1 = Argusgen_mcmp(58, BPF_H, (u_int) proto, proto); Argusgen_or(b0, b1); b0 = Argusgen_recordtype(ARGUS_MAR); Argusgen_not(b0); Argusgen_and(b0, b1); break; } return (b1); } static struct block * Argusgen_prototype(unsigned int proto) { struct block *b0, *b1; switch (proto) { case IPPROTO_RTP: b0 = Argusgen_cmp(48, BPF_B, (u_int) IPPROTO_UDP); b1 = Argusgen_cmp(49, BPF_B, (u_int) ARGUS_RTP_FLOWTAG); Argusgen_and(b0, b1); break; default: /* all the flow protocols */ b1 = Argusgen_cmp(48, BPF_B, (u_int) proto); break; } return b1; } static struct block * Argusgen_hostop(unsigned int addr, unsigned int mask, int dir, unsigned int proto, unsigned int src_off, unsigned int dst_off) { struct block *b0, *b1; u_int offset; switch (dir) { case Q_SRC: offset = src_off; break; case Q_DST: offset = dst_off; break; case Q_AND: b0 = Argusgen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); b1 = Argusgen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); Argusgen_and(b0, b1); return b1; case Q_OR: case Q_DEFAULT: b0 = Argusgen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); b1 = Argusgen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); Argusgen_or(b0, b1); return b1; default: abort(); } b0 = Argusgen_Farstatustype(proto); b1 = Argusgen_mcmp(offset, BPF_W, (u_int)addr, mask); Argusgen_and(b0, b1); return b1; } static struct block * Argusgen_ehostop(eaddr, dir) u_char *eaddr; int dir; { struct block *b0, *b1; switch (dir) { case Q_SRC: return Argusgen_bcmp (92, 6, eaddr); case Q_DST: return Argusgen_bcmp (98, 6, eaddr); case Q_AND: b0 = Argusgen_ehostop(eaddr, Q_SRC); b1 = Argusgen_ehostop(eaddr, Q_DST); Argusgen_and(b0, b1); return b1; case Q_DEFAULT: case Q_OR: b0 = Argusgen_ehostop(eaddr, Q_SRC); b1 = Argusgen_ehostop(eaddr, Q_DST); Argusgen_or(b0, b1); return b1; } abort(); /* NOTREACHED */ } static struct block * Argusgen_host(addr, mask, proto, dir) u_int addr; u_int mask; int proto; int dir; { struct block *b0, *b1 = NULL; switch (proto) { case Q_DEFAULT: b0 = Argusgen_hostop(addr, mask, dir, ETHERTYPE_ARP, 40, 44); b1 = Argusgen_hostop(addr, mask, dir, ETHERTYPE_IP, 40, 44); Argusgen_or(b0, b1); break; case Q_IP: b1 = Argusgen_hostop(addr, mask, dir, ETHERTYPE_IP, 40, 44); break; case Q_ARP: b1 = Argusgen_hostop(addr, mask, dir, ETHERTYPE_ARP, 40, 44); break; case Q_RARP: b1 = Argusgen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 40, 44); break; case Q_TCP: ArgusLog(LOG_ERR,"'tcp' modifier applied to host"); case Q_UDP: ArgusLog(LOG_ERR,"'udp' modifier applied to host"); case Q_RTP: ArgusLog(LOG_ERR,"'rtp' modifier applied to host"); case Q_ICMP: ArgusLog(LOG_ERR,"'icmp' modifier applied to host"); default: abort(); } return (b1); } static struct block * Argusgen_gateway(eaddr, alist, proto, dir) u_char *eaddr; u_int **alist; int proto; int dir; { struct block *b0, *b1 = NULL, *tmp; if (dir != 0) ArgusLog(LOG_ERR,"direction applied to 'gateway'"); switch (proto) { case Q_DEFAULT: case Q_IP: case Q_ARP: case Q_RARP: b0 = Argusgen_ehostop(eaddr, Q_OR); b1 = Argusgen_host(**alist++, 0xffffffffL, proto, Q_OR); while (*alist) { tmp = Argusgen_host(**alist++, 0xffffffffL, proto, Q_OR); Argusgen_or(b1, tmp); b1 = tmp; } Argusgen_not(b1); Argusgen_and(b0, b1); break; default: ArgusLog(LOG_ERR,"illegal modifier of 'gateway'"); } return b1; } struct block * Argusgen_proto_abbrev(proto) int proto; { struct block *b0, *b1; switch (proto) { case Q_TCP: b1 = Argusgen_prototype(IPPROTO_TCP); break; case Q_ESP: b1 = Argusgen_prototype(IPPROTO_ESP); break; case Q_RTP: b1 = Argusgen_prototype(IPPROTO_RTP); break; case Q_UDP: b0 = Argusgen_Farstatustype(ETHERTYPE_IP); b1 = Argusgen_prototype(IPPROTO_UDP); Argusgen_and(b0, b1); break; case Q_ICMP: b1 = Argusgen_prototype(IPPROTO_ICMP); break; case Q_IGMP: b1 = Argusgen_prototype(IPPROTO_IGMP); break; #ifndef IPPROTO_IGRP #define IPPROTO_IGRP 9 #endif case Q_IGRP: b1 = Argusgen_prototype(IPPROTO_IGRP); break; case Q_MPLS: b1 = Argusgen_Farstatustype(ARGUS_MPLS); break; case Q_VLAN: b1 = Argusgen_Farstatustype(ARGUS_VLAN); break; case Q_RARP: b1 = Argusgen_Farstatustype(ETHERTYPE_REVARP); break; case Q_ARP: b1 = Argusgen_Farstatustype(ETHERTYPE_ARP); break; case Q_IP: b1 = Argusgen_Farstatustype(ETHERTYPE_IP); break; case Q_MAN: b1 = Argusgen_recordtype(ARGUS_MAR); break; case Q_MULTIPATH: b1 = Argusgen_Farstatustype(ARGUS_MULTIADDR); break; case Q_FRAG: b1 = Argusgen_FarAttrtype(ARGUS_FRAGMENTS); break; case Q_CONNECTED: case Q_ESTABLISHED: b1 = Argusgen_Farstatustype(ARGUS_CONNECTED); break; case Q_MERGED: b1 = Argusgen_Farstatustype(ARGUS_MERGED); break; case Q_DETAIL: b1 = Argusgen_Farstatustype(ARGUS_DETAIL); break; case Q_ECHO: b0 = Argusgen_cmp(50, BPF_B, (u_int) 0x08); b1 = Argusgen_cmp(50, BPF_B, (u_int) 0x00); Argusgen_or(b0, b1); b0 = Argusgen_prototype(IPPROTO_ICMP); Argusgen_and(b0, b1); break; case Q_UNREACH: b1 = Argusgen_prototype(IPPROTO_ICMP); b0 = Argusgen_cmp(50, BPF_B, (u_int) 0x03); Argusgen_and(b0, b1); b0 = Argusgen_Farstatustype(ARGUS_ICMPUNREACH_MAPPED); Argusgen_or(b0, b1); break; case Q_REDIRECT: b1 = Argusgen_prototype(IPPROTO_ICMP); b0 = Argusgen_cmp(50, BPF_B, (u_int) 0x05); Argusgen_and(b0, b1); b0 = Argusgen_Farstatustype(ARGUS_ICMPREDIREC_MAPPED); Argusgen_or(b0, b1); break; case Q_TIMEXED: b1 = Argusgen_prototype(IPPROTO_ICMP); b0 = Argusgen_cmp(50, BPF_B, (u_int) 0x0B); Argusgen_and(b0, b1); b0 = Argusgen_Farstatustype(ARGUS_ICMPTIMXCED_MAPPED); Argusgen_or(b0, b1); break; case Q_TIMEDOUT: b1 = Argusgen_causetype(ARGUS_TIMEOUT); break; case Q_RETRANS: b0 = Argusgen_espstatustype(ARGUS_SRC_PKTS_RETRANS); b1 = Argusgen_tcpstatustype(ARGUS_SRC_PKTS_RETRANS); Argusgen_or(b0, b1); b0 = Argusgen_espstatustype(ARGUS_DST_PKTS_RETRANS); Argusgen_or(b0, b1); b0 = Argusgen_tcpstatustype(ARGUS_DST_PKTS_RETRANS); Argusgen_or(b0, b1); break; case Q_SRCRETRANS: b0 = Argusgen_espstatustype(ARGUS_SRC_PKTS_RETRANS); b1 = Argusgen_tcpstatustype(ARGUS_SRC_PKTS_RETRANS); Argusgen_or(b0, b1); break; case Q_DSTRETRANS: b0 = Argusgen_espstatustype(ARGUS_DST_PKTS_RETRANS); b1 = Argusgen_tcpstatustype(ARGUS_DST_PKTS_RETRANS); Argusgen_or(b0, b1); break; case Q_SYN: b1 = Argusgen_tcpstatustype(ARGUS_SAW_SYN); break; case Q_SYNACK: b1 = Argusgen_tcpstatustype(ARGUS_SAW_SYN_SENT); break; case Q_DATA: b1 = Argusgen_tcpstatustype(ARGUS_CON_ESTABLISHED); break; case Q_FIN: b1 = Argusgen_tcpstatustype(ARGUS_FIN); break; case Q_FINACK: b1 = Argusgen_tcpstatustype(ARGUS_FIN_ACK); break; case Q_WAIT: b1 = Argusgen_tcpstatustype(ARGUS_CLOSE_WAITING); break; case Q_NORMAL: b1 = Argusgen_tcpstatustype(ARGUS_NORMAL_CLOSE); break; case Q_LINK: ArgusLog(LOG_ERR,"link layer applied in wrong context"); default: abort(); } return b1; } static struct block * Argusgen_ttlatom(int off, u_int v) { return Argusgen_cmp(60 + off, BPF_B, (u_int)v); } static struct block * Argusgen_tosatom(int off, u_int v) { return Argusgen_cmp(62 + off, BPF_B, v); } static struct block * Argusgen_portatom(off, v) int off; long v; { return Argusgen_cmp(50 + off, BPF_H, (u_int)v); } struct block * Argusgen_portop(port, proto, dir) int port, proto, dir; { struct block *b0, *b1, *tmp; /* ip proto 'proto' */ b0 = Argusgen_prototype(proto); switch (dir) { case Q_SRC: b1 = Argusgen_portatom(0, (long)port); break; case Q_DST: b1 = Argusgen_portatom(2, (long)port); break; case Q_OR: case Q_DEFAULT: tmp = Argusgen_portatom(0, (long)port); b1 = Argusgen_portatom(2, (long)port); Argusgen_or(tmp, b1); break; case Q_AND: tmp = Argusgen_portatom(0, (long)port); b1 = Argusgen_portatom(2, (long)port); Argusgen_and(tmp, b1); break; default: abort(); } Argusgen_and(b0, b1); return b1; } static struct block * Argusgen_port(port, ip_proto, dir) int port; u_int ip_proto; int dir; { struct block *b1, *tmp; switch (ip_proto) { case IPPROTO_TCP: b1 = Argusgen_portop(port, IPPROTO_TCP, dir); break; case IPPROTO_UDP: b1 = Argusgen_portop(port, IPPROTO_UDP, dir); break; case IPPROTO_RTP: tmp = Argusgen_portop(port, IPPROTO_UDP, dir); b1 = Argusgen_portop(port, IPPROTO_RTP, dir); Argusgen_and(tmp, b1); break; case PROTO_UNDEF: tmp = Argusgen_portop(port, IPPROTO_TCP, dir); b1 = Argusgen_portop(port, IPPROTO_UDP, dir); Argusgen_or(tmp, b1); break; default: abort(); } return b1; } static int lookup_proto(name, proto) char *name; int proto; { int v = 0; switch (proto) { case Q_DEFAULT: case Q_IP: v = argus_nametoproto(name); if (v == PROTO_UNDEF) ArgusLog(LOG_ERR,"unknown proto '%s'", name); break; case Q_LINK: /* XXX should look up h/w protocol type based on linktype */ v = argus_nametoeproto(name); if (v == PROTO_UNDEF) ArgusLog(LOG_ERR,"unknown ether proto '%s'", name); break; case Q_MAN: ArgusLog (LOG_ERR, "man proto called '%s'", name); break; default: v = PROTO_UNDEF; break; } return v; } static struct block * Argusgen_proto(v, proto, dir) int v; int proto; int dir; { struct block *b0, *b1; if (dir != Q_DEFAULT) ArgusLog(LOG_ERR,"direction applied to 'proto'"); switch (proto) { case Q_DEFAULT: case Q_IP: b0 = Argusgen_recordtype(ARGUS_MAR); Argusgen_not(b0); b1 = Argusgen_Farstatustype(ETHERTYPE_IP); Argusgen_and(b0, b1); b0 = Argusgen_prototype(v); Argusgen_and(b0, b1); return b1; case Q_ARP: b0 = Argusgen_recordtype(ARGUS_MAR); Argusgen_not(b0); b1 = Argusgen_Farstatustype(ETHERTYPE_ARP); Argusgen_and(b0, b1); return b1; case Q_RARP: ArgusLog(LOG_ERR,"rarp does not encapsulate another protocol"); /* NOTREACHED */ case Q_MAN: /* case Q_DETAIL: */ return Argusgen_recordtype(ARGUS_MAR); case Q_LINK: return Argusgen_Farstatustype(v); case Q_UDP: ArgusLog(LOG_ERR,"'udp proto' is bogus"); /* NOTREACHED */ case Q_RTP: ArgusLog(LOG_ERR,"'rtp proto' is bogus"); /* NOTREACHED */ case Q_TCP: ArgusLog(LOG_ERR,"'tcp proto' is bogus"); /* NOTREACHED */ case Q_ICMP: ArgusLog(LOG_ERR,"'icmp proto' is bogus"); /* NOTREACHED */ case Q_IGMP: ArgusLog(LOG_ERR,"'igmp proto' is bogus"); /* NOTREACHED */ default: abort(); /* NOTREACHED */ } /* NOTREACHED */ } static struct block * Argusgen_ttl(int v, int dir) { struct block *b0, *b1 = NULL, *tmp; b0 = Argusgen_proto(v, Q_IP, Q_DEFAULT); switch (dir) { case Q_SRC: b1 = Argusgen_ttlatom(0, (u_int)v); break; case Q_DST: b1 = Argusgen_ttlatom(1, (u_int)v); break; case Q_OR: case Q_DEFAULT: tmp = Argusgen_ttlatom(0, (u_int)v); b1 = Argusgen_ttlatom(1, (u_int)v); Argusgen_or(tmp, b1); break; case Q_AND: tmp = Argusgen_ttlatom(0, (u_int)v); b1 = Argusgen_ttlatom(1, (u_int)v); Argusgen_and(tmp, b1); break; default: abort(); } Argusgen_and(b0, b1); return b1; } static struct block * Argusgen_tos(int v, int dir) { struct block *b0, *b1 = NULL, *tmp; b0 = Argusgen_proto(v, Q_IP, Q_DEFAULT); switch (dir) { case Q_SRC: b1 = Argusgen_tosatom(0, (u_int)v); break; case Q_DST: b1 = Argusgen_tosatom(1, (u_int)v); break; case Q_OR: case Q_DEFAULT: tmp = Argusgen_tosatom(0, (u_int)v); b1 = Argusgen_tosatom(1, (u_int)v); Argusgen_or(tmp, b1); break; case Q_AND: tmp = Argusgen_tosatom(0, (u_int)v); b1 = Argusgen_tosatom(1, (u_int)v); Argusgen_and(tmp, b1); break; default: abort(); } Argusgen_and(b0, b1); return b1; } /* * Left justify 'addr' and return its resulting network mask. */ static u_int net_mask(addr) u_int *addr; { register u_int m = 0xffffffff; if (*addr) while ((*addr & 0xff000000) == 0) *addr <<= 8, m <<= 8; return m; } struct block * Argusgen_tcode(name, q) int name; struct qual q; { int proto = q.proto; int dir = q.dir; struct block *b0 = NULL, *b1 = NULL; switch (name) { case Q_RETRANS: { switch (dir) { case Q_SRC: b1 = Argusgen_proto_abbrev(Q_SRCRETRANS); break; case Q_DST: b1 = Argusgen_proto_abbrev(Q_DSTRETRANS); break; case Q_AND: b0 = Argusgen_proto_abbrev(Q_SRCRETRANS); b1 = Argusgen_proto_abbrev(Q_DSTRETRANS); Argusgen_and(b0, b1); break; default: case Q_OR: b1 = Argusgen_proto_abbrev(Q_RETRANS); break; } break; } case Q_FRAG: { switch (dir) { case Q_SRC: b1 = Argusgen_mcmp(56, BPF_H, (u_int) proto, proto); break; case Q_DST: b1 = Argusgen_mcmp(58, BPF_H, (u_int) proto, proto); break; case Q_AND: b0 = Argusgen_mcmp(56, BPF_H, (u_int) proto, proto); b1 = Argusgen_mcmp(58, BPF_H, (u_int) proto, proto); Argusgen_or(b0, b1); break; default: case Q_OR: b0 = Argusgen_mcmp(56, BPF_H, (u_int) proto, proto); b1 = Argusgen_mcmp(58, BPF_H, (u_int) proto, proto); Argusgen_or(b0, b1); break; } b0 = Argusgen_tcode(Q_FRAG_ONLY, q); Argusgen_or(b0, b1); break; } case Q_FRAG_ONLY: { b1 = Argusgen_cmp(49, BPF_B, (u_int) ARGUS_FRAG_FLOWTAG); break; } case Q_WINSHUT: { switch (dir) { case Q_SRC: b1 = Argusgen_tcpstatustype(ARGUS_SRC_WINDOW_SHUT); break; case Q_DST: b1 = Argusgen_tcpstatustype(ARGUS_DST_WINDOW_SHUT); break; case Q_AND: b0 = Argusgen_tcpstatustype(ARGUS_SRC_WINDOW_SHUT); b1 = Argusgen_tcpstatustype(ARGUS_DST_WINDOW_SHUT); Argusgen_and(b0, b1); break; default: case Q_OR: b0 = Argusgen_tcpstatustype(ARGUS_SRC_WINDOW_SHUT); b1 = Argusgen_tcpstatustype(ARGUS_DST_WINDOW_SHUT); Argusgen_or(b0, b1); break; } break; } case Q_ECN: { switch (dir) { case Q_SRC: b1 = Argusgen_tcpstatustype(ARGUS_SRC_CONGESTED); break; case Q_DST: b1 = Argusgen_tcpstatustype(ARGUS_DST_CONGESTED); break; case Q_AND: b0 = Argusgen_tcpstatustype(ARGUS_SRC_CONGESTED); b1 = Argusgen_tcpstatustype(ARGUS_DST_CONGESTED); Argusgen_and(b0, b1); break; default: case Q_OR: b0 = Argusgen_tcpstatustype(ARGUS_SRC_CONGESTED); b1 = Argusgen_tcpstatustype(ARGUS_DST_CONGESTED); Argusgen_or(b0, b1); break; } break; } case Q_RESET: { switch (dir) { case Q_SRC: b1 = Argusgen_tcpstatustype(ARGUS_SRC_RESET); break; case Q_DST: b1 = Argusgen_tcpstatustype(ARGUS_DST_RESET); break; case Q_AND: b0 = Argusgen_tcpstatustype(ARGUS_SRC_RESET); b1 = Argusgen_tcpstatustype(ARGUS_DST_RESET); Argusgen_and(b0, b1); break; default: case Q_OR: b0 = Argusgen_tcpstatustype(ARGUS_SRC_RESET); b1 = Argusgen_tcpstatustype(ARGUS_DST_RESET); Argusgen_or(b0, b1); break; } break; } } return b1; } struct block * Argusgen_scode(name, q) char *name; struct qual q; { int proto = q.proto; int dir = q.dir; u_char *eaddr; u_int mask, addr; u_int **alist; struct block *b, *tmp; int port, real_proto; switch (q.addr) { case Q_NET: addr = argus_nametonetaddr(name); if (addr == 0) ArgusLog(LOG_ERR,"unknown network '%s'", name); mask = net_mask(&addr); return Argusgen_host(addr, mask, proto, dir); case Q_DEFAULT: case Q_HOST: if (proto == Q_LINK) { eaddr = argus_ether_hostton(name); if (eaddr == NULL) ArgusLog(LOG_ERR,"unknown ether host '%s'", name); return Argusgen_ehostop(eaddr, dir); } else if (proto == Q_DECNET) { unsigned short dn_addr = __argus_nametodnaddr(name); /* * I don't think DECNET hosts can be multihomed, so * there is no need to build up a list of addresses */ return (Argusgen_host(dn_addr, 0, proto, dir)); } else { alist = argus_nametoaddr(name); if (alist == NULL || *alist == NULL) ArgusLog(LOG_ERR,"unknown host '%s'", name); b = Argusgen_host(**alist++, 0xffffffffL, proto, dir); while (*alist) { tmp = Argusgen_host(**alist++, 0xffffffffL, proto, dir); Argusgen_or(b, tmp); b = tmp; } return b; } case Q_PORT: if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP && proto != Q_RTP) ArgusLog(LOG_ERR,"illegal qualifier of 'port'"); if (argus_nametoport(name, &port, &real_proto) == 0) ArgusLog(LOG_ERR,"unknown port '%s'", name); if ((proto == Q_UDP) || (proto == Q_RTP)) { if (real_proto == IPPROTO_TCP) ArgusLog(LOG_ERR,"port '%s' is tcp", name); else /* override PROTO_UNDEF */ real_proto = IPPROTO_UDP; } if (proto == Q_TCP) { if (real_proto == IPPROTO_UDP) ArgusLog(LOG_ERR,"port '%s' is udp", name); else /* override PROTO_UNDEF */ real_proto = IPPROTO_TCP; } return Argusgen_port(port, real_proto, dir); case Q_GATEWAY: eaddr = argus_ether_hostton(name); if (eaddr == NULL) ArgusLog(LOG_ERR,"unknown ether host: %s", name); alist = argus_nametoaddr(name); if (alist == NULL || *alist == NULL) ArgusLog(LOG_ERR,"unknown host '%s'", name); return Argusgen_gateway(eaddr, alist, proto, dir); case Q_PROTO: real_proto = lookup_proto(name, proto); if (real_proto >= 0) return Argusgen_proto(real_proto, proto, dir); else ArgusLog(LOG_ERR,"unknown protocol: %s", name); case Q_UNDEF: syntax(); /* NOTREACHED */ } abort(); /* NOTREACHED */ } struct block * Argusgen_mcode(s1, s2, masklen, q) char *s1, *s2; int masklen; struct qual q; { struct block *b0 = NULL; int nlen, mlen; u_int n, m; nlen = __argus_atoin(s1, &n); /* Promote short ipaddr */ n <<= 32 - nlen; if (s2 != NULL) { mlen = __argus_atoin(s2, &m); /* Promote short ipaddr */ m <<= 32 - mlen; } else { /* Convert mask len to mask */ if (masklen > 32) ArgusLog(LOG_ERR,"mask length must be <= 32"); m = 0xffffffff << (32 - masklen); } switch (q.addr) { case Q_NET: b0 = Argusgen_host(n, m, q.proto, q.dir); break; default: ArgusLog(LOG_ERR,"Mask syntax for networks only"); /* NOTREACHED */ } return b0; } struct block * Argusgen_ncode(char *s, u_int v, struct qual q) { u_int mask; int proto = q.proto; int dir = q.dir; int vlen; if (s == NULL) vlen = 32; else vlen = __argus_atoin(s, &v); switch (q.addr) { case Q_DEFAULT: case Q_HOST: case Q_NET: if (proto == Q_LINK) { ArgusLog(LOG_ERR,"illegal link layer address"); } else { /* mask = net_mask(&v); */ mask = 0xffffffff; if ((s == NULL) && (q.addr == Q_NET)) { /* Promote short net number */ while (v && (v & 0xff000000) == 0) { v <<= 8; mask <<= 8; } } else { /* Promote short ipaddr */ v <<= 32 - vlen; mask <<= 32 - vlen; } return Argusgen_host(v, mask, proto, dir); } case Q_PORT: if (proto == Q_UDP) proto = IPPROTO_UDP; else if (proto == Q_RTP) proto = IPPROTO_RTP; else if (proto == Q_TCP) proto = IPPROTO_TCP; else if (proto == Q_DEFAULT) proto = PROTO_UNDEF; else ArgusLog(LOG_ERR,"illegal qualifier of 'port'"); return Argusgen_port((int)v, proto, dir); case Q_GATEWAY: ArgusLog(LOG_ERR,"'gateway' requires a name"); /* NOTREACHED */ case Q_PROTO: return Argusgen_proto((int)v, proto, dir); case Q_TTL: return Argusgen_ttl((int)v, dir); case Q_TOS: return Argusgen_tos((int)v, dir); case Q_UNDEF: syntax(); /* NOTREACHED */ default: abort(); /* NOTREACHED */ } /* NOTREACHED */ } struct block * Argusgen_ecode(eaddr, q) u_char *eaddr; struct qual q; { struct block *b0 = NULL; if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) b0 = Argusgen_ehostop(eaddr, (int)q.dir); else ArgusLog(LOG_ERR,"ethernet address used in non-ether expression"); return b0; } void Argussappend(s0, s1) struct slist *s0, *s1; { /* * This is definitely not the best way to do this, but the * lists will rarely get long. */ while (s0->next) s0 = s0->next; s0->next = s1; } static struct slist * xfer_to_x(a) struct arth *a; { struct slist *s; s = new_stmt(BPF_LDX|BPF_MEM); s->s.k = a->regno; return s; } static struct slist * xfer_to_a(a) struct arth *a; { struct slist *s; s = new_stmt(BPF_LD|BPF_MEM); s->s.k = a->regno; return s; } struct arth * Argusgen_load(proto, index, size) int proto; struct arth *index; int size; { struct slist *s, *tmp; struct block *b; int regno = alloc_reg(); free_reg(index->regno); switch (size) { default: ArgusLog(LOG_ERR,"data size must be 1, 2, or 4"); case 1: size = BPF_B; break; case 2: size = BPF_H; break; case 4: size = BPF_W; break; } switch (proto) { default: ArgusLog(LOG_ERR,"unsupported index operation"); case Q_LINK: s = xfer_to_x(index); tmp = new_stmt(BPF_LD|BPF_IND|size); Argussappend(s, tmp); Argussappend(index->s, s); break; case Q_IP: case Q_ARP: case Q_RARP: s = xfer_to_x(index); tmp = new_stmt(BPF_LD|BPF_IND|size); tmp->s.k = off_nl; Argussappend(s, tmp); Argussappend(index->s, s); b = Argusgen_proto_abbrev(proto); if (index->b) Argusgen_and(index->b, b); index->b = b; break; case Q_TCP: case Q_RTP: case Q_UDP: case Q_ICMP: case Q_IGMP: case Q_IGRP: s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); s->s.k = off_nl; Argussappend(s, xfer_to_a(index)); Argussappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); Argussappend(s, new_stmt(BPF_MISC|BPF_TAX)); Argussappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); tmp->s.k = off_nl; Argussappend(index->s, s); b = Argusgen_proto_abbrev(proto); if (index->b) Argusgen_and(index->b, b); index->b = b; break; } index->regno = regno; s = new_stmt(BPF_ST); s->s.k = regno; Argussappend(index->s, s); return index; } struct block * Argusgen_relation(code, a0, a1, reversed) int code; struct arth *a0, *a1; int reversed; { struct slist *s0, *s1, *s2; struct block *b, *tmp; s0 = xfer_to_x(a1); s1 = xfer_to_a(a0); s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); b = new_block(JMP(code)); if (reversed) Argusgen_not(b); Argussappend(s1, s2); Argussappend(s0, s1); Argussappend(a1->s, s0); Argussappend(a0->s, a1->s); b->stmts = a0->s; free_reg(a0->regno); free_reg(a1->regno); /* 'and' together protocol checks */ if (a0->b) { if (a1->b) { Argusgen_and(a0->b, tmp = a1->b); } else tmp = a0->b; } else tmp = a1->b; if (tmp) Argusgen_and(tmp, b); return b; } struct arth * Argusgen_loadlen() { int regno = alloc_reg(); struct arth *a = (struct arth *)newchunk(sizeof(*a)); struct slist *s; s = new_stmt(BPF_LD|BPF_LEN); s->next = new_stmt(BPF_ST); s->next->s.k = regno; a->s = s; a->regno = regno; return a; } struct arth * Argusgen_loadi(val) int val; { struct arth *a; struct slist *s; int reg; a = (struct arth *)newchunk(sizeof(*a)); reg = alloc_reg(); s = new_stmt(BPF_LD|BPF_IMM); s->s.k = val; s->next = new_stmt(BPF_ST); s->next->s.k = reg; a->s = s; a->regno = reg; return a; } struct arth * Argusgen_neg(a) struct arth *a; { struct slist *s; s = xfer_to_a(a); Argussappend(a->s, s); s = new_stmt(BPF_ALU|BPF_NEG); s->s.k = 0; Argussappend(a->s, s); s = new_stmt(BPF_ST); s->s.k = a->regno; Argussappend(a->s, s); return a; } struct arth * Argusgen_arth(code, a0, a1) int code; struct arth *a0, *a1; { struct slist *s0, *s1, *s2; s0 = xfer_to_x(a1); s1 = xfer_to_a(a0); s2 = new_stmt(BPF_ALU|BPF_X|code); Argussappend(s1, s2); Argussappend(s0, s1); Argussappend(a1->s, s0); Argussappend(a0->s, a1->s); free_reg(a1->regno); s0 = new_stmt(BPF_ST); a0->regno = s0->s.k = alloc_reg(); Argussappend(a0->s, s0); return a0; } /* * Here we handle simple allocation of the scratch registers. * If too many registers are alloc'd, the allocator punts. */ static int regused[BPF_MEMWORDS]; static int curreg; /* * Return the next free register. */ static int alloc_reg() { int retn = -1; int n = BPF_MEMWORDS; while (--n >= 0) { if (regused[curreg]) curreg = (curreg + 1) % BPF_MEMWORDS; else { regused[curreg] = 1; retn = curreg; break; } } if (retn == -1) ArgusLog(LOG_ERR,"too many registers needed to evaluate expression"); return (retn); } /* * Return a register to the table so it can * be used later. */ static void free_reg(n) int n; { regused[n] = 0; } static struct block * Argusgen_len(jmp, n) int jmp, n; { struct slist *s; struct block *b; s = new_stmt(BPF_LD|BPF_LEN); s->next = new_stmt(BPF_ALU|BPF_SUB|BPF_K); s->next->s.k = n; b = new_block(JMP(jmp)); b->stmts = s; return b; } struct block * Argusgen_greater(n) int n; { fprintf (stderr, "Argusgen_greater(%d)\n", n); return Argusgen_len(BPF_JGE, n); } struct block * Argusgen_less(n) int n; { struct block *b; b = Argusgen_len(BPF_JGT, n); Argusgen_not(b); return b; } struct block * Argusgen_byteop(op, idx, val) int op, idx, val; { struct block *b; struct slist *s; switch (op) { default: abort(); case '=': return Argusgen_cmp((u_int)idx, BPF_B, (u_int)val); case '<': b = Argusgen_cmp((u_int)idx, BPF_B, (u_int)val); b->s.code = JMP(BPF_JGE); Argusgen_not(b); return b; case '>': b = Argusgen_cmp((u_int)idx, BPF_B, (u_int)val); b->s.code = JMP(BPF_JGT); return b; case '|': s = new_stmt(BPF_ALU|BPF_OR|BPF_K); break; case '&': s = new_stmt(BPF_ALU|BPF_AND|BPF_K); break; } s->s.k = val; b = new_block(JMP(BPF_JEQ)); b->stmts = s; Argusgen_not(b); return b; } struct block * Argusgen_broadcast(proto) int proto; { u_int classmask; u_int netaddr; struct block *b0, *b1; static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; extern u_int ArgusLocalNet; switch (proto) { case Q_DEFAULT: case Q_LINK: return Argusgen_ehostop(ebroadcast, Q_DST); case Q_IP: netaddr = ArgusLocalNet & ArgusNetMask; classmask = ipaddrtonetmask(ArgusLocalNet); b1 = Argusgen_host(netaddr, 0xffffffffL, proto, Q_OR); netaddr |= ~(~0 & ArgusNetMask); b0 = Argusgen_host(netaddr, 0xffffffffL, proto, Q_OR); Argusgen_or(b1, b0); if (classmask != ArgusNetMask) { netaddr = ArgusLocalNet & classmask; b1 = Argusgen_host(netaddr, 0xffffffffL, proto, Q_OR); Argusgen_or(b1, b0); } b1 = Argusgen_host( ~0, 0xffffffffL, proto, Q_OR); Argusgen_or(b1, b0); return b0; } ArgusLog(LOG_ERR,"only ether/ip broadcast filters supported"); return NULL; } struct block * Argusgen_multicast(proto) int proto; { register struct block *b0, *b1; register struct slist *s; switch (proto) { case Q_DEFAULT: case Q_LINK: s = new_stmt(BPF_LD|BPF_B|BPF_ABS); s->s.k = 88; b0 = new_block(JMP(BPF_JSET)); b0->s.k = 1; b0->stmts = s; return b0; case Q_IP: b1 = Argusgen_cmp(40, BPF_B, (u_int) 224); b1->s.code = JMP(BPF_JGE); b0 = Argusgen_cmp(44, BPF_B, (u_int) 224); b0->s.code = JMP(BPF_JGE); Argusgen_or(b0, b1); return b1; } return NULL; } /* * generate command for inbound/outbound. It's here so we can * make it link-type specific. 'dir' = 0 implies "inbound", * = 1 implies "outbound". */ struct block * Argusgen_inbound(dir) int dir; { register struct block *b0; b0 = Argusgen_relation(BPF_JEQ, Argusgen_load(Q_LINK, Argusgen_loadi(0), 1), Argusgen_loadi(0), dir); return (b0); } argus-2.0.6.fixes.1/common/grammar.y0000775000076600007660000002216310036666344012742 %{ /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * */ #if defined(HAVE_SOLARIS) || defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) #include #include #endif #include #include #if !defined(__OpenBSD__) || !defined(_NET_IF_H_) #define _NET_IF_H_ #include #endif #include #include #include #include #define QSET(q, p, d, a) (q).proto = (p),\ (q).dir = (d),\ (q).addr = (a) int argus_n_errors = 0; static struct qual qerr = { Q_UNDEF, Q_UNDEF, Q_UNDEF, Q_UNDEF }; extern void ArgusLog (int, char *, ...); static void yyerror(char *msg) { ++argus_n_errors; ArgusLog (LOG_ERR, msg); /* NOTREACHED */ } /* #ifndef YYBISON argus_parse() { return (yyparse()); } #endif */ %} %union { int i; u_long h; u_char *e; char *s; struct stmt *stmt; struct arth *a; struct { struct qual q; struct block *b; } blk; struct block *rblk; } %type expr id nid pid term rterm qid tid %type head thead %type pqual dqual aqual ndaqual %type arth narth %type byteop pname tname pnum relop irelop %type and or paren not null prog %type other %token DST SRC HOST GATEWAY TEST TTL TOS %token NET MASK PORT LESS GREATER PROTO BYTE %token ARP RARP IP TCP UDP ICMP IGMP MAN FRAG FRAG_ONLY %token MPLS VLAN %token RTP ESP DECNET LAT MOPRC MOPDL %token TK_BROADCAST TK_MULTICAST %token NUM INBOUND OUTBOUND %token LINK %token GEQ LEQ NEQ %token ID EID HID %token LSH RSH %token LEN %token RETRANS NORMAL WAIT MULTIPATH RESET TIMEDOUT WINSHUT %token SYN SYNACK DATA FIN FINACK ICMPECHO UNREACH REDIRECT %token ECN TIMEXED ESTABLISHED CONNECTED %type ID %type EID %type HID %type NUM %left OR AND %nonassoc '!' %left '|' %left '&' %left LSH RSH %left '+' '-' %left '*' '/' %nonassoc UMINUS %% prog: null expr { Argusfinish_parse($2.b); } | null ; null: /* null */ { $$.q = qerr; } ; expr: term | expr and term { Argusgen_and($1.b, $3.b); $$ = $3; } | expr and id { Argusgen_and($1.b, $3.b); $$ = $3; } | expr or term { Argusgen_or($1.b, $3.b); $$ = $3; } | expr or id { Argusgen_or($1.b, $3.b); $$ = $3; } ; and: AND { $$ = $0; } ; or: OR { $$ = $0; } ; id: nid | pnum { $$.b = Argusgen_ncode(NULL, (arg_uint32)$1, $$.q = $0.q); } | paren pid ')' { $$ = $2; } ; tid: tname { $$.b = Argusgen_tcode($1, $$.q = $0.q); } ; nid: ID { $$.b = Argusgen_scode($1, $$.q = $0.q); } | HID '/' NUM { $$.b = Argusgen_mcode($1, NULL, $3, $$.q = $0.q); } | HID MASK HID { $$.b = Argusgen_mcode($1, $3, 0, $$.q = $0.q); } | HID { /* Decide how to parse HID based on proto */ $$.q = $0.q; switch ($$.q.proto) { case Q_DECNET: $$.b = Argusgen_ncode($1, 0, $$.q); break; default: $$.b = Argusgen_ncode($1, 0, $$.q); break; } } | EID { $$.b = Argusgen_ecode($1, $$.q = $0.q); } | not id { Argusgen_not($2.b); $$ = $2; } ; not: '!' { $$ = $0; } ; paren: '(' { $$ = $0; } ; pid: nid | qid and id { Argusgen_and($1.b, $3.b); $$ = $3; } | qid or id { Argusgen_or($1.b, $3.b); $$ = $3; } ; qid: pnum { $$.b = Argusgen_ncode(NULL, (arg_uint32)$1, $$.q = $0.q); } | pid ; term: rterm | not term { Argusgen_not($2.b); $$ = $2; } ; head: pqual dqual aqual { QSET($$.q, $1, $2, $3); } | pqual dqual { QSET($$.q, $1, $2, Q_DEFAULT); } | pqual aqual { QSET($$.q, $1, Q_DEFAULT, $2); } | pqual PROTO { QSET($$.q, $1, Q_DEFAULT, Q_PROTO); } | pqual ndaqual { QSET($$.q, $1, Q_DEFAULT, $2); } ; thead: pqual dqual { QSET($$.q, $1, $2, Q_DEFAULT); } ; rterm: head id { $$ = $2; } | thead tid { $$ = $2; } | paren expr ')' { $$.b = $2.b; $$.q = $1.q; } | pname { $$.b = Argusgen_proto_abbrev($1); $$.q = qerr; } | tid { $$ = $1; } | arth relop arth { $$.b = Argusgen_relation($2, $1, $3, 0); $$.q = qerr; } | arth irelop arth { $$.b = Argusgen_relation($2, $1, $3, 1); $$.q = qerr; } | other { $$.b = $1; $$.q = qerr; } ; /* protocol level qualifiers */ pqual: pname | { $$ = Q_DEFAULT; } ; /* 'direction' qualifiers */ dqual: SRC { $$ = Q_SRC; } | DST { $$ = Q_DST; } | SRC OR DST { $$ = Q_OR; } | DST OR SRC { $$ = Q_OR; } | SRC AND DST { $$ = Q_AND; } | DST AND SRC { $$ = Q_AND; } ; /* address type qualifiers */ aqual: HOST { $$ = Q_HOST; } | NET { $$ = Q_NET; } | PORT { $$ = Q_PORT; } | TTL { $$ = Q_TTL; } | TOS { $$ = Q_TOS; } ; /* non-directional address type qualifiers */ ndaqual: GATEWAY { $$ = Q_GATEWAY; } ; pname: LINK { $$ = Q_LINK; } | IP { $$ = Q_IP; } | ARP { $$ = Q_ARP; } | RARP { $$ = Q_RARP; } | ESP { $$ = Q_ESP; } | RTP { $$ = Q_RTP; } | TCP { $$ = Q_TCP; } | UDP { $$ = Q_UDP; } | ICMP { $$ = Q_ICMP; } | IGMP { $$ = Q_IGMP; } | MPLS { $$ = Q_MPLS; } | VLAN { $$ = Q_VLAN; } | DECNET { $$ = Q_DECNET; } | LAT { $$ = Q_LAT; } | MOPDL { $$ = Q_MOPDL; } | MOPRC { $$ = Q_MOPRC; } | MAN { $$ = Q_MAN; } | NORMAL { $$ = Q_NORMAL; } | WAIT { $$ = Q_WAIT; } | MULTIPATH { $$ = Q_MULTIPATH; } | ESTABLISHED { $$ = Q_ESTABLISHED; } | CONNECTED { $$ = Q_CONNECTED; } | TIMEDOUT { $$ = Q_TIMEDOUT; } | SYN { $$ = Q_SYN; } | SYNACK { $$ = Q_SYNACK; } | DATA { $$ = Q_DATA; } | FIN { $$ = Q_FIN; } | FINACK { $$ = Q_FINACK; } | ICMPECHO { $$ = Q_ECHO; } | UNREACH { $$ = Q_UNREACH; } | REDIRECT { $$ = Q_REDIRECT; } | TIMEXED { $$ = Q_TIMEXED; } ; tname: RETRANS { $$ = Q_RETRANS; } | WINSHUT { $$ = Q_WINSHUT; } | RESET { $$ = Q_RESET; } | FRAG { $$ = Q_FRAG; } | FRAG_ONLY { $$ = Q_FRAG_ONLY; } | ECN { $$ = Q_ECN; } ; other: pqual TK_BROADCAST { $$ = Argusgen_broadcast($1); } | pqual TK_MULTICAST { $$ = Argusgen_multicast($1); } | LESS NUM { $$ = Argusgen_less($2); } | GREATER NUM { $$ = Argusgen_greater($2); } | BYTE NUM byteop NUM { $$ = Argusgen_byteop($3, $2, $4); } | INBOUND { $$ = Argusgen_inbound(0); } | OUTBOUND { $$ = Argusgen_inbound(1); } ; relop: '>' { $$ = BPF_JGT; } | GEQ { $$ = BPF_JGE; } | '=' { $$ = BPF_JEQ; } ; irelop: LEQ { $$ = BPF_JGT; } | '<' { $$ = BPF_JGE; } | NEQ { $$ = BPF_JEQ; } ; arth: pnum { $$ = Argusgen_loadi($1); } | narth ; narth: pname '[' arth ']' { $$ = Argusgen_load($1, $3, 1); } | pname '[' arth ':' NUM ']' { $$ = Argusgen_load($1, $3, $5); } | arth '+' arth { $$ = Argusgen_arth(BPF_ADD, $1, $3); } | arth '-' arth { $$ = Argusgen_arth(BPF_SUB, $1, $3); } | arth '*' arth { $$ = Argusgen_arth(BPF_MUL, $1, $3); } | arth '/' arth { $$ = Argusgen_arth(BPF_DIV, $1, $3); } | arth '&' arth { $$ = Argusgen_arth(BPF_AND, $1, $3); } | arth '|' arth { $$ = Argusgen_arth(BPF_OR, $1, $3); } | arth LSH arth { $$ = Argusgen_arth(BPF_LSH, $1, $3); } | arth RSH arth { $$ = Argusgen_arth(BPF_RSH, $1, $3); } | '-' arth %prec UMINUS { $$ = Argusgen_neg($2); } | paren narth ')' { $$ = $2; } | LEN { $$ = Argusgen_loadlen(); } ; byteop: '&' { $$ = '&'; } | '|' { $$ = '|'; } | '<' { $$ = '<'; } | '>' { $$ = '>'; } | '=' { $$ = '='; } ; pnum: NUM | paren pnum ')' { $$ = $2; } ; %% argus-2.0.6.fixes.1/common/scanner.l0000775000076600007660000001255110016412624012714 %{ /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #include #include #include #include #include #include #include #include extern void ArgusLog (int, char *, ...); #ifndef __GNUC__ #define inline #endif int argus_lex(void); static int stoi(char *); static inline int xdtoi(int); #ifdef FLEX_SCANNER #define YY_NO_UNPUT static YY_BUFFER_STATE in_buffer; #else static char *in_buffer; #undef getc #define getc(fp) (*in_buffer == 0 ? EOF : *in_buffer++) #endif #define yylval argus_lval extern YYSTYPE yylval; %} N ([0-9]+|(0X|0x)[0-9A-Fa-f]+) B ([0-9A-Fa-f][0-9A-Fa-f]?) %a 3000 %% dst return DST; src return SRC; link|ether|ppp|slip return LINK; fddi return LINK; arp return ARP; rarp return RARP; ip return IP; tcp return TCP; udp return UDP; rtp return RTP; esp return ESP; man return MAN; icmp return ICMP; igmp return IGMP; mpls return MPLS; vlan return VLAN; test return TEST; host return HOST; net return NET; mask return MASK; port return PORT; proto return PROTO; ttl return TTL; tos return TOS; gateway return GATEWAY; byte return BYTE; broadcast return TK_BROADCAST; multicast return TK_MULTICAST; and|"&&" return AND; or|"||" return OR; not return '!'; len|length return LEN; inbound return INBOUND; outbound return OUTBOUND; syn return SYN; synack return SYNACK; data return DATA; fin return FIN; finack return FINACK; reset return RESET; normal return NORMAL; wait return WAIT; timeout return TIMEDOUT; est return ESTABLISHED; con return CONNECTED; ecn return ECN; drop return RETRANS; retrans return RETRANS; multipath return MULTIPATH; mpath return MULTIPATH; winshut return WINSHUT; frag return FRAG; fragonly return FRAG_ONLY; echo return ICMPECHO; unreach return UNREACH; redirect return REDIRECT; timexed return TIMEXED; [ \n\t] ; [+\-*/:\[\]!<>()&|=] return yytext[0]; ">=" return GEQ; "<=" return LEQ; "!=" return NEQ; "==" return '='; "<<" return LSH; ">>" return RSH; {N} { yylval.i = stoi((char *)yytext); return NUM; } ({N}\.{N})|({N}\.{N}\.{N})|({N}\.{N}\.{N}\.{N}) { yylval.s = Argussdup((char *)yytext); return HID; } {B}:{B}:{B}:{B}:{B}:{B} { yylval.e = argus_ether_aton((char *)yytext); return EID; } {B}:+({B}:+)+ { ArgusLog(LOG_ERR, "bogus ethernet address %s", yytext); } [A-Za-z0-9][-_.A-Za-z0-9]*[.A-Za-z0-9] { yylval.s = Argussdup((char *)yytext); return ID; } "\\"[^ !()\n\t]+ { yylval.s = Argussdup((char *)yytext + 1); return ID; } [^ \[\]\t\n\-_.A-Za-z0-9!<>()&|=]+i { ArgusLog(LOG_ERR, "illegal token: %s\n", yytext); } . { ArgusLog (LOG_ERR, "illegal char '%c'", *yytext); } %% void argus_lex_init(char *buf) { #ifdef FLEX_SCANNER in_buffer = yy_scan_string(buf); #else in_buffer = buf; #endif } /* * Also define a yywrap. Note that if we're using flex, it will * define a macro to map this identifier to pcap_wrap. */ int yywrap() { return 1; } /* Hex digit to integer. */ static inline int xdtoi(c) int c; { if (isdigit(c)) return c - '0'; else if (islower(c)) return c - 'a' + 10; else return c - 'A' + 10; } /* * Convert string to integer. Just like atoi(), but checks for * preceding 0x or 0 and uses hex or octal instead of decimal. */ static int stoi(s) char *s; { int base = 10; int n = 0; if (*s == '0') { if (s[1] == 'x' || s[1] == 'X') { s += 2; base = 16; } else { base = 8; s += 1; } } while (*s) n = n * base + xdtoi(*s++); return n; } argus-2.0.6.fixes.1/server/0000775000076600007660000000000010047733611011203 5argus-2.0.6.fixes.1/server/ArgusAuth.c0000775000076600007660000002545410016412624013201 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 2000 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* * * modified by Carter Bullard * QoSient, LLC * */ #ifndef ArgusSasl #define ArgusSasl #endif #include #include #include int ArgusAuthenticateClient (struct ArgusClientData *); int ArgusGetSaslString(FILE *, char *, int); int ArgusSendSaslString(FILE *, const char *, int); extern struct ArgusSocketStruct *ArgusOutputSocket; extern struct ArgusRecord ArgusInitMar; #if defined(HAVE_SOLARIS) extern int getdomainname(char *name, size_t len); #endif int ArgusAuthenticateClient (struct ArgusClientData *client) { int retn = 1; #ifdef ARGUS_SASL #define SASL_SEC_MASK 0x0fff struct sockaddr_in localaddr, remoteaddr; const char *errstr; char localhostname[1024]; sasl_conn_t *conn = NULL; char buf[8192], chosenmech[128], *data; int len, mechanismNum, salen, maxbufprops = 4096; sasl_security_properties_t secprops; sasl_external_properties_t extprops; int SASLOpts = (SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS); FILE *in, *out; #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusAuthenticateClient: SASL enabled\n"); #endif gethostname(localhostname, 1024); if (!strchr (localhostname, '.')) { strcat (localhostname, "."); getdomainname (&localhostname[strlen(localhostname)], 1024 - strlen(localhostname)); } if ((retn = sasl_server_init(NULL, "argus")) != SASL_OK) ArgusLog (LOG_ERR, "ArgusAuthenticateClient: sasl_server_init %d", retn); if ((retn = sasl_server_new("argus", localhostname, NULL, NULL, SASL_SECURITY_LAYER, &client->sasl_conn)) != SASL_OK) ArgusLog (LOG_ERR, "ArgusAuthenticateClient: sasl_server_init %d", retn); conn = client->sasl_conn; /* set required security properties here */ secprops.min_ssf = 0; secprops.max_ssf = 45; secprops.security_flags = SASLOpts & SASL_SEC_MASK; sasl_setprop(conn, SASL_SEC_PROPS, &secprops); /* set external properties here */ extprops.ssf = 0; extprops.auth_id = NULL; sasl_setprop(conn, SASL_SSF_EXTERNAL, &extprops); sasl_setprop(conn, SASL_MAXOUTBUF, &maxbufprops); /* set ip addresses */ salen = sizeof(localaddr); if (getsockname(client->fd, (struct sockaddr *)&localaddr, &salen) < 0) ArgusLog (LOG_ERR, "getsockname"); salen = sizeof(remoteaddr); if (getpeername(client->fd, (struct sockaddr *)&remoteaddr, &salen) < 0) ArgusLog (LOG_ERR, "getpeername"); if ((retn = sasl_setprop(conn, SASL_IP_LOCAL, &localaddr)) != SASL_OK) ArgusLog (LOG_ERR, "ArgusAuthenticateClient: Error setting local IP address"); if ((retn = sasl_setprop(conn, SASL_IP_REMOTE, &remoteaddr)) != SASL_OK) ArgusLog (LOG_ERR, "ArgusAuthenticateClient: Error setting remote IP address"); if ((retn = sasl_listmech(conn, NULL, "{", ", ", "}", &data, &len, &mechanismNum)) != SASL_OK) ArgusLog (LOG_ERR, "ArgusAuthenticateClient: Error generating mechanism list"); ArgusInitMar.ahdr.status |= ARGUS_SASL_AUTHENTICATE; #endif if ((retn = ArgusWriteSocket (ArgusOutputSocket, (unsigned char *)&ArgusInitMar, ntohs(ArgusInitMar.ahdr.length))) < 0) ArgusLog (LOG_ERR, "ArgusAuthenticateClient: ArgusWriteSocket failed %d\n"); #ifdef ARGUS_SASL if ((in = fdopen (client->fd, "r")) < 0) ArgusLog (LOG_ERR, "ArgusAuthenticateClient: fdopen() error %s", strerror(errno)); if ((out = fdopen (client->fd, "w")) < 0) ArgusLog (LOG_ERR, "ArgusAuthenticateClient: fdopen() error %s", strerror(errno)); ArgusSendSaslString (out, data, len); if (mechanismNum <= 0) { #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusAuthenticateClient: No SASL Mechanisms\n", len); #endif fputc ('N', out); fflush(out); return -1; } if ((len = ArgusGetSaslString (in, chosenmech, sizeof(chosenmech))) <= 0) { #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusAuthenticateClient: Error ArgusGetSaslString returned %d\n", len); #endif fputc ('N', out); fflush(out); return -1; } /* receive initial response (if any) */ len = ArgusGetSaslString(in, buf, sizeof(buf)); /* start libsasl negotiation */ retn = sasl_server_start(conn, chosenmech, buf, len, &data, &len, &errstr); if ((retn != SASL_OK) && (retn != SASL_CONTINUE)) { fputc('N', out); /* send NO to client */ fflush(out); ArgusLog (LOG_ERR, "ArgusAuthenticateClient: Error starting SASL negotiation"); } while (retn == SASL_CONTINUE) { if (data) { #ifdef ARGUSDEBUG ArgusDebug(2, "sending response length %d...\n", len); #endif fputc('C', out); /* send CONTINUE to client */ ArgusSendSaslString(out, data, len); free(data); } else { #ifdef ARGUSDEBUG ArgusDebug(2, "sending null response...\n"); #endif fputc('C', out); /* send CONTINUE to client */ ArgusSendSaslString(out, "", 0); } #ifdef ARGUSDEBUG ArgusDebug(2, "waiting for client reply...\n"); #endif len = ArgusGetSaslString(in, buf, sizeof buf); if (len < 0) { #ifdef ARGUSDEBUG ArgusDebug(2, "client disconnected ...\n"); #endif return -1; } retn = sasl_server_step(conn, buf, len, &data, &len, &errstr); if ((retn != SASL_OK) && (retn != SASL_CONTINUE)) { fputc('N', out); /* send NO to client */ fflush(out); #ifdef ARGUSDEBUG ArgusDebug(2, "Authentication failed\n"); #endif return -1; } } retn = 1; fputc('O', out); /* send OK to client */ fflush(out); #endif #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusAuthenticateClient() returning %d\n", retn); #endif return (retn); } #ifdef ARGUS_SASL #include #include #include #include #include /* send/recv library for IMAP4 style literals. */ int ArgusSendSaslString(FILE *f, const char *s, int l) { int al; #ifdef ARGUSDEBUG int debug = 3; #endif al = fprintf(f, "{%d}\r\n", l); fwrite(s, 1, l, f); fflush(f); #ifdef ARGUSDEBUG ArgusDebug (debug, "ArgusSendSaslString(0x%x, 0x%x, %d)\n", f, s, l); if (debug <= Argusdflag) { while (l--) { if (isprint((unsigned char) *s)) { printf("%c ", *s); } else { printf("%x ", (unsigned char) *s); } s++; } printf("\n"); } #endif return al; } int ArgusGetSaslString(FILE *f, char *buf, int buflen) { int c, len, l = buflen; char *s = buf; #ifdef ARGUSDEBUG int debug = 3; #endif if (ferror(f)) clearerr(f); while ((c = fgetc(f)) != '{') { if (feof(f)) { #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusGetSaslString(0x%x, 0x%x, %d) EOF\n", f, s, l); #endif return -1; } if (ferror(f)) { clearerr(f); usleep(100); } } if (c != '{') { #ifdef ARGUSDEBUG ArgusDebug (debug, "ArgusGetSaslString(0x%x, 0x%x, %d) expect '{' received 0x%x\n", f, s, l, c); #endif return -1; } /* read length */ len = 0; c = fgetc(f); while (isdigit(c)) { len = len * 10 + (c - '0'); c = fgetc(f); } if (c != '}') { #ifdef ARGUSDEBUG ArgusDebug (debug, "ArgusGetSaslString(0x%x, 0x%x, %d) expect '}' received 0x%x\n", f, s, l, c); #endif return -1; } c = fgetc(f); if (c != '\r') { #ifdef ARGUSDEBUG ArgusDebug (debug, "ArgusGetSaslString(0x%x, 0x%x, %d) expect '\\r' received 0x%x\n", f, s, l, c); #endif return -1; } c = fgetc(f); if (c != '\n') { #ifdef ARGUSDEBUG ArgusDebug (debug, "ArgusGetSaslString(0x%x, 0x%x, %d) expect '\\n' received 0x%x\n", f, s, l, c); #endif return -1; } /* read string */ if (buflen <= len) { fread(buf, buflen - 1, 1, f); buf[buflen - 1] = '\0'; /* discard oversized string */ len -= buflen - 1; while (len--) (void)fgetc(f); len = buflen - 1; } else { fread(buf, len, 1, f); buf[len] = '\0'; } l = len; s = buf; #ifdef ARGUSDEBUG ArgusDebug (debug, "ArgusGetSaslString(0x%x, 0x%x, %d)\n", f, s, l); if (debug <= Argusdflag) { while (l--) { if (isprint((unsigned char) *s)) { printf("%c ", *s); } else { printf("%X ", (unsigned char) *s); } s++; } printf("\n"); } #endif return len; } #endif argus-2.0.6.fixes.1/server/ArgusModeler.c0000775000076600007660000016362410044512474013676 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1993, 1994 Carnegie Mellon University. * All rights reserved. * * Permission to use, copy, modify, and distribute this software and * its documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and * that both that copyright notice and this permission notice appear * in supporting documentation, and that the name of CMU not be * used in advertising or publicity pertaining to distribution of the * software without specific, written prior permission. * * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. * */ /* ArgusModeler.c * * Written by Carter Bullard * QoSient, LLC * Mon Aug 7 14:48:26 EDT 2000 * */ #ifndef ArgusModeler #define ArgusModeler #endif #include #include #include #include struct ArgusModelerStruct * ArgusNewModeler() { struct ArgusModelerStruct *retn = NULL; struct argtimeval tvpbuf, *tvp = &tvpbuf; if ((retn = (struct ArgusModelerStruct *) ArgusCalloc (1, sizeof (struct ArgusModelerStruct))) != NULL) { gettimeofday (tvp, 0L); ArgusGlobalTime = *tvp; } #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusNewModeler() returning 0x%x\n", retn); #endif return (retn); } void ArgusInitModeler() { if ((ArgusHashTable.array = (struct ArgusHashTableHeader **) ArgusCalloc (ARGUS_HASHTABLESIZE, sizeof (struct ArgusHashTableHeader *))) != NULL) { ArgusHashTable.size = ARGUS_HASHTABLESIZE; } else ArgusLog (LOG_ERR, "ArgusInitModeler () ArgusCalloc error %s\n", strerror(errno)); ArgusModelerOutputSocket = ArgusNewSocket(ArgusOutputPipe[CLIENTSIDE]); ArgusFlowQueue = ArgusNewQueue(); #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusInitModeler(): ArgusHashArray 0x%x\n", ArgusHashTable.array); #endif } void ArgusDeleteModeler() { ArgusModelerCleanUp (); ArgusDeleteQueue (ArgusFlowQueue); if (ArgusModel) ArgusFree(ArgusModel); if (ArgusHashTable.array) ArgusFree(ArgusHashTable.array); if (ArgusModelerOutputSocket) { while (ArgusModelerOutputSocket->ArgusOutputList->count) if (ArgusWriteOutSocket(ArgusModelerOutputSocket) < 0) break; } #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusDeleteModeler() ArgusModeler 0x%x, HashArray 0x%x\n", ArgusModel, ArgusHashTable.array); #endif } #include #if !defined(__OpenBSD__) #include #endif struct llc ArgusThisLLCBuffer; struct llc *ArgusThisLLC = &ArgusThisLLCBuffer; struct ether_header *ArgusProcessISL (struct ether_header *, int); void ArgusProcessIpxHdr (struct ether_header *, int); void ArgusProcessNetbeuiHdr (struct ether_header *, int); void ArgusProcessNetbiosHdr (struct ether_header *, int); void ArgusProcessIsoclnsHdr (struct ether_header *, int); #define ARGUS_IPX_TAG 100 void ArgusProcessIpxHdr (struct ether_header *ep, int length) { ArgusThisNetworkFlowType |= ARGUS_IPX_TAG; } #define ARGUS_ISL_ETHERHDR_LEN 26 struct ether_header * ArgusProcessISL (struct ether_header *ep, int length) { struct ether_header *retn = NULL; int type = (((unsigned char *)ep)[5] >> 4) & 0x0F; #define ARGUS_TYPE_ETHER 0x0 #define ARGUS_TYPE_TR 0x0 #define ARGUS_TYPE_FDDI 0x2 #define ARGUS_TYPE_ATM 0x3 switch (type) { case ARGUS_TYPE_ETHER: ep = (struct ether_header *) ((unsigned char *)ep + ARGUS_ISL_ETHERHDR_LEN); return (ArgusProcessEtherHdr(ep, length - ARGUS_ISL_ETHERHDR_LEN)); } return (retn); } void ArgusProcessNetbeuiHdr (struct ether_header *ep, int length) { } void ArgusProcessNetbiosHdr (struct ether_header *ep, int length) { } #define ARGUS_CLNS 129 #define ARGUS_ESIS 130 #define ARGUS_ISIS 131 #define ARGUS_NULLNS 132 void ArgusProcessIsoclnsHdr (struct ether_header *ep, int length) { unsigned char *ptr = (unsigned char *)ep; ptr += 3; switch (*ptr) { case ARGUS_CLNS: ArgusThisNetworkFlowType |= ARGUS_CLNS; break; case ARGUS_ESIS: ArgusThisNetworkFlowType |= ARGUS_ESIS; break; case ARGUS_ISIS: ArgusThisNetworkFlowType |= ARGUS_ISIS; break; case 0: ArgusThisNetworkFlowType |= ARGUS_NULLNS; break; default: ArgusThisNetworkFlowType |= ARGUS_CLNS; break; } ArgusThisLength -= sizeof(struct llc); ArgusSnapLength -= sizeof(struct llc); ArgusThisUpHdr = (ptr + sizeof(struct llc)); ArgusThisPacketLLCEncaps++; } unsigned short ArgusDiscoverNetworkProtocol (unsigned char *ptr) { unsigned short retn = ETHERTYPE_MPLS; struct ip *ip; if ((ip = (struct ip *) ptr) != NULL) { if (((ip->ip_v == 4) && (ip->ip_hl >= 5)) && (ntohs(ip->ip_len) >= 20)) { retn = ETHERTYPE_IP; } } return (retn); } void ArgusParseMPLSLabel (unsigned char *ptr, unsigned int *label, unsigned char *exp, unsigned char *bos, unsigned char *ttl) { *label = (ptr[0] << 12) | (ptr[1] << 4) | ((ptr[2] >> 4) & 0xff); *exp = (ptr[2] >> 1) & 0x07; *bos = (ptr[2] & 0x01); *ttl = ptr[3]; } struct ether_header * ArgusProcessEtherHdr (struct ether_header *ep, int length) { unsigned char *ptr; struct ether_header *retn = ep; unsigned short proto; int len = sizeof(struct ether_header); #ifdef _LITTLE_ENDIAN ep->ether_type = ntohs (ep->ether_type); #endif ArgusThisPacketLLCEncaps = 0; ArgusThisPacketMPLSEncaps = 0; ArgusThisPacket8021QEncaps = 0; ArgusThisPacketPPPoEEncaps = 0; length -= len; ArgusThisLength -= len; ArgusSnapLength -= len; ArgusThisNetworkFlowType = ep->ether_type; ArgusThisUpHdr = (unsigned char *) (ep + 1); ArgusThisMac->type = ARGUS_MAC_DSR; ArgusThisMac->length = sizeof(*ArgusThisMac); ArgusThisMac->status = ep->ether_type; bcopy((char *)&ep->ether_shost, (char *)&ArgusThisMac->phys_union.ether.ethersrc, 6); bcopy((char *)&ep->ether_dhost, (char *)&ArgusThisMac->phys_union.ether.etherdst, 6); switch (ArgusThisNetworkFlowType) { case ETHERTYPE_PPPOED: case ETHERTYPE_PPPOES: { #define PPPOE_HDRLEN 6 #define PPP_IP 0x0021 const u_char *pppoe; unsigned short ptype; pppoe = ArgusThisUpHdr; ArgusThisUpHdr += PPPOE_HDRLEN; ArgusThisLength -= PPPOE_HDRLEN; ArgusSnapLength -= PPPOE_HDRLEN; ArgusThisPacketPPPoEEncaps++; if (!(pppoe[1])) { if ((ptype = ntohs(*(u_short *)ArgusThisUpHdr)) == PPP_IP) { ArgusThisNetworkFlowType = ETHERTYPE_IP; ArgusThisUpHdr += 2; ArgusThisLength -= 2; ArgusSnapLength -= 2; } } break; } case ETHERTYPE_MPLS_MULTI: case ETHERTYPE_MPLS: { unsigned int label, first = 1; unsigned char exp, bos = 0, ttl; while (!(bos)) { ArgusParseMPLSLabel (ArgusThisUpHdr, &label, &exp, &bos, &ttl); ArgusThisUpHdr += 4; ArgusThisLength -= 4; ArgusSnapLength -= 4; if (first) { first = 0; ArgusThisPacketMPLSLabel = label; } } ArgusThisNetworkFlowType = ArgusDiscoverNetworkProtocol(ArgusThisUpHdr); ArgusThisPacketMPLSEncaps++; break; } case ETHERTYPE_8021Q: { ArgusThisNetworkFlowType = ntohs(*(unsigned short *)(ArgusThisUpHdr + 2)); ArgusThisPacket8021QEncaps = ntohs(*(unsigned short *)(ArgusThisUpHdr)); ArgusThisUpHdr += 4; ArgusThisLength -= 4; ArgusSnapLength -= 4; break; } } if ((proto = (ArgusThisNetworkFlowType & 0xFFFF)) <= ETHERMTU) { /* 802.3 Encapsulation */ struct llc *llc = NULL; unsigned short ether_type = 0; ptr = (unsigned char *) ArgusThisUpHdr; if (ptr[0] == 0x01 && ptr[1] == 0x00 && ptr[2] == 0x0C && ptr[3] == 0x00 && ptr[4] == 0x00) { return (ArgusProcessISL (ep, length)); } llc = (struct llc *) ptr; if (STRUCTCAPTURED(*llc)) { ArgusThisPacketLLCEncaps++; retn = ep; llc = ArgusThisLLC; bcopy((char *) ptr, (char *) llc, sizeof (struct llc)); if (llc->ssap == LLCSAP_GLOBAL && llc->dsap == LLCSAP_GLOBAL) { ArgusProcessIpxHdr (ep, length); return (retn); } if ((((u_char *)ep)[0] == 0xf0) && (((u_char *)ep)[1] == 0xf0)) { ArgusProcessNetbeuiHdr (ep, length); return (retn); } if ((llc->ssap == LLCSAP_ISONS) && (llc->dsap == LLCSAP_ISONS) && (llc->llcui == LLC_UI)) { ArgusProcessIsoclnsHdr((struct ether_header *)ptr, length); return (retn); } if ((llc->ssap == LLCSAP_SNAP) && (llc->dsap == LLCSAP_SNAP)) { if (llc->llcui == LLC_UI) { ((unsigned char *)ðer_type)[0] = ((unsigned char *)&llc->ethertype)[0]; ((unsigned char *)ðer_type)[1] = ((unsigned char *)&llc->ethertype)[1]; ArgusThisNetworkFlowType = ntohs (ether_type); ArgusThisLength -= sizeof(struct llc); ArgusSnapLength -= sizeof(struct llc); ArgusThisUpHdr = (ptr + sizeof(struct llc)); switch (ArgusThisNetworkFlowType) { case ETHERTYPE_8021Q: ArgusThisNetworkFlowType = ntohs(*(unsigned short *)(ArgusThisUpHdr + 2)); ArgusThisPacket8021QEncaps = ntohs(*(unsigned short *)(ArgusThisUpHdr)); ArgusThisUpHdr += 4; ArgusThisLength -= 4; ArgusSnapLength -= 4; } } else { } } else { if ((llc->llcu & LLC_U_FMT) == LLC_U_FMT) { ArgusThisUpHdr += 3; ArgusThisLength -= 3; ArgusSnapLength -= 3; if ((llc->llcu & ~LLC_U_POLL) == LLC_XID) { if (*ArgusThisUpHdr == LLC_XID_FI) { ArgusThisUpHdr += 3; ArgusThisLength -= 3; ArgusSnapLength -= 3; } } } else { ArgusThisUpHdr += 4; ArgusThisLength -= 4; ArgusSnapLength -= 4; } } } } #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusProcessEtherHdr(0x%x, %d) returning 0x%x\n", ep, length, retn); #endif return (retn); } extern int ArgusShutDownFlag; int ArgusProcessIpPacket (struct ip *ip, int length, struct timeval *tvp) { int retn = 0; struct ArgusFlowStruct *flow; ArgusThisPacketLLCEncaps = 0; ArgusThisPacketMPLSEncaps = 0; ArgusThisPacket8021QEncaps = 0; ArgusThisPacketPPPoEEncaps = 0; ArgusThisNetworkFlowType = ETHERTYPE_IP; if (!(length) && !(tvp) && !(ip)) ArgusModelerCleanUp (); else { if (ArgusUpdateTime()) ArgusSystemTimeout(); ArgusInterface[ArgusInterfaceIndex].ArgusTotalBytes += length; ArgusThisBytes = length; if (ip) { ArgusInterface[ArgusInterfaceIndex].ArgusTotalPkts++; if (STRUCTCAPTURED(*ip)) { ArgusInterface[ArgusInterfaceIndex].ArgusTotalIPPkts++; if (ArgusCreateIPFlow (ip)) { if ((flow = ArgusFindFlow ()) != NULL) { ArgusUpdateFlow (flow, ARGUS_STATUS); } else { flow = ArgusNewFlow(); } } } } } if ((retn = ArgusWriteOutSocket(ArgusModelerOutputSocket)) < 0) { #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusProcessIpPacket() ArgusWriteOutSocket returned %d\n", retn); ArgusDebug (1, "Shutting Down\n"); #endif ArgusLog (LOG_WARNING, "ArgusProcessIpPacket: ArgusWriteOutSocket Failed to Multiplexor. Shuting Down\n"); ArgusShutDownFlag++; } if (ArgusShutDownFlag) ArgusShutDown(0); #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusProcessIpPacket(0x%x, %d, 0x%x) returning %d\n", ip, length, tvp, retn); #endif return (retn); } int ArgusLogThisPacket = 1; int ArgusProcessPacket (struct ether_header *ep, int length, struct timeval *tvp) { int retn = 0; struct ArgusFlowStruct *flow; ArgusTotalPacket++; if (!(length) && !(tvp) && !(ep)) ArgusModelerCleanUp (); else { if (ArgusUpdateTime()) ArgusSystemTimeout(); if (ep) { ArgusThisIpHdr = NULL; ArgusThisUpHdr = NULL; if (ArgusInterface[ArgusInterfaceIndex].ArgusTotalPkts++ == 0) #ifndef ARGUSPERFMETRICS ArgusStartTime = ArgusGlobalTime; #else gettimeofday (&ArgusStartTime, 0L); #endif ArgusInterface[ArgusInterfaceIndex].ArgusTotalBytes += length; ArgusThisBytes = length; if (STRUCTCAPTURED(*ep)) { if ((ArgusThisEpHdr = ArgusProcessEtherHdr (ep, ArgusThisLength)) != NULL) { if (ArgusCreateFlow (ArgusThisEpHdr, ArgusThisLength)) { if ((flow = ArgusFindFlow ()) != NULL) { ArgusUpdateFlow (flow, ARGUS_STATUS); } else flow = ArgusNewFlow(); } } } } } if ((retn = ArgusWriteOutSocket(ArgusModelerOutputSocket)) < 0) { #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusProcessPacket() ArgusWriteOutSocket returned %d\n", retn); ArgusDebug (1, "Shuting Down\n"); #endif ArgusLog (LOG_WARNING, "ArgusProcessPacket () ArgusWriteOutSocket Failed to Multiplexor. Shuting Down\n"); ArgusShutDownFlag++; } if (ArgusShutDownFlag) ArgusShutDown(0); retn = ArgusLogThisPacket; #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusProcessPacket(0x%x, %d, 0x%x) returning %d\n", ep, length, tvp, retn); #endif return (retn); } int ArgusGenerateStartRecords = 0; struct ArgusFlowStruct * ArgusNewFlow () { struct ArgusFlowStruct *retn = NULL; int ArgusTimeout = 0; ArgusTotalNewFlows++; switch (ArgusThisNetworkFlowType & 0xFFFF) { case ETHERTYPE_IP: if (ArgusThisIpHdr->ip_off & 0x1fff) { retn = ArgusNewFragFlow(); } else { ArgusTimeout = ARGUS_INITIMEOUT; ArgusTotalIPFlows++; } break; case ETHERTYPE_ARP: case ETHERTYPE_REVARP: ArgusTimeout = ARGUS_ARPTIMEOUT; default: ArgusTotalNonIPFlows++; ArgusTimeout = ARGUS_OTHERTIMEOUT; break; } if (retn == NULL) { if ((retn = (struct ArgusFlowStruct *) ArgusCalloc (1, sizeof(*retn))) != NULL) { retn->ArgusTimeout = ArgusTimeout; retn->ArgusTransactionNum = ArgusTransactionNum++; retn->state.rev = ArgusThisDir; retn->state.src.idle.min = 0x7FFFFFFF; retn->state.dst.idle.min = 0x7FFFFFFF; retn->state.src.active.min = 0x7FFFFFFF; retn->state.dst.active.min = 0x7FFFFFFF; retn->state.startime = ArgusGlobalTime; retn->state.lasttime = ArgusGlobalTime; retn->qhdr.lasttime = ArgusGlobalTime; retn->qhdr.logtime = ArgusGlobalTime; bcopy((char *) ArgusThisFlow, (char *)&retn->flow, sizeof (*ArgusThisFlow)); retn->ArgusFlowType = ArgusThisNetworkFlowType; if (ArgusThisPacketLLCEncaps) retn->ArgusFlowType |= ARGUS_SNAPENCAPS; if (ArgusThisPacketMPLSEncaps) retn->ArgusFlowType |= ARGUS_MPLS; if (ArgusThisPacket8021QEncaps) retn->ArgusFlowType |= ARGUS_VLAN; if (ArgusThisPacketPPPoEEncaps) retn->ArgusFlowType |= ARGUS_PPPoE; if ((retn->htblhdr = ArgusAddHashEntry (retn)) != NULL) ArgusAddToQueue(ArgusFlowQueue, retn); else ArgusLog (LOG_ERR, "ArgusNewFlow() ArgusAddHashEntry error %s.\n", strerror(errno)); } else ArgusLog (LOG_ERR, "ArgusNewFlow() ArgusCalloc error %s.\n", strerror(errno)); } ArgusUpdateFlow (retn, ARGUS_START); if (ArgusGenerateStartRecords) ArgusSendFlowRecord(retn, ARGUS_START); #ifdef ARGUSDEBUG ArgusDebug (4, "ArgusNewFlow() returning 0x%x\n", retn); #endif return (retn); } void ArgusUpdateFlow (struct ArgusFlowStruct *flowstr, unsigned char state) { int ArgusCurrLength = ArgusThisLength; ArgusTotalUpdates++; ArgusCheckTimeout (flowstr); if (flowstr->state.startime.tv_sec == 0) { flowstr->state.startime = ArgusGlobalTime; flowstr->qhdr.logtime = ArgusGlobalTime; } if (getArgusmflag()) { struct ArgusMacStruct *mac; if ((mac = flowstr->MacDSRBuffer) == NULL) { if ((mac = (struct ArgusMacStruct *) ArgusCalloc (1, sizeof (struct ArgusMacStruct))) != NULL) { if (flowstr->state.rev == ArgusThisDir) { bcopy ((char *) ArgusThisMac, (char *) mac, sizeof (*mac)); } else { mac->type = ArgusThisMac->type; mac->length = ArgusThisMac->length; mac->status = ArgusThisMac->status; bcopy ((char *)&ArgusThisMac->phys_union.ether.ethersrc, (char *)&mac->phys_union.ether.etherdst, sizeof (*mac->phys_union.ether.etherdst)); bcopy ((char *)&ArgusThisMac->phys_union.ether.etherdst, (char *)&mac->phys_union.ether.ethersrc, sizeof (*mac->phys_union.ether.ethersrc)); } flowstr->MacDSRBuffer = (void *) mac; } } else { if (flowstr->state.rev == ArgusThisDir) { if ((bcmp ((char *) ArgusThisMac, (char *) mac, sizeof (*mac)))) { bcopy ((char *) ArgusThisMac, (char *) mac, sizeof (*mac)); flowstr->state.status |= ARGUS_MULTIADDR; } } else { if ((mac->status != ArgusThisMac->status) || (bcmp ((char *)&ArgusThisMac->phys_union.ether.ethersrc, (char *)&mac->phys_union.ether.etherdst, sizeof (*mac->phys_union.ether.etherdst))) || (bcmp ((char *)&ArgusThisMac->phys_union.ether.etherdst, (char *)&mac->phys_union.ether.ethersrc, sizeof (*mac->phys_union.ether.ethersrc)))) { mac->status = ArgusThisMac->status; bcopy ((char *)&ArgusThisMac->phys_union.ether.ethersrc, (char *)&mac->phys_union.ether.etherdst, sizeof (*mac->phys_union.ether.etherdst)); bcopy ((char *)&ArgusThisMac->phys_union.ether.etherdst, (char *)&mac->phys_union.ether.ethersrc, sizeof (*mac->phys_union.ether.ethersrc)); flowstr->state.status |= ARGUS_MULTIADDR; } } } } if (ArgusThisPacketMPLSEncaps) { struct ArgusMplsStruct *mpls = NULL; unsigned int *ArgusThisMpls = NULL; unsigned short ArgusThisStatus, ArgusMplsStatus; unsigned short ArgusChangeStatus; if ((mpls = (struct ArgusMplsStruct *) flowstr->MplsDSRBuffer) == NULL) { if ((mpls = (struct ArgusMplsStruct *) ArgusCalloc (1, sizeof(struct ArgusMplsStruct))) != NULL) { mpls->type = ARGUS_MPLS_DSR; mpls->length = sizeof(mpls); flowstr->MplsDSRBuffer = mpls; } } if (flowstr->state.rev == ArgusThisDir) { ArgusThisMpls = &mpls->slabel; ArgusThisStatus = mpls->status & (ARGUS_SRC_CHANGED | ARGUS_SRC_VLAN); ArgusMplsStatus = ARGUS_SRC_VLAN; ArgusChangeStatus = ARGUS_SRC_CHANGED; } else { ArgusThisMpls = &mpls->dlabel; ArgusThisStatus = mpls->status & (ARGUS_DST_CHANGED | ARGUS_DST_VLAN); ArgusMplsStatus = ARGUS_DST_VLAN; ArgusChangeStatus = ARGUS_DST_CHANGED; } if (mpls->status & ArgusMplsStatus) { if (*ArgusThisMpls != ArgusThisPacketMPLSLabel) { mpls->status |= ArgusChangeStatus; *ArgusThisMpls = ArgusThisPacketMPLSLabel; } } else { mpls->status |= ArgusMplsStatus; *ArgusThisMpls = ArgusThisPacketMPLSLabel; } } if (ArgusThisPacket8021QEncaps) { struct ArgusVlanStruct *vlan = NULL; unsigned short *ArgusThisVlan = NULL; unsigned short ArgusThisStatus, ArgusVlanStatus; unsigned short ArgusChangeStatus; if ((vlan = (struct ArgusVlanStruct *) flowstr->VlanDSRBuffer) == NULL) { if ((vlan = (struct ArgusVlanStruct *) ArgusCalloc (1, sizeof(struct ArgusVlanStruct))) != NULL) { vlan->type = ARGUS_VLAN_DSR; vlan->length = sizeof(*vlan); flowstr->VlanDSRBuffer = vlan; } } if (flowstr->state.rev == ArgusThisDir) { ArgusThisVlan = &vlan->sid; ArgusThisStatus = vlan->status & (ARGUS_SRC_CHANGED | ARGUS_SRC_VLAN); ArgusVlanStatus = ARGUS_SRC_VLAN; ArgusChangeStatus = ARGUS_SRC_CHANGED; } else { ArgusThisVlan = &vlan->did; ArgusThisStatus = vlan->status & (ARGUS_DST_CHANGED | ARGUS_DST_VLAN); ArgusVlanStatus = ARGUS_DST_VLAN; ArgusChangeStatus = ARGUS_DST_CHANGED; } if (vlan->status & ArgusVlanStatus) { if (*ArgusThisVlan != ArgusThisPacket8021QEncaps) { vlan->status |= ArgusChangeStatus; *ArgusThisVlan = ArgusThisPacket8021QEncaps; } } else { vlan->status |= ArgusVlanStatus; *ArgusThisVlan = ArgusThisPacket8021QEncaps; } } if ((ArgusGlobalTime.tv_sec < flowstr->state.startime.tv_sec) || ((ArgusGlobalTime.tv_sec == flowstr->state.startime.tv_sec) && (ArgusGlobalTime.tv_usec < flowstr->state.startime.tv_usec))) { if ((flowstr->state.lasttime.tv_sec < flowstr->state.startime.tv_sec) || ((flowstr->state.lasttime.tv_sec == flowstr->state.startime.tv_sec) && (flowstr->state.lasttime.tv_usec < flowstr->state.startime.tv_usec))) { flowstr->state.lasttime = flowstr->state.startime; } flowstr->state.startime = ArgusGlobalTime; } if ((flowstr->state.lasttime.tv_sec < ArgusGlobalTime.tv_sec) || ((flowstr->state.lasttime.tv_sec == ArgusGlobalTime.tv_sec) && (flowstr->state.lasttime.tv_usec < ArgusGlobalTime.tv_usec))) { flowstr->state.lasttime = ArgusGlobalTime; } if ((flowstr->qhdr.lasttime.tv_sec < flowstr->state.lasttime.tv_sec) || ((flowstr->qhdr.lasttime.tv_sec == flowstr->state.lasttime.tv_sec) && (flowstr->qhdr.lasttime.tv_usec < flowstr->state.lasttime.tv_usec))) { flowstr->qhdr.lasttime = flowstr->state.lasttime; } ArgusUpdateState (flowstr, state); if (ArgusThisIpHdr && ((ArgusThisNetworkFlowType & 0xFFFF) == ETHERTYPE_IP)) { if (((ArgusThisIpHdr->ip_off & 0x1fff) == 0) && (ArgusThisIpHdr->ip_off & IP_MF)) { struct ArgusFlowStruct *frag = NULL; ArgusThisLength = ArgusCurrLength; if (ArgusCreateFRAGFlow (ArgusThisIpHdr)) { struct ArgusFragExtensionBuffer *exbuf; if ((frag = ArgusFindFlow ()) == NULL) { if ((frag = ArgusNewFragFlow ()) == NULL) ArgusLog (LOG_ERR, "ArgusNewFragFlow() returned NULL.\n"); } else { if ((exbuf = (struct ArgusFragExtensionBuffer *) frag->FragDSRBuffer) == NULL) { if ((exbuf = (struct ArgusFragExtensionBuffer *) ArgusCalloc (1, sizeof(*exbuf))) != NULL) { frag->FragDSRBuffer = exbuf; bcopy((char *)ArgusThisFlow, (char *)&exbuf->flow, sizeof(*ArgusThisFlow)); } else ArgusLog (LOG_ERR, "ArgusUpdateFlow: ArgusCalloc returned error %s\n", strerror(errno)); } } exbuf = (struct ArgusFragExtensionBuffer *) frag->FragDSRBuffer; flowstr->state.ofragcnt++; exbuf->flowstr = flowstr; bcopy ((char *)&flowstr->flow, (char *)&exbuf->flow, sizeof (*ArgusThisFlow)); if (frag->state.src.count != 0) exbuf->frag.status |= ARGUS_FRAG_OUT_OF_ORDER; state = ARGUS_STATUS; ArgusTallyStats (frag, state); ArgusUpdateFRAGState (frag, &state); } } } #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusUpdateFlow (0x%x, %d) returning\n", flowstr, state); #endif } void ArgusUpdateMACState (struct ArgusFlowStruct *flowstr, unsigned char *state) { } int ArgusUpdateState (struct ArgusFlowStruct *flowstr, unsigned char state) { int retn = 1; struct ArgusFlow *flow; ArgusInProtocol = 1; ArgusUpdateMACState(flowstr, &state); flow = &flowstr->flow; switch (ArgusThisNetworkFlowType & 0xFFFF) { case ETHERTYPE_IP: { if ((flow->ip_flow.ip_p != IPPROTO_ICMP) && (flow->ip_flow.tp_p == ARGUS_FRAG_FLOWTAG)) { ArgusTallyStats (flowstr, state); ArgusUpdateFRAGState (flowstr, &state); } else { switch (flow->ip_flow.ip_p) { case IPPROTO_TCP: ArgusTallyStats (flowstr, state); ArgusUpdateTCPState (flowstr, &state); break; case IPPROTO_UDP: ArgusTallyStats (flowstr, state); ArgusUpdateUDPState (flowstr, &state); break; case IPPROTO_ICMP: ArgusUpdateICMPState (flowstr, &state); break; case IPPROTO_IGMP: { flowstr->ArgusTimeout = ARGUS_IPTIMEOUT; ArgusTallyStats (flowstr, state); ArgusUpdateAppState (flowstr, &state); break; } case IPPROTO_ESP: { ArgusTallyStats (flowstr, state); ArgusUpdateESPState (flowstr, &state); ArgusUpdateAppState (flowstr, &state); break; } default: flowstr->ArgusTimeout = ARGUS_IPTIMEOUT; ArgusTallyStats (flowstr, state); ArgusUpdateAppState (flowstr, &state); break; } } break; } case ETHERTYPE_ARP: case ETHERTYPE_REVARP: ArgusTallyStats (flowstr, state); ArgusUpdateArpState(flowstr, &state); break; default: ArgusTallyStats (flowstr, state); ArgusUpdateAppState(flowstr, &state); break; } #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusUpdateState (0x%x, %d) returning %d\n", flowstr, state, retn); #endif return (retn); } #include void ArgusTallyStats (struct ArgusFlowStruct *flow, unsigned char state) { struct ArgusFlowStats *ArgusThisStats; if (flow->state.rev == ArgusThisDir) ArgusThisStats = &flow->state.src; else ArgusThisStats = &flow->state.dst; if (ArgusThisIpHdr) switch (state) { case ARGUS_START: ArgusThisStats->ttl = ArgusThisIpHdr->ip_ttl; ArgusThisStats->tos = ArgusThisIpHdr->ip_tos; ArgusThisStats->ip_id = ArgusThisIpHdr->ip_id; ArgusThisStats->options = ArgusOptionIndicator; break; default: if (ArgusThisStats->ttl != ArgusThisIpHdr->ip_ttl) { ArgusThisStats->status |= ARGUS_TTL_MODIFIED; ArgusThisStats->ttl = ArgusThisIpHdr->ip_ttl; } if (ArgusThisStats->tos != ArgusThisIpHdr->ip_tos) { ArgusThisStats->status |= ARGUS_TOS_MODIFIED; ArgusThisStats->tos = ArgusThisIpHdr->ip_tos; } if (ArgusThisStats->options != ArgusOptionIndicator) { ArgusThisStats->status |= ARGUS_OPTION_MODIFIED; ArgusThisStats->options = ArgusOptionIndicator; } ArgusThisStats->ip_id = ArgusThisIpHdr->ip_id; break; } if (flow->state.startime.tv_sec == 0) { flow->state.startime = ArgusGlobalTime; flow->state.lasttime = ArgusGlobalTime; } ArgusThisStats->count++; ArgusThisStats->bytes += ArgusThisBytes; flow->state.last = ArgusThisStats; #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusTallyStats (0x%x) returning\n", flow); #endif } void ArgusTallyTime (struct ArgusFlowStruct *flow, unsigned char state) { struct ArgusModelerTime *ArgusThisTime; struct ArgusFlowStats *ArgusThisStats; struct timeval *tvp; unsigned long long interval; if (flow->state.rev == ArgusThisDir) ArgusThisStats = &flow->state.src; else ArgusThisStats = &flow->state.dst; if (ArgusInProtocol) ArgusThisTime = &ArgusThisStats->active; else ArgusThisTime = &ArgusThisStats->idle; if ((ArgusThisStats->lasttime.tv_sec < ArgusGlobalTime.tv_sec) || ((ArgusThisStats->lasttime.tv_sec == ArgusGlobalTime.tv_sec) && (ArgusThisStats->lasttime.tv_usec < ArgusGlobalTime.tv_usec))) { if (ArgusThisStats->lasttime.tv_sec > 0) { if ((interval = ArgusAbsTimeDiff (&ArgusGlobalTime, &ArgusThisStats->lasttime)) > 0) { if ((tvp = getArgusFarReportInterval ()) != NULL) { if (interval < ((tvp->tv_sec * 2000000) + tvp->tv_usec)) { if (ArgusThisTime->min > interval) ArgusThisTime->min = interval; if (ArgusThisTime->max < interval) ArgusThisTime->max = interval; ArgusThisTime->sum += interval; ArgusThisTime->sumsqrd += pow (interval, 2.0); ArgusThisTime->n++; } } } } ArgusThisStats->lasttime = ArgusGlobalTime; } #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusTallyTime (0x%x) returning\n", flow); #endif } #define ARGUS_MAXRECORDSIZE 2048 u_char ArgusOutputBuffer[ARGUS_MAXRECORDSIZE]; struct ArgusRecord * ArgusGenerateFlowRecord (struct ArgusFlowStruct *flow, unsigned char state) { struct ArgusRecord *argus = (struct ArgusRecord *)ArgusOutputBuffer; struct ArgusFlowStats *src, *dst; struct ArgusRecordHeader *arghdr; bzero ((char *)ArgusOutputBuffer, sizeof(ArgusOutputBuffer)); argus->ahdr.type = ARGUS_FAR; argus->ahdr.cause = state; argus->ahdr.length = sizeof(argus->ahdr); argus->ahdr.seqNumber = ArgusOutputSequence++; argus->ahdr.status = flow->ArgusFlowType; argus->ahdr.argusid = getArgusID(); argus->ahdr.status |= getArgusIDType(); argus->argus_far.type = ARGUS_FAR; argus->argus_far.length = sizeof(argus->argus_far); argus->ahdr.length += sizeof(argus->argus_far); if (flow->state.status & ARGUS_CONNECTED) argus->ahdr.status |= ARGUS_CONNECTED; src = &flow->state.src; dst = &flow->state.dst; switch (argus->ahdr.status & 0xFFFF) { case ETHERTYPE_IP: { if (flow->state.status & ARGUS_ICMPUNREACH_MAPPED) argus->argus_far.status |= ARGUS_ICMPUNREACH_MAPPED; if (flow->state.status & ARGUS_ICMPREDIREC_MAPPED) argus->argus_far.status |= ARGUS_ICMPREDIREC_MAPPED; if (flow->state.status & ARGUS_ICMPTIMXCED_MAPPED) argus->argus_far.status |= ARGUS_ICMPTIMXCED_MAPPED; if (flow->state.src.status & ARGUS_FRAGMENTS) argus->argus_far.attr_ip.soptions |= ARGUS_FRAGMENTS; if (flow->state.src.status & ARGUS_FRAGOVERLAP) argus->argus_far.attr_ip.soptions |= ARGUS_FRAGOVERLAP; if (flow->state.dst.status & ARGUS_FRAGMENTS) argus->argus_far.attr_ip.doptions |= ARGUS_FRAGMENTS; if (flow->state.dst.status & ARGUS_FRAGOVERLAP) argus->argus_far.attr_ip.doptions |= ARGUS_FRAGOVERLAP; if (flow->state.src.status & ARGUS_TTL_MODIFIED) argus->argus_far.attr_ip.soptions |= ARGUS_TTL_MODIFIED; if (flow->state.dst.status & ARGUS_TTL_MODIFIED) argus->argus_far.attr_ip.doptions |= ARGUS_TTL_MODIFIED; if (flow->state.src.status & ARGUS_TOS_MODIFIED) argus->argus_far.attr_ip.soptions |= ARGUS_TOS_MODIFIED; if (flow->state.dst.status & ARGUS_TOS_MODIFIED) argus->argus_far.attr_ip.doptions |= ARGUS_TOS_MODIFIED; if (flow->state.src.status & ARGUS_OPTION_MODIFIED) argus->argus_far.attr_ip.soptions |= ARGUS_OPTION_MODIFIED; if (flow->state.dst.status & ARGUS_OPTION_MODIFIED) argus->argus_far.attr_ip.doptions |= ARGUS_OPTION_MODIFIED; argus->argus_far.attr_ip.soptions |= flow->state.src.options; argus->argus_far.attr_ip.doptions |= flow->state.dst.options; if (flow->flow.ip_flow.ip_p != IPPROTO_ICMP) flow->flow.ip_flow.ip_id = flow->state.src.ip_id; argus->argus_far.attr_ip.sttl = src->ttl; argus->argus_far.attr_ip.stos = src->tos; argus->argus_far.attr_ip.dttl = dst->ttl; argus->argus_far.attr_ip.dtos = dst->tos; break; } case ETHERTYPE_ARP: case ETHERTYPE_REVARP: { struct ArgusARPObject *arpobj; if (flow->NetworkDSRBuffer != NULL) { arpobj = (void *) flow->NetworkDSRBuffer; bcopy (arpobj->respaddr, (unsigned char *)&argus->argus_far.attr_arp.response, 6); } break; } } argus->argus_far.ArgusTransRefNum = flow->ArgusTransactionNum; argus->argus_far.time.start = flow->state.startime; argus->argus_far.time.last = flow->state.lasttime; if (flow->FragDSRBuffer) argus->argus_far.flow = ((struct ArgusFragExtensionBuffer *) flow->FragDSRBuffer)->flow; else argus->argus_far.flow = flow->flow; if (flow->state.rev) { unsigned int tmp; if ((argus->ahdr.status & 0xFFFF) == ETHERTYPE_IP) { tmp = argus->argus_far.flow.ip_flow.ip_src; argus->argus_far.flow.ip_flow.ip_src = argus->argus_far.flow.ip_flow.ip_dst; argus->argus_far.flow.ip_flow.ip_dst = tmp; if ((argus->argus_far.flow.ip_flow.ip_p == IPPROTO_TCP) || (argus->argus_far.flow.ip_flow.ip_p == IPPROTO_UDP)) { tmp = argus->argus_far.flow.ip_flow.sport; argus->argus_far.flow.ip_flow.sport = argus->argus_far.flow.ip_flow.dport; argus->argus_far.flow.ip_flow.dport = tmp; } } } argus->argus_far.src.count = src->count; argus->argus_far.dst.count = dst->count; argus->argus_far.src.bytes = src->bytes; argus->argus_far.dst.bytes = dst->bytes; argus->argus_far.src.appbytes = src->appbytes; argus->argus_far.dst.appbytes = dst->appbytes; switch (argus->ahdr.status & 0xFFFF) { case ETHERTYPE_IP: { switch (argus->argus_far.flow.ip_flow.ip_p) { case IPPROTO_TCP: ArgusTCPFlowRecord (flow, argus, state); break; case IPPROTO_UDP: { ArgusUDPFlowRecord (flow, argus, state); break; } case IPPROTO_ICMP: { ArgusICMPFlowRecord (flow, argus, state); break; } case IPPROTO_IGMP: { break; } case IPPROTO_ESP: { ArgusESPFlowRecord (flow, argus, state); break; } default: { arghdr = NULL; break; } } } case ETHERTYPE_ARP: case ETHERTYPE_REVARP: { break; } default: break; } if (flow->MacDSRBuffer) ArgusMacFlowRecord (flow, argus, state); if (flow->VlanDSRBuffer) ArgusVlanFlowRecord (flow, argus, state); if (flow->MplsDSRBuffer) ArgusMplsFlowRecord (flow, argus, state); if (getArgusGenerateTime()) ArgusTimeFlowRecord (flow, argus, state); if (flow->ICMPDSRBuffer) ArgusICMPMappedFlowRecord (flow, argus, state); if (flow->UserDSRBuffer) ArgusUserDataFlowRecord (flow, argus, state); return (argus); } void ArgusSendFlowRecord (struct ArgusFlowStruct *flow, unsigned char state) { struct ArgusRecord *argus; struct ArgusFlowStats *src, *dst; int retn = 0, len = 0; if (ArgusThisIpHdr) if (((ArgusThisIpHdr->ip_off & 0x1fff) == 0) && (ArgusThisIpHdr->ip_off & IP_MF)) { flow->state.status |= ARGUS_SEND_FRAG_COMPLETE; return; } if (flow->state.src.count || flow->state.dst.count) { ArgusTotalRecords++; if ((argus = ArgusGenerateFlowRecord (flow, state)) != NULL) { len = argus->ahdr.length; #ifdef _LITTLE_ENDIAN ArgusHtoN(argus); #endif if ((retn = ArgusWriteSocket(ArgusModelerOutputSocket, (unsigned char *) argus, len)) < 0) ArgusLog (LOG_ERR, "ArgusSendFlowRecord: ArgusWriteSocket() error %s", strerror(errno)); } if (flow->flow.ip_flow.ip_p != IPPROTO_ICMP) flow->flow.ip_flow.ip_id = 0; flow->state.startime.tv_sec = 0; flow->state.startime.tv_usec = 0; flow->state.lasttime.tv_sec = 0; flow->state.lasttime.tv_usec = 0; src = &flow->state.src; dst = &flow->state.dst; src->count = 0; src->bytes = 0; src->appbytes = 0; dst->count = 0; dst->bytes = 0; dst->appbytes = 0; src->active.n = 0; src->idle.n = 0; src->active.sum = 0; src->idle.sum = 0; src->active.sumsqrd = 0; src->idle.sumsqrd = 0; src->active.max = 0x00000000; src->idle.max = 0x00000000; src->active.min = 0x7FFFFFFF; src->idle.min = 0x7FFFFFFF; dst->active.n = 0; dst->idle.n = 0; dst->active.sum = 0; dst->idle.sum = 0; dst->active.sumsqrd = 0; dst->idle.sumsqrd = 0; dst->active.max = 0x00000000; dst->idle.max = 0x00000000; dst->active.min = 0x7FFFFFFF; dst->idle.min = 0x7FFFFFFF; flow->state.src.status &= ~(ARGUS_FRAGMENTS|ARGUS_FRAGOVERLAP|ARGUS_TOS_MODIFIED|ARGUS_TTL_MODIFIED); flow->state.dst.status &= ~(ARGUS_FRAGMENTS|ARGUS_FRAGOVERLAP|ARGUS_TOS_MODIFIED|ARGUS_TTL_MODIFIED); flow->state.status &= ~(ARGUS_ICMPUNREACH_MAPPED|ARGUS_ICMPREDIREC_MAPPED|ARGUS_ICMPTIMXCED_MAPPED); #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusSendFlowRecord (0x%x, %d) writing record %d wrote %d bytes\n", flow, state, ntohl(argus->ahdr.seqNumber), retn); #endif } flow->qhdr.logtime = ArgusGlobalTime; } void ArgusVlanFlowRecord (struct ArgusFlowStruct *flow, struct ArgusRecord *argus, unsigned char state) { struct ArgusVlanStruct *vlan = NULL; if ((vlan = (struct ArgusVlanStruct *) flow->VlanDSRBuffer) != NULL) { bcopy ((char *)vlan, &((char *)argus)[argus->ahdr.length], sizeof(*vlan)); argus->ahdr.length += sizeof(*vlan); } } void ArgusMplsFlowRecord (struct ArgusFlowStruct *flow, struct ArgusRecord *argus, unsigned char state) { struct ArgusMplsStruct *mpls = NULL; if ((mpls = (struct ArgusMplsStruct *) flow->MplsDSRBuffer) != NULL) { bcopy ((char *)mpls, &((char *)argus)[argus->ahdr.length], sizeof(*mpls)); argus->ahdr.length += sizeof(*mpls); } } void ArgusTimeFlowRecord (struct ArgusFlowStruct *flow, struct ArgusRecord *argus, unsigned char state) { struct ArgusTimeStruct timebuf, *time = &timebuf; bzero ((char *) time, sizeof (*time)); time->type = ARGUS_TIME_DSR; time->length = sizeof (*time); if ((flow->state.src.active.n > 1) || (flow->state.dst.active.n > 1) || (flow->state.src.idle.n > 1) || (flow->state.dst.idle.n > 1)) { if (flow->state.src.active.n > 1) { time->src.act.n = flow->state.src.active.n; time->src.act.min = flow->state.src.active.min; time->src.act.max = flow->state.src.active.max; time->src.act.mean = flow->state.src.active.sum/flow->state.src.active.n; time->src.act.stdev = sqrt (flow->state.src.active.sumsqrd/time->src.act.n - pow (flow->state.src.active.sum/time->src.act.n, 2.0)); } if (flow->state.dst.active.n > 1) { time->dst.act.n = flow->state.dst.active.n; time->dst.act.min = flow->state.dst.active.min; time->dst.act.max = flow->state.dst.active.max; time->dst.act.mean = flow->state.dst.active.sum/flow->state.dst.active.n; time->dst.act.stdev = sqrt (flow->state.dst.active.sumsqrd/time->dst.act.n - pow (flow->state.dst.active.sum/time->dst.act.n, 2.0)); } if (flow->state.src.idle.n > 1) { time->src.idle.n = flow->state.src.idle.n; time->src.idle.min = flow->state.src.idle.min; time->src.idle.max = flow->state.src.idle.max; time->src.idle.mean = flow->state.src.idle.sum/flow->state.src.idle.n; time->src.idle.stdev = sqrt (flow->state.src.idle.sumsqrd/time->src.idle.n - pow (flow->state.src.idle.sum/time->src.idle.n, 2.0)); } if (flow->state.dst.idle.n > 1) { time->dst.idle.n = flow->state.dst.idle.n; time->dst.idle.min = flow->state.dst.idle.min; time->dst.idle.max = flow->state.dst.idle.max; time->dst.idle.mean = flow->state.dst.idle.sum/flow->state.dst.idle.n; time->dst.idle.stdev = sqrt (flow->state.dst.idle.sumsqrd/time->dst.idle.n - pow (flow->state.dst.idle.sum/time->dst.idle.n, 2.0)); } bcopy ((char *)time, &((char *)argus)[argus->ahdr.length], sizeof(*time)); argus->ahdr.length += sizeof(*time); } } void ArgusSystemTimeout () { int retn = 0, recv, drop, i; struct pcap_stat stat; struct timeval *tvp = NULL; if (((ArgusReportTime.tv_sec < ArgusGlobalTime.tv_sec) || ((ArgusReportTime.tv_sec == ArgusGlobalTime.tv_sec) && (ArgusReportTime.tv_usec < ArgusGlobalTime.tv_usec)))) { if (ArgusInputPacketFileType == ARGUSLIBPPKTFILE) { for (i = 0; i < ARGUS_MAXINTERFACE; i++) { if ((ArgusPd[i]) && (pcap_fileno(ArgusPd[i]) >= 0)) { pcap_stats(ArgusPd[i], &stat); recv = stat.ps_recv - ArgusStats[i].ps_recv; drop = stat.ps_drop - ArgusStats[i].ps_drop; ArgusInterface[ArgusInterfaceIndex].ArgusTotalDrop += drop; ArgusStats[i] = stat; } } } ArgusGenerateStatusMar(); #ifdef _LITTLE_ENDIAN ArgusHtoN(ArgusSystemMar); #endif if ((retn = ArgusWriteSocket(ArgusModelerOutputSocket, (unsigned char *) ArgusSystemMar, sizeof(*ArgusSystemMar))) < 0) ArgusLog (LOG_ERR, "ArgusSystemTimeout: ArgusWriteSocket() error %s", strerror(errno)); if ((tvp = getArgusMarReportInterval()) != NULL) { ArgusReportTime.tv_sec = ArgusGlobalTime.tv_sec + tvp->tv_sec; ArgusReportTime.tv_usec += tvp->tv_usec; if (ArgusReportTime.tv_usec > 1000000) { ArgusReportTime.tv_sec++; ArgusReportTime.tv_usec -= 1000000; } } } if (ArgusFlowQueue) ArgusProcessQueue(ArgusFlowQueue, ARGUS_STATUS); #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusSystemTimeout () returning\n"); #endif } void ArgusModelerCleanUp () { ArgusThisIpHdr = NULL; if ((ArgusFlowQueue) && (ArgusFlowQueue->count)) ArgusProcessQueue (ArgusFlowQueue, ARGUS_SHUTDOWN); if (ArgusModelerOutputSocket) { ArgusGenerateClosingMar(ARGUS_SHUTDOWN); #ifdef _LITTLE_ENDIAN ArgusHtoN(ArgusSystemMar); #endif if ((ArgusWriteSocket(ArgusModelerOutputSocket, (unsigned char *) ArgusSystemMar, sizeof(struct ArgusRecord))) < 0) ArgusLog (LOG_ERR, "ArgusModelerCleanUp: ArgusWriteSocket() error %s", strerror(errno)); while (!(ArgusListEmpty(ArgusModelerOutputSocket->ArgusOutputList))) if (ArgusWriteOutSocket(ArgusModelerOutputSocket) < 0) break; } #ifdef ARGUSDEBUG ArgusDebug (4, "ArgusModelerCleanUp () returning\n"); #endif } int ArgusCreateFlow (struct ether_header *ep, int length) { int retn = 0; ArgusThisDir = 0; bzero ((char *)ArgusThisFlow, sizeof(*ArgusThisFlow)); ArgusThisHash = 0; ArgusThisIpHdr = NULL; switch (ArgusThisNetworkFlowType & 0xFFFF) { case ETHERTYPE_IP: { struct ip *ip = (struct ip *) ArgusThisUpHdr; if (STRUCTCAPTURED(*ip)) { #if defined(LBL_ALIGN) if ((long) ip & (sizeof (long) - 1)) { bcopy ((unsigned char *) ip, (unsigned char *) ArgusAlignBuf, ArgusSnapLength); ip = (struct ip *) ArgusAlignBuf; ArgusThisSnapEnd = ArgusAlignBuf + ArgusSnapLength; } #endif ArgusInterface[ArgusInterfaceIndex].ArgusTotalIPPkts++; retn = ArgusCreateIPFlow (ip); } break; } case ETHERTYPE_ARP: case ETHERTYPE_REVARP: { ArgusInterface[ArgusInterfaceIndex].ArgusTotalNonIPPkts++; ArgusThisLength = length; retn = ArgusCreateArpFlow ((struct ether_arp *)ArgusThisUpHdr); break; } default: { int dstgteq = 1, i; ArgusInterface[ArgusInterfaceIndex].ArgusTotalNonIPPkts++; ArgusThisLength = length; bzero ((unsigned char *) ArgusThisFlow, sizeof(*ArgusThisFlow)); #ifndef ETH_ALEN #define ETH_ALEN 6 #endif for (i = 0; i < ETH_ALEN; i++) { if (((unsigned char *)&ep->ether_shost)[i] != ((unsigned char *)&ep->ether_dhost)[i]) { if (((unsigned char *)&ep->ether_shost)[i] > ((unsigned char *)&ep->ether_dhost)[i]) dstgteq = 0; break; } } if (dstgteq) { ArgusThisDir = 0; bcopy ((char *) ep, (char *)&ArgusThisFlow->mac_flow.ehdr, sizeof (struct ether_header)); } else { ArgusThisDir = 1; bcopy ((char *)&ep->ether_shost, (char *)&ArgusThisFlow->mac_flow.ehdr.ether_dhost, ETH_ALEN); bcopy ((char *)&ep->ether_dhost, (char *)&ArgusThisFlow->mac_flow.ehdr.ether_shost, ETH_ALEN); ArgusThisFlow->mac_flow.ehdr.ether_type = ep->ether_type; } if (ArgusThisPacketLLCEncaps) { ArgusThisFlow->mac_flow.ehdr.ether_type = 0; switch (ArgusThisNetworkFlowType & 0xFFFF) { case ARGUS_CLNS: case ARGUS_ESIS: case ARGUS_ISIS: case ARGUS_NULLNS: break; default: ArgusThisNetworkFlowType &= ~(0xFFFF); break; } if (dstgteq) { ArgusThisFlow->mac_flow.ssap = ArgusThisLLC->ssap; ArgusThisFlow->mac_flow.dsap = ArgusThisLLC->dsap; } else { ArgusThisFlow->mac_flow.ssap = ArgusThisLLC->dsap; ArgusThisFlow->mac_flow.dsap = ArgusThisLLC->ssap; } } retn = 1; } break; } #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusCreateFlow (0x%x, %d) returning %d\n", ep, length, retn); #endif return (retn); } #include static struct ArgusFlow ThisFlow; int ArgusCreateIPFlow (struct ip *ip) { int retn = 0; char *nxtHdr = (char *)((char *)ip + (ip->ip_hl << 2)); arg_uint32 saddr, daddr; arg_uint16 sport = 0, dport = 0, ip_id = 0; arg_uint8 proto, tp_p = 0; arg_uint32 len; int hlen, ArgusOptionLen; if (STRUCTCAPTURED(*ip)) { #if defined(LBL_ALIGN) if ((long) ip & (sizeof (long) - 1)) { bcopy ((unsigned char *) ip, (unsigned char *) ArgusAlignBuf, ArgusSnapLength); ip = (struct ip *) ArgusAlignBuf; ArgusThisSnapEnd = ArgusAlignBuf + ArgusSnapLength; } #endif bzero ((char *)ArgusThisFlow, sizeof(*ArgusThisFlow)); ArgusThisHash = 0; ArgusThisIpHdr = ip; #ifdef _LITTLE_ENDIAN ip->ip_len = ntohs(ip->ip_len); ip->ip_id = ntohs(ip->ip_id); ip->ip_off = ntohs(ip->ip_off); ip->ip_src.s_addr = ntohl(ip->ip_src.s_addr); ip->ip_dst.s_addr = ntohl(ip->ip_dst.s_addr); #endif hlen = ip->ip_hl << 2; if ((len = (ip->ip_len - hlen)) >= 0) { if ((ArgusIPPacketLenOff = (ip->ip_len - ArgusThisLength)) < 0) ArgusThisBytes += ArgusIPPacketLenOff; ArgusOptionIndicator = '\0'; if ((ArgusOptionLen = (hlen - sizeof (struct ip))) > 0) ArgusOptionIndicator = ArgusParseIPOptions ((unsigned char *) (ip + 1), ArgusOptionLen); ArgusThisLength = len; ArgusSnapLength -= hlen; ArgusThisDir = 0; saddr = ip->ip_src.s_addr; daddr = ip->ip_dst.s_addr; proto = ip->ip_p; if ((ip->ip_off & 0x1fff) == 0) { if (proto == IPPROTO_AH) { struct AHHeader *ah = (struct AHHeader *) nxtHdr; proto = ah->nxt; nxtHdr = (char *)(ah + 1); } ArgusThisUpHdr = (unsigned char *)nxtHdr; switch (proto) { case IPPROTO_ESP: retn = ArgusCreateESPFlow (ip); return (retn); case IPPROTO_ICMP: retn = ArgusCreateICMPFlow (ip); return (retn); case IPPROTO_TCP: { if (len >= sizeof (struct tcphdr)) { struct tcphdr *tp = (struct tcphdr *) nxtHdr; sport = ntohs(tp->th_sport); dport = ntohs(tp->th_dport); } break; } case IPPROTO_UDP: { if (len >= sizeof (struct udphdr)) { struct udphdr *up = (struct udphdr *) nxtHdr; sport = ntohs(up->uh_sport); dport = ntohs(up->uh_dport); } break; } case IPPROTO_IGMP: { if (len >= sizeof (struct igmp)) { struct igmp *igmp = (struct igmp *) nxtHdr; sport = igmp->igmp_type; } break; } default: break; } } else { ArgusThisDir = 0; ip_id = ip->ip_id; tp_p = ARGUS_FRAG_FLOWTAG; sport = 0xFFFF; dport = 0xFFFF; } ThisFlow.ip_flow.ip_src = saddr; ThisFlow.ip_flow.ip_dst = daddr; ThisFlow.ip_flow.ip_p = proto; ThisFlow.ip_flow.sport = sport; ThisFlow.ip_flow.dport = dport; ThisFlow.ip_flow.ip_id = ip_id; ThisFlow.ip_flow.tp_p = tp_p; switch (proto) { default: case IPPROTO_TCP: case IPPROTO_UDP: if ((ThisFlow.ip_flow.tp_p != ARGUS_FRAG_FLOWTAG) && (dport > sport || ((sport == dport) && (saddr < daddr)))) { ThisFlow.ip_flow.ip_src = daddr; ThisFlow.ip_flow.ip_dst = saddr; ThisFlow.ip_flow.sport = dport; ThisFlow.ip_flow.dport = sport; ArgusThisDir = 1; } if (ThisFlow.ip_flow.dport == IPPORT_BOOTPS) { struct udphdr *udp = (struct udphdr *) ArgusThisUpHdr; struct bootp *bp = (struct bootp *) (udp + 1); if (BYTESCAPTURED(*bp, 8)) { ThisFlow.ip_flow.ip_src = ntohl(bp->bp_xid); ThisFlow.ip_flow.ip_dst = 0; } } break; case IPPROTO_ICMP: if (ArgusThisDir && (ThisFlow.ip_flow.tp_p != ARGUS_FRAG_FLOWTAG)) { ThisFlow.ip_flow.ip_src = daddr; ThisFlow.ip_flow.ip_dst = saddr; } break; } bcopy ((unsigned char *)&ThisFlow, (unsigned char *) ArgusThisFlow, sizeof(*ArgusThisFlow)); retn = 1; } } #ifdef ARGUSDEBUG ArgusDebug (7, "ArgusCreateIPFlow (0x%x) returning %d\n", ip, retn); #endif return (retn); } void ArgusTimeOut(struct ArgusFlowStruct *flow) { int generateFlowRecord = 1; if (flow->FragDSRBuffer != NULL) { if (ArgusUpdateParentFlow (flow)) { generateFlowRecord = 0; } } if (generateFlowRecord) ArgusSendFlowRecord(flow, ARGUS_TIMEOUT); ArgusDeleteObject (flow); #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusTimeOut (0x%x) returning\n", flow); #endif } unsigned short ArgusParseIPOptions (unsigned char *ptr, int len) { unsigned short retn = 0; int offset = 0; for (; len > 0; ptr += offset, len -= offset) { switch (*ptr) { case IPOPT_EOL: break; case IPOPT_NOP: break; case IPOPT_TS: retn |= ARGUS_TIMESTAMP; break; case IPOPT_RR: retn |= ARGUS_RECORDROUTE; break; case IPOPT_SECURITY: retn |= ARGUS_SECURITY; break; case IPOPT_LSRR: retn |= ARGUS_LSRCROUTE; break; case IPOPT_SSRR: retn |= ARGUS_SSRCROUTE; break; case IPOPT_SATID: retn |= ARGUS_SATNETID; break; default: retn |= ARGUS_RECORDROUTE; break; } if ((*ptr == IPOPT_EOL) || (*ptr == IPOPT_NOP)) offset = 1; else { offset = ptr[1]; if (!(offset && (offset <= len))) break; } } return (retn); } int getArgusmflag () { return(Argusmflag); } void setArgusmflag (int value) { Argusmflag = value; } int getArgusGenerateTime() { return (ArgusGenerateTime); } void setArgusGenerateTime(int value) { ArgusGenerateTime = value; } int getArgusUserDataLen () { return (ArgusUserDataLen); } void setArgusUserDataLen (int value) { ArgusUserDataLen = value; setArgusSnapLen (value + ARGUS_MINSNAPLEN); } int getArgusSnapLen() { return (ArgusSnapLen); } void setArgusSnapLen(int value) { ArgusSnapLen = value; } int getArgusMajorVersion(void) { return (ArgusMajorVersion); } void setArgusMajorVersion(int value) { ArgusMajorVersion = value; } int getArgusMinorVersion(void) { return (ArgusMinorVersion); } void setArgusMinorVersion(int value) { if (ArgusMinorVersion != value) { ArgusMinorVersion = value; } } unsigned char getArgusInterfaceType(void) { return (ArgusInterfaceType); } void setArgusInterfaceType(unsigned char value) { ArgusInterfaceType = value; } unsigned char getArgusInterfaceStatus(void) { return (ArgusInterfaceStatus); } void setArgusInterfaceStatus(unsigned char value) { ArgusInterfaceStatus = value; } struct timeval * getArgusFarReportInterval(void) { return (&ArgusFarReportInterval); } unsigned int getArgusLocalNet(void) { return (ArgusLocalNet); } unsigned int getArgusNetMask(void) { return (ArgusNetMask); } void setArgusLocalNet(unsigned int value) { ArgusLocalNet = value; } unsigned int getArgusID(void) { return (ArgusID); } void setArgusID(unsigned int value) { ArgusID = value; } unsigned int getArgusIDType(void) { return (ArgusIDType); } void setArgusIDType(unsigned int value) { ArgusIDType = value; } int getArgusResponseStatus(void) { return (ArgusResponseStatus); } void setArgusResponseStatus(int value) { ArgusResponseStatus = value; } int getArgusIPTimeout(void) { return (ArgusIPTimeout); } int getArgusTCPTimeout(void) { return (ArgusTCPTimeout); } int getArgusICMPTimeout(void) { return (ArgusICMPTimeout); } int getArgusIGMPTimeout(void) { return (ArgusIGMPTimeout); } int getArgusFRAGTimeout(void) { return (ArgusFRAGTimeout); } #include #include void setArgusFarReportInterval (char *value) { struct timeval *tvp = getArgusFarReportInterval(); struct timeval ovalue; double thisvalue = 0.0, iptr, fptr; int ivalue = 0; char *ptr = NULL;; if (tvp != NULL) { ovalue = *tvp; tvp->tv_sec = 0; tvp->tv_usec = 0; } else { ovalue.tv_sec = 0; ovalue.tv_usec = 0; } if (((ptr = strchr (value, '.')) != NULL) || isdigit((int)*value)) { if (ptr != NULL) { thisvalue = atof(value); } else { if (isdigit((int)*value)) { ivalue = atoi(value); thisvalue = ivalue * 1.0; } } fptr = modf(thisvalue, &iptr); tvp->tv_sec = iptr; tvp->tv_usec = fptr * 1000000; if ((ovalue.tv_sec > tvp->tv_sec) || ((ovalue.tv_sec == tvp->tv_sec) && (ovalue.tv_usec > tvp->tv_usec))) ArgusSystemTimeout(); } else *tvp = ovalue; } void setArgusTCPTimeout(int value) { ArgusTCPTimeout = value; } void setArgusIPTimeout(int value) { ArgusIPTimeout = value; } void setArgusICMPTimeout(int value) { ArgusICMPTimeout = value; } void setArgusIGMPTimeout(int value) { ArgusICMPTimeout = value; } void setArgusFRAGTimeout(int value) { ArgusFRAGTimeout = value; } int getArgusAflag () { return (ArgusAflag); } void setArgusAflag(int value) { ArgusAflag = value; } int getArgusdflag(void) { return (Argusdflag); } void setArgusdflag(int value) { if (Argusdflag && !(value)) { } if (value) { } Argusdflag = value; } void setArgusLink(unsigned int value) { ArgusLink = value; } void setArgusNetMask(unsigned int value) { ArgusNetMask = value; } argus-2.0.6.fixes.1/server/ArgusModeler.h0000775000076600007660000004752410044512420013672 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1993, 1994 Carnegie Mellon University. * All rights reserved. * * Permission to use, copy, modify, and distribute this software and * its documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and * that both that copyright notice and this permission notice appear * in supporting documentation, and that the name of CMU not be * used in advertising or publicity pertaining to distribution of the * software without specific, written prior permission. * * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. * */ /* ArgusModeler.h */ /* This is a merger of argus.h, interface.h, and constants strewn about the argus.c and argus_util.c modules. */ #ifndef ArgusModeler_h #define ArgusModeler_h #define ARGUS_MARSTATUSTIMER "300" #define ARGUS_FARSTATUSTIMER "60" #define ARGUS_INITIMEOUT 15 #define ARGUS_IPTIMEOUT 300 #define ARGUS_ARPTIMEOUT 300 #define ARGUS_TCPTIMEOUT 120 #define ARGUS_ICMPTIMEOUT 300 #define ARGUS_IGMPTIMEOUT 300 #define ARGUS_OTHERTIMEOUT 300 #define ARGUS_IPFRAGTIMEOUT 2 #define ARGUS_FRAGTIMEOUT 5 #define ARGUS_MINSNAPLEN 96 #define ARGUS_MINIPHDRLEN 20 #define ARGUS_HASHTABLESIZE 65536 #define ARGUS_REQUEST 0x01 #define ARGUS_REPLY 0x02 #define ARGUS_RTP_PCMU 0 #define ARGUS_RTP_PCMA 8 #define ARGUS_RTP_G722 9 #define ARGUS_RTP_G723 4 #define ARGUS_RTP_G728 15 #define ARGUS_RTP_G729 18 #define ARGUS_RTP_H261 31 #define ARGUS_RTP_H263 34 #define ARGUS_DEBUG 0xFF /* True if "l" bytes of "var" were captured */ #define BYTESCAPTURED(var, l) ((u_char *)&(var) <= ArgusThisSnapEnd - (l)) /* True if "var" was captured */ #define STRUCTCAPTURED(var) BYTESCAPTURED(var, sizeof(var)) /* Bail if "l" bytes of "var" were not captured */ #define BYTESCHECK(var, l) if (!BYTESCAPTURED(var, l)) goto trunc /* Bail if "var" was not captured */ #define STRUCTCHECK(var) BYTESCHECK(var, sizeof(var)) #define LENCHECK(l) { if ((l) > len) goto bad; BYTESCHECK(*cp, l); } #include #include #include #include #include #include #if defined(HAVE_SOLARIS) || defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) #include #if !defined(__OpenBSD__) || (defined(__OpenBSD__) && !defined(_NET_IF_H_)) #include #define _NET_IF_H_ #endif #endif #if !defined(__OpenBSD__) || (defined(__OpenBSD__) && !defined(_NETINET_IF_SYSTEM_H_)) #include #define _NETINET_IF_SYSTEM_H_ #endif #if !defined(__OpenBSD__) #include #endif #ifndef _NETINET_IP_H_ #include #define _NETINET_IP_H_ #endif #ifndef _NETINET_UDP_H_ #include #define _NETINET_UDP_H_ #endif #include #include #include #include #include struct ArgusUserDataObject { int count, size; char *array; }; struct ArgusUserObject { struct ArgusUserDataObject src, dst; }; struct AHHeader { unsigned char nxt, len; unsigned short pad; unsigned int spi, replay, data; }; struct ArgusHashTableStruct { int size; struct ArgusHashTableHeader **array; }; struct ArgusModelerStruct { int state; }; struct ArgusModelerTime { unsigned int n, min, max, sum; long long sumsqrd; }; struct ArgusFlowStats { unsigned short status, ip_id, options; unsigned char ttl, tos; struct timeval lasttime; unsigned int count, bytes, appbytes; struct ArgusModelerTime active, idle; }; struct ArgusFlowState { struct timeval startime, lasttime; unsigned int status; unsigned short ofragcnt; unsigned char rev, dir; struct ArgusFlowStats *last, src, dst; }; struct ArgusFlowStruct { struct ArgusQueueHeader qhdr; struct ArgusHashTableHeader *htblhdr; struct ArgusFlow flow; unsigned int ArgusFlowType; struct ArgusFlowState state; unsigned int ArgusTransactionNum; int ArgusTimeout, ArgusVlanId; void *MacDSRBuffer; void *VlanDSRBuffer; void *MplsDSRBuffer; void *NetworkDSRBuffer; void *ICMPDSRBuffer; void *FragDSRBuffer; void *TransportDSRBuffer; void *SessionDSRBuffer; void *UserDSRBuffer; }; struct ArgusHashTableHeader { struct ArgusHashTableHeader *nxt, *prv; struct ArgusFlow flow; unsigned short hash; struct ArgusFlowStruct *flowobj; }; struct ArgusTCPModelerObject { struct timeval lasttime; unsigned int status; unsigned short state; unsigned char flag, pad; unsigned short win, winbytes; unsigned int seq_base, seq, ack, winnum; unsigned int count, bytes, retrans, ackbytes; }; struct ArgusTCPExtensionBuffer { unsigned int status, state, options; unsigned int synAckuSecs, ackDatauSecs; struct ArgusTCPModelerObject src, dst; }; struct ArgusFragOffsetStruct { struct ArgusFragOffsetStruct *nxt; int start, end; }; struct ArgusFragExtensionBuffer { struct ArgusFlow flow; struct ArgusFragObject frag; unsigned int startbytes, bytes, totbytes; struct ArgusFlowStruct *flowstr; struct ArgusUserDataObject *user; struct ArgusFragOffsetStruct *offsets; }; extern void ArgusUpdateESPState (struct ArgusFlowStruct *, unsigned char *); extern void ArgusUpdateFragState (struct ArgusFlowStruct *, unsigned char *); extern void ArgusUpdateTCPState(struct ArgusFlowStruct *, unsigned char *); extern void ArgusUpdateUDPState(struct ArgusFlowStruct *, unsigned char *); extern void ArgusUpdateICMPState(struct ArgusFlowStruct *, unsigned char *); extern void ArgusUpdateAppState (struct ArgusFlowStruct *, unsigned char *); extern void ArgusUpdateArpState (struct ArgusFlowStruct *, unsigned char *); extern void ArgusUpdateFRAGState(struct ArgusFlowStruct *, unsigned char *); extern int ArgusUpdateParentFlow (struct ArgusFlowStruct *); void ArgusUpdateMACState (struct ArgusFlowStruct *, unsigned char *); extern struct ArgusRecord *ArgusGenerateFlowRecord (struct ArgusFlowStruct *, unsigned char); extern void ArgusVlanFlowRecord (struct ArgusFlowStruct *, struct ArgusRecord *, unsigned char); extern void ArgusMplsFlowRecord (struct ArgusFlowStruct *, struct ArgusRecord *, unsigned char); extern void ArgusTimeFlowRecord (struct ArgusFlowStruct *, struct ArgusRecord *, unsigned char); extern void ArgusMacFlowRecord (struct ArgusFlowStruct *, struct ArgusRecord *, unsigned char); extern void ArgusESPFlowRecord (struct ArgusFlowStruct *, struct ArgusRecord *, unsigned char); extern void ArgusUDPFlowRecord (struct ArgusFlowStruct *, struct ArgusRecord *, unsigned char); extern void ArgusTCPFlowRecord (struct ArgusFlowStruct *, struct ArgusRecord *, unsigned char); extern void ArgusARPFlowRecord (struct ArgusFlowStruct *, struct ArgusRecord *, unsigned char); extern void ArgusICMPFlowRecord (struct ArgusFlowStruct *, struct ArgusRecord *, unsigned char); extern void ArgusUserDataFlowRecord (struct ArgusFlowStruct *, struct ArgusRecord *, unsigned char); extern void ArgusInitializeTCP (struct ArgusFlowStruct *); extern int ArgusUpdateTCPStateMachine (struct ArgusFlowStruct *, struct tcphdr *); extern int ArgusUpdateTCPSequence (struct ArgusFlowStruct *, struct tcphdr *); #if defined(ArgusModeler) #if defined(LBL_ALIGN) #define ARGUS_MAXALIGNBUF 65536 unsigned char ArgusAlignBuffer[ARGUS_MAXALIGNBUF], *ArgusAlignBuf = ArgusAlignBuffer; #endif struct ArgusModelerStruct *ArgusModel = NULL; unsigned int ArgusTransactionNum = 0; int ArgusModelerPipe[2] = {-1, -1}; struct ArgusHashTableStruct ArgusHashTable; struct ArgusSocketStruct *ArgusModelerOutputSocket = NULL; struct ArgusQueueStruct *ArgusFlowQueue = NULL; struct ArgusFlow ArgusThisFlowBuffer; struct ArgusFlow *ArgusThisFlow = &ArgusThisFlowBuffer; struct ArgusMacStruct ArgusThisMacBuffer; struct ArgusMacStruct *ArgusThisMac = &ArgusThisMacBuffer; int ArgusThisNetworkFlowType = 0; int ArgusThisAppFlowType = 0; int ArgusInProtocol = 1; unsigned short ArgusOptionIndicator = 0; struct ether_header *ArgusThisEpHdr = NULL; struct ip *ArgusThisIpHdr = NULL; unsigned char *ArgusThisUpHdr = NULL; unsigned char *ArgusThisSnapEnd = NULL; int ArgusSnapLength = 0; int ArgusGenerateTime = 0; int ArgusThisLength = 0; int ArgusThisBytes = 0; int ArgusThisDir = 0; int ArgusIPPacketLenOff = 0; unsigned short ArgusThisHash = 0; long long ArgusTotalPacket = 0; long long ArgusTotalFrags = 0; long long ArgusTotalIPPkts = 0; long long ArgusLastIPPkts = 0; long long ArgusTotalNonIPPkts = 0; long long ArgusLastNonIPPkts = 0; long long ArgusTotalNewFlows = 0; long long ArgusLastNewFlows = 0; long long ArgusTotalClosedFlows = 0; long long ArgusLastClosedFlows = 0; long long ArgusTotalIPFlows = 0; long long ArgusLastIPFlows = 0; long long ArgusTotalNonIPFlows = 0; long long ArgusLastNonIPFlows = 0; long long ArgusTotalRecords = 0; long long ArgusLastRecords = 0; long long ArgusTotalUpdates = 0; long long ArgusLastUpdates = 0; int ArgusThisPacketLLCEncaps = 0; int ArgusThisPacketMPLSEncaps = 0; unsigned int ArgusThisPacketMPLSLabel = 0; int ArgusThisPacket8021QEncaps = 0; int ArgusThisPacketPPPoEEncaps = 0; struct timeval ArgusGlobalTime = {0, 0}; struct timeval ArgusStartTime = {0, 0}; struct timeval ArgusUpdateInterval = {0,200000}; struct timeval ArgusUpdateTimer = {0, 0}; static int ArgusMajorVersion = VERSION_MAJOR; static int ArgusMinorVersion = VERSION_MINOR; static int ArgusSnapLen = ARGUS_MINSNAPLEN; int ArgusUserDataLen = 0; int ArgusAflag = 1; int Argusmflag = 1; int ArgusResponseStatus = 0; struct timeval ArgusFarReportInterval = {0,0}; unsigned int ArgusLocalNet = 0; unsigned int ArgusNetMask = 0; static int ArgusIPTimeout = ARGUS_IPTIMEOUT; static int ArgusTCPTimeout = ARGUS_TCPTIMEOUT; static int ArgusICMPTimeout = ARGUS_ICMPTIMEOUT; static int ArgusIGMPTimeout = ARGUS_IGMPTIMEOUT; static int ArgusFRAGTimeout = ARGUS_FRAGTIMEOUT; static unsigned int ArgusID = ARGUS_COOKIE; static unsigned int ArgusIDType = 0; static unsigned int ArgusLink = 0; static unsigned char ArgusInterfaceType = 0; static unsigned char ArgusInterfaceStatus = 0; struct ArgusModelerStruct *ArgusNewModeler(void); void ArgusInitModeler(void); void ArgusDeleteModeler(void); int ArgusProcessPacket (struct ether_header *, int, struct timeval *); int ArgusProcessIpPacket (struct ip *, int, struct timeval *); extern struct ether_header *ArgusProcessEtherHdr (struct ether_header *, int); unsigned short ArgusDiscoverNetworkProtocol (unsigned char *); void ArgusParseMPLSLabel (unsigned char *, unsigned int *, unsigned char *, unsigned char *, unsigned char *); void ArgusSendFlowRecord (struct ArgusFlowStruct *, unsigned char); struct ArgusFlowStruct *ArgusNewFlow (void); extern struct ArgusFlowStruct *ArgusNewFragFlow (void); void ArgusTallyStats (struct ArgusFlowStruct *, unsigned char); void ArgusTallyTime (struct ArgusFlowStruct *, unsigned char); unsigned short ArgusParseIPOptions (unsigned char *, int); int getArgusAflag(void); void setArgusAflag(int); int getArgusmflag(void); void setArgusmflag(int); int getArgusUserDataLen(void); void setArgusUserDataLen(int); int getArgusGenerateTime(void); void setArgusGenerateTime(int); int getArgusdflag(void); void setArgusdflag(int); void setArgusLink(unsigned int); void ArgusModelerCleanUp (void); int ArgusCreateFlow (struct ether_header *, int); int ArgusCreateArpFlow (struct ether_arp *); int ArgusCreateIPFlow (struct ip *); int ArgusCreateESPFlow (struct ip *); int ArgusCreateICMPFlow (struct ip *); int ArgusCreateFRAGFlow (struct ip *); struct ArgusFlowStruct *ArgusFindFlow (void); void ArgusICMPMappedFlowRecord (struct ArgusFlowStruct *, struct ArgusRecord *, unsigned char); int ArgusUpdateState (struct ArgusFlowStruct *, unsigned char); void ArgusUpdateFlow (struct ArgusFlowStruct *, unsigned char); void ArgusModelTransmit (void); int ArgusUpdateTime (void); void ArgusTimeOut(struct ArgusFlowStruct *); struct ArgusHashTableHeader *ArgusFindHashObject(void); int getArgusMajorVersion(void); void setArgusMajorVersion(int); int getArgusMinorVersion(void); void setArgusMinorVersion(int); int getArgusSnapLen(void); void setArgusSnapLen(int); int getArgusManReportInterval(void); void setArgusManReportInterval(int); struct timeval *getArgusFarReportInterval(void); void setArgusFarReportInterval(char *); int getArgusResponseStatus(void); void setArgusResponseStatus(int value); unsigned int getArgusID(void); void setArgusID(unsigned int); unsigned int getArgusIDType(void); void setArgusIDType(unsigned int); int getArgusIPTimeout(void); void setArgusIPTimeout(int); int getArgusTCPTimeout(void); void setArgusTCPTimeout(int); int getArgusICMPTimeout(void); void setArgusICMPTimeout(int); int getArgusIGMPTimeout(void); void setArgusIGMPTimeout(int); int getArgusFRAGTimeout(void); void setArgusFRAGTimeout(int); unsigned int getArgusLocalNet(void); void setArgusLocalNet(unsigned int); unsigned int getArgusNetMask(void); void setArgusNetMask(unsigned int); unsigned char getArgusInterfaceType(void); void setArgusInterfaceType(unsigned char); unsigned char getArgusInterfaceStatus(void); void setArgusInterfaceStatus(unsigned char); void ArgusSystemTimeout (void); #else /* #if defined(ArgusModeler) */ #if defined(LBL_ALIGN) extern unsigned char *ArgusAlignBuf; #endif extern struct ArgusModelerStruct *ArgusModel; extern unsigned int ArgusTransactionNum; extern int ArgusModelerPipe[2]; extern struct ArgusHashTableStruct ArgusHashTable; extern struct ArgusSocketStruct *ArgusModelerOutputSocket; extern struct ArgusQueueStruct *ArgusFlowQueue; extern struct ArgusFlow *ArgusThisFlow; extern int ArgusThisNetworkFlowType; extern int ArgusThisAppFlowType; extern int ArgusInProtocol; extern unsigned short ArgusOptionIndicator; extern struct ether_header *ArgusThisEpHdr; extern struct ip *ArgusThisIpHdr; extern unsigned char *ArgusThisUpHdr; extern unsigned char *ArgusThisSnapEnd; extern long long ArgusTotalPacket; extern long long ArgusTotalFrags; extern long long ArgusTotalIPPkts; extern long long ArgusLastIPPkts; extern long long ArgusTotalNonIPPkts; extern long long ArgusLastNonIPPkts; extern long long ArgusTotalNewFlows; extern long long ArgusLastNewFlows; extern long long ArgusTotalClosedFlows; extern long long ArgusLastClosedFlows; extern long long ArgusTotalIPFlows; extern long long ArgusLastIPFlows; extern long long ArgusTotalNonIPFlows; extern long long ArgusLastNonIPFlows; extern long long ArgusTotalRecords; extern long long ArgusLastRecords; extern long long ArgusTotalUpdates; extern long long ArgusLastUpdates; extern unsigned int ArgusLocalNet, ArgusNetMask; extern int ArgusFarReportInterval; extern int ArgusResponseStatus; extern int ArgusAflag; extern int Argusmflag; extern int ArgusThisPacketLLCEncaps; extern int ArgusThisPacketMPLSEncaps; extern unsigned int ArgusThisPacketMPLSLabel; extern int ArgusThisPacket8021QEncaps; extern int ArgusThisPacketPPPoEEncaps; extern u_char *ArgusSnapEnd; extern int ArgusSnapLength; extern int ArgusGenerateTime; extern int ArgusThisLength; extern int ArgusThisBytes; extern int ArgusThisDir; extern unsigned short ArgusThisHash; extern int ArgusIPPacketLenOff; extern struct timeval ArgusGlobalTime; extern struct timeval ArgusStartTime; extern struct timeval ArgusUpdateInterval; extern struct timeval ArgusUpdateTimer; extern struct ArgusModelerStruct *ArgusNewModeler(void); extern void ArgusInitModeler(void); extern void ArgusDeleteModeler(void); extern int ArgusProcessPacket (struct ether_header *, int, struct timeval *); extern int ArgusProcessIpPacket (struct ip *, int, struct timeval *); extern struct ether_header *ArgusProcessEtherHdr (struct ether_header *, int); extern unsigned short ArgusDiscoverNetworkProtocol (unsigned char *); extern void ArgusParseMPLSLabel (unsigned char *, unsigned int *, unsigned char *, unsigned char *, unsigned char *); extern void ArgusSendFlowRecord (struct ArgusFlowStruct *, unsigned char); extern struct ArgusFlowStruct *ArgusNewFlow (void); extern struct ArgusFlowStruct *ArgusNewFragFlow (void); extern void ArgusTallyStats (struct ArgusFlowStruct *, unsigned char); extern void ArgusTallyTime (struct ArgusFlowStruct *, unsigned char); extern unsigned short ArgusParseIPOptions (unsigned char *, int); extern int getArgusAflag(void); extern void setArgusAflag(int); extern int getArgusmflag(void); extern void setArgusmflag(int); extern int getArgusUserDataLen(void); extern void setArgusUserDataLen(int); extern int getArgusGenerateTime(void); extern void setArgusGenerateTime(int); extern int getArgusdflag(void); extern struct timeval *getArgusFarReportInterval(void); extern void setArgusdflag(int); extern void setArgusFarReportInterval(char *); extern void setArgusLink(unsigned int); extern void ArgusModelerCleanUp (void); extern int ArgusCreateFlow (struct ether_header *, int); extern int ArgusCreateArpFlow (struct ether_arp *); extern int ArgusCreateIPFlow (struct ip *); extern int ArgusCreateESPFlow (struct ip *); extern int ArgusCreateICMPFlow (struct ip *); extern int ArgusCreateFRAGFlow (struct ip *); extern struct ArgusFlowStruct *ArgusFindFlow (void); extern void ArgusICMPMappedFlowRecord (struct ArgusFlowStruct *, struct ArgusRecord *, unsigned char); extern int ArgusUpdateState (struct ArgusFlowStruct *, unsigned char); extern void ArgusUpdateFlow (struct ArgusFlowStruct *, unsigned char); extern void ArgusModelTransmit (void); extern int ArgusUpdateTime (void); extern void ArgusTimeOut(struct ArgusFlowStruct *); extern int getArgusMajorVersion(void); extern void setArgusMajorVersion(int); extern int getArgusMinorVersion(void); extern void setArgusMinorVersion(int); extern int getArgusSnapLen(void); extern void setArgusSnapLen(int); extern int getArgusManReportInterval(void); extern void setArgusManReportInterval(int); extern int getArgusStatusReportInterval(void); extern void setArgusStatusReportInterval(int); extern int getArgusResponseStatus(void); extern void setArgusResponseStatus(int value); extern unsigned int getArgusID(void); extern void setArgusID(unsigned int); extern unsigned int getArgusIDType(void); extern void setArgusIDType(unsigned int); extern int getArgusIPTimeout(void); extern void setArgusIPTimeout(int); extern int getArgusTCPTimeout(void); extern void setArgusTCPTimeout(int); extern int getArgusICMPTimeout(void); extern void setArgusICMPTimeout(int); extern int getArgusIGMPTimeout(void); extern void setArgusIGMPTimeout(int); extern int getArgusFRAGTimeout(void); extern void setArgusFRAGTimeout(int); extern unsigned int getArgusLocalNet(void); extern void setArgusLocalNet(unsigned int); extern unsigned int getArgusNetMask(void); extern void setArgusNetMask(unsigned int); extern unsigned char getArgusInterfaceType(void); extern void setArgusInterfaceType(unsigned char); extern unsigned char getArgusInterfaceStatus(void); extern void setArgusInterfaceStatus(unsigned char); extern void ArgusSystemTimeout (void); #endif /* #if defined(ArgusModeler) else */ #endif /* #ifndef ArgusModeler_h */ argus-2.0.6.fixes.1/server/ArgusOutput.c0000775000076600007660000011702410016412624013573 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1993, 1994 Carnegie Mellon University. * All rights reserved. * * Permission to use, copy, modify, and distribute this software and * its documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and * that both that copyright notice and this permission notice appear * in supporting documentation, and that the name of CMU not be * used in advertising or publicity pertaining to distribution of the * software without specific, written prior permission. * * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. * */ /* * * written by Carter Bullard * QoSient, LLC * */ #ifndef ArgusOutput #define ArgusOutput #endif #include #include #include #define HOSTS_ACCESS 200 extern int ArgusFilterCompile(struct bpf_program *, char *, int, unsigned int); struct ArgusOutputStruct * ArgusNewOutput (void) { struct ArgusOutputStruct *retn = NULL; int i; if ((retn = (struct ArgusOutputStruct *) ArgusCalloc (1, sizeof (struct ArgusOutputStruct))) != NULL) { retn->clienttags = 0; for (i = 0; i < ARGUS_MAXLISTEN; i++) { retn->client[i].fd = -1; retn->client[i].pid = -1; retn->client[i].pipe[0] = -1; retn->client[i].pipe[1] = -1; retn->client[i].sock = NULL; } ArgusReportTime.tv_sec = ArgusGlobalTime.tv_sec + ArgusMarReportInterval.tv_sec; ArgusReportTime.tv_usec += ArgusMarReportInterval.tv_usec; ArgusLastMarUpdateTime = ArgusGlobalTime; } #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusNewOutput() returning retn 0x%x\n", retn); #endif return (retn); } void ArgusDeleteOutput () { if (ArgusOutputTask) { ArgusCloseClients(); ArgusFree (ArgusOutputTask); ArgusOutputTask = NULL; } #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusDeleteOutput() returning\n"); #endif } void ArgusInitOutput () { int result; if ((result = pipe(ArgusOutputPipe)) != 0) ArgusLog (LOG_ERR, "ArgusInitOutput pipe() error %s\n", strerror(errno)); if ((fcntl (ArgusOutputPipe[PARENTSIDE], F_SETFL, O_NONBLOCK)) < 0) ArgusLog (LOG_ERR, "ArgusInitOutput: fcntl failed %s\n", strerror(errno)); if ((fcntl (ArgusOutputPipe[CLIENTSIDE], F_SETFL, O_NONBLOCK)) < 0) ArgusLog (LOG_ERR, "ArgusInitOutput: fcntl failed %s\n", strerror(errno)); if (getArgusrfile() != NULL) { setArgusPortNum(0, 0); } else if (getArgusPortNum() == -1) setArgusPortNum(ARGUS_MONITORPORT, ArgusBindIP); if ((ArgusOutputTask->pid = fork()) == 0) { ArgusOutputProcess(); } else { #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusOutputProcess[%d] created\n", ArgusOutputTask->pid); #endif } #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusInitOutput() returning\n"); #endif } void ArgusGenerateInitialMar () { int i; ArgusSystemMar->ahdr.type = ARGUS_MAR; ArgusSystemMar->ahdr.cause = ARGUS_START; ArgusSystemMar->ahdr.length = (unsigned short) sizeof(struct ArgusRecord); ArgusSystemMar->ahdr.argusid = ARGUS_COOKIE; ArgusSystemMar->ahdr.seqNumber = 0; ArgusSystemMar->argus_mar.startime = ArgusStartTime; ArgusSystemMar->argus_mar.now = ArgusGlobalTime; ArgusSystemMar->argus_mar.major_version = getArgusMajorVersion(); ArgusSystemMar->argus_mar.minor_version = getArgusMinorVersion(); ArgusSystemMar->argus_mar.interfaceType = getArgusInterfaceType(); ArgusSystemMar->argus_mar.interfaceStatus = getArgusInterfaceStatus(); ArgusSystemMar->argus_mar.reportInterval = getArgusFarReportInterval()->tv_sec; ArgusSystemMar->argus_mar.argusMrInterval = getArgusMarReportInterval()->tv_sec; ArgusSystemMar->argus_mar.argusid = getArgusID(); ArgusSystemMar->ahdr.status |= getArgusIDType(); ArgusSystemMar->argus_mar.localnet = ArgusInterface[0].ArgusLocalNet; ArgusSystemMar->argus_mar.netmask = ArgusInterface[0].ArgusNetMask; ArgusSystemMar->argus_mar.pktsRcvd = 0; ArgusSystemMar->argus_mar.bytesRcvd = 0; ArgusSystemMar->argus_mar.pktsDrop = 0; for (i = 0; i < ARGUS_MAXINTERFACE; i++) { if (ArgusPd[i] != NULL) { ArgusSystemMar->argus_mar.pktsRcvd += ArgusInterface[i].ArgusTotalPkts; ArgusSystemMar->argus_mar.bytesRcvd += ArgusInterface[i].ArgusTotalBytes; ArgusSystemMar->argus_mar.pktsDrop += ArgusInterface[i].ArgusTotalDrop; } } ArgusSystemMar->argus_mar.nextMrSequenceNum = ArgusOutputSequence; ArgusSystemMar->argus_mar.record_len = -1; #ifdef ARGUSDEBUG ArgusDebug (4, "ArgusGenerateInitialMar() returning\n"); #endif } void ArgusGenerateStatusMar () { int i; ArgusSystemMar->ahdr.type = ARGUS_MAR; ArgusSystemMar->ahdr.cause = ARGUS_STATUS; ArgusSystemMar->ahdr.length = (unsigned short) sizeof(struct ArgusRecord); ArgusSystemMar->ahdr.argusid = getArgusID(); ArgusSystemMar->ahdr.seqNumber = 0; ArgusSystemMar->argus_mar.startime = ArgusLastMarUpdateTime; ArgusSystemMar->argus_mar.now = ArgusGlobalTime; ArgusSystemMar->argus_mar.major_version = getArgusMajorVersion(); ArgusSystemMar->argus_mar.minor_version = getArgusMinorVersion(); ArgusSystemMar->argus_mar.interfaceType = getArgusInterfaceType(); ArgusSystemMar->argus_mar.interfaceStatus = getArgusInterfaceStatus(); ArgusSystemMar->argus_mar.reportInterval = getArgusFarReportInterval()->tv_sec; ArgusSystemMar->argus_mar.argusMrInterval = getArgusMarReportInterval()->tv_sec; ArgusSystemMar->argus_mar.argusid = getArgusID(); ArgusSystemMar->ahdr.status |= getArgusIDType(); ArgusSystemMar->argus_mar.localnet = getArgusLocalNet(); ArgusSystemMar->argus_mar.netmask = getArgusNetMask(); ArgusSystemMar->argus_mar.pktsRcvd = 0; ArgusSystemMar->argus_mar.bytesRcvd = 0; ArgusSystemMar->argus_mar.pktsDrop = 0; for (i = 0; i < ARGUS_MAXINTERFACE; i++) { if (ArgusPd[i] != NULL) { ArgusSystemMar->argus_mar.pktsRcvd += ArgusInterface[i].ArgusTotalPkts; ArgusSystemMar->argus_mar.bytesRcvd += ArgusInterface[i].ArgusTotalBytes; ArgusSystemMar->argus_mar.pktsDrop += ArgusInterface[i].ArgusTotalDrop; ArgusInterface[i].ArgusTotalPkts = 0; ArgusInterface[i].ArgusTotalBytes = 0; ArgusInterface[i].ArgusTotalDrop = 0; } } ArgusSystemMar->argus_mar.flows = ArgusGetQueueCount(ArgusFlowQueue); ArgusSystemMar->argus_mar.flowsClosed = ArgusTotalClosedFlows - ArgusLastClosedFlows; ArgusSystemMar->argus_mar.nextMrSequenceNum = ArgusOutputSequence; ArgusSystemMar->argus_mar.record_len = -1; ArgusLastNewFlows = ArgusTotalNewFlows; ArgusLastClosedFlows = ArgusTotalClosedFlows; ArgusLastMarUpdateTime = ArgusGlobalTime; #ifdef ARGUSDEBUG ArgusDebug (4, "ArgusGenerateStatusMar() returning\n"); #endif } void ArgusGenerateClosingMar (unsigned char status) { gettimeofday (&ArgusGlobalTime, 0L); ArgusGenerateStatusMar(); ArgusSystemMar->ahdr.cause = status; #ifdef ARGUSDEBUG ArgusDebug (4, "ArguGenerateClosingMar() returning\n"); #endif } #define MAXBUFSIZE (sizeof(struct ArgusRecord) * 16) #include void ArgusOutputCleanUp (int); void ArgusInitOutputProcess() { struct ArgusWfileStruct *wfile; int i, retn; if (ArgusWfileList) { while (!ArgusListEmpty(ArgusWfileList)) { if ((wfile = ArgusFrontList(ArgusWfileList)) != NULL) { for (i = 0; i < ARGUS_MAXLISTEN; i++) { if (ArgusOutputTask->client[i].pid == -1) { if ((retn = pipe(ArgusOutputTask->client[i].pipe)) == 0) { pid_t pid; if ((ArgusOutputTask->client[i].sock = ArgusNewSocket (ArgusOutputTask->client[i].pipe[CLIENTSIDE])) != NULL) { ArgusOutputTask->clienttags |= (1 << i); if ((pid = fork()) != 0) { ArgusOutputTask->client[i].pid = pid; ArgusSendInitialMar(ArgusOutputTask->client[i].pipe[CLIENTSIDE]); } else { ArgusOutputTask->client[i].pid = getpid(); ArgusClientProcess(&ArgusOutputTask->client[i], wfile); _exit(0); } } break; } } else { int status; waitpid(ArgusOutputTask->client[i].pid, &status, WNOHANG); if ((retn = kill(ArgusOutputTask->client[i].pid, 0)) < 0) { ArgusCloseSocket(i); i--; } } } ArgusFree(wfile); ArgusPopFrontList(ArgusWfileList); } } ArgusDeleteList(ArgusWfileList); } ArgusUpdateInterval.tv_usec = 100000; #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusInitOutputProcess() returning\n"); #endif } void ArgusUsr1Sig (int sig) { #ifdef ARGUSDEBUG Argusdflag = (Argusdflag++ > 30) ? 30 : Argusdflag; ArgusDebug (0, "ArgusUsr1Sig: debug %d enabled\n", Argusdflag); #endif } void ArgusUsr2Sig (int sig) { #ifdef ARGUSDEBUG Argusdflag = 0; ArgusDebug (0, "ArgusUsr2Sig: debug disabled\n"); #endif } void ArgusChildExit (int sig) { int retn; if (ArgusOutputTask->clienttags) { int status, i; for (i = 0; i < ARGUS_MAXLISTEN; i++) if (ArgusOutputTask->client[i].pid != -1) { waitpid(ArgusOutputTask->client[i].pid, &status, WNOHANG); if ((retn = kill(ArgusOutputTask->client[i].pid, 0)) < 0) ArgusCloseSocket(i); } } #ifdef ARGUSDEBUG ArgusDebug (4, "ArgusChildExit\n"); #endif } int ArgusProcessRemoteSocket(struct ArgusClientData *, int); int ArgusProcessOutputSocket(struct ArgusClientData *, int); int ArgusParentPid = 0; void ArgusOutputProcess() { struct ArgusSocketStruct *ArgusInputSocket; fd_set readmask, writemask, exceptmask; int retn = 0, width = 0; int lfd = ArgusOutputPipe[PARENTSIDE]; int ArgusLfd = getArgusLfd(); struct timeval wait; #if defined(HAVE_SOLARIS) sigignore(SIGPIPE); sigignore(SIGHUP); sigignore(SIGINT); sigignore(SIGTERM); #else (void) signal (SIGPIPE, SIG_IGN); (void) signal (SIGHUP, SIG_IGN); (void) signal (SIGINT, SIG_IGN); (void) signal (SIGTERM, SIG_IGN); #endif (void) signal (SIGUSR1, (void (*)(int)) ArgusUsr1Sig); (void) signal (SIGUSR2, (void (*)(int)) ArgusUsr2Sig); (void) signal (SIGCHLD, (void (*)(int)) ArgusChildExit); if ((ArgusInputSocket = ArgusNewSocket (lfd)) != NULL) { ArgusInputSocket->ahdr = (struct ArgusRecordHeader *) ArgusInputSocket->buf; ArgusInputSocket->ptr = (u_char *) ArgusInputSocket->ahdr; ArgusInputSocket->ArgusReadState = ARGUS_READINGHDR; ArgusInputSocket->expectedSize = sizeof(*ArgusInputSocket->ahdr); ArgusInputSocket->fd = lfd; } else ArgusLog (LOG_ERR, "ArgusOutputProcess() ArgusNewSocket error %s\n", strerror(errno)); ArgusInitOutputProcess(); ArgusParentPid = getppid(); wait.tv_sec = 0; wait.tv_usec = 100000; width = ((lfd > ArgusLfd) ? lfd : ArgusLfd) + 1; FD_ZERO(&readmask); FD_ZERO(&writemask); FD_ZERO(&exceptmask); if (lfd >= 0) FD_SET(lfd, &readmask); if (ArgusLfd >= 0) FD_SET(ArgusLfd, &readmask); while (ArgusInputSocket && !(ArgusInputSocket->ArgusLastRecord)) { if ((retn = select (width, &readmask, NULL, NULL, &wait)) >= 0) { gettimeofday (&ArgusGlobalTime, 0L); if (((lfd >= 0) && FD_ISSET(lfd, &readmask)) || ((ArgusLfd >= 0) && FD_ISSET(ArgusLfd, &readmask))) { if ((ArgusLfd >= 0) && FD_ISSET(ArgusLfd, &readmask)) ArgusCheckClientStatus (); if ((lfd >= 0) && FD_ISSET(lfd, &readmask)) { if ((retn = ArgusReadSocket (ArgusInputSocket, ArgusHandleData, NULL)) < 0) { ArgusDeleteSocket(ArgusInputSocket); ArgusInputSocket = NULL; } } else if (!(ArgusReadingOffLine)) gettimeofday(&ArgusGlobalTime, 0L); } else { if (ArgusOutputTask->clienttags) { int status, i; for (i = 0; i < ARGUS_MAXLISTEN; i++) if (ArgusOutputTask->client[i].pid != -1) { waitpid(ArgusOutputTask->client[i].pid, &status, WNOHANG); if ((retn = kill(ArgusOutputTask->client[i].pid, 0)) < 0) ArgusCloseSocket(i); } } if (ArgusUpdateTime()) ArgusHandleData(NULL, NULL, 0, NULL); if ((kill (ArgusParentPid, 0)) < 0) { ArgusOutputCleanUp(0); } } } else { #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusOutputProcess() select returned %s\n", strerror(errno)); #endif if (errno != EINTR) break; } if (lfd >= 0) FD_SET(lfd, &readmask); if (ArgusLfd >= 0) FD_SET(ArgusLfd, &readmask); wait.tv_sec = 0; wait.tv_usec = 100000; width = ((lfd > ArgusLfd) ? lfd : ArgusLfd) + 1; } #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusOutputProcess() done\n"); #endif if (ArgusInputSocket && (ArgusInputSocket->ArgusLastRecord)) { int i, status; while (ArgusOutputTask->clienttags) { for (i = 0; i < ARGUS_MAXLISTEN; i++) if (ArgusOutputTask->client[i].pid != -1) { #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusOutputProcess() killing client %d pid %d\n", i, ArgusOutputTask->client[i].pid); #endif if (ArgusOutputTask->client[i].sock != NULL) while (!ArgusListEmpty(ArgusOutputTask->client[i].sock->ArgusOutputList)) if (ArgusWriteOutSocket(ArgusOutputTask->client[i].sock) < 0) { #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusOutputProcess() ArgusWriteOutSocket failed\n"); #endif break; } waitpid(ArgusOutputTask->client[i].pid, &status, 0); ArgusCloseSocket(i); } } } else { #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusOutputProcess() break select without Last Record.\n"); #endif } #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusOutputProcess() exiting\n"); #endif _exit(0); } int ArgusWriteStdOut = 0; struct ArgusRecord ArgusInitMar; struct bpf_program ArgusBPFcode; int ArgusFilterInitialized = 0; extern int ArgusAuthenticateClient (struct ArgusClientData *); struct ArgusSocketStruct *ArgusOutputSocket = NULL; void ArgusInitClientProcess(struct ArgusClientData *client, struct ArgusWfileStruct *wfile) { int len; len = ntohs(ArgusInitMar.ahdr.length); if (wfile) { setuid(getuid()); if (strcmp (wfile->filename, "-")) { #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusInitClientProcess: wfile->filename %s\n", wfile->filename); #endif if ((client->fd = open (wfile->filename, O_WRONLY|O_APPEND|O_CREAT|O_NONBLOCK, 0644)) < 0) ArgusLog (LOG_ERR, "ArgusInitClientProcess: open: %s", strerror(errno)); #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusInitClientProcess: created outfile %s\n", wfile->filename); #endif if (write (client->fd, (char *) &ArgusInitMar, len) != len) { close (client->fd); unlink (wfile->filename); ArgusLog (LOG_ERR, "ArgusInitClientProcess: write(): %s", strerror(errno)); } } else { ArgusWriteStdOut++; len = ntohs(ArgusInitMar.ahdr.length); if (!(fwrite ((unsigned char *) &ArgusInitMar, len, 1, stdout))) ArgusLog (LOG_ERR, "ArgusInitClientProcess: fwrite error to stdout. %s", strerror(errno)); } if (wfile->filter) { if (!(ArgusFilterCompile (&ArgusBPFcode, wfile->filter, 0, 0) < 0)) { ArgusFilterInitialized++; } } } else { } if ((ArgusOutputSocket = ArgusNewSocket (client->fd)) == NULL) ArgusLog (LOG_ERR, "ArgusInitClientProcess: ArgusNewSocket failed\n"); if (!(wfile)) { if (!(ArgusAuthenticateClient (client))) ArgusLog (LOG_ERR, "ArgusInitClientProcess: ArgusAuthenticateClient failed\n"); } else ArgusOutputSocket->filename = strdup(wfile->filename); #ifdef ARGUSDEBUG if (wfile) ArgusDebug (1, "ArgusInitClientProcess(0x%x, %s) returning\n", client, wfile->filename); else ArgusDebug (1, "ArgusInitClientProcess(0x%x, %s) returning\n", client, wfile); #endif } #define MAXSTRLEN 2048 int ArgusProcessRemoteSocket(struct ArgusClientData *client, int fd) { char buf[MAXBUFSIZE]; int retn = 0, cnt; bzero (buf, sizeof(buf)); if ((cnt = recv (fd, buf, MAXBUFSIZE, 0)) != 0) { #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusProcessRemoteSocket: read '%s' from remote\n", buf); #endif if ((strncmp (buf, "DONE: ", 6)) == 0) retn = -4; if ((strncmp (buf, "FILTER: ", 8)) == 0) { if (ArgusFilterCompile (&ArgusBPFcode, &buf[7], 0, 0) < 0) { retn = -2; } else { ArgusFilterInitialized++; retn = 0; if (Argusbpflag) Argusbpf_dump (&ArgusBPFcode, Argusbpflag); #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusProcessRemoteSocket: ArgusFilter %s initialized.\n", &buf[7]); #endif } } } else { close (fd); fd = -1; retn = -1; } #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusProcessRemoteSocket: returning %d\n", retn); #endif return (retn); } void * ArgusClientProcess(struct ArgusClientData *client, struct ArgusWfileStruct *wfile) { struct ArgusSocketStruct *ArgusInputSocket; int retn = 0, width = 0; struct timeval wait; fd_set readmask; int fd = -1; ArgusLfd = client->pipe[PARENTSIDE]; ArgusParentPid = getppid(); if ((retn = read (ArgusLfd, &ArgusInitMar, sizeof(ArgusInitMar))) != sizeof(ArgusInitMar)) ArgusLog (LOG_ERR, "ArgusClientProcess: did not read inital Mar"); else { #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusClientProcess: received start record, len %d\n", retn); #endif } if ((ArgusInputSocket = ArgusNewSocket (ArgusLfd)) != NULL) { ArgusInputSocket->ahdr = (struct ArgusRecordHeader *) ArgusInputSocket->buf; ArgusInputSocket->ptr = (u_char *) ArgusInputSocket->ahdr; ArgusInputSocket->ArgusReadState = ARGUS_READINGHDR; ArgusInputSocket->expectedSize = sizeof(*ArgusInputSocket->ahdr); ArgusInputSocket->fd = ArgusLfd; } else ArgusLog (LOG_ERR, "ArgusClientProcess() ArgusNewSocket error %s\n", strerror(errno)); ArgusInitClientProcess (client, wfile); if (!wfile) fd = client->fd; width = ((ArgusLfd > fd) ? ArgusLfd : fd ) + 2; wait.tv_sec = 0; wait.tv_usec = 200000; FD_ZERO(&readmask); if (ArgusLfd >= 0) FD_SET(ArgusLfd, &readmask); if (fd >= 0) FD_SET(fd, &readmask); while (ArgusInputSocket && !(ArgusInputSocket->ArgusLastRecord)) { if ((retn = select (width, &readmask, NULL, NULL, &wait)) >= 0) { gettimeofday (&ArgusGlobalTime, 0L); if (((ArgusLfd >= 0) && FD_ISSET(ArgusLfd, &readmask)) || ((fd >= 0) && FD_ISSET(fd, &readmask))) { if ((ArgusLfd >= 0) && FD_ISSET(ArgusLfd, &readmask)) if ((retn = ArgusReadSocket(ArgusInputSocket, ArgusHandleClientData, client)) < 0) break; if ((fd >= 0) && (FD_ISSET(fd, &readmask))) { if ((retn = ArgusProcessRemoteSocket(client, fd)) < 0) break; } } if (ArgusUpdateTime ()) { if (ArgusWriteStdOut) fflush(stdout); else { if ((ArgusWriteOutSocket (ArgusOutputSocket)) < 0) { #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusOutputProcess() ArgusWriteOutSocket failed\n"); #endif break; } } if ((kill (ArgusParentPid, 0)) < 0) { if (ArgusInputSocket) ArgusInputSocket->ArgusLastRecord++; } } } else { #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusClientProcess() select returned %s\n", strerror(errno)); #endif if (errno != EINTR) break; } FD_ZERO(&readmask); if (ArgusLfd >= 0) FD_SET(ArgusLfd, &readmask); if (fd >= 0) FD_SET(fd, &readmask); width = ((ArgusLfd > fd) ? ArgusLfd : fd ) + 1; wait.tv_sec = 0; wait.tv_usec = 200000; } if (ArgusWriteStdOut) fflush(stdout); if (ArgusOutputSocket->ArgusOutputList) while (ArgusOutputSocket->ArgusOutputList->count) if (ArgusWriteOutSocket(ArgusOutputSocket) < 0) break; if (daemonflag) { if (wfile != NULL) ArgusLog (LOG_ERR, "client(%s) done.\n", wfile->filename); else ArgusLog (LOG_ERR, "client done.\n"); } return (0); /* return statement for when not daemonflag */ } void ArgusOutputCleanUp (int param) { if (ArgusOutputTask->clienttags) { int i, fd; for (i = 0; i < ARGUS_MAXLISTEN; i++) if ((fd = ArgusOutputTask->client[i].fd) != -1) ArgusSendClosingMar(fd, ARGUS_SHUTDOWN); } #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusOutputCleanup(%d) returning\n", param); #endif _exit (0); } unsigned int Wlastseqnum = 0; void ArgusSendOutputData(int fd, struct ArgusRecord *argus) { int cnt, len = argus->ahdr.length; #ifdef _LITTLE_ENDIAN ArgusHtoN(argus); #endif if ((cnt = write (fd, (char *) argus, len)) != len) ArgusLog (LOG_WARNING, "ArgusSendOutputData: wrote wrong number of bytes: %d\n", cnt); #ifdef _LITTLE_ENDIAN ArgusNtoH(argus); #endif #ifdef ARGUSDEBUG ArgusDebug (4, "ArgusSendOutputData(%d, 0x%x) wrote %d bytes returning\n", fd, argus, cnt); #endif } void ArgusSendInitialMar (int fd) { ArgusGenerateInitialMar (); ArgusSendOutputData(fd, ArgusSystemMar); #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusSendInitialMar(%d) returning\n"); #endif } void ArgusSendStatusMar (int fd) { ArgusGenerateStatusMar(); ArgusSendOutputData(fd, ArgusSystemMar); #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusSendStatusMar(%d) returning\n", fd); #endif } void ArgusSendClosingMar (int fd, unsigned char status) { ArgusGenerateClosingMar(status); ArgusSendOutputData(fd, ArgusSystemMar); #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusSendClosingMar(%d, %d) returning\n", fd, status); #endif } int firstWrite = 1; unsigned int Rlastseqnum = 0; int ArgusHandleData(struct ArgusSocketStruct *asock, unsigned char *buf, int len, void *client) { int retn = 0, i, status, pid; struct ArgusRecord *argus = (struct ArgusRecord *) buf; if (ArgusOutputTask->clienttags) { for (i = 0; i < ARGUS_MAXLISTEN; i++) { if (ArgusOutputTask->client[i].pid != -1) { if ((len > 0) && (ArgusOutputTask->client[i].sock != NULL)) { if ((retn = ArgusWriteSocket (ArgusOutputTask->client[i].sock, buf, len)) < 0) { ArgusLog (LOG_WARNING, "ArgusHandleData: ArgusWriteSocket failed %s\n", strerror(errno)); if ((pid = ArgusOutputTask->client[i].pid) > 0) { ArgusLog (LOG_WARNING, "ArgusHandleData: Terminating process %d\n", pid); kill(pid, SIGKILL); waitpid(pid, &status, 0); } ArgusCloseSocket(i); } } if (!(retn < 0) && (ArgusOutputTask->client[i].sock != NULL)) { if ((retn = ArgusWriteOutSocket(ArgusOutputTask->client[i].sock)) < 0) { ArgusLog (LOG_WARNING, "ArgusHandleData: ArgusWriteOutSocket failed\n"); if ((pid = ArgusOutputTask->client[i].pid) > 0) { ArgusLog (LOG_WARNING, "ArgusHandleData: Terminating process %d\n", pid); kill(pid, SIGKILL); waitpid(pid, &status, 0); } } } } } } retn = 0; if (argus != NULL) { if ((argus->ahdr.type & ARGUS_MAR) && (argus->ahdr.cause & (ARGUS_STOP | ARGUS_SHUTDOWN))) { #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusHandleData() final record\n"); #endif asock->ArgusLastRecord++; retn = 1; } } #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusHandleData(0x%x, %d) returning %d\n", buf, len, retn); #endif return (retn); } int ArgusHandleClientData(struct ArgusSocketStruct *asock, unsigned char *buf, int len, void *clientdata) { int retn = 0, ArgusWriteThisOut = 1; struct ArgusRecordHeader *ahdr = (struct ArgusRecordHeader *) buf; if (ahdr->type == ARGUS_MAR) { switch (ahdr->cause) { case ARGUS_START: #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusHandleClientData: received start record\n"); #endif break; case ARGUS_STATUS: #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusHandleClientData: received status record\n"); #endif break; case ARGUS_STOP: case ARGUS_SHUTDOWN: #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusHandleClientData: received last record\n"); #endif asock->ArgusLastRecord++; break; } } else { if (ArgusFilterInitialized) { if (argus_filter (ArgusBPFcode.bf_insns, (unsigned char *) ahdr) == 0) { #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusHandleClientData: output record rejected by filter\n"); #endif ArgusWriteThisOut = 0; } } } if (ArgusWriteThisOut) { int len = ntohs(ahdr->length); if (ArgusWriteStdOut) { if (!(retn = fwrite ((unsigned char *) ahdr, len, 1, stdout))) { #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusHandleClientData: fwrite stdout error %s\n", strerror(errno)); #endif } else { #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusHandleClientData: fwrite stdout %d items %d length\n", retn, len); #endif fflush (stdout); } } else { #ifdef ARGUS_SASL struct ArgusClientData *client = clientdata; char outputbuf[MAXSTRLEN], *output = outputbuf; if (client->sasl_conn) { unsigned int outputlen; #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusHandleClientData: sasl_encode(0x%x, 0x%x, %d, 0x%x, 0x%x)\n", client->sasl_conn, ahdr, len, &output, &outputlen); #endif if ((retn = sasl_encode(client->sasl_conn, (const char *) ahdr, (unsigned int) len, &output, &outputlen)) == SASL_OK) { ahdr = (struct ArgusRecordHeader *) output; len = outputlen; } else ArgusLog (LOG_ERR, "sasl_encode: failed returned %d\n", retn); } #endif if ((retn = ArgusWriteSocket (ArgusOutputSocket, (unsigned char *)ahdr, len)) < 0) { ArgusLog (LOG_ERR, "ArgusHandleClientData: ArgusWriteSocket failed %s\n", strerror(errno)); } else { if ((retn = ArgusWriteOutSocket(ArgusOutputSocket)) < 0) { ArgusLog (LOG_ERR, "ArgusHandleClientData: ArgusWriteOutSocket failed\n"); } } #ifdef ARGUS_SASL if (output != outputbuf) free(output); #endif } } #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusHandleClientData(0x%x, 0x%x, %d) returning %d\n", asock, buf, len, retn); #endif return (retn); } int getArgusLfd(void) { return(ArgusLfd); } int getArgusPortNum(void) { return(ArgusPortNum); } void setArgusPortNum(int value, char *bindIP) { char errbuf[MAXSTRLEN]; int retn = 0; if ((ArgusPortNum = value)) { if ((retn = ArgusEstablishListen (value, bindIP, errbuf)) < 0) ArgusLog (LOG_ERR, "%s", errbuf); } #ifdef ARGUSDEBUG ArgusDebug (2, "setArgusPortNum(%d) returning\n", value); #endif } struct timeval * getArgusMarReportInterval(void) { return (&ArgusMarReportInterval); } #include #include void setArgusMarReportInterval(char *value) { struct timeval *tvp = getArgusMarReportInterval(); struct timeval ovalue; double thisvalue = 0.0, iptr, fptr; int ivalue = 0; char *ptr = NULL;; if (tvp != NULL) { ovalue = *tvp; tvp->tv_sec = 0; tvp->tv_usec = 0; } else { ovalue.tv_sec = 0; ovalue.tv_usec = 0; } if (((ptr = strchr (value, '.')) != NULL) || isdigit((int)*value)) { if (ptr != NULL) { thisvalue = atof(value); } else { if (isdigit((int)*value)) { ivalue = atoi(value); thisvalue = ivalue * 1.0; } } fptr = modf(thisvalue, &iptr); tvp->tv_sec = iptr; tvp->tv_usec = fptr * 1000000; ArgusReportTime.tv_sec = ArgusGlobalTime.tv_sec + tvp->tv_sec; ArgusReportTime.tv_usec = tvp->tv_usec; } else *tvp = ovalue; #ifdef ARGUSDEBUG ArgusDebug (2, "setArgusMarReportInterval(%d) returning\n", value); #endif } void clearArgusWfile(char *file, char *filter) { ArgusDeleteList (ArgusWfileList); ArgusWfileList = NULL; } void setArgusWfile(char *file, char *filter) { FILE *fd = NULL; struct ArgusWfileStruct *wfile = NULL; char realpathname[PATH_MAX], *ptr = NULL; int euid = geteuid(); if (ArgusWfileList == NULL) ArgusWfileList = ArgusNewList(); if (file) { if (strcmp (file, "-")) { setuid(getuid()); if ((fd = fopen (file, "a+")) != NULL) { bzero (realpathname, PATH_MAX); if ((ptr = realpath (file, realpathname)) == NULL) ArgusLog (LOG_ERR, "setArgusWfile, realpath %s %s\n", file, strerror(errno)); else ptr = strdup(ptr); fclose (fd); } else { #ifdef ARGUSDEBUG ArgusDebug (1, "setArgusWfile, open %s %s\n", file, strerror(errno)); #endif } setuid(euid); } else ptr = strdup(file); if ((wfile = (struct ArgusWfileStruct *) ArgusCalloc (1, sizeof (*wfile))) != NULL) { wfile->filename = ptr; if (filter) wfile->filter = strdup(filter); ArgusPushFrontList(ArgusWfileList, wfile); } else ArgusLog (LOG_ERR, "setArgusWfile, ArgusCalloc %s\n", strerror(errno)); } else ArgusLog (LOG_ERR, "setArgusWfile, file is null\n"); } #include int ArgusEstablishListen (int port, char *bindIP, char *errbuf) { int s = -1; struct sockaddr_in sin; struct timeval tvpbuf, *tvp = &tvpbuf; struct hostent *host; gettimeofday (tvp, 0L); if (port) { sin.sin_addr.s_addr = INADDR_ANY; if (bindIP) { #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusEstablishListen(%d, 0x%x) inet_pton: %s\n", port, errbuf, bindIP); #endif if ((host = gethostbyname (bindIP)) != NULL) { if ((host->h_addrtype == AF_INET) && (host->h_length == 4)) { bcopy ((char *) *host->h_addr_list, (char *)&sin.sin_addr.s_addr, host->h_length); } else ArgusLog (LOG_ERR, "ArgusEstablishListen() unsupported bind address %s", bindIP); } else ArgusLog (LOG_ERR, "ArgusEstablishListen() bind address %s error %s", bindIP, strerror(errno)); } sin.sin_port = htons((u_short) port); sin.sin_family = AF_INET; #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusEstablishListen(%d, 0x%x) binding: %d\n", port, errbuf, sin.sin_addr.s_addr); #endif if ((s = socket (AF_INET, SOCK_STREAM, 0)) != -1) { if ((fcntl (s, F_SETFL, O_NDELAY)) >= 0) { if (!(bind (s, (struct sockaddr *)&sin, sizeof(sin)))) { if ((listen (s, ARGUS_MAXLISTEN)) >= 0) { ArgusLfd = s; } else { close (s); s = -1; snprintf(errbuf, MAXSTRLEN - 1, "%s: ArgusEstablishListen: listen() failure", ArgusProgramName); } } else { close (s); s = -1; snprintf(errbuf, MAXSTRLEN - 1, "%s: ArgusEstablishListen: bind() error", ArgusProgramName); } } else snprintf(errbuf, MAXSTRLEN - 1, "%s: ArgusEstablishListen: fcntl() error", ArgusProgramName); } else snprintf(errbuf, MAXSTRLEN - 1, "%s: ArgusEstablishListen: socket() error", ArgusProgramName); } #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusEstablishListen(%d, 0x%x) returning %d\n", port, errbuf, s); #endif return (s); } void ArgusCheckClientStatus () { int retn, fd; struct sockaddr from; int len = sizeof (from); if ((fd = accept (ArgusLfd, (struct sockaddr *)&from, &len)) > 0) { if ((fcntl (fd, F_SETFL, O_NONBLOCK)) >= 0) { if (ArgusTcpWrapper (fd, &from) >= 0) { int i; for (i = 0; i < ARGUS_MAXLISTEN; i++) { if (ArgusOutputTask->client[i].pid == -1) { if ((retn = pipe(ArgusOutputTask->client[i].pipe)) == 0) { pid_t pid; ArgusOutputTask->clienttags |= (1 << i); ArgusOutputTask->client[i].fd = fd; if ((ArgusOutputTask->client[i].sock = ArgusNewSocket (ArgusOutputTask->client[i].pipe[CLIENTSIDE])) != NULL) { bcopy ((char *)&from, (char *)&ArgusOutputTask->client[i].sock->sock, sizeof (struct sockaddr)); if ((pid = fork()) != 0) { ArgusOutputTask->client[i].pid = pid; ArgusSendInitialMar(ArgusOutputTask->client[i].pipe[CLIENTSIDE]); } else { ArgusOutputTask->client[i].pid = getpid(); ArgusClientProcess(&ArgusOutputTask->client[i], NULL); _exit(0); } } else ArgusLog (LOG_ERR, "ArgusCheckClientStatus() ArgusNewSocket returned %s", strerror(errno)); break; } else { close (fd); break; } } else { int status; waitpid(ArgusOutputTask->client[i].pid, &status, WNOHANG); if ((retn = kill(ArgusOutputTask->client[i].pid, 0)) < 0) { ArgusCloseSocket(i); i--; } } } if (i == ARGUS_MAXLISTEN) { ArgusGenerateClosingMar(ARGUS_ERROR); ArgusSystemMar->ahdr.status |= ARGUS_MAXLISTENEXCD; ArgusSendOutputData(fd, ArgusSystemMar); close(fd); } } else close (fd); } else { ArgusLog (LOG_WARNING, "ArgusCheckClientStatus: fcntl: %s", strerror(errno)); close (fd); } } else { ArgusLog (LOG_WARNING, "ArgusCheckClientStatus: accept: %s", strerror(errno)); close (fd); } #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusCheckClientStatus() returning\n"); #endif } void ArgusCloseSocket (int i) { struct ArgusListStruct *list = NULL; struct ArgusRecordStruct *rec; if (ArgusOutputTask->client[i].fd >= 0) { close (ArgusOutputTask->client[i].fd); ArgusOutputTask->client[i].fd = -1; } if (ArgusOutputTask->client[i].sock != NULL) { if ((list = ArgusOutputTask->client[i].sock->ArgusOutputList) != NULL) { while ((rec = ArgusFrontList (list)) != NULL) { ArgusPopFrontList (list); if (rec->buf != NULL) ArgusFree(rec->buf); ArgusFree(rec); } ArgusFree(list); } ArgusFree (ArgusOutputTask->client[i].sock); ArgusOutputTask->client[i].sock = NULL; } if (ArgusOutputTask->client[i].pipe[0] >= 0) { close(ArgusOutputTask->client[i].pipe[0]); ArgusOutputTask->client[i].pipe[0] = -1; } if (ArgusOutputTask->client[i].pipe[1] >= 0) { close(ArgusOutputTask->client[i].pipe[1]); ArgusOutputTask->client[i].pipe[1] = -1; } ArgusOutputTask->client[i].pid = -1; ArgusOutputTask->clienttags &= ~(1 << i); #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusCloseSocket(%d) returning\n", i); #endif } void ArgusCloseClients () { int status; #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusCloseClients() waiting for Output Task %d\n", ArgusOutputTask->pid); #endif waitpid(ArgusOutputTask->pid, &status, 0); close(ArgusOutputPipe[0]); close(ArgusOutputPipe[1]); #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusCloseClients() returning\n"); #endif } #if defined(HAVE_TCP_WRAPPER) #include #include #ifndef MAXPATHNAMELEN #define MAXPATHNAMELEN BUFSIZ #endif int allow_severity = LOG_INFO; /* run-time adjustable */ int deny_severity = LOG_WARNING; /* ditto */ #endif int ArgusTcpWrapper (int fd, struct sockaddr *from) { #if defined(HAVE_TCP_WRAPPER) int retn = 0; struct request_info request; /* * Find out the endpoint addresses of this conversation. Host name * lookups and double checks will be done on demand. */ request_init(&request, RQ_DAEMON, ArgusProgramName, RQ_FILE, STDIN_FILENO, 0); request.fd = fd; fromhost(&request); /* * Optionally look up and double check the remote host name. Sites * concerned with security may choose to refuse connections from hosts * that pretend to have someone elses host name. */ #ifdef PARANOID if (STR_EQ(eval_hostname(request.client), paranoid)) { ArgusLog (deny_severity, "refused connect from %s", eval_client(&request)); if (request.sink) request.sink(request.fd); return -1; } #endif /* * The BSD rlogin and rsh daemons that came out after 4.3 BSD disallow * socket options at the IP level. They do so for a good reason. * Unfortunately, we cannot use this with SunOS 4.1.x because the * getsockopt() system call can panic the system. */ #if defined(KILL_IP_OPTIONS) fix_options(&request); #endif /* * Find out and verify the remote host name. Sites concerned with * security may choose to refuse connections from hosts that pretend to * have someone elses host name. */ #ifdef HOSTS_ACCESS if (!hosts_access(&request)) { ArgusLog (deny_severity, "refused connect from %s", eval_client(&request)); if (request.sink) request.sink(request.fd); return -1; } else #endif /* Report remote client */ ArgusLog (allow_severity, "connect from %s", eval_client(&request)); return (retn); #else return (1); #endif } argus-2.0.6.fixes.1/server/ArgusOutput.h0000775000076600007660000001522710016412624013602 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1993, 1994 Carnegie Mellon University. * All rights reserved. * * Permission to use, copy, modify, and distribute this software and * its documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and * that both that copyright notice and this permission notice appear * in supporting documentation, and that the name of CMU not be * used in advertising or publicity pertaining to distribution of the * software without specific, written prior permission. * * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. * */ /* ArgusOutput.h */ /* ArgusOutput.h is an amalgum of declarations, defines and routines from * interface.h, cons_sockets.c, * */ #ifndef ArgusOutput_h #define ArgusOutput_h #define PARENTSIDE 0 #define CLIENTSIDE 1 #define ARGUS_MONITORPORT 561 #define ARGUS_MAXLISTEN 5 #include #include #include #include #include #include #include #include #include #include #if defined(__NetBSD__) #include #else #include #endif #include #include #include #include #ifdef ARGUS_SASL #include #endif struct ArgusClientData { int fd, pid; int pipe[2]; struct ArgusSocketStruct *sock; #ifdef ARGUS_SASL sasl_conn_t *sasl_conn; #endif }; struct ArgusOutputStruct { pid_t pid; int clienttags; struct ArgusClientData client[ARGUS_MAXLISTEN]; }; struct ArgusWfileStruct { char *filename; char *filter; }; #if defined(ArgusOutput) struct ArgusOutputStruct *ArgusOutputTask = NULL; struct ArgusRecord ArgusSystemMarBuffer; struct ArgusRecord *ArgusSystemMar = &ArgusSystemMarBuffer; struct ArgusListStruct *ArgusWfileList = NULL; struct timeval ArgusReportTime = {0, 0}; struct timeval ArgusMarReportInterval = {0, 0}; struct timeval ArgusLastMarUpdateTime = {0, 0}; int ArgusOutputPipe[2] = {-1, -1}; char *ArgusWfile = NULL; int ArgusPortNum = 0; char *ArgusBindIP = NULL; int ArgusLfd = -1; int ArgusOutfd = -1; unsigned int ArgusOutputSequence = 1; struct ArgusOutputStruct * ArgusNewOutput (void); void ArgusDeleteOutput (void); void ArgusInitOutput (void); void ArgusInitOutputProcess(void); void ArgusGenerateInitialMar (void); void ArgusGenerateStatusMar (void); void ArgusGenerateClosingMar (unsigned char); void ArgusSendOutputData(int, struct ArgusRecord *); int ArgusHandleData(struct ArgusSocketStruct *, unsigned char *, int, void *); int ArgusHandleClientData(struct ArgusSocketStruct *, unsigned char *, int, void *); void ArgusSendInitialMar (int); void ArgusSendStatusMar (int); void ArgusSendClosingMar (int, unsigned char); void ArgusOutputProcess(void); void *ArgusClientProcess(struct ArgusClientData *, struct ArgusWfileStruct *); int getArgusLfd(void); char *getArgusWfile(void); int getArgusPortNum(void); struct timeval *getArgusMarReportInterval(void); void clearArgusWfile(char *, char *); void setArgusLfd(int); void setArgusWfile(char *, char *); void setArgusPortNum(int, char *); void setArgusMarReportInterval(char *); void ArgusCheckClientStatus (void); int ArgusEstablishListen(int, char *, char *); int ArgusTcpWrapper (int, struct sockaddr *); void ArgusCloseSocket (int); void ArgusCloseClients (void); void ArgusUsr1Sig (int); void ArgusUsr2Sig (int); void ArgusChildExit (int); void ArgusClientError(void); void ArgusInitClientProcess(struct ArgusClientData *, struct ArgusWfileStruct *); extern unsigned int argus_filter (struct bpf_insn *, unsigned char *); #else extern struct timeval ArgusReportTime; extern struct ArgusRecord *ArgusSystemMar; extern struct ArgusListStruct *ArgusWfileList; extern int ArgusOutputPipe[2]; extern char *ArgusWfile; extern int ArgusPortNum; extern char *ArgusBindIP; extern int ArgusLfd; extern int ArgusOutfd; extern unsigned int ArgusOutputSequence; extern struct ArgusOutputStruct *ArgusOutputTask; extern struct ArgusOutputStruct * ArgusNewOutput (void); extern void ArgusDeleteOutput (void); extern void ArgusInitOutput (void); extern void ArgusInitOutputProcess(void); extern void ArgusGenerateInitialMar (void); extern void ArgusGenerateStatusMar (void); extern void ArgusGenerateClosingMar (unsigned char); extern void ArgusSendOutputData(int, struct ArgusRecord *); extern int ArgusHandleData(struct ArgusSocketStruct *, unsigned char *, int, void *); extern int ArgusHandleClientData(struct ArgusSocketStruct *, unsigned char *, int, void *); extern void ArgusSendInitialMar (int); extern void ArgusSendStatusMar (int); extern void ArgusSendClosingMar (int, unsigned char); extern void ArgusOutputProcess(void); extern void *ArgusClientProcess(struct ArgusClientData *, struct ArgusWfileStruct *); extern int getArgusLfd(void); extern void setArgusLfd(int); extern char *getArgusWfile(void); extern void setArgusWfile(char *, char *); extern int getArgusPortNum(void); extern struct timeval *getArgusMarReportInterval(void); extern void setArgusPortNum(int, char *); extern void setArgusMarReportInterval(char *); extern void ArgusCheckClientStatus (void); extern int ArgusEstablishListen(int, char *, char *); extern int ArgusTcpWrapper (int, struct sockaddr *); extern void ArgusCloseSocket (int); extern void ArgusCloseClients (void); extern void ArgusUsr1Sig (int); extern void ArgusUsr2Sig (int); extern void ArgusClientError(void); extern void ArgusInitClientProcess(struct ArgusClientData *, struct ArgusWfileStruct *); #endif #endif /* #ifndef ArgusOutput_h */ argus-2.0.6.fixes.1/server/ArgusSource.c0000775000076600007660000010213410047701112013524 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1993, 1994 Carnegie Mellon University. * All rights reserved. * * Permission to use, copy, modify, and distribute this software and * its documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and * that both that copyright notice and this permission notice appear * in supporting documentation, and that the name of CMU not be * used in advertising or publicity pertaining to distribution of the * software without specific, written prior permission. * * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. * */ /* * ArgusSource.c - Argus packet source routines. * * written by Carter Bullard * QoSient, LLC * Tue Aug 8 08:13:36 EDT 2000 * */ #ifndef ArgusSource #define ArgusSource #endif #include #include #include struct ArgusSourceStruct * ArgusNewSource() { struct ArgusSourceStruct *retn = NULL; if ((retn = (struct ArgusSourceStruct *) ArgusCalloc (1, sizeof (struct ArgusSourceStruct))) != NULL) ArgusSnapLen = getArgusSnapLen(); #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusNewSource() returning 0x%x", retn); #endif return (retn); } #include #include #include #include char *ArgusWriteOutPacketFile = NULL; pcap_dumper_t *ArgusPcapOutFile = NULL; void ArgusInitSource () { int type, i; char *cmdbuf = NULL; char errbuf[PCAP_ERRBUF_SIZE]; for (i = 0; i < ARGUS_MAXINTERFACE; i++) { ArgusPd[i] = NULL; bzero ((char *)&ArgusInterface[i], sizeof(struct ArgusInterfaceStruct)); bzero ((char *)&ArgusStats[i], sizeof(struct pcap_stat)); } if (Argusrfile != NULL) { setuid(getuid()); if ((ArgusPd[0] = ArgusOpenInputPacketFile(errbuf)) == NULL) ArgusLog (LOG_ERR, "ArgusInitSource: %s", errbuf); } else { if (ArgusDeviceList == NULL) { char *interface = NULL; if ((interface = pcap_lookupdev (errbuf)) != NULL) setArgusDevice (pcap_lookupdev (errbuf)); else ArgusLog (LOG_ERR, "ArgusInitSource %s", errbuf); } if (ArgusDeviceList) { for (i = 0; i < ArgusDeviceList->count; i++) { ArgusDevice = (char *) ArgusFrontList(ArgusDeviceList); ArgusPopFrontList(ArgusDeviceList); if ((ArgusPd[i] = pcap_open_live(ArgusDevice, ArgusSnapLen, !Arguspflag, 250, errbuf)) != NULL) { ArgusInputPacketFileType = ARGUSLIBPPKTFILE; ArgusInterface[i].ArgusInterfaceType = ARGUSLIBPPKTFILE; ArgusInterface[i].ArgusDevice = ArgusDevice; if (!((pcap_lookupnet (ArgusDevice, (u_int *)&ArgusInterface[i].ArgusLocalNet, (u_int *)&ArgusInterface[i].ArgusNetMask, errbuf)) < 0)) { ArgusInterface[i].ArgusLocalNet = ntohl(ArgusInterface[i].ArgusLocalNet); ArgusInterface[i].ArgusNetMask = ntohl(ArgusInterface[i].ArgusNetMask); } } else ArgusLog (LOG_ERR, "ArgusInitSource: pcap_open_live %s", errbuf); ArgusPushBackList(ArgusDeviceList, ArgusDevice); } } setuid(getuid()); } ArgusCallBack = Arguslookup_pcap_callback(type = pcap_datalink(ArgusPd[0])); setArgusInterfaceType(ArgusInterface[0].ArgusInterfaceType); if (ArgusInfile) { cmdbuf = ArgusReadInfile(ArgusInfile); } else cmdbuf = ArgusCopyArgv(&ArgusArgv[ArgusOptind]); if (cmdbuf) { if (ArgusInputFilter) ArgusFree(ArgusInputFilter); ArgusInputFilter = cmdbuf; } bzero ((char *) &ArgusFilters[0], sizeof (struct bpf_program)); if (pcap_compile (ArgusPd[0], &ArgusFilters[0], ArgusInputFilter, getArgusOflag(), ArgusNetMask) < 0) ArgusLog (LOG_ERR, "ArgusInputFilter \"%s\" %s", ArgusInputFilter, pcap_geterr (ArgusPd[0])); if (Argusbpflag) { Argusbpf_dump (&ArgusFilters[0], Argusbpflag); exit(0); } for (i = 0; i < ARGUS_MAXINTERFACE; i++) { if (ArgusPd[i] != NULL) { if (ArgusInputPacketFileType == ARGUSLIBPPKTFILE) { if (pcap_setfilter (ArgusPd[i], &ArgusFilters[0]) < 0) ArgusLog (LOG_ERR, "%s", pcap_geterr (ArgusPd[i])); } } } if (ArgusWriteOutPacketFile) { if ((ArgusPcapOutFile = pcap_dump_open(ArgusPd[0], ArgusWriteOutPacketFile)) == NULL) ArgusLog (LOG_ERR, "%s", pcap_geterr (ArgusPd[0])); } #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusInitSource() returning"); #endif } int ArgusDeleteSource() { if (ArgusSourceTask) ArgusFree (ArgusSourceTask); if (ArgusInputFilter) ArgusFree (ArgusInputFilter); if (ArgusDeviceList) ArgusDeleteList(ArgusDeviceList); if (ArgusPcapOutFile) pcap_dump_close(ArgusPcapOutFile); #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusDeleteSource() deleting ArgusSourceTask 0x%x", ArgusSourceTask); #endif return (0); } int getArgusbpflag() { return (Argusbpflag); } int getArguspflag() { return (Arguspflag); } int getArgusOflag() { return (ArgusOflag); } void setArgusbpflag(int value) { Argusbpflag = value; } void setArguspflag(int value) { Arguspflag = value; } void setArgusOflag(int value) { ArgusOflag = value; } void setArgusArgv(char **value) { ArgusArgv = value; } void setArgusOptind (int value) { ArgusOptind = value; } char * getArgusDevice () { char * retn = NULL; if (ArgusDeviceList != NULL) retn = (char *) ArgusFrontList(ArgusDeviceList); #ifdef ARGUSDEBUG ArgusDebug (3, "getArgusDevice() returning %s", retn); #endif return (retn); } void setArgusDevice (char *value) { if (ArgusDeviceList == NULL) ArgusDeviceList = ArgusNewList(); if (value) ArgusPushFrontList(ArgusDeviceList, strdup(value)); #ifdef ARGUSDEBUG ArgusDebug (3, "setArgusDevice(%s) returning", value); #endif } void clearArgusDevice () { if (ArgusDeviceList != NULL) { ArgusDeleteList(ArgusDeviceList); ArgusDeviceList = NULL; } #ifdef ARGUSDEBUG ArgusDebug (3, "clearArgusDevice(%s) returning"); #endif } char * getArgusInfile () { return (ArgusInfile); } void setArgusInfile (char *value) { ArgusInfile = value; } char * getArgusrfile () { return (Argusrfile); } void setArgusrfile (char *value) { Argusrfile = value; } int getArgusMoatTshFile () { return(Argustflag); } void setArgusMoatTshFile (int value) { Argustflag = value; } void setArgusWriteOutPacketFile (char *file) { ArgusWriteOutPacketFile = strdup(file); } #define ARGUSMOATLEN 44 #define ARGUSMOATTSHTCPLEN 40 int ArgusMoatTshRead (void); int ArgusMoatTshRead () { struct ArgusMoatTshPktHdr MoatTshBuffer[2], *ArgusMoatPktHdr = &MoatTshBuffer[0]; int retn = 0, length = 0; struct ip *iphdr = NULL; bzero (ArgusMoatPktHdr, sizeof(MoatTshBuffer)); if ((retn = read(pcap_fileno(ArgusPd[0]), ArgusMoatPktHdr, ARGUSMOATLEN)) == ARGUSMOATLEN) { ArgusGlobalTime.tv_sec = ntohl(ArgusMoatPktHdr->sec); ArgusMoatPktHdr->interface = 0; ArgusGlobalTime.tv_usec = ntohl(*((int *)&ArgusMoatPktHdr->interface)); iphdr = &ArgusMoatPktHdr->ip; length = ntohs(iphdr->ip_len); ArgusThisLength = length; switch (iphdr->ip_p) { case IPPROTO_ICMP: case IPPROTO_TCP: default: ArgusSnapLength = ARGUSMOATTSHTCPLEN; break; } ArgusThisSnapEnd = (((unsigned char *)iphdr) + ArgusSnapLength); if ((ArgusFilters[0].bf_insns == NULL) || (bpf_filter(ArgusFilters[0].bf_insns, (unsigned char *)iphdr, ArgusSnapLength, ArgusSnapLen))) { ArgusProcessIpPacket (iphdr, length, &ArgusGlobalTime); } } else close(pcap_fileno(ArgusPd[0])); #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusMoatTshRead() returning %d", retn); #endif return (retn); } int ArgusSnoopRead () { int retn = 0, len = 0; struct pcap_pkthdr pcap_pkthdr; struct ArgusSnoopPktHdr SnoopPktHdr; unsigned char ArgusPacketBuf[1540]; bzero (ArgusPacketBuf, sizeof(ArgusPacketBuf)); if ((retn = read(pcap_fileno(ArgusPd[0]), &SnoopPktHdr, sizeof(SnoopPktHdr))) == sizeof(SnoopPktHdr)) { SnoopPktHdr.len = ntohl(SnoopPktHdr.len); SnoopPktHdr.tlen = ntohl(SnoopPktHdr.tlen); SnoopPktHdr.argtvp.tv_sec = ntohl(SnoopPktHdr.argtvp.tv_sec); SnoopPktHdr.argtvp.tv_usec = ntohl(SnoopPktHdr.argtvp.tv_usec); if ((len = ((SnoopPktHdr.tlen + 3) & 0xFFFFFFC)) < 1500) { if ((retn = read(pcap_fileno(ArgusPd[0]), ArgusPacketBuf, len)) == len) { pcap_pkthdr.ts.tv_sec = SnoopPktHdr.argtvp.tv_sec; pcap_pkthdr.ts.tv_usec = SnoopPktHdr.argtvp.tv_usec; pcap_pkthdr.caplen = SnoopPktHdr.tlen; pcap_pkthdr.len = SnoopPktHdr.len; if ((ArgusFilters[0].bf_insns == NULL) || (bpf_filter(ArgusFilters[0].bf_insns, ArgusPacketBuf, SnoopPktHdr.tlen, ArgusSnapLen))) { ArgusCallBack (NULL, &pcap_pkthdr, ArgusPacketBuf); } } } } else { close(pcap_fileno(ArgusPd[0])); retn = -1; } #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusSnoopRead() returning %d", retn); #endif return (retn); } pcap_handler Arguslookup_pcap_callback (int type) { pcap_handler retn = NULL; struct callback *callback; char *name = NULL; for (callback = callbacks; callback->function; ++callback) if (type == callback->type) { retn = callback->function; name = callback->fname; break; } #ifdef ARGUSDEBUG ArgusDebug (3, "Arguslookup_pcap_callback(%d) returning %s: 0x%x", type, name, retn); #endif return (retn); } #define MAXSTRSIZE 1024 #define ARGUS_MAXSNAPLEN 2048 u_char ArgusPacketBuffer[ARGUS_MAXSNAPLEN]; void ArgusEtherPacket (u_char *user, const struct pcap_pkthdr *h, const u_char *p) { struct ether_header *ep; struct timeval *tvp = (struct timeval *) &h->ts; struct stat statbuf; unsigned int length = h->len; unsigned int caplen = h->caplen; ArgusGlobalTime = *tvp; bcopy (p, ArgusPacketBuffer, caplen); ep = (struct ether_header *) ArgusPacketBuffer; ArgusThisLength = length; ArgusSnapLength = caplen; ArgusThisSnapEnd = ((u_char *)ep) + caplen; if (p && length) { if (ArgusProcessPacket (ep, length, tvp)) { if (ArgusWriteOutPacketFile) { if (stat(ArgusWriteOutPacketFile, &statbuf) < 0) { if (ArgusPcapOutFile != NULL) { pcap_dump_close(ArgusPcapOutFile); ArgusPcapOutFile = NULL; } if ((ArgusPcapOutFile = pcap_dump_open(ArgusPd[0], ArgusWriteOutPacketFile)) == NULL) ArgusLog (LOG_ERR, "%s", pcap_geterr (ArgusPd[0])); } } } } if (ArgusPcapOutFile != NULL) pcap_dump((u_char *)ArgusPcapOutFile, h, p); #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusEtherPacket (0x%x, 0x%x, 0x%x) returning", user, h, p); #endif } #if defined(ultrix) || defined(__alpha) static int fddi_bitswap = 0; #else static int fddi_bitswap = 1; #endif int fddipad = FDDIPAD; #define FDDI_HDRLEN (sizeof(struct fddi_header)) static u_char fddi_bit_swap[] = { 0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0, 0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0, 0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8, 0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8, 0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4, 0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4, 0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec, 0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc, 0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2, 0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2, 0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea, 0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa, 0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6, 0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6, 0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee, 0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe, 0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1, 0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1, 0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9, 0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9, 0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5, 0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5, 0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed, 0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd, 0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3, 0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3, 0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb, 0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb, 0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7, 0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7, 0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef, 0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff, }; static inline void Argusextract_fddi_addrs(const struct fddi_header *fp, struct ether_header *ehdr) { char *fsrc = (char *)&ehdr->ether_shost; char *fdst = (char *)&ehdr->ether_dhost; int i; if (fddi_bitswap) { for (i = 0; i < 6; ++i) fdst[i] = fddi_bit_swap[fp->fddi_dhost[i]]; for (i = 0; i < 6; ++i) fsrc[i] = fddi_bit_swap[fp->fddi_shost[i]]; } else { bcopy ((char *) fp->fddi_dhost, fdst, 6); bcopy ((char *) fp->fddi_shost, fsrc, 6); } } int ArgusCreatePktFromFddi(const struct fddi_header *fp, struct ether_header *ep, int length) { unsigned char *ptr; unsigned int retn = 0; struct llc *llc; if ((fp->fddi_fc & FDDIFC_CLFF) == FDDIFC_LLC_ASYNC) { Argusextract_fddi_addrs (fp, ep); llc = (struct llc *)(fp + 1); if (llc->ssap == LLCSAP_SNAP && llc->dsap == LLCSAP_SNAP && llc->llcui == LLC_UI) { ((struct ether_header *) ep)->ether_type = EXTRACT_SHORT(&llc->ethertype[0]); ptr = (unsigned char *)(llc + 1); length -= (sizeof(struct fddi_header) + sizeof(struct llc)); bcopy ((char *)ptr, (char *)(ep + 1), length); retn = length + sizeof(struct ether_header); } } return (retn); } void ArgusFddiPacket(u_char *user, const struct pcap_pkthdr *h, const u_char *p) { struct ether_header *ep = (struct ether_header *) ArgusPacketBuffer; struct timeval *tvp = (struct timeval *) &h->ts; unsigned int length = h->len; unsigned int caplen = h->caplen; const struct fddi_header *fp = (struct fddi_header *)p; ArgusGlobalTime = *tvp; if (ArgusGlobalTime.tv_sec < 0) { ArgusLog (LOG_ERR, "ArgusFddiPacket (0x%x, 0x%x, 0x%x) libpcap timestamp out of range %d.%d", user, h, p, ArgusGlobalTime.tv_sec, ArgusGlobalTime.tv_usec); } ArgusThisLength = length; ArgusSnapLength = caplen; ArgusThisSnapEnd = ((u_char *)ep) + caplen; if (p && (length = ArgusCreatePktFromFddi(fp, ep, length))) { if (p && length) ArgusProcessPacket (ep, length, tvp); } #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusFddiPacket (0x%x, 0x%x, 0x%x) returning", user, h, p); #endif } #define ARGUS_802_6_MAC_HDR_LEN 20 #define ARGUS_ATM_HDR_OFFSET 8 void ArgusATMPacket(u_char *user, const struct pcap_pkthdr *h, const u_char *p) { struct ether_header *ep = (struct ether_header *) ArgusPacketBuffer; struct timeval *tvp = (struct timeval *) &h->ts; unsigned int length = h->len; unsigned int caplen = h->caplen; ArgusGlobalTime = *tvp; if (ArgusGlobalTime.tv_sec < 0) { ArgusLog (LOG_ERR, "ArgusATMPacket (0x%x, 0x%x, 0x%x) libpcap timestamp out of range %d.%d", user, h, p, ArgusGlobalTime.tv_sec, ArgusGlobalTime.tv_usec); } if (caplen > 8) { if (p[0] != 0xaa || p[1] != 0xaa || p[2] != 0x03) { if (caplen > 28) { p += ARGUS_802_6_MAC_HDR_LEN; length -= ARGUS_802_6_MAC_HDR_LEN; caplen -= ARGUS_802_6_MAC_HDR_LEN; } else return; } } else return; ep->ether_type = ((p[6] << 8) | p[7]); length -= ARGUS_ATM_HDR_OFFSET; caplen -= ARGUS_ATM_HDR_OFFSET; p += ARGUS_ATM_HDR_OFFSET; bcopy (p, (char *)(ep + 1), caplen); length += sizeof(*ep); caplen += sizeof(*ep); ArgusThisLength = length; ArgusSnapLength = caplen; ArgusThisSnapEnd = ((u_char *)ep) + caplen; ArgusProcessPacket (ep, length, tvp); #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusATMPacket (0x%x, 0x%x, 0x%x) returning", user, h, p); #endif } #define ARGUS_PPP_HDR_LEN 4 void ArgusPppPacket(u_char *user, const struct pcap_pkthdr *h, const u_char *p) { struct timeval *tvp = (struct timeval *) &h->ts; struct ip *ip = (struct ip *) (p + ARGUS_PPP_HDR_LEN); unsigned int length = h->len; unsigned int caplen = h->caplen; ArgusGlobalTime = *tvp; if (ArgusGlobalTime.tv_sec < 0) { ArgusLog (LOG_ERR, "ArgusPppPacket (0x%x, 0x%x, 0x%x) libpcap timestamp out of range %d.%d", user, h, p, ArgusGlobalTime.tv_sec, ArgusGlobalTime.tv_usec); } ArgusSnapLength = caplen; ArgusThisSnapEnd = ((u_char *)ip) + (caplen - ARGUS_PPP_HDR_LEN); if (p && (length > ARGUS_PPP_HDR_LEN)) { length -= ARGUS_PPP_HDR_LEN; ArgusThisLength = length; ArgusProcessIpPacket (ip, length, tvp); } #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusPppPacket (0x%x, 0x%x, 0x%x) returning", user, h, p); #endif } #include #define ARGUS_PPPBSDOS_HDR_LEN 24 void ArgusPppBsdosPacket(u_char *user, const struct pcap_pkthdr *h, const u_char *p) { struct timeval *tvp = (struct timeval *) &h->ts; unsigned int length = h->len, hdrlen = 0; unsigned int caplen = h->caplen; unsigned short ptype = 0; ArgusGlobalTime = *tvp; if (ArgusGlobalTime.tv_sec < 0) { ArgusLog (LOG_ERR, "ArgusPppBsdosPacket (0x%x, 0x%x, 0x%x) libpcap timestamp out of range %d.%d", user, h, p, ArgusGlobalTime.tv_sec, ArgusGlobalTime.tv_usec); } ArgusSnapLength = caplen; ArgusThisSnapEnd = (u_char *) p + caplen; if (p[0] == PPP_ADDRESS && p[1] == PPP_CONTROL) { p += 2; hdrlen = 2; } if (*p & 01) { /* Retrieve the protocol type */ ptype = *p; /* Compressed protocol field */ p++; hdrlen += 1; } else { ptype = ntohs(*(u_short *)p); p += 2; hdrlen += 2; } length -= hdrlen; if (ptype == PPP_IP) if (p && (length > 0)) { ArgusThisLength = length; ArgusProcessIpPacket ((struct ip *) p, length, tvp); } #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusPppPacket (0x%x, 0x%x, 0x%x) returning", user, h, p); #endif } #if defined(__NetBSD__) || defined(__OpenBSD__) #include #include #endif #include #include /* XXX BSD/OS 2.1 compatibility */ #if !defined(ARGUS_SLIP_HDR_LEN) && defined(SLC_BPFHDR) #define SLIP_HDRLEN SLC_BPFHDR #define SLX_DIR 0 #define SLX_CHDR (SLC_BPFHDRLEN - 1) #define CHDR_LEN (SLC_BPFHDR - SLC_BPFHDRLEN) #else #endif void ArgusSlipPacket(u_char *user, const struct pcap_pkthdr *h, const u_char *p) { struct timeval *tvp = (struct timeval *) &h->ts; struct ip *ip = (struct ip *) (p + SLIP_HDRLEN); unsigned int length = h->len; unsigned int caplen = h->caplen; ArgusGlobalTime = *tvp; if (ArgusGlobalTime.tv_sec < 0) { ArgusLog (LOG_ERR, "ArgusSlipPacket (0x%x, 0x%x, 0x%x) libpcap timestamp out of range %d.%d", user, h, p, ArgusGlobalTime.tv_sec, ArgusGlobalTime.tv_usec); } ArgusSnapLength = caplen; ArgusThisSnapEnd = ((u_char *)ip) + (caplen - SLIP_HDRLEN); if (p && (length > SLIP_HDRLEN)) { length -= SLIP_HDRLEN; ArgusThisLength = length; ArgusProcessIpPacket (ip, length, tvp); } #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusSlipPacket (0x%x, 0x%x, 0x%x) returning", user, h, p); #endif } void ArgusIpPacket(u_char *user, const struct pcap_pkthdr *h, const u_char *p) { struct timeval *tvp = (struct timeval *) &h->ts; struct ip *ip = (struct ip *) p; unsigned int length = h->len; unsigned int caplen = h->caplen; ArgusGlobalTime = *tvp; if (ArgusGlobalTime.tv_sec < 0) { ArgusLog (LOG_ERR, "ArgusIpPacket (0x%x, 0x%x, 0x%x) libpcap timestamp out of range %d.%d", user, h, p, ArgusGlobalTime.tv_sec, ArgusGlobalTime.tv_usec); } ArgusSnapLength = caplen; ArgusThisSnapEnd = ((u_char *) ip) + caplen; if (p) { ArgusThisLength = length; ArgusProcessIpPacket (ip, length, tvp); } #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusIpPacket (0x%x, 0x%x, 0x%x) returning", user, h, p); #endif } #include #ifndef ETHER_ADDR_LEN #define ETHER_ADDR_LEN 6 #endif void ArgusSllPacket(u_char *user, const struct pcap_pkthdr *h, const u_char *p) { unsigned int length = h->len; unsigned int caplen = h->caplen; const struct sll_header *sllp = NULL; u_short pkttype; struct timeval *tvp = (struct timeval *) &h->ts; unsigned char buf[2048]; struct ether_header *ep = (struct ether_header *)buf; ArgusGlobalTime = *tvp; if (ArgusGlobalTime.tv_sec < 0) { ArgusLog (LOG_ERR, "ArgusSllPacket (0x%x, 0x%x, 0x%x) libpcap timestamp out of range %d.%d", user, h, p, ArgusGlobalTime.tv_sec, ArgusGlobalTime.tv_usec); } sllp = (const struct sll_header *)p; memcpy((void *)&ep->ether_shost, sllp->sll_addr, ETHER_ADDR_LEN); pkttype = ntohs(sllp->sll_pkttype); if (pkttype != LINUX_SLL_OUTGOING) { if (pkttype == LINUX_SLL_BROADCAST) memset((void *)&ep->ether_dhost, 0xFF, ETHER_ADDR_LEN); else { memset((void *)&ep->ether_dhost, 0, ETHER_ADDR_LEN); if (pkttype == LINUX_SLL_MULTICAST) #if defined(HAVE_SOLARIS) ep->ether_dhost.ether_addr_octet[0] = 0x01; #else ep->ether_dhost[0] = 0x01; #endif else #if defined(HAVE_SOLARIS) ep->ether_dhost.ether_addr_octet[ETHER_ADDR_LEN-1] = 0x01; #else ep->ether_dhost[ETHER_ADDR_LEN-1] = 0x01; #endif } } else { /* * We sent this packet; we don't know whether it's * broadcast, multicast, or unicast, so just make * the destination address all 0's. */ memset((void *)&ep->ether_dhost, 0, ETHER_ADDR_LEN); } length -= SLL_HDR_LEN; caplen -= SLL_HDR_LEN; p += SLL_HDR_LEN; ep->ether_type = sllp->sll_protocol; memcpy((ep + 1), p, caplen); ArgusThisSnapEnd = (unsigned char *)(ep + caplen); ArgusThisLength = length; ArgusSnapLength = caplen; ArgusProcessPacket (ep, length, tvp); #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusSllPacket (0x%x, 0x%x, 0x%x) returning", user, h, p); #endif } void ArgusGetPackets () { fd_set ArgusReadMask, ArgusWriteMask, ArgusExceptMask; struct timeval wait, tvpbuf, *tvp = &tvpbuf; int tmp, i, width = 0, noerror = 1; #if defined(HAVE_SOLARIS) sigignore (SIGPIPE); #else signal (SIGPIPE, SIG_IGN); #endif FD_ZERO(&ArgusReadMask); FD_ZERO(&ArgusWriteMask); FD_ZERO(&ArgusExceptMask); wait.tv_sec = 0; wait.tv_usec = 200000; if (ArgusPd[0] && ArgusCallBack) { int found = 0; for (i = 0; i < ARGUS_MAXINTERFACE; i++) { if (ArgusPd[i] && (pcap_fileno(ArgusPd[i]) >= 0)) { found++; FD_SET(pcap_fileno(ArgusPd[i]), &ArgusReadMask); if (width < pcap_fileno(ArgusPd[i])) width = pcap_fileno(ArgusPd[i]); } } if (!(ArgusReadingOffLine)) { do { if ((tmp = select (width + 1, &ArgusReadMask, NULL, NULL, &wait)) >= 0) { found = 0; if (tmp > 0) { for (i = 0; i < ARGUS_MAXINTERFACE; i++) { if ((ArgusPd[i]) && (pcap_fileno(ArgusPd[i]) >= 0)) { if (FD_ISSET(pcap_fileno(ArgusPd[i]), &ArgusReadMask)) { found++; ArgusInterfaceIndex = i; switch (ArgusInterface[i].ArgusInterfaceType) { case ARGUSLIBPPKTFILE: if ((pcap_read (ArgusPd[i], -1, ArgusCallBack, (u_char *) NULL)) < 0) { #ifdef ARGUSDEBUG ArgusDebug (4, "ArgusGetPackets: pcap_read() returned %s", pcap_geterr(ArgusPd[i])); #endif noerror = 0; } break; case ARGUSSNOOPKTFILE: if (ArgusSnoopRead () < 0) noerror = 0; break; case ARGUSMOATTSHPKTFILE: if (ArgusMoatTshRead () < 0) noerror = 0; break; } if (Nflag > 0) Nflag--; } } } } if (!(found)) { gettimeofday (tvp, NULL); ArgusGlobalTime = *tvp; if (ArgusGlobalTime.tv_sec < 0) { ArgusLog (LOG_ERR, "ArgusGetPackets () gettimeofday() timestamp out of range %d.%d", ArgusGlobalTime.tv_sec, ArgusGlobalTime.tv_usec); } if (ArgusUpdateTime ()) ArgusSystemTimeout(); } } else { FD_ZERO(&ArgusReadMask); #ifdef ARGUSDEBUG ArgusDebug (4, "ArgusGetPackets: select() returned %s", strerror(errno)); #endif if (errno == EINTR) break; } width = 0; found = 0; for (i = 0; i < ARGUS_MAXINTERFACE; i++) if (ArgusPd[i]) { if (pcap_fileno(ArgusPd[i]) >= 0) { found ++; FD_SET(pcap_fileno(ArgusPd[i]), &ArgusReadMask); if (width < pcap_fileno(ArgusPd[i])) width = pcap_fileno(ArgusPd[i]); } } if (!found) break; wait.tv_sec = 0; wait.tv_usec = 200000; } while (noerror && (Nflag != 0) && (!(ArgusShutDownStarted))); } else { pcap_offline_read (ArgusPd[0], -1, ArgusCallBack, (u_char *) NULL); } } gettimeofday (&ArgusEndTime, 0L); #ifdef ARGUSDEBUG ArgusDebug (4, "ArgusGetPackets () returning"); #endif } void Argusbpf_dump(struct bpf_program *p, int option) { struct bpf_insn *insn; int i, n = p->bf_len; insn = p->bf_insns; if (option > 2) { fprintf(stdout, "%d\n", n); for (i = 0; i < n; ++insn, ++i) { fprintf(stdout, "%lu %lu %lu %lu\n", (long) insn->code, (long) insn->jt, (long) insn->jf, (long) insn->k); } return ; } if (option > 1) { for (i = 0; i < n; ++insn, ++i) { fprintf(stdout, "{ 0x%x, %d, %d, 0x%08x },\n", insn->code, insn->jt, insn->jf, (int) insn->k); } return; } for (i = 0; i < n; ++insn, ++i) { #ifdef BDEBUG extern int bids[]; fprintf(stdout, bids[i] > 0 ? "[%02d]" : " -- ", bids[i] - 1); #endif fprintf (stdout, "%s", bpf_image(insn, i)); fprintf (stdout, "\n"); } #ifdef ARGUSDEBUG ArgusDebug (3, "Argusbpf_dump (0x%x, %d) returning", p, option); #endif } #include #include #include #define ARGUSSNOOPTAG "snoop" pcap_t * ArgusOpenInputPacketFile(char *errbuf) { char readbuf[256]; pcap_t *pd = NULL, *retn = NULL; int ch, rlen; bzero (errbuf, 64); if ((pd = pcap_open_offline(Argusrfile, errbuf)) != NULL) { ArgusInterface[0].ArgusInterfaceType = ARGUSLIBPPKTFILE; ArgusInputPacketFileType = ARGUSLIBPPKTFILE; ArgusInterface[0].ArgusDevice = Argusrfile; ArgusReadingOffLine++; retn = pd; } else { if (strcmp(Argusrfile, "-")) { if ((ArgusPacketInput = fopen(Argusrfile, "r")) == NULL) { snprintf (errbuf, PCAP_ERRBUF_SIZE - 1, "%s: %s\n", Argusrfile, strerror(errno)); } } else ArgusPacketInput = stdin; if (ArgusPacketInput) { if (getArgusMoatTshFile()) { ArgusInputPacketFileType = ARGUSMOATTSHPKTFILE; if (ArgusPacketInput == stdin) { ArgusPcap.fd = 0; ArgusPcap.snapshot = 1500; ArgusPcap.linktype = DLT_EN10MB; ArgusInterface[0].ArgusInterfaceType = ARGUSMOATTSHPKTFILE; ArgusInterface[0].ArgusDevice = Argusrfile; retn = (pcap_t *) &ArgusPcap; ArgusReadingOffLine++; } else if ((ArgusPcap.fd = open (Argusrfile, O_RDONLY, NULL)) >= 0) { ArgusPcap.snapshot = 1500; ArgusPcap.linktype = DLT_EN10MB; ArgusInterface[0].ArgusInterfaceType = ARGUSMOATTSHPKTFILE; ArgusInterface[0].ArgusDevice = Argusrfile; retn = (pcap_t *) &ArgusPcap; ArgusReadingOffLine++; } else ArgusLog(LOG_ERR, "ArgusOpenInputPacketFile(%s) error. %s", Argusrfile, strerror(errno)); } else if ((ch = fgetc(ArgusPacketInput)) != EOF) { ungetc(ch, ArgusPacketInput); if ((rlen = fread ((char *)readbuf, 1, sizeof(ARGUSSNOOPTAG), ArgusPacketInput)) == sizeof(ARGUSSNOOPTAG)) { if ((strncmp((char *)readbuf, ARGUSSNOOPTAG, sizeof(ARGUSSNOOPTAG)) == 0)) { fclose(ArgusPacketInput); if ((ArgusPcap.fd = open (Argusrfile, O_RDONLY, NULL)) >= 0) { lseek(ArgusPcap.fd, 16, SEEK_SET); ArgusPcap.snapshot = 1500; ArgusPcap.linktype = DLT_EN10MB; ArgusInterface[0].ArgusInterfaceType = ARGUSSNOOPKTFILE; ArgusInterface[0].ArgusDevice = Argusrfile; ArgusInputPacketFileType = ARGUSSNOOPKTFILE; retn = (pcap_t *) &ArgusPcap; ArgusReadingOffLine++; } } else { snprintf (errbuf, PCAP_ERRBUF_SIZE - 1, "Unknown packet file format"); } } else { snprintf (errbuf, PCAP_ERRBUF_SIZE - 1, "Error reading %s. Read %d bytes", Argusrfile, rlen); } } else { snprintf (errbuf, PCAP_ERRBUF_SIZE - 1, "Error reading %s. Stream Empty", Argusrfile); } } } #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusOpenInputPacketFile(0x%x) returning 0x%x", errbuf, retn); #endif return (retn); } char * ArgusCopyArgv (char **argv) { char **p; int len = 0; char *buf = NULL, *src, *dst; p = argv; if (*p == 0) return 0; while (*p) len += (int) strlen (*p++) + 1; if ((buf = (char *) ArgusCalloc (1, len)) != NULL) { p = argv; dst = buf; while ((src = *p++) != NULL) { if (*src != '-') { while ((*dst++ = *src++) != '\0') ; dst[-1] = ' '; } } dst[-1] = '\0'; } #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusCopyArgv(0x%x) returning 0x%x", argv, buf); #endif return buf; } #include #include char * ArgusReadInfile (char *fname) { int fd = 0; char *p = NULL; struct stat buf; char outbuf[256]; if ((fd = open(fname, O_RDONLY)) >= 0) { if (fstat(fd, &buf) < 0) { snprintf (outbuf, 255, "%s: fstat('%s') failed.", ArgusProgramName, fname); perror (outbuf); close(fd); } if ((p = (char *) ArgusCalloc (1, (u_int) buf.st_size)) != 0) { if (read (fd, p, (unsigned int)buf.st_size) != buf.st_size) { snprintf (outbuf, 255, "%s: read('%s') failed.", ArgusProgramName, fname); perror (outbuf); p = NULL; close(fd); } } close(fd); } else { snprintf (outbuf, 255, "%s: open('%s') failed.", ArgusProgramName, fname); perror (outbuf); } #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusReadInfile(%s) returning 0x%x", fname, p); #endif return (p); } argus-2.0.6.fixes.1/server/ArgusSource.h0000775000076600007660000002414010016412624013534 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1993, 1994 Carnegie Mellon University. * All rights reserved. * * Permission to use, copy, modify, and distribute this software and * its documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and * that both that copyright notice and this permission notice appear * in supporting documentation, and that the name of CMU not be * used in advertising or publicity pertaining to distribution of the * software without specific, written prior permission. * * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. * */ /* ArgusSource.h */ #ifndef ArgusSource_h #define ArgusSource_h #include #include #include #include #include #include #include int pcap_read(pcap_t *, int cnt, pcap_handler, u_char *); int pcap_offline_read(pcap_t *, int, pcap_handler, u_char *); #include #include #include #include #if defined(__NetBSD__) #include #include #include #endif #if !defined(__OpenBSD__) #include #endif #include #if !defined(__OpenBSD__) || (defined(__OpenBSD__) && !defined(_NETINET_IF_SYSTEM_H_)) #include #define _NETINET_IF_SYSTEM_H_ #endif #if defined(__OpenBSD__) #ifndef _NETINET_IP_H_ #include #define _NETINET_IP_H_ #endif #ifndef _NETINET_UDP_H_ #include #define _NETINET_UDP_H_ #endif #else #include #include #endif #include struct ArgusMoatTshPktHdr { unsigned int sec; char interface; char usec[3]; struct ip ip; struct tcphdr tcp; }; #define SNOOP_FILE_OFFSET 16 struct ArgusSnoopPktHdr { unsigned int len; unsigned int tlen; unsigned int pad[2]; struct timeval argtvp; }; int ArgusSnoopRead (void); void ArgusEtherPacket (u_char *user, const struct pcap_pkthdr *h, const u_char *p); void ArgusSlipPacket (u_char *user, const struct pcap_pkthdr *h, const u_char *p); void ArgusPppPacket (u_char *user, const struct pcap_pkthdr *h, const u_char *p); void ArgusPppBsdosPacket (u_char *user, const struct pcap_pkthdr *h, const u_char *p); void ArgusFddiPacket (u_char *user, const struct pcap_pkthdr *h, const u_char *p); void ArgusATMPacket (u_char *user, const struct pcap_pkthdr *h, const u_char *p); void ArgusIpPacket (u_char *user, const struct pcap_pkthdr *h, const u_char *p); void ArgusSllPacket (u_char *user, const struct pcap_pkthdr *h, const u_char *p); struct callback { pcap_handler function; int type; char *fname; }; pcap_t *ArgusOpenInputPacketFile(char *); pcap_handler Arguslookup_pcap_callback (int); void Argusbpf_dump(struct bpf_program *, int); void setArgusMoatTshFile (int value); int getArgusMoatTshFile (void); void setArgusWriteOutPacketFile (char *); void ArgusGetPackets (void); #define ARGUSLIBPPKTFILE 1 #define ARGUSSNOOPKTFILE 2 #define ARGUSMOATTSHPKTFILE 3 #define ARGUS_MAXINTERFACE 3 struct ArgusSourceStruct { int state; }; struct ArgusInterfaceStruct { char *ArgusDevice; int index, ArgusInterfaceType; unsigned int ArgusLocalNet, ArgusNetMask; long long ArgusTotalPkts; long long ArgusTotalIPPkts; long long ArgusTotalNonIPPkts; long long ArgusLastPkts; long long ArgusTotalDrop; long long ArgusLastDrop; long long ArgusTotalBytes; long long ArgusLastBytes; }; #if defined(ArgusSource) static struct callback callbacks[] = { { ArgusEtherPacket, DLT_EN10MB, "ArgusEtherPacket()" }, { ArgusEtherPacket, DLT_IEEE802, "ArgusEtherPacket()" }, { ArgusSlipPacket, DLT_SLIP, "ArgusSlipPacket()" }, { ArgusSlipPacket, DLT_SLIP_BSDOS, "ArgusSlipPacket()" }, { ArgusPppPacket, DLT_PPP, "ArgusPppPacket()" }, { ArgusPppBsdosPacket, DLT_PPP_BSDOS, "ArgusPppBsdosPacket()" }, { ArgusFddiPacket, DLT_FDDI, "ArgusFddiPacket()" }, { ArgusATMPacket, DLT_ATM_RFC1483, "ArgusATMPacket()" }, { ArgusIpPacket, DLT_RAW, "ArgusIpPacket()" }, #ifdef DLT_LINUX_SLL { ArgusSllPacket, DLT_LINUX_SLL, "ArgusSllPacket()" }, #endif { NULL, DLT_NULL, "NULL" }, { NULL, 0, NULL}, }; struct ArgusSourceStruct *ArgusSourceTask = NULL; struct ArgusListStruct *ArgusDeviceList = NULL; char *ArgusInputFilter = NULL; struct timeval ArgusStartTime, ArgusEndTime; int kflag = 0; extern int Argustflag; int ArgusInterfaceIndex = 0; struct ArgusInterfaceStruct ArgusInterface[ARGUS_MAXINTERFACE]; pcap_t *ArgusPd[ARGUS_MAXINTERFACE]; struct bpf_program ArgusFilters[ARGUS_MAXINTERFACE]; struct pcap_stat ArgusStats[ARGUS_MAXINTERFACE]; int ArgusInputPacketFileType; int ArgusReadingOffLine = 0; int Argusbpflag; static FILE *ArgusPacketInput; static pcap_handler ArgusCallBack; struct arguspcap_sf { FILE *rfile; int swapped; int hdrsize; int version_major; int version_minor; u_char *base; }; struct arguspcap_md { struct pcap_stat stat; /*XXX*/ int use_bpf; /* using kernel filter */ u_long TotPkts; /* can't oflow for 79 hrs on ether */ u_long TotAccepted; /* count accepted by filter */ u_long TotDrops; /* count of dropped packets */ long TotMissed; /* missed by i/f during this run */ long OrigMissed; /* missed by i/f before this run */ #ifdef linux int sock_packet; /* using Linux 2.0 compatible interface */ int timeout; /* timeout specified to pcap_open_live */ int clear_promisc; /* must clear promiscuous mode when we close */ int cooked; /* using SOCK_DGRAM rather than SOCK_RAW */ int lo_ifindex; /* interface index of the loopback device */ char *device; /* device name */ struct pcap *next; /* list of open promiscuous sock_packet pcaps */ #endif }; struct arguspcap { int fd; int snapshot; int linktype; int tzoff; /* timezone offset */ int offset; /* offset for proper alignment */ struct arguspcap_sf sf; struct arguspcap_md md; /* * Read buffer. */ int bufsize; u_char *buffer; u_char *bp; int cc; /* * Place holder for pcap_next(). */ u_char *pkt; /* * Placeholder for filter code if bpf not in kernel. */ struct bpf_program fcode; char errbuf[PCAP_ERRBUF_SIZE]; }; static struct arguspcap ArgusPcap; static int ArgusSnapLen; static int ArgusOflag = 1; static int Arguspflag; static char **ArgusArgv = NULL; static int ArgusOptind; static char *Argusrfile = NULL; static char *ArgusDevice = NULL; static char *ArgusInfile = NULL; struct ArgusSourceStruct *ArgusNewSource(void); void ArgusInitSource(void); int ArgusDeleteSource(void); void setArgusOutputTask(void); void setArgusModeler(void); struct ArgusOutputStruct *getArgusOutputTask(void); struct ArgusModelerStruct *getArgusModeler(void); int getArgusbpflag(void); int getArguspflag(void); int getArgusOflag(void); void setArgusbpflag(int); void setArguspflag(int); void setArgusOflag(int); void setArgusArgv(char **); void setArgusOptind(int); void setArgusDevice(char *); void setArgusInfile(char *); void setArgusrfile(char *); void setArgusrFile(char *); char *getArgusDevice(void); char *getArgusInfile(void); char *getArgusrfile(void); void clearArgusDevice(void); static char *ArgusCopyArgv (char **); static char *ArgusReadInfile (char *); int ArgusCreatePktFromFddi(const struct fddi_header *, struct ether_header *, int); extern char *bpf_image(struct bpf_insn *, int); #else /* defined(ArgusSource) */ extern char *ArgusInputFilter; extern long long ArgusTotalPkts; extern long long ArgusLastPkts; extern long long ArgusTotalDrop; extern long long ArgusLastDrop; extern long long ArgusTotalBytes; extern long long ArgusLastBytes; struct timeval ArgusStartTime, ArgusEndTime; extern int ArgusInterfaceIndex; extern struct ArgusInterfaceStruct ArgusInterface[ARGUS_MAXINTERFACE]; extern pcap_t *ArgusPd[]; extern struct pcap_stat ArgusStats[]; extern int ArgusInputPacketFileType; extern int ArgusReadingOffLine; extern int Argusbpflag; extern struct ArgusSourceStruct *ArgusSourceTask; extern struct ArgusSourceStruct *ArgusNewSource(void); extern void ArgusInitSource(void); extern int ArgusDeleteSource(void); extern struct ArgusOutputStruct *getArgusOutputTask(void); extern void setArgusOutputTask(void); extern struct ArgusModelerStruct *getArgusModeler(void); extern void setArgusModeler(void); extern int getArgusbpflag(void); extern int getArguspflag(void); extern int getArgusOflag(void); extern int getArgusMoatTshFile (void); extern void setArgusbpflag(int); extern void setArguspflag(int); extern void setArgusOflag(int); extern void setArgusMoatTshFile (int value); extern void setArgusWriteOutPacketFile (char *); extern void setArgusArgv(char **); extern void setArgusOptind(int); extern void setArgusDevice(char *); extern void setArgusInfile(char *); extern void setArgusrfile(char *); extern char *getArgusDevice(void); extern char *getArgusInfile(void); extern char *getArgusrfile(void); extern void clearArgusDevice(void); #endif #endif /* #ifndef ArgusSource_h */ argus-2.0.6.fixes.1/server/ArgusUtil.c0000775000076600007660000007630510016412624013216 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1993, 1994 Carnegie Mellon University. * All rights reserved. * * Permission to use, copy, modify, and distribute this software and * its documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and * that both that copyright notice and this permission notice appear * in supporting documentation, and that the name of CMU not be * used in advertising or publicity pertaining to distribution of the * software without specific, written prior permission. * * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. * */ /* ArgusUtil.c */ #ifndef ArgusUtil #define ArgusUtil #endif #include #include #include unsigned long long ArgusAbsTimeDiff (struct timeval *start, struct timeval *stop) { unsigned long long retn = 0; struct timeval *t1 = start, *t2 = stop; int sec, usec; if ((stop->tv_sec < start->tv_sec) || ((stop->tv_sec == start->tv_sec) && (stop->tv_usec < start->tv_usec))) { t2 = start; t1 = stop; } sec = t2->tv_sec - t1->tv_sec; usec = t2->tv_usec - t1->tv_usec; if (usec < 0) { sec--; usec += 1000000; } retn = (unsigned long long) ((sec * 1000000) + usec); return (retn); } struct ArgusListStruct * ArgusNewList () { struct ArgusListStruct *retn = NULL; if ((retn = (struct ArgusListStruct *) ArgusCalloc (1, sizeof (struct ArgusListStruct))) != NULL) { retn->start = NULL; retn->count = 0; } #ifdef ARGUSDEBUG ArgusDebug (4, "ArgusNewList () returning 0x%x\n", retn); #endif return (retn); } void ArgusDeleteList (struct ArgusListStruct *list) { if (list) { while (list->start) ArgusPopFrontList(list); ArgusFree (list); } #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusDeleteList (0x%x) returning\n", list); #endif } int ArgusListEmpty (struct ArgusListStruct *list) { return (list->start == NULL); } int ArgusGetListCount(struct ArgusListStruct *list) { return (list->count); } void ArgusPushFrontList(struct ArgusListStruct *list, void *obj) { struct ArgusListObjectStruct *lobj = NULL; if (list && obj) { if ((lobj = (struct ArgusListObjectStruct *) ArgusCalloc (1, sizeof(*lobj))) != NULL) { lobj->obj = obj; if (list->start) { lobj->nxt = list->start; lobj->prv = list->start->prv; lobj->nxt->prv = lobj; lobj->prv->nxt = lobj; } else { lobj->prv = lobj; lobj->nxt = lobj; } list->start = lobj; list->count++; } } #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusPushFrontList (0x%x, 0x%x) returning 0x%x\n", list, obj); #endif } void ArgusPushBackList(struct ArgusListStruct *list, void *obj) { ArgusPushFrontList(list, obj); list->start = list->start->nxt; #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusPushBackList (0x%x, 0x%x) returning 0x%x\n", list, obj); #endif } void * ArgusFrontList(struct ArgusListStruct *list) { void *retn = NULL; if (list->start) retn = list->start->obj; #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusFrontList (0x%x) returning 0x%x\n", list, retn); #endif return (retn); } void * ArgusBackList(struct ArgusListStruct *list) { void *retn = NULL; if (list->start) retn = list->start->prv->obj; #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusBackList (0x%x) returning 0x%x\n", list, retn); #endif return (retn); } void ArgusPopBackList(struct ArgusListStruct *list) { struct ArgusListObjectStruct *lobj = NULL; if ((lobj = list->start)) { list->start = list->start->prv; ArgusPopFrontList(list); } #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusPopBackList (0x%x) returning\n", list); #endif } void ArgusPopFrontList(struct ArgusListStruct *list) { struct ArgusListObjectStruct *lobj = NULL; if ((lobj = list->start)) { if (--list->count > 0) { if (lobj->prv) lobj->prv->nxt = lobj->nxt; if (lobj->nxt) lobj->nxt->prv = lobj->prv; list->start = lobj->nxt; } else list->start = NULL; ArgusFree(lobj); } #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusPopFrontList (0x%x) returning\n", list); #endif } struct ArgusQueueStruct * ArgusNewQueue () { struct ArgusQueueStruct *retn = NULL; if ((retn = (struct ArgusQueueStruct *) ArgusCalloc (1, sizeof (struct ArgusQueueStruct))) != NULL) { retn->count = 0; retn->start = NULL; } #ifdef ARGUSDEBUG ArgusDebug (4, "ArgusNewQueue () returning 0x%x\n", retn); #endif return (retn); } void ArgusDeleteQueue (struct ArgusQueueStruct *queue) { struct ArgusFlowStruct *obj = NULL; if (queue != NULL) { while ((obj = ArgusPopQueue(queue))) ArgusFree(obj); ArgusFree(queue); } #ifdef ARGUSDEBUG ArgusDebug (4, "ArgusDeleteQueue (0x%x) returning\n", queue); #endif } int ArgusGetQueueCount(struct ArgusQueueStruct *queue) { int retn = 0; if (queue != NULL) retn = queue->count; #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusGetQueueCount (0x%x) returning %d\n", queue, retn); #endif return (retn); } void ArgusPushQueue(struct ArgusQueueStruct *queue, struct ArgusFlowStruct *obj) { int retn = 0; if ((retn = ArgusAddToQueue (queue, obj)) > 0) queue->start = queue->start->prv; #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusPushQueue (0x%x, 0x%x) returning\n", queue, obj); #endif } int ArgusAddToQueue(struct ArgusQueueStruct *queue, struct ArgusFlowStruct *obj) { int retn = 0; if (queue && obj) { if (obj->qhdr.queue == NULL) { if (queue->start != NULL) { obj->qhdr.prv = queue->start->prv; queue->start->prv = &obj->qhdr; obj->qhdr.nxt = queue->start; obj->qhdr.prv->nxt = &obj->qhdr; } else { queue->start = &obj->qhdr; obj->qhdr.nxt = &obj->qhdr; obj->qhdr.prv = &obj->qhdr; } queue->count++; obj->qhdr.queue = queue; retn = 1; } else ArgusLog (LOG_ERR, "ArgusAddToQueue (0x%x, 0x%x) obj in queue 0x%x\n", queue, obj, obj->qhdr.queue); } else ArgusLog (LOG_ERR, "ArgusAddToQueue (0x%x, 0x%x) parameter error\n", queue, obj); #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusAddToQueue (0x%x, 0x%x) returning %d\n", queue, obj, retn); #endif return (retn); } struct ArgusFlowStruct *ArgusFrontQueue (struct ArgusQueueStruct *); struct ArgusFlowStruct * ArgusFrontQueue (struct ArgusQueueStruct *queue) { struct ArgusFlowStruct *retn = NULL; if (queue != NULL) retn = (struct ArgusFlowStruct *) queue->start; #ifdef ARGUSDEBUG ArgusDebug (8, "ArgusFrontQueue (0x%x) returning 0x%x\n", queue, retn); #endif return (retn); } struct ArgusFlowStruct * ArgusPopQueue (struct ArgusQueueStruct *queue) { struct ArgusFlowStruct *retn = NULL; struct ArgusFlowStruct *obj = NULL; if (queue && queue->count) { if ((obj = (struct ArgusFlowStruct *) queue->start) != NULL) retn = ArgusRemoveFromQueue(queue, obj); else ArgusLog (LOG_ERR, "ArgusPopQueue(0x%x) internal queue error count %d start NULL\n", queue, queue->count); } #ifdef ARGUSDEBUG ArgusDebug (8, "ArgusPopQueue (0x%x) returning 0x%x\n", queue, retn); #endif return(retn); } struct ArgusFlowStruct * ArgusRemoveFromQueue(struct ArgusQueueStruct *queue, struct ArgusFlowStruct *obj) { struct ArgusFlowStruct *retn = NULL; if ((queue != NULL) && (obj != NULL)) { if (queue->count && (obj->qhdr.queue == queue)) { queue->count--; if (queue->count) { if (queue->start == &obj->qhdr) queue->start = obj->qhdr.nxt; obj->qhdr.prv->nxt = obj->qhdr.nxt; obj->qhdr.nxt->prv = obj->qhdr.prv; } else queue->start = NULL; obj->qhdr.prv = NULL; obj->qhdr.nxt = NULL; obj->qhdr.queue = NULL; retn = obj; } else ArgusLog (LOG_ERR, "RaRemoveFromQueue(0x%x, 0x%x) obj not in queue\n", queue, obj); } else ArgusLog (LOG_ERR, "RaRemoveFromQueue(0x%x, 0x%x) parameter error\n", queue, obj); #ifdef ARGUSDEBUG ArgusDebug (9, "ArgusRemoveFromQueue (0x%x, 0x%x) returning 0x%x\n", queue, obj, obj); #endif return (retn); } #include #include #define ARGUS_MINQSCAN 256 #define ARGUS_TR1QSCAN 2048 #define ARGUS_TR2QSCAN 16384 #define ARGUS_MAXQSCAN 262144 void ArgusProcessQueue(struct ArgusQueueStruct *queue, unsigned char status) { struct ArgusFlowStruct *obj = NULL; int cnt = 0; switch (status) { case ARGUS_STOP: case ARGUS_SHUTDOWN: while (queue->count) { if ((obj = ArgusPopQueue(queue)) != NULL) { if (obj->FragDSRBuffer != NULL) { if (ArgusUpdateParentFlow(obj)) { ArgusDeleteObject (obj); obj = NULL; } } if (obj) { if ((obj->state.ofragcnt) && (!(obj->qhdr.status & ARGUS_PROCESS_NEXT_PASS))) { obj->qhdr.status |= ARGUS_PROCESS_NEXT_PASS; ArgusAddToQueue(queue, obj); } else { ArgusSendFlowRecord(obj, status); ArgusDeleteObject (obj); } } } } break; default: if (queue->count > 0) { cnt = ((queue->count == 1 ) ? queue->count : ((queue->count < ARGUS_MINQSCAN) ? ((queue->count / 4) + 2): ((queue->count < ARGUS_TR2QSCAN) ? (queue->count / 8) : ((queue->count < ARGUS_MAXQSCAN) ? ARGUS_TR1QSCAN : queue->count / 128)))); if (cnt > 1) { while (cnt--) { if ((obj = ArgusPopQueue(queue)) != NULL) { if (ArgusCheckTimeout(obj)) ArgusTimeOut(obj); else ArgusAddToQueue(queue, obj); } } } else { if ((obj = ArgusFrontQueue(queue)) != NULL) { if (ArgusCheckTimeout(obj)) { ArgusPopQueue(queue); ArgusTimeOut(obj); } } } } break; } #ifdef ARGUSDEBUG ArgusDebug (8, "ArgusProcessQueue (0x%x, %d) returning\n", queue, status); #endif } int ArgusCheckTimeout(struct ArgusFlowStruct *obj) { int retn = 0; unsigned int lapseTime; struct timeval *tvp = NULL, thisTimeout; if (obj->qhdr.lasttime.tv_sec > 0) { lapseTime = obj->qhdr.lasttime.tv_sec + obj->ArgusTimeout; if (((ArgusGlobalTime.tv_sec > lapseTime) || ((ArgusGlobalTime.tv_sec == lapseTime) && (ArgusGlobalTime.tv_usec > obj->qhdr.lasttime.tv_usec))) && (!(obj->state.ofragcnt))) retn++; if ((tvp = getArgusFarReportInterval ()) != NULL) { thisTimeout.tv_sec = tvp->tv_sec + obj->qhdr.logtime.tv_sec; thisTimeout.tv_usec = tvp->tv_usec + obj->qhdr.logtime.tv_usec; if (thisTimeout.tv_usec >= 1000000) { thisTimeout.tv_sec++; thisTimeout.tv_usec -= 1000000; } if ((ArgusGlobalTime.tv_sec > thisTimeout.tv_sec) || ((ArgusGlobalTime.tv_sec == thisTimeout.tv_sec) && (ArgusGlobalTime.tv_usec > thisTimeout.tv_usec))) ArgusSendFlowRecord (obj, ARGUS_STATUS); } } else obj->qhdr.lasttime = ArgusGlobalTime; #ifdef ARGUSDEBUG ArgusDebug (7, "ArgusCheckTimeout (0x%x) returning %d\n", obj, retn); #endif return (retn); } void ArgusEmptyQueue(struct ArgusQueueStruct *queue) { struct ArgusFlowStruct *obj = NULL; while ((obj = ArgusPopQueue(queue)) != NULL) ArgusTimeOut(obj); #ifdef ARGUSDEBUG ArgusDebug (8, "ArgusEmptyQueue (0x%x) returning\n", queue); #endif } void ArgusDeleteObject(struct ArgusFlowStruct *obj) { struct ArgusHashTableHeader *htblhdr; struct ArgusFragExtensionBuffer *fragBuf; struct ArgusFragOffsetStruct *offsets, *nxt; struct ArgusUserObject *user; if (obj->qhdr.queue == ArgusFlowQueue) ArgusRemoveFromQueue (ArgusFlowQueue, obj); if ((htblhdr = obj->htblhdr) != NULL) { ArgusRemoveHashEntry(htblhdr); obj->htblhdr = NULL; } if (obj->MacDSRBuffer) { ArgusFree(obj->MacDSRBuffer); obj->MacDSRBuffer = NULL; } if (obj->VlanDSRBuffer) { ArgusFree(obj->VlanDSRBuffer); obj->VlanDSRBuffer = NULL; } if (obj->MplsDSRBuffer) { ArgusFree(obj->MplsDSRBuffer); obj->MplsDSRBuffer = NULL; } if (obj->NetworkDSRBuffer) { ArgusFree(obj->NetworkDSRBuffer); obj->NetworkDSRBuffer = NULL; } if (obj->ICMPDSRBuffer) { ArgusFree(obj->ICMPDSRBuffer); obj->ICMPDSRBuffer = NULL; } if (obj->FragDSRBuffer) { fragBuf = (struct ArgusFragExtensionBuffer *)obj->FragDSRBuffer; if (fragBuf->user != NULL) { if (fragBuf->user->array != NULL) { ArgusFree(fragBuf->user->array); fragBuf->user->array = NULL; } ArgusFree(fragBuf->user); fragBuf->user = NULL; } if ((offsets = fragBuf->offsets) != NULL) { while (offsets != NULL) { nxt = offsets->nxt; ArgusFree(offsets); offsets = nxt; } fragBuf->offsets = NULL; } ArgusFree(obj->FragDSRBuffer); obj->FragDSRBuffer = NULL; } if (obj->TransportDSRBuffer) { ArgusFree(obj->TransportDSRBuffer); obj->TransportDSRBuffer = NULL; } if (obj->SessionDSRBuffer) { ArgusFree(obj->SessionDSRBuffer); obj->SessionDSRBuffer = NULL; } if (obj->UserDSRBuffer) { user = obj->UserDSRBuffer; if (user->src.array) { ArgusFree(user->src.array); user->src.array = NULL; } if (user->dst.array) { ArgusFree(user->dst.array); user->dst.array = NULL; } ArgusFree(user); obj->UserDSRBuffer = NULL; } ArgusTotalClosedFlows++; ArgusFree(obj); #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusDeleteObject (0x%x) returning\n", obj); #endif } int ArgusUpdateTime () { int retn = 0; if ((ArgusUpdateTimer.tv_sec == 0) || ((ArgusGlobalTime.tv_sec > ArgusUpdateTimer.tv_sec) || ((ArgusGlobalTime.tv_sec == ArgusUpdateTimer.tv_sec) && (ArgusGlobalTime.tv_usec > ArgusUpdateTimer.tv_usec)))) { if (ArgusUpdateTimer.tv_sec) retn = 1; ArgusUpdateTimer = ArgusGlobalTime; ArgusUpdateTimer.tv_sec += ArgusUpdateInterval.tv_sec; ArgusUpdateTimer.tv_usec += ArgusUpdateInterval.tv_usec; if (ArgusUpdateTimer.tv_usec >= 1000000) { ArgusUpdateTimer.tv_sec++; ArgusUpdateTimer.tv_usec -= 1000000; } } #ifdef ARGUSDEBUG ArgusDebug (8, "ArgusUpdateTime () returning %d\n", retn); #endif return (retn); } struct ArgusFlowStruct * ArgusFindFlow () { struct ArgusFlowStruct *retn = NULL; struct ArgusHashTableHeader *hashEntry; unsigned short hash = 0, *ptr = (unsigned short *) ArgusThisFlow; int i, len; for (i = 0, len = (sizeof(*ArgusThisFlow)) / sizeof(unsigned short); i < len; i++) hash += *ptr++; ArgusThisHash = hash; if ((hashEntry = ArgusFindHashObject ()) != NULL) retn = hashEntry->flowobj; #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusFindFlow () returning 0x%x\n", retn); #endif return (retn); } struct ArgusHashTableHeader * ArgusFindHashObject () { struct ArgusHashTableHeader *retn = NULL, *head = NULL, *target; if ((target = ArgusHashTable.array[ArgusThisHash % ArgusHashTable.size]) != NULL) { head = target; do { if (!(bcmp ((char *) ArgusThisFlow, (char *) &target->flow, sizeof(*ArgusThisFlow)))) { retn = target; break; } else target = target->nxt; } while (target != head); } #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusFindHashEntry () returning 0x%x\n", retn); #endif return (retn); } struct ArgusHashTableHeader * ArgusAddHashEntry (struct ArgusFlowStruct *flow) { struct ArgusHashTableHeader *retn = NULL, *start = NULL; if ((retn = (struct ArgusHashTableHeader *) ArgusCalloc (1, sizeof (struct ArgusHashTableHeader))) != NULL) { bcopy((char *) ArgusThisFlow, (char *)&retn->flow, sizeof (*ArgusThisFlow)); retn->flowobj = flow; retn->hash = ArgusThisHash; if ((start = ArgusHashTable.array[ArgusThisHash % ArgusHashTable.size]) != NULL) { retn->nxt = start; retn->prv = start->prv; retn->prv->nxt = retn; retn->nxt->prv = retn; } else retn->prv = retn->nxt = retn; ArgusHashTable.array[ArgusThisHash % ArgusHashTable.size] = retn; } #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusAddHashEntry (0x%x) returning 0x%x\n", flow, retn); #endif return (retn); } void ArgusRemoveHashEntry (struct ArgusHashTableHeader *htblhdr) { unsigned short hash = htblhdr->hash; htblhdr->prv->nxt = htblhdr->nxt; htblhdr->nxt->prv = htblhdr->prv; if (htblhdr == ArgusHashTable.array[hash % ArgusHashTable.size]) { if (htblhdr == htblhdr->nxt) ArgusHashTable.array[hash % ArgusHashTable.size] = NULL; else ArgusHashTable.array[hash % ArgusHashTable.size] = htblhdr->nxt; } ArgusFree (htblhdr); #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusRemoveHashEntry (0x%x) returning\n", htblhdr); #endif } struct ArgusSocketStruct * ArgusNewSocket (int fd) { struct ArgusSocketStruct *retn = NULL; if ((retn = ((struct ArgusSocketStruct *) ArgusCalloc (1, sizeof (struct ArgusSocketStruct)))) != NULL) { if ((retn->ArgusOutputList = ArgusNewList()) != NULL) { retn->fd = fd; fcntl (fd, F_SETFL, O_NONBLOCK); } else { ArgusFree(retn); retn = NULL; } } #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusNewSocket (%d) returning 0x%x\n", fd, retn); #endif return (retn); } void ArgusDeleteSocket (struct ArgusSocketStruct *asock) { while (asock->ArgusOutputList->count) if (ArgusWriteOutSocket(asock) < 0) break; ArgusDeleteList(asock->ArgusOutputList); close(asock->fd); if (asock->filename) free(asock->filename); ArgusFree (asock); #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusDeleteSocket (0x%x) returning\n", asock); #endif } #include #include #define ARGUS_MAXERROR 20000 #define ARGUS_MAXWRITENUM 2048 int ArgusMaxListLength = 262144; int ArgusReadSocket (struct ArgusSocketStruct *asock, ArgusHandler ArgusThisHandler, void *data) { int retn = 0, totalbyte = 0; int len = 0; if (asock->cnt == 0) { asock->ptr = asock->buf; asock->ahdr = (struct ArgusRecordHeader *) asock->ptr; } if (asock && (asock->fd >= 0)) { if ((retn = read (asock->fd, (asock->ptr + asock->cnt), (ARGUS_MAXRECORD - asock->cnt))) > 0) { #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusReadSocket(%d, 0x%x, %d) read %d bytes\n", asock->fd, (asock->ptr + asock->cnt), (ARGUS_MAXRECORD - asock->cnt), retn); #endif asock->cnt += retn; totalbyte += retn; } while (asock->cnt > sizeof(struct ArgusRecordHeader)) { len = ntohs(asock->ahdr->length); if (asock->cnt >= len) { ArgusThisHandler (asock, (unsigned char *) asock->ahdr, len, data); bzero (asock->ptr, len); asock->ptr += len; asock->cnt -= len; asock->ahdr = (struct ArgusRecordHeader *)asock->ptr; } else break; } if (asock->cnt && ((unsigned char *)asock->ahdr != asock->buf)) { unsigned char tmpbuf[ARGUS_MAXRECORD]; bcopy (asock->ptr, tmpbuf, asock->cnt); bzero (asock->ptr, asock->cnt); asock->ptr = asock->buf; bcopy (tmpbuf, asock->ptr, asock->cnt); asock->ahdr = (struct ArgusRecordHeader *) asock->ptr; } if ((retn < 0) && ((errno != EAGAIN) || (errno != EINTR))) { #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusReadSocket() read error %s\n", strerror(errno)); #endif } else retn = totalbyte; } #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusReadSocket(0x%x, 0x%x) returning %d\n", asock, ArgusThisHandler, retn); #endif return (retn); } int ArgusWriteSocket (struct ArgusSocketStruct *asock, unsigned char *buf, int cnt) { struct ArgusListStruct *list = asock->ArgusOutputList; struct ArgusRecordStruct *rec; struct stat statbuf; int retn = -1; if (asock->fd != -1) { if (ArgusListEmpty (list)) { if (asock->filename) { if ((stat (asock->filename, &statbuf)) < 0) { close(asock->fd); if ((asock->fd = open (asock->filename, O_WRONLY|O_APPEND|O_CREAT|O_NONBLOCK, 0644)) >= 0) { ArgusGenerateInitialMar(); ArgusSendOutputData(asock->fd, ArgusSystemMar); #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusWriteSocket: created outfile %s\n", asock->filename); #endif } else return (retn); } } if (((retn = write (asock->fd, buf, cnt)) < cnt)) { if (retn < 0) { if ((errno == EAGAIN) || (errno == EINTR) || ((errno == EPIPE) && !(asock->status & ARGUS_WAS_FUNCTIONAL))) retn = 0; else { ArgusLog (LOG_WARNING, "ArgusWriteSocket(0x%x, 0x%x, %d) error %s\n", asock, buf, cnt, strerror(errno)); return (retn); } } } else asock->status |= ARGUS_WAS_FUNCTIONAL; if (retn != cnt) { #ifdef ARGUSDEBUG struct ArgusRecordHeader *ahdr = (struct ArgusRecordHeader *) buf; ArgusDebug (5, "ArgusWriteSocket(0x%x, 0x%x, %d) queuing record %d\n", asock, buf, cnt, ntohl(ahdr->seqNumber)); #endif if ((rec = (struct ArgusRecordStruct *) ArgusCalloc (1, sizeof (*rec))) != NULL) { if ((rec->buf = ArgusCalloc (1, cnt)) != NULL) { bcopy((char *) buf, (char *) rec->buf, cnt); if ((rec->written = retn) < 0) rec->written = 0; rec->length = cnt; ArgusPushBackList (list, rec); } else ArgusLog (LOG_ERR, "ArgusWriteSocket(0x%x, 0x%x, %d) ArgusCalloc returned error %s\n", asock, buf, cnt, strerror(errno)); } else ArgusLog (LOG_ERR, "ArgusWriteSocket(0x%x, 0x%x, %d) ArgusCalloc returned error %s\n", asock, buf, cnt, strerror(errno)); } else { #ifdef ARGUSDEBUG struct ArgusRecordHeader *ahdr = (struct ArgusRecordHeader *) buf; ArgusDebug (5, "ArgusWriteSocket(0x%x, 0x%x, %d) wrote record %d\n", asock, buf, cnt, ntohl(ahdr->seqNumber)); #endif } } else { if (list->count >= ArgusMaxListLength) { #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusWriteSocket(0x%x, 0x%x, %d) queue full\n", asock, buf, cnt); #endif if (ArgusWriteOutSocket(asock) < 0) { #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusWriteSocket: ArgusWriteOutSocket(0x%x, 0x%x, %d) tossing records\n", asock, buf, cnt); #endif #define ARGUS_DROPRECORDNUM 4096 if (list->count >= ArgusMaxListLength) { struct ArgusRecordStruct *rec; int i; for (i = 0; i < ARGUS_DROPRECORDNUM; i++) { if ((rec = ArgusBackList(list)) != NULL) { ArgusPopBackList(list); if (rec->buf) { ArgusFree(rec->buf); rec->buf = NULL; } ArgusFree(rec); } } } } } if ((rec = (struct ArgusRecordStruct *) ArgusCalloc (1, sizeof (*rec))) != NULL) { if ((rec->buf = ArgusCalloc (1, cnt)) != NULL) { #ifdef ARGUSDEBUG struct ArgusRecordHeader *ahdr = (struct ArgusRecordHeader *) buf; ArgusDebug (5, "ArgusWriteSocket(0x%x, 0x%x, %d) queue record %d\n", asock, buf, cnt, ntohl(ahdr->seqNumber)); #endif retn = 0; bcopy((char *) buf, (char *) rec->buf, cnt); rec->written = 0; rec->length = cnt; ArgusPushBackList (list, rec); } else ArgusLog (LOG_ERR, "ArgusWriteSocket(0x%x, 0x%x, %d) ArgusCalloc returned error %s\n", asock, buf, cnt, strerror(errno)); } else ArgusLog (LOG_ERR, "ArgusWriteSocket(0x%x, 0x%x, %d) ArgusCalloc returned error %s\n", asock, buf, cnt, strerror(errno)); } } else { #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusWriteSocket (0x%x, 0x%x, %d) fd == %d\n", asock, buf, cnt, asock->fd); #endif } #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusWriteSocket (0x%x, 0x%x, %d) returning %d\n", asock, buf, cnt, retn); #endif return (retn); } #define ARGUS_LISTREPORTLEN 50000 #define ARGUS_LISTREPORTTIME 30 int ArgusWriteOutSocket (struct ArgusSocketStruct *asock) { struct ArgusListStruct *list = NULL; struct ArgusRecordStruct *rec; int retn = 0, count = ARGUS_MAXWRITENUM, totalbytes = 0, len; struct stat statbuf; unsigned char *ptr; if (asock && ((list = asock->ArgusOutputList) != NULL)) { if ((count = ArgusGetListCount(list)) > 0) { if (count > ARGUS_LISTREPORTLEN) { unsigned int reportime = list->reportTime.tv_sec + ARGUS_LISTREPORTTIME; if ((list->reportTime.tv_sec == 0) || ((reportime < ArgusGlobalTime.tv_sec) || ((reportime == ArgusGlobalTime.tv_sec) && ((list->reportTime.tv_usec) < ArgusGlobalTime.tv_usec)))) { list->reportTime = ArgusGlobalTime; ArgusLog (LOG_WARNING, "ArgusWriteOutSocket(0x%x) Queue Count %d\n", asock, count); } } if (count > ARGUS_MAXWRITENUM) count = ARGUS_MAXWRITENUM; while ((asock->fd != -1 ) && count--) { if ((rec = ArgusFrontList (list)) != NULL) { if ((ptr = (unsigned char *) rec->buf) != NULL) { if (!(rec->written)) { if (asock->filename) { if ((stat (asock->filename, &statbuf)) < 0) { close(asock->fd); if ((asock->fd = open (asock->filename, O_WRONLY|O_APPEND|O_CREAT|O_NONBLOCK, 0644)) >= 0) { ArgusGenerateInitialMar(); ArgusSendOutputData(asock->fd, ArgusSystemMar); #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusWriteSocket: created outfile %s\n", asock->filename); #endif } else ArgusLog (LOG_ERR, "ArgusWriteOutSocket(0x%x) failed to create file %s\n", asock, strerror(errno)); } } } len = rec->length - rec->written; if ((rec->written < rec->length) && ( rec->written >= 0)) { if ((retn = write(asock->fd, (unsigned char *)&ptr[rec->written], len)) >= 0) { asock->errornum = 0; totalbytes += retn; rec->written += retn; } else { if ((retn < 0) && !((errno == EAGAIN) || (errno == EINTR))) { #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusWriteOutSocket: write() failed\n", strerror(errno)); #endif } else { if (asock->errornum++ < ARGUS_MAXERROR) { if (asock->errornum > (ARGUS_MAXERROR >> 1)) usleep(2000); retn = 0; } } break; } } else if (rec->written < 0) rec->written = 0; if (rec->written >= rec->length) { #ifdef ARGUSDEBUG struct ArgusRecordHeader *ahdr = (struct ArgusRecordHeader *)rec->buf; if (ahdr) ArgusDebug (7, "ArgusWriteOutSocket: write (%d, 0x%x, %d) record %d complete\n", asock->fd, rec->buf, rec->length, ntohl(ahdr->seqNumber)); #endif list->outputTime = ArgusGlobalTime; ArgusPopFrontList (list); ArgusFree (rec->buf); ArgusFree (rec); rec = NULL; } } else { ArgusPopFrontList (list); ArgusFree (rec); rec = NULL; } } else { #ifdef ARGUSDEBUG ArgusDebug (7, "ArgusWriteOutSocket(0x%x): queue empty\n", asock); #endif break; } if (asock->errornum >= ARGUS_MAXERROR) { ArgusLog (LOG_WARNING, "ArgusWriteOutSocket(0x%x) Exceeded Maximum Errors\n", asock); retn = -1; break; } } if ((count = ArgusGetListCount(list)) > ArgusMaxListLength) { ArgusLog (LOG_WARNING, "ArgusWriteOutSocket(0x%x) Queue Exceeded Maximum Limit\n", asock); retn = -1; } } else { #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusWriteOutSocket(0x%x): queue empty\n"); #endif } } else { #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusWriteOutSocket(0x%x): asock or asock->ArgusOutputList NULL\n"); #endif retn = -1; } #ifdef ARGUSDEBUG if (list) ArgusDebug (5, "ArgusWriteOutSocket (0x%x) %d records waiting. returning %d\n", asock, list->count, retn); else ArgusDebug (5, "ArgusWriteOutSocket (0x%x) no list. returning %d\n", asock, list->count, retn); #endif return retn; } argus-2.0.6.fixes.1/server/ArgusUtil.h0000775000076600007660000001671710016412624013224 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1993, 1994 Carnegie Mellon University. * All rights reserved. * * Permission to use, copy, modify, and distribute this software and * its documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and * that both that copyright notice and this permission notice appear * in supporting documentation, and that the name of CMU not be * used in advertising or publicity pertaining to distribution of the * software without specific, written prior permission. * * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. * */ /* ArgusUtil.h */ #ifndef ArgusUtil_h #define ArgusUtil_h #include #include #include #include #include #include #include #include struct ArgusRecordStruct { int length, written; char *buf; }; struct ArgusListObjectStruct { struct ArgusListObjectStruct *nxt, *prv; void *obj; }; struct ArgusListStruct { struct ArgusListObjectStruct *start; struct timeval outputTime, reportTime; unsigned int count; }; #define ARGUS_PROCESS_NEXT_PASS 0x10 struct ArgusQueueHeader { struct ArgusQueueHeader *prv, *nxt; struct ArgusQueueStruct *queue; int status; struct timeval lasttime, logtime; }; struct ArgusQueueStruct { int count; struct ArgusQueueHeader *start; struct ArgusFlowStruct **array; }; #define ARGUS_READINGHDR 1 #define ARGUS_READINGBLOCK 2 #define ARGUS_MAXRECORDS 1024 #define ARGUS_WAS_FUNCTIONAL 0x10 #define ARGUS_SOCKET_COMPLETE 0x20 #define ARGUS_MAXRECORD 0x10000 struct ArgusSocketStruct { struct ArgusListStruct *ArgusOutputList; int fd, status, cnt, expectedSize, errornum; int ArgusLastRecord, ArgusReadState; unsigned char buf[ARGUS_MAXRECORD], *ptr; struct ArgusRecordHeader *ahdr; struct sockaddr sock; char *filename; }; typedef int (*ArgusHandler)(struct ArgusSocketStruct *, unsigned char *, int, void *); #if defined(ArgusUtil) #if defined(_LITTLE_ENDIAN) void ArgusNtoH (struct ArgusRecord *); void ArgusHtoN (struct ArgusRecord *); #endif void *ArgusCalloc (int, int); void ArgusFree (void *); unsigned long long ArgusAbsTimeDiff (struct timeval *, struct timeval *); struct ArgusListStruct *ArgusNewList(void); void ArgusDeleteList(struct ArgusListStruct *); int ArgusListEmpty (struct ArgusListStruct *); int ArgusGetListCount (struct ArgusListStruct *); void *ArgusFrontList (struct ArgusListStruct *); void *ArgusBackList (struct ArgusListStruct *); void ArgusPushFrontList(struct ArgusListStruct *, void *); void ArgusPopFrontList (struct ArgusListStruct *); void ArgusPushBackList (struct ArgusListStruct *, void *); void ArgusPopBackList (struct ArgusListStruct *); struct ArgusQueueStruct *ArgusNewQueue (void); void ArgusDeleteQueue (struct ArgusQueueStruct *); int ArgusGetQueueCount(struct ArgusQueueStruct *); void ArgusPushQueue(struct ArgusQueueStruct *, struct ArgusFlowStruct *); int ArgusAddToQueue(struct ArgusQueueStruct *, struct ArgusFlowStruct *); struct ArgusFlowStruct *ArgusPopQueue(struct ArgusQueueStruct *); struct ArgusFlowStruct *ArgusRemoveFromQueue(struct ArgusQueueStruct *, struct ArgusFlowStruct *); int ArgusCheckTimeout(struct ArgusFlowStruct *obj); void ArgusProcessQueue(struct ArgusQueueStruct *, unsigned char state); void ArgusEmptyQueue(struct ArgusQueueStruct *); void ArgusDeleteObject(struct ArgusFlowStruct *); struct ArgusHashTableHeader *ArgusFindHashObject (void); extern struct ArgusHashTableHeader *ArgusAddHashEntry (struct ArgusFlowStruct *); void ArgusRemoveHashEntry (struct ArgusHashTableHeader *); struct ArgusSocketStruct * ArgusNewSocket (int fd); void ArgusDeleteSocket (struct ArgusSocketStruct *); int ArgusReadSocket (struct ArgusSocketStruct *, ArgusHandler, void *); int ArgusWriteSocket (struct ArgusSocketStruct *, unsigned char *, int); int ArgusWriteOutSocket (struct ArgusSocketStruct *); char *ArgusGetFlowString (struct ArgusFlowStruct *); int Argusdflag = 0; #ifdef ARGUSDEBUG extern void ArgusDebug (int, char *, ...); #endif #else #if defined(_LITTLE_ENDIAN) extern void ArgusNtoH (struct ArgusRecord *); extern void ArgusHtoN (struct ArgusRecord *); #endif extern void *ArgusCalloc (int, int); extern void ArgusFree (void *); extern long long ArgusAbsTimeDiff (struct timeval *, struct timeval *); extern struct ArgusListStruct *ArgusNewList(void); extern void ArgusDeleteList(struct ArgusListStruct *); extern int ArgusListEmpty (struct ArgusListStruct *); extern int ArgusGetListCount (struct ArgusListStruct *); extern void *ArgusFrontList (struct ArgusListStruct *); extern void ArgusPushFrontList(struct ArgusListStruct *, void *); extern void ArgusPopFrontList (struct ArgusListStruct *); extern void ArgusPushBackList (struct ArgusListStruct *, void *); extern void ArgusPopBackList (struct ArgusListStruct *); extern struct ArgusQueueStruct *ArgusNewQueue (void); extern int ArgusDeleteQueue (struct ArgusQueueStruct *); extern int ArgusGetQueueCount(struct ArgusQueueStruct *); extern void ArgusPushQueue(struct ArgusQueueStruct *, struct ArgusFlowStruct *); extern int ArgusAddToQueue(struct ArgusQueueStruct *, struct ArgusFlowStruct *); extern struct ArgusFlowStruct *ArgusPopQueue(struct ArgusQueueStruct *); extern struct ArgusFlowStruct *ArgusRemoveFromQueue(struct ArgusQueueStruct *, struct ArgusFlowStruct *); extern int ArgusCheckTimeout(struct ArgusFlowStruct *obj); extern void ArgusProcessQueue(struct ArgusQueueStruct *, unsigned char state); extern void ArgusEmptyQueue(struct ArgusQueueStruct *); extern void ArgusDeleteObject(struct ArgusFlowStruct *obj); extern struct ArgusHashTableHeader *ArgusFindHashObject (void); extern struct ArgusHashTableHeader *ArgusAddHashEntry (struct ArgusFlowStruct *); extern void ArgusRemoveHashEntry (struct ArgusHashTableHeader *); extern struct ArgusSocketStruct * ArgusNewSocket (int fd); extern void ArgusDeleteSocket (struct ArgusSocketStruct *); extern int ArgusReadSocket (struct ArgusSocketStruct *, ArgusHandler, void *); extern int ArgusWriteSocket (struct ArgusSocketStruct *, unsigned char *, int); extern int ArgusWriteOutSocket (struct ArgusSocketStruct *); extern char *ArgusGetFlowString (struct ArgusFlowStruct *); extern int Argusdflag; #ifdef ARGUSDEBUG extern void ArgusDebug (int, char *, ...); #endif #endif #endif argus-2.0.6.fixes.1/server/Argus_app.c0000775000076600007660000004163310016412624013214 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ #ifndef ArgusApp #define ArgusApp #endif #include #include #include #include u_char ArgusUpdateHTTPState (struct ArgusFlowStruct *, unsigned char *); u_char ArgusUpdateRTPState (struct ArgusFlowStruct *, unsigned char *); void ArgusUpdateAppState (struct ArgusFlowStruct *flowstr, unsigned char *state) { struct ArgusUserObject *user = NULL; struct ArgusUserDataObject *ArgusThisUser; struct ArgusIPFlow *ipflow = NULL; struct ArgusFlowStats *ArgusThisStat = NULL; int len = 0, thislen = 0, ArgusThisUserLength; ipflow = (struct ArgusIPFlow *) &flowstr->flow; if (ArgusThisLength > 0) { if (flowstr->state.rev == ArgusThisDir) ArgusThisStat = &flowstr->state.src; else ArgusThisStat = &flowstr->state.dst; ArgusThisStat->appbytes += ArgusThisLength; } if (*state == ARGUS_START) { flowstr->state.status &= ~ARGUS_CONNECTED; if ((len = getArgusUserDataLen()) > 0) { if ((user = (void *) ArgusCalloc (1, sizeof(*user))) != NULL) { if (flowstr->UserDSRBuffer != NULL) { if (((struct ArgusUserObject *)flowstr->UserDSRBuffer)->src.array != NULL) ArgusFree (((struct ArgusUserObject *)flowstr->UserDSRBuffer)->src.array); if (((struct ArgusUserObject *)flowstr->UserDSRBuffer)->dst.array != NULL) ArgusFree (((struct ArgusUserObject *)flowstr->UserDSRBuffer)->dst.array); ArgusFree(flowstr->UserDSRBuffer); } flowstr->UserDSRBuffer = user; if ((user->src.array = (char *) ArgusCalloc (1, len)) == NULL) ArgusLog (LOG_ERR, "ArgusUpdateAppState(0x%x, %d) ArgusCalloc failed %s", strerror(errno)); user->src.count = 0; user->src.size = len; if ((user->dst.array = (char *) ArgusCalloc (1, len)) == NULL) ArgusLog (LOG_ERR, "ArgusUpdateAppState(0x%x, %d) ArgusCalloc failed %s", strerror(errno)); user->dst.count = 0; user->dst.size = len; } if (flowstr->state.rev == ArgusThisDir) ArgusThisUser = &user->src; else ArgusThisUser = &user->dst; ArgusThisUserLength = (ArgusThisLength < ArgusSnapLength) ? ArgusThisLength : ArgusSnapLength; if ((thislen = (ArgusThisUserLength < (ArgusThisUser->size - ArgusThisUser->count)) ? ArgusThisUserLength : (ArgusThisUser->size - ArgusThisUser->count)) > 0) { if (BYTESCAPTURED(ArgusThisUpHdr, thislen)) { bcopy (ArgusThisUpHdr, (char *)&ArgusThisUser->array[ArgusThisUser->count], thislen); ArgusThisUser->count += thislen; } } } } else { if ((user = (struct ArgusUserObject *) flowstr->UserDSRBuffer) != NULL) { if (flowstr->state.rev == ArgusThisDir) { ArgusThisUser = &user->src; } else ArgusThisUser = &user->dst; ArgusThisUserLength = (ArgusThisLength < ArgusSnapLength) ? ArgusThisLength : ArgusSnapLength; if (ArgusThisUser->count < ArgusThisUser->size) { if ((thislen = (ArgusThisUserLength < (ArgusThisUser->size - ArgusThisUser->count)) ? ArgusThisUserLength : (ArgusThisUser->size - ArgusThisUser->count)) > 0) { if (BYTESCAPTURED(ArgusThisUpHdr, thislen)) { bcopy (ArgusThisUpHdr, (char *)&ArgusThisUser->array[ArgusThisUser->count], thislen); ArgusThisUser->count += thislen; } } } } if (flowstr->state.src.count && flowstr->state.dst.count) flowstr->state.status |= ARGUS_CONNECTED; else flowstr->state.status &= ~ARGUS_CONNECTED; } if (ArgusThisIpHdr && ((ArgusThisNetworkFlowType & 0xFFFF) == ETHERTYPE_IP)) { if (*state == ARGUS_START) { struct rtphdr *rtp; struct rtcphdr *rtcp; #if defined(LBL_ALIGN) if ((long) ArgusThisUpHdr & (sizeof (long) - 1)) { bcopy ((unsigned char *) ArgusThisUpHdr, (unsigned char *) ArgusAlignBuf, ArgusSnapLength); ArgusThisUpHdr = (unsigned char *) ArgusAlignBuf; ArgusThisSnapEnd = ArgusAlignBuf + ArgusSnapLength; } #endif rtp = (struct rtphdr *) ArgusThisUpHdr; rtcp = (struct rtcphdr *) ArgusThisUpHdr; if (STRUCTCAPTURED(*rtp) && (rtp->rh_ver == 2)) { if ((rtcp->rh_pt == 200) || (rtcp->rh_pt == 201)) { struct ArgusRTCPObject *rtcpObject = NULL; ipflow->tp_p = ARGUS_RTCP_FLOWTAG; if ((rtcpObject = (void *) ArgusCalloc(1, sizeof(struct ArgusRTCPObject))) != NULL) { rtcpObject->type = ARGUS_RTCP_DSR; rtcpObject->length = sizeof(*rtcpObject); rtcpObject->status = ARGUS_START; if (flowstr->state.rev == ArgusThisDir) { bcopy ((char *) rtcp, (char *)&rtcpObject->src, sizeof(*rtcp)); rtcpObject->src.rh_len = ntohs(rtcpObject->src.rh_len); rtcpObject->src.rh_ssrc = ntohl(rtcpObject->src.rh_ssrc); } else { bcopy ((char *) rtcp, (char *)&rtcpObject->dst, sizeof(*rtcp)); rtcpObject->dst.rh_len = ntohs(rtcpObject->dst.rh_len); rtcpObject->dst.rh_ssrc = ntohl(rtcpObject->dst.rh_ssrc); } if (flowstr->TransportDSRBuffer != NULL) ArgusFree(flowstr->TransportDSRBuffer); flowstr->TransportDSRBuffer = rtcpObject; } } else if (rtp->rh_pt < 128) { struct ArgusRTPObject *rtpObject = NULL; ipflow->tp_p = ARGUS_RTP_FLOWTAG; if ((rtpObject = (void *) ArgusCalloc(1, sizeof(struct ArgusRTPObject))) != NULL) { rtpObject->type = ARGUS_RTP_DSR; rtpObject->length = sizeof(*rtpObject); rtpObject->status = ARGUS_START; if (flowstr->state.rev == ArgusThisDir) { bcopy ((char *) rtp, (char *)&rtpObject->src, sizeof(*rtp)); rtpObject->src.rh_seq = ntohs(rtpObject->src.rh_seq); rtpObject->src.rh_time = ntohl(rtpObject->src.rh_time); rtpObject->src.rh_ssrc = ntohl(rtpObject->src.rh_ssrc); } else { bcopy ((char *) rtp, (char *)&rtpObject->dst, sizeof(*rtp)); rtpObject->dst.rh_seq = ntohs(rtpObject->dst.rh_seq); rtpObject->dst.rh_time = ntohl(rtpObject->dst.rh_time); rtpObject->dst.rh_ssrc = ntohl(rtpObject->dst.rh_ssrc); } if (flowstr->TransportDSRBuffer != NULL) ArgusFree(flowstr->TransportDSRBuffer); flowstr->TransportDSRBuffer = rtpObject; } } } } else { if (ipflow->tp_p == 0) { } else { switch (ipflow->tp_p) { case ARGUS_HTTP_FLOWTAG: ArgusUpdateHTTPState(flowstr, state); break; case ARGUS_RTP_FLOWTAG: case ARGUS_RTCP_FLOWTAG: ArgusUpdateRTPState(flowstr, state); break; default: break; } } } } #ifdef ARGUSDEBUG ArgusDebug (6, "ArgusUpdateAppState(0x%x, %d) returning\n", flowstr, state); #endif } u_char ArgusUpdateHTTPState (struct ArgusFlowStruct *flowstr, unsigned char *state) { u_char retn = 0; #ifdef ARGUSDEBUG ArgusDebug (7, "ArgusUpdateHTTPState(0x%x, %d) returning\n", flowstr, state); #endif return(retn); } u_char ArgusUpdateRTPState (struct ArgusFlowStruct *flowstr, unsigned char *state) { u_char retn = 0; struct ArgusIPFlow *ipflow = NULL; ipflow = (struct ArgusIPFlow *) &flowstr->flow; switch (ipflow->tp_p) { case ARGUS_RTP_FLOWTAG: { struct ArgusRTPObject *rtpObject = (struct ArgusRTPObject *) flowstr->TransportDSRBuffer; struct rtphdr *rtp = (struct rtphdr *) ArgusThisUpHdr; struct rtphdr *ArgusThisRtpHdr = NULL; if (rtpObject && (STRUCTCAPTURED(*rtp) && !((long) rtp & (sizeof (short) - 1)))) { if (flowstr->state.rev == ArgusThisDir) ArgusThisRtpHdr = &rtpObject->src; else ArgusThisRtpHdr = &rtpObject->dst; if (rtp->rh_ver == 2) { rtp->rh_seq = ntohs(rtp->rh_seq); rtp->rh_time = ntohl(rtp->rh_time); rtp->rh_ssrc = ntohl(rtp->rh_ssrc); if (ArgusThisRtpHdr->rh_ver != 2) { bcopy ((char *) rtp, (char *) ArgusThisRtpHdr, sizeof(*rtp)); } else { if (!(rtp->rh_ssrc) || (ArgusThisRtpHdr->rh_ssrc != rtp->rh_ssrc)) ipflow->tp_p = 0; if (ArgusThisRtpHdr->rh_seq == (rtp->rh_seq)) ipflow->tp_p = 0; if (rtp->rh_x) { struct rtpexthdr *xhdr = (struct rtpexthdr *) (rtp + 1); if ((xhdr->length > ArgusThisLength) || (xhdr->length < (ArgusThisLength - 4))) ipflow->tp_p = 0; } } if (ipflow->tp_p == ARGUS_RTP_FLOWTAG) { int offset = ((rtp->rh_cc > 15) ? 15 : rtp->rh_cc) << 2; if (ArgusThisRtpHdr->rh_seq != (rtp->rh_seq - 1)) { if (rtp->rh_seq < ArgusThisRtpHdr->rh_seq) { if ((ArgusThisRtpHdr->rh_seq - rtp->rh_seq) < 0x7FFFFFFF) { if (flowstr->state.rev == ArgusThisDir) { if (rtpObject->sdrop > 0) { rtpObject->sdrop--; } } else { if (rtpObject->ddrop > 0) { rtpObject->ddrop--; } } } } else { if (rtp->rh_seq > ArgusThisRtpHdr->rh_seq) { if (flowstr->state.rev == ArgusThisDir) rtpObject->sdrop += rtp->rh_seq - (ArgusThisRtpHdr->rh_seq + 1); else rtpObject->ddrop += rtp->rh_seq - (ArgusThisRtpHdr->rh_seq + 1); } } } bcopy ((char *) rtp, (char *) ArgusThisRtpHdr, sizeof(*rtp)); ArgusThisUpHdr = (unsigned char *)(rtp + 1) + offset; ArgusThisLength -= (sizeof(struct rtphdr) + offset); ArgusSnapLength -= (sizeof(struct rtphdr) + offset); rtpObject->status &= ~ARGUS_START; if (rtp->rh_x) { struct rtpexthdr *ext = (struct rtpexthdr *)ArgusThisUpHdr; offset = sizeof(struct rtpexthdr) + ntohs(ext->length); ArgusThisLength -= offset; ArgusSnapLength -= offset; ArgusThisUpHdr += offset; } switch (rtp->rh_pt) { case ARGUS_RTP_PCMU: case ARGUS_RTP_PCMA: case ARGUS_RTP_G722: case ARGUS_RTP_G728: case ARGUS_RTP_G729: if ((ArgusThisLength == 0) || ((ArgusThisLength % 10) != 0)) { ArgusInProtocol = 0; if (flowstr->state.rev == ArgusThisDir) rtpObject->status |= ARGUS_RTP_SRCSILENCE; else rtpObject->status |= ARGUS_RTP_DSTSILENCE; } else if (rtp->rh_mark) ArgusInProtocol = 0; break; case ARGUS_RTP_G723: if ((ArgusThisLength == 0) || (ArgusThisLength == 4)) { ArgusInProtocol = 0; if (flowstr->state.rev == ArgusThisDir) rtpObject->status |= ARGUS_RTP_SRCSILENCE; else rtpObject->status |= ARGUS_RTP_DSTSILENCE; } else if (rtp->rh_mark) ArgusInProtocol = 0; break; case ARGUS_RTP_H261: case ARGUS_RTP_H263: break; } } else { ArgusFree(flowstr->TransportDSRBuffer); flowstr->TransportDSRBuffer = NULL; } } else ipflow->tp_p = 0; break; } else ipflow->tp_p = 0; } case ARGUS_RTCP_FLOWTAG: { struct ArgusRTCPObject *rtcpObject = (struct ArgusRTCPObject *) flowstr->TransportDSRBuffer; struct rtcphdr *rtcp = (struct rtcphdr *) ArgusThisUpHdr; struct rtcphdr *ArgusThisRtcpHdr = NULL; if (rtcpObject != NULL) { if (flowstr->state.rev == ArgusThisDir) ArgusThisRtcpHdr = &rtcpObject->src; else ArgusThisRtcpHdr = &rtcpObject->dst; if (rtcpObject && (STRUCTCAPTURED(*rtcp) && !((long) rtcp & (sizeof (short) - 1)))) { if (rtcp->rh_ver == 2) { if (ArgusThisRtcpHdr->rh_ssrc == 0) { bcopy ((char *) rtcp, (char *) ArgusThisRtcpHdr, sizeof(*rtcp)); ArgusThisRtcpHdr->rh_len = ntohs(ArgusThisRtcpHdr->rh_len); ArgusThisRtcpHdr->rh_ssrc = ntohl(ArgusThisRtcpHdr->rh_ssrc); if (ArgusThisRtcpHdr->rh_ssrc == 0) ipflow->tp_p = 0; } else if (ArgusThisRtcpHdr->rh_ssrc != ntohl(rtcp->rh_ssrc)) ipflow->tp_p = 0; } else ipflow->tp_p = 0; if (ipflow->tp_p == ARGUS_RTCP_FLOWTAG) rtcpObject->status &= ~ARGUS_START; } } } } if ((ipflow->tp_p == 0) && (flowstr->TransportDSRBuffer != NULL)) { ArgusFree(flowstr->TransportDSRBuffer); flowstr->TransportDSRBuffer = NULL; } #ifdef ARGUSDEBUG ArgusDebug (7, "ArgusUpdateRTPState(0x%x, %d) returning\n", flowstr, state); #endif return(retn); } #include void ArgusUserDataFlowRecord (struct ArgusFlowStruct *flow, struct ArgusRecord *argus, unsigned char state) { struct ArgusUserObject *user = (struct ArgusUserObject *) flow->UserDSRBuffer; struct ArgusUserStruct *buf; short length; int len; if (user && ((length = argus->ahdr.length) > 0)) { if ((len = user->src.count) > 0) { len = (((len + 3)/4) * 4); if ((buf = (void *) ArgusCalloc (1, 4 + user->src.count)) != NULL) { buf->type = ARGUS_SRCUSRDATA_DSR; buf->length = (4 + len) / 4; bcopy (user->src.array, &buf->data, user->src.count); bcopy ((char *)buf, &((char *)argus)[argus->ahdr.length], (buf->length * 4)); argus->ahdr.length += (buf->length * 4); ArgusFree(buf); } } if ((len = user->dst.count) > 0) { len = (((len + 3)/4) * 4); if ((buf = (void *) ArgusCalloc (1, 4 + user->dst.count)) != NULL) { buf->type = ARGUS_DSTUSRDATA_DSR; buf->length = (4 + len) / 4; bcopy (user->dst.array, &buf->data, user->dst.count); bcopy ((char *)buf, &((char *)argus)[argus->ahdr.length], (buf->length * 4)); argus->ahdr.length += (buf->length * 4); ArgusFree(buf); } } if (user->src.array) ArgusFree(user->src.array); if (user->dst.array) ArgusFree(user->dst.array); ArgusFree(flow->UserDSRBuffer); flow->UserDSRBuffer = NULL; } } argus-2.0.6.fixes.1/server/Argus_arp.c0000775000076600007660000001134110044512361013207 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ #ifndef ArgusArp #define ArgusArp #endif #include #include #if !defined(__OpenBSD__) #include #endif #include #include #ifndef REVARP_REQUEST #define REVARP_REQUEST 3 #endif #ifndef REVARP_REPLY #define REVARP_REPLY 4 #endif void ArgusUpdateArpState (struct ArgusFlowStruct *flowstr, unsigned char *state) { struct ether_arp *arp = (struct ether_arp *)(ArgusThisEpHdr + 1); struct ArgusARPObject *arpobj = NULL; ArgusTallyTime (flowstr, *state); if (STRUCTCAPTURED(*arp)) { ArgusThisLength -= sizeof(*arp); ArgusSnapLength -= sizeof(*arp); ArgusThisUpHdr = (unsigned char *)(arp + 1); ArgusUpdateAppState (flowstr, state); if (*state == ARGUS_START) { if (flowstr->NetworkDSRBuffer != NULL) ArgusFree(flowstr->NetworkDSRBuffer); if ((arpobj = (void *) ArgusCalloc (1, sizeof(struct ArgusARPObject))) == NULL) ArgusLog (LOG_ERR, "ArgusNewFlow: ArgusCalloc %s", strerror(errno)); else flowstr->NetworkDSRBuffer = (void *) arpobj; } else arpobj = (void *) flowstr->NetworkDSRBuffer; switch (arp->arp_op) { case ARPOP_REQUEST: ArgusInProtocol = 0; break; case ARPOP_REPLY: bcopy ((unsigned char *)&SHA(arp), arpobj->respaddr, 6); break; } } } int ArgusCreateArpFlow (struct ether_arp *arp) { int retn = 0; unsigned char *srcehost = NULL; unsigned char *tarehost = NULL; unsigned int arp_tpa, arp_spa; ArgusThisUpHdr = (unsigned char *) arp; if (STRUCTCAPTURED(*arp)) { #ifdef _LITTLE_ENDIAN arp->arp_hrd = ntohs(arp->arp_hrd); arp->arp_pro = ntohs(arp->arp_pro); arp->arp_op = ntohs(arp->arp_op); #endif switch (arp->arp_op) { case ARPOP_REQUEST: srcehost = (unsigned char *) &ArgusThisEpHdr->ether_shost; bcopy ((char *)&arp->arp_tpa, &arp_tpa, sizeof(arp_tpa)); bcopy ((char *)&arp->arp_spa, &arp_spa, sizeof(arp_spa)); if (arp_spa > arp_tpa) ArgusThisDir = 1; bcopy (srcehost, ArgusThisFlow->arp_flow.etheraddr, sizeof (ArgusThisFlow->arp_flow.etheraddr)); #ifdef _LITTLE_ENDIAN arp_tpa = ntohl(arp_tpa); arp_spa = ntohl(arp_spa); #endif ArgusThisFlow->arp_flow.arp_tpa = arp_tpa; ArgusThisFlow->arp_flow.arp_spa = arp_spa; break; case ARPOP_REPLY: srcehost = (unsigned char *) &ArgusThisEpHdr->ether_dhost; bcopy ((char *)&arp->arp_spa, &arp_tpa, sizeof(arp_tpa)); bcopy ((char *)&arp->arp_tpa, &arp_spa, sizeof(arp_spa)); if (arp_tpa > arp_spa) ArgusThisDir = 1; bcopy (srcehost, ArgusThisFlow->arp_flow.etheraddr, sizeof (ArgusThisFlow->arp_flow.etheraddr)); #ifdef _LITTLE_ENDIAN arp_tpa = ntohl(arp_tpa); arp_spa = ntohl(arp_spa); #endif ArgusThisFlow->arp_flow.arp_tpa = arp_tpa; ArgusThisFlow->arp_flow.arp_spa = arp_spa; break; case REVARP_REQUEST: srcehost = (unsigned char *)&SHA(arp); tarehost = (unsigned char *)&THA(arp); bcopy (srcehost, ArgusThisFlow->rarp_flow.srceaddr, sizeof (ArgusThisFlow->rarp_flow.srceaddr)); bcopy (tarehost, ArgusThisFlow->rarp_flow.tareaddr, sizeof (ArgusThisFlow->rarp_flow.tareaddr)); break; case REVARP_REPLY: srcehost = (unsigned char *)&SHA(arp); tarehost = (unsigned char *)&THA(arp); bcopy (srcehost, ArgusThisFlow->rarp_flow.srceaddr, sizeof (ArgusThisFlow->rarp_flow.srceaddr)); bcopy (tarehost, ArgusThisFlow->rarp_flow.tareaddr, sizeof (ArgusThisFlow->rarp_flow.tareaddr)); break; } retn = 1; } #ifdef ARGUSDEBUG ArgusDebug (8, "ArgusCreateArpFlow (0x%x) returning %d\n", arp, retn); #endif return (retn); } argus-2.0.6.fixes.1/server/Argus_esp.c0000775000076600007660000001050310016412624013213 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ #ifndef ArgusEsp #define ArgusEsp #endif #include #include #include #include struct esphdr { unsigned int spi, seq; }; int ArgusCreateESPFlow (struct ip *ip) { int retn = 0; struct ArgusESPFlow *espFlow = &ArgusThisFlow->esp_flow; struct esphdr *esp = (struct esphdr *) ArgusThisUpHdr; ArgusThisDir = 0; if (STRUCTCAPTURED(*esp)) { espFlow->ip_src = ip->ip_src.s_addr; espFlow->ip_dst = ip->ip_dst.s_addr; espFlow->ip_p = ip->ip_p; espFlow->spi = esp->spi; #ifdef _LITTLE_ENDIAN espFlow->spi = ntohl(espFlow->spi); #endif if (espFlow->ip_src < espFlow->ip_dst) { espFlow->ip_src = ip->ip_dst.s_addr; espFlow->ip_dst = ip->ip_src.s_addr; ArgusThisDir = 1; } retn = 1; } #ifdef ARGUSDEBUG ArgusDebug (4, "ArgusCreateESPFlow(0x%x) returning %d\n", ip, retn); #endif return (retn); } void ArgusUpdateESPState (struct ArgusFlowStruct *flowstr, unsigned char *state) { struct esphdr *esp = (struct esphdr *) ArgusThisUpHdr; struct ArgusESPStruct *espObject = NULL; struct ArgusESPObject *ArgusThisEsp; ArgusTallyTime (flowstr, *state); if (STRUCTCAPTURED(*esp)) { #ifdef _LITTLE_ENDIAN esp->spi = ntohl(esp->spi); esp->seq = ntohl(esp->seq); #endif if (*state == ARGUS_START) { if (flowstr->TransportDSRBuffer) ArgusFree(flowstr->TransportDSRBuffer); if ((flowstr->TransportDSRBuffer = (struct ArgusESPStruct *) ArgusCalloc (1, sizeof (struct ArgusESPStruct))) == NULL) { ArgusLog (LOG_ERR, "%s: ArgusUpdateEspState: ArgusCalloc failed %s\n", ArgusProgramName, strerror(errno)); } else { espObject = flowstr->TransportDSRBuffer; espObject->type = ARGUS_ESP_DSR; espObject->length = sizeof(*espObject); espObject->status = ARGUS_START; } espObject->src.spi = esp->spi; espObject->dst.spi = esp->spi; if (flowstr->state.rev == ArgusThisDir) ArgusThisEsp = &espObject->src; else ArgusThisEsp = &espObject->dst; ArgusThisEsp->lastseq = esp->seq; } else { flowstr->ArgusTimeout = ARGUS_IPTIMEOUT; if ((espObject = flowstr->TransportDSRBuffer) != NULL) { if (flowstr->state.rev == ArgusThisDir) ArgusThisEsp = &espObject->src; else ArgusThisEsp = &espObject->dst; if (esp->spi == ArgusThisEsp->spi) { if (ArgusThisEsp->lastseq && (esp->seq != (ArgusThisEsp->lastseq + 1))) { ArgusThisEsp->lostseq++; espObject->status |= ARGUS_SRC_PKTS_RETRANS; } ArgusThisEsp->lastseq = esp->seq; } } } } #ifdef ARGUSDEBUG ArgusDebug (8, "ArgusUpdateESPState(0x%x, %d) returning\n", flowstr, *state); #endif } #include void ArgusESPFlowRecord (struct ArgusFlowStruct *flow, struct ArgusRecord *argus, unsigned char state) { int length = 0; struct ArgusESPStruct *esp = (struct ArgusESPStruct *) flow->TransportDSRBuffer; if (esp && ((length = argus->ahdr.length) > 0)) { bcopy ((char *)esp, &((char *)argus)[argus->ahdr.length], sizeof(*esp)); argus->ahdr.length += sizeof(*esp); esp->src.lostseq = 0; esp->dst.lostseq = 0; } #ifdef ARGUSDEBUG ArgusDebug (4, "ArgusESPFlowRecord(0x%x, 0x%x, %d) returning\n", flow, argus, state); #endif } argus-2.0.6.fixes.1/server/Argus_frag.c0000775000076600007660000003127610016412624013355 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ #ifndef ArgusFrag #define ArgusFrag #endif #include #include #include #include int ArgusCreateFRAGFlow (struct ip *ip) { int retn = 0, i, len; unsigned short hash = 0, *ptr = (unsigned short *) ArgusThisFlow; if (STRUCTCAPTURED(*ip)) { ArgusThisFlow->ip_flow.ip_src = ip->ip_src.s_addr; ArgusThisFlow->ip_flow.ip_dst = ip->ip_dst.s_addr; ArgusThisFlow->ip_flow.ip_p = ip->ip_p; ArgusThisFlow->ip_flow.tp_p = ARGUS_FRAG_FLOWTAG; ArgusThisFlow->ip_flow.sport = 0xFFFF; ArgusThisFlow->ip_flow.dport = 0xFFFF; ArgusThisFlow->ip_flow.ip_id = ip->ip_id; for (i = 0, len = (sizeof(*ArgusThisFlow)) / sizeof(unsigned short); i < len; i++) hash += *ptr++; ArgusThisDir = 0; ArgusThisHash = hash; retn = 1; } #ifdef ARGUSDEBUG ArgusDebug (4, "ArgusCreateFragFlow() returning %d\n", retn); #endif return (retn); } struct ArgusFlowStruct * ArgusNewFragFlow () { struct ArgusFlowStruct *retn = NULL; struct ArgusFragExtensionBuffer *frag = NULL; int len; if ((retn = (struct ArgusFlowStruct *) ArgusCalloc (1, sizeof (struct ArgusFlowStruct))) != NULL) { ArgusTotalFrags++; retn->ArgusTimeout = ARGUS_IPFRAGTIMEOUT; retn->state.src.idle.min = 0x7FFFFFFF; retn->state.dst.idle.min = 0x7FFFFFFF; retn->state.src.active.min = 0x7FFFFFFF; retn->state.dst.active.min = 0x7FFFFFFF; retn->state.startime = ArgusGlobalTime; retn->state.lasttime = ArgusGlobalTime; retn->qhdr.lasttime = ArgusGlobalTime; retn->qhdr.logtime = ArgusGlobalTime; retn->state.src.status |= ARGUS_FRAGMENTS; retn->ArgusFlowType = ArgusThisNetworkFlowType; bcopy((char *)ArgusThisFlow, (char *)&retn->flow, sizeof(*ArgusThisFlow)); if (ArgusThisPacketLLCEncaps) retn->ArgusFlowType |= ARGUS_SNAPENCAPS; if ((retn->htblhdr = ArgusAddHashEntry (retn)) != NULL) ArgusAddToQueue(ArgusFlowQueue, retn); else ArgusLog (LOG_ERR, "ArgusAddHashEntry failed %s\n", strerror(errno)); if ((frag = (struct ArgusFragExtensionBuffer *) ArgusCalloc (1, sizeof(*frag))) != NULL) { retn->FragDSRBuffer = frag; bcopy((char *)ArgusThisFlow, (char *)&frag->flow, sizeof(*ArgusThisFlow)); if ((len = getArgusUserDataLen()) > 0) { if ((frag->user = ArgusCalloc (1, sizeof(struct ArgusUserDataObject))) != NULL) { if ((frag->user->array = ArgusCalloc (1, len)) != NULL) { frag->user->size = len; } else ArgusLog (LOG_ERR, "ArgusNewFragFlow: ArgusCalloc failed %s\n", strerror(errno)); } else ArgusLog (LOG_ERR, "ArgusNewFragFlow: ArgusCalloc failed %s\n", strerror(errno)); } } else ArgusLog (LOG_ERR, "ArgusNewFragFlow: ArgusCalloc failed %s\n", strerror(errno)); } else ArgusLog (LOG_ERR, "ArgusCalloc failed %s\n", strerror(errno)); #ifdef ARGUSDEBUG ArgusDebug (4, "ArgusNewFragFlow() returning 0x%x\n", retn); #endif return (retn); } void ArgusUpdateFRAGState (struct ArgusFlowStruct *flowstr, unsigned char *state) { struct ArgusFragExtensionBuffer *fragBuf = NULL; struct ArgusFragOffsetStruct *fragOffset = NULL, *thisFragOffset = NULL; int offset = (ArgusThisIpHdr->ip_off & 0x1fff) << 3; int length = ArgusThisLength, newbytes = 1, len = 0, count = 0; int end = offset + length; char *ptr; ArgusTallyTime (flowstr, *state); if ((fragBuf = (struct ArgusFragExtensionBuffer *) flowstr->FragDSRBuffer) != NULL) { if (((ArgusThisIpHdr->ip_off & 0x1fff) == 0) && (ArgusThisIpHdr->ip_off & IP_MF)) fragBuf->startbytes += ArgusThisBytes; fragBuf->totbytes += ArgusThisLength; if ((ArgusThisIpHdr->ip_p == IPPROTO_TCP) && (offset < 2)) fragBuf->frag.status |= ARGUS_TCPFRAGOFFSETERROR; if ((fragOffset = fragBuf->offsets) != NULL) { while (1) { if ((offset == fragOffset->start) && (end == fragOffset->end)) { fragBuf->frag.status |= ARGUS_SRC_PKTS_RETRANS; offset = 0; end = 0; } if ((offset > fragOffset->start) && (offset < fragOffset->end)) { fragBuf->frag.status |= ARGUS_FRAGOVERLAP; if (end > fragOffset->end) { offset = fragOffset->end + 1; } else { newbytes = 0; break; } } if ((end > fragOffset->start) && (end < fragOffset->end)) { fragBuf->frag.status |= ARGUS_FRAGOVERLAP; end = fragOffset->start - 1; } if (fragOffset->nxt == NULL) break; fragOffset = fragOffset->nxt; } } if ((offset != end) && ((offset > 0) && (offset < end))) { if (newbytes) { fragBuf->bytes += end - offset; if ((thisFragOffset = (struct ArgusFragOffsetStruct *) ArgusCalloc(1, sizeof(*thisFragOffset))) != NULL) { thisFragOffset->start = offset; thisFragOffset->end = end; if (fragOffset && (fragOffset->nxt == NULL)) fragOffset->nxt = thisFragOffset; else { if ((fragOffset = fragBuf->offsets) != NULL) { while (fragOffset->nxt != NULL) fragOffset = fragOffset->nxt; fragOffset->nxt = thisFragOffset; } else fragBuf->offsets = thisFragOffset; } } else ArgusLog (LOG_ERR, "ArgusUpdateFragState: ArgusCalloc %s", strerror(errno)); } } if ((offset >= 0) && (fragBuf->user != NULL)) { if (fragBuf->user->array != NULL) { if (offset < fragBuf->user->size) { ptr = ((char *)ArgusThisIpHdr) + (ArgusThisIpHdr->ip_hl << 2); len = fragBuf->user->size - offset; if ((len = ((ArgusThisLength < len) ? ArgusThisLength : len)) > 0) { if ((count = (offset + len)) < fragBuf->user->size) { bcopy (ptr, &fragBuf->user->array[offset], len); if (fragBuf->user->count < count) fragBuf->user->count = count; } } } } } if (ArgusThisLength > fragBuf->frag.maxfraglen) fragBuf->frag.maxfraglen = ArgusThisLength; if (!(ArgusThisIpHdr->ip_off & IP_MF)) fragBuf->frag.totlen = ((ArgusThisIpHdr->ip_off & 0x1fff) << 3) + (ArgusThisIpHdr->ip_len - (ArgusThisIpHdr->ip_hl << 2)); if (fragBuf->frag.totlen) { if (fragBuf->frag.totlen == fragBuf->bytes) if (!(ArgusUpdateParentFlow (flowstr))) ArgusSendFlowRecord(flowstr, ARGUS_STOP); } } else ArgusLog (LOG_ERR, "ArgusUpdateFRAGState (0x%x, %d) no extension buffer\n", flowstr, *state); } int ArgusUpdateParentFlow (struct ArgusFlowStruct *frag) { int retn = 0; struct ArgusFragExtensionBuffer *fragBuf; struct ArgusUserDataObject *ArgusThisUser, *ArgusFragUser; struct ArgusUserObject *user; if (frag->state.src.count || frag->state.dst.count) { if ((fragBuf = (struct ArgusFragExtensionBuffer *) frag->FragDSRBuffer) != NULL) { struct ArgusFlowStruct *parent = fragBuf->flowstr; if ((parent != NULL) && (parent->htblhdr != NULL)) { struct ArgusHashTableHeader *htblhdr = NULL, *target, *head; if ((target = ArgusHashTable.array[parent->htblhdr->hash % ArgusHashTable.size]) != NULL) { head = target; do { if (!(bcmp ((char *) &parent->flow, (char *) &target->flow, sizeof(*ArgusThisFlow)))) { htblhdr = target; break; } else target = target->nxt; } while (target != head); } if (htblhdr) { struct ArgusFlowState *pstate = NULL; struct ArgusFlowStats *pstat = NULL; struct ArgusIPFlow *pFlow = NULL, *fFlow = NULL; pstate = &parent->state; pFlow = (struct ArgusIPFlow *) &parent->flow; fFlow = (struct ArgusIPFlow *) &frag->flow; if (((pFlow->ip_src == fFlow->ip_src) && !(pstate->rev)) || ((pFlow->ip_src != fFlow->ip_src) && pstate->rev)) { pstat = &pstate->src; } else pstat = &pstate->dst; if (parent->state.ofragcnt) parent->state.ofragcnt--; if (parent->state.startime.tv_sec == 0) parent->state.startime = ArgusGlobalTime; parent->qhdr.lasttime = ArgusGlobalTime; parent->state.lasttime = ArgusGlobalTime; pstat->lasttime = ArgusGlobalTime; pstat->count += frag->state.src.count - 1; pstat->bytes += frag->state.src.bytes - fragBuf->startbytes; pstat->status |= ARGUS_FRAGMENTS; if (fragBuf->frag.status & ARGUS_FRAGOVERLAP) pstat->status |= ARGUS_FRAGOVERLAP; if (pstat->active.min > frag->state.src.active.min) pstat->active.min = frag->state.src.active.min; if (pstat->active.max < frag->state.src.active.max) pstat->active.max = frag->state.src.active.max; pstat->active.sum += frag->state.src.active.sum; pstat->active.n += frag->state.src.active.n; frag->state.src.count = 0; frag->state.dst.count = 0; frag->state.src.bytes = 0; frag->state.dst.bytes = 0; pstate->status |= ARGUS_FRAGMENTS; if (fragBuf->frag.status & ARGUS_FRAGOVERLAP) pstate->status |= ARGUS_FRAGOVERLAP; if ((user = (struct ArgusUserObject *) parent->UserDSRBuffer) != NULL) { if (parent->state.rev == ArgusThisDir) { ArgusThisUser = &user->src; } else ArgusThisUser = &user->dst; if ((ArgusFragUser = fragBuf->user) != NULL) { if ((ArgusThisUser->count >= 0) && (ArgusThisUser->count < ArgusThisUser->size)) { char *ptr = (char *)&ArgusThisUser->array[ArgusThisUser->count]; int thislen = ArgusThisUser->size - ArgusThisUser->count; if (thislen > ArgusFragUser->count) thislen = ArgusFragUser->count; bcopy (ArgusFragUser->array, ptr, thislen); ArgusThisUser->count += thislen; } } } if ((ArgusFragUser = fragBuf->user) != NULL) { ArgusFree(ArgusFragUser->array); ArgusFragUser->array = NULL; ArgusFree(ArgusFragUser); fragBuf->user = NULL; } if (pstate->status & ARGUS_SEND_FRAG_COMPLETE) { pstate->status &= ~(ARGUS_SEND_FRAG_COMPLETE); ArgusSendFlowRecord (parent, ARGUS_STATUS); } retn = 1; } else { #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusUpdateParentFlow(0x%x) did not find parent 0x%x\n", frag, parent); #endif } } } } #ifdef ARGUSDEBUG if (retn) ArgusDebug (7, "ArgusUpdateParentFlow(0x%x) returning 0x%x\n", frag, retn); else ArgusDebug (5, "ArgusUpdateParentFlow(0x%x) returning 0x%x\n", frag, retn); #endif return (retn); } argus-2.0.6.fixes.1/server/Argus_icmp.c0000775000076600007660000002724010016412624013362 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ #ifndef ArgusICMP #define ArgusICMP #endif #include #include #include #include #include int ArgusCreateICMPFlow (struct ip *ip) { int retn = 0; unsigned int *icmphdr = (unsigned int *) ArgusThisUpHdr; struct icmp *icmp = (struct icmp *) icmphdr; struct ArgusICMPFlow *icmpFlow = &ArgusThisFlow->icmp_flow; ArgusThisDir = 0; icmpFlow->ip_src = ip->ip_src.s_addr; icmpFlow->ip_dst = ip->ip_dst.s_addr; icmpFlow->ip_p = ip->ip_p; if (STRUCTCAPTURED(*icmphdr)) { icmpFlow->type = icmp->icmp_type; icmpFlow->code = icmp->icmp_code; if (ICMP_INFOTYPE(icmp->icmp_type)) { switch (icmp->icmp_type) { case ICMP_ECHOREPLY: ArgusThisDir = 1; case ICMP_ECHO: icmpFlow->type = ICMP_ECHO; icmpFlow->id = ntohs(icmp->icmp_id); icmpFlow->ip_id = ntohs(icmp->icmp_seq); break; case ICMP_TSTAMPREPLY: ArgusThisDir = 1; case ICMP_TSTAMP: icmpFlow->type = ICMP_TSTAMP; break; case ICMP_IREQREPLY: ArgusThisDir = 1; case ICMP_IREQ: icmpFlow->type = ICMP_IREQ; break; case ICMP_MASKREPLY: ArgusThisDir = 1; case ICMP_MASKREQ: icmpFlow->type = ICMP_MASKREQ; break; } retn = 1; } else { struct ip *oip; struct udphdr *ouh; int hlen; oip = &icmp->icmp_ip; hlen = oip->ip_hl << 2; ouh = (struct udphdr *) (((u_char *) oip) + hlen); switch (icmp->icmp_type) { case ICMP_UNREACH: if (STRUCTCAPTURED(*icmp)) { switch (icmp->icmp_code) { case ICMP_UNREACH_PROTOCOL: icmpFlow->id = (unsigned short) icmp->icmp_ip.ip_p; break; case ICMP_UNREACH_PORT: icmpFlow->tp_p = oip->ip_p; icmpFlow->id = ntohs((unsigned short) ouh->uh_dport); break; case ICMP_UNREACH_NET: case ICMP_UNREACH_HOST: bcopy ((char *) &icmp->icmp_ip.ip_dst.s_addr, (char *)&icmpFlow->id, sizeof (int)); break; } retn = 1; } break; case ICMP_REDIRECT: if (STRUCTCAPTURED(*icmp)) { switch (icmp->icmp_code) { case ICMP_REDIRECT_TOSNET: case ICMP_REDIRECT_TOSHOST: icmpFlow->tp_p = oip->ip_tos; case ICMP_REDIRECT_NET: case ICMP_REDIRECT_HOST: bcopy ((char *) &icmp->icmp_ip.ip_dst.s_addr, (char *)&icmpFlow->id, sizeof (int)); break; } retn = 1; } break; default: retn = 1; break; } } if (ArgusThisDir) { unsigned int addr = icmpFlow->ip_src; icmpFlow->ip_src = icmpFlow->ip_dst; icmpFlow->ip_dst = addr; } } #ifdef ARGUSDEBUG ArgusDebug (8, "ArgusCreateICMPFlow(0x%x) returning %d\n", ip, retn); #endif return (retn); } #include #include void ArgusUpdateICMPState (struct ArgusFlowStruct *flowstr, unsigned char *state) { struct ip *ArgusTempIpHdr = ArgusThisIpHdr; unsigned char *ArgusTempSnapEnd = ArgusThisSnapEnd; struct icmp *icmp = (struct icmp *) ArgusThisUpHdr; struct ArgusICMPObject *icmpObj = NULL; ArgusUpdateAppState(flowstr, state); if (*state == ARGUS_START) { ArgusTallyTime (flowstr, *state); ArgusTallyStats (flowstr, *state); if ((icmpObj = (void *) ArgusCalloc (1, sizeof(struct ArgusICMPObject))) == NULL) { ArgusLog (LOG_ERR, "ArgusUpdateICMPState: ArgusCalloc %s", strerror(errno)); } else { if (flowstr->NetworkDSRBuffer != NULL) ArgusFree (flowstr->NetworkDSRBuffer); flowstr->NetworkDSRBuffer = icmpObj; icmpObj->type = ARGUS_ICMP_DSR; icmpObj->length = sizeof(*icmpObj); icmpObj->icmp_type = icmp->icmp_type; icmpObj->icmp_code = icmp->icmp_code; icmpObj->iseq = ntohs(icmp->icmp_seq); icmpObj->osrcaddr = ArgusThisIpHdr->ip_src.s_addr; icmpObj->odstaddr = ArgusThisIpHdr->ip_dst.s_addr; if (ICMP_INFOTYPE(icmp->icmp_type)) { switch (icmp->icmp_type) { case ICMP_ECHO: case ICMP_IREQ: case ICMP_MASKREQ: case ICMP_TSTAMP: icmpObj->status = ARGUS_REQUEST; break; case ICMP_MASKREPLY: icmp->icmp_mask = ntohl(icmp->icmp_mask); icmpObj->isrcaddr = icmp->icmp_mask; case ICMP_ECHOREPLY: case ICMP_IREQREPLY: case ICMP_TSTAMPREPLY: icmpObj->status = ARGUS_REPLY; break; } } else { struct ip oipbuf, *oip = &icmp->icmp_ip; if ((long) oip & (sizeof (long) - 1)) { bcopy ((char *)oip, (char *)&oipbuf, sizeof(struct ip)); oip = &oipbuf; } icmpObj->isrcaddr = ntohl(oip->ip_src.s_addr); icmpObj->idstaddr = ntohl(oip->ip_dst.s_addr); icmpObj->igwaddr = ntohl(icmp->icmp_gwaddr.s_addr); } } } else { flowstr->ArgusTimeout = ARGUS_IPTIMEOUT; if (((icmpObj = flowstr->NetworkDSRBuffer) != NULL) && (icmpObj->type == ARGUS_ICMP_DSR)) { if (ICMP_INFOTYPE(icmp->icmp_type)) { if ((flowstr->state.src.count == 0) && (flowstr->state.dst.count == 0)) icmpObj->icmp_type = icmp->icmp_type; switch (icmp->icmp_type) { case ICMP_ECHO: case ICMP_IREQ: case ICMP_TSTAMP: case ICMP_MASKREQ: if (ArgusResponseStatus && (icmpObj->status == ARGUS_REQUEST)) { ArgusSendFlowRecord (flowstr, ARGUS_STATUS); } *state = ARGUS_START; icmpObj->icmp_type = icmp->icmp_type; ArgusTallyTime (flowstr, *state); ArgusTallyStats (flowstr, *state); icmpObj->status = ARGUS_REQUEST; break; case ICMP_ECHOREPLY: case ICMP_IREQREPLY: case ICMP_TSTAMPREPLY: case ICMP_MASKREPLY: ArgusInProtocol = 1; ArgusTallyTime (flowstr, *state); ArgusTallyStats (flowstr, *state); flowstr->state.status |= ARGUS_CONNECTED; if (ArgusResponseStatus && (icmpObj->status == ARGUS_REQUEST)) ArgusSendFlowRecord (flowstr, ARGUS_STATUS); icmpObj->status = ARGUS_REPLY; break; default: ArgusTallyTime (flowstr, *state); ArgusTallyStats (flowstr, *state); if (flowstr->state.src.count && flowstr->state.dst.count) flowstr->state.status |= ARGUS_CONNECTED; else flowstr->state.status &= ~ARGUS_CONNECTED; break; } } else { ArgusTallyTime (flowstr, *state); ArgusTallyStats (flowstr, *state); } } else icmpObj = NULL; } if (!(ICMP_INFOTYPE(icmp->icmp_type))) { struct ArgusFlowStruct *flow = NULL; struct ArgusFlowStats *ArgusThisStats = NULL; struct ip *oip = &icmp->icmp_ip; int hlen = oip->ip_hl << 2; ArgusThisIpHdr = NULL; ArgusThisSnapEnd = ((unsigned char *)oip) + (hlen + 4); ArgusCreateIPFlow(oip); if (ArgusThisIpHdr) { ArgusThisUpHdr = (unsigned char *) ArgusThisIpHdr; ArgusThisSnapEnd = (unsigned char *) ArgusThisIpHdr; if ((flow = ArgusFindFlow()) != NULL) { if (flow->state.rev == ArgusThisDir) ArgusThisStats = &flow->state.src; else ArgusThisStats = &flow->state.dst; if (icmpObj && ((ArgusThisStats->ip_id == ArgusThisIpHdr->ip_id) || (ArgusThisStats->ip_id == htons(ArgusThisIpHdr->ip_id)))) { /* who sends ip_id messed up? */ if (flow->ICMPDSRBuffer == NULL) if ((flow->ICMPDSRBuffer = (void *) ArgusCalloc (1, sizeof(struct ArgusICMPObject))) == NULL) ArgusLog (LOG_ERR, "ArgusUpdateICMPState: ArgusCalloc %s", strerror(errno)); bcopy (icmpObj, flow->ICMPDSRBuffer, sizeof(*icmpObj)); switch (icmp->icmp_type) { case ICMP_UNREACH: flow->state.status |= ARGUS_ICMPUNREACH_MAPPED; break; case ICMP_REDIRECT: flow->state.status |= ARGUS_ICMPREDIREC_MAPPED; break; case ICMP_TIMXCEED: flow->state.status |= ARGUS_ICMPTIMXCED_MAPPED; break; } flow->state.lasttime = ArgusGlobalTime; if (ArgusResponseStatus && ((flow->state.src.count + flow->state.dst.count) == 1)) ArgusSendFlowRecord(flow, ARGUS_STOP); } } } ArgusThisIpHdr = ArgusTempIpHdr; ArgusThisSnapEnd = ArgusTempSnapEnd; } #ifdef ARGUSDEBUG ArgusDebug (8, "ArgusUpdateICMPState(0x%x, %d) returning\n", flowstr, state); #endif } #include void ArgusICMPFlowRecord (struct ArgusFlowStruct *flow, struct ArgusRecord *argus, unsigned char state) { int length = 0; struct ArgusICMPObject *icmpObj = (struct ArgusICMPObject *) flow->NetworkDSRBuffer; if (icmpObj && ((length = argus->ahdr.length) > 0)) { bcopy ((char *)icmpObj, &((char *)argus)[argus->ahdr.length], sizeof(*icmpObj)); argus->ahdr.length += sizeof(*icmpObj); } #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusICMPFlowRecord(0x%x, 0x%x, %d) returning\n", flow, argus, state); #endif } void ArgusICMPMappedFlowRecord (struct ArgusFlowStruct *flow, struct ArgusRecord *argus, unsigned char state) { int length = 0; struct ArgusICMPObject *icmpObj = (struct ArgusICMPObject *) flow->ICMPDSRBuffer; if (icmpObj && ((length = argus->ahdr.length) > 0)) { bcopy ((char *)icmpObj, &((char *)argus)[argus->ahdr.length], sizeof(*icmpObj)); argus->ahdr.length += sizeof(*icmpObj); } #ifdef ARGUSDEBUG ArgusDebug (5, "ArgusICMPMappedFlowRecord(0x%x, 0x%x, %d) returning\n", flow, argus, state); #endif } argus-2.0.6.fixes.1/server/Argus_mac.c0000775000076600007660000000247410016412624013174 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ #ifndef ArgusICMP #define ArgusICMP #endif #include #include #include #include #include #include void ArgusMacFlowRecord (struct ArgusFlowStruct *flowstr, struct ArgusRecord *argus, unsigned char state) { int length = 0; struct ArgusMacStruct *mac = (struct ArgusMacStruct *) flowstr->MacDSRBuffer; if (mac && ((length = argus->ahdr.length) > 0)) { bcopy ((char *)mac, &((char *)argus)[argus->ahdr.length], sizeof(*mac)); argus->ahdr.length += sizeof(*mac); } } argus-2.0.6.fixes.1/server/Argus_tcp.c0000775000076600007660000006421310016412624013221 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ #ifndef ArgusTcp #define ArgusTcp #endif #include #include #include #include static struct ArgusTCPModelerObject *ArgusThisTCPsrc, *ArgusThisTCPdst; /* These tcp optinos do not have the size octet */ #define ZEROLENOPT(o) ((o) == TCPOPT_EOL || (o) == TCPOPT_NOP) #define TH_ECN 0x40 #define TH_CWR 0x80 void ArgusParseTCPOptions(struct tcphdr *, int, u_int *); void ArgusParseTCPOptions(struct tcphdr *tcp, int len, u_int *options) { register const u_char *cp; register int i, opt, alen, datalen; if ((tcp != NULL)) { cp = (const u_char *)tcp + sizeof(*tcp); while (len > 0) { STRUCTCHECK(*cp); opt = *cp++; if (ZEROLENOPT(opt)) alen = 1; else { STRUCTCHECK(*cp); alen = *cp++; /* total including type, len */ if (alen < 2 || alen > len) goto bad; --len; /* account for length byte */ } --len; /* account for type byte */ datalen = 0; switch (opt) { case TCPOPT_MAXSEG: *options |= ARGUS_TCP_MAXSEG; datalen = 2; LENCHECK(datalen); break; case TCPOPT_EOL: break; case TCPOPT_NOP: break; case TCPOPT_WSCALE: *options |= ARGUS_TCP_WSCALE; datalen = 1; LENCHECK(datalen); break; case TCPOPT_SACKOK: *options |= ARGUS_TCP_SACKOK; break; case TCPOPT_SACK: *options |= ARGUS_TCP_SACK; datalen = alen - 2; for (i = 0; i < datalen; i += 4) { LENCHECK(i + 4); } break; case TCPOPT_ECHO: *options |= ARGUS_TCP_ECHO; datalen = 4; LENCHECK(datalen); break; case TCPOPT_ECHOREPLY: *options |= ARGUS_TCP_ECHOREPLY; datalen = 4; LENCHECK(datalen); break; case TCPOPT_TIMESTAMP: *options |= ARGUS_TCP_TIMESTAMP; datalen = 8; LENCHECK(4); LENCHECK(datalen); break; case TCPOPT_CC: *options |= ARGUS_TCP_CC; datalen = 4; LENCHECK(datalen); break; case TCPOPT_CCNEW: *options |= ARGUS_TCP_CCNEW; datalen = 4; LENCHECK(datalen); break; case TCPOPT_CCECHO: *options |= ARGUS_TCP_CCECHO; datalen = 4; LENCHECK(datalen); break; default: datalen = alen - 2; for (i = 0; i < datalen; ++i) LENCHECK(i); break; } cp += datalen; len -= datalen; ++datalen; /* option octet */ if (!ZEROLENOPT(opt)) ++datalen; /* size octet */ if (opt == TCPOPT_EOL) break; } } bad: trunc: return; } #include #include void ArgusUpdateTCPState (struct ArgusFlowStruct *flowstr, unsigned char *state) { struct tcphdr *tcp = (struct tcphdr *) ArgusThisUpHdr; struct ArgusTCPExtensionBuffer *tcpExt = NULL; if (flowstr) { if (tcp && STRUCTCAPTURED(*tcp)) { int tcplen = ArgusThisLength; int tcphlen = tcp->th_off * 4; int tcpdatalen = tcplen - tcphlen; unsigned char flags = tcp->th_flags; ArgusSnapLength -= tcphlen; ArgusThisLength = tcpdatalen; ArgusThisUpHdr += tcphlen; ArgusUpdateAppState(flowstr, state); #ifdef _LITTLE_ENDIAN tcp->th_dport = ntohs(tcp->th_dport); tcp->th_sport = ntohs(tcp->th_sport); tcp->th_win = ntohs(tcp->th_win); tcp->th_seq = ntohl(tcp->th_seq); tcp->th_ack = ntohl(tcp->th_ack); #endif if (*state == ARGUS_START) { if (flowstr->NetworkDSRBuffer) ArgusFree(flowstr->NetworkDSRBuffer); if ((flowstr->NetworkDSRBuffer = (struct ArgusTCPObject *) ArgusCalloc (1, sizeof (struct ArgusTCPExtensionBuffer))) == NULL) { ArgusLog (LOG_ERR, "ArgusUpdateTCPState: ArgusCalloc failed %s\n", strerror(errno)); } else tcpExt = flowstr->NetworkDSRBuffer; if ((tcphlen -= sizeof(*tcp)) > 0) ArgusParseTCPOptions (tcp, tcphlen, &tcpExt->options); if (flags & TH_RST) { tcpExt->status |= ARGUS_RESET; tcpExt->src.status |= ARGUS_RESET; tcpExt->state = TCPS_LISTEN; tcpExt->src.count += 1; tcpExt->src.bytes += ArgusThisLength; tcpExt->src.flag = tcp->th_flags; tcpExt->src.seq_base = tcp->th_seq - 1; tcpExt->src.ackbytes = tcp->th_seq - 1; tcpExt->src.lasttime = ArgusGlobalTime; tcpExt->src.seq = tcp->th_seq + ArgusThisLength; } else { switch (flags & (TH_SYN|TH_ACK|TH_FIN|TH_PUSH|TH_URG)) { case (TH_SYN): tcpExt->status |= ARGUS_SAW_SYN; tcpExt->state = TCPS_SYN_SENT; tcpExt->src.count += 1; tcpExt->src.bytes += ArgusThisLength; tcpExt->src.seq_base = tcp->th_seq; tcpExt->src.ackbytes = tcp->th_seq; tcpExt->src.seq = tcp->th_seq; tcpExt->src.flag = tcp->th_flags; tcpExt->src.lasttime = ArgusGlobalTime; if ((flags & (TH_ECN|TH_CWR)) == (TH_ECN|TH_CWR)) tcpExt->options |= ARGUS_TCP_SRC_ECN; break; case (TH_SYN|TH_ACK): tcpExt->status |= ARGUS_SAW_SYN_SENT; tcpExt->state = TCPS_SYN_RECEIVED; flowstr->state.rev = flowstr->state.rev ? 0 : 1; bcopy ((char *)&flowstr->state.src, (char *)&flowstr->state.dst, sizeof (flowstr->state.src)); bzero ((char *)&flowstr->state.src, sizeof (flowstr->state.src)); tcpExt->dst.count += 1; tcpExt->dst.bytes += ArgusThisLength; tcpExt->dst.seq_base = tcp->th_seq; tcpExt->dst.ackbytes = tcp->th_seq; tcpExt->dst.seq = tcp->th_seq; tcpExt->dst.flag = tcp->th_flags; tcpExt->dst.lasttime = ArgusGlobalTime; tcpExt->src.ack = tcp->th_ack - 1; tcpExt->src.ackbytes = tcp->th_ack - 1; tcpExt->src.seq_base = tcp->th_ack - 1; tcpExt->src.seq = tcp->th_ack - 1; if ((tcp->th_flags & (TH_ECN|TH_CWR)) == TH_ECN) tcpExt->options |= ARGUS_TCP_DST_ECN; break; case (TH_ACK): case (TH_PUSH|TH_ACK): case (TH_URG|TH_ACK): case (TH_PUSH|TH_URG|TH_ACK): tcpExt->dst.ack = tcp->th_ack - 1; tcpExt->dst.seq_base = tcp->th_ack - 1; tcpExt->dst.ackbytes = tcp->th_ack - 1; case (TH_PUSH): case (TH_URG): case (TH_PUSH|TH_URG): tcpExt->status |= ARGUS_CON_ESTABLISHED; tcpExt->state = TCPS_ESTABLISHED; tcpExt->src.count += 1; tcpExt->src.bytes += ArgusThisLength; tcpExt->src.flag = tcp->th_flags; tcpExt->src.seq_base = tcp->th_seq - 1; tcpExt->src.ackbytes = tcp->th_seq - 1; tcpExt->src.lasttime = ArgusGlobalTime; tcpExt->src.seq = tcp->th_seq + ArgusThisLength; break; case (TH_FIN): case (TH_FIN|TH_ACK): tcpExt->status |= ARGUS_FIN; tcpExt->state = TCPS_FIN_WAIT_1; tcpExt->src.count += 1; tcpExt->src.bytes += ArgusThisLength; tcpExt->src.flag = tcp->th_flags; tcpExt->src.seq_base = tcp->th_seq - 1; tcpExt->src.ackbytes = tcp->th_seq - 1; tcpExt->src.lasttime = ArgusGlobalTime; tcpExt->src.seq = tcp->th_seq + ArgusThisLength; break; default: tcpExt->status |= ARGUS_CON_ESTABLISHED; tcpExt->state = TCPS_CLOSING; tcpExt->src.count += 1; tcpExt->src.bytes += ArgusThisLength; tcpExt->src.flag = tcp->th_flags; tcpExt->src.seq_base = tcp->th_seq - 1; tcpExt->src.ackbytes = tcp->th_seq - 1; tcpExt->src.lasttime = ArgusGlobalTime; tcpExt->src.seq = ArgusThisLength; break; } } } else { if ((tcpExt = (struct ArgusTCPExtensionBuffer *) flowstr->NetworkDSRBuffer) != NULL) { struct ArgusFlowStats *ArgusThisStats; if ((tcphlen -= sizeof(*tcp)) > 0) ArgusParseTCPOptions (tcp, tcphlen, &tcpExt->options); if (flowstr->state.rev == ArgusThisDir) { ArgusThisStats = &flowstr->state.src; ArgusThisTCPsrc = &tcpExt->src; ArgusThisTCPdst = &tcpExt->dst; } else { ArgusThisStats = &flowstr->state.dst; ArgusThisTCPsrc = &tcpExt->dst; ArgusThisTCPdst = &tcpExt->src; } ArgusThisTCPsrc->count++; ArgusThisTCPsrc->flag |= tcp->th_flags; if (flags & TH_ECN) if (flags & TH_ACK) { tcpExt->status |= ARGUS_ECN_CONGESTED; ArgusThisTCPdst->state = ARGUS_ECN_CONGESTED; } ArgusUpdateTCPSequence(flowstr, tcp); switch (ArgusUpdateTCPStateMachine(flowstr, tcp)) { case TCPS_LISTEN: if (flags == TH_SYN) { ArgusThisStats->count--; ArgusThisStats->bytes -= ArgusThisLength; ArgusThisTCPsrc->count--; ArgusThisTCPsrc->bytes -= ArgusThisLength; ArgusThisUpHdr -= tcphlen; ArgusThisLength = tcplen; ArgusSnapLength += tcphlen; ArgusSendFlowRecord (flowstr, ARGUS_STOP); ArgusInitializeTCP (flowstr); return; } else { ArgusTallyTime (flowstr, *state); ArgusSendFlowRecord (flowstr, ARGUS_STOP); ArgusRemoveHashEntry(flowstr->htblhdr); flowstr->ArgusTimeout = 0; flowstr->htblhdr = NULL; } break; case TCPS_CLOSED: case TCPS_TIME_WAIT: if (!(tcpExt->status & ARGUS_RESET)) tcpExt->status |= ARGUS_NORMAL_CLOSE; flowstr->ArgusTimeout = 10; break; } ArgusThisTCPsrc->lasttime = ArgusGlobalTime; ArgusTallyTime (flowstr, *state); } else { *state = ARGUS_START; ArgusUpdateTCPState (flowstr, state); } } } } } void ArgusInitializeTCP (struct ArgusFlowStruct *flowstr) { unsigned char rev = flowstr->state.rev, dir = flowstr->state.dir; flowstr->ArgusTransactionNum = ArgusTransactionNum++; bzero ((char *)&flowstr->state, sizeof(flowstr->state)); flowstr->state.rev = rev; flowstr->state.dir = dir; flowstr->state.src.active.min = 0x7FFFFFFF; flowstr->state.dst.active.min = 0x7FFFFFFF; flowstr->qhdr.lasttime.tv_sec = 0; flowstr->qhdr.lasttime.tv_usec = 0; flowstr->qhdr.logtime.tv_sec = 0; flowstr->qhdr.logtime.tv_usec = 0; if (flowstr->NetworkDSRBuffer) { ArgusFree(flowstr->NetworkDSRBuffer); flowstr->NetworkDSRBuffer = NULL; } ArgusUpdateFlow (flowstr, ARGUS_START); } int ArgusUpdateTCPStateMachine (struct ArgusFlowStruct *flowstr, struct tcphdr *tcp) { unsigned char flags = tcp->th_flags; struct ArgusTCPExtensionBuffer *tcpExt = (struct ArgusTCPExtensionBuffer *) flowstr->NetworkDSRBuffer; unsigned int state = tcpExt->state; int len = ArgusThisLength; if (flags & TH_RST) { tcpExt->status |= ARGUS_RESET; ArgusThisTCPsrc->status |= ARGUS_RESET; if (state == TCPS_SYN_SENT) { if ((ArgusThisTCPdst->seq == ArgusThisTCPdst->ack)) state = TCPS_LISTEN; } else if ((tcp->th_seq >= ArgusThisTCPsrc->ack) && (tcp->th_seq < (ArgusThisTCPsrc->ack + ArgusThisTCPsrc->win))) state = TCPS_CLOSED; } else { switch (state) { case TCPS_LISTEN: case TCPS_SYN_SENT: if (flags == TH_SYN) { ArgusThisTCPsrc->status |= ARGUS_PKTS_RETRANS; ArgusThisTCPsrc->retrans++; } else if (flags == (TH_SYN|TH_ACK)) { if (ArgusThisTCPsrc->status & ARGUS_SAW_SYN) { state = TCPS_LISTEN; tcpExt->status |= ARGUS_SAW_SYN_SENT; ArgusThisTCPsrc->status |= ARGUS_SAW_SYN_SENT; } else { state = TCPS_SYN_RECEIVED; tcpExt->status |= ARGUS_SAW_SYN_SENT; ArgusThisTCPsrc->status |= ARGUS_SAW_SYN_SENT; if (tcpExt->synAckuSecs == 0) flowstr->state.startime = ArgusThisTCPdst->lasttime; if ((ArgusThisTCPdst->seq == ArgusThisTCPdst->ack)) { tcpExt->synAckuSecs = ArgusAbsTimeDiff (&ArgusGlobalTime, &ArgusThisTCPdst->lasttime); } } } else if (flags & TH_FIN) { state = TCPS_FIN_WAIT_1; tcpExt->status |= ARGUS_FIN; ArgusThisTCPsrc->status |= ARGUS_FIN; } else if (flags & TH_ACK) { state = TCPS_ESTABLISHED; tcpExt->status |= ARGUS_CON_ESTABLISHED; ArgusThisTCPsrc->status |= ARGUS_CON_ESTABLISHED; flowstr->ArgusTimeout = ARGUS_IPTIMEOUT; } break; case TCPS_SYN_RECEIVED: if (flags & TH_FIN) { state = TCPS_FIN_WAIT_1; tcpExt->status |= ARGUS_FIN; ArgusThisTCPsrc->status |= ARGUS_FIN; } else if (!(flags & TH_SYN)) { if (flags & TH_ACK) { state = TCPS_ESTABLISHED; tcpExt->status |= ARGUS_CON_ESTABLISHED; flowstr->ArgusTimeout = ARGUS_IPTIMEOUT; ArgusThisTCPsrc->status |= ARGUS_CON_ESTABLISHED; if ((ArgusThisTCPsrc->seq == ArgusThisTCPsrc->ack)) { tcpExt->ackDatauSecs = ArgusAbsTimeDiff (&ArgusGlobalTime, &ArgusThisTCPdst->lasttime); } } } else { ArgusThisTCPsrc->status |= ARGUS_PKTS_RETRANS; ArgusThisTCPsrc->retrans++; } break; case TCPS_ESTABLISHED: if (flags & TH_FIN) { state = TCPS_FIN_WAIT_1; tcpExt->status |= ARGUS_FIN; ArgusThisTCPsrc->status |= ARGUS_FIN; } else { if (flags & TH_SYN) { if (flags & TH_ACK) { tcpExt->status |= ARGUS_SAW_SYN_SENT; tcpExt->status |= ARGUS_CON_ESTABLISHED; } ArgusThisTCPsrc->status |= ARGUS_PKTS_RETRANS; ArgusThisTCPsrc->retrans++; } if ((tcpExt->src.count > 2) || (tcpExt->dst.count > 2) || ((tcpExt->src.count + tcpExt->dst.count) > 2)) flowstr->ArgusTimeout = ARGUS_IPTIMEOUT; } break; case TCPS_CLOSE_WAIT: case TCPS_FIN_WAIT_1: if ((flags & TH_SYN) && !(flags & TH_ACK)) { state = TCPS_LISTEN; } else case TCPS_LAST_ACK: case TCPS_FIN_WAIT_2: if (flags & TH_FIN) { if (!(flags & TH_ACK)) { if (ArgusThisTCPdst->status & ARGUS_FIN_ACK) { ArgusThisTCPsrc->status |= ARGUS_PKTS_RETRANS; ArgusThisTCPsrc->retrans++; } } else { tcpExt->status |= ARGUS_FIN; ArgusThisTCPsrc->status |= ARGUS_FIN; } } if ((flags & TH_ACK) && !(len)) { if (ArgusThisTCPdst->status & ARGUS_FIN) { if (ArgusThisTCPdst->seq == ArgusThisTCPdst->ack) { state = TCPS_FIN_WAIT_2; tcpExt->status |= ARGUS_FIN_ACK; ArgusThisTCPdst->status |= ARGUS_FIN_ACK; } } } break; case TCPS_CLOSING: case TCPS_TIME_WAIT: if ((flags & TH_SYN) && !(flags & TH_ACK)) state = TCPS_LISTEN; else if (flags & TH_ACK) if ((ArgusThisTCPsrc->seq == ArgusThisTCPsrc->ack) && (ArgusThisTCPdst->seq == ArgusThisTCPdst->ack)) state = TCPS_CLOSED; break; case TCPS_CLOSED: if ((flags & TH_SYN) && !(flags & TH_ACK)) state = TCPS_LISTEN; break; } } if (state != TCPS_LISTEN) tcpExt->state = state; return (state); } int ArgusUpdateTCPSequence (struct ArgusFlowStruct *flowstr, struct tcphdr *tcp) { unsigned char flags = tcp->th_flags; int len = ArgusThisLength; int retn = 1, win; unsigned int maxseq = 0; unsigned int seq = tcp->th_seq; unsigned int newseq = seq + len; ArgusInProtocol = 1; if (!(tcp->th_win) && !(flags & (TH_FIN|TH_RST))) { ArgusThisTCPsrc->status |= ARGUS_WINDOW_SHUT; ArgusInProtocol = 0; } if (len && (ArgusThisTCPdst->win != 0)) { ArgusThisTCPsrc->bytes += len; if (ArgusThisTCPsrc->winbytes == 0) ArgusInProtocol = 0; ArgusThisTCPsrc->winbytes += len; } else ArgusInProtocol = 0; if ((newseq < seq) || (flags == TH_SYN)) { /* we rolled over or started over */ ArgusThisTCPsrc->seq_base = newseq; ArgusThisTCPsrc->ackbytes = newseq; ArgusThisTCPsrc->seq = newseq; } else { if (!ArgusThisTCPsrc->seq_base) { ArgusThisTCPsrc->seq_base = seq; ArgusThisTCPsrc->ackbytes = seq; ArgusThisTCPsrc->seq = newseq; } else { if (len && (ArgusThisTCPdst->win != 0)) { if (tcp->th_seq < ArgusThisTCPsrc->ack) { if ((ArgusThisTCPsrc->ack - tcp->th_seq) < ArgusThisTCPsrc->win) { ArgusThisTCPsrc->retrans++; ArgusThisTCPsrc->status |= ARGUS_PKTS_RETRANS; ArgusThisTCPsrc->winbytes -= len; ArgusInProtocol = 0; } } else { maxseq = (newseq > ArgusThisTCPsrc->seq) ? newseq : ArgusThisTCPsrc->seq; if (ArgusThisTCPsrc->win) { if (ArgusThisTCPsrc->winbytes > ((maxseq - 1) - ArgusThisTCPsrc->ack)) { ArgusThisTCPsrc->retrans++; ArgusThisTCPsrc->status |= ARGUS_PKTS_RETRANS; ArgusThisTCPsrc->winbytes -= len; ArgusInProtocol = 0; } } ArgusThisTCPsrc->seq = maxseq; } } else { if ((flags == TH_ACK) && (ArgusThisTCPdst->ack == (tcp->th_ack - 1))) { if (ArgusThisTCPsrc->win == tcp->th_win) { /* ArgusThisTCPdst->retrans++; ArgusThisTCPdst->status |= ARGUS_PKTS_RETRANS; */ } ArgusInProtocol = 0; } } } } if (tcp->th_ack && (flags & TH_ACK)) { if (ArgusThisTCPdst->seq > ArgusThisTCPdst->ack) ArgusThisTCPdst->winbytes = (ArgusThisTCPdst->seq - 1) - ArgusThisTCPdst->ack; if (!(ArgusThisTCPdst->ack == (tcp->th_ack - 1))) { if (!(ArgusThisTCPdst->ack) || (ArgusThisTCPdst->seq == tcp->th_ack)) { ArgusThisTCPdst->winbytes = 0; if (!(ArgusThisTCPdst->ack == (tcp->th_ack - 1))) if (ArgusThisTCPdst->seq == tcp->th_ack) ArgusThisTCPdst->winnum++; } else { if (ArgusThisTCPdst->ack) { win = (tcp->th_ack - 1) - ArgusThisTCPdst->ack; win = (ArgusThisTCPdst->winbytes < win) ? ArgusThisTCPdst->winbytes : win; ArgusThisTCPdst->winbytes -= win; ArgusThisTCPdst->winnum++; } } ArgusThisTCPdst->ack = tcp->th_ack - 1; } } ArgusThisTCPsrc->win = tcp->th_win; return (retn); } #include void ArgusTCPFlowRecord (struct ArgusFlowStruct *flow, struct ArgusRecord *argus, unsigned char state) { int length = 0; struct ArgusTCPExtensionBuffer *tcpExt = (struct ArgusTCPExtensionBuffer *) flow->NetworkDSRBuffer; struct ArgusTCPObject tcpbuf, *tcp = &tcpbuf; bzero ((char *) tcp, sizeof(*tcp)); if (tcpExt) { tcp->type = ARGUS_TCP_DSR; tcp->length = sizeof(struct ArgusTCPObject); tcp->state = tcpExt->status; tcp->state &= ~ARGUS_RESET; if (tcpExt->src.status & ARGUS_RESET) tcp->state |= ARGUS_SRC_RESET; if (tcpExt->dst.status & ARGUS_RESET) tcp->state |= ARGUS_DST_RESET; tcp->state &= ~ARGUS_PKTS_RETRANS; if (tcpExt->src.status & ARGUS_PKTS_RETRANS) tcp->state |= ARGUS_SRC_PKTS_RETRANS; if (tcpExt->dst.status & ARGUS_PKTS_RETRANS) tcp->state |= ARGUS_DST_PKTS_RETRANS; tcp->state &= ~ARGUS_WINDOW_SHUT; if (tcpExt->src.status & ARGUS_WINDOW_SHUT) tcp->state |= ARGUS_SRC_WINDOW_SHUT; if (tcpExt->dst.status & ARGUS_WINDOW_SHUT) tcp->state |= ARGUS_DST_WINDOW_SHUT; tcp->synAckuSecs = tcpExt->synAckuSecs; tcp->ackDatauSecs = tcpExt->ackDatauSecs; tcp->options = tcpExt->options; tcp->src.seqbase = tcpExt->src.seq_base; tcp->dst.seqbase = tcpExt->dst.seq_base; if (tcpExt->src.ack && tcpExt->src.ackbytes) { if (tcpExt->src.ack != tcpExt->src.ackbytes) { if (tcpExt->src.ack > tcpExt->src.ackbytes) tcp->src.ackbytes = (tcpExt->src.ack - 1) - tcpExt->src.ackbytes; } } if (tcpExt->dst.ack && tcpExt->dst.ackbytes) { if (tcpExt->dst.ack > tcpExt->dst.ackbytes) { if (tcpExt->dst.ack > tcpExt->dst.ackbytes) tcp->dst.ackbytes = (tcpExt->dst.ack - 1) - tcpExt->dst.ackbytes; } } tcp->src.rpkts = tcpExt->src.retrans; tcp->dst.rpkts = tcpExt->dst.retrans; if ((tcp->src.bytes = tcpExt->src.bytes) < 0) tcp->src.bytes = 0; if ((tcp->dst.bytes = tcpExt->dst.bytes) < 0) tcp->dst.bytes = 0; tcp->src.win = tcpExt->src.win; tcp->dst.win = tcpExt->dst.win; tcp->src.flags = tcpExt->src.flag; tcp->dst.flags = tcpExt->dst.flag; if ((tcpExt->src.ackbytes = tcpExt->src.ack) < 0) tcpExt->src.ackbytes = 0; if (tcpExt->src.ackbytes == (tcp->src.bytes - 1)) tcpExt->src.ackbytes++; if ((tcpExt->dst.ackbytes = tcpExt->dst.ack) < 0) tcpExt->dst.ackbytes = 0; if (tcpExt->dst.ackbytes == (tcp->dst.bytes - 1)) tcpExt->dst.ackbytes++; if (tcp && ((length = argus->ahdr.length) > 0)) { bcopy ((char *)tcp, &((char *)argus)[length], sizeof(*tcp)); argus->ahdr.length += sizeof(*tcp); } tcpExt->src.count = 0; tcpExt->dst.count = 0; tcpExt->src.bytes = 0; tcpExt->dst.bytes = 0; tcpExt->src.retrans = 0; tcpExt->dst.retrans = 0; tcpExt->src.flag = 0; tcpExt->dst.flag = 0; tcpExt->status &= ~(ARGUS_RESET|ARGUS_PKTS_RETRANS|ARGUS_WINDOW_SHUT|ARGUS_ECN_CONGESTED); tcpExt->src.status &= ~(ARGUS_RESET|ARGUS_PKTS_RETRANS|ARGUS_WINDOW_SHUT|ARGUS_ECN_CONGESTED); tcpExt->dst.status &= ~(ARGUS_RESET|ARGUS_PKTS_RETRANS|ARGUS_WINDOW_SHUT|ARGUS_ECN_CONGESTED); } } argus-2.0.6.fixes.1/server/Argus_udp.c0000775000076600007660000000671510016412624013226 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ #ifndef ArgusUdp #define ArgusUdp #endif #include #include #include #include #include struct bootp *bp; void ArgusUpdateUDPState (struct ArgusFlowStruct *flowstr, unsigned char *state) { struct ArgusIPFlow *flow = NULL; struct udphdr *up = (struct udphdr *) ArgusThisUpHdr; unsigned char *nxtHdr = (unsigned char *)(up + 1); ArgusTallyTime (flowstr, *state); if (STRUCTCAPTURED(*up)) { ArgusThisLength -= sizeof(*up); ArgusSnapLength -= sizeof(*up); ArgusThisUpHdr = nxtHdr; ArgusUpdateAppState (flowstr, state); flow = &flowstr->flow.ip_flow; if (*state == ARGUS_START) { if ((flow->dport == IPPORT_BOOTPS)) { /* bootp request */ if (ArgusThisDir == 0) { flow->ip_src = ArgusThisIpHdr->ip_src.s_addr; flow->ip_dst = ArgusThisIpHdr->ip_dst.s_addr; } else { flow->ip_src = ArgusThisIpHdr->ip_dst.s_addr; flow->ip_dst = ArgusThisIpHdr->ip_src.s_addr; } } } else { flowstr->ArgusTimeout = ARGUS_IPTIMEOUT; if ((flow->dport == IPPORT_BOOTPS)) { /* bootp request */ bp = (struct bootp *) nxtHdr; if (bp->bp_op == BOOTREPLY) { flow->ip_src = ntohl(bp->bp_yiaddr.s_addr); flow->ip_dst = ArgusThisIpHdr->ip_src.s_addr; } } if (!(flow->tp_p)) if (ArgusResponseStatus && ((flowstr->state.src.count == 1) && (flowstr->state.dst.count == 1))) { ArgusSendFlowRecord (flowstr, ARGUS_STATUS); } } } #ifdef ARGUSDEBUG ArgusDebug (8, "ArgusUpdateUDPState(0x%x, %d) returning\n", flowstr, state); #endif } #include void ArgusUDPFlowRecord (struct ArgusFlowStruct *, struct ArgusRecord *, unsigned char); void ArgusUDPFlowRecord (struct ArgusFlowStruct *flow, struct ArgusRecord *argus, unsigned char state) { struct ArgusIPFlow *ipFlow = (struct ArgusIPFlow *)&argus->argus_far.flow.ip_flow; switch (ipFlow->tp_p) { case ARGUS_RTP_FLOWTAG: { struct ArgusRTPObject *rtpObject; if ((rtpObject = (struct ArgusRTPObject *) flow->TransportDSRBuffer) != NULL) { if (!(rtpObject->status & ARGUS_START)) { if (argus->ahdr.length > 0) { bcopy ((char *)rtpObject, &((char *)argus)[argus->ahdr.length], sizeof(*rtpObject)); argus->ahdr.length += sizeof(*rtpObject); } } else ipFlow->tp_p = 0; rtpObject->sdrop = 0; rtpObject->ddrop = 0; rtpObject->ssdev = 0; rtpObject->dsdev = 0; } } } } argus-2.0.6.fixes.1/server/Makefile.in0000775000076600007660000001205210016412624013165 # # Copyright (c) 2000-2004 QoSient, LLC # All rights reserved. # # THE ACCOMPANYING PROGRAM IS PROPRIETARY SOFTWARE OF QoSIENT, LLC, # AND CANNOT BE USED, DISTRIBUTED, COPIED OR MODIFIED WITHOUT # EXPRESS PERMISSION OF QoSIENT, LLC. # # QOSIENT, LLC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS # SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL QOSIENT, LLC BE LIABLE FOR ANY # SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER # IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, # ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF # THIS SOFTWARE. # # # Copyright (c) 1993, 1994, 1995, 1996 # The Regents of the University of California. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that: (1) source code distributions # retain the above copyright notice and this paragraph in its entirety, (2) # distributions including binary code include the above copyright notice and # this paragraph in its entirety in the documentation or other materials # provided with the distribution, and (3) all advertising materials mentioning # features or use of this software display the following acknowledgement: # ``This product includes software developed by the University of California, # Lawrence Berkeley Laboratory and its contributors.'' Neither the name of # the University nor the names of its contributors may be used to endorse # or promote products derived from this software without specific prior # written permission. # THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED # WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. # # @(#) $Header: /usr/local/cvsroot/argus/server/Makefile.in,v 1.25 2004/02/23 15:00:36 argus Exp $ (LBL) # # # Various configurable paths (remember to edit Makefile.in, not Makefile) # # Top level hierarchy prefix = $(DESTDIR)@prefix@ exec_prefix = @exec_prefix@ # Pathname of directory to install the system binaries SBINDIR = @sbindir@ # Pathname of directory to install the system binaries BINDIR = @bindir@ # Pathname of directory to install the include files INCLDEST = @includedir@ # Pathname of directory to install the library LIBDEST = @libdir@ # Pathname of directory to install the man page MANDEST = @mandir@ # VPATH srcdir = @srcdir@ VPATH = @srcdir@ # # You shouldn't need to edit anything below. # CC = @CC@ CCOPT = @V_CCOPT@ INCLS = -I. @V_INCLS@ -I../include DEFS = @DEFS@ #DEFS = -DARGUSPERFMETRICS=1 @DEFS@ # Standard CFLAGS CFLAGS = $(CCOPT) $(INCLS) $(DEFS) INSTALL = @INSTALL@ RANLIB = @V_RANLIB@ # # Flex and bison allow you to specify the prefixes of the global symbols # used by the generated parser. This allows programs to use lex/yacc # and link against libpcap. If you don't have flex or bison, get them. # LEX = @V_LEX@ YACC = @V_YACC@ # Explicitly define compilation rule since SunOS 4's make doesn't like gcc. # Also, gcc does not remove the .o before forking 'as', which can be a # problem if you don't own the file but can write to the directory. .c.o: @rm -f $@ $(CC) $(CFLAGS) -c $(srcdir)/$*.c GENSRC = version.c SRC = argus.c ArgusAuth.c ArgusModeler.c ArgusOutput.c ArgusSource.c \ ArgusUtil.c Argus_tcp.c Argus_udp.c Argus_icmp.c Argus_app.c \ Argus_arp.c Argus_frag.c Argus_esp.c Argus_mac.c $(GENSRC) PROG = @INSTALL_BIN@/argus_@V_PCAP@ # We would like to say "OBJ = $(SRC:.c=.o)" but Ultrix's make cannot # hack the extra indirection OBJ = $(SRC:.c=.o) COMPATLIB = ../lib/argus_common.a @COMPATLIB@ @LIB_SASL@ -lm LIB = @LIBS@ $(COMPATLIB) HDR = pcap.h pcap-int.h pcap-namedb.h pcap-nit.h pcap-pf.h \ ethertype.h gencode.h gnuc.h TAGHDR = \ bpf/net/bpf.h TAGFILES = \ $(SRC) $(HDR) $(TAGHDR) CLEANFILES = $(OBJ) $(PROG) $(GENSRC) all: $(PROG) @INSTALL_BIN@/argus_@V_PCAP@: $(OBJ) ../lib/argus_common.a $(CC) -o $@ $(OBJ) $(LIB) version.o: version.c version.c: $(srcdir)/../VERSION @rm -f $@ sed -e 's/.*/char version[] = "&";/' $(srcdir)/../VERSION > $@ install: force [ -d $(prefix) ] || \ (mkdir -p $(prefix); chmod 755 $(prefix)) [ -d $(SBINDIR) ] || \ (mkdir -p $(SBINDIR); chmod 755 $(SBINDIR)) $(INSTALL) $(srcdir)/../bin/argus_@V_PCAP@ $(SBINDIR)/argus clean: rm -f $(CLEANFILES) distclean: rm -f $(CLEANFILES) Makefile tags: $(TAGFILES) ctags -wtd $(TAGFILES) tar: force @cwd=`pwd` ; dir=`basename $$cwd` ; name=libpcap-`cat VERSION` ; \ list="" ; tar="tar chFFf" ; \ for i in `cat FILES` ; do list="$$list $$name/$$i" ; done; \ echo \ "rm -f ../$$name; ln -s $$dir ../$$name" ; \ rm -f ../$$name; ln -s $$dir ../$$name ; \ echo \ "(cd .. ; $$tar - [lots of files]) | compress > /tmp/$$name.tar.Z" ; \ (cd .. ; $$tar - $$list) | compress > /tmp/$$name.tar.Z ; \ echo \ "rm -f ../$$name" ; \ rm -f ../$$name force: /tmp depend: $(GENSRC) force ../bin/mkdep -c $(CC) $(DEFS) $(INCLS) $(SRC) argus-2.0.6.fixes.1/server/argus.c0000775000076600007660000007332710047675355012441 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1993, 1994 Carnegie Mellon University. * All rights reserved. * * Permission to use, copy, modify, and distribute this software and * its documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and * that both that copyright notice and this permission notice appear * in supporting documentation, and that the name of CMU not be * used in advertising or publicity pertaining to distribution of the * software without specific, written prior permission. * * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. * */ /* * argus - IP Audit Record Generation and Utilization System * * written by Carter Bullard * QoSient LLC * */ #ifndef Argus #define Argus #endif #include #include #include #include void ArgusParseResourceFile (char *); void usage(void) { extern char version[]; fprintf (stderr, "Argus Version %s\n", version); fprintf (stderr, "usage: %s [options] [-i interface] [filter-expression] \n", ArgusProgramName); fprintf (stderr, "usage: %s [options] -r packetfile [filter-expression] \n\n", ArgusProgramName); fprintf (stderr, "options: -b dump filter compiler output.\n"); fprintf (stderr, " -c direct argus to create a pid file.\n"); fprintf (stderr, " -d run Argus in daemon mode.\n"); #if defined(ARGUSDEBUG) fprintf (stderr, " -D set debug reporting .\n"); #endif fprintf (stderr, " -e specify Argus Identifier .\n"); fprintf (stderr, " -h print help.\n"); fprintf (stderr, " -F read configuration from .\n"); fprintf (stderr, " -I specify of instances of Argi allowed (1).\n"); fprintf (stderr, " -J generate packet performance data.\n"); fprintf (stderr, " -M set MAR Status Report Time Interval (300s).\n"); fprintf (stderr, " -m turn off MAC Layer Reporting.\n"); fprintf (stderr, " -n specify pid filename.\n"); fprintf (stderr, " -O turn off filter optimizer.\n"); fprintf (stderr, " -p don't go into promiscuous mode.\n"); fprintf (stderr, " -P enable remote access on (561).\n"); fprintf (stderr, " -R generate response time data.\n"); fprintf (stderr, " -S set FAR Status Report Time Interval (60s).\n"); fprintf (stderr, " -t indicate that packetfile is MOAT Tsh format. \n"); fprintf (stderr, " -U specify the number of user bytes to capture.\n"); fprintf (stderr, " -w write output to , or '-', for stdout,\n"); fprintf (stderr, " against optional filter expression.\n"); fprintf (stderr, " -X reset argus configuration.\n"); exit (-1); } /* * Argus main routine * * Argus main will: * simply instantiate the source, modeler, and output tasks, * parse out the command line options, * initalize the tasks and then loop. * Afterwards, it will delete all the tasks and exit(); * */ #define ArgusEnvItems 2 char *ArgusResourceEnvStr [] = { "ARGUSHOME", "HOME", }; #include #include #include #include #include char *ArgusPidFileName = NULL; static char ArgusPidFileNameBuf[MAXPATHNAMELEN]; char * ArgusCreatePIDFile (char *, char *); int ArgusMaxInstances = 1; char * ArgusCreatePIDFile (char *homepath, char *appname) { FILE *fd; char pidstrbuf[128], *pidstr = pidstrbuf; char *retn = NULL, *dev; struct stat statbuf; int i, pid; for (i = 0; i < ArgusMaxInstances; i++) { if (ArgusMaxInstances > 1) { if ((appname != NULL) && ((dev = getArgusDevice()) != NULL)) { snprintf (ArgusPidFileNameBuf, MAXPATHNAMELEN - 1, "%s/%s.%s.%d.pid", homepath, appname, dev, i); ArgusPidFileName = ArgusPidFileNameBuf; } } else { if ((homepath != NULL) && (appname != NULL)) { snprintf (ArgusPidFileNameBuf, MAXPATHNAMELEN - 1, "%s/%s.pid", homepath, appname); ArgusPidFileName = ArgusPidFileNameBuf; } else if (ArgusPidFileName == NULL) ArgusLog (LOG_ERR, "ArgusCreatePIDFile parameter error\n"); } retn = ArgusPidFileName; if ((stat (retn, &statbuf)) == 0) { if ((fd = fopen (retn, "r")) != NULL) { if ((pidstr = fgets (pidstrbuf, 128, fd)) != NULL) { if ((pid = strtol(pidstr, (char **)NULL, 10)) > 0) { if (pid < LONG_MAX) { if ((kill (pid, 0)) == 0) { #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusCreatePIDFile(%s) pid %d is running\n", retn, pid); #endif retn = NULL; } } } } fclose (fd); } } if (retn != NULL) break; } if (retn && ((fd = fopen (retn, "w+")) != NULL)) { pid = getpid(); fprintf (fd, "%d\n", pid); fclose (fd); } else retn = NULL; #ifdef ARGUSDEBUG if (retn) ArgusDebug (1, "ArgusCreatePIDFile(0x%x, 0x%x) returning %s\n", homepath, appname, retn); else ArgusDebug (1, "ArgusCreatePIDFile(0x%x, 0x%x) returning NULL\n", homepath, appname); #endif return (retn); } char *ArgusPidFile = NULL; pid_t ArgusSessionId = 0; int main (int argc, char *argv[]) { int op; char *tmparg, *filter; static char path[MAXPATHNAMELEN]; char *homepath = NULL; extern char *optarg; extern int optind, opterr; struct stat statbuf; struct hostent *host; int commandlinew = 0, doconf = 0; int commandlinei = 0; int i, pid = 0; ArgusUid = getuid(); gettimeofday (&ArgusStartTime, 0L); if (strchr (argv[0], '/')) { strcpy(path, argv[0]); argv[0] = strrchr(argv[0], '/') + 1; } ArgusProgramName = argv[0]; fclose(stdin); setArgusFarReportInterval (ARGUS_FARSTATUSTIMER); setArgusMarReportInterval (ARGUS_MARSTATUSTIMER); for (i = 1; i < argc; i++) { char *ptr = argv[i]; if (ptr != NULL) { if (*ptr == '-') { do { switch (*++ptr) { case 'D': if (*++ptr == '\0') ptr = argv[++i]; setArgusdflag (atoi (ptr)); break; case 'F': if (*++ptr == '\0') ptr = argv[++i]; ArgusParseResourceFile (ptr); doconf++; break; case 'X': clearArgusConfiguration (); break; case 'h': usage (); break; } } while (isalpha((int)*++ptr)); } } } if (!doconf) { snprintf (path, MAXPATHNAMELEN - 1, "/etc/argus.conf"); if (stat (path, &statbuf) == 0) { ArgusParseResourceFile (path); } } opterr = 0; optind = 1; #if defined(__FreeBSD__) optreset = 1; #endif while ((op = getopt (argc, argv, "bB:cdD:e:F:I:i:JmM:n:N:OP:pRr:S:tTU:w:Xh")) != EOF) { switch (op) { case 'b': setArgusbpflag (1); break; case 'B': ArgusBindIP = strdup(optarg); break; case 'c': setArguspidflag (1); break; case 'd': daemonflag++; break; case 'D': setArgusdflag (atoi (optarg)); break; case 'e': if (optarg && isalnum((int)*optarg)) { if ((host = gethostbyname(optarg)) != NULL) { if ((host->h_addrtype == 2) && (host->h_length == 4)) { unsigned int addr; bcopy ((char *) *host->h_addr_list, (char *)&addr, host->h_length); setArgusID (ntohl(addr)); } else ArgusLog (LOG_ERR, "Probe ID %s error %s\n", optarg, strerror(errno)); setArgusIDType(ARGUS_ID_IS_IPADDR); } else if (optarg && isdigit((int)*optarg)) { setArgusID (atoi (optarg)); } else ArgusLog (LOG_ERR, "Probe ID value %s is not appropriate (%s)\n", optarg, strerror(errno)); } else ArgusLog (LOG_ERR, "Probe ID value %s is not appropriate\n", optarg); break; case 'F': break; case 'i': { if (!commandlinei++) clearArgusDevice(); setArgusDevice (optarg); break; } case 'I': ArgusMaxInstances = atoi (optarg); break; case 'J': setArgusGenerateTime (1); break; case 'm': setArgusmflag (1); break; case 'M': setArgusMarReportInterval (optarg); break; case 'n': if (ArgusPidFileName != NULL) free(ArgusPidFileName); ArgusPidFileName = strdup(optarg); setArguspidflag (1); ArgusMaxInstances = 1; break; case 'N': Nflag = (atoi (optarg)); break; case 'O': setArgusOflag (0); break; case 'P': ArgusPortNum = atoi (optarg); break; case 'p': setArguspflag (1); break; case 'R': setArgusResponseStatus (1); break; case 'r': setArgusrfile (optarg); break; case 'S': setArgusFarReportInterval (optarg); break; case 't': setArgusMoatTshFile (1); break; case 'U': setArgusUserDataLen (atoi (optarg)); break; case 'w': if (!commandlinew++) clearArgusWfile(); if ((tmparg = optarg) != NULL) { if ((*tmparg != '-') || ((*tmparg == '-') && (!(strcmp (tmparg, "-"))))) { if (argc == optind) filter = NULL; else { filter = argv[optind]; if (*filter == '-') { filter = NULL; } else optind++; } setArgusWfile (tmparg, filter); break; } } case 'X': break; default: case 'h': usage (); } } if (!getArgusInfile ()) { setArgusArgv (argv); setArgusOptind (optind); } if (getArgusrfile() != NULL) { setArgusPortNum(0, 0); daemonflag = 0; } else setArgusPortNum(ArgusPortNum, ArgusBindIP); #if defined(HAVE_SOLARIS) sigignore(SIGPIPE); #else (void) signal (SIGPIPE, SIG_IGN); #endif (void) signal (SIGHUP, (void (*)(int)) ArgusScheduleShutDown); (void) signal (SIGINT, (void (*)(int)) ArgusScheduleShutDown); (void) signal (SIGTERM, (void (*)(int)) ArgusScheduleShutDown); (void) signal (SIGUSR1, (void (*)(int)) ArgusUsr1Sig); (void) signal (SIGUSR2, (void (*)(int)) ArgusUsr2Sig); if (daemonflag) { if (chdir ("/") < 0) ArgusLog (LOG_ERR, "Can't chdir to / %s", strerror(errno)); if ((pid = fork ()) < 0) { ArgusLog (LOG_ERR, "Can't fork daemon %s", strerror(errno)); } else { if (pid) exit (0); else ArgusSessionId = setsid(); } ArgusLog(LOG_WARNING, "started"); } if ((ArgusModel = ArgusNewModeler()) == NULL) ArgusLog (LOG_ERR, "Error Creating Modeler: Exiting.\n"); if ((ArgusOutputTask = ArgusNewOutput()) == NULL) ArgusLog (LOG_ERR, "Error Creating Output Task: Exiting.\n"); if ((ArgusSourceTask = ArgusNewSource()) == NULL) ArgusLog (LOG_ERR, "Error Creating Source Task: Exiting.\n"); ArgusInitSource (); if (getArguspidflag()) { if (ArgusPidFileName != NULL) homepath = NULL; else if (stat ("/var/run", &statbuf) == 0) homepath = "/var/run"; if ((ArgusPidFile = ArgusCreatePIDFile (homepath, argv[0])) == NULL) ArgusLog (LOG_ERR, "daemon cannot create new pid file"); } ArgusInitOutput (); ArgusInitModeler(); if (daemonflag) { FILE *tmpfile = NULL; if ((tmpfile = fopen ("/dev/null", "w")) != NULL) { fclose(stdout); *stdout = *tmpfile; if (!getArgusdflag()) { fclose(stderr); *stderr = *tmpfile; } } else ArgusLog (LOG_ERR, "Cannot map stdout to /dev/null\n"); } ArgusLoop(); #ifdef ARGUSDEBUG ArgusDebug (1, "main() shuting down\n"); #endif ArgusShutDown(0); exit(0); } void ArgusComplete () { #if defined(ARGUSPERFMETRICS) extern struct timeval ArgusStartTime, ArgusEndTime; long long ArgusTotalPkts = 0, ArgusTotalIPPkts = 0; long long ArgusTotalNonIPPkts = 0; struct timeval timediff; double totaltime; int i, len; char buf[256]; bzero(buf, sizeof(buf)); timediff.tv_sec = ArgusEndTime.tv_sec - ArgusStartTime.tv_sec; timediff.tv_usec = ArgusEndTime.tv_usec - ArgusStartTime.tv_usec; if (timediff.tv_usec < 0) { timediff.tv_usec += 1000000; timediff.tv_sec--; } totaltime = (double) timediff.tv_sec + (((double) timediff.tv_usec)/1000000.0); for (i = 0; i < ARGUS_MAXINTERFACE; i++) { if (ArgusInterface[i].ArgusDevice != NULL) { ArgusTotalPkts += ArgusInterface[i].ArgusTotalPkts; ArgusTotalIPPkts += ArgusInterface[i].ArgusTotalIPPkts; ArgusTotalNonIPPkts += ArgusInterface[i].ArgusTotalNonIPPkts; } } len = strlen(ArgusProgramName); for (i = 0; i < len; i++) buf[i] = ' '; fprintf (stderr, "%s: Time %d.%06d Flows %8Ld Closed %8Ld Records %8Ld Updates %8Ld\n", ArgusProgramName, (int)timediff.tv_sec, (int)timediff.tv_usec, ArgusTotalNewFlows, ArgusTotalClosedFlows, ArgusTotalRecords, ArgusTotalUpdates); fprintf (stderr, " Total Pkts %8Ld IP Pkts %8Ld nonIP Pkts %8Ld Rate %f\n", ArgusTotalPkts, ArgusTotalIPPkts, ArgusTotalNonIPPkts, ArgusTotalPkts/totaltime); for (i = 0; i < ARGUS_MAXINTERFACE; i++) { if (ArgusInterface[i].ArgusDevice != NULL) { fprintf (stderr, "%s\n Total Pkts %8Ld IP Pkts %8Ld nonIP Pkts %8Ld Rate %f\n", ArgusInterface[i].ArgusDevice, ArgusInterface[i].ArgusTotalPkts, ArgusInterface[i].ArgusTotalIPPkts, ArgusInterface[i].ArgusTotalNonIPPkts, ArgusInterface[i].ArgusTotalPkts/totaltime); } } #endif } void ArgusLoop () { ArgusGetPackets(); #ifdef ARGUSDEBUG ArgusDebug (3, "ArgusLoop() returning\n"); #endif } char *ArgusSignalTable [] = { "Normal Shutdown", "SIGHUP", "SIGINT", "SIGQUIT", "SIGILL", "SIGTRAP", "SIGABRT", "SIGBUS", "SIGFPE", "SIGKILL", "SIGUSR1", "SIGSEGV", "SIGUSR2", "SIGPIPE", "SIGALRM", "SIGTERM", "SIGSTKFLT", "SIGCHLD", "SIGCONT", "SIGSTOP", "SIGTSTP", "SIGTTIN", "SIGTTOU", "SIGURG", "SIGXCPU", "SIGXFSZ", "SIGVTALRM", "SIGPROF", "SIGWINCH", "SIGIO", }; int ArgusShutDownFlag = 0; void ArgusScheduleShutDown (int sig) { ArgusShutDownFlag++; #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusScheduleShutDown(%d)\n", sig); #endif } void ArgusShutDown (int sig) { ArgusShutDownFlag++; if (sig < 0) { #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusShutDown(ArgusError)\n"); #endif _exit(0); } #ifdef ARGUSDEBUG if (Argusdflag >= 1) fprintf(stderr, "\n"); ArgusDebug (1, "ArgusShutDown(%s)\n\n", ArgusSignalTable[sig]); #endif if (!(ArgusShutDownStarted++)) { ArgusDeleteSource (); ArgusDeleteModeler(); ArgusDeleteOutput (); ArgusComplete (); } else { #ifdef ARGUSDEBUG ArgusDebug (2, "ArgusShutDown() returning\n"); #endif return; } if (ArgusPidFile) unlink (ArgusPidFile); if (daemonflag) ArgusLog(LOG_WARNING, "stopped"); #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusShutDown()\n"); #endif _exit(0); } void setArguspidflag (int value) { pidflag = value; } int getArguspidflag () { return (pidflag); } #define ARGUS_RCITEMS 21 #define ARGUS_DAEMON 0 #define ARGUS_MONITOR_ID 1 #define ARGUS_ACCESS_PORT 2 #define ARGUS_INTERFACE 3 #define ARGUS_OUTPUT_FILE 4 #define ARGUS_SET_PID 5 #define ARGUS_GO_PROMISCUOUS 6 #define ARGUS_FLOW_STATUS_INTERVAL 7 #define ARGUS_MAR_STATUS_INTERVAL 8 #define ARGUS_CAPTURE_DATA_LEN 9 #define ARGUS_GENERATE_START_RECORDS 10 #define ARGUS_GENERATE_RESPONSE_TIME_DATA 11 #define ARGUS_GENERATE_JITTER_DATA 12 #define ARGUS_GENERATE_MAC_DATA 13 #define ARGUS_DEBUG_LEVEL 14 #define ARGUS_FILTER_OPTIMIZER 15 #define ARGUS_FILTER 16 #define ARGUS_PACKET_CAPTURE_FILE 17 #define ARGUS_BIND_IP 18 #define ARGUS_MAX_INSTANCES 19 #define ARGUS_PID_FILENAME 20 char *ArgusResourceFileStr [] = { "ARGUS_DAEMON=", "ARGUS_MONITOR_ID=", "ARGUS_ACCESS_PORT=", "ARGUS_INTERFACE=", "ARGUS_OUTPUT_FILE=", "ARGUS_SET_PID=", "ARGUS_GO_PROMISCUOUS=", "ARGUS_FLOW_STATUS_INTERVAL=", "ARGUS_MAR_STATUS_INTERVAL=", "ARGUS_CAPTURE_DATA_LEN=", "ARGUS_GENERATE_START_RECORDS=", "ARGUS_GENERATE_RESPONSE_TIME_DATA=", "ARGUS_GENERATE_JITTER_DATA=", "ARGUS_GENERATE_MAC_DATA=", "ARGUS_DEBUG_LEVEL=", "ARGUS_FILTER_OPTIMIZER=", "ARGUS_FILTER=", "ARGUS_PACKET_CAPTURE_FILE=", "ARGUS_BIND_IP=", "ARGUS_MAX_INSTANCES=", "ARGUS_PID_FILENAME=", }; extern pcap_dumper_t *ArgusPcapOutFile; extern char *ArgusWriteOutPacketFile; #define MAXSTRLEN 2048 void ArgusParseResourceFile (char *file) { FILE *fd; char strbuf[MAXSTRLEN], *str = strbuf, *optarg; char result[MAXSTRLEN], *ptr; int i, len, done = 0, linenum = 0; int interfaces = 0, outputfiles = 0; struct hostent *host; if (file) { if ((fd = fopen (file, "r")) != NULL) { while ((fgets(str, MAXSTRLEN, fd)) != NULL) { done = 0; linenum++; while (*str && isspace((int)*str)) str++; if (*str && (*str != '#') && (*str != '\n') && (*str != '!')) { for (i = 0; i < ARGUS_RCITEMS && !done; i++) { len = strlen(ArgusResourceFileStr[i]); if (!(strncmp (str, ArgusResourceFileStr[i], len))) { optarg = &str[len]; if (*optarg == '\"') optarg++; if (optarg[strlen(optarg) - 1] == '\n') optarg[strlen(optarg) - 1] = '\0'; if (optarg[strlen(optarg) - 1] == '\"') optarg[strlen(optarg) - 1] = '\0'; switch (i) { case ARGUS_DAEMON: if (!(strncasecmp(optarg, "yes", 3))) daemonflag = 1; else daemonflag = 0; break; case ARGUS_MONITOR_ID: if (optarg && (*optarg == '`')) { if (optarg[strlen(optarg) - 1] == '`') { FILE *fd; optarg++; optarg[strlen(optarg) - 1] = '\0'; if (!(strcmp (optarg, "hostname"))) { if ((fd = popen("hostname", "r")) != NULL) { if ((ptr = fgets(result, MAXSTRLEN, fd)) != NULL) { optarg = ptr; optarg[strlen(optarg) - 1] = '\0'; } else ArgusLog (LOG_ERR, "ArgusParseResourceFile(%s) `hostname` failed %s.\n", file, strerror(errno)); pclose(fd); } else ArgusLog (LOG_ERR, "ArgusParseResourceFile(%s) System error: popen() %s\n", file, strerror(errno)); } else ArgusLog (LOG_ERR, "ArgusParseResourceFile(%s) unsupported command `%s` at line %d.\n", file, optarg, linenum); } else ArgusLog (LOG_ERR, "ArgusParseResourceFile(%s) syntax error line %d\n", file, linenum); } if (optarg && isalnum((int)*optarg)) { if ((host = gethostbyname(optarg)) != NULL) { if ((host->h_addrtype == 2) && (host->h_length == 4)) { unsigned int addr; bcopy ((char *) *host->h_addr_list, (char *)&addr, host->h_length); setArgusID (ntohl(addr)); } else ArgusLog (LOG_ERR, "ArgusParseResourceFile(%s) host '%s' error %s\n", file, optarg, strerror(errno)); setArgusIDType(ARGUS_ID_IS_IPADDR); } else if (optarg && isdigit((int)*optarg)) { setArgusID (atoi (optarg)); } else ArgusLog (LOG_ERR, "ArgusParseResourceFile(%s) syntax error line %d\n", file, linenum); } else ArgusLog (LOG_ERR, "ArgusParseResourceFile(%s) syntax error line %d\n", file, linenum); break; case ARGUS_ACCESS_PORT: ArgusPortNum = atoi(optarg); break; case ARGUS_BIND_IP: if (ArgusBindIP != NULL) free(ArgusBindIP); ArgusBindIP = strdup(optarg); break; case ARGUS_MAX_INSTANCES: ArgusMaxInstances = atoi(optarg); break; case ARGUS_PID_FILENAME: if (ArgusPidFileName != NULL) free(ArgusPidFileName); ArgusPidFileName = strdup(optarg); break; case ARGUS_OUTPUT_FILE: ptr = NULL; if ((ptr = strchr (optarg, '"')) != NULL) *ptr = '\0'; if ((ptr = strchr (optarg, ' ')) != NULL) { *ptr++ = '\0'; } if (outputfiles++ == 0) clearArgusWfile (); setArgusWfile (optarg, ptr); break; case ARGUS_INTERFACE: if (interfaces++ == 0) clearArgusDevice (); setArgusDevice (optarg); break; case ARGUS_SET_PID: if (!(strncasecmp(optarg, "yes", 3))) setArguspidflag (1); else setArguspidflag (0); break; case ARGUS_GO_PROMISCUOUS: if ((strncasecmp(optarg, "yes", 3))) setArguspflag (1); else setArguspflag (0); break; case ARGUS_FLOW_STATUS_INTERVAL: setArgusFarReportInterval (optarg); break; case ARGUS_MAR_STATUS_INTERVAL: setArgusMarReportInterval (optarg); break; case ARGUS_CAPTURE_DATA_LEN: setArgusUserDataLen (atoi(optarg)); break; case ARGUS_GENERATE_START_RECORDS: /* if ((strncasecmp(optarg, "yes", 3))) setArguspflag (1); */ break; case ARGUS_GENERATE_RESPONSE_TIME_DATA: if (!(strncasecmp(optarg, "yes", 3))) setArgusResponseStatus (1); else setArgusResponseStatus (0); break; case ARGUS_GENERATE_JITTER_DATA: if (!(strncasecmp(optarg, "yes", 3))) setArgusGenerateTime (1); else setArgusGenerateTime (0); break; case ARGUS_GENERATE_MAC_DATA: if (!(strncasecmp(optarg, "yes", 3))) setArgusmflag (1); else setArgusmflag (0); break; case ARGUS_DEBUG_LEVEL: setArgusdflag (atoi(optarg)); break; case ARGUS_FILTER_OPTIMIZER: if ((strncasecmp(optarg, "yes", 3))) setArgusOflag (1); else setArgusOflag (0); break; case ARGUS_FILTER: if ((ArgusInputFilter = ArgusCalloc (1, MAXSTRLEN)) != NULL) { ptr = ArgusInputFilter; str = optarg; while (*str) { if ((*str == '\\') && (str[1] == '\n')) { fgets(str, MAXSTRLEN, fd); while (*str && (isspace((int)*str) && (str[1] && isspace((int)str[1])))) str++; } if ((*str != '\n') && (*str != '"')) *ptr++ = *str++; else str++; } #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusParseResourceFile: ArgusFilter \"%s\" \n", ArgusInputFilter); #endif } break; case ARGUS_PACKET_CAPTURE_FILE: if (*optarg != '\0') setArgusWriteOutPacketFile (optarg); #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusParseResourceFile: ArgusPacketCaptureFile \"%s\" \n", ArgusWriteOutPacketFile); #endif break; } done = 1; break; } } } } } else { #ifdef ARGUSDEBUG ArgusLog (LOG_ERR, "ArgusParseResourceFile: open %s %s\n", file, strerror(errno)); #endif } } #ifdef ARGUSDEBUG ArgusDebug (1, "ArgusParseResourceFile (%s) returning\n", file); #endif } void clearArgusConfiguration () { daemonflag = 0; setArgusID (0); setArgusIDType (0); ArgusPortNum = 0; if (ArgusBindIP != NULL) { free(ArgusBindIP); ArgusBindIP = NULL; } clearArgusWfile (); clearArgusDevice (); setArguspidflag (1); setArguspflag (1); setArgusFarReportInterval (ARGUS_FARSTATUSTIMER); setArgusMarReportInterval (ARGUS_MARSTATUSTIMER); setArgusUserDataLen (0); setArgusResponseStatus (0); setArgusGenerateTime (0); setArgusmflag (0); setArgusdflag (0); setArgusOflag (1); if (ArgusWriteOutPacketFile) { if (ArgusWriteOutPacketFile) { if (ArgusPcapOutFile != NULL) { pcap_dump_close(ArgusPcapOutFile); ArgusPcapOutFile = NULL; } ArgusWriteOutPacketFile = NULL; } } if (ArgusInputFilter) { ArgusFree(ArgusInputFilter); ArgusInputFilter = NULL; } #ifdef ARGUSDEBUG ArgusDebug (1, "clearArgusConfiguration () returning\n"); #endif } argus-2.0.6.fixes.1/server/argus.h0000775000076600007660000000472210047676335012436 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* argus.h */ #ifndef Argus_h #define Argus_h #define MINOR_VERSION_0 0 #define MINOR_VERSION_1 1 #define MINOR_VERSION_2 2 #define MINOR_VERSION_3 3 #define MINOR_VERSION_4 4 #define MINOR_VERSION_5 5 #define MINOR_VERSION_6 6 #define MINOR_VERSION_7 7 #define MINOR_VERSION_8 8 #define MINOR_VERSION_9 9 #define MAJOR_VERSION_1 1 #define MAJOR_VERSION_2 2 #define MAJOR_VERSION_3 3 #define MAJOR_VERSION_4 4 #define MAJOR_VERSION_5 5 #define VERSION_MAJOR MAJOR_VERSION_2 #define VERSION_MINOR MINOR_VERSION_0 #if defined(Argus) #include #include #include #include #ifndef MAXPATHNAMELEN #define MAXPATHNAMELEN BUFSIZ #endif char *RaTimeFormat = "%d %b %y %T"; char RaFieldDelimiter = '.'; int nflag = 1, Nflag = -1, uflag = 0, gflag = 0; int Uflag = 6, XMLflag = 0, pflag = 0, pidflag = 0; int Dflag = 0, daemonflag = 0; int Argustflag = 0; int ArgusUid = 0; int ArgusShutDownStarted = 0; char *ArgusProgramName = NULL; void ArgusLoop (void); void ArgusShutDown (int); void ArgusScheduleShutDown (int); void usage(void); void ArgusLog (int, char *, ...); void ArgusComplete (void); void setArguspidflag (int); int getArguspidflag (void); void clearArgusConfiguration (void); void clearArgusWfile(void); #else /* defined(Argus) */ extern char *ArgusProgramName; extern void ArgusLoop (void); extern void ArgusShutDown (int); extern void ArgusScheduleShutDown (int); extern int nflag, Nflag, uflag, gflag; extern int daemonflag; extern int ArgusUid; extern int ArgusShutDownStarted; extern void usage(void); extern void ArgusLog (int, char *, ...); extern void ArgusComplete (void); #endif /* defined(Argus) */ #endif /* Argus_h */ argus-2.0.6.fixes.1/clients/0000775000076600007660000000000010044510077011332 5argus-2.0.6.fixes.1/doc/0000775000076600007660000000000010044510077010436 5argus-2.0.6.fixes.1/doc/CHANGES0000664000076600007660000000343607244504242011364 Whats the different between 1.8 and 2.0? Argus Architecture 1.1 Multithreaded 1.2 Daemon Support 1.3 Configuration Files 1.5 Syslog Support 1.6 Secure Access Audit Record Changes 2.1 Variable Length Records 2.2 Argus Source Identifier 2.3 Sequence Number 2.4 Transaction Reference Number 2.5 Security Layer (ESP) Support 2.6 Application Layer Byte Counts 2.7 Application Layer Data Capture 2.8 Multiprotocol Support 2.9 Enhanced Performance Reporting 2.10 Enhanced TCP Status Reporting 2.11 Enhanced Aggregation Support Server Changes 3.1 Improved Accuracy 3.2 Improved Reliability 3.3 Improved Fragment Support 3.4 Multiprotocol Support 3.5 Authenticated Access 3.6 Confidential Access 3.7 Enhanced Physical Interface Support 3.8 Multiple Physical Interface Support 3.9 Multiple Output File Support 3.10 Independant Output Filters 3.11 Server Side Filtering 3.12 Improved Signal Handling 3.13 Daemon Support 3.14 Syslog Event Reporting 3.15 System Configuration 3.16 Environment Variable Support 2.17 Enhanced Performance Reporting 2.18 Response Time Determination Support 2.19 User Data Capture Support Ra* Client Changes 4.1 Multiple Server Support 4.2 Configurable Output Formats 4.3 Cisco Netflow Record Support 3.4 Environment Variable Support 4.5 Configuration 4.6 XML Data Support 4.7 Excel Data Importation Support 4.8 User Data Printing 4.9 ragrep() Support Scripts and Programs 5.1 System startup routines 5.2 Sample configurations 5.3 Sample Argus Archiving scripts 5.4 argusbug Bug reporting tool 5.5 Magic file support Documentaion 6.1 Better documenation? 6.2 HTML man pages. 6.3 FAQ 6.4 HOW-TO argus-2.0.6.fixes.1/doc/FAQ0000664000076600007660000006221110036675615010725 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ * */ Argus Frequently Asked Questions General 1.1 What is Argus? Argus Mailing List 2.1 Where is the Argus mailing list? 2.2 How do I join the Argus mailing list? 2.3 Is there a mailing list archive? Argus Source Code 3.1 What is the current version of Argus? 3.2 Where can I get Argus-2.0? 3.3 Who owns Argus-2.0? 3.4 Is Argus-2.0 an open source project? 3.5 What type of license is Argus distributed under? 3.6 Can I get involved in Argus development? Bug Reporting 4.1 How do I report bugs? History 5.1 Where did Argus start? 5.2 How many versions of Argus are there? 5.3 Is Argus-2.0 a significant change to Argus? Portability 6.1 What platforms does Argus run on? 6.2 What other programs to I need to compile Argus? Building Argus 7.1 How do I compile Argus? Installing Argus 8.1 How do I install Argus? Configuring Argus 9.1 How do I configure Argus? 9.2 Are there sample configurations? 9.3 Can I configure argus to write output to more than one file? Running Argus 10.1 How do I run Argus? 10.2 Do I need to be root to run Argus? 10.3 Can I have Argus start at boot time? 10.4 What are some simple examples to show me how to run Argus? 10.5 How do you run Argus on your systems? Security Considerations 11.1 Is there any type of access control for a remote Argus? 11.2 Where can I get tcp-wrappers()? 11.3 Is there any confidentiality protection for Argus data on the wire? 11.4 Where can I get SASL? Argus Client Programs 12.1 What is ra()? 12.2 What is racount()? 12.3 What is rasort()? 12.4 What is raxml()? 12.5 What is ramon()? 12.6 What is rapath()? 12.7 What is rapolicy()? 12.8 What is ragator()? 12.9 What is ragrep()? 12.10 What is rasrvstats()? 12.11 What is ratemplate()? Problems 13.1 I don't think Argus is auditing all the traffic. What could be wrong? 13.2 Ra doesn't seem to read Argus output. Audit Management 14.1 Can I compress Argus log files? 14.2 Can I process/archive the Argus output file while Argus is running? 14.3 Can you suggest a daily log reporting configuration? 14.4 What about storing Argus logs in a database? General 1.1. What is Argus? Argus is a Real Time Flow Monitor that is designed to perform comprehensive IP network traffic auditing. ARGUS stands for Audit Record Generation and Usage System. Argus Mailing List 2.1. Where is the Argus mailing list? There are currently 3 argus mailing lists. argus-announce@qosient.com is used to send update notices, bug discoveries, major changes to argus. argus-user@qosient.com is used to discuss the use of argus tips, contributed software, etc.... argus-info@lists.andrew.cmu.edu this is the developers mailing list. 2.2. How do I join the Argus mailing list? To join the any of the argus mailing lists, go to http://qosient.com/argus/mailinglists.htm and follow the directions. 2.3. Is there a mailing list archive? All of the lists are archived, and the developers list is archived at http://www.theorygroup.com/Archive/argus Argus Source Code 3.1 What is the current version of Argus? Argus-2.0 3.2 Where can I get Argus-2.0? Go to http://qosient.com/argus/downloads.htm to get the version that you are interested in. 3.3 Who owns Argus-2.0? All rights to Argus-2.0 are held by QoSient, LLC, a Delaware limited liability corporation that is located in New York, New York. 3.4 Is Argus-2.0 an open source project? Yes. The Argus-2.0 effort is intended to be "open source" in the sense defined by the Open Source Initiative. Please see http://www.opensource.org for details. 3.5 What type of license is Argus distributed under? Argus is distributed under the GNU General Public License. A copy is provided in the distribution in the file ./COPYING. The GPL has very few restriction on how you use argus, but it has a lot of restrictions on how you can redistribute it. Please take some time to read the GPL, and please do abide by the its restrictions. 3.6 Can I get involved in Argus development? Absolutely! Argus source will be accessible using CVS early in 2001. Join the mailing list to get all the details. Bug Reporting 4.1 How do I report bugs? Use the tool ./bin/argusbug to send your bug report to the Argus mailing list. Argusbug will present you with a bug reporting form, that includes some system information. If you are unhappy providing the information supplied by Argusbug, you are free to delete it. Send any comments/fixes/opinions/whatever to the mailing list. Someone will send a reply. History 5.1 Where did Argus start? Argus got its official start at Carnegie Mellon's Software Engineering Institute (SEI), and was released into the public domain as Argus-1.5, in early 1996. 5.2 How many versions of Argus are there? There have been 5 releases of Argus, 1.5, 1.7beta, 1.7, 1.8, and 1.8.1. 5.3 Is Argus-2.0 a significant change to Argus? Yes!!! Although the basic concepts are the same, Argus-2.0 is not compatible to previous versions of Argus. Please see the CHANGES document that is found in ./docs/CHANGES for details. Portability 6.1 What platforms does Argus run on? Argus is developed on Linux and FreeBSD, and is tested extensively on OpenBSD, NetBSD and Solaris.7. It has been ported to IRIX and should port easily to any Unix operating system. Because Argus uses libpcap as its packet capture interface, Argus, in its current form, can only be ported to systems that support libpcap. If you do port Argus to another platform, please send your diffs to the mailing list, and we'll incorporate them into the release. 6.2 What other programs to I need to compile Argus? Argus requires the GNU programs bison(), and its companion flex(). Argus can use tcp_wrappers and SASL but these are not required. Building Argus 7.1 How do I compile Argus? Building specifics for Argus are described in the ./INSTALL file. The quick method is: % ./configure % make Installing Argus 8.1 How do I install Argus? Detail installation instructions are in the ./INSTALL file. If you've got the RPM binary version, type "rpm -Uvh Argus*.rpm". This will install everything. The only thing you will need to do is edit /etc/argus.conf for your specific sites needs, and then your ready to go. If you've got the source tarball, then "make install" will do most everything for you. If you are concerned about how Argus will install itself, read on. Argus does not have any installation retrictions, so you can install Argus anywhere. The makefile that is generated by ./configure supports "make install". To review where this will install argus: make -n install If these are cool, then let the Makefile do the installation. On most systems the binaries will go into /usr/local/[s]bin, and the man pages will go in /usr/local/man. The docs will go in /usr/share/docs, if the system supports it, if not they will not be installed. If you plan on running Argus as a system daemon, then you should install an argus configuration file as /etc/argus.conf. This provides a single point of configuration for argus as a system daemon. A sample is provided in ./support/Config/argus.conf. # cp ./support/Config/argus.conf /etc/argus.conf # chmod 600 /etc/argus.conf After this you will need to modify the sample configuration in order to activate the collection of audit records. You should uncomment the entry #ARGUS_OUTPUT_FILE="/usr/argus/data/argus.out". And, of course, if you prefer, definately modify the value for the destination filname for your installation. This should handle the basic installation. Configuring Argus 9.1 How do I configure Argus? For most uses, Argus requires only a few simple configuration variables to do its work. For the custom minded, Argus supports a large number of options. Argus accepts configuration options on the command line, but Argus is generally configured using the argus.conf file that is normally found in either /etc or $ARGUSHOME. The variables that are set by this file can be overriden by the use of command line switches. And on the command line you can specify an alternative configuration file that is specified using the "-F configfile" option. You can also eliminate any configuration directives in the /etc/argus.conf file by using the -X option on the commandline, so you have a lot of flexibility. To setup a /etc/argus.conf file, copy the example configuration to /etc and modify its values accordingly. 9.2 Are there sample configurations? Yes, ./support/Config/argus.conf is the best sample configuration file, and it provides extensive descriptions of the options and their default settings. This sample file sets most of the common options needed to run Argus as a system daemon. Look at the values and set them according to your specific needs. Guidelines are provided in the text of the sample file. 9.3 What do I need to configure? Minimally, the only thing you need to configure is is "where do you want Argus to send its output?" For most sites the default values for all options will be fine. Argus can either write its output to a file, or to offer remote access via a socket, or both. Most sites will want to write Argus output to a file, some will want to offer access to Argus data via the network. Security issues abound here, so turn on remote access with some caution. 9.3 Can I configure argus to write output to more than one file? Yes, Argus supports writing to up to 5 outputs, mixed between output files and remote sockets. And each file can have its own independant filter. If you want all TCP transaction audits to go into a TCP output file, and all other records to go to another file, no problem. argus -w tcp.file "tcp" -w nottcp.file "not tcp" In the argus.conf file, you can have upto 5 ARGUS_OUTPUT_FILE entries. Running Argus 10.1 How do I run Argus? Argus is run either as a persistant daemon, reading live packets from a network interface, or as a user program, reading packets from a packet capture file. The default, i.e. when it is run without any configuration, is to run as a daemon. If everything is installed properly, and the /etc/argus.conf file is configured correctly, all you need to run argus is: # argus This will cause Argus to look for a configuration file in /etc/argus.conf or in the $ARGUSPATH, or $ARGUSHOME directory, parse it and then open the network interface to begin reading packets. Argus will write its output to whatever outputfile is specified in the /etc/argus.conf file. If you intend to remotely attach to this Argus, you'll need to tell Argus what port to put a listen down on. The default port for clients is port 561. We recommend using this port number. # argus -P 561 -w outputfile In order to configure Argus to read packets from a packet capture file, use the "-r" option. % argus -r ./packetfile Argus has a large number of options, which can be set through an .Argusrc file, the use of command line options, or through a separate configuration file that is specifed at run time. These options are designed to specify things like, what type of information Argus should capture, how often it should generate output records, whether it should put the network interface in promiscuous mode when run, should it create a pid file, etc... The complete list is described int the Argus.8 man page. 10.2 Do I need to be root to run Argus? When run as a user program, if you intend to read packets from a live interface, you will need to have root privledges to either open the device, or to put the interface in promiscuous mode. To have Argus read packet capture files and generate flow transaction report records, no you do not need to be root. 10.3 Can I have Argus start at boot time? Most installations will want to start Argus as a daemon at boot time, and the ./support/Startup/argus file is designed to help support this. This needs to be configured by a Unix system administrator, using tools such as chkconfig. See the README file in ./support/Startup for instructions for doing this. 10.4 What are some simple examples to show me how to run Argus? To read packets from a file and to pipe the binary output to standard out. % argus -r filename -w - To capture 64 bytes of User data for each transaction. % argus -U 64 To specify a particular interface (eth1) for packet capture. # argus -i eth1 To tell Argus to include the MAC addresses in each network flow transaction report. % argus -m To assign an IP address as the probes ID. % argus -e 128.64.1.2 To cause Argus to generate response time data network flows. This will generate more audit records per flow for flows like ICMP echo request/response flows. % argus -R To have Argus generate status records for active network flows every 10 seconds, which may be useful for some flow analysis techniques. % argus -S 10 10.5 How do you run Argus on your systems? argus -e `hostname` -P 561 -U128 -mRS 30 -w $ARGUSHOME/argus.out Security Considerations 11.1 Is there any type of access control for a remote Argus? Argus can use two types of access control. The first is provided by tcp_wrappers() and the other is provided by SASL. tcp_wrappers() provides a mechanism where you can specify what hosts can access the Argus. This is an excellent utility, and should be a part of any system. ./configure will find a tcp_wrappers directory if one is available in the configure path, so inclusion of tcp_wrappers access control in automatic. SASL provides authentication and authorization when accessing argi. This is very important stuff when accessing remote real-time Argus data. 11.2. Where can I get tcp-wrappers()? ftp://ftp.porcupine.org/pub/security/tcp_wrappers_7.6.tar.gz 11.3. Is there any confidentiality protection for Argus data on the wire? When you access remote real-time Argus data, there may be a need to encrypt the data. Argus data does provide a rich source of information for the network administrator, but it will also provide a good source of information for the would-be intruder. On the wire confidendiality is provided by the SASL package. ./configure is designed to find SASL and enable it automatically. 11.4. Where can I get SASL? ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-1.5.24.tar.gz Argus Client Programs 12.1 What is ra()? ra (read Argus), is the principal program for reading and printing Argus data. All other ra* programs share the same options and run time behavior as ra(). 12.2 What is racount()? racount will read Argus data and print out an accounting of the records and the data they contain. This is a pretty minimal program, but it is very handy for checking that Argus and its client programs are accurate in the packet and byte counts that are reported. 12.3 What is rasort()? rasort() sorts Argus data records, based on a large number of sorting criteria. The criteria are: startime, lasttime, duration, srcaddr, dstaddr, proto, sport, dport, stos, dtos, sttl, dttl, bytes, srcbytes, dstbytes, packets, srcpackets and dstpackets. rasort sorts based on the order of selection criteria on the command line, which defines the sorting precedence. rasort -s dstaddr -s dport -s packets -r Argus.file - tcp This will sort the tcp based transaction records that are in Argus.file based on destination address, and if the addresses are equal, it will sort based on the destination port number, and when both of these criteria are equal, it will futher sort based on the number of packets seen in the transaction. 12.4 What is raxml()? raxml() prints the contents of Argus records as XML data. 12.5 What is ramon()? ramon() is designed to support the two primary groups of an RMON2 probe. Thus the name RaMON(). These groups are the TopN and the Matrix group. The RMON TopN provides a table of the the top "talking" IP addresses with packet and bytes counts, and the Matrix group provides a table fo the top "talking" pairs of IP addresses. ramon() supports 'TopN' and 'Matrix" modes of operation, which give you the top talker (TopN) and top pair of talkers (Matrix). Ramon reads Argus data, and aggregates the data based on the group being supported, and outputs modified Argus data, so other ra*() programs can operate on the output. ramon() sorts its output based on byte count. If you would rather have any other sorting basis, use rasort() on the ramon() output to sort it however you like. Use the '-N' option to specify how many talkers you want. Zero (0) will give you all of them. To see the TopN 25 talkers, based on byte count, on a link between 2pm and 2:15 pm, getting Argus data from the file . ramon -TopN -N 25 -t 2-2:15 -r To see the TopN 25 clients based on on source packet count, ramon -w - -TopN -r Argusfile | rasort -N 25 -s srcpackets To see the TopN 10 talkers if you removed host from the network ramon -TopN -N 10 -r Argusfile - not host 12.6 What is rapath()? 12.7 What is rapolicy()? rapolicy() is designed to provide access control policy verification. With argus, you can do this test in near real-time to provide a very simple near real-time intrusion detection system, or you can test access control policies against historical data, which is the most powerful aspect of this features. This is very important to sites that are very security conscience. rapolicy() can be used to check if firewall policies (or firewall configuration) work as expected. As most sites adopt complex multilevel security strategies, each individual components has a critical function, and a simple typo or poorly designed strategy can generate unexpected holes that would go unnoticed. Another use of rapolicy() is to test new access control configurations prior to installing them in the actual network. You can do this using near real-time network audit data, and if you've established an argus archive, you can test the new configs against a large amounts of real traffic. This gives the security manager the opportunity to gain confidence that the new ACL will do the job, and not block unintended traffic. rapolicy() takes as input a real Cisco router access control list policy definition, and checks argus data against that policy. If a record does violate the policy, rapolicy will print that record to standard out, or it can pipe the record to another program, so that some action can be taken. 12.8 What is ragator()? 12.9 What is ragrep()? 12.10 What is rasrvstats()? 12.11 What is ratemplate()? Problems 13.1 I don't think Argus is auditing all the traffic. What could be wrong? Argus audits all the packets that it receives. Usually when you suspect that there is traffic that Argus isn't reporting, it is generally one of two situation. Argus is usually not seeing the packets. Argus is reporting the packets in an unexpected flow. 13.2 Ra doesn't seem to read Argus output. Three things to try. First is make sure that the ra() that you are using is ra 2.0. ra 1.8 cannot read Argus-2.0 data. To verify the ra() version, run ra -h. Second is that Argus.log may need to removed so that Argus can write a clean output log. There may be a situation where Argus is writing into a Argus-1.8 data file. The two header formats are not compatible, so ra may have trouble with that. With still Argus running just: mv Argus.log testfile Argus will recreate Argus.log when new data is ready to be written. When the Argus.log reappears, then try to read from it. If the problem doesn't relate to upgrading from 1.8 to 2.0, it may be that you need to turn off name lookups using the -n option. What appears to be no output may be the delay in looking up a host name, and the DNS server is not responding. Try: ra -nr Argus.log If this doesn't clear up the problem, send mail to the mailing list. Audit Management 14.1. Can I compress Argus log files? All ra* based clients can read compressed (.gz, .bz2 or .Z) Argus data files. This allows you to store your Argus data files using gzip(1), bzip2(1) or compress(1). This provides in general 3-4:1 compression. Also, all ra* based clients can read data from stdin, using the "-r -" option, so you can pipe the output of uncompress utilities directly into ra* programs. This should allow for flexibility in the type of compression to use. 14.2. Can I process/archive the Argus output file while Argus is running? Argus allows for removing its output file, "on the fly". Argus will recover by recreating its output file, accordingly. This allows you to "pull" the data file away from an Argus daemon for processing, archiving, whatever. The Argus package includes a sample program for managing Argus logs that takes advantage of this behavior. The very simple sh script is ./support/Archive/argusarchive. This program will simply rename a well known Argus output file, sort and compress its output, and then move to into a calender structured filesystem. This is just a sample program, but it does do a pretty good job. The idea is to have cron(8) execute this type of program on a time basis. There is a sample crontab entry for this in the ./support/System directory, that calls argusarchive every hour. 14.3. Can you suggest a daily log reporting configuration? 14.4. What about storing Argus logs in a database? /* Answers in progress */ 3. What does Argus data look like? Argus is pretty lazy as to when it will print out its records. This is so Argus will have maximum cycles for packet processing, rather than data output. Argus can be easily tuned to be more timely in reporting audit events, but without that tuning, Argus could take as long as 30-120 seconds to print out a particular record, depending on the load of the Argus, the protocol and when the last packet was seen. Because of this, Argus presents an interesting time map for its data events. I'll try to draw a graph. The Ax are Argus records in output order. The bars are the times that the data covers. The A's on the X axis are the times when the A records are actually reported. A1 + +---------+ A2 + +---+ A3 + ++ A4 + +---+ A5 + +----+ | +----+----+----+----+----+----+----+----+----+----+ 5 10 15 20 25 30 35 40 45 50 secs A A A A A 1 2 3 4 5 argus-2.0.6.fixes.1/doc/HOW-TO0000664000076600007660000003161110036675615011273 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ * */ Argus How To File 1. How do I join the Argus mailing list? 2. How do I report bugs? 3. How do I compile Argus? 4. How do I install Argus? 5. How do I configure Argus? 6. How do I run Argus? 7. How do you run argus on your systems? 8. How do I audit my web servers? 9. How do I audit the traffic between my corporate network and my ISP? 10. Who are the 10 top talkers on my network? 11. How can I log all http GET and POST requests to my web servers? 12. How do I log intrusion attempts into my network? 22. What is the performance of my DNS services? 1. How do I join the Argus mailing list? Send "subscribe argus" in the body of a piece of mail to majordomo@lists.andrew.cmu.edu 2. How do I report bugs? Use the tool ./bin/argusbug to send your bug report to the argus mailing list. Argusbug will present you with a bug reporting form, that includes some system information. If you are unhappy providing the information supplied by Argusbug, you are free to delete it. Send any comments/fixes/opinions/whatever to the mailing list. Someone will send a reply. 3. How do I compile Argus? Building specifics for argus are described in the ./INSTALL file. The quick method is: % ./configure % make 4. How do I install Argus? Detail installation instructions are in the ./INSTALL file. But the fast an easy way is to: make install 5. How do I configure Argus? For most uses, Argus will require only a few simple configuration variable set to do work. For the custom minded, Argus supports a large number of options. Argus is generally configured using the .argusrc file that is normally found in $ARGUSHOME. The variables that are set by this file can be overriden by the use of command line switches or an alternative configuration file that is specified using the "-F configfile" option. See ./example/.argusrc for a description of options and their default settings. This sample file sets most of the common options. 6. How do I run Argus? Argus is run either as a persistant daemon, reading live packets from a network interface, or as a program, reading packets from a packet capture file. The default, i.e. when it is run without any configuration, is to run as a daemon. The only real question to answer is where do you want argus to send its output. The basic options are to write to a file, or to offer remote access via a socket, or both. Most installations will run configure argus to write its output to a file. To do this, run argus as: # argus -w outputfile This will cause Argus to run as a daemon, reading packets from the first available network interface, and writing its output to an outputfile. If you intend to remotely attach to this argus, you'll need to tell argus what port to put a listen down on. The default port for clients is port 561. We recommend using this port number. # argus -P 561 -w outputfile In order to configure argus to read packets from a packet capture file, use the "-r" option. % argus -r ./packetfile Argus has a large number of options, which can be set through an .argusrc file, the use of command line options, or through a separate configuration file that is specifed at run time. These options are designed to specify things like, what type of information Argus should capture, how often it should generate output records, whether it should put the network interface in promiscuous mode when run, should it create a pid file, etc... The complete list is described int the argus.8 man page. 7. How do you run argus on your systems? argus -e `hostname` -P 561 -U128 -mRS 30 -w $ARGUSHOME/argus.out 8. How do I audit my web servers? Argus can be deployed either on the network using a tapping strategy that captures all the packets destined to and from the target web server, or Argus can be deployed on the web server itself. In any case, if the desire is to measure web performance itself, Argus should be deployed as close to the server as physically possible. Deploying Argus on the server itself is my preferred strategy as it solves some basic problems with monitoring multi-interface load balanced servers. Some sites will be concerned with the cycles used by Argus and stability issues, but for the majority of servers in use in the Internet today, this will be the right strategy, as it is the least expensive. +-----------+ +-----------+ | +-+ | | +-+ | | | | | | | | +------ | | | +-------+ | | | | | | | | | | +------ | +-+ | | +-+ | +-----------+ +-----------+ Web Back End Web Front End with resident with resident Argus Argus Figure 1. When off server deployment is indicated, Argus can be deployed any where in the network where there is access to packets of interest. Usually using a switch or hub that is inline with the target packet data is the way to go. +-----------+ Switch | | Hub | | +---+ | +-----+ +------- | | +-+-+ | | | +-----------+ | Web Server +---+---+ | Argus | +-------+ Figure 2. There are situations where the effects of load balancers will want to be monitored. In this case, multiple Argi can be deployed to monitor pre and post load balanced flow data. Switch Switch +-------+ Hub +-------+ Hub | | +---+ | | +---+ | +-----+ +------+ +------+ +------ | | +-+-+ | | +-+-+ +-------+ | +-------+ | Web Server | Load Balancer | +---+---+ +---+---+ | Argus | | Argus | +-------+ +-------+ Figure 3. 9. How do I audit the traffic between my corporate network and my ISP? The trick here is to deploy Argus such that it can see all the packets between the corp network and the Internet. In many networks there is a network ethernet DMZ. This is the ideal location to place Argus, a common link that is physically accessible that can have complete cover over all the packets. This is especially true when there are multiple ISP links being used by the corporation. A Switch or a Hub can be used to tap into the DMZ so that the Argus host can see the full duplex channel between the two routers, as shown below. Switch +-----------+ +------+ Hub | +------- ISP | | +-----+ | | corp ------+ +----+ +----+ Router +------- ISP | | +--+--+ | | +------+ | | +------- ISP router | +-----------+ +---+---+ | Argus | +-------+ Figure 4. If you can't insert a switch or a hub into the link as shown in Figure 4, then you've got a bit of a puzzle. In some cases you can configure your router to "port steer" or port copy the packets that you are interested in to a common monitoring port. When a switch or hub cannot be installed on the DMZ link, this would be the next likely strategy. +-----------+ B | +------- ISP A | Router | C Corp -----+ Switch +------- ISP | | D | +------- ISP +-----+-----+ | E +---+---+ | Argus | +-------+ If the router/switch can be configured to copy both incoming and outgoing packets from Interface A to Interface E, then the problem is solved, as this will get all the packets (assuming you don't support routing between interfaces B, C or D). Interface E should have the bandwidth needed to handle the full load of the traffic. In our example above, If interface A is a 10 Mbps ethernet link, interface E should be a 100Mpbs interface, so that it can handle the 20 Mbps of total load interface A can support. If the device does not support full duplex port copy, then a strategy that copies all the incoming interfaces of the router/switch to a common monitor interface will also get all the packets. If none of the above is possible, then ~here are WAN probe taps available that will support packet capture from ISP links. These are pretty expensive, sometimes more than the entire cost of the Argus probe itself, but they are available. 10. How do I determine the top talkers on my network? To get top talker type data, use ramon, with the TopN option. ramon -M TopN -r * - filter If you want top pairs of talkers, use ramon with the Matrix option. ramon -M Matrix -r * - filter 11. How can I log all http GET and POST requests to my web servers? 12. How do I log intrusion attempts into my network? 24. How do I generate near real-time link byte and packet counts every 10 seconds from a remote argus server? ragator() is the tool of choice here. But getting a 10 sec interval statistic will require that you to make some changes to the runtime configuration of argus. The ragator configuration file needed to do this described below. The problem is that Argus outputs microflow audit records based on state and a time interval. The -S option specifies what that time interval will be. The default is setup so that the maximum time duration of any argus audit record is 60 seconds. With this type of granular data, deriving a usable 10 second status counter is not possible. The best you could do would be a 180 second status counter (3 * (minimum period)). In order to get 10 second link stats, you will need to lower the status reporting timer run Argus to 2-3 seconds, using the -S option. Depending on your traffic loads, this may or may not be a lot of records. If you want to go for 10 second stats, run argus -S 2 [raoptions] And then use ragator to collect the microflow data from the above argus, using the flowmodel.conf file that is described below. ragator -S remoteargus -f flowmodel.conf Where this is the contents of flowmodel.conf # #label id SrcCIDRAddr DstCIDRAddr Proto SrcPort DstPort ModelList Duration Flow 106 * * * * * 100 10 # label id SrcAddrMask DstAddrMask Proto SrcPort DstPort Model 100 0.0.0.0 0.0.0.0 no no no If you want to do the same thing but count based on IP protocol, put a "yes" in the proto field of Model 100. Anyway, read the ./examples/fmodel.conf file for suggestions on configuring ragator(). argus-2.0.6.fixes.1/doc/README0000664000076600007660000000225410036675615011254 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ * */ This directory contains supporting documents for Argus-2.0. total 64 drwxrwxr-x 3 argus argus 4096 Feb 1 12:48 . drwxrwxr-x 12 argus argus 4096 Feb 1 10:09 .. -rw-rw-r-- 1 argus argus 1227 Feb 1 12:47 CHANGES -rw-rw-r-- 1 argus argus 17029 Feb 1 12:30 FAQ -rw-rw-r-- 1 argus argus 13388 Feb 1 12:33 HOW-TO -rw-rw-r-- 1 argus argus 1455 Feb 1 12:48 README argus-2.0.6.fixes.1/doc/html/0000775000076600007660000000000010044510077011402 5argus-2.0.6.fixes.1/doc/html/man/0000775000076600007660000000000010044510077012155 5argus-2.0.6.fixes.1/doc/html/man/argus.5.html0000664000076600007660000001244607254256621014271 Content-type: text/html Manpage of ARGUS

ARGUS

Section: File Formats (5)
Updated: 23 June 2000
Index Return to Main Contents
 

NAME

argus - IP Network Auditing Facility

 

SYNOPSIS

#include <[argus_dir]/include/argus_def.h>
#include <[argus_dir]/include/argus_out.h>

 

DESCRIPTION

The format of the argus(8) data stream is most succinctly described through the structures defined in the header file, but the general format is as follows:

Argus File Format:
   Argus_Datum Initial_Management_Record
   Argus_Datum
        .
        .
   Argus_Datum Management_Statistics
   Argus_Datum
        .
        .

where the individual data fields are defined as follows: 

struct ArgusRecord {
   unsigned char type, cause;
   unsigned short length;
   unsigned int status;
   unsigned int argusid;
   unsigned int seqNumber;

   union {
      struct ArgusMarStruct  mar;
      struct ArgusFarStruct  far;
   } ar_union;
};

struct ArgusMarStruct {
   struct timeval startime, now;
   unsigned char  major_version, minor_version;
   unsigned char interfaceType, interfaceStatus;
   unsigned short reportInterval, argusMrInterval;
   unsigned int argusid, localnet, netmask, nextMrSequenceNum;
   unsigned long long pktsRcvd, bytesRcvd;
   unsigned int  pktsDrop, flows, flowsClosed;
   unsigned int actIPcons,  cloIPcons;
   unsigned int actICMPcons,  cloICMPcons;
   unsigned int actIGMPcons,  cloIGMPcons;
   unsigned int actFRAGcons,  cloFRAGcons;
   unsigned int actSECcons,  cloSECcons;
   int record_len;
};

struct ArgusFarStruct {
   unsigned char type, length;
   unsigned short status;
 
   unsigned int ArgusTransRefNum;
   struct ArgusTimeDesc time;
   struct ArgusFlow flow;
   struct ArgusAttributes attr;
   struct ArgusMeter src, dst;
};

struct ArgusTimeDesc {
   struct timeval start;
   struct timeval last;
};

struct ArgusFlow {
   union {
      struct ArgusIPFlow     ip;
      struct ArgusICMPFlow icmp;
      struct ArgusMACFlow   mac;
      struct ArgusArpFlow   arp;
      struct ArgusRarpFlow rarp;
      struct ArgusESPFlow   esp;
  } flow_union;
};

struct ArgusIPAttributes {
   unsigned short soptions, doptions;
   unsigned char sttl, dttl;
   unsigned char stos, dtos;
};

struct ArgusARPAttributes {
   unsigned char response[8];
};

struct ArgusAttributes {
   union {
      struct ArgusIPAttributes   ip;
      struct ArgusARPAttributes arp;
   } attr_union;
};


struct ArgusMeter {
   unsigned int count, bytes, appbytes;
};

struct ArgusIPFlow {
   unsigned int ip_src, ip_dst;
   unsigned char ip_p, tp_p;
   unsigned short sport, dport;
   unsigned short ip_id;
};

struct ArgusICMPFlow {
   unsigned int ip_src, ip_dst;
   unsigned char ip_p, tp_p;
   unsigned char type, code;
   unsigned short id, ip_id;
};

struct ArgusMACFlow {
   struct ether_header ehdr;
   unsigned char dsap, ssap;
};

struct ArgusArpFlow {
   unsigned int arp_spa;
   unsigned int arp_tpa;
   unsigned char etheraddr[6];
   unsigned short pad;
};
 
struct ArgusRarpFlow {
   unsigned int arp_tpa;
   unsigned char srceaddr[6];
   unsigned char tareaddr[6];
};
 
struct ArgusESPFlow {
   unsigned int ip_src, ip_dst;
   unsigned char ip_p, tp_p;
   unsigned short pad;
   unsigned int spi;
};
 

SEE ALSO

argus(8),

 

Index

NAME
SYNOPSIS
DESCRIPTION
SEE ALSO
This document was created by man2html, using the manual pages.
Time: 23:40:57 GMT, March 15, 2001 argus-2.0.6.fixes.1/doc/html/man/argus.8.html0000664000076600007660000002314407254256621014271 Content-type: text/html Manpage of ARGUS

ARGUS

Section: Maintenance Commands (8)
Updated: 10 November 2000
Index Return to Main Contents
 

NAME

argus - audit record generation and utilization system  

SYNOPSIS

argus [ options ] [ filter expression ]  

COPYRIGHT

Copyright (c) 2000 QoSient, LLC All rights reserved.  

DESCRIPTION

Argus is an IP transaction auditing tool that categorizes IP packets which match the boolean expression into a protocol-specific network transaction model. Argus reports on the transactions that it discovers, as they occur.

Designed to run as a daemon, argus generally reads packets directly from a network interface, and writes the transaction status information to a log file or open socket connected to an argus client (such as ra(1)). Argus can also read packet information from tcpdump(1) , snoop(1) or NLANR's Moat Time Sequence Header raw packet files. Argus can also be configured to write its transaction logs to stdout.

Argus provides access control for its socket connection facility using tcp_wrapper technology. Please refer to the tcp_wrapper distribution for a complete description.  

OPTIONS

-b
Dump the compiled packet-matching code to stdout and stop. This is used to debug filter expressions.
-d
Run argus as a daemon. This will cause argus to do the things that Unix daemons do and return, if there were no errors, with argus running as a detached process.
-D
<level> Print debug messages to stderr. The higher the <level> the more information printed. Acceptable levels are 1-8.
-e
<value> Specify the source identifier for this argus. Acceptable values are numbers, hostnames or ip address.
-h
Print an explanation of all the arguments.
-F
Use conffile as a source of configuration information. Options set in this file override any other specification, and so this is the last word on option values.
-i
<interface> Specify the physical network <interface> to be audited. The default is the first network interface that is up and running.
-J 
Generate packet peformance data in each audit record.
-M
<secs> Specify the interval in <secs> of argus status records. These records are used to report the internal status of argus itself. The default is 300 seconds.
-m
Don't provide MAC addresses information in argus records.
-O
Turn off Berkeley Packet Filter optimizer. No reason to do this unless you think the optimizer generates bad code.
-p
Do not set the physical network interface in promiscuous mode. If the interface is already in promiscuous mode, this option may have no effect. Do this to audit only the traffic coming to and from the system argus is running on.
-P
<portnum> Specifies the <portnum> for remote client connection. The default is to not support remote access. Setting the value to zero (0) will forceably turn off the facility.
-r
Read from tcpdump(1) , snoop(1) or NLANR's Moat Time Sequence Header (tsh) packet capture files. If the packet capture file is a tsh format file, then the -t option must also be used. Argus will read from only one input packet file at a time. If the -r option is specified, argus will not put down a listen(2) to support remote access.
-R
Generate argus records such that response times can be derived from transaction data.
-S
<secs> Specify the status reporting interval in <secs> for all traffic flows.
-t
Indicate that the expected packet capture input file is a NLANR's Moat Time Sequence Header (tsh) packet capture file.
-U
Specify the number of user bytes to capture.
-w
<file ["filter"] Write transaction status records to output-file. An output-file of '-' directs argus to write the resulting argus-file output to stdout.
-X
Clear existing argus configuration. This removes any initialization done prior to encountering this flag. Allows you to eliminate the effects of the /etc/argus.conf file, or any argus.conf files that may have been loaded.
expression
This tcpdump(1) expression specifies which transactions will be selected. If no expression is given, all transactions are selected. Otherwise, only transactions for which expression is `true' will be dumped. For a complete expression format description, please refer to the tcpdump(1) man page.

 

SIGNALS

Argus catches a number of signal(3) events. The three signals SIGHUP, SIGINT, and SIGTERM cause argus to exit, writing TIMEDOUT status records for all currently active transactions. The signal SIGUSR1 will turn on debug reporting, and subsequent SIGUSR1 signals, will increment the debug-level. The signal SIGUSR2 will cause argus to turn off all debug reporting.

 

ENVIRONMENT

$ARGUSHOME - Argus Root directory
$ARGUSPATH - Argus.conf search path (/etc:$ARGUSHOME:$HOME)

 

FILES

/etc/argus.conf         - argus daemon configuration file 
/var/run/argus.#.#.pid  - PID file

 

EXAMPLES

Run argus as a daemon, writing all its transaction status reports to output-file. This is the typical mode. 

argus -d -e `hostname` -w output-file

If ICMP traffic is not of interest to you, you can filter out ICMP packets on input. 

argus -w output-file - ip and not icmp

Argus supports both input filtering and output filtering, and argus supports multiple output streams, each with their own independant filters.

If you are interested in tracking IP traffic only (input filter) and want to report ICMP traffic in one output file, and all other IP traffic in another file. 

argus -w outfile1 "icmp" -w outfile2 "not icmp" - ip

Audit the network activity that is flowing between the two gateway routers, whose ethernet addresses are 00:08:03:2D:42:01 and 00:00:0C:18:29:F1. Without specifying an output-file, it is assumed that the transaction status reports will be written to a remote client. In this case we have changed the port that the remote client will use to port 430/tcp. 

argus -P 430 ether host (0:8:3:2d:42:1 and 0:0:c:18:29:f1) &

Audit each individual ICMP ECHO transaction. You would do this gather Round Trip Time data within your network. Write the output to output-file. 

argus -R -w output-file "echo" - icmp

Audit all NFS transactions involving the server fileserver and increase the reporting interval to 3600 seconds (to provide high data reduction). Write the output to output-file. 

argus -S 3600 -w output-file udp and port 2049 &
 

AUTHORS

Carter Bullard (carter@qosient.com)
 

SEE ALSO

hosts_access(5), hosts_options(5), tcpd(8), tcpdump(1)

 

Index

NAME
SYNOPSIS
COPYRIGHT
DESCRIPTION
OPTIONS
SIGNALS
ENVIRONMENT
FILES
EXAMPLES
AUTHORS
SEE ALSO
This document was created by man2html, using the manual pages.
Time: 23:41:27 GMT, March 15, 2001 argus-2.0.6.fixes.1/doc/html/man/argus.conf.5.html0000664000076600007660000002412107254256621015206 Content-type: text/html Manpage of ARGUS.CONF

ARGUS.CONF

Section: User Commands (1)
Updated: 07 November 2000
Index Return to Main Contents
 

NAME

argus.conf - argus resource file.  

SYNOPSIS

argus.conf  

COPYRIGHT

Copyright (c) 2000 QoSient, LLC All rights reserved.  

DESCRIPTION

Argus will open this argus.conf if its installed as /etc/argus.conf. It will also search for this file as argus.conf in directories specified in $ARGUSPATH, or $ARGUSHOME, $ARGUSHOME/lib, or $HOME, $HOME/lib, and parse it to set common configuration options. All values in this file can be overriden by command line options, or other files of this format that can be read in using the -F option.

 

Variable Syntax

Variable assignments must be of the form: 

  VARIABLE=
with no white space between the VARIABLE and the '=' sign. Quotes are optional for string arguments, but if you want to embed comments, then quotes are required.

 

ARGUS_DAEMON

Argus is capable of running as a daemon, doing all the right things that daemons do. When this configuration is used for the system daemon process, say for /etc/argus.conf, this variable should be set to "yes".

The default value is to not run as a daemon.

This example is to support the ./support/Startup/argus script which requires that this variable be set to "yes".

Commandline equivalent -d

ARGUS_DAEMON=yes

 

ARGUS_MONITOR_ID

Argus Monitor Data is uniquely identifiable based on the source identifier that is included in each output record. This is to allow you to work with Argus Data from multiple monitors at the same time. The ID is 32 bits long, and so legitimate values are 0 - 4294967296 but argus also supports IP addresses as values. The configuration allows for you to use host names, however, do have some understanding how `hostname` will be resolved by the nameserver before commiting to this strategy completely.

Commandline equivalent -e

ARGUS_MONITOR_ID=`hostname`
                                          

 

ARGUS_ACCESS_PORT

Argus monitors can provide a real-time remote access port for collecting Argus data. This is a TCP based port service and the default port number is tcp/561, the "experimental monitor" service. This feature is disabled by default, and can be forced off by setting it to zero (0).

When you do want to enable this service, 561 is a good choice, as all ra* clients are configured to try this port by default.

Commandline equivalent -P

ARGUS_ACCESS_PORT=561

 

ARGUS_INTERFACE

By default, Argus will open the first appropriate interface on a system that it encounters. For systems that have only one network interface, this is a reasonable thing to do. But, when there are more than one suitable interface, you should specify which interface(s) Argus should read data from.

Argus can read packets from multiple interfaces at the same time, although this is limited to 2 interfaces at this time. Specify this in this file with multiple ARGUS_INTERFACE directives.

Commandline equivalent -i

ARGUS_INTERFACE=le0

 

ARGUS_OUTPUT_FILE

Argus can write its output to one or a number of files, default limit is 5 concurrent files, each with their own independant filters.

The format is: 

     ARGUS_OUTPUT_FILE=/full/path/file/name
     ARGUS_OUTPUT_FILE=/full/path/file/name "filter"

Most sites will have argus write to a file, for reliablity and performance. The example file name is used here as supporting programs, such as ./support/Archive/argusarchive are configured to use this file.

Commandline equivalent -w

ARGUS_OUTPUT_FILE=/var/log/argus/argus.out

 

ARGUS_SET_PID

When Argus is configured to run as a daemon, with the -d option, Argus can store its pid in a file, to aid in managing the running daemon. However, creating a system pid file requires priviledges that may not be appropriate for all cases.

When configured to generate a pid file, if Argus cannot create the pid file, it will fail to run. This variable is available to override the default, in case this gets in your way.

The default value is to generate a pid.

No Commandline equivalent

ARGUS_SET_PID=yes

 

ARGUS_GO_PROMISCUOUS

By default, Argus will put its interface in promiscuous mode in order to monitor all the traffic that can be collected. This can put an undo load on systems.

If the intent is to monitor only the network activity of the specific system, say to measure the performance of an HTTP service or DNS service, you'll want to turn promiscuous mode off.

The default value is go into prmiscuous mode.

Commandline equivalent -p

ARGUS_GO_PROMISCUOUS=yes

 

ARGUS_FLOW_STATUS_INTERVAL

Argus will periodically report on a flow's activity every ARGUS_FLOW_STATUS_INTERVAL seconds, as long as there is new activity on the flow. This is so that you can get a view into the activity of very long lived flows. The default is 60 seconds, but this number may be too low or too high depending on your uses.

The default value is 60 seconds, but argus does support a minimum value of 1. This is very useful for doing measurements in a controlled experimental environment where the number of flows is < 1000.

Commandline equivalent -S

ARGUS_FLOW_STATUS_INTERVAL=60

 

ARGUS_MAR_STATUS_INTERVAL

Argus will periodically report on a its own health, providing interface status, total packet and bytes counts, packet drop rates, and flow oriented statistics.

These records can be used as "keep alives" for periods when there is no network traffic to be monitored.

The default value is 300 seconds, but a value of 60 seconds is very common.

Commandline equivalent -M

ARGUS_MAR_STATUS_INTERVAL=300

 

ARGUS_DEBUG_LEVEL

If compiled to support this option, Argus is capable of generating a lot of debug information.

The default value is zero (0).

Commandline equivalent -D

ARGUS_DEBUG_LEVEL=0

 

ARGUS_GENERATE_RESPONSE_TIME_DATA

Argus can be configured to report on flows in a manner than provides the best information for calculating application reponse times and network round trip times.

The default value is to not generate this data.

Commandline equivalent -R


  ARGUS_GENERATE_RESPONSE_TIME_DATA=no

 

ARGUS_GENERATE_JITTER_DATA

Argus can be configured to generate packet jitter information on a per flow basis. The default value is to not generate this data.

Commandline equivalent -J


  ARGUS_GENERATE_JITTER_DATA=no

 

ARGUS_GENERATE_MAC_DATA

Argus can be configured to not provide MAC addresses in it audit data. This is available if MAC address tracking and audit is not a requirement.

The default value is to not generate this data.

Commandline equivalent -m


  ARGUS_GENERATE_MAC_DATA=no

 

ARGUS_CAPTURE_DATA_LEN

Argus can be configured to capture a number of user data bytes from the packet stream.

The default value is to not generate this data.

Commandline equivalent -U


  ARGUS_CAPTURE_DATA_LEN=0

 

ARGUS_FILTER_OPTIMIZER

Argus uses the packet filter capabilities of libpcap. If there is a need to not use the libpcap filter optimizer, you can turn it off here. The default is to leave it on.

Commandline equivalent -O

ARGUS_FILTER_OPTIMIZER=yes

 

ARGUS_FILTER

You can provide a filter expression here, if you like. It should be limited to 2K in length. The default is to not filter.

No Commandline equivalent

ARGUS_FILTER=""

 

SEE ALSO

argus(8)

 

Index

NAME
SYNOPSIS
COPYRIGHT
DESCRIPTION
Variable Syntax
ARGUS_DAEMON
ARGUS_MONITOR_ID
ARGUS_ACCESS_PORT
ARGUS_INTERFACE
ARGUS_OUTPUT_FILE
ARGUS_SET_PID
ARGUS_GO_PROMISCUOUS
ARGUS_FLOW_STATUS_INTERVAL
ARGUS_MAR_STATUS_INTERVAL
ARGUS_DEBUG_LEVEL
ARGUS_GENERATE_RESPONSE_TIME_DATA
ARGUS_GENERATE_JITTER_DATA
ARGUS_GENERATE_MAC_DATA
ARGUS_CAPTURE_DATA_LEN
ARGUS_FILTER_OPTIMIZER
ARGUS_FILTER
SEE ALSO
This document was created by man2html, using the manual pages.
Time: 23:40:57 GMT, March 15, 2001 argus-2.0.6.fixes.1/include/0000775000076600007660000000000010044510077011314 5argus-2.0.6.fixes.1/include/CflowdFlowPdu.h0000775000076600007660000004304407464544762014160 /*=========================================================================== / @(#) $Name: $ / @(#) $Id: CflowdFlowPdu.h,v 1.2 2002/05/03 17:33:38 argus Exp $ /=========================================================================== / CAIDA Copyright Notice / / By accessing this software, cflowd++, you are duly informed / of and agree to be bound by the conditions described below in this / notice: / / This software product, cflowd++, is developed by Daniel W. McRobb, and / copyrighted(C) 1998 by the University of California, San Diego / (UCSD), with all rights reserved. UCSD administers the CAIDA grant, / NCR-9711092, under which part of this code was developed. / / There is no charge for cflowd++ software. You can redistribute it / and/or modify it under the terms of the GNU General Public License, / v. 2 dated June 1991 which is incorporated by reference herein. / cflowd++ is distributed WITHOUT ANY WARRANTY, IMPLIED OR EXPRESS, OF / MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE or that the use / of it will not infringe on any third party's intellectual property / rights. / / You should have received a copy of the GNU GPL along with cflowd++. / Copies can also be obtained from: / / http://www.gnu.org/copyleft/gpl.html / / or by writing to: / / University of California, San Diego / / SDSC/CAIDA / 9500 Gilman Dr., MS-0505 / La Jolla, CA 92093 - 0505 USA / / Or contact: / / info@caida.org /=========================================================================== */ /*--------------------------------------------------------------------------- This header file contains the layout of flow-export packets for Cisco's flow-export. -------------------------------------------------------------------------*/ #ifndef _FLOWPDU_H_ #define _FLOWPDU_H_ #define k_maxFlowPacketSize 2048 #ifndef uint8_t #define uint8_t unsigned char #endif #ifndef uint16_t #define uint16_t unsigned short #endif #ifndef uint32_t #define uint32_t unsigned int #endif #ifndef ipv4addr_t #define ipv4addr_t unsigned int #endif /*--------------------------------------------------------------------------- flow-export version 1 header -------------------------------------------------------------------------*/ typedef struct { uint16_t version; /* flow-export version number */ uint16_t count; /* number of flow entries */ uint32_t sysUptime; uint32_t unix_secs; uint32_t unix_nsecs; } CiscoFlowHeaderV1_t; #define k_maxFlowsPerV1Packet 24 /*--------------------------------------------------------------------------- flow-export version 1 flow entry -------------------------------------------------------------------------*/ typedef struct { ipv4addr_t srcaddr; /* source IP address */ ipv4addr_t dstaddr; /* destination IP address */ ipv4addr_t nexthop; /* next hop router's IP address */ uint16_t input; /* input interface index */ uint16_t output; /* output interface index */ uint32_t pkts; /* packets sent in duration */ uint32_t bytes; /* octets sent in duration */ uint32_t first; /* SysUptime at start of flow */ uint32_t last; /* and of last packet of flow */ uint16_t srcport; /* TCP/UDP source port number or equivalent */ uint16_t dstport; /* TCP/UDP destination port number or equivalent */ uint16_t pad0; uint8_t prot; /* IP protocol, e.g., 6=TCP, 17=UDP, ... */ uint8_t tos; /* IP Type-of-Service */ uint8_t flags; /* TCP flags */ uint8_t pad1, pad2, pad3; /* pads */ uint32_t pad4; } CiscoFlowEntryV1_t; /*--------------------------------------------------------------------------- flow-export version 5 header -------------------------------------------------------------------------*/ typedef struct { uint16_t version; /* flow-export version number */ uint16_t count; /* number of flow entries */ uint32_t sysUptime; uint32_t unix_secs; uint32_t unix_nsecs; uint32_t flow_sequence; /* sequence number */ uint8_t engine_type; /* no VIP = 0, VIP2 = 1 */ uint8_t engine_id; /* VIP2 slot number */ uint16_t reserved; /* unused */ } CiscoFlowHeaderV5_t; #define k_maxFlowsPerV5Packet 30 /*--------------------------------------------------------------------------- flow-export version 5 flow entry -------------------------------------------------------------------------*/ typedef struct { ipv4addr_t srcaddr; /* source IP address */ ipv4addr_t dstaddr; /* destination IP address */ ipv4addr_t nexthop; /* next hop router's IP address */ uint16_t input; /* input interface index */ uint16_t output; /* output interface index */ uint32_t pkts; /* packets sent in duration */ uint32_t bytes; /* octets sent in duration */ uint32_t first; /* SysUptime at start of flow */ uint32_t last; /* and of last packet of flow */ uint16_t srcport; /* TCP/UDP source port number or equivalent */ uint16_t dstport; /* TCP/UDP destination port number or equivalent */ uint8_t pad; uint8_t tcp_flags; /* bitwise OR of all TCP flags in flow; 0x10 */ /* for non-TCP flows */ uint8_t prot; /* IP protocol, e.g., 6=TCP, 17=UDP, ... */ uint8_t tos; /* IP Type-of-Service */ uint16_t src_as; /* originating AS of source address */ uint16_t dst_as; /* originating AS of destination address */ uint8_t src_mask; /* source address prefix mask bits */ uint8_t dst_mask; /* destination address prefix mask bits */ uint16_t reserved; } CiscoFlowEntryV5_t; /*--------------------------------------------------------------------------- flow-export version 6 header -------------------------------------------------------------------------*/ typedef struct { uint16_t version; /* version */ uint16_t count; /* the number of records in PDU */ uint32_t sysUptime; /* current time in msecs since router booted */ uint32_t unix_secs; /* current seconds since 0000 UTC 1970 */ uint32_t unix_nsecs; /* residual nanoseconds since 0000 UTC 1970 */ uint32_t flow_sequence; /* seq counter of total flows seen */ uint8_t engine_type; /* type of flow switching engine */ uint8_t engine_id; /* ID number of the flow switching engine */ uint16_t reserved; } CiscoFlowHeaderV6_t; #define k_maxFlowsPerV6Packet 27 /*--------------------------------------------------------------------------- flow-export version 6 flow entry -------------------------------------------------------------------------*/ typedef struct { ipv4addr_t srcaddr; /* source IP address */ ipv4addr_t dstaddr; /* destination IP address */ ipv4addr_t nexthop; /* next hop router's IP address */ uint16_t input; /* input interface index */ uint16_t output; /* output interface index */ uint32_t pkts; /* packets sent in duration */ uint32_t bytes; /* octets sent in duration */ uint32_t first; /* SysUptime at start of flow */ uint32_t last; /* and of last packet of flow */ uint16_t srcport; /* TCP/UDP source port number or equivalent */ uint16_t dstport; /* TCP/UDP destination port number or equivalent */ uint8_t rsvd; uint8_t tcp_flags; /* bitwise OR of all TCP flags seen in flow */ uint8_t prot; /* IP protocol, e.g., 6=TCP, 17=UDP, ... */ uint8_t tos; /* IP Type-of-Service */ uint16_t src_as; /* originating AS of source address */ uint16_t dst_as; /* originating AS of destination address */ uint8_t src_mask; /* source address prefix mask bits */ uint8_t dst_mask; /* destination address prefix mask bits */ uint8_t in_encaps; /* size in bytes of the input encapsulation */ uint8_t out_encaps; /* size in bytes of the output encapsulation */ uint32_t peer_nexthop; /* IP address of the nexthop w/in the peer (FIB) */ } CiscoFlowEntryV6_t; /*--------------------------------------------------------------------------- flow-export version 8 --------------------------------------------------------------------------- This is the first flow-export version to support multiple types of flow-export records. Each type is an aggregation, so that only specific types of data may be exported (saving processing and bandwidth). Obviously flow level granularity is gone, but this type of data reduction is useful on high-speed routers like the GSR. -------------------------------------------------------------------------*/ /*--------------------------------------------------------------------------- flow-export version 8 header -------------------------------------------------------------------------*/ typedef struct { uint16_t version; /* flow-export version number */ uint16_t count; /* number of flow entries */ uint32_t sysUptime; /* current time in msecs since router booted */ uint32_t unix_secs; /* current seconds since 0000 UTC 1970 */ uint32_t unix_nsecs; /* residual nanoseconds since 0000 UTC 1970 */ uint32_t flow_sequence; /* sequence number */ uint8_t engine_type; /* type of flow switching engine */ uint8_t engine_id; /* ID number of the flow switching engine */ uint8_t agg_method; /* aggregation method */ uint8_t agg_version; /* aggregation version */ uint32_t reserved; /* unused */ } CiscoFlowHeaderV8_t; /*--------------------------------------------------------------------------- V8 aggregation methods -------------------------------------------------------------------------*/ #define k_CiscoV8FlowExportASAggType 0x01 /* AS agg. */ #define k_CiscoV8FlowExportProtocolPortAggType 0x02 /* protocol/port agg. */ #define k_CiscoV8FlowExportSrcNetAggType 0x03 /* src network agg. */ #define k_CiscoV8FlowExportDstNetAggType 0x04 /* dst network agg. */ #define k_CiscoV8FlowExportNetMatrixAggType 0x05 /* net matrix agg. */ #define k_CiscoV8FlowExportMaxAggType k_CiscoV8FlowExportNetMatrixAggType #define k_CiscoV8FlowExportNumAggTypes k_CiscoV8FlowExportMaxAggType /*--------------------------------------------------------------------------- max flows per packet for each of the different V8 aggregation methods -------------------------------------------------------------------------*/ #define k_maxFlowsPerV8AsAggPacket 51 #define k_maxFlowsPerV8ProtocolPortAggPacket 51 #define k_maxFlowsPerV8SrcNetAggPacket 44 #define k_maxFlowsPerV8DstNetAggPacket 44 #define k_maxFlowsPerV8NetMatrixAggPacket 35 /*--------------------------------------------------------------------------- define max flows per packet, regardless of type of flows. -------------------------------------------------------------------------*/ #define k_maxFlowsPerAnyPacket 51 /*--------------------------------------------------------------------------- V8 AS aggregation flow entry version 2 -------------------------------------------------------------------------*/ typedef struct { uint32_t flows; /* number of flows */ uint32_t pkts; /* number of packets */ uint32_t bytes; /* number of bytes */ uint32_t first; /* sysUptime at start of flow */ uint32_t last; /* sysUptime at end of flow */ uint16_t src_as; /* source AS */ uint16_t dst_as; /* destination AS */ uint16_t input; /* input interface index */ uint16_t output; /* output interface index */ } CiscoFlowEntryV8AsAggV2_t; /*--------------------------------------------------------------------------- V8 protocol/port aggregation flow entry version 2 -------------------------------------------------------------------------*/ typedef struct { uint32_t flows; /* number of flows */ uint32_t pkts; /* number of packets */ uint32_t bytes; /* number of bytes */ uint32_t first; /* sysUptime at start of flow */ uint32_t last; /* sysUptime at end of flow */ uint8_t prot; /* IP protocol (TCP=6, UDP=17, etc.) */ uint8_t pad; uint16_t reserved; uint16_t srcport; /* source port */ uint16_t dstport; /* destination port */ } CiscoFlowEntryV8ProtocolPortAggV2_t; /*--------------------------------------------------------------------------- V8 net matrix aggregation flow entry version 2 -------------------------------------------------------------------------*/ typedef struct { uint32_t flows; /* number of flows */ uint32_t pkts; /* number of packets */ uint32_t bytes; /* number of bytes */ uint32_t first; /* sysUptime at start of flow */ uint32_t last; /* sysUptime at end of flow */ ipv4addr_t srcnet; /* source network */ ipv4addr_t dstnet; /* destination network */ uint8_t dst_mask; /* destination netmask length (bits) */ uint8_t src_mask; /* source netmask length (bits) */ uint16_t reserved; uint16_t src_as; /* source AS */ uint16_t dst_as; /* destination AS */ uint16_t input; /* input interface index */ uint16_t output; /* output interface index */ } CiscoFlowEntryV8NetMatrixAggV2_t; /*--------------------------------------------------------------------------- V8 source network aggregation flow entry version 2 -------------------------------------------------------------------------*/ typedef struct { uint32_t flows; /* number of flows */ uint32_t pkts; /* number of packets */ uint32_t bytes; /* number of bytes */ uint32_t first; /* sysUptime at start of flow */ uint32_t last; /* sysUptime at end of flow */ ipv4addr_t srcnet; /* source network */ uint8_t src_mask; /* source network mask length (bits) */ uint8_t pad; uint16_t src_as; /* source AS */ uint16_t input; /* input interface index */ uint16_t reserved; } CiscoFlowEntryV8SrcNetAggV2_t; /*--------------------------------------------------------------------------- V8 destination network aggregation flow entry version 2 -------------------------------------------------------------------------*/ typedef struct { uint32_t flows; /* number of flows */ uint32_t pkts; /* number of packets */ uint32_t bytes; /* number of bytes */ uint32_t first; /* sysUptime at start of flow */ uint32_t last; /* sysUptime at end of flow */ ipv4addr_t dst_net; /* destination network */ uint8_t dst_mask; /* destination network mask length (bits) */ uint8_t pad; uint16_t dst_as; /* destination AS */ uint16_t output; /* output interface index */ uint16_t reserved; } CiscoFlowEntryV8DstNetAggV2_t; /*--------------------------------------------------------------------------- flow-export version 7 header (Catalyst 5000) NOT USED, V7 FLOW-EXPORT HANDLING NOT IMPLEMENTED. -------------------------------------------------------------------------*/ typedef struct { uint16_t version; /* flow-export version number */ uint16_t count; /* number of flow entries */ uint32_t sysUptime; uint32_t unix_secs; uint32_t unix_nsecs; uint32_t flow_sequence; /* sequence number */ uint32_t reserved; /* unused */ } CiscoFlowHeaderV7_t; /*--------------------------------------------------------------------------- flow-export version 7 flow entry (Catalyst 5000) NOT USED, V7 FLOW-EXPORT HANDLING NOT IMPLEMENTED. -------------------------------------------------------------------------*/ typedef struct { ipv4addr_t srcaddr; /* source IP address (0 for dest-only flows) */ ipv4addr_t dstaddr; /* destination IP address */ ipv4addr_t nexthop; /* next hop router's IP address (always 0) */ uint16_t input; /* input interface index (always 0) */ uint16_t output; /* output interface index */ uint32_t pkts; /* packets sent in duration */ uint32_t bytes; /* octets sent in duration */ uint32_t first; /* SysUptime at start of flow */ uint32_t last; /* and of last packet of flow */ uint16_t srcport; /* TCP/UDP source port number or equivalent, */ /* 0 if flow mask is destination-only or */ /* source-destination. */ uint16_t dstport; /* TCP/UDP destination port number or equivalent, */ /* 0 if flow mask is destination-only or */ /* source-destination. */ uint8_t flags1; /* ???? */ uint8_t tcp_flags; /* bitwise OR of all TCP flags in flow (always 0) */ uint8_t prot; /* IP protocol, e.g., 6=TCP, 17=UDP, ... */ uint8_t tos; /* IP Type-of-Service */ uint16_t src_as; /* originating AS of source address (always 0) */ uint16_t dst_as; /* originating AS of destination address (always 0) */ uint8_t src_mask; /* source address prefix mask bits (always 0) */ uint8_t dst_mask; /* destination address prefix mask bits (always 0) */ uint16_t flags2; /* ???? */ uint32_t router_sc; /* IP address of shortcut router */ } CiscoFlowEntryV7_t; #endif /* _FLOWPDU_H_ */ argus-2.0.6.fixes.1/include/argus-namedb.h0000775000076600007660000000741110016412624013756 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the Computer Systems * Engineering Group at Lawrence Berkeley Laboratory. * 4. Neither the name of the University nor of the Laboratory may be used * to endorse or promote products derived from this software without * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#) $Header: /usr/local/cvsroot/argus/include/argus-namedb.h,v 1.13 2004/02/23 15:00:36 argus Exp $ (LBL) */ #ifndef lib_argus_ethers_h #define lib_argus_ethers_h /* * As returned by the argus_next_etherent() * XXX this stuff doesn't belong in this inteface, but this * library already must do name to address translation, so * on systems that don't have support for /etc/ethers, we * export these hooks since they'll */ #ifndef PCAP_ETHERS_FILE #define PCAP_ETHERS_FILE "/etc/ethers" #endif struct pcap_etherent *argus_next_etherent(FILE *); u_char *argus_ether_hostton(char*); u_char *argus_ether_aton(char *); unsigned int **argus_nametoaddr(char *); unsigned int argus_nametonetaddr(char *); int argus_nametoport(char *, int *, int *); int argus_nametoproto(char *); int argus_nametoeproto(char *); /* * If a protocol is unknown, PROTO_UNDEF is returned. * Also, argus_nametoport() returns the protocol along with the port number. * If there are ambiguous entried in /etc/services (i.e. domain * can be either tcp or udp) PROTO_UNDEF is returned. */ #define PROTO_UNDEF -1 /* XXX move these to pcap-int.h? */ unsigned int __argus_atodn(char *); unsigned int __argus_atoin(char *, unsigned int *); u_short __argus_nametodnaddr(char *); #endif argus-2.0.6.fixes.1/include/argus_def.h0000775000076600007660000002630510016412624013353 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1993, 1994 Carnegie Mellon University. * All rights reserved. * * Permission to use, copy, modify, and distribute this software and * its documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and * that both that copyright notice and this permission notice appear * in supporting documentation, and that the name of CMU not be * used in advertising or publicity pertaining to distribution of the * software without specific, written prior permission. * * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. * */ /* Argus_def.h */ /* * Argus_def.h is an update of the argus-1.8.1 argus_def.h to accomodate * new record and data types. The basic changes are to include a 'cookie' * in the header, add some new record types in the man category, index and * event records, and the data category, data and supplement, remove * the protocol tags in the status, as they are going to be in the * flow record, and to add RTP and RTCP status bits, as they are not * going to be in the new flow structure. * */ #ifndef Argus_def_h #define Argus_def_h /* Argus Record Header Format 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Cause | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Ver | Opt | Status | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Argus Identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ /* 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Status | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Argus Status Record Note that one tick mark represents one bit position. */ #define ARGUS_COOKIE 0xE5617ACB /* Argus Record Type */ #define ARGUS_MAR 0x80 /* Normal Argus Management Record */ #define ARGUS_INDEX 0xA0 /* New Argus Index Record */ #define ARGUS_EVENT 0xC0 /* New Argus Event/Message Record */ #define ARGUS_CISCO_NETFLOW 0x10 /* Argus CISCO Netflow Support */ #define ARGUS_WRITESTRUCT 0x20 /* Argus 1.x Write Struct Conversion */ #define ARGUS_RMON 0x40 /* New RMON style FAR Record Format */ #define ARGUS_FAR 0x01 /* Normal Argus Data Record */ #define ARGUS_DATASUP 0x02 /* New Supplemental Argus Data Record */ /* Argus Record Cause */ #define ARGUS_START 0x01 /* INIT */ #define ARGUS_STATUS 0x04 /* STATUS */ #define ARGUS_STOP 0x08 /* CLOSE */ #define ARGUS_SHUTDOWN 0x10 /* Administrative shutdown */ #define ARGUS_TIMEOUT 0x20 /* TIMEOUT */ #define ARGUS_ERROR 0x40 /* MAJOR PROBLEM */ /* Record Version (Ver) */ #define ARGUS_VERSION 0x20000000 /* Version 2 */ /* Record Options (Opt)*/ #define ARGUS_DETAIL 0x01000000 #define ARGUS_MERGED 0x02000000 #define ARGUS_TOPN 0x04000000 #define ARGUS_MATRIX 0x08000000 /* Argus MAR Record Status */ #define ARGUS_SASL_AUTHENTICATE 0x00001000 /* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Status Conditions | Proto | EtherType Field | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Argus Record Status Field Note that one tick mark represents one bit position. */ #define ARGUS_ETHERTYPE 0x00FFFF #define ARGUS_MPLS 0x00010000 #define ARGUS_VLAN 0x00020000 #define ARGUS_PPPoE 0x00040000 #define ARGUS_SNAPENCAPS 0x00080000 #define ARGUS_CONNECTED 0x00100000 #define ARGUS_ID_IS_IPADDR 0x00800000 #define ARGUS_SRC_VLAN 0x0001 #define ARGUS_DST_VLAN 0x0002 #define ARGUS_SRC_MPLS 0x0001 #define ARGUS_DST_MPLS 0x0002 #define ARGUS_SRC_CHANGED 0x0010 #define ARGUS_DST_CHANGED 0x0020 /* Argus Error Messages go into the status field when the Record Cause is ARGUS_ERROR. */ #define ARGUS_ACCESSDENIED 0x000010 #define ARGUS_MAXLISTENEXCD 0x000020 /* Link Types */ #define ARGUS_ETHERNET 0x01000000 #define ARGUS_ATM 0x02000000 #define ARGUS_FDDI 0x03000000 #define ARGUS_TOKENRING 0x04000000 #define ARGUS_SLIP 0x05000000 #define ARGUS_PPP 0x06000000 #define ARGUS_ESP 0x07000000 #define ARGUS_RAW 0x08000000 #define ARGUS_NULL 0x09000000 #define ARGUS_SEND_FRAG_COMPLETE 0x10000000 /* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Argus FAR Status Field Note that one tick mark represents one bit position. */ /* ICMP Mapped Indicator */ /* argus_far.status indicator */ #define ARGUS_ICMP_MAPPED 0x0007 #define ARGUS_ICMPUNREACH_MAPPED 0x0001 #define ARGUS_ICMPREDIREC_MAPPED 0x0002 #define ARGUS_ICMPTIMXCED_MAPPED 0x0004 #define ARGUS_FRAGMENTS 0x0008 #define ARGUS_FRAGOVERLAP 0x0010 #define ARGUS_TOS_MODIFIED 0x0020 #define ARGUS_TTL_MODIFIED 0x0040 #define ARGUS_OPTION_MODIFIED 0x0080 /* IP Option Indicators */ #define ARGUS_IPOPTIONS 0x3F00 #define ARGUS_TIMESTAMP 0x0100 #define ARGUS_SECURITY 0x0200 #define ARGUS_LSRCROUTE 0x0400 #define ARGUS_RECORDROUTE 0x0800 #define ARGUS_SSRCROUTE 0x1000 #define ARGUS_SATNETID 0x2000 #define ARGUS_MULTIADDR 0x4000 /* Type: DSR Cause: ANY */ #define ARGUS_MAC_DSR 0x08 #define ARGUS_TCP_DSR 0x11 #define ARGUS_ICMP_DSR 0x12 #define ARGUS_RTP_DSR 0x14 #define ARGUS_RTCP_DSR 0x15 #define ARGUS_IGMP_DSR 0x18 #define ARGUS_ARP_DSR 0x20 #define ARGUS_FRG_DSR 0x21 #define ARGUS_ESP_DSR 0x22 #define ARGUS_MPLS_DSR 0x28 #define ARGUS_VLAN_DSR 0x2a #define ARGUS_PPPOE_DSR 0x2b #define ARGUS_AGR_DSR 0x30 #define ARGUS_TIME_DSR 0x40 #define ARGUS_SRCUSRDATA_DSR 0x42 #define ARGUS_DSTUSRDATA_DSR 0x43 #define ARGUS_SRC_TIME_DSR 0x01 #define ARGUS_DST_TIME_DSR 0x02 /* IP Sec AH Header Status Bits */ #define ARGUS_AH_HDR 0x00000010 #define ARGUS_AH_REPLAY 0x00000008 /* RTP State Constants and Reporting Values */ #define ARGUS_RTP_SRCSILENCE 0x01 #define ARGUS_RTP_DSTSILENCE 0x02 #define ARGUS_RTCP_TAG 0x2000 #define ARGUS_RTP_TAG 0x4000 #define ARGUS_HTTP_FLOWTAG 0x01 #define ARGUS_RTCP_FLOWTAG 0x10 #define ARGUS_RTP_FLOWTAG 0x20 #define ARGUS_FRAG_FLOWTAG 0xCB /* TCP State Constants and Reporting Values */ #define ARGUS_SAW_SYN 0x0001 #define ARGUS_SAW_SYN_SENT 0x0002 #define ARGUS_CON_ESTABLISHED 0x0004 #define ARGUS_FIN 0x0008 #define ARGUS_FIN_ACK 0x0010 #define ARGUS_NORMAL_CLOSE 0x0020 #define ARGUS_CLOSE_WAITING 0x0040 #define ARGUS_PKTS_RETRANS 0x0300 /* SRC_PKTS_RETRANS | DST_PK*/ #define ARGUS_SRC_PKTS_RETRANS 0x0100 #define ARGUS_DST_PKTS_RETRANS 0x0200 #define ARGUS_IN_CURR_WINDOW 0x0200000 #define ARGUS_WINDOW_CURR_SHUT 0x0100000 #define ARGUS_WINDOW_SHUT 0x0C00 /* SRC_WINDOW_SHUT | DST_WIN*/ #define ARGUS_SRC_WINDOW_SHUT 0x0400 #define ARGUS_DST_WINDOW_SHUT 0x0800 #define ARGUS_RESET 0x3000 /* SRC_RESET | DST_RESET */ #define ARGUS_SRC_RESET 0x1000 #define ARGUS_DST_RESET 0x2000 #define ARGUS_ECN_CONGESTED 0xC000 /* SRC_CONGESTED | DST_CONGESTED */ #define ARGUS_SRC_CONGESTED 0x4000 #define ARGUS_DST_CONGESTED 0x8000 #define ARGUS_TCP_MAXSEG 0x00100000 #define ARGUS_TCP_WSCALE 0x00200000 #define ARGUS_TCP_SACKOK 0x00400000 #define ARGUS_TCP_SACK 0x00800000 #define ARGUS_TCP_ECHO 0x01000000 #define ARGUS_TCP_ECHOREPLY 0x02000000 #define ARGUS_TCP_TIMESTAMP 0x04000000 #define ARGUS_TCP_CC 0x08000000 #define ARGUS_TCP_CCNEW 0x10000000 #define ARGUS_TCP_CCECHO 0x20000000 #define ARGUS_TCP_SRC_ECN 0x40000000 #define ARGUS_TCP_DST_ECN 0x80000000 /* Fragment State Constants and Reporting Values */ #define ARGUS_FRAG_INIT 0x0001 #define ARGUS_FRAG_OUT_OF_ORDER 0x0002 #define ARGUS_TCPFRAGOFFSETERROR 0x0004 /* User Data Status Values */ #define ARGUS_FAR_DSR_STATUS 0x00000001 #define ARGUS_MAC_DSR_STATUS 0x00000010 #define ARGUS_VLAN_DSR_STATUS 0x00000020 #define ARGUS_MPLS_DSR_STATUS 0x00000040 #define ARGUS_TCP_DSR_STATUS 0x00000100 #define ARGUS_ICMP_DSR_STATUS 0x00000200 #define ARGUS_RTP_DSR_STATUS 0x00000400 #define ARGUS_RTCP_DSR_STATUS 0x00000800 #define ARGUS_IGMP_DSR_STATUS 0x00001000 #define ARGUS_ARP_DSR_STATUS 0x00002000 #define ARGUS_FRG_DSR_STATUS 0x00004000 #define ARGUS_TIME_DSR_STATUS 0x00100000 #define ARGUS_SRCUSRDATA_DSR_STATUS 0x00200000 #define ARGUS_DSTUSRDATA_DSR_STATUS 0x00400000 #define ARGUS_ESP_DSR_STATUS 0x00800000 #define ARGUS_AGR_DSR_STATUS 0x80000000 #define ARGUS_FAR_DSR_INDEX 0 #define ARGUS_MAC_DSR_INDEX 4 #define ARGUS_VLAN_DSR_INDEX 5 #define ARGUS_MPLS_DSR_INDEX 6 #define ARGUS_TCP_DSR_INDEX 8 #define ARGUS_ICMP_DSR_INDEX 9 #define ARGUS_RTP_DSR_INDEX 10 #define ARGUS_RTCP_DSR_INDEX 11 #define ARGUS_IGMP_DSR_INDEX 12 #define ARGUS_ARP_DSR_INDEX 13 #define ARGUS_FRG_DSR_INDEX 14 #define ARGUS_TIME_DSR_INDEX 20 #define ARGUS_SRCUSRDATA_DSR_INDEX 21 #define ARGUS_DSTUSRDATA_DSR_INDEX 22 #define ARGUS_ESP_DSR_INDEX 23 #define ARGUS_AGR_DSR_INDEX 31 #define ARGUS_AGR_USECACTTIME 0x0010 #define ARGUS_AGR_USECIDLETIME 0x0020 #define ARGUS_AGR_MSECACTTIME 0x0040 #define ARGUS_AGR_MSECIDLETIME 0x0080 #define ARGUS_AGR_NORMALIZED 0x0100 #endif /* Argus_def_h */ argus-2.0.6.fixes.1/include/argus_filter.h0000775000076600007660000002011610016412624014074 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1990, 1991, 1992, 1993 * The Regents of the University of California. All rights reserved. * * This code is derived from the Stanford/CMU enet packet filter, * (net/enet.c) distributed as part of 4.3BSD, and code contributed * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence * Berkeley Laboratory. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)bpf.c 7.5 (Berkeley) 7/15/91 * */ #ifndef ArgusFilter_h #define ArgusFilter_h #include #include #include #include #include #ifndef __GNUC__ #define inline #endif /* * If a protocol is unknown, PROTO_UNDEF is returned. * Also, s_nametoport() returns the protocol along with the port number. * If there are ambiguous entried in /etc/services (i.e. domain * can be either tcp or udp) PROTO_UNDEF is returned. */ #define PROTO_UNDEF -1 struct pcap_etherent { unsigned char addr[6]; char name[122]; }; #ifdef ArgusFilter u_int ArgusThisFarStatus = 0; struct ArgusFarHeaderStruct *ArgusThisFarHdrs[32]; void ArgusPrintHex (const u_char *, u_int); int argus_lookupnet(char *, u_int *, u_int *, char *); char *read_infile(char *); static inline int xdtoi(int c); u_int argus_filter (struct bpf_insn *pc, u_char *); u_int argus_filter_orig (struct bpf_insn *, u_char *, int, int); static inline int skip_space(FILE *); static inline int skip_line(FILE *); static inline int skip_space(FILE *); static inline int skip_line(FILE *); struct pcap_etherent *argus_next_etherent(FILE *fp); char *argus_lookupdev(char *); int argus_lookupnet(char *, u_int *, u_int *, char *); char *argus_strerror(int); static char *Argusbpf_image(struct bpf_insn *, int); void Argusbpf_optimize(struct block **); struct bpf_insn *Argusicode_to_fcode(struct block *, int *); int stoi( char *); #ifdef NOVFPRINTF int vfprintf( FILE *, char *, va_list); #endif void ArgusDebug (int, char *, ...); void *ArgusCalloc (int, int); void ArgusFree (void *); #if defined(__STDC__) void error(const char *fmt, ...); #else void error(const char *fmt, va_dcl); #endif #if defined(_LITTLE_ENDIAN) void ArgusNtoH (struct ArgusRecord *argus); void ArgusHtoN (struct ArgusRecord *argus); #endif char *savestr(const char *); char *copy_argv( char **); char *read_infile(char *); u_int ipaddrtonetmask(u_int); u_int getnetnumber(u_int); void bpf_dump(struct bpf_program *, int); char *intoa(u_int); static SIGRET nohostname(int); char * getname(u_char *); static inline struct enamemem *lookup_emem(const u_char *); static inline struct enamemem *lookup_nsap(const u_char *); static inline struct protoidmem *lookup_protoid(const u_char *); char *etheraddr_string(unsigned char *); char *etherproto_string(unsigned short port); char *protoid_string(const u_char *); char *llcsap_string(unsigned char); char *isonsap_string(const unsigned char *); char *tcpport_string(unsigned short); char *udpport_string(unsigned short); static void init_servarray(void); static void init_eprotoarray(void); static void init_protoidarray(void); static void init_etherarray(void); static void init_llcsaparray(void); void init_addrtoname(int, u_int, u_int); u_int **argus_nametoaddr(char *); u_int argus_nametonetaddr(char *); int argus_nametoport(char *, int *, int *); int argus_nametoproto(char *); int argus_nametoeproto(char *); u_int __argus_atoin(char *, u_int *); u_int __argus_atodn(char *); unsigned char *argus_ether_aton(char *); unsigned char *argus_ether_hostton(char *); unsigned short __argus_nametodnaddr(char *); #else extern u_int ArgusThisFarStatus; extern struct ArgusFarHeaderStruct *ArgusThisFarHdrs[]; extern void ArgusPrintHex (const u_char *, u_int); extern int argus_lookupnet(char *, u_int *, u_int *, char *); extern char *read_infile(char *); extern u_int argus_filter (struct bpf_insn *pc, u_char *); extern u_int argus_filter_orig (struct bpf_insn *, u_char *, int, int); extern struct pcap_etherent *argus_next_etherent(FILE *fp); extern char *argus_lookupdev(char *); extern int argus_lookupnet(char *, u_int *, u_int *, char *); extern char *argus_strerror(int); extern void Argusbpf_optimize(struct block **); extern struct bpf_insn *Argusicode_to_fcode(struct block *, int *); extern int stoi( char *); #ifdef NOVFPRINTF extern int vfprintf( FILE *, char *, va_list); #endif #if defined(_LITTLE_ENDIAN) extern void ArgusNtoH (struct ArgusRecord *argus); extern void ArgusHtoN (struct ArgusRecord *argus); #endif extern void ArgusDebug (int, char *, ...); extern void *ArgusCalloc (int, int); extern void ArgusFree (void *); extern void error(const char*, ...); extern void warning(va_list); extern char *savestr(const char *); extern char *copy_argv( char **); extern char *read_infile(char *); extern u_int ipaddrtonetmask(u_int); extern u_int getnetnumber(u_int); extern void bpf_dump(struct bpf_program *, int); extern char *intoa(u_int); extern char * getname(u_char *); extern char *etheraddr_string(unsigned char *); extern char *etherproto_string(unsigned short); extern char *protoid_string(const u_char *); extern char *llcsap_string(unsigned char); extern char *isonsap_string(const unsigned char *); extern char *tcpport_string(unsigned short); extern char *udpport_string(unsigned short); extern void init_addrtoname(int, u_int, u_int); extern u_int **argus_nametoaddr(char *); extern u_int argus_nametonetaddr(char *); extern int argus_nametoport(char *, int *, int *); extern int argus_nametoproto(char *); extern int argus_nametoeproto(char *); extern u_int __argus_atoin(char *, u_int *); extern u_int __argus_atodn(char *); extern unsigned char *argus_ether_aton(char *); extern unsigned char *argus_ether_hostton(char *); extern unsigned short __argus_nametodnaddr(char *); #endif #endif /* ArgusFilter_h */ argus-2.0.6.fixes.1/include/argus_llc.h0000775000076600007660000000766607464544762013426 /* * Copyright (c) 1993, 1994, 1997 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * @(#) $Header: /usr/local/cvsroot/argus/include/argus_llc.h,v 1.2 2002/05/03 17:33:38 argus Exp $ (LBL) */ /* * This stuff should come from a system header file, but there's no * obviously portable way to do that and it's not really going * to change from system to system. */ /* * A somewhat abstracted view of the LLC header */ struct llc { u_char dsap; u_char ssap; union { u_char u_ctl; u_short is_ctl; struct { u_char snap_ui; u_char snap_pi[5]; } snap; struct { u_char snap_ui; u_char snap_orgcode[3]; u_char snap_ethertype[2]; } snap_ether; } ctl; }; #define llcui ctl.snap.snap_ui #define llcpi ctl.snap.snap_pi #define orgcode ctl.snap_ether.snap_orgcode #define ethertype ctl.snap_ether.snap_ethertype #define llcis ctl.is_ctl #define llcu ctl.u_ctl #define LLC_U_FMT 3 #define LLC_GSAP 1 #define LLC_S_FMT 1 #define LLC_U_POLL 0x10 #define LLC_IS_POLL 0x0001 #define LLC_XID_FI 0x81 #define LLC_U_CMD(u) ((u) & 0xef) #define LLC_UI 0x03 #define LLC_UA 0x63 #define LLC_DISC 0x43 #define LLC_DM 0x0f #define LLC_SABME 0x6f #define LLC_TEST 0xe3 #define LLC_XID 0xaf #define LLC_FRMR 0x87 #define LLC_S_CMD(is) (((is) >> 10) & 0x03) #define LLC_RR 0x0100 #define LLC_RNR 0x0500 #define LLC_REJ 0x0900 #define LLC_IS_NR(is) (((is) >> 1) & 0x7f) #define LLC_I_NS(is) (((is) >> 9) & 0x7f) #ifndef LLCSAP_NULL #define LLCSAP_NULL 0x00 #endif #ifndef LLCSAP_8021B_I #define LLCSAP_8021B_I 0x02 #endif #ifndef LLCSAP_8021B_G #define LLCSAP_8021B_G 0x03 #endif #ifndef LLCSAP_SNAPATH #define LLCSAP_SNAPATH 0x04 #endif #ifndef LLCSAP_IP #define LLCSAP_IP 0x06 #endif #ifndef LLCSAP_SNA1 #define LLCSAP_SNA1 0x08 #endif #ifndef LLCSAP_SNA2 #define LLCSAP_SNA2 0x0c #endif #ifndef LLCSAP_PROWAYNM #define LLCSAP_PROWAYNM 0x0e #endif #ifndef LLCSAP_TI #define LLCSAP_TI 0x18 #endif #ifndef LLCSAP_BPDU #define LLCSAP_BPDU 0x42 #endif #ifndef LLCSAP_RS511 #define LLCSAP_RS511 0x4e #endif #ifndef LLCSAP_ISO8208 #define LLCSAP_ISO8208 0x7e #endif #ifndef LLCSAP_XNS #define LLCSAP_XNS 0x80 #endif #ifndef LLCSAP_NESTAR #define LLCSAP_NESTAR 0x86 #endif #ifndef LLCSAP_PROWAYASLM #define LLCSAP_PROWAYASLM 0x8e #endif #ifndef LLCSAP_ARP #define LLCSAP_ARP 0x98 #endif #ifndef LLCSAP_SNAP #define LLCSAP_SNAP 0xaa #endif #ifndef LLCSAP_VINES1 #define LLCSAP_VINES1 0xba #endif #ifndef LLCSAP_VINES2 #define LLCSAP_VINES2 0xbc #endif #ifndef LLCSAP_NETWARE #define LLCSAP_NETWARE 0xe0 #endif #ifndef LLCSAP_NETBIOS #define LLCSAP_NETBIOS 0xf0 #endif #ifndef LLCSAP_IBMNM #define LLCSAP_IBMNM 0xf4 #endif #ifndef LLCSAP_RPL1 #define LLCSAP_RPL1 0xf8 #endif #ifndef LLCSAP_UB #define LLCSAP_UB 0xfa #endif #ifndef LLCSAP_RPL2 #define LLCSAP_RPL2 0xfc #endif #ifndef LLCSAP_ISONS #define LLCSAP_ISONS 0xfe #endif #ifndef LLCSAP_GLOBAL #define LLCSAP_GLOBAL 0xff #endif argus-2.0.6.fixes.1/include/argus_out.h0000775000076600007660000002166410016412624013427 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1993, 1994 Carnegie Mellon University. * All rights reserved. * * Permission to use, copy, modify, and distribute this software and * its documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and * that both that copyright notice and this permission notice appear * in supporting documentation, and that the name of CMU not be * used in advertising or publicity pertaining to distribution of the * software without specific, written prior permission. * * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. * */ #ifndef Argus_out_h #define Argus_out_h #if defined(HAVE_SOLARIS) || defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) #include #include #if !defined(_NET_IF_H_) #include #define _NET_IF_H_ #endif #endif #if !defined(__OpenBSD__) || !defined(_NETINET_IF_ETHER_H_) #include #define _NETINET_IF_ETHER_H_ #endif #include #include struct ArgusETHERObject { unsigned char ethersrc[6]; unsigned char etherdst[6]; }; struct ArgusMACFlow { struct ether_header ehdr; unsigned char dsap, ssap; }; struct ArgusESPFlow { unsigned int ip_src, ip_dst; unsigned char ip_p, tp_p; unsigned short pad; unsigned int spi; }; struct ArgusArpFlow { unsigned int arp_spa; unsigned int arp_tpa; unsigned char etheraddr[6]; unsigned short pad; }; struct ArgusRarpFlow { unsigned int arp_tpa; unsigned char srceaddr[6]; unsigned char tareaddr[6]; }; struct ArgusICMPFlow { unsigned int ip_src, ip_dst; unsigned char ip_p, tp_p; unsigned char type, code; unsigned short id, ip_id; }; struct ArgusIPFlow { unsigned int ip_src, ip_dst; unsigned char ip_p, tp_p; unsigned short sport, dport; unsigned short ip_id; }; #define ip_flow flow_union.ip #define icmp_flow flow_union.icmp #define mac_flow flow_union.mac #define arp_flow flow_union.arp #define rarp_flow flow_union.rarp #define esp_flow flow_union.esp struct ArgusTimeObject { int n; unsigned int min; unsigned int mean; unsigned int stdev; unsigned int max; }; struct ArgusTimeEntity { struct ArgusTimeObject act, idle; }; struct ArgusAHObject { unsigned int src_spi, dst_spi; unsigned int src_replay, dst_replay; }; struct ArgusARPObject { unsigned char respaddr[6]; unsigned short pad; }; struct ArgusDHCPObject { unsigned int respaddr; }; struct ArgusFragObject { unsigned char type, length; unsigned short status; int fragnum, frag_id; unsigned short ip_id, totlen, currlen, maxfraglen; }; struct ArgusICMPObject { unsigned char type, length; unsigned short status; unsigned char icmp_type, icmp_code; unsigned short iseq; unsigned int osrcaddr, odstaddr; unsigned int isrcaddr, idstaddr; unsigned int igwaddr; }; struct ArgusTCPObjectMetrics { unsigned int seqbase, ackbytes; unsigned int bytes, rpkts; unsigned short win; unsigned char flags, pad; }; struct ArgusTCPObject { unsigned char type, length; unsigned short status; unsigned int state; unsigned int options; unsigned int synAckuSecs, ackDatauSecs; struct ArgusTCPObjectMetrics src, dst; }; struct ArgusRTPObject { unsigned char type, length; unsigned short status; struct rtphdr src, dst; unsigned short sdrop, ddrop; unsigned short ssdev, dsdev; }; struct ArgusRTCPObject { unsigned char type, length; unsigned short status; struct rtcphdr src, dst; unsigned short src_pkt_drop, dst_pkt_drop; }; struct ArgusIGMPObject { unsigned char igmp_type, pad; unsigned int igmp_group; }; struct ArgusFRAGObject { int fragnum, frag_id; unsigned short status, totlen, currlen, maxfraglen; }; struct ArgusESPObject { unsigned int spi, lastseq, lostseq; }; struct ArgusESPStruct { unsigned char type, length; u_short status; struct ArgusESPObject src, dst; }; struct ArgusAGRStruct { unsigned char type, length; u_short status; unsigned int count; struct timeval laststartime, lasttime; struct ArgusTimeObject act, idle; }; struct ArgusTimeStruct { unsigned char type, length; u_short status; struct ArgusTimeEntity src, dst; }; struct ArgusMacStruct { unsigned char type, length; unsigned short status; union { struct ArgusETHERObject ether; } phys_union; }; struct ArgusVlanStruct { unsigned char type, length; unsigned short status; unsigned short sid, did; }; struct ArgusMplsStruct { unsigned char type, length; unsigned short status; unsigned int slabel; unsigned int dlabel; }; struct ArgusMarStruct { struct argtimeval startime, now; unsigned char major_version, minor_version; unsigned char interfaceType, interfaceStatus; unsigned short reportInterval, argusMrInterval; unsigned int argusid, localnet, netmask, nextMrSequenceNum; unsigned long long pktsRcvd, bytesRcvd; unsigned int pktsDrop, flows, flowsClosed; unsigned int actIPcons, cloIPcons; unsigned int actICMPcons, cloICMPcons; unsigned int actIGMPcons, cloIGMPcons; unsigned int actFRAGcons, cloFRAGcons; unsigned int actSECcons, cloSECcons; int record_len; }; struct ArgusTimeDesc { struct timeval start; struct timeval last; }; struct ArgusFlow { union { struct ArgusIPFlow ip; struct ArgusICMPFlow icmp; struct ArgusMACFlow mac; struct ArgusArpFlow arp; struct ArgusRarpFlow rarp; struct ArgusESPFlow esp; } flow_union; }; struct ArgusIPAttributes { unsigned short soptions, doptions; unsigned char sttl, dttl; unsigned char stos, dtos; }; struct ArgusARPAttributes { unsigned char response[8]; }; struct ArgusAttributes { union { struct ArgusIPAttributes ip; struct ArgusARPAttributes arp; } attr_union; }; #define attr_ip attr.attr_union.ip #define attr_arp attr.attr_union.arp struct ArgusMeter { unsigned int count, bytes, appbytes; }; struct ArgusMeterObject { unsigned char type, length; unsigned short status; struct ArgusMeter src, dst; }; struct ArgusFarHeaderStruct { unsigned char type, length; unsigned short status; }; struct ArgusFarStruct { unsigned char type, length; unsigned short status; unsigned int ArgusTransRefNum; struct ArgusTimeDesc time; struct ArgusFlow flow; struct ArgusAttributes attr; struct ArgusMeter src, dst; }; struct ArgusRecordHeader { unsigned char type, cause; unsigned short length; unsigned int status; unsigned int argusid; unsigned int seqNumber; }; struct ArgusRecord { struct ArgusRecordHeader ahdr; union { struct ArgusMarStruct mar; struct ArgusFarStruct far; } ar_union; }; struct ArgusCanonicalRecord { struct ArgusRecordHeader ahdr; struct ArgusFarStruct far; struct ArgusMacStruct mac; union { struct ArgusTCPObject tcp; struct ArgusESPStruct esp; struct ArgusICMPObject icmp; struct ArgusIGMPObject igmp; struct ArgusDHCPObject dhcp; struct ArgusRTPObject rtp; struct ArgusRTCPObject rtcp; struct ArgusARPObject arp; struct ArgusAHObject ah; struct ArgusFRAGObject frag; } acr_union; struct ArgusAGRStruct agr; struct ArgusTimeStruct time; struct ArgusVlanStruct vlan; struct ArgusMplsStruct mpls; }; #define argus_mar ar_union.mar #define argus_far ar_union.far #define acr_arp acr_union.arp #define acr_dhcp acr_union.dhcp #define acr_icmp acr_union.icmp #define acr_igmp acr_union.igmp #define acr_tcp acr_union.tcp #define acr_rtp acr_union.rtp #define acr_esp acr_union.esp #define acr_frag acr_union.frag struct ArgusUserStruct { unsigned char type, length; u_short status; char data; }; #endif /* Argus_out_h */ argus-2.0.6.fixes.1/include/argus_parse.h0000775000076600007660000014460610016412624013734 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1993, 1994 Carnegie Mellon University. * All rights reserved. * * Permission to use, copy, modify, and distribute this software and * its documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and * that both that copyright notice and this permission notice appear * in supporting documentation, and that the name of CMU not be * used in advertising or publicity pertaining to distribution of the * software without specific, written prior permission. * * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. * */ #ifndef ArgusParse_h #define ArgusParse_h #include #include #include #include #include #include #include #define MINOR_VERSION_0 0 #define MINOR_VERSION_1 1 #define MINOR_VERSION_2 2 #define MINOR_VERSION_3 3 #define MINOR_VERSION_4 4 #define MINOR_VERSION_5 5 #define MINOR_VERSION_6 6 #define MINOR_VERSION_7 7 #define MINOR_VERSION_8 8 #define MINOR_VERSION_9 9 #define MAJOR_VERSION_1 1 #define MAJOR_VERSION_2 2 #define MAJOR_VERSION_3 3 #define MAJOR_VERSION_4 4 #define MAJOR_VERSION_5 5 #define VERSION_MAJOR MAJOR_VERSION_2 #define VERSION_MINOR MINOR_VERSION_0 #ifndef MAXPATHNAMELEN #define MAXPATHNAMELEN BUFSIZ #endif #define ARGUS_DEFAULTPORT 561 #define ARGUS_MAX_SORT_ALG 32 #define ARGUS_ENCODE_ASCII 0 #define ARGUS_ENCODE_64 1 struct naddrmem { struct naddrmem *nxt; unsigned int addr; unsigned short port; }; struct ArgusInterfaceStruct { int value; char *label; char *desc; }; #define MAXSTRLEN 4096 #define MAXTIME 100000 #define READ_REMOTE_CON 0x40000000 #define READ_LOCAL_CON 0x20000000 #ifdef ArgusParse struct timeval RaClientTimeout = {1,0}; #define MAXPROCSTATE 7 char *process_state_strings [MAXPROCSTATE] = { "REQ", "ACC", "EST", "CLO", "TIM", "RST", "FIN", }; char *RaSortAlgorithmStrings[ARGUS_MAX_SORT_ALG]; int RaSortIndex = 0; int ArgusGrepSource = 0; int ArgusGrepDestination = 0; struct timeval ArgusGlobalTime; struct timeval ArgusNowTime; struct bpf_program ArgusFilterCode; struct tm *RaTmStruct = NULL; char *RaInputFilter = NULL; char *RaTimeFormat = "%d %b %y %T"; char RaFieldDelimiter = '\0'; int RaPrintStartTime = 0; int RaPrintLastTime = 0; struct naddrmem *naddrtable [HASHNAMESIZE]; char *exceptfile = NULL, *wfile = NULL; struct ARGUS_INPUT *ArgusInput = NULL; struct ARGUS_INPUT *ArgusInputFileList = NULL; struct ARGUS_INPUT *ArgusRemoteHostList = NULL; char *tag_string = "Argus Version "; int major_version = VERSION_MAJOR; int minor_version = VERSION_MINOR; int read_size = 0, detail = 0; int read_mode = 0; struct ArgusRecord *initCon = NULL; unsigned int ArgusLocalNet, ArgusNetMask; char ArgusOriginalBuffer[MAXSTRLEN]; struct ArgusRecord *ArgusOriginal = (struct ArgusRecord *) ArgusOriginalBuffer; int totalrecords = 0; int farrecords = 0; int marrecords = 0; int explicit_date = 0; time_t starTimeFilter_t = 0; time_t lastTimeFilter_t = 0; time_t lasttime_t = 0; time_t startime_t = 0; struct tm tm_lasttime; struct tm tm_startime; struct tm starTimeFilter; struct tm lastTimeFilter; char *ArgusProgramName = NULL; char *ArgusProgramOptions = NULL; char *dataarg = NULL; char *timearg = NULL; char *servicesfile = NULL; char *ArgusFlowModelFile = NULL; struct bpf_program ArgusFilterCode; char *cmdline = NULL; /* For David Brumley's amazingly long cmdlines ;o) */ int RaWriteOut = 1; long long tcp_dst_count = 0; long long tcp_src_count = 0; long long udp_dst_count = 0; long long udp_src_count = 0; long long icmp_dst_count = 0; long long icmp_src_count = 0; long long ip_dst_count = 0; long long ip_src_count = 0; long long arp_dst_count = 0; long long arp_src_count = 0; long long nonip_dst_count = 0; long long nonip_src_count = 0; long long tcp_dst_bytes = 0; long long tcp_src_bytes = 0; long long udp_dst_bytes = 0; long long udp_src_bytes = 0; long long icmp_dst_bytes = 0; long long icmp_src_bytes = 0; long long ip_dst_bytes = 0; long long ip_src_bytes = 0; long long arp_dst_bytes = 0; long long arp_src_bytes = 0; long long nonip_dst_bytes = 0; long long nonip_src_bytes = 0; int hfield = 15; int pfield = 12; int Aflag = 0; int aflag = 0; int Bflag = 0; int bflag = 0; int eflag = 0; char *estr = NULL; int Dflag = 0; int Eflag = 0; int fflag = 0; int gflag = 0; int idflag = 0; int Gflag = 0; int cflag = 0; int Cflag = 0; int Lflag = 0; int lflag = 0; int mflag = 0; char *Mflag = NULL; int nflag = 0; int Nflag = 0; int Normflag = 0; int Netflag = 0; int notNetflag = 0; int Oflag = 0; int Wflag = 0; int Fflag = 0; int Hflag = 0; int pflag = 0; int Pflag = 0; char *sflag = NULL; int dflag = 0; int Argusdflag = 0; int qflag = 0; int tflag = 0; int uflag = 0; char *ustr = NULL; char *pstr = NULL; int Uflag = 6; int vflag = 0; int Vflag = 0; int iflag = 0; int Iflag = 0; int Tflag = 0; int rflag = 0; int Rflag = 0; int Sflag = 0; int Xflag = 0; int XMLflag = 0; int zflag = 0; int Zflag = 0; long thiszone; int total_nets = 0; int total_hosts = 0; #define ARGUS_MAX_REMOTE_CONN 5 struct ARGUS_INPUT *ArgusRemoteFDs[ARGUS_MAX_REMOTE_CONN]; int ArgusActiveServers = 0; extern int ArgusAuthenticate (struct ARGUS_INPUT *); extern void ArgusClientInit (void); extern void usage (void); extern void parse_arg (void); extern void process_man (struct ArgusRecord *); extern void process_tcp (struct ArgusRecord *); extern void process_icmp (struct ArgusRecord *); extern void process_udp (struct ArgusRecord *); extern void process_ip (struct ArgusRecord *); extern void process_arp (struct ArgusRecord *); extern void process_non_ip (struct ArgusRecord *); void ArgusShutDown (int); extern void RaParseComplete (int); void argus_parse_init (struct ARGUS_INPUT *); char *argus_lookupdev(char *); void read_udp_services (char *); int ArgusHandleDatum (struct ArgusRecord *, struct bpf_program *); void ArgusReformatRecord (struct ArgusRecord *, struct ArgusRecord *); int ArgusReadConnection (struct ARGUS_INPUT *, char *); void ArgusReadStream (void); void ArgusProcessRecord (struct ArgusRecord *); void ArgusGenerateCanonicalRecord (struct ArgusRecord *, struct ArgusCanonicalRecord *); int ArgusGetServerSocket (struct ARGUS_INPUT *); int ArgusAddFileList (char *); void ArgusDeleteFileList (void); int ArgusAddHostList (char *); void ArgusDeleteHostList (void); int ArgusWriteNewLogfile (char *, struct ArgusRecord *); int check_time (struct ArgusRecord *); int parseUserDataArg (char **, char **, int); int parseTimeArg (char **, char **, int, struct tm *); int check_time_format (struct tm *tm, char *str); int parseTime (struct tm *, struct tm *, char *); #if defined(_LITTLE_ENDIAN) void ArgusNtoH (struct ArgusRecord *argus); void ArgusHtoN (struct ArgusRecord *argus); #endif #ifndef NFC_AGGREGATIONDEFINITION_H #define NFC_AGGREGATIONDEFINITION_H /* $Id: argus_parse.h,v 1.46 2004/02/23 15:00:36 argus Exp $ * $Source: /usr/local/cvsroot/argus/include/argus_parse.h,v $ *------------------------------------------------------------------ * Definition of "Key" and "Value" fields used for purpose of * aggregation * * Cisco NetFlow FlowCollector 3.0 * * September 1998, Anders Fung * * Copyright (c) 1996-1998 by Cisco Systems, Inc. * All rights reserved. *------------------------------------------------------------------ * $Log: argus_parse.h,v $ * Revision 1.46 2004/02/23 15:00:36 argus * *** empty log message *** * * Revision 1.45 2003/03/27 04:11:13 argus * Updated for copyright * * Revision 1.44 2002/05/31 12:18:24 argus * Updated * * Revision 1.43 2002/05/03 17:33:38 argus * Merged 2.0.4 into main line * * Revision 1.39.4.2.2.7 2001/10/17 14:30:30 argus * Fix for argus_filter so that it generates a canonical record before * doing the matching. * * Revision 1.39.4.2.2.6 2001/10/11 19:43:46 argus * Updated and modified for Peter's fixes * * Revision 1.39.4.2.2.5 2001/10/01 14:20:38 argus * Switch to GPL for argus-2.0.2.redux * * Revision 1.39.4.2.2.4 2001/07/10 13:58:35 argus * Mods for little endian fix for FreeBSD * * Revision 1.39.4.2.2.3 2001/06/22 14:00:14 argus * Updated * * Revision 1.39.4.2 2001/04/24 16:29:03 argus * Updated copyright notice for 2001 * * Revision 1.39.4.1 2001/04/24 12:36:49 argus * Updated * * Revision 1.40 2001/04/06 17:06:00 argus * Version Updated * * Revision 1.39 2001/03/06 23:30:41 argus * Fix for Davids incredibly long command lines. * * Revision 1.38 2001/02/03 21:39:08 argus * Mods to support -d option * * Revision 1.37 2000/12/19 16:19:41 argus * Mods to get ramon() to the same level as ra() with regard to dynamic * labels. Also FreeBSD/NetBSD port support for racount(). * * Revision 1.36 2000/12/19 05:59:03 argus * Mods to help in getting pretty output when not using -n. * * Revision 1.35 2000/12/10 20:59:13 argus * Mods to add support for RA_AUTH_PASS (pstr) * * Revision 1.34 2000/12/07 19:00:39 argus * Mods to convert from ArgusError to ArgusLog * * Revision 1.33 2000/12/07 17:51:48 argus * Move Uflag (precision option) to -p option. * * Revision 1.32 2000/11/23 01:58:29 argus * Mods to support GSSAPI authentication * * Revision 1.31 2000/11/16 15:20:34 argus * Update for SASL * * Revision 1.30 2000/11/13 21:51:38 argus * Mods to support ragrep(). * * Revision 1.29 2000/11/13 15:05:14 argus * Fixes for raxml not printing out user data in all protocol types. * * Revision 1.28 2000/10/31 19:35:01 argus * Mods to support new timestats and user data. * * Revision 1.27 2000/10/27 13:45:42 argus * Fix support for multiple remote sources. * * Revision 1.26 2000/10/27 01:48:50 argus * Fixes for multiple source data. * * Revision 1.25 2000/10/26 15:38:09 argus * Mods for qflag defintions and some constants * * Revision 1.24 2000/10/25 22:23:30 argus * Mods to try to fix the LITTLE_ENDIAN issues for Neil. * * Revision 1.23 2000/10/16 21:55:48 argus * support for various .rc's. * * Revision 1.22 2000/10/11 12:51:37 argus * Added Zflag * * Revision 1.21 2000/10/10 14:50:51 argus * Fixes to support XML printing (print_time changes) and a bunch to support * TCP fixes. * * Revision 1.20 2000/10/05 15:04:47 argus * Addition of output labels for ra data. * * Revision 1.19 2000/10/03 23:04:29 argus * Mods for more complete cisco netflow parsing and -CS support. Needs testing. * * Revision 1.18 2000/10/01 14:27:45 argus * Put the filter in a global so we can all get to it. * * Revision 1.17 2000/09/30 15:03:13 argus * Addition of netflow record definitions. * *------------------------------------------------------------------ * $Endlog$ */ /* * AGGREGATION_DEFINITION describes the "Key" and "Value" fields seen in * the datafile. The definition comprise of keywords and delimiters. * By reading the AGGREGATION_DEFINITION, one can interpret what and in what * order are the "Key" and "Value" fields being presented in the datafile. * Datafile consumers can also deduce what aggregation scheme is used * by parsing AGGREGATION_DEFINITION.. * * The order of keywords seen in the AGGREGATION_DEFINITION represents the true * order of the "Key" and "Value" fields presented in the datafile. Each * keyword is delimited by either '|' or ','. * * As part of the new changes to the datafile header, the FORMAT field * will have a value of "B". Please note that the FORMAT may change * if there is any change to any of the existing keywords, definition format, * adding new keyword, or any other header changes. * Also, the delimiter used in the datafile will be prepended at the * beginning of each header. Since AGGREGATION_DEFINITION becomes the 2nd * line of the header, the 1st line of the header will append a * new field, namely "Header", which describes the total number of * lines in the header. * * The AGGREGATION_DEFINITION keywords have the following assignemnts ... * * keyword Description * ------- ----------------------- * srcaddr Source IP Address * dstaddr Destination IP Address * src_subnet Source SubNet * dst_subnet Destination SubNet * src_mask Source SubNet Mask * dst_mask Destination SubNet Mask * src_user_subnet Source User SubNet * dst_user_subnet Destination User SubNet * src_as Source AS * dst_as Destination AS * srcport Source Port * dstport Destination Port * prot Prot field * protocol Protocol (srcport, dstport, and prot lookup) * input Input Interface * output Output Interface * tos Type of Service * nexthop Next Hop IP Address * * pkts Packets * octets Octets * flows Flow Count * starttime First Flow Stamp (UTC sec) * endtime Last Flow Stamp (UTC sec) * activetime Total Active Time (msec) */ /* Key Fields */ #define SRC_ADDR "srcaddr" #define DST_ADDR "dstaddr" #define SRC_SUBNET "src_subnet" #define DST_SUBNET "dst_subnet" #define SRC_SUBNET_MASK "src_mask" #define DST_SUBNET_MASK "dst_mask" #define SRC_USER_SUBNET "src_user_subnet" #define DST_USER_SUBNET "dst_user_subnet" #define SRC_AS "src_as" #define DST_AS "dst_as" #define SRC_PORT "srcport" #define DST_PORT "dstport" #define PROT "prot" #define PROTOCOL_KEY "protocol" #define IN_INTF "input" #define OUT_INTF "output" #define TOS_BIT "tos" #define NEXT_HOP "nexthop" /* Value Fields */ #define PACKET "pkts" #define OCTET "octets" #define FLOW_CNT "flows" #define F_FLOW_STAMP "starttime" #define L_FLOW_STAMP "endtime" #define TOT_ACTIVE_TIME "activetime" /* Delimiter */ /* Could be either "|" or "," */ #define DEL "%c" /* Aggregation Mask */ const char * const SourceNodeDef = SRC_ADDR DEL PACKET DEL OCTET DEL FLOW_CNT; const char * const DestNodeDef = DST_ADDR DEL PACKET DEL OCTET DEL FLOW_CNT; const char * const HostMatrixDef = SRC_ADDR DEL DST_ADDR DEL PACKET DEL OCTET DEL FLOW_CNT; const char * const SourcePortDef = SRC_PORT DEL PACKET DEL OCTET DEL FLOW_CNT; const char * const DestPortDef = DST_PORT DEL PACKET DEL OCTET DEL FLOW_CNT; const char * const ProtocolDef = PROTOCOL_KEY DEL PACKET DEL OCTET DEL FLOW_CNT; const char * const DetailSourceNodeDef = SRC_ADDR DEL SRC_PORT DEL DST_PORT DEL PROTOCOL_KEY DEL PACKET DEL OCTET DEL FLOW_CNT; const char * const DetailDestNodeDef = DST_ADDR DEL SRC_PORT DEL DST_PORT DEL PROTOCOL_KEY DEL PACKET DEL OCTET DEL FLOW_CNT; const char * const DetailHostMatrixDef = SRC_ADDR DEL DST_ADDR DEL SRC_PORT DEL DST_PORT DEL PROTOCOL_KEY DEL PACKET DEL OCTET DEL FLOW_CNT DEL F_FLOW_STAMP DEL L_FLOW_STAMP; const char * const DetailInterfaceDef = SRC_ADDR DEL DST_ADDR DEL IN_INTF DEL OUT_INTF DEL NEXT_HOP DEL PACKET DEL OCTET DEL FLOW_CNT; const char * const CallRecordDef = SRC_ADDR DEL DST_ADDR DEL SRC_PORT DEL DST_PORT DEL PROT DEL TOS_BIT DEL PACKET DEL OCTET DEL FLOW_CNT DEL F_FLOW_STAMP DEL L_FLOW_STAMP DEL TOT_ACTIVE_TIME; const char * const ASMatrixDef = SRC_AS DEL DST_AS DEL PACKET DEL OCTET DEL FLOW_CNT; const char * const DetailASMatrixDef = SRC_ADDR DEL DST_ADDR DEL SRC_AS DEL DST_AS DEL IN_INTF DEL OUT_INTF DEL SRC_PORT DEL DST_PORT DEL PROTOCOL_KEY DEL PACKET DEL OCTET DEL FLOW_CNT; const char * const NetMatrixDef = SRC_SUBNET DEL SRC_SUBNET_MASK DEL IN_INTF DEL DST_SUBNET DEL DST_SUBNET_MASK DEL OUT_INTF DEL PACKET DEL OCTET DEL FLOW_CNT; const char * const ASHostMatrixDef = SRC_ADDR DEL DST_ADDR DEL SRC_AS DEL DST_AS DEL PACKET DEL OCTET DEL FLOW_CNT DEL F_FLOW_STAMP DEL L_FLOW_STAMP DEL TOT_ACTIVE_TIME; const char * const HostMatrixInterfaceDef = SRC_ADDR DEL DST_ADDR DEL IN_INTF DEL OUT_INTF DEL PROTOCOL_KEY DEL PACKET DEL OCTET DEL FLOW_CNT; const char * const DetailCallRecordDef = SRC_ADDR DEL DST_ADDR DEL SRC_PORT DEL DST_PORT DEL IN_INTF DEL OUT_INTF DEL PROTOCOL_KEY DEL TOS_BIT DEL PACKET DEL OCTET DEL FLOW_CNT DEL F_FLOW_STAMP DEL L_FLOW_STAMP DEL TOT_ACTIVE_TIME; const char * const RouterASDef = SRC_AS DEL DST_AS DEL IN_INTF DEL OUT_INTF DEL PACKET DEL OCTET DEL FLOW_CNT DEL F_FLOW_STAMP DEL L_FLOW_STAMP DEL TOT_ACTIVE_TIME; const char * const RouterProtoPortDef = SRC_PORT DEL DST_PORT DEL PROT DEL PACKET DEL OCTET DEL FLOW_CNT DEL F_FLOW_STAMP DEL L_FLOW_STAMP DEL TOT_ACTIVE_TIME; const char * const RouterSrcPrefixDef = SRC_SUBNET DEL SRC_SUBNET_MASK DEL IN_INTF DEL SRC_AS DEL PACKET DEL OCTET DEL FLOW_CNT DEL F_FLOW_STAMP DEL L_FLOW_STAMP DEL TOT_ACTIVE_TIME; const char * const RouterDstPrefixDef = DST_SUBNET DEL DST_SUBNET_MASK DEL OUT_INTF DEL DST_AS DEL PACKET DEL OCTET DEL FLOW_CNT DEL F_FLOW_STAMP DEL L_FLOW_STAMP DEL TOT_ACTIVE_TIME; const char * const RouterPrefixDef = SRC_SUBNET DEL DST_SUBNET DEL SRC_SUBNET_MASK DEL DST_SUBNET_MASK DEL IN_INTF DEL OUT_INTF DEL SRC_AS DEL DST_AS DEL PACKET DEL OCTET DEL FLOW_CNT DEL F_FLOW_STAMP DEL L_FLOW_STAMP DEL TOT_ACTIVE_TIME; #endif #ifndef NFC_DATAFILE_H #define NFC_DATAFILE_H /* *------------------------------------------------------------------ * $Id: argus_parse.h,v 1.46 2004/02/23 15:00:36 argus Exp $ * $Source: /usr/local/cvsroot/argus/include/argus_parse.h,v $ *------------------------------------------------------------------ * Definition of datafile formats. * * Binary datafile : Each binary datafiles contains a header and * a list of records. * * The header contains format, aggregation, * agg_version, source, period, starttime, endtime, * activetime, flows, missed, and records. * * Each record structure contains a set of "Keys" * and a "Values" that is specific to the * aggregation scheme being used. * * Cisco NetFlow FlowCollector 3.0 * * October 1998, Anders Fung * * Copyright (c) 1998 by Cisco Systems, Inc. * All rights reserved. *------------------------------------------------------------------ * $Log: argus_parse.h,v $ * Revision 1.46 2004/02/23 15:00:36 argus * *** empty log message *** * * Revision 1.45 2003/03/27 04:11:13 argus * Updated for copyright * * Revision 1.44 2002/05/31 12:18:24 argus * Updated * * Revision 1.43 2002/05/03 17:33:38 argus * Merged 2.0.4 into main line * * Revision 1.39.4.2.2.7 2001/10/17 14:30:30 argus * Fix for argus_filter so that it generates a canonical record before * doing the matching. * * Revision 1.39.4.2.2.6 2001/10/11 19:43:46 argus * Updated and modified for Peter's fixes * * Revision 1.39.4.2.2.5 2001/10/01 14:20:38 argus * Switch to GPL for argus-2.0.2.redux * * Revision 1.39.4.2.2.4 2001/07/10 13:58:35 argus * Mods for little endian fix for FreeBSD * * Revision 1.39.4.2.2.3 2001/06/22 14:00:14 argus * Updated * * Revision 1.39.4.2 2001/04/24 16:29:03 argus * Updated copyright notice for 2001 * * Revision 1.39.4.1 2001/04/24 12:36:49 argus * Updated * * Revision 1.40 2001/04/06 17:06:00 argus * Version Updated * * Revision 1.39 2001/03/06 23:30:41 argus * Fix for Davids incredibly long command lines. * * Revision 1.38 2001/02/03 21:39:08 argus * Mods to support -d option * * Revision 1.37 2000/12/19 16:19:41 argus * Mods to get ramon() to the same level as ra() with regard to dynamic * labels. Also FreeBSD/NetBSD port support for racount(). * * Revision 1.36 2000/12/19 05:59:03 argus * Mods to help in getting pretty output when not using -n. * * Revision 1.35 2000/12/10 20:59:13 argus * Mods to add support for RA_AUTH_PASS (pstr) * * Revision 1.34 2000/12/07 19:00:39 argus * Mods to convert from ArgusError to ArgusLog * * Revision 1.33 2000/12/07 17:51:48 argus * Move Uflag (precision option) to -p option. * * Revision 1.32 2000/11/23 01:58:29 argus * Mods to support GSSAPI authentication * * Revision 1.31 2000/11/16 15:20:34 argus * Update for SASL * * Revision 1.30 2000/11/13 21:51:38 argus * Mods to support ragrep(). * * Revision 1.29 2000/11/13 15:05:14 argus * Fixes for raxml not printing out user data in all protocol types. * * Revision 1.28 2000/10/31 19:35:01 argus * Mods to support new timestats and user data. * * Revision 1.27 2000/10/27 13:45:42 argus * Fix support for multiple remote sources. * * Revision 1.26 2000/10/27 01:48:50 argus * Fixes for multiple source data. * * Revision 1.25 2000/10/26 15:38:09 argus * Mods for qflag defintions and some constants * * Revision 1.24 2000/10/25 22:23:30 argus * Mods to try to fix the _LITTLE_ENDIAN issues for Neil. * * Revision 1.23 2000/10/16 21:55:48 argus * support for various .rc's. * * Revision 1.22 2000/10/11 12:51:37 argus * Added Zflag * * Revision 1.21 2000/10/10 14:50:51 argus * Fixes to support XML printing (print_time changes) and a bunch to support * TCP fixes. * * Revision 1.20 2000/10/05 15:04:47 argus * Addition of output labels for ra data. * * Revision 1.19 2000/10/03 23:04:29 argus * Mods for more complete cisco netflow parsing and -CS support. Needs testing. * * Revision 1.18 2000/10/01 14:27:45 argus * Put the filter in a global so we can all get to it. * * Revision 1.17 2000/09/30 15:03:13 argus * Addition of netflow record definitions. * *------------------------------------------------------------------ * $Endlog$ */ #define LABEL_LEN 16 #define IP_LEN 15 #define ASCII_HEADER_LEN 511 #define BIN_FILE_SUFFIX ".bin" #ifndef __NFC__ enum Aggregation { noAgg, /* reserved */ RawFlows, /* Not supported in binary files */ SourceNode, DestNode, HostMatrix, SourcePort, DestPort, Protocol, DetailDestNode, DetailHostMatrix, DetailInterface, CallRecord, ASMatrix, NetMatrix, DetailSourceNode, DetailASMatrix, ASHostMatrix, HostMatrixInterface, DetailCallRecord, RouterAS, RouterProtoPort, RouterSrcPrefix, RouterDstPrefix, RouterPrefix }; #endif typedef struct { u_short format; /* Header format, it is 2 in this round */ char newline; /* Newline character, '\n' */ char ascii_header[ASCII_HEADER_LEN]; /* Header in ASCII */ u_char aggregation; /* Aggregation scheme used */ u_char agg_version; /* Version of the aggregation scheme used */ char source[IP_LEN]; /* Source IP/Name */ u_char period; /* Aggregation period, 0 means PARTIAL */ u_long starttime; /* Beginning of aggregation period */ u_long endtime; /* End of aggregation period */ u_long flows; /* Number of flows aggregated */ int missed; /* Number of flows missed, -1 means not avail*/ u_long records; /* Number of records in this datafile */ } BinaryHeaderF2; #define HEADER_FORMAT_2 2 typedef struct { /* Keys */ u_long srcaddr; /* Source IP */ /* Values */ u_long pkts; /* Packet count */ u_long octets; /* Byte count */ u_long flows; /* Flow count */ } BinaryRecord_SourceNode_V1; #define SOURCENODE_V1 1 typedef struct { /* Keys */ u_long dstaddr; /* Destination IP */ /* Values */ u_long pkts; /* Packet count */ u_long octets; /* Byte count */ u_long flows; /* Flow count */ } BinaryRecord_DestNode_V1; #define DESTNODE_V1 1 typedef struct { /* Keys */ u_long srcaddr; /* Source IP */ u_long dstaddr; /* Destination IP */ /* Values */ u_long pkts; /* Packet count */ u_long octets; /* Byte count */ u_long flows; /* Flow count */ } BinaryRecord_HostMatrix_V1; #define HOSTMATRIX_V1 1 typedef struct { /* Keys */ char srcport[LABEL_LEN]; /* Source Port Key */ /* Values */ u_long pkts; /* Packet count */ u_long octets; /* Byte count */ u_long flows; /* Flow count */ } BinaryRecord_SourcePort_V1; #define SOURCEPORT_V1 1 typedef struct { /* Keys */ char dstport[LABEL_LEN]; /* Destination Port Key */ /* Values */ u_long pkts; /* Packet count */ u_long octets; /* Byte count */ u_long flows; /* Flow count */ } BinaryRecord_DestPort_V1; #define DESTPORT_V1 1 typedef struct { /* Keys */ char protocol[LABEL_LEN];/* Protocol Key */ /* Values */ u_long pkts; /* Packet count */ u_long octets; /* Byte count */ u_long flows; /* Flow count */ } BinaryRecord_Protocol_V1; #define PROTOCOL_V1 1 typedef struct { /* Keys */ u_long srcaddr; /* Source IP */ char srcport[LABEL_LEN]; /* Source Port Key */ char dstport[LABEL_LEN]; /* Destination Port Key */ char protocol[LABEL_LEN];/* Protocol Key */ /* Values */ u_long pkts; /* Packet count */ u_long octets; /* Byte count */ u_long flows; /* Flow count */ } BinaryRecord_DetailSourceNode_V1; #define DETAIL_SOURCENODE_V1 1 typedef struct { /* Keys */ u_long dstaddr; /* Destination IP */ char srcport[LABEL_LEN]; /* Source Port Key */ char dstport[LABEL_LEN]; /* Destination Port Key */ char protocol[LABEL_LEN];/* Protocol Key */ /* Values */ u_long pkts; /* Packet count */ u_long octets; /* Byte count */ u_long flows; /* Flow count */ } BinaryRecord_DetailDestNode_V1; #define DETAIL_DESTNODE_V1 1 typedef struct { /* Keys */ u_long srcaddr; /* Source IP */ u_long dstaddr; /* Destination IP */ char srcport[LABEL_LEN]; /* Source Port Key */ char dstport[LABEL_LEN]; /* Destination Port Key */ char protocol[LABEL_LEN];/* Protocol Key */ /* Values */ u_long pkts; /* Packet count */ u_long octets; /* Byte count */ u_long flows; /* Flow count */ u_long starttime; /* Start time */ u_long endtime; /* End time */ } BinaryRecord_DetailHostMatrix_V1; #define DETAIL_HOSTMATRIX_V1 1 typedef struct { /* Keys */ u_long srcaddr; /* Source IP */ u_long dstaddr; /* Destination IP */ u_short input; /* Input Interface Number */ u_short output; /* Output Interface Number */ u_long nexthop; /* Next Hop IP */ /* Values */ u_long pkts; /* Packet count */ u_long octets; /* Byte count */ u_long flows; /* Flow count */ } BinaryRecord_DetailInterface_V1; #define DETAIL_INTERFACE_V1 1 typedef struct { /* Keys */ u_long srcaddr; /* Source IP */ u_long dstaddr; /* Destination IP */ u_short srcport; /* Source Port Number */ u_short dstport; /* Destination Port Number */ u_char prot; /* Protocol Number */ u_char tos; /* Type of Service */ u_short reserved; /* Data alignment */ /* Values */ u_long pkts; /* Packet count */ u_long octets; /* Byte count */ u_long flows; /* Flow count */ u_long starttime; /* Start time */ u_long endtime; /* End time */ u_long activetime; /* Total Active Time */ } BinaryRecord_CallRecord_V1; #define CALLRECORD_V1 1 typedef struct { /* Keys */ char src_as[LABEL_LEN]; /* Source AS */ char dst_as[LABEL_LEN]; /* Destination AS */ /* Values */ u_long pkts; /* Packet count */ u_long octets; /* Byte count */ u_long flows; /* Flow count */ } BinaryRecord_ASMatrix_V1; #define ASMATRIX_V1 1 typedef struct { /* Keys */ u_long srcaddr; /* Source IP */ u_long dstaddr; /* Destination IP */ char src_as[LABEL_LEN]; /* Source AS */ char dst_as[LABEL_LEN]; /* Destination AS */ u_short input; /* Input Interface Number */ u_short output; /* Output Interface Number */ char srcport[LABEL_LEN]; /* Source Port Key */ char dstport[LABEL_LEN]; /* Destination Port Key */ char protocol[LABEL_LEN];/* Protocol Key */ /* Values */ u_long pkts; /* Packet count */ u_long octets; /* Byte count */ u_long flows; /* Flow count */ } BinaryRecord_DetailASMatrix_V1; #define DETAIL_ASMATRIX_V1 1 typedef struct { /* Keys */ u_long src_subnet; /* Source SubNet */ u_short src_mask; /* Source SubNet Mask */ u_short input; /* Input Interface Number */ u_long dst_subnet; /* Destination SubNet */ u_short dst_mask; /* Destination SubNet Mask */ u_short output; /* Output Interface Number */ /* Values */ u_long pkts; /* Packet count */ u_long octets; /* Byte count */ u_long flows; /* Flow count */ } BinaryRecord_NetMatrix_V1; #define NETMATRIX_V1 1 typedef struct { /* Keys */ char src_as[LABEL_LEN]; /* Source AS */ char dst_as[LABEL_LEN]; /* Destination AS */ u_short input; /* Input Interface Number */ u_short output; /* Output Interface Number */ /* Values */ u_long pkts; /* Packet count */ u_long octets; /* Byte count */ u_long flows; /* Flow count */ u_long starttime; /* Start time */ u_long endtime; /* End time */ u_long activetime; /* Total Active Time */ } BinaryRecord_RouterAS_V1; #define ROUTERAS_V1 1 typedef struct { /* Keys */ char srcport[LABEL_LEN]; /* Source Port Key */ char dstport[LABEL_LEN]; /* Destination Port Key */ u_char prot; /* Protocol Number */ u_char pad; /* Data alignment */ u_short reserved; /* Data alignment */ /* Values */ u_long pkts; /* Packet count */ u_long octets; /* Byte count */ u_long flows; /* Flow count */ u_long starttime; /* Start time */ u_long endtime; /* End time */ u_long activetime; /* Total Active Time */ } BinaryRecord_RouterProtoPort_V1; #define ROUTERPROTOPORT_V1 1 typedef struct { /* Keys */ u_long src_subnet; /* Source SubNet */ u_short src_mask; /* Source SubNet Mask */ u_short input; /* Input Interface Number */ char src_as[LABEL_LEN]; /* Source AS */ /* Values */ u_long pkts; /* Packet count */ u_long octets; /* Byte count */ u_long flows; /* Flow count */ u_long starttime; /* Start time */ u_long endtime; /* End time */ u_long activetime; /* Total Active Time */ } BinaryRecord_RouterSrcPrefix_V1; #define ROUTERSRCPREFIX_V1 1 typedef struct { /* Keys */ u_long dst_subnet; /* Destination SubNet */ u_short dst_mask; /* Destination SubNet Mask */ u_short output; /* Output Interface Number */ char dst_as[LABEL_LEN]; /* Destination AS */ /* Values */ u_long pkts; /* Packet count */ u_long octets; /* Byte count */ u_long flows; /* Flow count */ u_long starttime; /* Start time */ u_long endtime; /* End time */ u_long activetime; /* Total Active Time */ } BinaryRecord_RouterDstPrefix_V1; #define ROUTERDSTPREFIX_V1 1 typedef struct { /* Keys */ u_long src_subnet; /* Source SubNet */ u_long dst_subnet; /* Destination SubNet */ u_short src_mask; /* Source SubNet Mask */ u_short dst_mask; /* Destination SubNet Mask */ u_short input; /* Input Interface Number */ u_short output; /* Output Interface Number */ char src_as[LABEL_LEN]; /* Source AS */ char dst_as[LABEL_LEN]; /* Destination AS */ /* Values */ u_long pkts; /* Packet count */ u_long octets; /* Byte count */ u_long flows; /* Flow count */ u_long starttime; /* Start time */ u_long endtime; /* End time */ u_long activetime; /* Total Active Time */ } BinaryRecord_RouterPrefix_V1; #define ROUTERPREFIX_V1 1 typedef struct { /* Keys */ u_long srcaddr; /* Source IP */ u_long dstaddr; /* Destination IP */ char src_as[LABEL_LEN]; /* Source AS */ char dst_as[LABEL_LEN]; /* Destination AS */ /* Values */ u_long pkts; /* Packet count */ u_long octets; /* Byte count */ u_long flows; /* Flow count */ u_long starttime; /* Start time */ u_long endtime; /* End time */ u_long activetime; /* Total Active Time */ } BinaryRecord_ASHostMatrix_V1; #define ASHOSTMATRIX_V1 1 typedef struct { /* Keys */ u_long srcaddr; /* Source IP */ u_long dstaddr; /* Destination IP */ u_short input; /* Input Interface Number */ u_short output; /* Output Interface Number */ char protocol[LABEL_LEN];/* Protocol Key */ /* Values */ u_long pkts; /* Packet count */ u_long octets; /* Byte count */ u_long flows; /* Flow count */ } BinaryRecord_HostMatrixInterface_V1; #define HOSTMATRIXINTERFACE_V1 1 typedef struct { /* Keys */ u_long srcaddr; /* Source IP */ u_long dstaddr; /* Destination IP */ char srcport[LABEL_LEN]; /* Source Port Key */ char dstport[LABEL_LEN]; /* Destination Port Key */ u_short input; /* Input Interface Number */ u_short output; /* Output Interface Number */ char protocol[LABEL_LEN];/* Protocol Key */ u_char tos; /* Type of Service */ u_char pad; /* Data alignment */ u_short reserved; /* Data alignment */ /* Values */ u_long pkts; /* Packet count */ u_long octets; /* Byte count */ u_long flows; /* Flow count */ u_long starttime; /* Start time */ u_long endtime; /* End time */ u_long activetime; /* Total Active Time */ } BinaryRecord_DetailCallRecord_V1; #define DETAILCALLRECORD_V1 1 typedef struct { BinaryHeaderF2 header; union { BinaryRecord_SourceNode_V1 * srcnode; BinaryRecord_DestNode_V1 * dstnode; BinaryRecord_HostMatrix_V1 * hostmatrix; BinaryRecord_SourcePort_V1 * srcport; BinaryRecord_DestPort_V1 * dstport; BinaryRecord_Protocol_V1 * protocol; BinaryRecord_DetailSourceNode_V1 * detailsrcnode; BinaryRecord_DetailDestNode_V1 * detaildstnode; BinaryRecord_DetailHostMatrix_V1 * detailhostmatix; BinaryRecord_DetailInterface_V1 * detailinterface; BinaryRecord_CallRecord_V1 * callrecord; BinaryRecord_ASMatrix_V1 * asmatrix; BinaryRecord_DetailASMatrix_V1 * detailasmatrix; BinaryRecord_NetMatrix_V1 * netmatrix; BinaryRecord_ASHostMatrix_V1 * ashostmatrix; BinaryRecord_HostMatrixInterface_V1 * hostmatrixinterface; BinaryRecord_DetailCallRecord_V1 * detailcallrecord; BinaryRecord_RouterAS_V1 * routeras; BinaryRecord_RouterProtoPort_V1 * routerprotoport; BinaryRecord_RouterSrcPrefix_V1 * routersrcprefix; BinaryRecord_RouterDstPrefix_V1 * routerdstprefix; BinaryRecord_RouterPrefix_V1 * routerprefix; } record; } BinaryDatafile; #define MAX_BINARY_HEADER_F2 \ (sizeof(BinaryHeaderF2)) #define MAX_BINARY_RECORD_SOURCE_NODE_SIZE \ (sizeof(BinaryRecord_SourceNode_V1)) #define MAX_BINARY_RECORD_DESTINATION_NODE_SIZE \ (sizeof(BinaryRecord_DestNode_V1)) #define MAX_BINARY_RECORD_HOST_MATRIX_SIZE \ (sizeof(BinaryRecord_HostMatrix_V1)) #define MAX_BINARY_RECORD_SOURCE_PORT_SIZE \ (sizeof(BinaryRecord_SourcePort_V1)) #define MAX_BINARY_RECORD_DESTINATION_PORT_SIZE \ (sizeof(BinaryRecord_DestPort_V1)) #define MAX_BINARY_RECORD_PROTOCOL_SIZE \ (sizeof(BinaryRecord_Protocol_V1)) #define MAX_BINARY_RECORD_DETAIL_SOURCE_NODE_SIZE \ (sizeof(BinaryRecord_DetailSourceNode_V1)) #define MAX_BINARY_RECORD_DETAIL_DESTINATION_NODE_SIZE \ (sizeof(BinaryRecord_DetailDestNode_V1)) #define MAX_BINARY_RECORD_DETAIL_HOST_MATRIX_SIZE \ (sizeof(BinaryRecord_DetailHostMatrix_V1)) #define MAX_BINARY_RECORD_DETAIL_INTERFACE_SIZE \ (sizeof(BinaryRecord_DetailInterface_V1)) #define MAX_BINARY_RECORD_CALL_RECORD_SIZE \ (sizeof(BinaryRecord_CallRecord_V1)) #define MAX_BINARY_RECORD_AS_MATRIX_SIZE \ (sizeof(BinaryRecord_ASMatrix_V1)) #define MAX_BINARY_RECORD_DETAIL_AS_MATRIX_SIZE \ (sizeof(BinaryRecord_DetailASMatrix_V1)) #define MAX_BINARY_RECORD_NET_MATRIX_SIZE \ (sizeof(BinaryRecord_NetMatrix_V1)) #define MAX_BINARY_RECORD_AS_HOST_MATRIX_SIZE \ (sizeof(BinaryRecord_ASHostMatrix_V1)) #define MAX_BINARY_RECORD_HOST_MATRIX_INTERFACE_SIZE \ (sizeof(BinaryRecord_HostMatrixInterface_V1)) #define MAX_BINARY_RECORD_DETAIL_CALL_RECORD_SIZE \ (sizeof(BinaryRecord_DetailCallRecord_V1)) #define MAX_BINARY_RECORD_ROUTER_AS_SIZE \ (sizeof(BinaryRecord_RouterAS_V1)) #define MAX_BINARY_RECORD_ROUTER_PROTO_PORT_SIZE \ (sizeof(BinaryRecord_RouterProtoPort_V1)) #define MAX_BINARY_RECORD_ROUTER_SRC_PREFIX_SIZE \ (sizeof(BinaryRecord_RouterSrcPrefix_V1)) #define MAX_BINARY_RECORD_ROUTER_DST_PREFIX_SIZE \ (sizeof(BinaryRecord_RouterDstPrefix_V1)) #define MAX_BINARY_RECORD_ROUTER_PREFIX_SIZE \ (sizeof(BinaryRecord_RouterPrefix_V1)) #endif /* __NFC_DATAFILE_H__ */ #else /* ArgusParse */ extern char *ArgusProgramName; extern char *cmdline; extern char *process_state_strings []; extern struct timeval ArgusGlobalTime; extern struct timeval ArgusNowTime; extern struct timeval RaClientTimeout; extern char *RaSortAlgorithmStrings[]; extern int RaSortIndex; extern struct tm *RaTmStruct; extern char *RaInputFilter; extern char *RaTimeFormat; extern char RaFieldDelimiter; extern int RaPrintStartTime; extern int RaPrintLastTime; extern struct naddrmem *naddrtable [HASHNAMESIZE]; extern char *exceptfile, *wfile; extern struct ARGUS_INPUT *ArgusInput; extern struct ARGUS_INPUT *ArgusInputFileList; extern struct ARGUS_INPUT *ArgusRemoteHostList; extern char *tag_string; extern int major_version; extern int minor_version; extern int read_size; extern int read_mode; extern struct ArgusRecord *initCon; extern unsigned int ArgusLocalNet, ArgusNetMask; extern struct ArgusRecord *ArgusOriginal; extern int totalrecords; extern int farrecords; extern int marrecords; extern int explicit_date; extern time_t lasttime_t; extern time_t startime_t; extern struct tm tm_lasttime; extern struct tm tm_startime; extern struct tm starTimeFilter; extern struct tm lastTimeFilter; extern char *progname; extern char *dataarg; extern char *timearg; extern char *servicesfile; extern char *ArgusFlowModelFile; extern struct bpf_program ArgusFilterCode; extern char *cmdline; /* For David Brumley's amazingly long cmdlines ;o) */ extern int RaWriteOut; extern long long tcp_dst_count; extern long long tcp_src_count; extern long long udp_dst_count; extern long long udp_src_count; extern long long icmp_dst_count; extern long long icmp_src_count; extern long long ip_dst_count; extern long long ip_src_count; extern long long arp_dst_count; extern long long arp_src_count; extern long long nonip_dst_count; extern long long nonip_src_count; extern long long tcp_dst_bytes; extern long long tcp_src_bytes; extern long long udp_dst_bytes; extern long long udp_src_bytes; extern long long icmp_dst_bytes; extern long long icmp_src_bytes; extern long long ip_dst_bytes; extern long long ip_src_bytes; extern long long arp_dst_bytes; extern long long arp_src_bytes; extern long long nonip_dst_bytes; extern long long nonip_src_bytes; extern int hfield; extern int pfield; extern int Aflag; extern int aflag; extern int Bflag; extern int bflag; extern int eflag; extern char *estr; extern int Dflag; extern int Eflag; extern int fflag; extern int gflag; extern int idflag; extern int Gflag; extern int cflag; extern int Cflag; extern int Lflag; extern int lflag; extern int mflag; extern char *Mflag; extern int nflag; extern int Nflag; extern int Normflag; extern int Netflag; extern int notNetflag; extern int Oflag; extern int Wflag; extern int Fflag; extern int Hflag; extern int pflag; extern int Pflag; extern char *sflag; extern int dflag; extern int Argusdflag; extern int qflag; extern int tflag; extern int uflag; extern char *ustr; extern char *pstr; extern int Uflag; extern int vflag; extern int Vflag; extern int iflag; extern int Iflag; extern int Tflag; extern int rflag; extern int Rflag; extern int Sflag; extern int Xflag; extern int XMLflag; extern int zflag; extern int Zflag; extern long thiszone; extern int total_nets; extern int total_hosts; extern void ArgusShutDown (int); extern void argus_parse_init (struct ARGUS_INPUT *); extern char *argus_lookupdev(char *); extern void read_udp_services (char *); extern int ArgusHandleDatum (struct ArgusRecord *, struct bpf_program *); extern void ArgusReformatRecord (struct ArgusRecord *, struct ArgusRecord *); extern int ArgusReadRemoteConnection (int, struct bpf_program *); extern int ArgusReadConnection (struct ARGUS_INPUT *, struct bpf_program *); extern void ArgusReadRemote (int, struct bpf_program *); extern int read_file (int fd, struct bpf_program *); extern void ArgusProcessRecord (struct ArgusRecord *); extern void ArgusGenerateCanonicalRecord (struct ArgusRecord *, struct ArgusCanonicalRecord *); extern int ArgusGetServerSocket (struct ARGUS_INPUT *); extern int ArgusAddFileList (char *); extern void ArgusDeleteFileList (void); extern int ArgusAddHostList (char *); extern void ArgusDeleteHostList (void); extern int ArgusWriteNewLogfile (char *, struct ArgusRecord *); extern int check_time (struct ArgusRecord *); extern int parseUserDataArg (char **, char **, int); extern int parseTimeArg (char **, char **, int, struct tm *); extern int check_time_format (struct tm *tm, char *str); extern int parseTime (struct tm *, struct tm *, char *); #if defined(_LITTLE_ENDIAN) extern void ArgusNtoH (struct ArgusRecord *argus); extern void ArgusHtoN (struct ArgusRecord *argus); #endif #endif #endif /* ArgusParse_h */ argus-2.0.6.fixes.1/include/argus_util.h0000775000076600007660000001754710016412624013602 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1993, 1994 Carnegie Mellon University. * All rights reserved. * * Permission to use, copy, modify, and distribute this software and * its documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and * that both that copyright notice and this permission notice appear * in supporting documentation, and that the name of CMU not be * used in advertising or publicity pertaining to distribution of the * software without specific, written prior permission. * * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. * */ #ifndef ArgusUtil_h #define ArgusUtil_h #if !defined(__OpenBSD__) || !defined(_NETINET_IF_SYSTEM_H_) #include #define _NETINET_IF_SYSTEM_H_ #endif #if defined(__OpenBSD__) #ifndef _NETINET_IP_H_ #include #define _NETINET_IP_H_ #endif #else #include #endif #include #include #include typedef void (*proc)(void); struct QUEUE_HEADER { struct QUEUE_HEADER *nxt; struct QUEUE_HEADER *prv; struct QUEUE *queue; struct timeval last_time, logtime; }; struct QUEUE { struct QUEUE_HEADER *start; proc timerRoutine, logRoutine; unsigned int count; }; struct HASH_TABLE_HEADER { struct HASH_TABLE_HEADER *nxt; struct HASH_TABLE_HEADER *prv; unsigned int hash; }; struct HASH_TABLE { struct HASH_TABLE_HEADER **hash_array; unsigned int size; }; struct FILE_ENTRY { struct FILE_ENTRY *nxt; char *str; }; #define Version1 1 #define Version5 5 #define Version6 6 #define Version7 7 #define Version8 8 typedef struct ArgusRecord * (*ArgusNetFlowHandler)(u_char **); struct ArgusRecord *ArgusNetFlowCallRecord (u_char **); struct ArgusRecord *ArgusNetFlowDetailInt (u_char **); struct ArgusRecord *ArgusParseCiscoRecord (u_char **); #ifdef ARGUS_SASL #include #endif #define ARGUS_DATA_SOURCE 0x01 #define ARGUS_CISCO_DATA_SOURCE 0x10 struct ARGUS_INPUT { struct ARGUS_INPUT *nxt; arg_uint32 addr; char *hostname; char *filename; FILE *pipe, *in, *out; int fd, major_version, minor_version; unsigned int status; unsigned short portnum; unsigned int ArgusLocalNet, ArgusNetMask; unsigned char *ArgusReadBuffer, *ArgusConvBuffer; unsigned char *ArgusReadPtr, *ArgusConvPtr, *ArgusReadBlockPtr; int ArgusReadSocketCnt, ArgusReadSocketSize; int ArgusReadSocketState, ArgusReadCiscoVersion; int ArgusReadSocketNum, ArgusReadSize; ArgusNetFlowHandler ArgusCiscoNetFlowParse; #ifdef ARGUS_SASL sasl_conn_t *sasl_conn; int ArgusSaslBufCnt; unsigned char *ArgusSaslBuffer; #endif struct ArgusRecord ArgusInitCon, ArgusManStart; }; #define TSEQ_HASHSIZE 9029 #define HASHNAMESIZE 4096 #define ipaddr_string(p) getname((u_char *)(p)) #ifdef ArgusUtil #define IPPROTOSTR 134 char *ip_proto_string [IPPROTOSTR] = {"ip", "icmp", "igmp", "ggp", "ipnip", "st", "tcp", "ucl", "egp", "igp", "bbn-rcc-mon", "nvp-ii", "pup", "argus", "emcon", "xnet", "chaos", "udp", "mux", "dcn-meas", "hmp", "prm", "xns-idp", "trunk-1", "trunk-2", "leaf-1", "leaf-2", "rdp", "irtp", "iso-tp4", "netblt", "mfe-nsp", "merit-inp", "sep", "3pc", "idpr", "xtp", "ddp", "idpr-cmtp", "tp++", "il", "ipv6", "sdrp", "ipv6-route", "ipv6-frag", "idrp", "rsvp", "gre", "mhrp", "bna", "esp", "ah", "i-nlsp", "swipe", "narp", "mobile", "tlsp", "skip", "ipv6-icmp", "ipv6-no", "ipv6-opts", "any", "cftp", "any", "sat-expak", "kryptolan", "rvd", "ippc", "any", "sat-mon", "visa", "ipcv", "cpnx", "cphb", "wsn", "pvp", "br-sat-mon", "sun-nd", "wb-mon", "wb-expak", "iso-ip", "vmtp", "secure-vmtp", "vines", "ttp", "nsfnet-igp", "dgp", "tcf", "igrp", "ospfigp", "sprite-rpc", "larp", "mtp", "ax.25", "ipip", "micp", "aes-sp3-d", "etherip", "encap", "pri-enc", "gmtp", "ifmp", "pnni", "pim", "aris", "scps", "qnx", "a/n", "ipcomp", "snp", "compaq-peer", "ipx-n-ip", "vrrp", "pgm", "zero", "l2tp", "ddx", "iatp", "stp", "srp", "uti", "smp", "ptp", "isis", "fire", "crtp", "crudp", "sccopmce", "iplt", "sps", "pipe", "sctp", "fc", }; #if !defined(__OpenBSD__) || !defined(_NETINET_IP_ICMP_H_) #include #define _NETINET_IP_ICMP_H_ #endif char *icmptypestr[ICMP_MAXTYPE + 1] = { "ECR", " ", " ", "UR", "SRC", "RED", " ", " ", "ECO", "RTA", "RTS", "TXD", "PAR", "TST", "TSR", "IRQ", "IRR", "MAS", "MSR", }; int ArgusSrcUserDataLen = 0; int ArgusDstUserDataLen = 0; void ArgusAdjustGlobalTime (struct timeval *); u_int ArgusIndexNetworkRecord (struct ArgusRecord *, struct ArgusFarHeaderStruct **); u_int ArgusIndexRecord (struct ArgusRecord *, struct ArgusFarHeaderStruct **); int ArgusConvertInitialWriteStruct (struct WriteStruct *, struct ArgusRecord *); int ArgusConvertWriteStruct (struct WriteStruct *, struct ArgusRecord *); char *print_time(struct timeval *); void print_date(struct ArgusRecord *, char *); char *get_man_string (struct ArgusRecord *ptr); char *get_tcp_string (struct ArgusRecord *ptr); char *get_icmp_string (struct ArgusRecord *ptr); char *get_udp_string (struct ArgusRecord *ptr); char *get_ip_string (struct ArgusRecord *ptr); char *get_arp_string (struct ArgusRecord *ptr); char *get_nonip_string (struct ArgusRecord *ptr); char *RaGetUserDataString (struct ArgusRecord *); int ArgusEncode (const char *, int, char *, int); int ArgusEncode64 (const char *, int, char *, int); int ArgusEncodeAscii (const char *, int, char *, int); extern unsigned int thisnet, localaddr, localnet, netmask; #else extern int ArgusSrcUserDataLen; extern int ArgusDstUserDataLen; extern void ArgusAdjustGlobalTime (struct timeval *); extern u_int ArgusIndexNetworkRecord (struct ArgusRecord *, struct ArgusFarHeaderStruct **); extern u_int ArgusIndexRecord (struct ArgusRecord *, struct ArgusFarHeaderStruct **); extern int ArgusConvertInitialWriteStruct (struct WriteStruct *, struct ArgusRecord *); extern int ArgusConvertWriteStruct (struct WriteStruct *, struct ArgusRecord *); extern char *print_time(struct timeval *); extern void print_date(struct ArgusRecord *, char *); extern char *get_man_string (struct ArgusRecord *ptr); extern char *get_tcp_string (struct ArgusRecord *ptr); extern char *get_icmp_string (struct ArgusRecord *ptr); extern char *get_udp_string (struct ArgusRecord *ptr); extern char *get_ip_string (struct ArgusRecord *ptr); extern char *get_arp_string (struct ArgusRecord *ptr); extern char *get_nonip_string (struct ArgusRecord *ptr); extern char *RaGetUserDataString (struct ArgusRecord *); extern int ArgusEncode (const char *, int, char *, int); extern int ArgusEncode64 (const char *, int, char *, int); extern int ArgusEncodeAscii (const char *, int, char *, int); #endif #endif /* ArgusUtil_h */ argus-2.0.6.fixes.1/include/bootp.h0000775000076600007660000000720407171625753012555 /* @(#) $Header: /usr/local/cvsroot/argus/include/bootp.h,v 1.2 2000/10/13 15:36:11 argus Exp $ (LBL) */ /* * Bootstrap Protocol (BOOTP). RFC951 and RFC1048. * * This file specifies the "implementation-independent" BOOTP protocol * information which is common to both client and server. * * Copyright 1988 by Carnegie Mellon. * * Permission to use, copy, modify, and distribute this program for any * purpose and without fee is hereby granted, provided that this copyright * and permission notice appear on all copies and supporting documentation, * the name of Carnegie Mellon not be used in advertising or publicity * pertaining to distribution of the program without specific prior * permission, and notice be given in supporting documentation that copying * and distribution is by permission of Carnegie Mellon and Stanford * University. Carnegie Mellon makes no representations about the * suitability of this software for any purpose. It is provided "as is" * without express or implied warranty. */ struct bootp { unsigned char bp_op; /* packet opcode type */ unsigned char bp_htype; /* hardware addr type */ unsigned char bp_hlen; /* hardware addr length */ unsigned char bp_hops; /* gateway hops */ unsigned int bp_xid; /* transaction ID */ unsigned short bp_secs; /* seconds since boot began */ unsigned short bp_unused; struct in_addr bp_ciaddr; /* client IP address */ struct in_addr bp_yiaddr; /* 'your' IP address */ struct in_addr bp_siaddr; /* server IP address */ struct in_addr bp_giaddr; /* gateway IP address */ unsigned char bp_chaddr[16]; /* client hardware address */ unsigned char bp_sname[64]; /* server host name */ unsigned char bp_file[128]; /* boot file name */ unsigned char bp_vend[64]; /* vendor-specific area */ }; /* * UDP port numbers, server and client. */ #define IPPORT_BOOTPS 67 #define IPPORT_BOOTPC 68 #define BOOTREPLY 2 #define BOOTREQUEST 1 /* * Vendor magic cookie (v_magic) for CMU */ #define VM_CMU "CMU" /* * Vendor magic cookie (v_magic) for RFC1048 */ #define VM_RFC1048 { 99, 130, 83, 99 } /* * RFC1048 tag values used to specify what information is being supplied in * the vendor field of the packet. */ #define TAG_PAD ((unsigned char) 0) #define TAG_SUBNET_MASK ((unsigned char) 1) #define TAG_TIME_OFFSET ((unsigned char) 2) #define TAG_GATEWAY ((unsigned char) 3) #define TAG_TIME_SERVER ((unsigned char) 4) #define TAG_NAME_SERVER ((unsigned char) 5) #define TAG_DOMAIN_SERVER ((unsigned char) 6) #define TAG_LOG_SERVER ((unsigned char) 7) #define TAG_COOKIE_SERVER ((unsigned char) 8) #define TAG_LPR_SERVER ((unsigned char) 9) #define TAG_IMPRESS_SERVER ((unsigned char) 10) #define TAG_RLP_SERVER ((unsigned char) 11) #define TAG_HOSTNAME ((unsigned char) 12) #define TAG_BOOTSIZE ((unsigned char) 13) #define TAG_END ((unsigned char) 255) /* RFC1497 tags */ #define TAG_DUMPPATH ((unsigned char) 14) #define TAG_DOMAINNAME ((unsigned char) 15) #define TAG_SWAP_SERVER ((unsigned char) 16) #define TAG_ROOTPATH ((unsigned char) 17) #define TAG_EXTPATH ((unsigned char) 18) /* * "vendor" data permitted for CMU bootp clients. */ struct cmu_vend { unsigned char v_magic[4]; /* magic number */ unsigned int v_flags; /* flags/opcodes, etc. */ struct in_addr v_smask; /* Subnet mask */ struct in_addr v_dgate; /* Default gateway */ struct in_addr v_dns1, v_dns2; /* Domain name servers */ struct in_addr v_ins1, v_ins2; /* IEN-116 name servers */ struct in_addr v_ts1, v_ts2; /* Time servers */ unsigned char v_unused[24]; /* currently unused */ }; /* v_flags values */ #define VF_SMASK 1 /* Subnet mask field contains valid data */ argus-2.0.6.fixes.1/include/compat.h0000775000076600007660000001514410016412624012676 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1993, 1994 Carnegie Mellon University. * All rights reserved. * * Permission to use, copy, modify, and distribute this software and * its documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and * that both that copyright notice and this permission notice appear * in supporting documentation, and that the name of CMU not be * used in advertising or publicity pertaining to distribution of the * software without specific, written prior permission. * * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. * */ #ifndef Argus_compat_h #define Argus_compat_h #define argtimeval timeval #if defined(HAVE_SOLARIS) #include #include typedef unsigned char u_int8_t; typedef unsigned short int u_int16_t; typedef unsigned int u_int32_t; #endif #if defined(linux) #include #define __FAVOR_BSD #endif #if defined(__APPLE_CC__) || defined(__APPLE__) #define __OpenBSD__ #endif #if defined(CYGWIN) #define _LITTLE_ENDIAN #else #if defined(__FreeBSD__) #if defined(BYTE_ORDER) #define __BYTE_ORDER BYTE_ORDER #endif #if defined(LITTLE_ENDIAN) #define __LITTLE_ENDIAN LITTLE_ENDIAN #endif #if defined(BIG_ENDIAN) #define __BIG_ENDIAN BIG_ENDIAN #endif #endif #if !defined(_LITTLE_ENDIAN) && !defined(_BIG_ENDIAN) #if __BYTE_ORDER == __LITTLE_ENDIAN #define _LITTLE_ENDIAN #else #define _BIG_ENDIAN #endif #endif #endif #if defined(__sgi) || defined(HAVE_SOLARIS) || defined(ultrix) || defined(__osf__) || defined(linux) || defined(bsdi) || defined(AIX) || defined(CYGWIN) || defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) #define timelocal mktime #include #if defined(__sgi) #include #include #if _MIPS_SZLONG == 64 #undef argtimeval #define argtimeval irix5_timeval #endif #undef TCPSTATES #endif #if defined(linux) #include #endif #if defined(__sgi) || defined(bsdi) struct ether_addr { u_char ether_addr_octet[6]; }; #endif #if defined(AIX) #define _SUN #include #include #endif #endif #define arg_uint8 u_char #define arg_int8 char #define arg_uint16 u_short #define arg_int16 short #if HOST_BITS_PER_INT == 32 #define arg_uint32 u_int #define arg_int32 int #else #define arg_uint32 u_long #define arg_int32 long #endif #ifndef ICMP_ROUTERADVERT #define ICMP_ROUTERADVERT 9 /* router advertisement */ #endif #ifndef ICMP_ROUTERSOLICIT #define ICMP_ROUTERSOLICIT 10 /* router solicitation */ #endif #ifndef TCPOPT_WSCALE #define TCPOPT_WSCALE 3 /* window scale factor (rfc1072) */ #endif #ifndef TCPOPT_SACKOK #define TCPOPT_SACKOK 4 /* selective ack ok (rfc1072) */ #endif #ifndef TCPOPT_SACK #define TCPOPT_SACK 5 /* selective ack (rfc1072) */ #endif #ifndef TCPOPT_ECHO #define TCPOPT_ECHO 6 /* echo (rfc1072) */ #endif #ifndef TCPOPT_ECHOREPLY #define TCPOPT_ECHOREPLY 7 /* echo (rfc1072) */ #endif #ifndef TCPOPT_TIMESTAMP #define TCPOPT_TIMESTAMP 8 /* timestamps (rfc1323) */ #endif #ifndef TCPOPT_CC #define TCPOPT_CC 11 /* T/TCP CC options (rfc1644) */ #endif #ifndef TCPOPT_CCNEW #define TCPOPT_CCNEW 12 /* T/TCP CC options (rfc1644) */ #endif #ifndef TCPOPT_CCECHO #define TCPOPT_CCECHO 13 /* T/TCP CC options (rfc1644) */ #endif /* Types missing from some systems */ #if !defined(__NetBSD__) && !defined(__OpenBSD__) && !defined(__FreeBSD__) #ifndef ETHERTYPE_SPRITE #define ETHERTYPE_SPRITE 0x0500 #endif #ifndef ETHERTYPE_NS #define ETHERTYPE_NS 0x0600 #endif #ifndef ETHERTYPE_IP #define ETHERTYPE_IP 0x0800 #endif #ifndef ETHERTYPE_X25L3 #define ETHERTYPE_X25L3 0x0805 #endif #ifndef ETHERTYPE_ARP #define ETHERTYPE_ARP 0x0806 #endif #ifndef ETHERTYPE_VINES #define ETHERTYPE_VINES 0x0bad #endif #ifndef ETHERTYPE_TRAIL #define ETHERTYPE_TRAIL 0x1000 #endif #ifndef ETHERTYPE_TRAIN #define ETHERTYPE_TRAIN 0x1984 #endif #ifndef ETHERTYPE_3C_NBP_DGRAM #define ETHERTYPE_3C_NBP_DGRAM 0x3c07 #endif #ifndef ETHERTYPE_DEC #define ETHERTYPE_DEC 0x6000 #endif #ifndef ETHERTYPE_MOPDL #define ETHERTYPE_MOPDL 0x6001 #endif #ifndef ETHERTYPE_MOPRC #define ETHERTYPE_MOPRC 0x6002 #endif #ifndef ETHERTYPE_DN #define ETHERTYPE_DN 0x6003 #endif #ifndef ETHERTYPE_LAT #define ETHERTYPE_LAT 0x6004 #endif #ifndef ETHERTYPE_DEC_DIAG #define ETHERTYPE_DEC_DIAG 0x6005 #endif #ifndef ETHERTYPE_DEC_CUST #define ETHERTYPE_DEC_CUST 0x6006 #endif #ifndef ETHERTYPE_SCA #define ETHERTYPE_SCA 0x6007 #endif #ifndef ETHERTYPE_REVARP #define ETHERTYPE_REVARP 0x8035 #endif #ifndef ETHERTYPE_LANBRIDGE #define ETHERTYPE_LANBRIDGE 0x8038 #endif #ifndef ETHERTYPE_DECDNS #define ETHERTYPE_DECDNS 0x803c #endif #ifndef ETHERTYPE_DECDTS #define ETHERTYPE_DECDTS 0x803e #endif #ifndef ETHERTYPE_VEXP #define ETHERTYPE_VEXP 0x805b #endif #ifndef ETHERTYPE_VPROD #define ETHERTYPE_VPROD 0x805c #endif #ifndef ETHERTYPE_ATALK #define ETHERTYPE_ATALK 0x809b #endif #ifndef ETHERTYPE_AARP #define ETHERTYPE_AARP 0x80f3 #endif #ifndef ETHERTYPE_8021Q #define ETHERTYPE_8021Q 0x8100 #endif #ifndef ETHERTYPE_IPX #define ETHERTYPE_IPX 0x8137 #endif #ifndef ETHERTYPE_SNMP #define ETHERTYPE_SNMP 0x814c #endif #ifndef ETHERTYPE_IPV6 #define ETHERTYPE_IPV6 0x86dd #endif #ifndef ETHERTYPE_LOOPBACK #define ETHERTYPE_LOOPBACK 0x9000 #endif #endif #ifndef ETHERTYPE_MPLS #define ETHERTYPE_MPLS 0x8847 #endif #ifndef ETHERTYPE_MPLS_MULTI #define ETHERTYPE_MPLS_MULTI 0x8848 #endif #ifndef ETHERTYPE_PPPOED #define ETHERTYPE_PPPOED 0x8863 #endif #ifndef ETHERTYPE_PPPOES #define ETHERTYPE_PPPOES 0x8864 #endif #endif argus-2.0.6.fixes.1/include/cons_def.h0000775000076600007660000001047610016412624013176 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1993, 1994 Carnegie Mellon University. * All rights reserved. * * Permission to use, copy, modify, and distribute this software and * its documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and * that both that copyright notice and this permission notice appear * in supporting documentation, and that the name of CMU not be * used in advertising or publicity pertaining to distribution of the * software without specific, written prior permission. * * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. * */ /* 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0| Protocol | L | IP Opt | Exp | State | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |1| Operation | Data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Argus Status Field Format Note that one tick mark represents one bit position. */ /* Argus Operation */ #define ARGUSCONTROL 0x80000000 #define INIT 0x01000000 #define STATUS 0x02000000 #define CLOSE 0x04000000 /* Protocol Specification */ #define PROTOCONTROL 0x00000000 #define IPPROTO 0x01000000 #define UDPPROTO 0x02000000 #define ICMPPROTO 0x04000000 #define TCPPROTO 0x08000000 #define EPPROTO 0x10000000 #define ARPPROTO 0x20000000 #define PROTOMASK 0x7F000000 /* Link Dependant Bits (L) */ #define FRAGMENTS 0x400000 #define MULTIADDR 0x800000 /* IP Option Status Bits */ #define TIMESTAMP 0x010000 #define SECURITY 0x020000 #define LSRCROUTE 0x040000 #define RECORDROUTE 0x080000 #define SSRCROUTE 0x100000 #define SATNETID 0x200000 #define IPOPTIONMASK 0x3F0000 /* Report Status Bits (Exp) */ #define REVERSE 0x1000 #define MODIFIED 0x2000 #define LOGGED 0x4000 #define DETAIL 0x8000 /* IP, TCP and UDP State Constants and Reporting Values */ #define IP_INIT 0x0001 #define UDP_INIT 0x0001 #define SAW_SYN 0x0001 #define SAW_SYN_SENT 0x0002 #define CON_ESTABLISHED 0x0004 #define CLOSE_WAITING 0x0008 #define PKTS_RETRANS 0x0410 /* SRC_PKTS_RETRANS | DST_PK*/ #define SRC_PKTS_RETRANS 0x0010 #define WINDOW_SHUT 0x0060 /* SRC_WINDOW_SHUT | DST_WIN*/ #define SRC_WINDOW_SHUT 0x0020 #define DST_WINDOW_SHUT 0x0040 #define NORMAL_CLOSE 0x0080 #define RESET 0x0900 /* SRC_RESET | DST_RESET */ #define SRC_RESET 0x0100 #define TIMED_OUT 0x0200 #define DST_PKTS_RETRANS 0x0400 #define DST_RESET 0x0800 /* Fragment State Constants and Reporting Values */ #define FRAG_INIT 0x0001 #define FRAG_OUT_OF_ORDER 0x0002 #define TCP_FRAG_OFFSET_PROBLEM 0x0008 #define FRAG_ONLY 0x0010 argus-2.0.6.fixes.1/include/cons_out.h0000775000076600007660000001205110016412624013236 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1993, 1994 Carnegie Mellon University. * All rights reserved. * * Permission to use, copy, modify, and distribute this software and * its documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and * that both that copyright notice and this permission notice appear * in supporting documentation, and that the name of CMU not be * used in advertising or publicity pertaining to distribution of the * software without specific, written prior permission. * * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. * */ #if !defined(__OpenBSD__) || !defined(_NET_IF_H_) #include #define _NET_IF_H_ #endif #include #if !defined(__OpenBSD__) || !defined(_NETINET_IF_ETHER_H_) #include #define _NETINET_IP_ETHER_H_ #endif struct THA_OBJECT { arg_int32 size; unsigned char *buffer; }; struct tha { struct in_addr src; struct in_addr dst; arg_uint16 sport; arg_uint16 dport; }; struct icmptha { struct in_addr src; struct in_addr dst; arg_uint32 port; arg_uint32 addr; }; struct writeStruct { arg_uint32 status; struct argtimeval startime, lasttime; struct ether_addr ethersrc; struct ether_addr etherdst; struct tha addr; arg_int32 src_count, dst_count; arg_int32 src_bytes, dst_bytes; }; struct inittcpWriteStruct { arg_int32 src_count, dst_count; arg_uint32 addr, seq; }; struct tcpWriteStruct { arg_int32 src_count, dst_count; arg_int32 src_bytes, dst_bytes; }; struct udpWriteStruct { arg_int32 src_count, dst_count; arg_int32 src_bytes, dst_bytes; }; struct icmpWriteStruct { arg_uint8 type, code; arg_uint16 data; struct in_addr srcaddr, dstaddr, gwaddr; }; struct fragWriteStruct { int fragnum, frag_id; unsigned short status, totlen, currlen, maxfraglen; }; struct physWriteStruct { struct ether_addr ethersrc; struct ether_addr etherdst; }; struct arpWriteStruct { struct argtimeval time; struct physWriteStruct phys; struct ether_arp arp; }; struct ipWriteStruct { struct argtimeval startime, lasttime; struct physWriteStruct ws_phys; struct in_addr src; struct in_addr dst; arg_uint16 sport; arg_uint16 dport; union { struct inittcpWriteStruct inittcp; struct tcpWriteStruct tcp; struct udpWriteStruct udp; struct icmpWriteStruct icmp; struct fragWriteStruct frag; } ipws_trans_union; }; struct manInitStruct { struct argtimeval startime, now; arg_int8 initString[20]; arg_uint32 localnet, netmask; arg_uint16 reportInterval, dflagInterval; arg_uint8 interfaceType, interfaceStatus; }; struct manStatStruct { struct argtimeval startime, now; arg_uint16 reportInterval, dflagInterval; arg_uint8 interfaceType, interfaceStatus; arg_uint32 pktsRcvd, bytesRcvd, pktsDrop; arg_uint16 actTCPcons, cloTCPcons; arg_uint16 actUDPcons, cloUDPcons; arg_uint16 actIPcons, cloIPcons; arg_uint16 actICMPcons, cloICMPcons; arg_uint16 actFRAGcons, cloFRAGcons; }; struct WriteStruct { arg_uint32 status; union { struct ipWriteStruct ip; struct arpWriteStruct arp; struct manInitStruct man_init; struct manStatStruct man_stat; } ws_trans_union; }; #define ws_ip ws_trans_union.ip #define ws_arp ws_trans_union.arp #define ws_init ws_trans_union.man_init #define ws_stat ws_trans_union.man_stat #define ws_ip_phys ws_trans_union.ip.ws_phys #define ws_ip_src ws_trans_union.ip.src #define ws_ip_dst ws_trans_union.ip.dst #define ws_ip_port ws_trans_union.ip.port #define ws_ip_inittcp ws_trans_union.ip.ipws_trans_union.inittcp #define ws_ip_tcp ws_trans_union.ip.ipws_trans_union.tcp #define ws_ip_udp ws_trans_union.ip.ipws_trans_union.udp #define ws_ip_icmp ws_trans_union.ip.ipws_trans_union.icmp #define ws_ip_frag ws_trans_union.ip.ipws_trans_union.frag argus-2.0.6.fixes.1/include/ethernames.h0000775000076600007660000002401510016412624013543 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* prepared from IANA Ether Types definitions Wed Aug 16 11:45:21 EDT 2000 */ #ifndef Ethernames_h #define Ethernames_h struct ArgusEtherTypeStruct { char *range, *tag, *description; }; #ifdef ArgusAddrtoName struct ArgusEtherTypeStruct argus_ethertype_names [] = { /* { "0000-1500", "802.3", "IEEE802.3 Length Field" }, */ /* Argus Pseudo Ethertypes */ { "0", "llc", "Argus Pseudo LLC Ethertype"}, { "100", "ipx", "Argus Pseudo Ethertype"}, { "129", "clns", "Spanning Tree Protocol" }, { "130", "esis", "Spanning Tree Protocol" }, { "131", "isis", "Spanning Tree Protocol" }, { "132", "nullns", "Spanning Tree Protocol" }, { "0257", "exp", "Experimental" }, { "0258", "drip", "Cisco SNAP ethertype for DRiP" }, { "0259-511", "exp", "Experimental" }, { "0512", "pup", "XEROX PUP (see 0A00)" }, { "0513", "pupat", "PUP Addr Trans (see 0A01)" }, { "1024", "nix", "Nixdorf" }, { "1536", "idp", "XEROX NS IDP" }, { "1632", "dlog", "DLOG" }, { "1633", "dlog", "DLOG" }, { "2048", "ip", "Internet IP (IPv4)" }, { "2049", "x75", "X.75 Internet" }, { "2050", "nbs", "NBS Internet" }, { "2051", "ecma", "ECMA Internet" }, { "2052", "chaos", "Chaosnet" }, { "2053", "x25", "X.25 Level 3" }, { "2054", "arp", "ARP" }, { "2055", "xnscp", "XNS Compatability" }, { "2056", "frarp", "Frame Relay ARP" }, { "2076", "symbl", "Symbolics Private" }, { "2184-2186", "xyplx", "Xyplex" }, { "2304", "ubdeb", "Ungermann-Bass net debugr" }, { "2560", "pup.3", "Xerox IEEE802.3 PUP" }, { "2561", "pupat", "PUP Addr Trans" }, { "2989", "vines", "Banyan VINES" }, { "2990", "vinlb", "VINES Loopback" }, { "2991", "vinec", "VINES Echo" }, { "4096", "brktn", "Berkeley Trailer nego" }, { "4097-4111", "brkte", "Berkeley Trailer encap/IP" }, { "5632", "valid", "Valid Systems" }, { "8192", "cdp", "Cisco Discovery Protocol" }, { "8193", "cgmp", "Cisco Group Management Protocol" }, { "8195", "vtp", "Cisco VLAN Trunk Protocol" }, { "16962", "pcs", "PCS Basic Block Protocol" }, { "21000", "bbn", "BBN Simnet" }, { "24576", "decun", "DEC Unassigned (Exp.)" }, { "24577", "decdl", "DEC MOP Dump/Load" }, { "24578", "decrc", "DEC MOP Remote Console" }, { "24579", "decro", "DEC DECNET Phase IV Route" }, { "24580", "lat", "DEC LAT" }, { "24581", "decdp", "DEC Diagnostic Protocol" }, { "24582", "deccp", "DEC Customer Protocol" }, { "24583", "lavc", "DEC LAVC, SCA" }, { "24584-24585", "decun", "DEC Unassigned" }, { "24586-24596", "3com", "3Com Corporation" }, { "25944", "trans", "Trans Ether Bridging" }, { "25945", "rawfr", "Raw Frame Relay" }, { "28672", "dbdwn", "Ungermann-Bass download" }, { "28674", "ubdia", "Ungermann-Bass dia/loop" }, { "28704-28713", "lrt", "LRT" }, { "28720", "prote", "Proteon" }, { "28724", "cable", "Cabletron" }, { "32771", "cronv", "Cronus VLN" }, { "32772", "crond", "Cronus Direct" }, { "32773", "hppro", "HP Probe" }, { "32774", "nesta", "Nestar" }, { "32776", "att", "AT&T" }, { "32784", "excel", "Excelan" }, { "32787", "sgid", "SGI diagnostics" }, { "32788", "sging", "SGI network games" }, { "32789", "sgres", "SGI reserved" }, { "32790", "sgibs", "SGI bounce server" }, { "32793", "apld", "Apollo Domain" }, { "32815", "tym", "Tymshare" }, { "32816", "tigan", "Tigan, Inc." }, { "32821", "rarp", "Reverse ARP" }, { "32822", "aeon", "Aeonic Systems" }, { "32824", "declb", "DEC LANBridge" }, { "32825-32828", "decun", "DEC Unassigned" }, { "32829", "decee", "DEC Ethernet Encryption" }, { "32830", "decun", "DEC Unassigned" }, { "32831", "dectm", "DEC LAN Traffic Monitor" }, { "32832-32834", "decun", "DEC Unassigned" }, { "32836", "plan", "Planning Research Corp." }, { "32838", "att", "AT&T" }, { "32839", "att", "AT&T" }, { "32841", "expd", "ExperData" }, { "32859", "Vexp", "Stanford V Kernel exp." }, { "32860", "Vprod", "Stanford V Kernel prod." }, { "32861", "es", "Evans & Sutherland" }, { "32864", "ltlm", "Little Machines" }, { "32866", "count", "Counterpoint Computers" }, { "32869", "um", "Univ. of Mass. @ Amherst" }, { "32870", "um", "Univ. of Mass. @ Amherst" }, { "32871", "veeco", "Veeco Integrated Auto." }, { "32872", "gd", "General Dynamics" }, { "32873", "att", "AT&T" }, { "32874", "autop", "Autophon" }, { "32876", "comd", "ComDesign" }, { "32877", "comgr", "Computgraphic Corp." }, { "32878-32887", "land", "Landmark Graphics Corp." }, { "32890", "matra", "Matra" }, { "32891", "dansk", "Dansk Data Elektronik" }, { "32892", "merit", "Merit Internodal" }, { "32893-32895", "vtlnk", "Vitalink Communications" }, { "32896", "vtlnk", "Vitalink TransLAN III" }, { "32897-32899", "count", "Counterpoint Computers" }, { "32923", "apltk", "Appletalk" }, { "32924-32926", "data", "Datability" }, { "32927", "spidr", "Spider Systems Ltd." }, { "32931", "nix", "Nixdorf Computers" }, { "32932-32947", "siem", "Siemens Gammasonics Inc." }, { "32960-32963", "dcaex", "DCA Data Exchange Cluster" }, { "32964", "ban", "Banyan Systems" }, { "32965", "ban", "Banyan Systems" }, { "32966", "pacer", "Pacer Software" }, { "32967", "appli", "Applitek Corporation" }, { "32968-32972", "intrg", "Intergraph Corporation" }, { "32973-32974", "haris", "Harris Corporation" }, { "32975-32978", "taylr", "Taylor Instrument" }, { "32979-32980", "rose", "Rosemount Corporation" }, { "32981", "sna", "IBM SNA Service on Ether" }, { "32989", "varin", "Varian Associates" }, { "32990-32991", "trfs", "Integrated Solutions TRFS" }, { "32992-32995", "allen", "Allen-Bradley" }, { "32996-33008", "data", "Datability" }, { "33010", "retix", "Retix" }, { "33011", "aarp", "AppleTalk AARP (Kinetics)" }, { "33012-33013", "kinet", "Kinetics" }, { "33015", "aplo", "Apollo Computer" }, { "33023-33027", "well", "Wellfleet Communications" }, { "33031-33033", "symbl", "Symbolics Private" }, { "33072", "hayes", "Hayes Microcomputers" }, { "33073", "vglab", "VG Laboratory Systems" }, { "33074-33078", "brdg", "Bridge Communications" }, { "33079-33080", "nvl", "Novell, Inc." }, { "33081-33085", "kti", "KTI" }, { "33096", "logic", "Logicraft" }, { "33097", "ncd", "Network Computing Devices" }, { "33098", "alpha", "Alpha Micro" }, { "33100", "snmp", "SNMP" }, { "33101", "biin", "BIIN" }, { "33104", "biin", "BIIN" }, { "33103", "elite", "Technically Elite Concept" }, { "33104", "ratnl", "Rational Corp" }, { "33105-33107", "qual", "Qualcomm" }, { "33108-33110", "cprot", "Computer Protocol Pty Ltd" }, { "33124-33126", "crd", "Charles River Data System" }, { "33149", "xtp", "XTP" }, { "33150", "sgitw", "SGI/Time Warner prop." }, { "33152", "hippi", "HIPPI-FP encapsulation" }, { "33153", "stp", "STP, HIPPI-ST" }, { "33154", "h6400", "Reserved for HIPPI-6400" }, { "33155", "h6400", "Reserved for HIPPI-6400" }, { "33156-33164", "sgi", "Silicon Graphics prop." }, { "33165", "mot", "Motorola Computer" }, { "33178-33187", "qual", "Qualcomm" }, { "33188", "arai", "ARAI Bunkichi" }, { "33189-33198", "rad", "RAD Network Devices" }, { "33207-33209", "xyplx", "Xyplex" }, { "33228-33237", "apri", "Apricot Computers" }, { "33238-33245", "arti", "Artisoft" }, { "33254-33263", "poly", "Polygon" }, { "33264-33266", "comst", "Comsat Labs" }, { "33267-33269", "saic", "SAIC" }, { "33270-33272", "vg", "VG Analytical" }, { "33283-33285", "quant", "Quantum Software" }, { "33313-33314", "ascom", "Ascom Banking Systems" }, { "33342-33344", "aes", "Advanced Encryption System" }, { "33407-33410", "athen", "Athena Programming" }, { "33379-33386", "crd", "Charles River Data System" }, { "33434-33435", "iiit", "Inst Ind Info Tech" }, { "33436-33451", "tarus", "Taurus Controls" }, { "33452-34451", "wrq", "Walker Richer & Quinn" }, { "34452-34461", "ideac", "Idea Courier" }, { "34462-34465", "cnt", "Computer Network Tech" }, { "34467-34476", "gtway", "Gateway Communications" }, { "34523", "sectr", "SECTRA" }, { "34526", "delta", "Delta Controls" }, { "34525", "ipv6", "IPv6" }, { "34527", "atom", "ATOMIC" }, { "34528-34543", "lgp", "Landis & Gyr Powers" }, { "34560-34576", "mot", "Motorola" }, { "34667", "compr", "TCP/IP Compression" }, { "34668", "ipas", "IP Autonomous Systems" }, { "34669", "sdata", "Secure Data" }, { "34827", "ppp", "PPP" }, { "34887", "mplsu", "MPLS Unicast" }, { "34888", "mplsm", "MPLS Multicast" }, { "34915", "pppoe", "PPP Over Ethernet" }, { "34916", "pppoe", "PPP Over Ethernet" }, { "35478-35479", "invis", "Invisible Software" }, { "36864", "loop", "Loopback" }, { "36865", "xnssm", "3Com(Bridge) XNS Sys Mgmt" }, { "36866", "3coms", "3Com(Bridge) TCP-IP Sys" }, { "36867", "3coml", "3Com(Bridge) loop detect" }, { "65280", "bbnch", "BBN VITAL-LanBridge cache" }, { "65280-65295", "ramo", "ISC Bunker Ramo" }, { "65535", "resv", "Reserved" }, { (char *) 0, (char *) 0, (char *) 0 }, }; #else extern struct ArgusEtherTypeStruct argus_ethertype_names []; #endif #endif argus-2.0.6.fixes.1/include/ethertype.h0000775000076600007660000000661207227104153013431 /* * Copyright (c) 1993, 1994, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * @(#) $Header: /usr/local/cvsroot/argus/include/ethertype.h,v 1.5 2001/01/10 16:06:03 argus Exp $ (LBL) */ /* Types missing from some systems */ #ifndef ETHERTYPE_SPRITE #define ETHERTYPE_SPRITE 0x0500 #endif #ifndef ETHERTYPE_NS #define ETHERTYPE_NS 0x0600 #endif #ifndef ETHERTYPE_IP #define ETHERTYPE_IP 0x0800 #endif #ifndef ETHERTYPE_X25L3 #define ETHERTYPE_X25L3 0x0805 #endif #ifndef ETHERTYPE_ARP #define ETHERTYPE_ARP 0x0806 #endif #ifndef ETHERTYPE_VINES #define ETHERTYPE_VINES 0x0bad #endif #ifndef ETHERTYPE_TRAIL #define ETHERTYPE_TRAIL 0x1000 #endif #ifndef ETHERTYPE_TRAIN #define ETHERTYPE_TRAIN 0x1984 #endif #ifndef ETHERTYPE_3C_NBP_DGRAM #define ETHERTYPE_3C_NBP_DGRAM 0x3c07 #endif #ifndef ETHERTYPE_DEC #define ETHERTYPE_DEC 0x6000 #endif #ifndef ETHERTYPE_MOPDL #define ETHERTYPE_MOPDL 0x6001 #endif #ifndef ETHERTYPE_MOPRC #define ETHERTYPE_MOPRC 0x6002 #endif #ifndef ETHERTYPE_DN #define ETHERTYPE_DN 0x6003 #endif #ifndef ETHERTYPE_LAT #define ETHERTYPE_LAT 0x6004 #endif #ifndef ETHERTYPE_DEC_DIAG #define ETHERTYPE_DEC_DIAG 0x6005 #endif #ifndef ETHERTYPE_DEC_CUST #define ETHERTYPE_DEC_CUST 0x6006 #endif #ifndef ETHERTYPE_SCA #define ETHERTYPE_SCA 0x6007 #endif #ifndef ETHERTYPE_REVARP #define ETHERTYPE_REVARP 0x8035 #endif #ifndef ETHERTYPE_LANBRIDGE #define ETHERTYPE_LANBRIDGE 0x8038 #endif #ifndef ETHERTYPE_DECDNS #define ETHERTYPE_DECDNS 0x803c #endif #ifndef ETHERTYPE_DECDTS #define ETHERTYPE_DECDTS 0x803e #endif #ifndef ETHERTYPE_VEXP #define ETHERTYPE_VEXP 0x805b #endif #ifndef ETHERTYPE_VPROD #define ETHERTYPE_VPROD 0x805c #endif #ifndef ETHERTYPE_ATALK #define ETHERTYPE_ATALK 0x809b #endif #ifndef ETHERTYPE_AARP #define ETHERTYPE_AARP 0x80f3 #endif #ifndef ETHERTYPE_8021Q #define ETHERTYPE_8021Q 0x8100 #endif #ifndef ETHERTYPE_IPX #define ETHERTYPE_IPX 0x8137 #endif #ifndef ETHERTYPE_SNMP #define ETHERTYPE_SNMP 0x814c #endif #ifndef ETHERTYPE_IPV6 #define ETHERTYPE_IPV6 0x86dd #endif #ifndef ETHERTYPE_MPLS #define ETHERTYPE_MPLS 0x8847 #endif #ifndef ETHERTYPE_MPLS_MULTI #define ETHERTYPE_MPLS_MULTI 0x8848 #endif #ifndef ETHERTYPE_PPPOED #define ETHERTYPE_PPPOED 0x8863 #endif #ifndef ETHERTYPE_PPPOES #define ETHERTYPE_PPPOES 0x8864 #endif #ifndef ETHERTYPE_LOOPBACK #define ETHERTYPE_LOOPBACK 0x9000 #endif argus-2.0.6.fixes.1/include/extract.h0000775000076600007660000000531210016412624013061 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1992, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * @(#) $Header: /usr/local/cvsroot/argus/include/extract.h,v 1.8 2004/02/23 15:00:36 argus Exp $ (LBL) */ #ifdef TCPDUMP_ALIGN #if __BYTEORDER == __LITTLE_ENDIAN #define EXTRACT_SHORT(p)\ ((u_short)\ ((u_short)*((u_char *)p+1)<<8|\ (u_short)*((u_char *)p+0)<<0)) #define EXTRACT_LONG(p)\ ((u_int32)*((u_char *)p+3)<<24|\ (u_int32)*((u_char *)p+2)<<16|\ (u_int32)*((u_char *)p+1)<<8|\ (u_int32)*((u_char *)p+0)<<0) #else #define EXTRACT_SHORT(p)\ ((u_short)\ ((u_short)*((u_char *)p+0)<<8|\ (u_short)*((u_char *)p+1)<<0)) #define EXTRACT_LONG(p)\ ((u_int32)*((u_char *)p+0)<<24|\ (u_int32)*((u_char *)p+1)<<16|\ (u_int32)*((u_char *)p+2)<<8|\ (u_int32)*((u_char *)p+3)<<0) #endif #else #define EXTRACT_SHORT(p) ((u_short)ntohs(*(u_short *)p)) #define EXTRACT_LONG(p) (ntohl(*(u_int32 *)p)) #endif argus-2.0.6.fixes.1/include/fddi.h0000775000076600007660000000712710016412624012323 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1992, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * @(#) $Header: /usr/local/cvsroot/argus/include/fddi.h,v 1.8 2004/02/23 15:00:36 argus Exp $ (LBL) */ /* * Based on Ultrix if_fddi.h */ /* * This stuff should come from a system header file, but there's no * obviously portable way to do that and it's not really going * to change from system to system (except for the padding business). */ struct fddi_header { #if defined(ultrix) || defined(__alpha) /* Ultrix pads to make everything line up on a nice boundary */ #define FDDIPAD 3 u_char fddi_ph[FDDIPAD]; #else #define FDDIPAD 0 #endif u_char fddi_fc; /* frame control */ u_char fddi_dhost[6]; u_char fddi_shost[6]; }; /* Useful values for fddi_fc (frame control) field */ /* * FDDI Frame Control bits */ #define FDDIFC_C 0x80 /* Class bit */ #define FDDIFC_L 0x40 /* Address length bit */ #define FDDIFC_F 0x30 /* Frame format bits */ #define FDDIFC_Z 0x0f /* Control bits */ /* * FDDI Frame Control values. (48-bit addressing only). */ #define FDDIFC_VOID 0x40 /* Void frame */ #define FDDIFC_NRT 0x80 /* Nonrestricted token */ #define FDDIFC_RT 0xc0 /* Restricted token */ #define FDDIFC_SMT_INFO 0x41 /* SMT Info */ #define FDDIFC_SMT_NSA 0x4F /* SMT Next station adrs */ #define FDDIFC_MAC_BEACON 0xc2 /* MAC Beacon frame */ #define FDDIFC_MAC_CLAIM 0xc3 /* MAC Claim frame */ #define FDDIFC_LLC_ASYNC 0x50 /* Async. LLC frame */ #define FDDIFC_LLC_SYNC 0xd0 /* Sync. LLC frame */ #define FDDIFC_IMP_ASYNC 0x60 /* Implementor Async. */ #define FDDIFC_IMP_SYNC 0xe0 /* Implementor Synch. */ #define FDDIFC_SMT 0x40 /* SMT frame */ #define FDDIFC_MAC 0xc0 /* MAC frame */ #define FDDIFC_CLFF 0xF0 /* Class/Length/Format bits */ #define FDDIFC_ZZZZ 0x0F /* Control bits */ argus-2.0.6.fixes.1/include/gencode.h0000775000076600007660000001506710016412624013023 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1990, 1991, 1992, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * @(#) $Header: /usr/local/cvsroot/argus/include/gencode.h,v 1.17 2004/02/23 15:00:36 argus Exp $ (LBL) */ /* * filter.h must be included before this file. */ #include /* Address qualifers. */ #define Q_HOST 1 #define Q_NET 2 #define Q_PORT 3 #define Q_GATEWAY 4 #define Q_PROTO 5 #define Q_TTL 6 #define Q_TOS 7 /* Protocol qualifiers. */ #define Q_LINK 1 #define Q_MAN 2 #define Q_IP 3 #define Q_ARP 4 #define Q_RARP 5 #define Q_TCP 6 #define Q_UDP 7 #define Q_ICMP 8 #define Q_IGMP 9 #define Q_IGRP 10 #define Q_DECNET 11 #define Q_LAT 12 #define Q_MOPRC 13 #define Q_MOPDL 14 #define Q_DETAIL 15 #define Q_MERGED 16 /* TCP Protocol qualifiers. */ #define Q_NORMAL 17 #define Q_MULTIPATH 18 #define Q_RESET 19 #define Q_TIMEDOUT 20 #define Q_WINSHUT 21 #define Q_ESTABLISHED 22 #define Q_RETRANS 23 #define Q_SRCRETRANS 24 #define Q_DSTRETRANS 25 #define Q_FRAG 26 #define Q_FRAG_ONLY 27 #define Q_CONNECTED 28 #define Q_REJECT 29 #define Q_ECHO 30 #define Q_UNREACH 31 #define Q_REDIRECT 32 #define Q_TIMEXED 33 #define Q_LOOP 34 #define Q_SYN 40 #define Q_SYNACK 41 #define Q_DATA 42 #define Q_FIN 43 #define Q_FINACK 44 #define Q_WAIT 45 /* RTP Protocol qualifiers. */ #define Q_RTP 46 #define Q_ESP 47 #define Q_ECN 48 #define Q_MPLS 49 #define Q_VLAN 50 /* Directional qualifers. */ #define Q_SRC 1 #define Q_DST 2 #define Q_OR 3 #define Q_AND 4 #define Q_DEFAULT 0 #define Q_UNDEF 255 struct stmt { int code; struct slist *jt; /*only for relative jump in block*/ struct slist *jf; /*only for relative jump in block*/ int k; }; struct slist { struct stmt s; struct slist *next; }; /* * A bit vector to represent definition sets. We assume TOT_REGISTERS * is smaller than 8*sizeof(atomset). */ typedef unsigned int atomset; #define ATOMMASK(n) (1 << (n)) #define ATOMELEM(d, n) (d & ATOMMASK(n)) /* * An unbounded set. */ typedef unsigned int *uset; /* * Total number of atomic entities, including accumulator (A) and index (X). * We treat all these guys similarly during flow analysis. */ #define N_ATOMS (BPF_MEMWORDS+2) struct edge { int id; int code; uset edom; struct block *succ; struct block *pred; struct edge *next; /* link list of incoming edges for a node */ }; struct block { int id; struct slist *stmts; /* side effect stmts */ struct stmt s; /* branch stmt */ int mark; int longjt; /* jt branch requires long jump */ int longjf; /* jf branch requires long jump */ int level; int offset; int sense; struct edge et; struct edge ef; struct block *head; struct block *link; /* link field used by optimizer */ uset dom; uset closure; struct edge *in_edges; atomset def, kill; atomset in_use; atomset out_use; int oval; int val[N_ATOMS]; }; struct arth { struct block *b; /* protocol checks */ struct slist *s; /* stmt list */ int regno; /* virtual register number of result */ }; struct qual { unsigned char addr; unsigned char proto; unsigned char dir; unsigned char pad; }; #ifndef __GNUC__ #define volatile #endif #define yylex argus_lex #define yyparse argus_parse extern int argus_lex(void); extern int argus_parse (void); extern void argus_lex_init(char *buf); struct arth *Argusgen_loadi(int); struct arth *Argusgen_load(int, struct arth *, int); struct arth *Argusgen_loadlen(void); struct arth *Argusgen_neg(struct arth *); struct arth *Argusgen_arth(int, struct arth *, struct arth *); void Argusgen_and(struct block *, struct block *); void Argusgen_or(struct block *, struct block *); void Argusgen_not(struct block *); struct block *Argusgen_scode(char *, struct qual); struct block *Argusgen_tcode(int, struct qual); struct block *Argusgen_ecode(u_char *, struct qual); struct block *Argusgen_mcode(char *, char *, int, struct qual); struct block *Argusgen_ncode(char *, unsigned int, struct qual); struct block *Argusgen_proto_abbrev(int); struct block *Argusgen_relation(int, struct arth *, struct arth *, int); struct block *Argusgen_less(int); struct block *Argusgen_greater(int); struct block *Argusgen_byteop(int, int, int); struct block *Argusgen_broadcast(int); struct block *Argusgen_multicast(int); struct block *Argusgen_inbound(int); void Argusbpf_optimize(struct block **); void Argus_error(char *fmt, ...); void Argusfinish_parse(struct block *); char *Argussdup(char *); struct bpf_insn *Argusicode_to_fcode(struct block *, int *); int Arguspcap_parse(void); void Arguslex_init(char *); void Argussappend(struct slist *, struct slist *); int ArgusFilterCompile(struct bpf_program *, char *, int, unsigned int); /* XXX */ #define JT(b) ((b)->et.succ) #define JF(b) ((b)->ef.succ) argus-2.0.6.fixes.1/include/interface.h0000775000076600007660000001201210016412624013342 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1988-1990 The Regents of the University of California. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * @(#) $Header: /usr/local/cvsroot/argus/include/interface.h,v 1.13 2004/02/23 15:00:36 argus Exp $ (LBL) */ #ifndef __STDC__ #define const #endif #ifdef __GNUC__ #define inline __inline #else #define inline #endif #include "os.h" /* os dependent stuff */ #ifndef SIGRET #define SIGRET void /* default */ #endif struct ArgusTokenStruct { int v; /* value */ char *s; /* string */ }; #ifdef ARGUS #define MIN_SNAPLEN 96 int Cflag = 0; /* modify ICMP flow model - printout each ICMP packet*/ int Rflag = 0; /* modify ICMP flow model - printout each ICMP ECHO response */ int dflag = 0; /* print interval code */ int wflag = 0; /* write tcp connection data to wfile */ int lflag = 0; /* print lasttime instead of startime */ int nflag = 0; /* leave addresses as numbers */ int debugflag = 0; /* set debug level */ int tcptimeout = 0; /* set TCP timeout value (default TCPTIMEOUT) */ int udptimeout = 0; /* set UDP timeout value (default UDPTIMEOUT) */ int iptimeout = 0; /* set IP timeout value (default IPTIMEOUT) */ int icmptimeout = 0; /* set ICMP timeout (default ICMPTIMEOUT) */ int fragtimeout = 0; /* set fragment timeout (default FRAGTIMEOUT) */ int Nflag; /* remove domains from printed host names */ char *wfile; char *program_name; double update_interval = 1.0, update_time = 0.0; int updatecounter = 0; extern pcap_handler lookup_pcap_callback (void); int lfd = -1; int snaplen = MIN_SNAPLEN; fd_set readmask, writemask, exceptmask; pcap_t *pd = NULL; #define ARGUS_PORT 561 #else extern int Cflag; /* print each ICMP packet */ extern int Rflag; /* print each ICMP record on response for RTT */ extern int dflag; /* print interval code */ extern int wflag; /* write tcp connection data */ extern int nflag; /* leave addresses as numbers*/ extern int debugflag; /* set debug level */ extern int tcptimeout; /* set TCP timeout value (default TCPTIMEOUT) */ extern int udptimeout; /* set UDP timeout value (default UDPTIMEOUT) */ extern int iptimeout; /* set IP timeout value (default IPTIMEOUT) */ extern int icmptimeout; /* set ICMP timeout (default ICMPTIMEOUT) */ extern int fragtimeout; /* set ICMP timeout (default ICMPTIMEOUT) */ extern int Nflag; /* remove domains from printed host names */ extern double update_interval; extern int updatecounter; extern char *wfile; extern char *program_name; extern int lfd; extern int snaplen; extern fd_set readmask, writemask, exceptmask; extern pcap_t *pd; #endif #ifndef min #define min(a,b) ((a)>(b)?(b):(a)) #define max(a,b) ((b)>(a)?(b):(a)) #endif extern char timestamp_fmt[]; extern long timestamp_scale; extern void timestampinit(void); extern int fn_print(const u_char *, const u_char *); extern int fn_printn(const u_char *, u_int, const u_char *); extern const char *tok2str(const struct ArgusTokenStruct *, const char *, int); extern char *dnaddr_string(u_short); extern char *savestr(const char *); extern char *isonsap_string(const u_char *); extern char *llcsap_string(u_char); extern char *protoid_string(const u_char *); extern char *dnname_string(u_short); extern char *dnnum_string(u_short); argus-2.0.6.fixes.1/include/os.h0000775000076600007660000001015010016412624012024 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ /* * Copyright (c) 1990 The Regents of the University of California. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * @(#) $Header: /usr/local/cvsroot/argus/include/os.h,v 1.12 2004/02/23 15:00:36 argus Exp $ (LBL) */ #if !defined(bsdi) #define ETHER_SERVICE #endif /* #if !defined(linux) u_char *ETHER_hostton(); char *ETHER_ntohost(); #endif */ #define HAVE_SYS_ERRLIST /* #if defined(__osf__) || defined(ultrix) || defined(linux) #define EDST(ep) ((ep)->ether_dhost.ether_addr_octet) #define ESRC(ep) ((ep)->ether_shost.ether_addr_octet) #endif #if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) #define HAVE_SYS_ERRLIST #endif */ #ifdef ETHER_HEADER_HAS_EA #define ESRC(ep) ((ep)->ether_shost.ether_addr_octet) #define EDST(ep) ((ep)->ether_dhost.ether_addr_octet) #else #define ESRC(ep) ((ep)->ether_shost) #define EDST(ep) ((ep)->ether_dhost) #endif #ifdef ETHER_ARP_HAS_X #define SHA(ap) ((ap)->arp_xsha) #define THA(ap) ((ap)->arp_xtha) #define SPA(ap) ((ap)->arp_xspa) #define TPA(ap) ((ap)->arp_xtpa) #else #ifdef ETHER_ARP_HAS_EA #define SHA(ap) ((ap)->arp_sha.ether_addr_octet) #define THA(ap) ((ap)->arp_tha.ether_addr_octet) #else #define SHA(ap) ((ap)->arp_sha) #define THA(ap) ((ap)->arp_tha) #endif #define SPA(ap) ((ap)->arp_spa) #define TPA(ap) ((ap)->arp_tpa) #endif #if defined(sun) /* Map protocol types */ #define ETHERPUP_IPTYPE ETHERTYPE_IP #define ETHERPUP_REVARPTYPE ETHERTYPE_REVARP #define ETHERPUP_ARPTYPE ETHERTYPE_ARP #endif #ifdef __sgi #define SHA(ap) ((ap)->arp_sha) #define SPA(ap) ((ap)->arp_spa) #define THA(ap) ((ap)->arp_tha) #define TPA(ap) ((ap)->arp_tpa) #define EDST(ep) ((ep)->ether_dhost) #define ESRC(ep) ((ep)->ether_shost) #endif #ifndef IPPROTO_ESP #define IPPROTO_ESP 50 #endif #ifndef IPPROTO_AH #define IPPROTO_AH 51 #endif #ifndef IPPROTO_RTP #define IPPROTO_RTP 257 #endif #ifndef ETHERTYPE_REVARP #define ETHERTYPE_REVARP 0x8035 #endif #ifndef IPPROTO_ND #define IPPROTO_ND 77 #endif #ifndef REVARP_REQUEST #define REVARP_REQUEST 3 #endif #ifndef REVARP_REPLY #define REVARP_REPLY 4 #endif /* newish RIP commands */ #ifndef RIPCMD_POLL #define RIPCMD_POLL 5 #endif #ifndef RIPCMD_POLLENTRY #define RIPCMD_POLLENTRY 6 #endif #ifndef ICMP_SR_FAILED #define ICMP_SR_FAILED 5 /* Source Route failed */ #endif #ifndef ICMP_PARAMETERPROB #define ICMP_PARAMETERPROB 12 /* Parameter Problem */ #endif argus-2.0.6.fixes.1/include/ppp.h0000775000076600007660000000454607164104631012224 /* @(#) $Header: /usr/local/cvsroot/argus/include/ppp.h,v 1.1 2000/09/26 11:33:45 argus Exp $ (LBL) */ /* * Point to Point Protocol (PPP) RFC1331 * * Copyright 1989 by Carnegie Mellon. * * Permission to use, copy, modify, and distribute this program for any * purpose and without fee is hereby granted, provided that this copyright * and permission notice appear on all copies and supporting documentation, * the name of Carnegie Mellon not be used in advertising or publicity * pertaining to distribution of the program without specific prior * permission, and notice be given in supporting documentation that copying * and distribution is by permission of Carnegie Mellon and Stanford * University. Carnegie Mellon makes no representations about the * suitability of this software for any purpose. It is provided "as is" * without express or implied warranty. */ #define PPP_ADDRESS 0xff /* The address byte value */ #define PPP_CONTROL 0x03 /* The control byte value */ /* Protocol numbers */ #define PPP_IP 0x0021 /* Raw IP */ #define PPP_OSI 0x0023 /* OSI Network Layer */ #define PPP_NS 0x0025 /* Xerox NS IDP */ #define PPP_DECNET 0x0027 /* DECnet Phase IV */ #define PPP_APPLE 0x0029 /* Appletalk */ #define PPP_IPX 0x002b /* Novell IPX */ #define PPP_VJC 0x002d /* Van Jacobson Compressed TCP/IP */ #define PPP_VJNC 0x002f /* Van Jacobson Uncompressed TCP/IP */ #define PPP_BRPDU 0x0031 /* Bridging PDU */ #define PPP_STII 0x0033 /* Stream Protocol (ST-II) */ #define PPP_VINES 0x0035 /* Banyan Vines */ #define PPP_HELLO 0x0201 /* 802.1d Hello Packets */ #define PPP_LUXCOM 0x0231 /* Luxcom */ #define PPP_SNS 0x0233 /* Sigma Network Systems */ #define PPP_IPCP 0x8021 /* IP Control Protocol */ #define PPP_OSICP 0x8023 /* OSI Network Layer Control Protocol */ #define PPP_NSCP 0x8025 /* Xerox NS IDP Control Protocol */ #define PPP_DECNETCP 0x8027 /* DECnet Control Protocol */ #define PPP_APPLECP 0x8029 /* Appletalk Control Protocol */ #define PPP_IPXCP 0x802b /* Novell IPX Control Protocol */ #define PPP_STIICP 0x8033 /* Strean Protocol Control Protocol */ #define PPP_VINESCP 0x8035 /* Banyan Vines Control Protocol */ #define PPP_LCP 0xc021 /* Link Control Protocol */ #define PPP_PAP 0xc023 /* Password Authentication Protocol */ #define PPP_LQM 0xc025 /* Link Quality Monitoring */ #define PPP_CHAP 0xc223 /* Challenge Handshake Authentication Protocol */ argus-2.0.6.fixes.1/include/saslint.h0000775000076600007660000001113407464544762013111 /* saslint.h - internal SASL library definitions * Tim Martin */ /* * Copyright (c) 2000 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef SASLINT_H #define SASLINT_H #include typedef struct { const sasl_callback_t *callbacks; const char *appname; } sasl_global_callbacks_t; typedef struct sasl_mech_secret { unsigned long len; unsigned long mechoffset; /* 0 if plain mechanism */ unsigned long useroffset; char buf[1]; } sasl_mech_secret_t; typedef struct sasl_credentials sasl_credentials_t; typedef struct sasl_out_params { int doneflag; /* exchange complete */ sasl_ssf_t mech_ssf; /* security layer strength factor of mech */ unsigned maxoutbuf; /* max plain output to security layer */ /* mic functions differs from encode in that the output is intended to be * appended to the input rather than an encapsulated variant of it. * a plugin which supports getmic()/verifymic() but not * encode()/decode() should be exportable. Ditto for framework. * datalen param of verifymic returns length of data in buffer */ void *encode_context; int (*encode)(void *context, const char *input, unsigned inputlen, char **output, unsigned *outputlen); int (*getmic)(void *context, const char *input, unsigned inputlen, char **output, unsigned *outputlen); void *decode_context; int (*decode)(void *context, const char *input, unsigned inputlen, char **output, unsigned *outputlen); int (*verifymic)(void *context, const char *input, unsigned inputlen, unsigned *datalen); char *user; /* canonicalized user name */ char *authid; /* canonicalized authentication id */ char *realm; /* security realm */ /* set to 0 initially, this allows a plugin with extended parameters * to work with an older framework by updating version as parameters * are added. */ int param_version; /* Credentials passed by clients. NOTE: this should ONLY * be set by server plugins. */ sasl_credentials_t *credentials; } sasl_out_params_t; struct sasl_conn { void (*destroy_conn)(sasl_conn_t *); /* destroy function */ int open; /* connection open or not */ char *service; int secflags; /* security layer flags passed to sasl_*_new */ int got_ip_local, got_ip_remote; struct sockaddr_in ip_local, ip_remote; sasl_external_properties_t external; void *context; sasl_out_params_t oparams; sasl_security_properties_t props; sasl_secret_t *secret; int uses_sec_layer; /* if need to encrypt/decrpt all transmissions */ void *mutex; int (*idle_hook)(sasl_conn_t *conn); const sasl_callback_t *callbacks; const sasl_global_callbacks_t *global_callbacks; /* global callbacks * for this * connection */ char *serverFQDN; }; #endif /* SASLINT_H */ argus-2.0.6.fixes.1/include/sll.h0000775000076600007660000001260207572545127012223 /*- * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * This code is derived from the Stanford/CMU enet packet filter, * (net/enet.c) distributed as part of 4.3BSD, and code contributed * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence * Berkeley Laboratory. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * For captures on Linux cooked sockets, we construct a fake header * that includes: * * a 2-byte "packet type" which is one of: * * LINUX_SLL_HOST packet was sent to us * LINUX_SLL_BROADCAST packet was broadcast * LINUX_SLL_MULTICAST packet was multicast * LINUX_SLL_OTHERHOST packet was sent to somebody else * LINUX_SLL_OUTGOING packet was sent *by* us; * * a 2-byte Ethernet protocol field; * * a 2-byte link-layer type; * * a 2-byte link-layer address length; * * an 8-byte source link-layer address, whose actual length is * specified by the previous value. * * All fields except for the link-layer address are in network byte order. * * DO NOT change the layout of this structure, or change any of the * LINUX_SLL_ values below. If you must change the link-layer header * for a "cooked" Linux capture, introduce a new DLT_ type (ask * "tcpdump-workers@tcpdump.org" for one, so that you don't give it a * value that collides with a value already being used), and use the * new header in captures of that type, so that programs that can * handle DLT_LINUX_SLL captures will continue to handle them correctly * without any change, and so that capture files with different headers * can be told apart and programs that read them can dissect the * packets in them. * * This structure, and the #defines below, must be the same in the * libpcap and tcpdump versions of "sll.h". */ /* * A DLT_LINUX_SLL fake link-layer header. */ #define SLL_HDR_LEN 16 /* total header length */ #define SLL_ADDRLEN 8 /* length of address field */ struct sll_header { u_short sll_pkttype; /* packet type */ u_short sll_hatype; /* link-layer address type */ u_short sll_halen; /* link-layer address length */ u_char sll_addr[SLL_ADDRLEN]; /* link-layer address */ u_short sll_protocol; /* protocol */ }; /* * The LINUX_SLL_ values for "sll_pkttype"; these correspond to the * PACKET_ values on Linux, but are defined here so that they're * available even on systems other than Linux, and so that they * don't change even if the PACKET_ values change. */ #define LINUX_SLL_HOST 0 #define LINUX_SLL_BROADCAST 1 #define LINUX_SLL_MULTICAST 2 #define LINUX_SLL_OTHERHOST 3 #define LINUX_SLL_OUTGOING 4 /* * The LINUX_SLL_ values for "sll_protocol"; these correspond to the * ETH_P_ values on Linux, but are defined here so that they're * available even on systems other than Linux. We assume, for now, * that the ETH_P_ values won't change in Linux; if they do, then: * * if we don't translate them in "pcap-linux.c", capture files * won't necessarily be readable if captured on a system that * defines ETH_P_ values that don't match these values; * * if we do translate them in "pcap-linux.c", that makes life * unpleasant for the BPF code generator, as the values you test * for in the kernel aren't the values that you test for when * reading a capture file, so the fixup code run on BPF programs * handed to the kernel ends up having to do more work. * * Add other values here as necessary, for handling packet types that * might show up on non-Ethernet, non-802.x networks. (Not all the ones * in the Linux "if_ether.h" will, I suspect, actually show up in * captures.) */ #define LINUX_SLL_P_802_3 0x0001 /* Novell 802.3 frames without 802.2 LLC header */ #define LINUX_SLL_P_802_2 0x0004 /* 802.2 frames (not D/I/X Ethernet) */ argus-2.0.6.fixes.1/include/linux-include/0000775000076600007660000000000010044510077014074 5argus-2.0.6.fixes.1/include/linux-include/linux/0000775000076600007660000000000010044510077015233 5argus-2.0.6.fixes.1/include/linux-include/linux/if_arp.h0000775000076600007660000000321707143534010016571 /* @(#)if_arp.h 1.5 88/08/19 SMI; from UCB 7.1 1/24/86 */ /* * Copyright (c) 1986 Regents of the University of California. * All rights reserved. The Berkeley software License Agreement * specifies the terms and conditions for redistribution. */ #ifndef _net_if_arp_h #define _net_if_arp_h /* * Address Resolution Protocol. * * See RFC 826 for protocol description. ARP packets are variable * in size; the arphdr structure defines the fixed-length portion. * Protocol type values are the same as those for 10 Mb/s Ethernet. * It is followed by the variable-sized fields ar_sha, arp_spa, * arp_tha and arp_tpa in that order, according to the lengths * specified. Field names used correspond to RFC 826. */ struct arphdr { u_short ar_hrd; /* format of hardware address */ #define ARPHRD_ETHER 1 /* ethernet hardware address */ u_short ar_pro; /* format of protocol address */ u_char ar_hln; /* length of hardware address */ u_char ar_pln; /* length of protocol address */ u_short ar_op; /* one of: */ #define ARPOP_REQUEST 1 /* request to resolve address */ #define ARPOP_REPLY 2 /* response to previous request */ #define REVARP_REQUEST 3 /* Reverse ARP request */ #define REVARP_REPLY 4 /* Reverse ARP reply */ /* * The remaining fields are variable in size, * according to the sizes above, and are defined * as appropriate for specific hardware/protocol * combinations. (E.g., see .) */ #ifdef notdef u_char ar_sha[]; /* sender hardware address */ u_char ar_spa[]; /* sender protocol address */ u_char ar_tha[]; /* target hardware address */ u_char ar_tpa[]; /* target protocol address */ #endif notdef }; #endif argus-2.0.6.fixes.1/include/linux-include/net/0000775000076600007660000000000010044510077014662 5argus-2.0.6.fixes.1/include/linux-include/net/if_arp.h0000664000076600007660000000321707253145326016227 /* @(#)if_arp.h 1.5 88/08/19 SMI; from UCB 7.1 1/24/86 */ /* * Copyright (c) 1986 Regents of the University of California. * All rights reserved. The Berkeley software License Agreement * specifies the terms and conditions for redistribution. */ #ifndef _net_if_arp_h #define _net_if_arp_h /* * Address Resolution Protocol. * * See RFC 826 for protocol description. ARP packets are variable * in size; the arphdr structure defines the fixed-length portion. * Protocol type values are the same as those for 10 Mb/s Ethernet. * It is followed by the variable-sized fields ar_sha, arp_spa, * arp_tha and arp_tpa in that order, according to the lengths * specified. Field names used correspond to RFC 826. */ struct arphdr { u_short ar_hrd; /* format of hardware address */ #define ARPHRD_ETHER 1 /* ethernet hardware address */ u_short ar_pro; /* format of protocol address */ u_char ar_hln; /* length of hardware address */ u_char ar_pln; /* length of protocol address */ u_short ar_op; /* one of: */ #define ARPOP_REQUEST 1 /* request to resolve address */ #define ARPOP_REPLY 2 /* response to previous request */ #define REVARP_REQUEST 3 /* Reverse ARP request */ #define REVARP_REPLY 4 /* Reverse ARP reply */ /* * The remaining fields are variable in size, * according to the sizes above, and are defined * as appropriate for specific hardware/protocol * combinations. (E.g., see .) */ #ifdef notdef u_char ar_sha[]; /* sender hardware address */ u_char ar_spa[]; /* sender protocol address */ u_char ar_tha[]; /* target hardware address */ u_char ar_tpa[]; /* target protocol address */ #endif notdef }; #endif argus-2.0.6.fixes.1/include/linux-include/net/slcompress.h0000775000076600007660000000744707470741440017175 /* * Definitions for tcp compression routines. * * @(#) $Header: /usr/local/cvsroot/argus/include/linux-include/net/slcompress.h,v 1.2 2002/05/16 14:33:04 argus Exp $ (LBL) * * Copyright (c) 1989, 1990, 1992, 1993 Regents of the University of * California. All rights reserved. * * Redistribution and use in source and binary forms are permitted * provided that the above copyright notice and this paragraph are * duplicated in all such forms and that any documentation, * advertising materials, and other materials related to such * distribution and use acknowledge that the software was developed * by the University of California, Berkeley. The name of the * University may not be used to endorse or promote products derived * from this software without specific prior written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Van Jacobson (van@ee.lbl.gov), Dec 31, 1989: * - Initial distribution. */ #define MAX_STATES 16 /* must be > 2 and < 256 */ #define MAX_HDR 128 /* XXX 4bsd-ism: should really be 128 */ /* * Compressed packet format: * * The first octet contains the packet type (top 3 bits), TCP * 'push' bit, and flags that indicate which of the 4 TCP sequence * numbers have changed (bottom 5 bits). The next octet is a * conversation number that associates a saved IP/TCP header with * the compressed packet. The next two octets are the TCP checksum * from the original datagram. The next 0 to 15 octets are * sequence number changes, one change per bit set in the header * (there may be no changes and there are two special cases where * the receiver implicitly knows what changed -- see below). * * There are 5 numbers which can change (they are always inserted * in the following order): TCP urgent pointer, window, * acknowlegement, sequence number and IP ID. (The urgent pointer * is different from the others in that its value is sent, not the * change in value.) Since typical use of SLIP links is biased * toward small packets (see comments on MTU/MSS below), changes * use a variable length coding with one octet for numbers in the * range 1 - 255 and 3 octets (0, MSB, LSB) for numbers in the * range 256 - 65535 or 0. (If the change in sequence number or * ack is more than 65535, an uncompressed packet is sent.) */ /* * Packet types (must not conflict with IP protocol version) * * The top nibble of the first octet is the packet type. There are * three possible types: IP (not proto TCP or tcp with one of the * control flags set); uncompressed TCP (a normal IP/TCP packet but * with the 8-bit protocol field replaced by an 8-bit connection id -- * this type of packet syncs the sender & receiver); and compressed * TCP (described above). * * LSB of 4-bit field is TCP "PUSH" bit (a worthless anachronism) and * is logically part of the 4-bit "changes" field that follows. Top * three bits are actual packet type. For backward compatibility * and in the interest of conserving bits, numbers are chosen so the * IP protocol version number (4) which normally appears in this nibble * means "IP packet". */ /* packet types */ #define TYPE_IP 0x40 #define TYPE_UNCOMPRESSED_TCP 0x70 #define TYPE_COMPRESSED_TCP 0x80 #define TYPE_ERROR 0x00 /* Bits in first octet of compressed packet */ #define NEW_C 0x40 /* flag bits for what changed in a packet */ #define NEW_I 0x20 #define NEW_S 0x08 #define NEW_A 0x04 #define NEW_W 0x02 #define NEW_U 0x01 /* reserved, special-case values of above */ #define SPECIAL_I (NEW_S|NEW_W|NEW_U) /* echoed interactive traffic */ #define SPECIAL_D (NEW_S|NEW_A|NEW_W|NEW_U) /* unidirectional data */ #define SPECIALS_MASK (NEW_S|NEW_A|NEW_W|NEW_U) #define TCP_PUSH_BIT 0x10 argus-2.0.6.fixes.1/include/linux-include/net/slip.h0000775000076600007660000000026107143534010015723 /* linux does not give us the link level header */ #define SLIP_HDRLEN 16 #define SLX_DIR 0 #define SLX_CHDR 1 #define CHDR_LEN 15 #define SLIPDIR_IN 0 #define SLIPDIR_OUT 1 argus-2.0.6.fixes.1/include/linux-include/netinet/0000775000076600007660000000000010044510077015542 5argus-2.0.6.fixes.1/include/linux-include/netinet/if_ether.h0000775000076600007660000000347707274777622017464 /* * Copyright (c) 1982, 1986 Regents of the University of California. * All rights reserved. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and that due credit is given * to the University of California at Berkeley. The name of the University * may not be used to endorse or promote products derived from this * software without specific prior written permission. This software * is provided ``as is'' without express or implied warranty. * * @(#)if_ether.h 1.28 89/08/04 SMI; from UCB 7.2 12/7/87 */ #ifndef _netinet_if_ether_h #define _netinet_if_ether_h #if !defined(__OpenBSD__) #include #endif /* * Ethernet address - 6 octets */ struct ether_addr { u_char ether_addr_octet[6]; }; /* * Structure of a 10Mb/s Ethernet header. */ struct ether_header { struct ether_addr ether_dhost; struct ether_addr ether_shost; u_short ether_type; }; #define ETHERTYPE_PUP 0x0200 /* PUP protocol */ #define ETHERTYPE_IP 0x0800 /* IP protocol */ #define ETHERTYPE_ARP 0x0806 /* Addr. resolution protocol */ #define ETHERTYPE_REVARP 0x8035 /* Reverse ARP */ #define ETHERTYPE_TRAIL 0x1000 /* * Ethernet Address Resolution Protocol. * * See RFC 826 for protocol description. Structure below is adapted * to resolving internet addresses. Field names used correspond to * RFC 826. */ struct ether_arp { struct arphdr ea_hdr; /* fixed-size header */ struct ether_addr arp_sha; /* sender hardware address */ u_char arp_spa[4]; /* sender protocol address */ struct ether_addr arp_tha; /* target hardware address */ u_char arp_tpa[4]; /* target protocol address */ }; #define arp_hrd ea_hdr.ar_hrd #define arp_pro ea_hdr.ar_pro #define arp_hln ea_hdr.ar_hln #define arp_pln ea_hdr.ar_pln #define arp_op ea_hdr.ar_op #define ETHERMTU 1500 #endif argus-2.0.6.fixes.1/include/linux-include/netinet/in_systm.h0000775000076600007660000000113007143534010017475 /* @(#)in_systm.h 1.8 88/08/19 SMI; from UCB 7.1 6/5/86 */ /* * Copyright (c) 1982, 1986 Regents of the University of California. * All rights reserved. The Berkeley software License Agreement * specifies the terms and conditions for redistribution. */ /* * Miscellaneous internetwork * definitions for kernel. */ #ifndef _netinet_in_systm_h #define _netinet_in_systm_h typedef u_short n_short; /* short as received from the net */ typedef u_long n_long; /* long as received from the net */ typedef u_long n_time; /* ms since 00:00 GMT, byte rev */ #endif /*!_netinet_in_systm_h*/ argus-2.0.6.fixes.1/include/linux-include/netinet/ip.h0000775000076600007660000000754507464544762016305 /* @(#)ip.h 1.13 88/08/19 SMI; from UCB 7.6.1.1 3/15/88 */ /* * Copyright (c) 1982, 1986 Regents of the University of California. * All rights reserved. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and that due credit is given * to the University of California at Berkeley. The name of the University * may not be used to endorse or promote products derived from this * software without specific prior written permission. This software * is provided ``as is'' without express or implied warranty. */ /* * Definitions for internet protocol version 4. * Per RFC 791, September 1981. */ #ifndef _netinet_ip_h #define _netinet_ip_h #define IPVERSION 4 /* * Structure of an internet header, naked of options. * * We declare ip_len and ip_off to be short, rather than u_short * pragmatically since otherwise unsigned comparisons can result * against negative integers quite easily, and fail in subtle ways. */ struct ip { #if __BYTE_ORDER == __LITTLE_ENDIAN u_char ip_hl:4, /* header length */ ip_v:4; /* version */ #endif #if __BYTE_ORDER == __BIG_ENDIAN u_char ip_v:4, /* version */ ip_hl:4; /* header length */ #endif u_char ip_tos; /* type of service */ short ip_len; /* total length */ u_short ip_id; /* identification */ short ip_off; /* fragment offset field */ #define IP_DF 0x4000 /* dont fragment flag */ #define IP_MF 0x2000 /* more fragments flag */ u_char ip_ttl; /* time to live */ u_char ip_p; /* protocol */ u_short ip_sum; /* checksum */ struct in_addr ip_src,ip_dst; /* source and dest address */ }; #define IP_MAXPACKET 65535 /* maximum packet size */ /* * Definitions for options. */ #define IPOPT_COPIED(o) ((o)&0x80) #define IPOPT_CLASS(o) ((o)&0x60) #define IPOPT_NUMBER(o) ((o)&0x1f) #define IPOPT_CONTROL 0x00 #define IPOPT_RESERVED1 0x20 #define IPOPT_DEBMEAS 0x40 #define IPOPT_RESERVED2 0x60 #define IPOPT_EOL 0 /* end of option list */ #define IPOPT_NOP 1 /* no operation */ #define IPOPT_RR 7 /* record packet route */ #define IPOPT_TS 68 /* timestamp */ #define IPOPT_SECURITY 130 /* provide s,c,h,tcc */ #define IPOPT_LSRR 131 /* loose source route */ #define IPOPT_SATID 136 /* satnet id */ #define IPOPT_SSRR 137 /* strict source route */ /* * Offsets to fields in options other than EOL and NOP. */ #define IPOPT_OPTVAL 0 /* option ID */ #define IPOPT_OLEN 1 /* option length */ #define IPOPT_OFFSET 2 /* offset within option */ #define IPOPT_MINOFF 4 /* min value of above */ /* * Time stamp option structure. */ struct ip_timestamp { u_char ipt_code; /* IPOPT_TS */ u_char ipt_len; /* size of structure (variable) */ u_char ipt_ptr; /* index of current entry */ #if __BYTE_ORDER == __LITTLE_ENDIAN u_char ipt_flg:4, /* flags, see below */ ipt_oflw:4; /* overflow counter */ #endif #if __BYTE_ORDER == __BIG_ENDIAN u_char ipt_oflw:4, /* overflow counter */ ipt_flg:4; /* flags, see below */ #endif union ipt_timestamp { n_long ipt_time[1]; struct ipt_ta { struct in_addr ipt_addr; n_long ipt_time; } ipt_ta[1]; } ipt_timestamp; }; /* flag bits for ipt_flg */ #define IPOPT_TS_TSONLY 0 /* timestamps only */ #define IPOPT_TS_TSANDADDR 1 /* timestamps and addresses */ #define IPOPT_TS_PRESPEC 2 /* specified modules only */ /* bits for security (not byte swapped) */ #define IPOPT_SECUR_UNCLASS 0x0000 #define IPOPT_SECUR_CONFID 0xf135 #define IPOPT_SECUR_EFTO 0x789a #define IPOPT_SECUR_MMMM 0xbc4d #define IPOPT_SECUR_RESTR 0xaf13 #define IPOPT_SECUR_SECRET 0xd788 #define IPOPT_SECUR_TOPSECRET 0x6bc5 /* * Internet implementation parameters. */ #define MAXTTL 255 /* maximum time to live (seconds) */ #define IPFRAGTTL 60 /* time to live for frags, slowhz */ #define IPTTLDEC 1 /* subtracted when forwarding */ #define IP_MSS 576 /* default maximum segment size */ #endif /*!_netinet_ip_h*/ argus-2.0.6.fixes.1/include/linux-include/netinet/ip_icmp.h0000775000076600007660000001154407205130360017261 /* @(#)ip_icmp.h 1.9 88/08/19 SMI; from UCB 7.3 12/7/87 */ /* * Copyright (c) 1982, 1986 Regents of the University of California. * All rights reserved. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and that due credit is given * to the University of California at Berkeley. The name of the University * may not be used to endorse or promote products derived from this * software without specific prior written permission. This software * is provided ``as is'' without express or implied warranty. */ /* * Interface Control Message Protocol Definitions. * Per RFC 792, September 1981. */ #ifndef _netinet_ip_icmp_h #define _netinet_ip_icmp_h /* * Structure of an icmp header. */ struct icmp { u_char icmp_type; /* type of message, see below */ u_char icmp_code; /* type sub code */ u_short icmp_cksum; /* ones complement cksum of struct */ union { u_char ih_pptr; /* ICMP_PARAMPROB */ struct in_addr ih_gwaddr; /* ICMP_REDIRECT */ struct ih_idseq { n_short icd_id; n_short icd_seq; } ih_idseq; int ih_void; } icmp_hun; #define icmp_pptr icmp_hun.ih_pptr #define icmp_gwaddr icmp_hun.ih_gwaddr #define icmp_id icmp_hun.ih_idseq.icd_id #define icmp_seq icmp_hun.ih_idseq.icd_seq #define icmp_void icmp_hun.ih_void union { struct id_ts { n_time its_otime; n_time its_rtime; n_time its_ttime; } id_ts; struct id_ip { struct ip idi_ip; /* options and then 64 bits of data */ } id_ip; u_long id_mask; char id_data[1]; } icmp_dun; #define icmp_otime icmp_dun.id_ts.its_otime #define icmp_rtime icmp_dun.id_ts.its_rtime #define icmp_ttime icmp_dun.id_ts.its_ttime #define icmp_ip icmp_dun.id_ip.idi_ip #define icmp_mask icmp_dun.id_mask #define icmp_data icmp_dun.id_data }; /* * Lower bounds on packet lengths for various types. * For the error advice packets must first insure that the * packet is large enought to contain the returned ip header. * Only then can we do the check to see if 64 bits of packet * data have been returned, since we need to check the returned * ip header length. */ #define ICMP_MINLEN 8 /* abs minimum */ #define ICMP_TSLEN (8 + 3 * sizeof (n_time)) /* timestamp */ #define ICMP_MASKLEN 12 /* address mask */ #define ICMP_ADVLENMIN (8 + sizeof (struct ip) + 8) /* min */ #define ICMP_ADVLEN(p) (8 + ((p)->icmp_ip.ip_hl << 2) + 8) /* N.B.: must separately check that ip_hl >= 5 */ /* * Definition of type and code field values. */ #define ICMP_ECHOREPLY 0 /* echo reply */ #define ICMP_UNREACH 3 /* dest unreachable, codes: */ #define ICMP_UNREACH_NET 0 /* bad net */ #define ICMP_UNREACH_HOST 1 /* bad host */ #define ICMP_UNREACH_PROTOCOL 2 /* bad protocol */ #define ICMP_UNREACH_PORT 3 /* bad port */ #define ICMP_UNREACH_NEEDFRAG 4 /* IP_DF caused drop */ #define ICMP_UNREACH_SRCFAIL 5 /* src route failed */ #define ICMP_UNREACH_NET_UNKNOWN 6 /* unknown net */ #define ICMP_UNREACH_HOST_UNKNOWN 7 /* unknown host */ #define ICMP_UNREACH_ISOLATED 8 /* src host isolated */ #define ICMP_UNREACH_NET_PROHIB 9 /* net denied */ #define ICMP_UNREACH_HOST_PROHIB 10 /* host denied */ #define ICMP_UNREACH_TOSNET 11 /* bad tos for net */ #define ICMP_UNREACH_TOSHOST 12 /* bad tos for host */ #define ICMP_UNREACH_FILTER_PROHIB 13 /* admin prohib */ #define ICMP_UNREACH_HOST_PRECEDENCE 14 /* host prec vio. */ #define ICMP_UNREACH_PRECEDENCE_CUTOFF 15 /* prec cutoff */ #define ICMP_SOURCEQUENCH 4 /* packet lost, slow down */ #define ICMP_REDIRECT 5 /* shorter route, codes: */ #define ICMP_REDIRECT_NET 0 /* for network */ #define ICMP_REDIRECT_HOST 1 /* for host */ #define ICMP_REDIRECT_TOSNET 2 /* for tos and net */ #define ICMP_REDIRECT_TOSHOST 3 /* for tos and host */ #define ICMP_ECHO 8 /* echo service */ #define ICMP_ROUTERADVERT 9 /* router advertisement */ #define ICMP_ROUTERSOLICIT 10 /* router solicitation */ #define ICMP_TIMXCEED 11 /* time exceeded, code: */ #define ICMP_TIMXCEED_INTRANS 0 /* ttl==0 in transit */ #define ICMP_TIMXCEED_REASS 1 /* ttl==0 in reass */ #define ICMP_PARAMPROB 12 /* ip header bad */ #define ICMP_PARAMPROB_OPTABSENT 1 /* req. opt. absent */ #define ICMP_TSTAMP 13 /* timestamp request */ #define ICMP_TSTAMPREPLY 14 /* timestamp reply */ #define ICMP_IREQ 15 /* information request */ #define ICMP_IREQREPLY 16 /* information reply */ #define ICMP_MASKREQ 17 /* address mask request */ #define ICMP_MASKREPLY 18 /* address mask reply */ #define ICMP_MAXTYPE 18 #define ICMP_INFOTYPE(type) \ ((type) == ICMP_ECHOREPLY || (type) == ICMP_ECHO || \ (type) == ICMP_ROUTERADVERT || (type) == ICMP_ROUTERSOLICIT || \ (type) == ICMP_TSTAMP || (type) == ICMP_TSTAMPREPLY || \ (type) == ICMP_IREQ || (type) == ICMP_IREQREPLY || \ (type) == ICMP_MASKREQ || (type) == ICMP_MASKREPLY) #endif /*!_netinet_ip_icmp_h*/ argus-2.0.6.fixes.1/include/linux-include/netinet/ip_var.h0000775000076600007660000000611507464544762017145 /* @(#)ip_var.h 1.11 88/08/19 SMI; from UCB 7.1 6/5/86 */ /* * Copyright (c) 1982, 1986 Regents of the University of California. * All rights reserved. The Berkeley software License Agreement * specifies the terms and conditions for redistribution. */ /* * Overlay for ip header used by other protocols (tcp, udp). */ #ifndef _netinet_ip_var_h #define _netinet_ip_var_h struct ipovly { caddr_t ih_next, ih_prev; /* for protocol sequence q's */ u_char ih_x1; /* (unused) */ u_char ih_pr; /* protocol */ short ih_len; /* protocol length */ struct in_addr ih_src; /* source internet address */ struct in_addr ih_dst; /* destination internet address */ }; /* * Ip reassembly queue structure. Each fragment * being reassembled is attached to one of these structures. * They are timed out after ipq_ttl drops to 0, and may also * be reclaimed if memory becomes tight. */ struct ipq { struct ipq *next,*prev; /* to other reass headers */ u_char ipq_ttl; /* time for reass q to live */ u_char ipq_p; /* protocol of this fragment */ u_short ipq_id; /* sequence id for reassembly */ struct ipasfrag *ipq_next,*ipq_prev; /* to ip headers of fragments */ struct in_addr ipq_src,ipq_dst; }; /* * Ip header, when holding a fragment. * * Note: ipf_next must be at same offset as ipq_next above */ struct ipasfrag { #if __BYTE_ORDER == __LITTLE_ENDIAN u_char ip_hl:4, ip_v:4; #endif #if __BYTE_ORDER == __BIG_ENDIAN u_char ip_v:4, ip_hl:4; #endif u_char ipf_mff; /* copied from (ip_off&IP_MF) */ short ip_len; u_short ip_id; short ip_off; u_char ip_ttl; u_char ip_p; u_short ip_sum; struct ipasfrag *ipf_next; /* next fragment */ struct ipasfrag *ipf_prev; /* previous fragment */ }; /* * Structure stored in mbuf in inpcb.ip_options * and passed to ip_output when ip options are in use. * The actual length of the options (including ipopt_dst) * is in m_len. */ #define MAX_IPOPTLEN 40 struct ipoption { struct in_addr ipopt_dst; /* first-hop dst if source routed */ char ipopt_list[MAX_IPOPTLEN]; /* options proper */ }; struct ipstat { long ips_total; /* total packets received */ long ips_badsum; /* checksum bad */ long ips_tooshort; /* packet too short */ long ips_toosmall; /* not enough data */ long ips_badhlen; /* ip header length < data size */ long ips_badlen; /* ip length < ip header length */ long ips_fragments; /* fragments received */ long ips_fragdropped; /* frags dropped (dups, out of space) */ long ips_fragtimeout; /* fragments timed out */ long ips_forward; /* packets forwarded */ long ips_cantforward; /* packets rcvd for unreachable dest */ long ips_redirectsent; /* packets forwarded on same net */ }; #ifdef KERNEL /* flags passed to ip_output as last parameter */ #define IP_FORWARDING 0x1 /* most of ip header exists */ #define IP_ROUTETOIF SO_DONTROUTE /* bypass routing tables */ #define IP_ALLOWBROADCAST SO_BROADCAST /* can send broadcast packets */ struct ipstat ipstat; struct ipq ipq; /* ip reass. queue */ u_short ip_id; /* ip packet ctr, for ids */ struct mbuf *ip_srcroute(); #endif #endif /*!_netinet_ip_var_h*/ argus-2.0.6.fixes.1/include/linux-include/netinet/rtp.h0000775000076600007660000000276107173176403016463 #ifndef _netinet_rtp_h #define _netinet_rtp_h /* RTP Upper Layer Format Numbers H.225 */ #define IPPROTO_RTP 257 #define RTP_PCMU 0 #define RTP_PCMA 8 #define RTP_G722 9 #define RTP_G723 4 #define RTP_G728 15 #define RTP_G729 18 #define RTP_H261 31 #define RTP_H263 34 /* RTP Header as defined in H.225 */ struct rtphdr { #ifdef LITTLE_ENDIAN unsigned char rh_cc:4, /* CSRC count */ rh_x:1, /* extension */ rh_p:1, /* padding */ rh_ver:2; /* version */ #else unsigned char rh_ver:2, /* version */ rh_p:1, /* padding */ rh_x:1, /* extension */ rh_cc:4; /* CSRC count */ #endif #ifdef LITTLE_ENDIAN unsigned char rh_pt:7, /* payload type */ rh_mark:1; /* marker */ #else unsigned char rh_mark:1, /* marker */ rh_pt:7; /* payload type */ #endif unsigned short rh_seq; unsigned int rh_time; unsigned int rh_ssrc; }; struct rtcphdr { #ifdef LITTLE_ENDIAN unsigned char rh_rc:5, /* report count */ rh_p:1, /* padding */ rh_ver:2; /* version */ #else unsigned char rh_ver:2, /* version */ rh_p:1, /* padding */ rh_rc:5; /* report count */ #endif unsigned char rh_pt; /* payload type */ unsigned short rh_len; unsigned int rh_ssrc; }; struct rtpexthdr { unsigned short profile, length; }; #endif /*!_netinet_rtp_h*/ argus-2.0.6.fixes.1/include/linux-include/netinet/tcp.h0000775000076600007660000000251407464544762016452 /* @(#)tcp.h 1.11 88/08/19 SMI; from UCB 7.2 10/28/86 */ /* * Copyright (c) 1982, 1986 Regents of the University of California. * All rights reserved. The Berkeley software License Agreement * specifies the terms and conditions for redistribution. */ #ifndef _netinet_tcp_h #define _netinet_tcp_h typedef u_long tcp_seq; /* * TCP header. * Per RFC 793, September, 1981. */ struct tcphdr { u_short th_sport; /* source port */ u_short th_dport; /* destination port */ tcp_seq th_seq; /* sequence number */ tcp_seq th_ack; /* acknowledgement number */ #if __BYTE_ORDER == __LITTLE_ENDIAN u_char th_x2:4, /* (unused) */ th_off:4; /* data offset */ #endif #if __BYTE_ORDER == __BIG_ENDIAN u_char th_off:4, /* data offset */ th_x2:4; /* (unused) */ #endif u_char th_flags; #define TH_FIN 0x01 #define TH_SYN 0x02 #define TH_RST 0x04 #define TH_PUSH 0x08 #define TH_ACK 0x10 #define TH_URG 0x20 u_short th_win; /* window */ u_short th_sum; /* checksum */ u_short th_urp; /* urgent pointer */ }; #define TCPOPT_EOL 0 #define TCPOPT_NOP 1 #define TCPOPT_MAXSEG 2 /* * Default maximum segment size for TCP. * With an IP MSS of 576, this is 536, * but 512 is probably more convenient. */ #ifdef lint #define TCP_MSS 536 #else #define TCP_MSS MIN(512, IP_MSS - sizeof (struct tcpiphdr)) #endif #endif /*!_netinet_tcp_h*/ argus-2.0.6.fixes.1/include/linux-include/netinet/tcp_fsm.h0000775000076600007660000000401407143534010017267 /* @(#)tcp_fsm.h 1.7 88/08/19 SMI; from UCB 7.1 6/5/86 */ /* * Copyright (c) 1982, 1986 Regents of the University of California. * All rights reserved. The Berkeley software License Agreement * specifies the terms and conditions for redistribution. */ /* * TCP FSM state definitions. * Per RFC793, September, 1981. */ #ifndef _netinet_tcp_fsm_h #define _netinet_tcp_fsm_h #define TCP_NSTATES 11 #define TCPS_CLOSED 0 /* closed */ #define TCPS_LISTEN 1 /* listening for connection */ #define TCPS_SYN_SENT 2 /* active, have sent syn */ #define TCPS_SYN_RECEIVED 3 /* have send and received syn */ /* states < TCPS_ESTABLISHED are those where connections not established */ #define TCPS_ESTABLISHED 4 /* established */ #define TCPS_CLOSE_WAIT 5 /* rcvd fin, waiting for close */ /* states > TCPS_CLOSE_WAIT are those where user has closed */ #define TCPS_FIN_WAIT_1 6 /* have closed, sent fin */ #define TCPS_CLOSING 7 /* closed xchd FIN; await FIN ACK */ #define TCPS_LAST_ACK 8 /* had fin and close; await FIN ACK */ /* states > TCPS_CLOSE_WAIT && < TCPS_FIN_WAIT_2 await ACK of FIN */ #define TCPS_FIN_WAIT_2 9 /* have closed, fin is acked */ #define TCPS_TIME_WAIT 10 /* in 2*msl quiet wait after close */ #define TCPS_HAVERCVDSYN(s) ((s) >= TCPS_SYN_RECEIVED) #define TCPS_HAVERCVDFIN(s) ((s) >= TCPS_TIME_WAIT) #ifdef TCPOUTFLAGS /* * Flags used when sending segments in tcp_output. * Basic flags (TH_RST,TH_ACK,TH_SYN,TH_FIN) are totally * determined by state, with the proviso that TH_FIN is sent only * if all data queued for output is included in the segment. */ u_char tcp_outflags[TCP_NSTATES] = { TH_RST|TH_ACK, 0, TH_SYN, TH_SYN|TH_ACK, TH_ACK, TH_ACK, TH_FIN|TH_ACK, TH_FIN|TH_ACK, TH_FIN|TH_ACK, TH_ACK, TH_ACK, }; #endif #ifdef KPROF int tcp_acounts[TCP_NSTATES][PRU_NREQ]; #endif #ifdef TCPSTATES char *tcpstates[] = { "CLOSED", "LISTEN", "SYN_SENT", "SYN_RCVD", "ESTABLISHED", "CLOSE_WAIT", "FIN_WAIT_1", "CLOSING", "LAST_ACK", "FIN_WAIT_2", "TIME_WAIT", }; #endif #endif /*!_netinet_tcp_fsm_h*/ argus-2.0.6.fixes.1/include/linux-include/netinet/tcp_var.h0000775000076600007660000001427307143534010017302 /* @(#)tcp_var.h 1.11 88/08/19 SMI; from UCB 7.3 6/30/87 */ /* * Copyright (c) 1982, 1986 Regents of the University of California. * All rights reserved. The Berkeley software License Agreement * specifies the terms and conditions for redistribution. */ /* * Kernel variables for tcp. */ #ifndef _netinet_tcp_var_h #define _netinet_tcp_var_h /* * Tcp control block, one per tcp; fields: */ struct tcpcb { struct tcpiphdr *seg_next; /* sequencing queue */ struct tcpiphdr *seg_prev; short t_state; /* state of this connection */ short t_timer[TCPT_NTIMERS]; /* tcp timers */ short t_rxtshift; /* log(2) of rexmt exp. backoff */ short t_rxtcur; /* current retransmit value */ short t_dupacks; /* consecutive dup acks recd */ u_short t_maxseg; /* maximum segment size */ char t_force; /* 1 if forcing out a byte */ u_char t_flags; #define TF_ACKNOW 0x01 /* ack peer immediately */ #define TF_DELACK 0x02 /* ack, but try to delay it */ #define TF_NODELAY 0x04 /* don't delay packets to coalesce */ #define TF_NOOPT 0x08 /* don't use tcp options */ #define TF_SENTFIN 0x10 /* have sent FIN */ struct tcpiphdr *t_template; /* skeletal packet for transmit */ struct inpcb *t_inpcb; /* back pointer to internet pcb */ /* * The following fields are used as in the protocol specification. * See RFC783, Dec. 1981, page 21. */ /* send sequence variables */ tcp_seq snd_una; /* send unacknowledged */ tcp_seq snd_nxt; /* send next */ tcp_seq snd_up; /* send urgent pointer */ tcp_seq snd_wl1; /* window update seg seq number */ tcp_seq snd_wl2; /* window update seg ack number */ tcp_seq iss; /* initial send sequence number */ u_short snd_wnd; /* send window */ /* receive sequence variables */ u_short rcv_wnd; /* receive window */ tcp_seq rcv_nxt; /* receive next */ tcp_seq rcv_up; /* receive urgent pointer */ tcp_seq irs; /* initial receive sequence number */ /* * Additional variables for this implementation. */ /* receive variables */ tcp_seq rcv_adv; /* advertised window */ /* retransmit variables */ tcp_seq snd_max; /* highest sequence number sent * used to recognize retransmits */ /* congestion control (for slow start, source quench, retransmit after loss) */ u_short snd_cwnd; /* congestion-controlled window */ u_short snd_ssthresh; /* snd_cwnd size threshhold for * for slow start exponential to * linear switch */ /* * transmit timing stuff. * srtt and rttvar are stored as fixed point; for convenience in smoothing, * srtt has 3 bits to the right of the binary point, rttvar has 2. * "Variance" is actually smoothed difference. */ short t_idle; /* inactivity time */ short t_rtt; /* round trip time */ tcp_seq t_rtseq; /* sequence number being timed */ short t_srtt; /* smoothed round-trip time */ short t_rttvar; /* variance in round-trip time */ u_short max_rcvd; /* most peer has sent into window */ u_short max_sndwnd; /* largest window peer has offered */ /* out-of-band data */ char t_oobflags; /* have some */ char t_iobc; /* input character */ #define TCPOOB_HAVEDATA 0x01 #define TCPOOB_HADDATA 0x02 }; #define intotcpcb(ip) ((struct tcpcb *)(ip)->inp_ppcb) #define sototcpcb(so) (intotcpcb(sotoinpcb(so))) /* * TCP statistics. * Many of these should be kept per connection, * but that's inconvenient at the moment. */ struct tcpstat { u_long tcps_connattempt; /* connections initiated */ u_long tcps_accepts; /* connections accepted */ u_long tcps_connects; /* connections established */ u_long tcps_drops; /* connections dropped */ u_long tcps_conndrops; /* embryonic connections dropped */ u_long tcps_closed; /* conn. closed (includes drops) */ u_long tcps_segstimed; /* segs where we tried to get rtt */ u_long tcps_rttupdated; /* times we succeeded */ u_long tcps_delack; /* delayed acks sent */ u_long tcps_timeoutdrop; /* conn. dropped in rxmt timeout */ u_long tcps_rexmttimeo; /* retransmit timeouts */ u_long tcps_persisttimeo; /* persist timeouts */ u_long tcps_keeptimeo; /* keepalive timeouts */ u_long tcps_keepprobe; /* keepalive probes sent */ u_long tcps_keepdrops; /* connections dropped in keepalive */ u_long tcps_sndtotal; /* total packets sent */ u_long tcps_sndpack; /* data packets sent */ u_long tcps_sndbyte; /* data bytes sent */ u_long tcps_sndrexmitpack; /* data packets retransmitted */ u_long tcps_sndrexmitbyte; /* data bytes retransmitted */ u_long tcps_sndacks; /* ack-only packets sent */ u_long tcps_sndprobe; /* window probes sent */ u_long tcps_sndurg; /* packets sent with URG only */ u_long tcps_sndwinup; /* window update-only packets sent */ u_long tcps_sndctrl; /* control (SYN|FIN|RST) packets sent */ u_long tcps_rcvtotal; /* total packets received */ u_long tcps_rcvpack; /* packets received in sequence */ u_long tcps_rcvbyte; /* bytes received in sequence */ u_long tcps_rcvbadsum; /* packets received with ccksum errs */ u_long tcps_rcvbadoff; /* packets received with bad offset */ u_long tcps_rcvshort; /* packets received too short */ u_long tcps_rcvduppack; /* duplicate-only packets received */ u_long tcps_rcvdupbyte; /* duplicate-only bytes received */ u_long tcps_rcvpartduppack; /* packets with some duplicate data */ u_long tcps_rcvpartdupbyte; /* dup. bytes in part-dup. packets */ u_long tcps_rcvoopack; /* out-of-order packets received */ u_long tcps_rcvoobyte; /* out-of-order bytes received */ u_long tcps_rcvpackafterwin; /* packets with data after window */ u_long tcps_rcvbyteafterwin; /* bytes rcvd after window */ u_long tcps_rcvafterclose; /* packets rcvd after "close" */ u_long tcps_rcvwinprobe; /* rcvd window probe packets */ u_long tcps_rcvdupack; /* rcvd duplicate acks */ u_long tcps_rcvacktoomuch; /* rcvd acks for unsent data */ u_long tcps_rcvackpack; /* rcvd ack packets */ u_long tcps_rcvackbyte; /* bytes acked by rcvd acks */ u_long tcps_rcvwinupd; /* rcvd window update packets */ }; #ifdef KERNEL struct inpcb tcb; /* head of queue of active tcpcb's */ struct tcpstat tcpstat; /* tcp statistics */ struct tcpiphdr *tcp_template(); struct tcpcb *tcp_close(), *tcp_drop(); struct tcpcb *tcp_timers(), *tcp_disconnect(), *tcp_usrclosed(); #endif #ifdef sun #define TCP_COMPAT_42 #endif #endif /*!_netinet_tcp_var_h*/ argus-2.0.6.fixes.1/include/linux-include/netinet/tcpip.h0000775000076600007660000000173007143534010016755 /* @(#)tcpip.h 1.7 88/08/19 SMI; from UCB 7.1 6/5/85 */ /* * Copyright (c) 1982, 1986 Regents of the University of California. * All rights reserved. The Berkeley software License Agreement * specifies the terms and conditions for redistribution. */ /* * Tcp+ip header, after ip options removed. */ #ifndef _netinet_tcpip_h #define _netinet_tcpip_h struct tcpiphdr { struct ipovly ti_i; /* overlaid ip structure */ struct tcphdr ti_t; /* tcp header */ }; #define ti_next ti_i.ih_next #define ti_prev ti_i.ih_prev #define ti_x1 ti_i.ih_x1 #define ti_pr ti_i.ih_pr #define ti_len ti_i.ih_len #define ti_src ti_i.ih_src #define ti_dst ti_i.ih_dst #define ti_sport ti_t.th_sport #define ti_dport ti_t.th_dport #define ti_seq ti_t.th_seq #define ti_ack ti_t.th_ack #define ti_x2 ti_t.th_x2 #define ti_off ti_t.th_off #define ti_flags ti_t.th_flags #define ti_win ti_t.th_win #define ti_sum ti_t.th_sum #define ti_urp ti_t.th_urp #endif /*!_netinet_tcpip_h*/ argus-2.0.6.fixes.1/include/linux-include/netinet/udp.h0000775000076600007660000000106707143534010016431 /* @(#)udp.h 1.7 88/08/19 SMI; from UCB 7.1 6/5/86 */ /* * Copyright (c) 1982, 1986 Regents of the University of California. * All rights reserved. The Berkeley software License Agreement * specifies the terms and conditions for redistribution. */ /* * Udp protocol header. * Per RFC 768, September, 1981. */ #ifndef _netinet_udp_h #define _netinet_udp_h struct udphdr { u_short uh_sport; /* source port */ u_short uh_dport; /* destination port */ short uh_ulen; /* udp length */ u_short uh_sum; /* udp checksum */ }; #endif /*!_netinet_udp_h*/ argus-2.0.6.fixes.1/include/linux-include/netinet/udp_var.h0000775000076600007660000000201507143534010017273 /* @(#)udp_var.h 1.8 88/08/19 SMI; from UCB 7.1 6/5/86 */ /* * Copyright (c) 1982, 1986 Regents of the University of California. * All rights reserved. The Berkeley software License Agreement * specifies the terms and conditions for redistribution. */ /* * UDP kernel structures and variables. */ #ifndef _netinet_udp_var_h #define _netinet_udp_var_h struct udpiphdr { struct ipovly ui_i; /* overlaid ip structure */ struct udphdr ui_u; /* udp header */ }; #define ui_next ui_i.ih_next #define ui_prev ui_i.ih_prev #define ui_x1 ui_i.ih_x1 #define ui_pr ui_i.ih_pr #define ui_len ui_i.ih_len #define ui_src ui_i.ih_src #define ui_dst ui_i.ih_dst #define ui_sport ui_u.uh_sport #define ui_dport ui_u.uh_dport #define ui_ulen ui_u.uh_ulen #define ui_sum ui_u.uh_sum struct udpstat { int udps_hdrops; int udps_badsum; int udps_badlen; int udps_fullsock; }; #define UDP_TTL 30 /* time to live for UDP packets */ #ifdef KERNEL struct inpcb udb; struct udpstat udpstat; #endif #endif /*!_netinet_udp_var_h*/ argus-2.0.6.fixes.1/include/linux-include/protocols/0000775000076600007660000000000010044510077016120 5argus-2.0.6.fixes.1/include/linux-include/protocols/routed.h0000775000076600007660000000436307143534010017523 /* @(#)routed.h 1.9 88/08/19 SMI; from UCB 5.1 6/4/85 */ /* * Copyright (c) 1983 Regents of the University of California. * All rights reserved. The Berkeley software License Agreement * specifies the terms and conditions for redistribution. */ /* * Routing Information Protocol * * Derived from Xerox NS Routing Information Protocol * by changing 32-bit net numbers to sockaddr's and * padding stuff to 32-bit boundaries. */ #ifndef _protocols_routed_h #define _protocols_routed_h #define RIPVERSION 1 struct netinfo { struct sockaddr rip_dst; /* destination net/host */ int rip_metric; /* cost of route */ }; struct rip { u_char rip_cmd; /* request/response */ u_char rip_vers; /* protocol version # */ u_char rip_res1[2]; /* pad to 32-bit boundary */ union { struct netinfo ru_nets[1]; /* variable length... */ char ru_tracefile[1]; /* ditto ... */ } ripun; #define rip_nets ripun.ru_nets #define rip_tracefile ripun.ru_tracefile }; struct entryinfo { struct sockaddr rtu_dst; struct sockaddr rtu_router; short rtu_flags; short rtu_state; int rtu_timer; int rtu_metric; int int_flags; char int_name[16]; }; /* * Packet types. */ #define RIPCMD_REQUEST 1 /* want info - from suppliers */ #define RIPCMD_RESPONSE 2 /* responding to request */ #define RIPCMD_TRACEON 3 /* turn tracing on */ #define RIPCMD_TRACEOFF 4 /* turn it off */ #define RIPCMD_POLL 5 /* like request, but anyone answers */ #define RIPCMD_POLLENTRY 6 /* like poll, but for entire entry */ #define RIPCMD_MAX 7 #ifdef RIPCMDS char *ripcmds[RIPCMD_MAX] = { "#0", "REQUEST", "RESPONSE", "TRACEON", "TRACEOFF", "POLL", "POLLENTRY" }; #endif #define HOPCNT_INFINITY 16 /* per Xerox NS */ #define MAXPACKETSIZE 512 /* max broadcast size */ /* * Timer values used in managing the routing table. * Every update forces an entry's timer to be reset. After * EXPIRE_TIME without updates, the entry is marked invalid, * but held onto until GARBAGE_TIME so that others may * see it "be deleted". */ #define TIMER_RATE 30 /* alarm clocks every 30 seconds */ #define SUPPLY_INTERVAL 30 /* time to supply tables */ #define EXPIRE_TIME 180 /* time to mark entry invalid */ #define GARBAGE_TIME 240 /* time to garbage collect */ #endif /*!_protocols_routed_h*/ argus-2.0.6.fixes.1/include/linux-include/sys/0000775000076600007660000000000010044510077014712 5argus-2.0.6.fixes.1/include/linux-include/sys/mbuf.h0000775000076600007660000000000007143534010015724 argus-2.0.6.fixes.1/include/net/0000775000076600007660000000000010044510077012102 5argus-2.0.6.fixes.1/include/net/slcompress.h0000775000076600007660000000743207464544762014422 /* * Definitions for tcp compression routines. * * @(#) $Header: /usr/local/cvsroot/argus/include/net/slcompress.h,v 1.2 2002/05/03 17:33:38 argus Exp $ (LBL) * * Copyright (c) 1989, 1990, 1992, 1993 Regents of the University of * California. All rights reserved. * * Redistribution and use in source and binary forms are permitted * provided that the above copyright notice and this paragraph are * duplicated in all such forms and that any documentation, * advertising materials, and other materials related to such * distribution and use acknowledge that the software was developed * by the University of California, Berkeley. The name of the * University may not be used to endorse or promote products derived * from this software without specific prior written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Van Jacobson (van@ee.lbl.gov), Dec 31, 1989: * - Initial distribution. */ #define MAX_STATES 16 /* must be > 2 and < 256 */ #define MAX_HDR MLEN /* XXX 4bsd-ism: should really be 128 */ /* * Compressed packet format: * * The first octet contains the packet type (top 3 bits), TCP * 'push' bit, and flags that indicate which of the 4 TCP sequence * numbers have changed (bottom 5 bits). The next octet is a * conversation number that associates a saved IP/TCP header with * the compressed packet. The next two octets are the TCP checksum * from the original datagram. The next 0 to 15 octets are * sequence number changes, one change per bit set in the header * (there may be no changes and there are two special cases where * the receiver implicitly knows what changed -- see below). * * There are 5 numbers which can change (they are always inserted * in the following order): TCP urgent pointer, window, * acknowlegement, sequence number and IP ID. (The urgent pointer * is different from the others in that its value is sent, not the * change in value.) Since typical use of SLIP links is biased * toward small packets (see comments on MTU/MSS below), changes * use a variable length coding with one octet for numbers in the * range 1 - 255 and 3 octets (0, MSB, LSB) for numbers in the * range 256 - 65535 or 0. (If the change in sequence number or * ack is more than 65535, an uncompressed packet is sent.) */ /* * Packet types (must not conflict with IP protocol version) * * The top nibble of the first octet is the packet type. There are * three possible types: IP (not proto TCP or tcp with one of the * control flags set); uncompressed TCP (a normal IP/TCP packet but * with the 8-bit protocol field replaced by an 8-bit connection id -- * this type of packet syncs the sender & receiver); and compressed * TCP (described above). * * LSB of 4-bit field is TCP "PUSH" bit (a worthless anachronism) and * is logically part of the 4-bit "changes" field that follows. Top * three bits are actual packet type. For backward compatibility * and in the interest of conserving bits, numbers are chosen so the * IP protocol version number (4) which normally appears in this nibble * means "IP packet". */ /* packet types */ #define TYPE_IP 0x40 #define TYPE_UNCOMPRESSED_TCP 0x70 #define TYPE_COMPRESSED_TCP 0x80 #define TYPE_ERROR 0x00 /* Bits in first octet of compressed packet */ #define NEW_C 0x40 /* flag bits for what changed in a packet */ #define NEW_I 0x20 #define NEW_S 0x08 #define NEW_A 0x04 #define NEW_W 0x02 #define NEW_U 0x01 /* reserved, special-case values of above */ #define SPECIAL_I (NEW_S|NEW_W|NEW_U) /* echoed interactive traffic */ #define SPECIAL_D (NEW_S|NEW_A|NEW_W|NEW_U) /* unidirectional data */ #define SPECIALS_MASK (NEW_S|NEW_A|NEW_W|NEW_U) #define TCP_PUSH_BIT 0x10 argus-2.0.6.fixes.1/include/net/slip.h0000775000076600007660000000026107464544762013170 /* linux does not give us the link level header */ #define SLIP_HDRLEN 16 #define SLX_DIR 0 #define SLX_CHDR 1 #define CHDR_LEN 15 #define SLIPDIR_IN 0 #define SLIPDIR_OUT 1 argus-2.0.6.fixes.1/include/netbsd-include/0000775000076600007660000000000010044510077014214 5argus-2.0.6.fixes.1/include/netbsd-include/netinet/0000775000076600007660000000000010044510077015662 5argus-2.0.6.fixes.1/include/netbsd-include/netinet/rtp.h0000775000076600007660000000276107217755013016602 #ifndef _netinet_rtp_h #define _netinet_rtp_h /* RTP Upper Layer Format Numbers H.225 */ #define IPPROTO_RTP 257 #define RTP_PCMU 0 #define RTP_PCMA 8 #define RTP_G722 9 #define RTP_G723 4 #define RTP_G728 15 #define RTP_G729 18 #define RTP_H261 31 #define RTP_H263 34 /* RTP Header as defined in H.225 */ struct rtphdr { #ifdef LITTLE_ENDIAN unsigned char rh_cc:4, /* CSRC count */ rh_x:1, /* extension */ rh_p:1, /* padding */ rh_ver:2; /* version */ #else unsigned char rh_ver:2, /* version */ rh_p:1, /* padding */ rh_x:1, /* extension */ rh_cc:4; /* CSRC count */ #endif #ifdef LITTLE_ENDIAN unsigned char rh_pt:7, /* payload type */ rh_mark:1; /* marker */ #else unsigned char rh_mark:1, /* marker */ rh_pt:7; /* payload type */ #endif unsigned short rh_seq; unsigned int rh_time; unsigned int rh_ssrc; }; struct rtcphdr { #ifdef LITTLE_ENDIAN unsigned char rh_rc:5, /* report count */ rh_p:1, /* padding */ rh_ver:2; /* version */ #else unsigned char rh_ver:2, /* version */ rh_p:1, /* padding */ rh_rc:5; /* report count */ #endif unsigned char rh_pt; /* payload type */ unsigned short rh_len; unsigned int rh_ssrc; }; struct rtpexthdr { unsigned short profile, length; }; #endif /*!_netinet_rtp_h*/ argus-2.0.6.fixes.1/include/netinet/0000775000076600007660000000000010044510077012762 5argus-2.0.6.fixes.1/include/netinet/rtp.h0000775000076600007660000000276407464544762013720 #ifndef _netinet_rtp_h #define _netinet_rtp_h /* RTP Upper Layer Format Numbers H.225 */ #define IPPROTO_RTP 257 #define RTP_PCMU 0 #define RTP_PCMA 8 #define RTP_G722 9 #define RTP_G723 4 #define RTP_G728 15 #define RTP_G729 18 #define RTP_H261 31 #define RTP_H263 34 /* RTP Header as defined in H.225 */ struct rtphdr { #ifdef _LITTLE_ENDIAN unsigned char rh_cc:4, /* CSRC count */ rh_x:1, /* extension */ rh_p:1, /* padding */ rh_ver:2; /* version */ #else unsigned char rh_ver:2, /* version */ rh_p:1, /* padding */ rh_x:1, /* extension */ rh_cc:4; /* CSRC count */ #endif #ifdef _LITTLE_ENDIAN unsigned char rh_pt:7, /* payload type */ rh_mark:1; /* marker */ #else unsigned char rh_mark:1, /* marker */ rh_pt:7; /* payload type */ #endif unsigned short rh_seq; unsigned int rh_time; unsigned int rh_ssrc; }; struct rtcphdr { #ifdef _LITTLE_ENDIAN unsigned char rh_rc:5, /* report count */ rh_p:1, /* padding */ rh_ver:2; /* version */ #else unsigned char rh_ver:2, /* version */ rh_p:1, /* padding */ rh_rc:5; /* report count */ #endif unsigned char rh_pt; /* payload type */ unsigned short rh_len; unsigned int rh_ssrc; }; struct rtpexthdr { unsigned short profile, length; }; #endif /*!_netinet_rtp_h*/ argus-2.0.6.fixes.1/include/netinet/tcp_fsm.h0000775000076600007660000000401407464544762014534 /* @(#)tcp_fsm.h 1.7 88/08/19 SMI; from UCB 7.1 6/5/86 */ /* * Copyright (c) 1982, 1986 Regents of the University of California. * All rights reserved. The Berkeley software License Agreement * specifies the terms and conditions for redistribution. */ /* * TCP FSM state definitions. * Per RFC793, September, 1981. */ #ifndef _netinet_tcp_fsm_h #define _netinet_tcp_fsm_h #define TCP_NSTATES 11 #define TCPS_CLOSED 0 /* closed */ #define TCPS_LISTEN 1 /* listening for connection */ #define TCPS_SYN_SENT 2 /* active, have sent syn */ #define TCPS_SYN_RECEIVED 3 /* have send and received syn */ /* states < TCPS_ESTABLISHED are those where connections not established */ #define TCPS_ESTABLISHED 4 /* established */ #define TCPS_CLOSE_WAIT 5 /* rcvd fin, waiting for close */ /* states > TCPS_CLOSE_WAIT are those where user has closed */ #define TCPS_FIN_WAIT_1 6 /* have closed, sent fin */ #define TCPS_CLOSING 7 /* closed xchd FIN; await FIN ACK */ #define TCPS_LAST_ACK 8 /* had fin and close; await FIN ACK */ /* states > TCPS_CLOSE_WAIT && < TCPS_FIN_WAIT_2 await ACK of FIN */ #define TCPS_FIN_WAIT_2 9 /* have closed, fin is acked */ #define TCPS_TIME_WAIT 10 /* in 2*msl quiet wait after close */ #define TCPS_HAVERCVDSYN(s) ((s) >= TCPS_SYN_RECEIVED) #define TCPS_HAVERCVDFIN(s) ((s) >= TCPS_TIME_WAIT) #ifdef TCPOUTFLAGS /* * Flags used when sending segments in tcp_output. * Basic flags (TH_RST,TH_ACK,TH_SYN,TH_FIN) are totally * determined by state, with the proviso that TH_FIN is sent only * if all data queued for output is included in the segment. */ u_char tcp_outflags[TCP_NSTATES] = { TH_RST|TH_ACK, 0, TH_SYN, TH_SYN|TH_ACK, TH_ACK, TH_ACK, TH_FIN|TH_ACK, TH_FIN|TH_ACK, TH_FIN|TH_ACK, TH_ACK, TH_ACK, }; #endif #ifdef KPROF int tcp_acounts[TCP_NSTATES][PRU_NREQ]; #endif #ifdef TCPSTATES char *tcpstates[] = { "CLOSED", "LISTEN", "SYN_SENT", "SYN_RCVD", "ESTABLISHED", "CLOSE_WAIT", "FIN_WAIT_1", "CLOSING", "LAST_ACK", "FIN_WAIT_2", "TIME_WAIT", }; #endif #endif /*!_netinet_tcp_fsm_h*/ argus-2.0.6.fixes.1/lib/0000775000076600007660000000000010047733611010443 5argus-2.0.6.fixes.1/lib/argus.spec0000664000076600007660000000405210046174006012355 %define ver 2.0 %define rel 6 Summary: Argus Network Auditing Software Name: argus Version: %ver Release: %rel Copyright: QoSient LLC 2000-2004 Group: Applications/Internet Source0: ftp://ftp.qosient.com/pub/argus/argus-%{ver}.%{rel}.tar.gz URL: http://qosient.com/argus %description Argus (Audit Record Generation and Utilization System) is an IP network transaction auditing tool. The data generated by argus can be used for a wide range of tasks such as network operations, security and performance management. %define argusdir /usr/local %define arguslog /var/log/argus %define argusdocs /usr/share/doc/argus-%{ver} %define argusdata %{argusdir}/argus %define argusbin %{argusdir}/bin %define argussbin %{argusdir}/sbin %prep %setup -n %{name}-%{ver}.%{rel} %build %configure --prefix=/usr make mkdir -p %{argusdir} mkdir -p %{argusbin} mkdir -p %{argusdocs} mkdir -p %{argusdata} mkdir -p %{argusdata}/archive mkdir -p %{argussbin} mkdir -p %{arguslog} cp -Rp support %{argusdocs} cp -Rp doc/* %{argusdocs} install -m 0444 -o root -g root README %{argusdata} install -m 0444 -o root -g root COPYING %{argusdata} install -m 0555 -o root -g root bin/argusbug %{argusbin} install -m 0555 -o root -g root bin/argus_* %{argussbin}/argus install -m 0444 -o root -g root man/man5/* %{_mandir}/man5/ install -m 0444 -o root -g root man/man8/* %{_mandir}/man8/ install -C -m 0600 -o root -g root support/Config/argus.conf /etc/argus.conf install -m 0755 -o root -g root support/Startup/argus /etc/rc.d/init.d/argus install -m 0755 -o root -g root support/Archive/argusarchive %{argusbin}/argusarchive %post /sbin/chkconfig --add argus %preun if [ "$1" = 0 ] ; then service argus stop >/dev/null 2>&1 /sbin/chkconfig --del argus fi %postun if [ "$1" -ge "1" ]; then service argus condrestart >/dev/null 2>&1 fi %files %defattr(-,root,root) %{argussbin}/argus %{argusbin}/argusarchive %{argusbin}/argusbug %{argusdata} %doc %{argusdocs} %{_mandir}/man5/argus.5 %{_mandir}/man5/argus.conf.5 %{_mandir}/man8/argus.8 /var/log/argus /etc/rc.d/init.d/argus %config /etc/argus.conf argus-2.0.6.fixes.1/man/0000775000076600007660000000000010044510077010444 5argus-2.0.6.fixes.1/man/man1/0000775000076600007660000000000010044510077011300 5argus-2.0.6.fixes.1/man/man5/0000775000076600007660000000000010046170512011302 5argus-2.0.6.fixes.1/man/man5/argus.50000775000076600007660000001132010046170461012434 .\" .\" Copyright (c) 2000-2004 QoSient, LLC .\" All rights reserved. .\" .\" This program is free software; you can redistribute it and/or modify .\" it under the terms of the GNU General Public License as published by .\" the Free Software Foundation; either version 2, or (at your option) .\" any later version. .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ .\" .\" .\" .TH ARGUS 5 "23 June 2000" .SH NAME \fBargus\fP \- IP Network Auditing Facility .SH COPYRIGHT Copyright (c) 2000-2004 QoSient. All rights reserved. .SH SYNOPSIS .nf \fB#include <[argus_dir]/include/argus_def.h>\fP \fB#include <[argus_dir]/include/argus_out.h>\fP .fi .SH DESCRIPTION The format of the .BR argus (8) data stream is most succinctly described through the structures defined in the header file, but the general format is as follows: .LP .RS .ft B Argus File Format: Argus_Datum Initial_Management_Record Argus_Datum . . Argus_Datum Management_Statistics Argus_Datum . . .ft .fi .RE .sp where the individual data fields are defined as follows: .LP .RS .fi .nf struct \fBArgusRecord\fP { unsigned char \fBtype\fP, \fBcause\fP; unsigned short \fBlength\fP; unsigned int \fBstatus\fP; unsigned int \fBargusid\fP; unsigned int \fBseqNumber\fP; union { struct \fBArgusMarStruct\fP \fBmar\fP; struct \fBArgusFarStruct\fP \fBfar\fP; } ar_union; }; struct \fBArgusMarStruct\fP { struct timeval \fBstartime\fP, \fBnow\fP; unsigned char \fBmajor_version\fP, \fBminor_version\fP; unsigned char \fBinterfaceType\fP, \fBinterfaceStatus\fP; unsigned short \fBreportInterval\fP, \fBargusMrInterval\fP; unsigned int \fBargusid\fP, \fBlocalnet\fP, \fBnetmask\fP, \fBnextMrSequenceNum\fP; unsigned long long \fBpktsRcvd\fP, \fBbytesRcvd\fP; unsigned int \fBpktsDrop\fP, \fBflows\fP, \fBflowsClosed\fP; unsigned int \fBactIPcons\fP, \fBcloIPcons\fP; unsigned int \fBactICMPcons\fP, \fBcloICMPcons\fP; unsigned int \fBactIGMPcons\fP, \fBcloIGMPcons\fP; unsigned int \fBactFRAGcons\fP, \fBcloFRAGcons\fP; unsigned int \fBactSECcons\fP, \fBcloSECcons\fP; int \fBrecord_len\fP; }; struct \fBArgusFarStruct\fP { unsigned char \fBtype\fP, \fBlength\fP; unsigned short \fBstatus\fP; unsigned int \fBArgusTransRefNum\fP; struct \fBArgusTimeDesc\fP \fBtime\fP; struct \fBArgusFlow\fP \fBflow\fP; struct \fBArgusAttributes\fP \fBattr\fP; struct \fBArgusMeter\fP \fBsrc\fP, \fBdst\fP; }; struct \fBArgusTimeDesc\fP { struct timeval \fBstart\fP; struct timeval \fBlast\fP; }; struct \fBArgusFlow\fP { union { struct \fBArgusIPFlow\fP \fBip\fP; struct \fBArgusICMPFlow\fP \fBicmp\fP; struct \fBArgusMACFlow\fP \fBmac\fP; struct \fBArgusArpFlow\fP \fBarp\fP; struct \fBArgusRarpFlow\fP \fBrarp\fP; struct \fBArgusESPFlow\fP \fBesp\fP; } flow_union; }; struct \fBArgusIPAttributes\fP { unsigned short \fBsoptions\fP, \fBdoptions\fP; unsigned char \fBsttl\fP, \fBdttl\fP; unsigned char \fBstos\fP, \fBdtos\fP; }; struct \fBArgusARPAttributes\fP { unsigned char \fBresponse[8]\fP; }; struct \fBArgusAttributes\fP { union { struct \fBArgusIPAttributes\fP ip; struct \fBArgusARPAttributes\fP arp; } attr_union; }; struct \fBArgusMeter\fP { unsigned int \fBcount\fP, \fBbytes\fP, \fBappbytes\fP; }; struct \fBArgusIPFlow\fP { unsigned int \fBip_src\fP, \fBip_dst\fP; unsigned char \fBip_p\fP, \fBtp_p\fP; unsigned short \fBsport\fP, \fBdport\fP; unsigned short \fBip_id\fP; }; struct \fBArgusICMPFlow\fP { unsigned int \fBip_src\fP, \fBip_dst\fP; unsigned char \fBip_p\fP, \fBtp_p\fP; unsigned char \fBtype\fP, \fBcode\fP; unsigned short \fBid\fP, \fBip_id\fP; }; struct \fBArgusMACFlow\fP { struct ether_header \fBehdr\fP; unsigned char \fBdsap\fP, \fBssap\fP; }; struct \fBArgusArpFlow\fP { unsigned int \fBarp_spa\fP; unsigned int \fBarp_tpa\fP; unsigned char \fBetheraddr[6]\fP; unsigned short \fBpad\fP; }; struct \fBArgusRarpFlow\fP { unsigned int \fBarp_tpa\fP; unsigned char \fBsrceaddr[6]\fP; unsigned char \fBtareaddr[6]\fP; }; struct \fBArgusESPFlow\fP { unsigned int \fBip_src\fP, \fBip_dst\fP; unsigned char \fBip_p\fP, \fBtp_p\fP; unsigned short \fBpad\fP; unsigned int \fBspi\fP; }; .fi .RE .SH SEE ALSO .BR argus (8), argus-2.0.6.fixes.1/man/man5/argus.conf.50000775000076600007660000002275410046170512013372 .\" .\" Copyright (c) 2000-2004 QoSient, LLC .\" All rights reserved. .\" .\" This program is free software; you can redistribute it and/or modify .\" it under the terms of the GNU General Public License as published by .\" the Free Software Foundation; either version 2, or (at your option) .\" any later version. .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ .\" .\" .\" .TH ARGUS.CONF 5 "07 November 2000" .SH NAME \fBargus.conf\fP \- \fBargus\fP resource file. .SH SYNOPSIS .B argus.conf .SH COPYRIGHT Copyright (c) 2000-2004 QoSient. All rights reserved. .SH DESCRIPTION Argus will open this argus.conf if its installed as /etc/argus.conf. It will also search for this file as argus.conf in directories specified in $ARGUSPATH, or $ARGUSHOME, $ARGUSHOME/lib, or $HOME, $HOME/lib, and parse it to set common configuration options. All values in this file can be overriden by command line options, or other files of this format that can be read in using the -F option. .SH Variable Syntax Variable assignments must be of the form: .nf VARIABLE= .fi with no white space between the VARIABLE and the '=' sign. Quotes are optional for string arguments, but if you want to embed comments, then quotes are required. .SH ARGUS_DAEMON Argus is capable of running as a daemon, doing all the right things that daemons do. When this configuration is used for the system daemon process, say for /etc/argus.conf, this variable should be set to "yes". The default value is to not run as a daemon. This example is to support the ./support/Startup/argus script which requires that this variable be set to "yes". Commandline equivalent -d \fBARGUS_DAEMON=\fPyes .SH ARGUS_MONITOR_ID Argus Monitor Data is uniquely identifiable based on the source identifier that is included in each output record. This is to allow you to work with Argus Data from multiple monitors at the same time. The ID is 32 bits long, and so legitimate values are 0 - 4294967296 but argus also supports IP addresses as values. The configuration allows for you to use host names, however, do have some understanding how `hostname` will be resolved by the nameserver before commiting to this strategy completely. Commandline equivalent -e \fBARGUS_MONITOR_ID\fP=`hostname` .SH ARGUS_ACCESS_PORT Argus monitors can provide a real-time remote access port for collecting Argus data. This is a TCP based port service and the default port number is tcp/561, the "experimental monitor" service. This feature is disabled by default, and can be forced off by setting it to zero (0). When you do want to enable this service, 561 is a good choice, as all ra* clients are configured to try this port by default. Commandline equivalent -P \fBARGUS_ACCESS_PORT=\fP561 .SH ARGUS_BIND_IP When remote access is enabled (see above), you can specify that Argus should bind only to a specific IP address. This is useful, for example, in restricting access to the local host, or binding to a private interface while capturing from another. The default is to bind to any IP address. Commandline equivalent -B \fBARGUS_BIND_IP=\fP"127.0.0.1" .SH ARGUS_INTERFACE By default, Argus will open the first appropriate interface on a system that it encounters. For systems that have only one network interface, this is a reasonable thing to do. But, when there are more than one suitable interface, you should specify which interface(s) Argus should read data from. Argus can read packets from multiple interfaces at the same time, although this is limited to 2 interfaces at this time. Specify this in this file with multiple ARGUS_INTERFACE directives. Commandline equivalent -i \fBARGUS_INTERFACE=\fPle0 .SH ARGUS_OUTPUT_FILE Argus can write its output to one or a number of files, default limit is 5 concurrent files, each with their own independant filters. The format is: .nf ARGUS_OUTPUT_FILE=/full/path/file/name ARGUS_OUTPUT_FILE=/full/path/file/name "filter" .fi Most sites will have argus write to a file, for reliablity and performance. The example file name is used here as supporting programs, such as ./support/Archive/argusarchive are configured to use this file. Commandline equivalent -w \fBARGUS_OUTPUT_FILE=\fP/var/log/argus/argus.out .SH ARGUS_MAX_INSTANCES There can be any number of Argus Monitors running on a single system. While this is a blessing for some, this does cause some confusion in traditonal system administration tasks, such as pid file creation and failure recover methods. If you plan on having a more than one argus daemon running on your system, say, monitoring different interfaces, then set this variable to the number of daemons you expect to support. Commandline equivalent -I \fBARGUS_MAX_INSTANCES=\fP1 .SH ARGUS_SET_PID When Argus is configured to run as a daemon, with the -d option, Argus can store its pid in a file, to aid in managing the running daemon. Creating a system pid file requires priviledges that may not be appropriate for all cases. To assist in managing pid file creation and support, argus When configured to generate a pid file, if Argus cannot create the pid file, it will fail to run. This variable is available to override the default, in case this gets in your way. The default value is to generate a pid in /var/run if it exists, and if not in $ARGUSHOME. Commandline equivalent -c \fBARGUS_SET_PID=\fPyes .SH ARGUS_PID_FILENAME Argus has a mechanism for generating pid filenames, but in some circumstances, being able to specify the pid filename is required due to permission restriction or just out of convenience. If this file exists, argus will read the pid that the file contains, and test if that process is running. If not, the old pid is replaced, and argus continues to run. When this variable is set, argus assumes "-I 1" and "-c". Commandline equivalent -n \fBARGUS_PID_FILENAME\fP=/var/run/argus.pid .SH ARGUS_GO_PROMISCUOUS By default, Argus will put its interface in promiscuous mode in order to monitor all the traffic that can be collected. This can put an undo load on systems. If the intent is to monitor only the network activity of the specific system, say to measure the performance of an HTTP service or DNS service, you'll want to turn promiscuous mode off. The default value is go into prmiscuous mode. Commandline equivalent -p \fBARGUS_GO_PROMISCUOUS=\fPyes .SH ARGUS_FLOW_STATUS_INTERVAL Argus will periodically report on a flow's activity every ARGUS_FLOW_STATUS_INTERVAL seconds, as long as there is new activity on the flow. This is so that you can get a view into the activity of very long lived flows. The default is 60 seconds, but this number may be too low or too high depending on your uses. The default value is 60 seconds, but argus does support a minimum value of 1. This is very useful for doing measurements in a controlled experimental environment where the number of flows is < 1000. Commandline equivalent -S \fBARGUS_FLOW_STATUS_INTERVAL=\fP60 .SH ARGUS_MAR_STATUS_INTERVAL Argus will periodically report on a its own health, providing interface status, total packet and bytes counts, packet drop rates, and flow oriented statistics. These records can be used as "keep alives" for periods when there is no network traffic to be monitored. The default value is 300 seconds, but a value of 60 seconds is very common. Commandline equivalent -M \fBARGUS_MAR_STATUS_INTERVAL=\fP300 .SH ARGUS_DEBUG_LEVEL If compiled to support this option, Argus is capable of generating a lot of debug information. The default value is zero (0). Commandline equivalent -D \fBARGUS_DEBUG_LEVEL=\fP0 .SH ARGUS_GENERATE_RESPONSE_TIME_DATA Argus can be configured to report on flows in a manner than provides the best information for calculating application reponse times and network round trip times. The default value is to not generate this data. Commandline equivalent -R \fBARGUS_GENERATE_RESPONSE_TIME_DATA=\fPno .SH ARGUS_GENERATE_JITTER_DATA Argus can be configured to generate packet jitter information on a per flow basis. The default value is to not generate this data. Commandline equivalent -J \fBARGUS_GENERATE_JITTER_DATA=\fPno .SH ARGUS_GENERATE_MAC_DATA Argus can be configured to not provide MAC addresses in it audit data. This is available if MAC address tracking and audit is not a requirement. The default value is to not generate this data. Commandline equivalent -m \fBARGUS_GENERATE_MAC_DATA=\fPno .SH ARGUS_CAPTURE_DATA_LEN Argus can be configured to capture a number of user data bytes from the packet stream. The default value is to not generate this data. Commandline equivalent -U \fBARGUS_CAPTURE_DATA_LEN=\fP0 .SH ARGUS_FILTER_OPTIMIZER Argus uses the packet filter capabilities of libpcap. If there is a need to not use the libpcap filter optimizer, you can turn it off here. The default is to leave it on. Commandline equivalent -O \fBARGUS_FILTER_OPTIMIZER=\fPyes .SH ARGUS_FILTER You can provide a filter expression here, if you like. It should be limited to 2K in length. The default is to not filter. No Commandline equivalent \fBARGUS_FILTER=\fP"" .RE .SH SEE ALSO .BR argus (8) argus-2.0.6.fixes.1/man/man8/0000775000076600007660000000000010046170443011310 5argus-2.0.6.fixes.1/man/man8/argus.80000775000076600007660000002101310046170443012442 .\" .\" Copyright (c) 2000-2004 QoSient, LLC .\" All rights reserved. .\" .\" This program is free software; you can redistribute it and/or modify .\" it under the terms of the GNU General Public License as published by .\" the Free Software Foundation; either version 2, or (at your option) .\" any later version. .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ .\" .\" .\" .TH ARGUS 8 "10 November 2000" .SH NAME argus \- audit record generation and utilization system .SH SYNOPSIS .B argus [ .B options ] [ .B filter expression ] .SH COPYRIGHT Copyright (c) 2000-2004 QoSient, LLC All rights reserved. .SH DESCRIPTION .IX "argus command" "" "\fLargus\fP \(em Internet audit facility" .IX servers argus "" "\fLargus\fP \(em Internet audit facility" .LP .B Argus is an IP transaction auditing tool that categorizes IP packets which match the boolean .I expression into a protocol-specific network transaction model. .B Argus reports on the transactions that it discovers, as they occur. .LP Designed to run as a daemon, .B argus generally reads packets directly from a network interface, and writes the transaction status information to a log file or open socket connected to an .B argus client (such as .BR ra(1) ). .B Argus can also read packet information from .B tcpdump(1) , .B snoop(1) or .B NLANR's Moat Time Sequence Header raw packet files. \fBArgus\fP can also be configured to write its transaction logs to stdout. .LP .B Argus provides access control for its socket connection facility using .B tcp_wrapper technology. Please refer to the \fBtcp_wrapper\fP distribution for a complete description. .SH OPTIONS .TP 5 5 .B \-b Dump the compiled packet-matching code to stdout and stop. This is used to debug filter expressions. .TP 5 5 .B \-B Only bind to the specified IP address (remote access must be enabled by a non-zero port). .TP 5 5 .BI \-c Generate system pid file. This will cause argus to create a pid file that can be used to control the number of argi running on a system. The default pid file directory is /var/run, and $ARGUSHOME, when the OS does not suppor /var/run. .TP 5 5 .BI \-d Run argus as a daemon. This will cause argus to do the things that Unix daemons do and return, if there were no errors, with argus running as a detached process. .TP 5 5 .BI \-D Print debug messages to stderr. The higher the \fB\fP the more information printed. Acceptable levels are 1-8. .TP 5 5 .BI \-e Specify the source identifier for this \fBargus\fP. Acceptable values are numbers, hostnames or ip address. .TP 5 5 .B \-h Print an explanation of all the arguments. .TP 5 5 .B \-F Use \fIconffile\fP as a source of configuration information. Options set in this file override any other specification, and so this is the last word on option values. .TP 5 5 .BI \-I Specify the \fB\fP of instances that are concurrently allowed. The default is 1. This is impacts the pid file strategy for argus. .TP 5 5 .BI \-i Specify the physical network \fB\fP to be audited. The default is the first network interface that is up and running. .TP 5 5 .BI \-J\ Generate packet peformance data in each audit record. .TP 5 5 .B \-M Specify the interval in of argus status records. These records are used to report the internal status of argus itself. The default is 300 seconds. .TP 5 5 .B \-m Don't provide MAC addresses information in \fBargus\fP records. .TP 5 5 .B \-n Specify the pid file directory. This overrides the default directory location, which is /var/run, or $ARGUSHOME if /var/run is not available. This switch implies the -c switch. .TP 5 5 .B \-O Turn off Berkeley Packet Filter optimizer. No reason to do this unless you think the optimizer generates bad code. .TP 5 5 .B \-p Do not set the physical network interface in promiscuous mode. If the interface is already in promiscuous mode, this option may have no effect. Do this to audit only the traffic coming to and from the system argus is running on. .TP 5 5 .BI \-P Specifies the \fB\fP for remote client connection. The default is to not support remote access. Setting the value to zero (0) will forceably turn off the facility. .TP 5 5 .B \-r Read from .B tcpdump(1) , .B snoop(1) or .B NLANR's Moat Time Sequence Header (tsh) packet capture files. If the packet capture file is a \fBtsh\fP format file, then the \fB-t\fP option must also be used. Argus will read from only one input packet file at a time. If the .B \-r option is specified, .B argus will not put down a .B listen(2) to support remote access. .TP 5 5 .BI \-R Generate argus records such that response times can be derived from transaction data. .TP 5 5 .B \-S Specify the status reporting interval in for all traffic flows. .TP 5 5 .B \-t Indicate that the expected packet capture input file is a .B NLANR's Moat Time Sequence Header (tsh) packet capture file. .TP 5 5 .B \-U Specify the number of user bytes to capture. .TP 5 5 .B \-w /dev/null else echo "argus data file $ARGUSDATA/$DATAFILE not found" exit fi if [ -f $ARCHIVE.tmp ]; then # $RAGATOR -VRr $ARCHIVE.tmp -w - | $RASORT -w $ARCHIVE $RASORT -r $ARCHIVE.tmp -w $ARCHIVE else echo "argus data file not moved." exit fi if [ -f $ARCHIVE ]; then rm -f $ARCHIVE.tmp $COMPRESSOR $ARCHIVE else echo "argus data file not moved." exit fi if [ -f $ARCHIVEZIP ]; then ARCHIVESTR=$ARCHIVEZIP else ARCHIVESTR=$ARCHIVE fi mv $ARCHIVESTR $ARGUSARCHIVE if [ ! -f $ARGUSARCHIVE/$ARCHIVESTR ]; then echo "storing compressed argus data file failed" echo "leaving as $ARCHIVESTR" fi argus-2.0.6.fixes.1/support/Config/0000775000076600007660000000000010046177104012614 5argus-2.0.6.fixes.1/support/Config/argus.conf0000775000076600007660000002253110046176711014535 # # Copyright (c) 2000-2004 QoSient, LLC # All rights reserved. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ # # # Example argus.conf # # Argus will open this argus.conf if its installed as /etc/argus.conf. # It will also search for this file as argus.conf in directories # specified in $ARGUSPATH, or $ARGUSHOME, $ARGUSHOME/lib, # or $HOME, $HOME/lib, and parse it to set common configuration # options. All values in this file can be overriden by command # line options, or other files of this format that can be read in # using the -F option. # # # Variable Syntax # # Variable assignments must be of the form: # # VARIABLE= # # with no white space between the VARIABLE and the '=' sign. # Quotes are optional for string arguements, but if you want # to embed comments, then quotes are required. # # # Variable Explanations # # Argus is capable of running as a daemon, doing all the right things # that daemons do. When this configuration is used for the system # daemon process, say for /etc/argus.conf, this variable should be # set to "yes". # # The default value is to not run as a daemon. # # This example is to support the ./support/Startup/argus script # which requires that this variable be set to "yes". # # Commandline equivalent -d # ARGUS_DAEMON=yes # There can be any number of Argus Monitors running on a single # system. While this is a blessing for some, this does cause # some confusion in traditonal system administration tasks, such # as pid file creation and failure recover methods. If you plan # on having a more than one argus daemon running on your system, # say, monitoring different interfaces, then set this variable to # the number of daemons you expect to support. # # Commandline equivalent -I # ARGUS_MAX_INSTANCES=1 # When Argus is configured to run as a daemon, with the -d # option, Argus can store its pid in a file, to aid in # managing the running daemon. Creating a system pid file # requires priviledges that may not be appropriate # for all cases. To assist in managing pid file creation # and support, argus # # When configured to generate a pid file, if Argus cannot # create the pid file, it will fail to run. This variable # is available to override the default, in case this gets # in your way. # # The default value is to generate a pid in /var/run if it # exists, and if not in $ARGUSHOME. # # Commandline equivalent -c ARGUS_SET_PID=yes # You can specify an alternate pid file than the default. # The default strategy is to generate a pid in /var/run if it # exists, and if not in $ARGUSHOME, using the structure, # program_name.pid. If the ARGUS_MAX_INTERFACES is > 1, then # the default pid filename takes on the structure, # program_name.dev.instance.pid. By setting this variable, # ARGUS_SET_PID=yes and ARGUS_MAX_INSTANCES=1 are implied. # # Commandline equivalent -n [pid_file] ARGUS_PID_FILENAME=/var/run/argus.pid # Argus Monitor Data is uniquely identifiable based on the source # identifier that is included in each output record. This is to # allow you to work with Argus Data from multiple monitors at the # same time. The ID is 32 bits long, and so legitimate values are # 0 - 4294967296 but argus also supports IP addresses as values. # The configuration allows for you to use host names, however, do # have some understanding how `hostname` will be resolved by the # nameserver before commiting to this strategy completely. # # Commandline equivalent -e # ARGUS_MONITOR_ID=`hostname` # Argus monitors can provide a real-time remote access port # for collecting Argus data. This is a TCP based port service and # the default port number is tcp/561, the "experimental monitor" # service. This feature is disabled by default, and can be forced # off by setting it to zero (0). # # When you do want to enable this service, 561 is a good choice, # as all ra* clients are configured to try this port by default. # # Commandline equivalent -P # #ARGUS_ACCESS_PORT=561 # When remote access is enabled (see above), you can specify that Argus # should bind only to a specific IP address. This is useful, for example, # in restricting access to the local host, or binding to a private # interface while capturing from another. The default is to bind to any # IP address. # # Commandline equivalent -B # #ARGUS_BIND_IP="127.0.0.1" # By default, Argus will open the first appropriate interface on a # system that it encounters. For systems that have only one network # interface, this is a reasonable thing to do. But, when there are # more than one suitable interface, you should specify which # interface(s) Argus should read data from. # # Argus can read packets from multiple interfaces at the same time, # although this is limited to 2 interfaces at this time. Specify # this in this file with multiple ARGUS_INTERFACE directives. # # Commandline equivalent -i # #ARGUS_INTERFACE= # # Argus can write its output to one or a number of files, # default limit is 5 concurrent files, each with their own # independant filters. # # The format is: # ARGUS_OUTPUT_FILE=/full/path/file/name # ARGUS_OUTPUT_FILE=/full/path/file/name "filter" # # Most sites will have argus write to a file, for reliablity # and performance. The example file name is used here as # supporting programs, such as ./support/Archive/argusarchive # are configured to use this file. # # Commandline equivalent -w # #ARGUS_OUTPUT_FILE=/var/log/argus/argus.out # By default, Argus will put its interface in promiscuous mode # in order to monitor all the traffic that can be collected. # This can put an undo load on systems. # If the intent is to monitor only the network activity of # the specific system, say to measure the performance of # an HTTP service or DNS service, you'll want to turn # promiscuous mode off. # # The default value is go into prmiscuous mode. # # Commandline equivalent -p # ARGUS_GO_PROMISCUOUS=yes # Argus will periodically report on a flow's activity every # ARGUS_FLOW_STATUS_INTERVAL seconds, as long as there is # new activity on the flow. This is so that you can get a # view into the activity of very long lived flows. The default # is 60 seconds, but this number may be too low or too high # depending on your uses. # # The default value is 60 seconds, but argus does support # a minimum value of 1. This is very useful for doing # measurements in a controlled experimental environment # where the number of flows is < 1000. # # Commandline equivalent -S # ARGUS_FLOW_STATUS_INTERVAL=60 # Argus will periodically report on a its own health, providing # interface status, total packet and bytes counts, packet drop # rates, and flow oriented statistics. # # These records can be used as "keep alives" for periods when # there is no network traffic to be monitored. # # The default value is 300 seconds, but a value of 60 seconds is # very common. # # Commandline equivalent -M # ARGUS_MAR_STATUS_INTERVAL=300 # If compiled to support this option, Argus is capable of # generating a lot of debug information. # # The default value is zero (0). # # Commandline equivalent -D # #ARGUS_DEBUG_LEVEL=0 # Argus can be configured to report on flows in a manner than # provides the best information for calculating application # reponse times and network round trip times. # # The default value is to not generate this data. # # Commandline equivalent -R # ARGUS_GENERATE_RESPONSE_TIME_DATA=no # Argus can be configured to generate packet jitter information # on a per flow basis. The default value is to not generate # this data. # # Commandline equivalent -J # ARGUS_GENERATE_JITTER_DATA=no # Argus can be configured to not provide MAC addresses in # it audit data. This is available if MAC address tracking # and audit is not a requirement. # # The default value is to not generate this data. # # Commandline equivalent -m # ARGUS_GENERATE_MAC_DATA=no # Argus can be configured to capture a number of user data # bytes from the packet stream. # # The default value is to not generate this data. # # Commandline equivalent -U # ARGUS_CAPTURE_DATA_LEN=0 # Argus uses the packet filter capabilities of libpcap. If # there is a need to not use the libpcap filter optimizer, # you can turn it off here. The default is to leave it on. # # Commandline equivalent -O # ARGUS_FILTER_OPTIMIZER=yes # You can provide a filter expression here, if you like. # It should be limited to 2K in length. The default is to # not filter. # # No Commandline equivalent # ARGUS_FILTER="" # Argus allows you to capture packets in tcpdump() format # if the source of the packets is a tcpdump() formatted # file or live packet source. # # Specify the path to the packet capture file here. # #ARGUS_PACKET_CAPTURE_FILE="/var/log/argus/packet.out" argus-2.0.6.fixes.1/support/Deployment/0000775000076600007660000000000010046176757013544 5argus-2.0.6.fixes.1/support/Deployment/sample0000775000076600007660000000760710046176756014704 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ * */ Example Argus Deployment and Functional Configuration We describe two working Argus configurations. All the IP network addresses have been changed to protect the innocent. The first and simplest configuration, the Argus daemon is run from a host with a single network interface, and logs data directly to disk. With this configuration, one may also connect directly to the auditing host and collect data remotely in real time (see ra(1) using the -S option). Steps should be taken to harden this host with respect to security to insure the integrity of the Argus data. This is a typical configuration for auditing on trusted internal networks segments. Note: due to a bug on Sun OS 4.X and the SNIT interface, no datagrams sent from the auditing host will not be detected. In order to avoid confusion, in this configuration we recommend that you filter packets involving the Argus host on the argus command line. The second example configuration can be used to verify a network firewall service policy for intrusion detection. In this configuration, the auditing host is stripped of all non-essential network services, hardened with respect to security and an given an additional network interface. This extra interface is attached directly to the firewall network and assigned the IP address of 0.0.0.0, so that it cannot be accessed by any external hosts located outside the firewall. Also, the auditing host does not have a default route, and has IP forwarding turned off in the kernel. The following is an example of this configuration: | ----------- | Internet| | Gateway | ----------- Firewall Network | 10.1.1.1 |--------------------------------------------| | 10.1.1.2 | 0.0.0.0 ----------- ----------- | Gateway | | Argus | | | | Host | ----------- ----------- | 192.0.0.1 | 192.0.0.2 |--------------------------------------------| Internal Network Note: since the primary interface of the Argus host (192.0.0.2) is attached directly to the internal network, we restrict the Argus host to routing only to the internal network for security purposes. In both configurations, the Argus daemon is started from rc.local, i.e., if [ -f /usr/argus/bin/argus_snit ]; then /usr/argus/bin/argus_snit -w /usr/argus/argus.file & echo -n ' Argus' fi When the Argus daemon reports a network transaction or an event, it opens the file, writes the data, then closes. Hence since the Unix mv(1) command is autonomous, the Argus file can simply be moved to an archive directory for archival purposes, and the original file will continue to be created without dropping data. I.e. this is an example of a script run from cron(8) to move the file to an archive directory hourly, mv /usr/argus/argus.file /usr/argus/archive/argus.`date +%m.%d.%H`:00 argus-2.0.6.fixes.1/support/Startup/0000775000076600007660000000000010046176772013063 5argus-2.0.6.fixes.1/support/Startup/README0000664000076600007660000000335710046176772013673 /* * Copyright (c) 2000-2004 QoSient, LLC * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ * */ The script is intended to manage the start/stopping of the Argus daemon both during system boot as well as in normal operation. The script takes one of four arguments, start, stop, restart and status. If /etc/argus.conf is not found, it runs Argus with some assumptions about the system configuration and logs to /var/argus/argus.file. For installation on Linux: Edit the PATH variable in the script to the directory argus is located in. Then, install the script in /etc/rc.d/init.d. After this if your system supports the chkconfig() utility, you can use that to install argus and the have it start argus when the system boots. # cp argus /etc/rc.d/init.d # chkconfig --add argus # chkconfig --level 2345 argus on If your system doesn't have chkconfig(), then simply create a link to the /etc/rc.d/init.d/argus file in the run level that you want argus to run in. Most systems will have this as run level 3. # cd /etc/rc.d/rc3.d # ln -s ../init.d/argus argus argus-2.0.6.fixes.1/support/Startup/argus0000664000076600007660000000535210046176761014052 #!/bin/sh # # Copyright (c) 2000-2004 QoSient, LLC # All rights reserved. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ # # # argus This shell script takes care of starting and stopping # argus. # # chkconfig: 2345 55 45 # description: argus-2.0 generates network transaction audit records. # processname: argus # config: /etc/argus.conf # # The assumption here is that /etc/argus.conf specifies ARGUS_DAEMON=yes. # If not the system will hang running argus. If this is not set, change # "daemon argus" below to "daemon argus -d" # # Source function library. if [ -f /etc/init.d/functions ]; then . /etc/init.d/functions else if [ -f /etc/rc.d/init.d/functions ]; then . /etc/init.d/functions fi fi # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ ${NETWORKING} = "no" ] && exit 1 # Set argus path by defining $ARGUSHOME for this script. # If argus was installed in another way, modify PATH to # include the directory where the argus binary was installed. ARGUSDIR=/usr/local/sbin ARGUSHOME=$ARGUSDIR export PATH=$ARGUSHOME:$PATH [ -f $ARGUSHOME/argus ] || exit 1 RETVAL=0 start() { # Start daemons. echo -n "Starting argus: " if [ ! -e /etc/argus.conf ] then if [ ! -d /var/log/argus ] then mkdir /var/log/argus fi argus -de `hostname` -w /var/log/argus/argus.out \ > /dev/null 2>&1 RETVAL=$? else argus -d > /dev/null 2>&1 && success || failure RETVAL=$? fi [ $RETVAL -eq 0 ] && touch /var/lock/subsys/argus echo } stop() { # Stop daemons. echo -n "Shutting down argus: " killproc argus RETVAL=$? [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/argus echo } # See how we were called. case "$1" in start) start ;; stop) stop ;; restart|reload) stop start RETVAL=$? ;; condrestart) if [ -f /var/lock/subsys/argus ]; then stop start RETVAL=$? fi ;; status) status argus RETVAL=$? ;; *) echo "Usage: argus {start|stop|restart|condrestart|status}" exit 1 ;; esac exit 0 argus-2.0.6.fixes.1/support/System/0000775000076600007660000000000010046177005012673 5argus-2.0.6.fixes.1/support/System/crontab0000775000076600007660000000157410046176775014215 # # Copyright (c) 2000-2004 QoSient, LLC # All rights reserved. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ # # # # Archive argus data file every hour, on the hour. 0 * * * * /usr/local/bin/argusarchive >> /var/log/argus/archive.log 2>&1 argus-2.0.6.fixes.1/support/System/magic0000775000076600007660000000217210046177003013621 # # Copyright (c) 2000-2004 QoSient, LLC # All rights reserved. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ # # # #------------------------------------------------------------------------------ # argus: file(1) magic for argus-2.*; # From: carter@qosient.com (Carter Bullard) # # Argus magic file entry for linux public domain file(1) command. # 8 belong 0xE5617ACB Argus data >32 byte x - version %d >33 byte x \b.%d argus-2.0.6.fixes.1/support/Xml/0000775000076600007660000000000010044510077012145 5argus-2.0.6.fixes.1/aclocal.m40000664000076600007660000005235210047675455011477 dnl dnl Copyright (C) 2000-2004 QoSient, LLC. dnl dnl Copyright (c) 1995, 1996, 1997, 1998 dnl The Regents of the University of California. All rights reserved. dnl dnl Redistribution and use in source and binary forms, with or without dnl modification, are permitted provided that: (1) source code distributions dnl retain the above copyright notice and this paragraph in its entirety, (2) dnl distributions including binary code include the above copyright notice and dnl this paragraph in its entirety in the documentation or other materials dnl provided with the distribution, and (3) all advertising materials mentioning dnl features or use of this software display the following acknowledgement: dnl ``This product includes software developed by the University of California, dnl Lawrence Berkeley Laboratory and its contributors.'' Neither the name of dnl the University nor the names of its contributors may be used to endorse dnl or promote products derived from this software without specific prior dnl written permission. dnl THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED dnl WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF dnl MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. dnl dnl QOSIENT and LBL autoconf macros dnl dnl dnl Check for flex require flex 2.4 or higher dnl Check for bison define the yy prefix string dnl dnl usage: dnl dnl AC_QOSIENT_LEX_AND_YACC(lex, yacc, yyprefix) dnl dnl results: dnl dnl $1 (lex set) dnl $2 (yacc appended) dnl $3 (optional flex and bison -P prefix) dnl AC_DEFUN(AC_QOSIENT_LEX_AND_YACC, [AC_CHECK_PROGS($1, flex, lex) if test "$$1" = flex ; then AC_MSG_CHECKING(for flex 2.4 or higher) AC_CACHE_VAL(ac_cv_lbl_flex_v24, if flex -V >/dev/null 2>&1; then ac_cv_lbl_flex_v24=yes else ac_cv_lbl_flex_v24=no fi) AC_MSG_RESULT($ac_cv_lbl_flex_v24) if test $ac_cv_lbl_flex_v24 = no ; then s="2.4 or higher required" AC_MSG_WARN(ignoring obsolete flex executable ($s)) $1=lex fi else AC_MSG_ERROR(flex not found. see the INSTALL for more info) fi AC_CHECK_PROGS($2, bison, yacc) if test "$$2" = bison ; then $2="$$2 -y" else AC_MSG_ERROR(bison not found. see the INSTALL for more info) fi if test "$$1" = flex -a -n "$3" ; then $1="$$1 -P$3" $2="$$2 -p $3" fi]) dnl dnl Determine which compiler we're using (cc or gcc) dnl If using gcc, determine the version number dnl If using cc, require that it support ansi prototypes dnl If using gcc, use -O2 (otherwise use -O) dnl If using cc, explicitly specify /usr/local/include dnl dnl usage: dnl dnl AC_LBL_C_INIT(copt, incls) dnl dnl results: dnl dnl $1 (copt set) dnl $2 (incls set) dnl CC dnl LDFLAGS dnl ac_cv_lbl_gcc_vers dnl LBL_CFLAGS dnl AC_DEFUN(AC_LBL_C_INIT, [AC_PREREQ(2.12) AC_BEFORE([$0], [AC_PROG_CC]) AC_BEFORE([$0], [AC_LBL_FIXINCLUDES]) AC_BEFORE([$0], [AC_LBL_DEVEL]) AC_BEFORE([$0], [AC_QOSIENT_DEBUG]) AC_ARG_WITH(gcc, [ --without-gcc don't use gcc]) $1="-O" $2="" if test "${srcdir}" != "." ; then $2="-I\$(srcdir)" fi if test "${CFLAGS+set}" = set; then LBL_CFLAGS="$CFLAGS" fi if test -z "$CC" ; then case "$target_os" in bsdi*) AC_CHECK_PROG(SHLICC2, shlicc2, yes, no) if test $SHLICC2 = yes ; then CC=shlicc2 export CC fi ;; esac fi if test -z "$CC" -a "$with_gcc" = no ; then CC=cc export CC fi AC_PROG_CC if test "$GCC" = yes ; then if test "$SHLICC2" = yes ; then ac_cv_lbl_gcc_vers=2 $1="-O2" else AC_MSG_CHECKING(gcc version) AC_CACHE_VAL(ac_cv_lbl_gcc_vers, ac_cv_lbl_gcc_vers=`$CC -v 2>&1 | \ sed -e '/^gcc version /!d' \ -e 's/^gcc version //' \ -e 's/ .*//' -e 's/^[[[^0-9]]]*//' \ -e 's/\..*//'`) AC_MSG_RESULT($ac_cv_lbl_gcc_vers) if test $ac_cv_lbl_gcc_vers -gt 1 ; then $1="-O2" fi fi else AC_MSG_CHECKING(that $CC handles ansi prototypes) AC_CACHE_VAL(ac_cv_lbl_cc_ansi_prototypes, AC_TRY_COMPILE( [#include ], [int frob(int, char *)], ac_cv_lbl_cc_ansi_prototypes=yes, ac_cv_lbl_cc_ansi_prototypes=no)) AC_MSG_RESULT($ac_cv_lbl_cc_ansi_prototypes) if test $ac_cv_lbl_cc_ansi_prototypes = no ; then case "$target_os" in hpux*) AC_MSG_CHECKING(for HP-UX ansi compiler ($CC -Aa -D_HPUX_SOURCE)) savedcflags="$CFLAGS" CFLAGS="-Aa -D_HPUX_SOURCE $CFLAGS" AC_CACHE_VAL(ac_cv_lbl_cc_hpux_cc_aa, AC_TRY_COMPILE( [#include ], [int frob(int, char *)], ac_cv_lbl_cc_hpux_cc_aa=yes, ac_cv_lbl_cc_hpux_cc_aa=no)) AC_MSG_RESULT($ac_cv_lbl_cc_hpux_cc_aa) if test $ac_cv_lbl_cc_hpux_cc_aa = no ; then AC_MSG_ERROR(see the INSTALL doc for more info) fi CFLAGS="$savedcflags" V_CCOPT="-Aa $V_CCOPT" AC_DEFINE(_HPUX_SOURCE,1,[needed on HP-UX]) ;; *) AC_MSG_ERROR(see the INSTALL doc for more info) ;; esac fi $2="$$2 -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib" case "$target_os" in irix*) V_CCOPT="$V_CCOPT -xansi -signed -g3" ;; osf*) V_CCOPT="$V_CCOPT -std1 -g3" ;; ultrix*) AC_MSG_CHECKING(that Ultrix $CC hacks const in prototypes) AC_CACHE_VAL(ac_cv_lbl_cc_const_proto, AC_TRY_COMPILE( [#include ], [struct a { int b; }; void c(const struct a *)], ac_cv_lbl_cc_const_proto=yes, ac_cv_lbl_cc_const_proto=no)) AC_MSG_RESULT($ac_cv_lbl_cc_const_proto) if test $ac_cv_lbl_cc_const_proto = no ; then AC_DEFINE(const,) fi ;; esac fi ]) dnl dnl Checks to see if unaligned memory accesses fail dnl dnl usage: dnl dnl AC_LBL_UNALIGNED_ACCESS dnl dnl results: dnl dnl LBL_ALIGN (DEFINED) dnl AC_DEFUN(AC_LBL_UNALIGNED_ACCESS, [AC_MSG_CHECKING(if unaligned accesses fail) AC_CACHE_VAL(ac_cv_lbl_unaligned_fail, [case "$target_cpu" in # XXX: should also check that they don't do weird things (like on arm) alpha*|arm*|hp*|mips|sparc) ac_cv_lbl_unaligned_fail=yes ;; *) cat >conftest.c < # include # include unsigned char a[[5]] = { 1, 2, 3, 4, 5 }; main() { unsigned int i; pid_t pid; int status; /* avoid "core dumped" message */ pid = fork(); if (pid < 0) exit(2); if (pid > 0) { /* parent */ pid = waitpid(pid, &status, 0); if (pid < 0) exit(3); exit(!WIFEXITED(status)); } /* child */ i = *(unsigned int *)&a[[1]]; printf("%d\n", i); exit(0); } EOF ${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS \ conftest.c $LIBS >/dev/null 2>&1 if test ! -x conftest ; then dnl failed to compile for some reason ac_cv_lbl_unaligned_fail=yes else ./conftest >conftest.out if test ! -s conftest.out ; then ac_cv_lbl_unaligned_fail=yes else ac_cv_lbl_unaligned_fail=no fi fi rm -f conftest* core core.conftest ;; esac]) AC_MSG_RESULT($ac_cv_lbl_unaligned_fail) if test $ac_cv_lbl_unaligned_fail = yes ; then AC_DEFINE(LBL_ALIGN) fi]) dnl dnl If using gcc and the file .devel exists: dnl Compile with -g (if supported) and -Wall dnl If using gcc 2, do extra prototype checking dnl If an os prototype include exists, symlink os-proto.h to it dnl dnl usage: dnl dnl AC_LBL_DEVEL(copt) dnl dnl results: dnl dnl $1 (copt appended) dnl AC_DEFUN(AC_LBL_DEVEL, [rm -f os-proto.h if test "${LBL_CFLAGS+set}" = set; then $1="$$1 ${LBL_CFLAGS}" fi if test -f .devel ; then if test "$GCC" = yes ; then if test "${LBL_CFLAGS+set}" != set; then if test "$ac_cv_prog_cc_g" = yes ; then $1="-g $$1" fi $1="$$1 -Wall" if test $ac_cv_lbl_gcc_vers -gt 1 ; then $1="$$1 -Wmissing-prototypes -Wstrict-prototypes" fi fi else case "$target_os" in irix6*) V_CCOPT="$V_CCOPT -n32" ;; *) ;; esac fi fi]) dnl dnl If the file .debug exists: dnl Add ARGUS_DEBUG to the condefs.h file. dnl dnl usage: dnl dnl AC_QOSIENT_DEBUG(copt) dnl dnl results: dnl dnl $1 (copt appended) dnl AC_DEFUN(AC_QOSIENT_DEBUG, [ if test -f .debug ; then cat >> confdefs.h <<\EOF #define ARGUSDEBUG 1 EOF fi]) dnl dnl If the file .threads exists: dnl Add ARGUS_THREADS to the condefs.h file. dnl dnl usage: dnl dnl AC_QOSIENT_THREADS(copt) dnl dnl results: dnl dnl $1 (copt appended) dnl AC_DEFUN(AC_QOSIENT_THREADS, [ if test -f .threads ; then cat >> confdefs.h <<\EOF #define ARGUS_THREADS 1 EOF if test "$GCC" = yes ; then LIBS="$LIBS -pthread" fi fi]) dnl sasl.m4--sasl libraries and includes dnl Derrick Brashear dnl from KTH sasl and Arla AC_DEFUN(AC_CMU_SASL_INC_WHERE1, [ AC_REQUIRE([AC_PROG_CC_GNU]) saved_CPPFLAGS=$CPPFLAGS CPPFLAGS="$saved_CPPFLAGS -I$1" CMU_CHECK_HEADER_NOCACHE(sasl.h, ac_cv_found_sasl_inc=yes, ac_cv_found_sasl_inc=no) CPPFLAGS=$saved_CPPFLAGS ]) AC_DEFUN(AC_CMU_SASL_INC_WHERE, [ for i in $1; do AC_CMU_SASL_INC_WHERE1($i) CMU_TEST_INCPATH($i, sasl) if test "$ac_cv_found_sasl_inc" = "yes"; then ac_cv_sasl_where_inc=$i break fi done ]) AC_DEFUN(AC_CMU_SASL_LIB_WHERE1, [ AC_REQUIRE([AC_PROG_CC_GNU]) saved_LIBS=$LIBS LIBS="$saved_LIBS -L$1 -lsasl" AC_TRY_LINK(, [sasl_getprop();], [ac_cv_found_sasl_lib=yes], ac_cv_found_sasl_lib=no) LIBS=$saved_LIBS ]) AC_DEFUN(AC_CMU_SASL_LIB_WHERE, [ for i in $1; do AC_CMU_SASL_LIB_WHERE1($i) dnl deal with false positives from implicit link paths CMU_TEST_LIBPATH($i, sasl) if test "$ac_cv_found_sasl_lib" = "yes" ; then ac_cv_sasl_where_lib=$i break fi done ]) AC_DEFUN(AC_CMU_SASL, [ AC_ARG_WITH(sasl, [ --with-sasl=DIR|yes use libsasl in no], with_sasl="$withval", with_sasl=no) SASLFLAGS="" LIB_SASL="" if test "$with_sasl" != no ; then cmu_saved_CPPFLAGS=$CPPFLAGS cmu_saved_LDFLAGS=$LDFLAGS cmu_saved_LIBS=$LIBS if test -d ${with_sasl}; then ac_cv_sasl_where_lib=${with_sasl}/lib ac_cv_sasl_where_inc=${with_sasl}/include SASLFLAGS="-I$ac_cv_sasl_where_inc" LIB_SASL="-L$ac_cv_sasl_where_lib" CPPFLAGS="${cmu_saved_CPPFLAGS} -I${ac_cv_sasl_where_inc}" LDFLAGS="${cmu_saved_LDFLAGS} -L${ac_cv_sasl_where_lib}" fi AC_CHECK_HEADER(sasl.h, AC_CHECK_LIB(sasl, sasl_getprop, ac_cv_found_sasl=yes, ac_cv_found_sasl=no), ac_cv_found_sasl=no) LIBS="$cmu_saved_LIBS" LDFLAGS="$cmu_saved_LDFLAGS" CPPFLAGS="$cmu_saved_CPPFLAGS" if test "$ac_cv_found_sasl" = yes; then LIB_SASL="$LIB_SASL -lsasl" if test "$with_sasl" != no; then AC_DEFINE(ARGUS_SASL, 1) AC_SUBST(LIB_SASL) AC_SUBST(SASLFLAGS) fi else LIB_SASL="" SASLFLAGS="" fi fi ]) dnl dnl Use pfopen.c if available and pfopen() not in standard libraries dnl Require libpcap dnl Look for libpcap in .. dnl Use the installed libpcap if there is no local version dnl dnl usage: dnl dnl AC_LBL_LIBPCAP(pcapdep, incls) dnl dnl results: dnl dnl $1 (pcapdep set) dnl $2 (incls appended) dnl LIBS dnl LBL_LIBS dnl AC_DEFUN(AC_LBL_LIBPCAP, [AC_REQUIRE([AC_LBL_LIBRARY_NET]) dnl dnl save a copy before locating libpcap.a dnl LBL_LIBS="$LIBS" pfopen=/usr/examples/packetfilter/pfopen.c if test -f $pfopen ; then AC_CHECK_FUNCS(pfopen) if test $ac_cv_func_pfopen = "no" ; then AC_MSG_RESULT(Using $pfopen) LIBS="$LIBS $pfopen" fi fi AC_MSG_CHECKING(for local pcap library) libpcap=FAIL pcapdir=FAIL lastdir=FAIL places=`ls .. | sed -e 's,/$,,' -e 's,^,../,' | \ egrep '/libpcap-[[0-9]]*.[[0-9]]*(.[[0-9]]*)?([[ab]][[0-9]]*)?$'` for dir in $places ../libpcap libpcap ; do basedir=`echo $dir | sed -e 's/[[ab]][[0-9]]*$//'` if test $lastdir = $basedir ; then dnl skip alphas when an actual release is present continue; fi lastdir=$dir if test -r $dir/libpcap.a ; then libpcap=$dir/libpcap.a d=$dir if test -f $dir/pcap.h ; then pcapdir=$dir else pcapdir=FAIL fi dnl continue and select the last one that exists fi done if test $libpcap = FAIL ; then if test -f /usr/local/lib/libpcap.a ; then libpcap=/usr/local/lib/libpcap.a if test -f /usr/local/include/pcap.h ; then pcapdir=/usr/local/include else libpcap=FAIL fi fi fi if test $libpcap = FAIL ; then AC_MSG_RESULT(no) AC_CHECK_LIB(pcap, main, libpcap="-lpcap") fi if test $libpcap = FAIL ; then AC_MSG_CHECKING(for local wpcap library) dir=../wpdpack/Lib if test -r $dir/libwpcap.a ; then libpcap=$dir/libwpcap.a pcapdir=../wpdpack/Include fi if test $libpcap = FAIL ; then AC_MSG_RESULT(no) AC_CHECK_LIB(wpcap, main, libpcap="-lwpcap") fi fi if ! test $libpcap = FAIL ; then $1=$libpcap AC_MSG_CHECKING(for pcap.h) if test $pcapdir = FAIL; then if test $libpcap = "-lpcap" ; then for dir in /usr/local/include/pcap /usr/include /usr/include/pcap; do if test -f $dir/pcap.h ; then pcapdir=$dir fi done else places=`ls $srcdir/.. | sed -e 's,/$,,' -e "s,^,$srcdir/../," | \ egrep '/libpcap-[[0-9]]*.[[0-9]]*(.[[0-9]]*)?([[ab]][[0-9]]*)?$'` for dir in $places ../wpdpack/Include ; do if test -f $dir/pcap.h ; then pcapdir=$dir fi done fi if test $pcapdir = FAIL; then AC_MSG_RESULT(no) AC_MSG_ERROR(cannot find pcap.h, see INSTALL) fi fi if ! test $pcapdir = FAIL; then AC_MSG_RESULT(yes $pcapdir) tdir=`echo $pcapdir | sed -e 's/^\.\./..\/../'` $2="-I$tdir $$2" fi else AC_MSG_ERROR(cannot find packet capture library, see INSTALL) fi case "$host_os" in aix*) pseexe="/lib/pse.exp" AC_MSG_CHECKING(for $pseexe) if test -f $pseexe ; then AC_MSG_RESULT(yes) LIBS="$LIBS -I:$pseexe" fi ;; esac]) dnl dnl Find libwrappers dnl Look for libwrappers in .. dnl Use the installed libwrappers if there is no local version dnl dnl usage: dnl dnl AC_QOSIENT_TCPWRAP(wrapdep, incls) dnl dnl results: dnl dnl $1 (wrapdep set) dnl $2 (incls appended) dnl LIBS dnl LBL_LIBS dnl AC_DEFUN(AC_QOSIENT_TCPWRAP, [AC_MSG_CHECKING(for local tcp_wrappers library) libwrap=FAIL lastdir=FAIL pwdir=`pwd` places=`ls .. | sed -e 's,/$,,' -e 's,^,../,' | egrep 'tcp_wrappers'` for dir in $places; do if test $lastdir = $dir ; then dnl skip alphas when an actual release is present continue; fi lastdir=$dir if test -r $dir/libwrap.a ; then libwrap=$dir/libwrap.a d=$dir dnl continue and select the last one that exists fi done if test $libwrap = FAIL ; then AC_MSG_RESULT(not found) AC_MSG_CHECKING(for system tcp_wrappers library) AC_CHECK_LIB(wrap, main, libwrap="-lwrap") if test $libwrap = FAIL ; then AC_MSG_WARN(tcp_wrapper not found) else $1=$libwrap LIBS="$libwrap $LIBS" if test -r /usr/local/include/tcpd.h; then $2="-I/usr/local/include $$2" fi fi else $1=$libwrap if test -r $d/tcpd.h; then $2="-I../$d $$2" elif test -r $srcdir/../libwrap/tcpd.h; then $2="-I$srcdir/../libwrap $$2" elif test -r /usr/local/include/tcpd.h; then $2="-I/usr/local/include $$2" elif test -r /usr/include/tcpd.h; then $2="-I$d -I$srcdir/../libwrap $$2" else AC_MSG_WARN(cannot find tcpd.h) libwrap=FAIL fi AC_MSG_RESULT($libwrap) fi]) dnl dnl Improved version of AC_CHECK_LIB dnl dnl Thanks to John Hawkinson (jhawk@mit.edu) dnl dnl usage: dnl dnl AC_LBL_CHECK_LIB(LIBRARY, FUNCTION [, ACTION-IF-FOUND [, dnl ACTION-IF-NOT-FOUND [, OTHER-LIBRARIES]]]) dnl dnl results: dnl dnl LIBS dnl define(AC_LBL_CHECK_LIB, [AC_MSG_CHECKING([for $2 in -l$1]) dnl Use a cache variable name containing both the library and function name, dnl because the test really is for library $1 defining function $2, not dnl just for library $1. Separate tests with the same $1 and different $2's dnl may have different results. ac_lib_var=`echo $1['_']$2['_']$5 | sed 'y%./+- %__p__%'` AC_CACHE_VAL(ac_cv_lbl_lib_$ac_lib_var, [ac_save_LIBS="$LIBS" LIBS="-l$1 $5 $LIBS" AC_TRY_LINK(dnl ifelse([$2], [main], , dnl Avoid conflicting decl of main. [/* Override any gcc2 internal prototype to avoid an error. */ ]ifelse(AC_LANG, CPLUSPLUS, [#ifdef __cplusplus extern "C" #endif ])dnl [/* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char $2(); ]), [$2()], eval "ac_cv_lbl_lib_$ac_lib_var=yes", eval "ac_cv_lbl_lib_$ac_lib_var=no") LIBS="$ac_save_LIBS" ])dnl if eval "test \"`echo '$ac_cv_lbl_lib_'$ac_lib_var`\" = yes"; then AC_MSG_RESULT(yes) ifelse([$3], , [changequote(, )dnl ac_tr_lib=HAVE_LIB`echo $1 | sed -e 's/[^a-zA-Z0-9_]/_/g' \ -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` changequote([, ])dnl AC_DEFINE_UNQUOTED($ac_tr_lib) LIBS="-l$1 $LIBS" ], [$3]) else AC_MSG_RESULT(no) ifelse([$4], , , [$4 ])dnl fi ]) dnl dnl AC_LBL_LIBRARY_NET dnl dnl This test is for network applications that need socket() and dnl gethostbyname() -ish functions. Under Solaris, those applications dnl need to link with "-lsocket -lnsl". Under IRIX, they need to link dnl with "-lnsl" but should *not* link with "-lsocket" because dnl libsocket.a breaks a number of things (for instance: dnl gethostbyname() under IRIX 5.2, and snoop sockets under most dnl versions of IRIX). dnl dnl Unfortunately, many application developers are not aware of this, dnl and mistakenly write tests that cause -lsocket to be used under dnl IRIX. It is also easy to write tests that cause -lnsl to be used dnl under operating systems where neither are necessary (or useful), dnl such as SunOS 4.1.4, which uses -lnsl for TLI. dnl dnl This test exists so that every application developer does not test dnl this in a different, and subtly broken fashion. dnl It has been argued that this test should be broken up into two dnl seperate tests, one for the resolver libraries, and one for the dnl libraries necessary for using Sockets API. Unfortunately, the two dnl are carefully intertwined and allowing the autoconf user to use dnl them independantly potentially results in unfortunate ordering dnl dependancies -- as such, such component macros would have to dnl carefully use indirection and be aware if the other components were dnl executed. Since other autoconf macros do not go to this trouble, dnl and almost no applications use sockets without the resolver, this dnl complexity has not been implemented. dnl dnl The check for libresolv is in case you are attempting to link dnl statically and happen to have a libresolv.a lying around (and no dnl libnsl.a). dnl AC_DEFUN(AC_LBL_LIBRARY_NET, [ # Most operating systems have gethostbyname() in the default searched # libraries (i.e. libc): # Some OSes (eg. Solaris) place it in libnsl # Some strange OSes (SINIX) have it in libsocket: AC_SEARCH_LIBS(gethostbyname, nsl socket resolv) # Unfortunately libsocket sometimes depends on libnsl and # AC_SEARCH_LIBS isn't up to the task of handling dependencies like this. if test "$ac_cv_search_gethostbyname" = "no" then AC_CHECK_LIB(socket, gethostbyname, LIBS="-lsocket -lnsl $LIBS", , -lnsl) fi AC_SEARCH_LIBS(socket, socket, , AC_CHECK_LIB(socket, socket, LIBS="-lsocket -lnsl $LIBS", , -lnsl)) # DLPI needs putmsg under HPUX so test for -lstr while we're at it AC_SEARCH_LIBS(putmsg, str) ]) argus-2.0.6.fixes.1/contrib/0000775000076600007660000000000010044510077011331 5argus-2.0.6.fixes.1/contrib/Argus-perl-2.00/0000775000076600007660000000000010044510077013727 5argus-2.0.6.fixes.1/contrib/Argus-perl-2.00/Argus/0000775000076600007660000000000010044510077015010 5argus-2.0.6.fixes.1/contrib/Argus-perl-2.00/t/0000775000076600007660000000000010044510077014172 5argus-2.0.6.fixes.1/contrib/hostpairs.dist/0000775000076600007660000000000010044510077014307 5argus-2.0.6.fixes.1/config/0000775000076600007660000000000010044510077011136 5argus-2.0.6.fixes.1/config/config.guess0000775000076600007660000012001107720700406013375 #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, # 2000, 2001, 2002 Free Software Foundation, Inc. timestamp='2002-11-30' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Originally written by Per Bothner . # Please send patches to . Submit a context # diff and a properly formatted ChangeLog entry. # # This script attempts to guess a canonical system name similar to # config.sub. If it succeeds, it prints the system name on stdout, and # exits with 0. Otherwise, it exits with 1. # # The plan is that this can be called by configure scripts if you # don't specify an explicit build system type. me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] Output the configuration name of the system \`$me' is run on. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit 0 ;; --version | -v ) echo "$version" ; exit 0 ;; --help | --h* | -h ) echo "$usage"; exit 0 ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" >&2 exit 1 ;; * ) break ;; esac done if test $# != 0; then echo "$me: too many arguments$help" >&2 exit 1 fi trap 'exit 1' 1 2 15 # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires # temporary files to be created and, as you can see below, it is a # headache to deal with in a portable fashion. # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still # use `HOST_CC' if defined, but it is deprecated. # This shell variable is my proudest work .. or something. --bje set_cc_for_build='tmpdir=${TMPDIR-/tmp}/config-guess-$$ ; (old=`umask` && umask 077 && mkdir $tmpdir && umask $old && unset old) || (echo "$me: cannot create $tmpdir" >&2 && exit 1) ; dummy=$tmpdir/dummy ; files="$dummy.c $dummy.o $dummy.rel $dummy" ; trap '"'"'rm -f $files; rmdir $tmpdir; exit 1'"'"' 1 2 15 ; case $CC_FOR_BUILD,$HOST_CC,$CC in ,,) echo "int x;" > $dummy.c ; for c in cc gcc c89 c99 ; do if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then CC_FOR_BUILD="$c"; break ; fi ; done ; rm -f $files ; if test x"$CC_FOR_BUILD" = x ; then CC_FOR_BUILD=no_compiler_found ; fi ;; ,,*) CC_FOR_BUILD=$CC ;; ,*,*) CC_FOR_BUILD=$HOST_CC ;; esac ; unset files' # This is needed to find uname on a Pyramid OSx when run in the BSD universe. # (ghazi@noc.rutgers.edu 1994-08-24) if (test -f /.attbin/uname) >/dev/null 2>&1 ; then PATH=$PATH:/.attbin ; export PATH fi UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently # switched to ELF, *-*-netbsd* would select the old # object file format. This provides both forward # compatibility and a consistent mechanism for selecting the # object file format. # # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ /usr/sbin/$sysctl 2>/dev/null || echo unknown)` case "${UNAME_MACHINE_ARCH}" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently, or will in the future. case "${UNAME_MACHINE_ARCH}" in arm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep __ELF__ >/dev/null then # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). # Return netbsd for either. FIX? os=netbsd else os=netbsdelf fi ;; *) os=netbsd ;; esac # The OS release # Debian GNU/NetBSD machines have a different userland, and # thus, need a distinct triplet. However, they do not need # kernel version information, so it can be replaced with a # suitable tag, in the style of linux-gnu. case "${UNAME_VERSION}" in Debian*) release='-gnu' ;; *) release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` ;; esac # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. echo "${machine}-${os}${release}" exit 0 ;; amiga:OpenBSD:*:*) echo m68k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; arc:OpenBSD:*:*) echo mipsel-unknown-openbsd${UNAME_RELEASE} exit 0 ;; hp300:OpenBSD:*:*) echo m68k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; mac68k:OpenBSD:*:*) echo m68k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; macppc:OpenBSD:*:*) echo powerpc-unknown-openbsd${UNAME_RELEASE} exit 0 ;; mvme68k:OpenBSD:*:*) echo m68k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; mvme88k:OpenBSD:*:*) echo m88k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; mvmeppc:OpenBSD:*:*) echo powerpc-unknown-openbsd${UNAME_RELEASE} exit 0 ;; pmax:OpenBSD:*:*) echo mipsel-unknown-openbsd${UNAME_RELEASE} exit 0 ;; sgi:OpenBSD:*:*) echo mipseb-unknown-openbsd${UNAME_RELEASE} exit 0 ;; sun3:OpenBSD:*:*) echo m68k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; wgrisc:OpenBSD:*:*) echo mipsel-unknown-openbsd${UNAME_RELEASE} exit 0 ;; *:OpenBSD:*:*) echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE} exit 0 ;; alpha:OSF1:*:*) if test $UNAME_RELEASE = "V4.0"; then UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` fi # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. eval $set_cc_for_build cat <$dummy.s .data \$Lformat: .byte 37,100,45,37,120,10,0 # "%d-%x\n" .text .globl main .align 4 .ent main main: .frame \$30,16,\$26,0 ldgp \$29,0(\$27) .prologue 1 .long 0x47e03d80 # implver \$0 lda \$2,-1 .long 0x47e20c21 # amask \$2,\$1 lda \$16,\$Lformat mov \$0,\$17 not \$1,\$18 jsr \$26,printf ldgp \$29,0(\$26) mov 0,\$16 jsr \$26,exit .end main EOF $CC_FOR_BUILD -o $dummy $dummy.s 2>/dev/null if test "$?" = 0 ; then case `$dummy` in 0-0) UNAME_MACHINE="alpha" ;; 1-0) UNAME_MACHINE="alphaev5" ;; 1-1) UNAME_MACHINE="alphaev56" ;; 1-101) UNAME_MACHINE="alphapca56" ;; 2-303) UNAME_MACHINE="alphaev6" ;; 2-307) UNAME_MACHINE="alphaev67" ;; 2-1307) UNAME_MACHINE="alphaev68" ;; 3-1307) UNAME_MACHINE="alphaev7" ;; esac fi rm -f $dummy.s $dummy && rmdir $tmpdir echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` exit 0 ;; Alpha\ *:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # Should we change UNAME_MACHINE based on the output of uname instead # of the specific Alpha model? echo alpha-pc-interix exit 0 ;; 21064:Windows_NT:50:3) echo alpha-dec-winnt3.5 exit 0 ;; Amiga*:UNIX_System_V:4.0:*) echo m68k-unknown-sysv4 exit 0;; *:[Aa]miga[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-amigaos exit 0 ;; *:[Mm]orph[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-morphos exit 0 ;; *:OS/390:*:*) echo i370-ibm-openedition exit 0 ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit 0;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) echo hppa1.1-hitachi-hiuxmpp exit 0;; Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. if test "`(/bin/universe) 2>/dev/null`" = att ; then echo pyramid-pyramid-sysv3 else echo pyramid-pyramid-bsd fi exit 0 ;; NILE*:*:*:dcosx) echo pyramid-pyramid-svr4 exit 0 ;; DRS?6000:UNIX_SV:4.2*:7*) case `/usr/bin/uname -p` in sparc) echo sparc-icl-nx7 && exit 0 ;; esac ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; i86pc:SunOS:5.*:*) echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in Series*|S4*) UNAME_RELEASE=`uname -v` ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` exit 0 ;; sun3*:SunOS:*:*) echo m68k-sun-sunos${UNAME_RELEASE} exit 0 ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 case "`/bin/arch`" in sun3) echo m68k-sun-sunos${UNAME_RELEASE} ;; sun4) echo sparc-sun-sunos${UNAME_RELEASE} ;; esac exit 0 ;; aushp:SunOS:*:*) echo sparc-auspex-sunos${UNAME_RELEASE} exit 0 ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not # "atarist" or "atariste" at least should have a processor # > m68000). The system name ranges from "MiNT" over "FreeMiNT" # to the lowercase version "mint" (or "freemint"). Finally # the system name "TOS" denotes a system which is actually not # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit 0 ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit 0 ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit 0 ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) echo m68k-milan-mint${UNAME_RELEASE} exit 0 ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) echo m68k-hades-mint${UNAME_RELEASE} exit 0 ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) echo m68k-unknown-mint${UNAME_RELEASE} exit 0 ;; powerpc:machten:*:*) echo powerpc-apple-machten${UNAME_RELEASE} exit 0 ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 exit 0 ;; RISC*:ULTRIX:*:*) echo mips-dec-ultrix${UNAME_RELEASE} exit 0 ;; VAX*:ULTRIX*:*:*) echo vax-dec-ultrix${UNAME_RELEASE} exit 0 ;; 2020:CLIX:*:* | 2430:CLIX:*:*) echo clipper-intergraph-clix${UNAME_RELEASE} exit 0 ;; mips:*:*:UMIPS | mips:*:*:RISCos) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #ifdef __cplusplus #include /* for printf() prototype */ int main (int argc, char *argv[]) { #else int main (argc, argv) int argc; char *argv[]; { #endif #if defined (host_mips) && defined (MIPSEB) #if defined (SYSTYPE_SYSV) printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_SVR4) printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); #endif #endif exit (-1); } EOF $CC_FOR_BUILD -o $dummy $dummy.c \ && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 rm -f $dummy.c $dummy && rmdir $tmpdir echo mips-mips-riscos${UNAME_RELEASE} exit 0 ;; Motorola:PowerMAX_OS:*:*) echo powerpc-motorola-powermax exit 0 ;; Motorola:*:4.3:PL8-*) echo powerpc-harris-powermax exit 0 ;; Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) echo powerpc-harris-powermax exit 0 ;; Night_Hawk:Power_UNIX:*:*) echo powerpc-harris-powerunix exit 0 ;; m88k:CX/UX:7*:*) echo m88k-harris-cxux7 exit 0 ;; m88k:*:4*:R4*) echo m88k-motorola-sysv4 exit 0 ;; m88k:*:3*:R3*) echo m88k-motorola-sysv3 exit 0 ;; AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] then if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ [ ${TARGET_BINARY_INTERFACE}x = x ] then echo m88k-dg-dgux${UNAME_RELEASE} else echo m88k-dg-dguxbcs${UNAME_RELEASE} fi else echo i586-dg-dgux${UNAME_RELEASE} fi exit 0 ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 exit 0 ;; M88*:*:R3*:*) # Delta 88k system running SVR3 echo m88k-motorola-sysv3 exit 0 ;; XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) echo m88k-tektronix-sysv3 exit 0 ;; Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) echo m68k-tektronix-bsd exit 0 ;; *:IRIX*:*:*) echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` exit 0 ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' i*86:AIX:*:*) echo i386-ibm-aix exit 0 ;; ia64:AIX:*:*) if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} exit 0 ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include main() { if (!__power_pc()) exit(1); puts("powerpc-ibm-aix3.2.5"); exit(0); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 rm -f $dummy.c $dummy && rmdir $tmpdir echo rs6000-ibm-aix3.2.5 elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then echo rs6000-ibm-aix3.2.4 else echo rs6000-ibm-aix3.2 fi exit 0 ;; *:AIX:*:[45]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 else IBM_ARCH=powerpc fi if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${IBM_ARCH}-ibm-aix${IBM_REV} exit 0 ;; *:AIX:*:*) echo rs6000-ibm-aix exit 0 ;; ibmrt:4.4BSD:*|romp-ibm:BSD:*) echo romp-ibm-bsd4.4 exit 0 ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to exit 0 ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx exit 0 ;; DPX/2?00:B.O.S.:*:*) echo m68k-bull-sysv3 exit 0 ;; 9000/[34]??:4.3bsd:1.*:*) echo m68k-hp-bsd exit 0 ;; hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) echo m68k-hp-bsd4.4 exit 0 ;; 9000/[34678]??:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` case "${UNAME_MACHINE}" in 9000/31? ) HP_ARCH=m68000 ;; 9000/[34]?? ) HP_ARCH=m68k ;; 9000/[678][0-9][0-9]) if [ -x /usr/bin/getconf ]; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` case "${sc_cpu_version}" in 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 case "${sc_kernel_bits}" in 32) HP_ARCH="hppa2.0n" ;; 64) HP_ARCH="hppa2.0w" ;; '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 esac ;; esac fi if [ "${HP_ARCH}" = "" ]; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #define _HPUX_SOURCE #include #include int main () { #if defined(_SC_KERNEL_BITS) long bits = sysconf(_SC_KERNEL_BITS); #endif long cpu = sysconf (_SC_CPU_VERSION); switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0"); break; case CPU_PA_RISC1_1: puts ("hppa1.1"); break; case CPU_PA_RISC2_0: #if defined(_SC_KERNEL_BITS) switch (bits) { case 64: puts ("hppa2.0w"); break; case 32: puts ("hppa2.0n"); break; default: puts ("hppa2.0"); break; } break; #else /* !defined(_SC_KERNEL_BITS) */ puts ("hppa2.0"); break; #endif default: puts ("hppa1.0"); break; } exit (0); } EOF (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi rm -f $dummy.c $dummy && rmdir $tmpdir fi ;; esac echo ${HP_ARCH}-hp-hpux${HPUX_REV} exit 0 ;; ia64:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` echo ia64-hp-hpux${HPUX_REV} exit 0 ;; 3050*:HI-UX:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include int main () { long cpu = sysconf (_SC_CPU_VERSION); /* The order matters, because CPU_IS_HP_MC68K erroneously returns true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct results, however. */ if (CPU_IS_PA_RISC (cpu)) { switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; default: puts ("hppa-hitachi-hiuxwe2"); break; } } else if (CPU_IS_HP_MC68K (cpu)) puts ("m68k-hitachi-hiuxwe2"); else puts ("unknown-hitachi-hiuxwe2"); exit (0); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 rm -f $dummy.c $dummy && rmdir $tmpdir echo unknown-hitachi-hiuxwe2 exit 0 ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) echo hppa1.1-hp-bsd exit 0 ;; 9000/8??:4.3bsd:*:*) echo hppa1.0-hp-bsd exit 0 ;; *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) echo hppa1.0-hp-mpeix exit 0 ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) echo hppa1.1-hp-osf exit 0 ;; hp8??:OSF1:*:*) echo hppa1.0-hp-osf exit 0 ;; i*86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then echo ${UNAME_MACHINE}-unknown-osf1mk else echo ${UNAME_MACHINE}-unknown-osf1 fi exit 0 ;; parisc*:Lites*:*:*) echo hppa1.1-hp-lites exit 0 ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd exit 0 ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit 0 ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd exit 0 ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd exit 0 ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd exit 0 ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit 0 ;; CRAY*[A-Z]90:*:*:*) echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ -e 's/\.[^.]*$/.X/' exit 0 ;; CRAY*TS:*:*:*) echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit 0 ;; CRAY*T3D:*:*:*) echo alpha-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit 0 ;; CRAY*T3E:*:*:*) echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit 0 ;; CRAY*SV1:*:*:*) echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit 0 ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit 0 ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} exit 0 ;; sparc*:BSD/OS:*:*) echo sparc-unknown-bsdi${UNAME_RELEASE} exit 0 ;; *:BSD/OS:*:*) echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} exit 0 ;; *:FreeBSD:*:*) # Determine whether the default compiler uses glibc. eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include #if __GLIBC__ >= 2 LIBC=gnu #else LIBC= #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` rm -f $dummy.c && rmdir $tmpdir echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC} exit 0 ;; i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit 0 ;; i*:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit 0 ;; i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit 0 ;; x86:Interix*:3*) echo i586-pc-interix3 exit 0 ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit 0 ;; i*:Windows_NT*:* | Pentium*:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we # UNAME_MACHINE based on the output of uname instead of i386? echo i586-pc-interix exit 0 ;; i*:UWIN*:*) echo ${UNAME_MACHINE}-pc-uwin exit 0 ;; p*:CYGWIN*:*) echo powerpcle-unknown-cygwin exit 0 ;; prep*:SunOS:5.*:*) echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; *:GNU:*:*) echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit 0 ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit 0 ;; arm*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit 0 ;; ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit 0 ;; m68*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit 0 ;; mips:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #undef CPU #undef mips #undef mipsel #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) CPU=mipsel #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) CPU=mips #else CPU= #endif #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` rm -f $dummy.c && rmdir $tmpdir test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 ;; mips64:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #undef CPU #undef mips64 #undef mips64el #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) CPU=mips64el #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) CPU=mips64 #else CPU= #endif #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` rm -f $dummy.c && rmdir $tmpdir test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 ;; ppc:Linux:*:*) echo powerpc-unknown-linux-gnu exit 0 ;; ppc64:Linux:*:*) echo powerpc64-unknown-linux-gnu exit 0 ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in EV5) UNAME_MACHINE=alphaev5 ;; EV56) UNAME_MACHINE=alphaev56 ;; PCA56) UNAME_MACHINE=alphapca56 ;; PCA57) UNAME_MACHINE=alphapca56 ;; EV6) UNAME_MACHINE=alphaev6 ;; EV67) UNAME_MACHINE=alphaev67 ;; EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} exit 0 ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in PA7*) echo hppa1.1-unknown-linux-gnu ;; PA8*) echo hppa2.0-unknown-linux-gnu ;; *) echo hppa-unknown-linux-gnu ;; esac exit 0 ;; parisc64:Linux:*:* | hppa64:Linux:*:*) echo hppa64-unknown-linux-gnu exit 0 ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux exit 0 ;; sh*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit 0 ;; sparc:Linux:*:* | sparc64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit 0 ;; x86_64:Linux:*:*) echo x86_64-unknown-linux-gnu exit 0 ;; i*86:Linux:*:*) # The BFD linker knows what the default object file format is, so # first see if it will tell us. cd to the root directory to prevent # problems with other programs or directories called `ld' in the path. # Set LC_ALL=C to ensure ld outputs messages in English. ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ | sed -ne '/supported targets:/!d s/[ ][ ]*/ /g s/.*supported targets: *// s/ .*// p'` case "$ld_supported_targets" in elf32-i386) TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" ;; a.out-i386-linux) echo "${UNAME_MACHINE}-pc-linux-gnuaout" exit 0 ;; coff-i386) echo "${UNAME_MACHINE}-pc-linux-gnucoff" exit 0 ;; "") # Either a pre-BFD a.out linker (linux-gnuoldld) or # one that does not give us useful --help. echo "${UNAME_MACHINE}-pc-linux-gnuoldld" exit 0 ;; esac # Determine whether the default compiler is a.out or elf eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include #ifdef __ELF__ # ifdef __GLIBC__ # if __GLIBC__ >= 2 LIBC=gnu # else LIBC=gnulibc1 # endif # else LIBC=gnulibc1 # endif #else #ifdef __INTEL_COMPILER LIBC=gnu #else LIBC=gnuaout #endif #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` rm -f $dummy.c && rmdir $tmpdir test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0 test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0 ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both # sysname and nodename. echo i386-sequent-sysv4 exit 0 ;; i*86:UNIX_SV:4.2MP:2.*) # Unixware is an offshoot of SVR4, but it has its own version # number series starting with 2... # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} exit 0 ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. echo ${UNAME_MACHINE}-pc-os2-emx exit 0 ;; i*86:XTS-300:*:STOP) echo ${UNAME_MACHINE}-unknown-stop exit 0 ;; i*86:atheos:*:*) echo ${UNAME_MACHINE}-unknown-atheos exit 0 ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) echo i386-unknown-lynxos${UNAME_RELEASE} exit 0 ;; i*86:*DOS:*:*) echo ${UNAME_MACHINE}-pc-msdosdjgpp exit 0 ;; i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} else echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} fi exit 0 ;; i*86:*:5:[78]*) case `/bin/uname -X | grep "^Machine"` in *486*) UNAME_MACHINE=i486 ;; *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} exit 0 ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ && UNAME_MACHINE=i586 (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ && UNAME_MACHINE=i686 (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ && UNAME_MACHINE=i686 echo ${UNAME_MACHINE}-pc-sco$UNAME_REL else echo ${UNAME_MACHINE}-pc-sysv32 fi exit 0 ;; pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about # the processor, so we play safe by assuming i386. echo i386-pc-msdosdjgpp exit 0 ;; Intel:Mach:3*:*) echo i386-pc-mach3 exit 0 ;; paragon:*:*:*) echo i860-intel-osf1 exit 0 ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 fi exit 0 ;; mini*:CTIX:SYS*5:*) # "miniframe" echo m68010-convergent-sysv exit 0 ;; mc68k:UNIX:SYSTEM5:3.51m) echo m68k-convergent-sysv exit 0 ;; M680?0:D-NIX:5.3:*) echo m68k-diab-dnix exit 0 ;; M68*:*:R3V[567]*:*) test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0) OS_REL='' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && echo i486-ncr-sysv4.3${OS_REL} && exit 0 /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && echo i486-ncr-sysv4 && exit 0 ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit 0 ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 exit 0 ;; TSUNAMI:LynxOS:2.*:*) echo sparc-unknown-lynxos${UNAME_RELEASE} exit 0 ;; rs6000:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} exit 0 ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) echo powerpc-unknown-lynxos${UNAME_RELEASE} exit 0 ;; SM[BE]S:UNIX_SV:*:*) echo mips-dde-sysv${UNAME_RELEASE} exit 0 ;; RM*:ReliantUNIX-*:*:*) echo mips-sni-sysv4 exit 0 ;; RM*:SINIX-*:*:*) echo mips-sni-sysv4 exit 0 ;; *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` echo ${UNAME_MACHINE}-sni-sysv4 else echo ns32k-sni-sysv fi exit 0 ;; PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort # says echo i586-unisys-sysv4 exit 0 ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm echo hppa1.1-stratus-sysv4 exit 0 ;; *:*:*:FTX*) # From seanf@swdc.stratus.com. echo i860-stratus-sysv4 exit 0 ;; *:VOS:*:*) # From Paul.Green@stratus.com. echo hppa1.1-stratus-vos exit 0 ;; mc68*:A/UX:*:*) echo m68k-apple-aux${UNAME_RELEASE} exit 0 ;; news*:NEWS-OS:6*:*) echo mips-sony-newsos6 exit 0 ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then echo mips-nec-sysv${UNAME_RELEASE} else echo mips-unknown-sysv${UNAME_RELEASE} fi exit 0 ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. echo powerpc-be-beos exit 0 ;; BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. echo powerpc-apple-beos exit 0 ;; BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos exit 0 ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit 0 ;; SX-5:SUPER-UX:*:*) echo sx5-nec-superux${UNAME_RELEASE} exit 0 ;; SX-6:SUPER-UX:*:*) echo sx6-nec-superux${UNAME_RELEASE} exit 0 ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit 0 ;; *:Rhapsody:*:*) echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} exit 0 ;; *:Darwin:*:*) echo `uname -p`-apple-darwin${UNAME_RELEASE} exit 0 ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` if test "$UNAME_PROCESSOR" = "x86"; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} exit 0 ;; *:QNX:*:4*) echo i386-pc-qnx exit 0 ;; NSR-[DGKLNPTVW]:NONSTOP_KERNEL:*:*) echo nsr-tandem-nsk${UNAME_RELEASE} exit 0 ;; *:NonStop-UX:*:*) echo mips-compaq-nonstopux exit 0 ;; BS2000:POSIX*:*:*) echo bs2000-siemens-sysv exit 0 ;; DS/*:UNIX_System_V:*:*) echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} exit 0 ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. if test "$cputype" = "386"; then UNAME_MACHINE=i386 else UNAME_MACHINE="$cputype" fi echo ${UNAME_MACHINE}-unknown-plan9 exit 0 ;; *:TOPS-10:*:*) echo pdp10-unknown-tops10 exit 0 ;; *:TENEX:*:*) echo pdp10-unknown-tenex exit 0 ;; KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) echo pdp10-dec-tops20 exit 0 ;; XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) echo pdp10-xkl-tops20 exit 0 ;; *:TOPS-20:*:*) echo pdp10-unknown-tops20 exit 0 ;; *:ITS:*:*) echo pdp10-unknown-its exit 0 ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 #echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 eval $set_cc_for_build cat >$dummy.c < # include #endif main () { #if defined (sony) #if defined (MIPSEB) /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, I don't know.... */ printf ("mips-sony-bsd\n"); exit (0); #else #include printf ("m68k-sony-newsos%s\n", #ifdef NEWSOS4 "4" #else "" #endif ); exit (0); #endif #endif #if defined (__arm) && defined (__acorn) && defined (__unix) printf ("arm-acorn-riscix"); exit (0); #endif #if defined (hp300) && !defined (hpux) printf ("m68k-hp-bsd\n"); exit (0); #endif #if defined (NeXT) #if !defined (__ARCHITECTURE__) #define __ARCHITECTURE__ "m68k" #endif int version; version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; if (version < 4) printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); else printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); exit (0); #endif #if defined (MULTIMAX) || defined (n16) #if defined (UMAXV) printf ("ns32k-encore-sysv\n"); exit (0); #else #if defined (CMU) printf ("ns32k-encore-mach\n"); exit (0); #else printf ("ns32k-encore-bsd\n"); exit (0); #endif #endif #endif #if defined (__386BSD__) printf ("i386-pc-bsd\n"); exit (0); #endif #if defined (sequent) #if defined (i386) printf ("i386-sequent-dynix\n"); exit (0); #endif #if defined (ns32000) printf ("ns32k-sequent-dynix\n"); exit (0); #endif #endif #if defined (_SEQUENT_) struct utsname un; uname(&un); if (strncmp(un.version, "V2", 2) == 0) { printf ("i386-sequent-ptx2\n"); exit (0); } if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ printf ("i386-sequent-ptx1\n"); exit (0); } printf ("i386-sequent-ptx\n"); exit (0); #endif #if defined (vax) # if !defined (ultrix) # include # if defined (BSD) # if BSD == 43 printf ("vax-dec-bsd4.3\n"); exit (0); # else # if BSD == 199006 printf ("vax-dec-bsd4.3reno\n"); exit (0); # else printf ("vax-dec-bsd\n"); exit (0); # endif # endif # else printf ("vax-dec-bsd\n"); exit (0); # endif # else printf ("vax-dec-ultrix\n"); exit (0); # endif #endif #if defined (alliant) && defined (i860) printf ("i860-alliant-bsd\n"); exit (0); #endif exit (1); } EOF $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 rm -f $dummy.c $dummy && rmdir $tmpdir # Apollos put the system type in the environment. test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } # Convex versions that predate uname can use getsysinfo(1) if [ -x /usr/convex/getsysinfo ] then case `getsysinfo -f cpu_type` in c1*) echo c1-convex-bsd exit 0 ;; c2*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit 0 ;; c34*) echo c34-convex-bsd exit 0 ;; c38*) echo c38-convex-bsd exit 0 ;; c4*) echo c4-convex-bsd exit 0 ;; esac fi cat >&2 < in order to provide the needed information to handle your system. config.guess timestamp = $timestamp uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` /bin/uname -X = `(/bin/uname -X) 2>/dev/null` hostinfo = `(hostinfo) 2>/dev/null` /bin/universe = `(/bin/universe) 2>/dev/null` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` /bin/arch = `(/bin/arch) 2>/dev/null` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` UNAME_MACHINE = ${UNAME_MACHINE} UNAME_RELEASE = ${UNAME_RELEASE} UNAME_SYSTEM = ${UNAME_SYSTEM} UNAME_VERSION = ${UNAME_VERSION} EOF exit 1 # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: argus-2.0.6.fixes.1/config/config.sub0000775000076600007660000007170407720700406013056 #! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, # 2000, 2001, 2002 Free Software Foundation, Inc. timestamp='2002-11-30' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software # can handle that machine. It does not imply ALL GNU software can. # # This file is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, # Boston, MA 02111-1307, USA. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Please send patches to . Submit a context # diff and a properly formatted ChangeLog entry. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. # Otherwise, we print the canonical config type on stdout and succeed. # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases # that are meaningful with *any* GNU software. # Each package is responsible for reporting which valid configurations # it does not support. The user should be able to distinguish # a failure to support a valid configuration from a meaningless # configuration. # The goal of this file is to map all the various variations of a given # machine specification into a single specification in the form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM # or in some cases, the newer four-part form: # CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM # It is wrong to echo any other type of specification. me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] CPU-MFR-OPSYS $0 [OPTION] ALIAS Canonicalize a configuration name. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.sub ($timestamp) Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit 0 ;; --version | -v ) echo "$version" ; exit 0 ;; --help | --h* | -h ) echo "$usage"; exit 0 ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" exit 1 ;; *local*) # First pass through any local machine types. echo $1 exit 0;; * ) break ;; esac done case $# in 0) echo "$me: missing argument$help" >&2 exit 1;; 1) ;; *) echo "$me: too many arguments$help" >&2 exit 1;; esac # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | freebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; *) basic_machine=`echo $1 | sed 's/-[^-]*$//'` if [ $basic_machine != $1 ] then os=`echo $1 | sed 's/.*-/-/'` else os=; fi ;; esac ### Let's recognize common machines as not being operating systems so ### that things like config.sub decstation-3100 work. We also ### recognize some manufacturers as not being operating systems, so we ### can provide default operating systems below. case $os in -sun*os*) # Prevent following clause from handling this invalid input. ;; -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ -apple | -axis) os= basic_machine=$1 ;; -sim | -cisco | -oki | -wec | -winbond) os= basic_machine=$1 ;; -scout) ;; -wrs) os=-vxworks basic_machine=$1 ;; -chorusos*) os=-chorusos basic_machine=$1 ;; -chorusrdb) os=-chorusrdb basic_machine=$1 ;; -hiux*) os=-hiuxwe2 ;; -sco5) os=-sco3.2v5 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco4) os=-sco3.2v4 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2.[4-9]*) os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2v[4-9]*) # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco*) os=-sco3.2v2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -udk*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -isc) os=-isc2.2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -clix*) basic_machine=clipper-intergraph ;; -isc*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -lynx*) os=-lynxos ;; -ptx*) basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` ;; -windowsnt*) os=`echo $os | sed -e 's/windowsnt/winnt/'` ;; -psos*) os=-psos ;; -mint | -mint[0-9]*) basic_machine=m68k-atari os=-mint ;; esac # Decode aliases for certain CPU-COMPANY combinations. case $basic_machine in # Recognize the basic CPU types without company name. # Some are omitted here because they have special meanings below. 1750a | 580 \ | a29k \ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ | clipper \ | d10v | d30v | dlx | dsp16xx \ | fr30 | frv \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | i370 | i860 | i960 | ia64 \ | ip2k \ | m32r | m68000 | m68k | m88k | mcore \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ | mips64vr | mips64vrel \ | mips64orion | mips64orionel \ | mips64vr4100 | mips64vr4100el \ | mips64vr4300 | mips64vr4300el \ | mips64vr5000 | mips64vr5000el \ | mipsisa32 | mipsisa32el \ | mipsisa64 | mipsisa64el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ | ns16k | ns32k \ | openrisc | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | pyramid \ | sh | sh[1234] | sh3e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \ | strongarm \ | tahoe | thumb | tic80 | tron \ | v850 | v850e \ | we32k \ | x86 | xscale | xstormy16 | xtensa \ | z8k) basic_machine=$basic_machine-unknown ;; m6811 | m68hc11 | m6812 | m68hc12) # Motorola 68HC11/12. basic_machine=$basic_machine-unknown os=-none ;; m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) ;; # We use `pc' rather than `unknown' # because (1) that's what they normally are, and # (2) the word "unknown" tends to confuse beginning users. i*86 | x86_64) basic_machine=$basic_machine-pc ;; # Object if more than one company name word. *-*-*) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; # Recognize the basic CPU types with company name. 580-* \ | a29k-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* \ | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* \ | clipper-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* \ | m32r-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ | m88110-* | m88k-* | mcore-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ | mips64vr-* | mips64vrel-* \ | mips64orion-* | mips64orionel-* \ | mips64vr4100-* | mips64vr4100el-* \ | mips64vr4300-* | mips64vr4300el-* \ | mips64vr5000-* | mips64vr5000el-* \ | mipsisa32-* | mipsisa32el-* \ | mipsisa64-* | mipsisa64el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ | mipstx39 | mipstx39el \ | none-* | np1-* | ns16k-* | ns32k-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | pyramid-* \ | romp-* | rs6000-* \ | sh-* | sh[1234]-* | sh3e-* | sh[34]eb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \ | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ | tahoe-* | thumb-* | tic30-* | tic4x-* | tic54x-* | tic80-* | tron-* \ | v850-* | v850e-* | vax-* \ | we32k-* \ | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \ | xtensa-* \ | ymp-* \ | z8k-*) ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. 386bsd) basic_machine=i386-unknown os=-bsd ;; 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) basic_machine=m68000-att ;; 3b*) basic_machine=we32k-att ;; a29khif) basic_machine=a29k-amd os=-udi ;; adobe68k) basic_machine=m68010-adobe os=-scout ;; alliant | fx80) basic_machine=fx80-alliant ;; altos | altos3068) basic_machine=m68k-altos ;; am29k) basic_machine=a29k-none os=-bsd ;; amdahl) basic_machine=580-amdahl os=-sysv ;; amiga | amiga-*) basic_machine=m68k-unknown ;; amigaos | amigados) basic_machine=m68k-unknown os=-amigaos ;; amigaunix | amix) basic_machine=m68k-unknown os=-sysv4 ;; apollo68) basic_machine=m68k-apollo os=-sysv ;; apollo68bsd) basic_machine=m68k-apollo os=-bsd ;; aux) basic_machine=m68k-apple os=-aux ;; balance) basic_machine=ns32k-sequent os=-dynix ;; c90) basic_machine=c90-cray os=-unicos ;; convex-c1) basic_machine=c1-convex os=-bsd ;; convex-c2) basic_machine=c2-convex os=-bsd ;; convex-c32) basic_machine=c32-convex os=-bsd ;; convex-c34) basic_machine=c34-convex os=-bsd ;; convex-c38) basic_machine=c38-convex os=-bsd ;; cray | j90) basic_machine=j90-cray os=-unicos ;; crds | unos) basic_machine=m68k-crds ;; cris | cris-* | etrax*) basic_machine=cris-axis ;; da30 | da30-*) basic_machine=m68k-da30 ;; decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) basic_machine=mips-dec ;; decsystem10* | dec10*) basic_machine=pdp10-dec os=-tops10 ;; decsystem20* | dec20*) basic_machine=pdp10-dec os=-tops20 ;; delta | 3300 | motorola-3300 | motorola-delta \ | 3300-motorola | delta-motorola) basic_machine=m68k-motorola ;; delta88) basic_machine=m88k-motorola os=-sysv3 ;; dpx20 | dpx20-*) basic_machine=rs6000-bull os=-bosx ;; dpx2* | dpx2*-bull) basic_machine=m68k-bull os=-sysv3 ;; ebmon29k) basic_machine=a29k-amd os=-ebmon ;; elxsi) basic_machine=elxsi-elxsi os=-bsd ;; encore | umax | mmax) basic_machine=ns32k-encore ;; es1800 | OSE68k | ose68k | ose | OSE) basic_machine=m68k-ericsson os=-ose ;; fx2800) basic_machine=i860-alliant ;; genix) basic_machine=ns32k-ns ;; gmicro) basic_machine=tron-gmicro os=-sysv ;; go32) basic_machine=i386-pc os=-go32 ;; h3050r* | hiux*) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; h8300hms) basic_machine=h8300-hitachi os=-hms ;; h8300xray) basic_machine=h8300-hitachi os=-xray ;; h8500hms) basic_machine=h8500-hitachi os=-hms ;; harris) basic_machine=m88k-harris os=-sysv3 ;; hp300-*) basic_machine=m68k-hp ;; hp300bsd) basic_machine=m68k-hp os=-bsd ;; hp300hpux) basic_machine=m68k-hp os=-hpux ;; hp3k9[0-9][0-9] | hp9[0-9][0-9]) basic_machine=hppa1.0-hp ;; hp9k2[0-9][0-9] | hp9k31[0-9]) basic_machine=m68000-hp ;; hp9k3[2-9][0-9]) basic_machine=m68k-hp ;; hp9k6[0-9][0-9] | hp6[0-9][0-9]) basic_machine=hppa1.0-hp ;; hp9k7[0-79][0-9] | hp7[0-79][0-9]) basic_machine=hppa1.1-hp ;; hp9k78[0-9] | hp78[0-9]) # FIXME: really hppa2.0-hp basic_machine=hppa1.1-hp ;; hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) # FIXME: really hppa2.0-hp basic_machine=hppa1.1-hp ;; hp9k8[0-9][13679] | hp8[0-9][13679]) basic_machine=hppa1.1-hp ;; hp9k8[0-9][0-9] | hp8[0-9][0-9]) basic_machine=hppa1.0-hp ;; hppa-next) os=-nextstep3 ;; hppaosf) basic_machine=hppa1.1-hp os=-osf ;; hppro) basic_machine=hppa1.1-hp os=-proelf ;; i370-ibm* | ibm*) basic_machine=i370-ibm ;; # I'm not sure what "Sysv32" means. Should this be sysv3.2? i*86v32) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv32 ;; i*86v4*) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv4 ;; i*86v) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv ;; i*86sol2) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-solaris2 ;; i386mach) basic_machine=i386-mach os=-mach ;; i386-vsta | vsta) basic_machine=i386-unknown os=-vsta ;; iris | iris4d) basic_machine=mips-sgi case $os in -irix*) ;; *) os=-irix4 ;; esac ;; isi68 | isi) basic_machine=m68k-isi os=-sysv ;; m88k-omron*) basic_machine=m88k-omron ;; magnum | m3230) basic_machine=mips-mips os=-sysv ;; merlin) basic_machine=ns32k-utek os=-sysv ;; mingw32) basic_machine=i386-pc os=-mingw32 ;; miniframe) basic_machine=m68000-convergent ;; *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) basic_machine=m68k-atari os=-mint ;; mips3*-*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` ;; mips3*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown ;; mmix*) basic_machine=mmix-knuth os=-mmixware ;; monitor) basic_machine=m68k-rom68k os=-coff ;; morphos) basic_machine=powerpc-unknown os=-morphos ;; msdos) basic_machine=i386-pc os=-msdos ;; mvs) basic_machine=i370-ibm os=-mvs ;; ncr3000) basic_machine=i486-ncr os=-sysv4 ;; netbsd386) basic_machine=i386-unknown os=-netbsd ;; netwinder) basic_machine=armv4l-rebel os=-linux ;; news | news700 | news800 | news900) basic_machine=m68k-sony os=-newsos ;; news1000) basic_machine=m68030-sony os=-newsos ;; news-3600 | risc-news) basic_machine=mips-sony os=-newsos ;; necv70) basic_machine=v70-nec os=-sysv ;; next | m*-next ) basic_machine=m68k-next case $os in -nextstep* ) ;; -ns2*) os=-nextstep2 ;; *) os=-nextstep3 ;; esac ;; nh3000) basic_machine=m68k-harris os=-cxux ;; nh[45]000) basic_machine=m88k-harris os=-cxux ;; nindy960) basic_machine=i960-intel os=-nindy ;; mon960) basic_machine=i960-intel os=-mon960 ;; nonstopux) basic_machine=mips-compaq os=-nonstopux ;; np1) basic_machine=np1-gould ;; nsr-tandem) basic_machine=nsr-tandem ;; op50n-* | op60c-*) basic_machine=hppa1.1-oki os=-proelf ;; or32 | or32-*) basic_machine=or32-unknown os=-coff ;; OSE68000 | ose68000) basic_machine=m68000-ericsson os=-ose ;; os68k) basic_machine=m68k-none os=-os68k ;; pa-hitachi) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; paragon) basic_machine=i860-intel os=-osf ;; pbd) basic_machine=sparc-tti ;; pbb) basic_machine=m68k-tti ;; pc532 | pc532-*) basic_machine=ns32k-pc532 ;; pentium | p5 | k5 | k6 | nexgen | viac3) basic_machine=i586-pc ;; pentiumpro | p6 | 6x86 | athlon | athlon_*) basic_machine=i686-pc ;; pentiumii | pentium2) basic_machine=i686-pc ;; pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumpro-* | p6-* | 6x86-* | athlon-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumii-* | pentium2-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pn) basic_machine=pn-gould ;; power) basic_machine=power-ibm ;; ppc) basic_machine=powerpc-unknown ;; ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppcle | powerpclittle | ppc-le | powerpc-little) basic_machine=powerpcle-unknown ;; ppcle-* | powerpclittle-*) basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64) basic_machine=powerpc64-unknown ;; ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64le | powerpc64little | ppc64-le | powerpc64-little) basic_machine=powerpc64le-unknown ;; ppc64le-* | powerpc64little-*) basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ps2) basic_machine=i386-ibm ;; pw32) basic_machine=i586-unknown os=-pw32 ;; rom68k) basic_machine=m68k-rom68k os=-coff ;; rm[46]00) basic_machine=mips-siemens ;; rtpc | rtpc-*) basic_machine=romp-ibm ;; s390 | s390-*) basic_machine=s390-ibm ;; s390x | s390x-*) basic_machine=s390x-ibm ;; sa29200) basic_machine=a29k-amd os=-udi ;; sb1) basic_machine=mipsisa64sb1-unknown ;; sb1el) basic_machine=mipsisa64sb1el-unknown ;; sequent) basic_machine=i386-sequent ;; sh) basic_machine=sh-hitachi os=-hms ;; sparclite-wrs | simso-wrs) basic_machine=sparclite-wrs os=-vxworks ;; sps7) basic_machine=m68k-bull os=-sysv2 ;; spur) basic_machine=spur-unknown ;; st2000) basic_machine=m68k-tandem ;; stratus) basic_machine=i860-stratus os=-sysv4 ;; sun2) basic_machine=m68000-sun ;; sun2os3) basic_machine=m68000-sun os=-sunos3 ;; sun2os4) basic_machine=m68000-sun os=-sunos4 ;; sun3os3) basic_machine=m68k-sun os=-sunos3 ;; sun3os4) basic_machine=m68k-sun os=-sunos4 ;; sun4os3) basic_machine=sparc-sun os=-sunos3 ;; sun4os4) basic_machine=sparc-sun os=-sunos4 ;; sun4sol2) basic_machine=sparc-sun os=-solaris2 ;; sun3 | sun3-*) basic_machine=m68k-sun ;; sun4) basic_machine=sparc-sun ;; sun386 | sun386i | roadrunner) basic_machine=i386-sun ;; sv1) basic_machine=sv1-cray os=-unicos ;; symmetry) basic_machine=i386-sequent os=-dynix ;; t3d) basic_machine=alpha-cray os=-unicos ;; t3e) basic_machine=alphaev5-cray os=-unicos ;; t90) basic_machine=t90-cray os=-unicos ;; tic4x | c4x*) basic_machine=tic4x-unknown os=-coff ;; tic54x | c54x*) basic_machine=tic54x-unknown os=-coff ;; tx39) basic_machine=mipstx39-unknown ;; tx39el) basic_machine=mipstx39el-unknown ;; toad1) basic_machine=pdp10-xkl os=-tops20 ;; tower | tower-32) basic_machine=m68k-ncr ;; udi29k) basic_machine=a29k-amd os=-udi ;; ultra3) basic_machine=a29k-nyu os=-sym1 ;; v810 | necv810) basic_machine=v810-nec os=-none ;; vaxv) basic_machine=vax-dec os=-sysv ;; vms) basic_machine=vax-dec os=-vms ;; vpp*|vx|vx-*) basic_machine=f301-fujitsu ;; vxworks960) basic_machine=i960-wrs os=-vxworks ;; vxworks68) basic_machine=m68k-wrs os=-vxworks ;; vxworks29k) basic_machine=a29k-wrs os=-vxworks ;; w65*) basic_machine=w65-wdc os=-none ;; w89k-*) basic_machine=hppa1.1-winbond os=-proelf ;; xps | xps100) basic_machine=xps100-honeywell ;; ymp) basic_machine=ymp-cray os=-unicos ;; z8k-*-coff) basic_machine=z8k-unknown os=-sim ;; none) basic_machine=none-none os=-none ;; # Here we handle the default manufacturer of certain CPU types. It is in # some cases the only manufacturer, in others, it is the most popular. w89k) basic_machine=hppa1.1-winbond ;; op50n) basic_machine=hppa1.1-oki ;; op60c) basic_machine=hppa1.1-oki ;; romp) basic_machine=romp-ibm ;; rs6000) basic_machine=rs6000-ibm ;; vax) basic_machine=vax-dec ;; pdp10) # there are many clones, so DEC is not a safe bet basic_machine=pdp10-unknown ;; pdp11) basic_machine=pdp11-dec ;; we32k) basic_machine=we32k-att ;; sh3 | sh4 | sh3eb | sh4eb | sh[1234]le | sh3ele) basic_machine=sh-unknown ;; sh64) basic_machine=sh64-unknown ;; sparc | sparcv9 | sparcv9b) basic_machine=sparc-sun ;; cydra) basic_machine=cydra-cydrome ;; orion) basic_machine=orion-highlevel ;; orion105) basic_machine=clipper-highlevel ;; mac | mpw | mac-mpw) basic_machine=m68k-apple ;; pmac | pmac-mpw) basic_machine=powerpc-apple ;; *-unknown) # Make sure to match an already-canonicalized machine name. ;; *) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; esac # Here we canonicalize certain aliases for manufacturers. case $basic_machine in *-digital*) basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` ;; *-commodore*) basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` ;; *) ;; esac # Decode manufacturer-specific aliases for certain operating systems. if [ x"$os" != x"" ] then case $os in # First match some system type aliases # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; -solaris) os=-solaris2 ;; -svr4*) os=-sysv4 ;; -unixware*) os=-sysv4.2uw ;; -gnu/linux*) os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ;; # First accept the basic system types. # The portable systems comes first. # Each alternative MUST END IN A *, to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ | -aos* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \ | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -chorusos* | -chorusrdb* \ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) case $basic_machine in x86-* | i*86-*) ;; *) os=-nto$os ;; esac ;; -nto-qnx*) ;; -nto*) os=`echo $os | sed -e 's|nto|nto-qnx|'` ;; -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ | -windows* | -osx | -abug | -netware* | -os9* | -beos* \ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) ;; -mac*) os=`echo $os | sed -e 's|mac|macos|'` ;; -linux*) os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; -sunos5*) os=`echo $os | sed -e 's|sunos5|solaris2|'` ;; -sunos6*) os=`echo $os | sed -e 's|sunos6|solaris3|'` ;; -opened*) os=-openedition ;; -wince*) os=-wince ;; -osfrose*) os=-osfrose ;; -osf*) os=-osf ;; -utek*) os=-bsd ;; -dynix*) os=-bsd ;; -acis*) os=-aos ;; -atheos*) os=-atheos ;; -386bsd) os=-bsd ;; -ctix* | -uts*) os=-sysv ;; -nova*) os=-rtmk-nova ;; -ns2 ) os=-nextstep2 ;; -nsk*) os=-nsk ;; # Preserve the version number of sinix5. -sinix5.*) os=`echo $os | sed -e 's|sinix|sysv|'` ;; -sinix*) os=-sysv4 ;; -triton*) os=-sysv3 ;; -oss*) os=-sysv3 ;; -svr4) os=-sysv4 ;; -svr3) os=-sysv3 ;; -sysvr4) os=-sysv4 ;; # This must come after -sysvr4. -sysv*) ;; -ose*) os=-ose ;; -es1800*) os=-ose ;; -xenix) os=-xenix ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) os=-mint ;; -none) ;; *) # Get rid of the `-' at the beginning of $os. os=`echo $os | sed 's/[^-]*-//'` echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 exit 1 ;; esac else # Here we handle the default operating systems that come with various machines. # The value should be what the vendor currently ships out the door with their # machine or put another way, the most popular os provided with the machine. # Note that if you're going to try to match "-MANUFACTURER" here (say, # "-sun"), then you have to tell the case statement up towards the top # that MANUFACTURER isn't an operating system. Otherwise, code above # will signal an error saying that MANUFACTURER isn't an operating # system, and we'll never get to this point. case $basic_machine in *-acorn) os=-riscix1.2 ;; arm*-rebel) os=-linux ;; arm*-semi) os=-aout ;; # This must come before the *-dec entry. pdp10-*) os=-tops20 ;; pdp11-*) os=-none ;; *-dec | vax-*) os=-ultrix4.2 ;; m68*-apollo) os=-domain ;; i386-sun) os=-sunos4.0.2 ;; m68000-sun) os=-sunos3 # This also exists in the configure program, but was not the # default. # os=-sunos4 ;; m68*-cisco) os=-aout ;; mips*-cisco) os=-elf ;; mips*-*) os=-elf ;; or32-*) os=-coff ;; *-tti) # must be before sparc entry or we get the wrong os. os=-sysv3 ;; sparc-* | *-sun) os=-sunos4.1.1 ;; *-be) os=-beos ;; *-ibm) os=-aix ;; *-wec) os=-proelf ;; *-winbond) os=-proelf ;; *-oki) os=-proelf ;; *-hp) os=-hpux ;; *-hitachi) os=-hiux ;; i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) os=-sysv ;; *-cbm) os=-amigaos ;; *-dg) os=-dgux ;; *-dolphin) os=-sysv3 ;; m68k-ccur) os=-rtu ;; m88k-omron*) os=-luna ;; *-next ) os=-nextstep ;; *-sequent) os=-ptx ;; *-crds) os=-unos ;; *-ns) os=-genix ;; i370-*) os=-mvs ;; *-next) os=-nextstep3 ;; *-gould) os=-sysv ;; *-highlevel) os=-bsd ;; *-encore) os=-bsd ;; *-sgi) os=-irix ;; *-siemens) os=-sysv4 ;; *-masscomp) os=-rtu ;; f30[01]-fujitsu | f700-fujitsu) os=-uxpv ;; *-rom68k) os=-coff ;; *-*bug) os=-coff ;; *-apple) os=-macos ;; *-atari*) os=-mint ;; *) os=-none ;; esac fi # Here we handle the case where we know the os, and the CPU type, but not the # manufacturer. We pick the logical manufacturer. vendor=unknown case $basic_machine in *-unknown) case $os in -riscix*) vendor=acorn ;; -sunos*) vendor=sun ;; -aix*) vendor=ibm ;; -beos*) vendor=be ;; -hpux*) vendor=hp ;; -mpeix*) vendor=hp ;; -hiux*) vendor=hitachi ;; -unos*) vendor=crds ;; -dgux*) vendor=dg ;; -luna*) vendor=omron ;; -genix*) vendor=ns ;; -mvs* | -opened*) vendor=ibm ;; -ptx*) vendor=sequent ;; -vxsim* | -vxworks* | -windiss*) vendor=wrs ;; -aux*) vendor=apple ;; -hms*) vendor=hitachi ;; -mpw* | -macos*) vendor=apple ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) vendor=atari ;; -vos*) vendor=stratus ;; esac basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` ;; esac echo $basic_machine$os exit 0 # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: argus-2.0.6.fixes.1/config/install-sh0000775000076600007660000001272107464544762013111 #! /bin/sh # # install - install a program, script, or datafile # This comes from X11R5 (mit/util/scripts/install.sh). # # Copyright 1991 by the Massachusetts Institute of Technology # # Permission to use, copy, modify, distribute, and sell this software and its # documentation for any purpose is hereby granted without fee, provided that # the above copyright notice appear in all copies and that both that # copyright notice and this permission notice appear in supporting # documentation, and that the name of M.I.T. not be used in advertising or # publicity pertaining to distribution of the software without specific, # written prior permission. M.I.T. makes no representations about the # suitability of this software for any purpose. It is provided "as is" # without express or implied warranty. # # Calling this script install-sh is preferred over install.sh, to prevent # `make' implicit rules from creating a file called install from it # when there is no Makefile. # # This script is compatible with the BSD install script, but was written # from scratch. It can only install one file at a time, a restriction # shared with many OS's install programs. # set DOITPROG to echo to test this script # Don't use :- since 4.3BSD and earlier shells don't like it. doit="${DOITPROG-}" # put in absolute paths if you don't have them in your path; or use env. vars. mvprog="${MVPROG-mv}" cpprog="${CPPROG-cp}" chmodprog="${CHMODPROG-chmod}" chownprog="${CHOWNPROG-chown}" chgrpprog="${CHGRPPROG-chgrp}" stripprog="${STRIPPROG-strip}" rmprog="${RMPROG-rm}" mkdirprog="${MKDIRPROG-mkdir}" transformbasename="" transform_arg="" instcmd="$mvprog" chmodcmd="$chmodprog 0755" chowncmd="" chgrpcmd="" stripcmd="" rmcmd="$rmprog -f" mvcmd="$mvprog" src="" dst="" dir_arg="" while [ x"$1" != x ]; do case $1 in -c) instcmd="$cpprog" shift continue;; -d) dir_arg=true shift continue;; -m) chmodcmd="$chmodprog $2" shift shift continue;; -o) chowncmd="$chownprog $2" shift shift continue;; -g) chgrpcmd="$chgrpprog $2" shift shift continue;; -s) stripcmd="$stripprog" shift continue;; -t=*) transformarg=`echo $1 | sed 's/-t=//'` shift continue;; -b=*) transformbasename=`echo $1 | sed 's/-b=//'` shift continue;; *) if [ x"$src" = x ] then src=$1 else # this colon is to work around a 386BSD /bin/sh bug : dst=$1 fi shift continue;; esac done if [ x"$src" = x ] then echo "install: no input file specified" exit 1 else true fi if [ x"$dir_arg" != x ]; then dst=$src src="" if [ -d $dst ]; then instcmd=: else instcmd=mkdir fi else # Waiting for this to be detected by the "$instcmd $src $dsttmp" command # might cause directories to be created, which would be especially bad # if $src (and thus $dsttmp) contains '*'. if [ -f $src -o -d $src ] then true else echo "install: $src does not exist" exit 1 fi if [ x"$dst" = x ] then echo "install: no destination specified" exit 1 else true fi # If destination is a directory, append the input filename; if your system # does not like double slashes in filenames, you may need to add some logic if [ -d $dst ] then dst="$dst"/`basename $src` else true fi fi ## this sed command emulates the dirname command dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` # Make sure that the destination directory exists. # this part is taken from Noah Friedman's mkinstalldirs script # Skip lots of stat calls in the usual case. if [ ! -d "$dstdir" ]; then defaultIFS=' ' IFS="${IFS-${defaultIFS}}" oIFS="${IFS}" # Some sh's can't handle IFS=/ for some reason. IFS='%' set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` IFS="${oIFS}" pathcomp='' while [ $# -ne 0 ] ; do pathcomp="${pathcomp}${1}" shift if [ ! -d "${pathcomp}" ] ; then $mkdirprog "${pathcomp}" else true fi pathcomp="${pathcomp}/" done fi if [ x"$dir_arg" != x ] then $doit $instcmd $dst && if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi else # If we're going to rename the final executable, determine the name now. if [ x"$transformarg" = x ] then dstfile=`basename $dst` else dstfile=`basename $dst $transformbasename | sed $transformarg`$transformbasename fi # don't allow the sed command to completely eliminate the filename if [ x"$dstfile" = x ] then dstfile=`basename $dst` else true fi # Make a temp file name in the proper directory. dsttmp=$dstdir/#inst.$$# # Move or copy the file name to the temp name $doit $instcmd $src $dsttmp && trap "rm -f ${dsttmp}" 0 && # and set any options; do chmod last to preserve setuid bits # If any of these fail, we abort the whole thing. If we want to # ignore errors from any of these, just make sure not to ignore # errors from the above "$doit $instcmd $src $dsttmp" command. if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && # Now rename the file to the real destination. $doit $rmcmd -f $dstdir/$dstfile && $doit $mvcmd $dsttmp $dstdir/$dstfile fi && exit 0 argus-2.0.6.fixes.1/config/mkinstalldirs0000775000076600007660000000115007464544762013705 #!/bin/sh # Make directory hierarchy. # Written by Noah Friedman # Public domain. defaultIFS=' ' IFS="${IFS-${defaultIFS}}" for file in ${1+"$@"} ; do oIFS="${IFS}" # Some sh's can't handle IFS=/ for some reason. IFS='%' set - `echo ${file} | sed -e 's@/@%@g' -e 's@^%@/@'` IFS="${oIFS}" test ".${1}" = "." && shift pathcomp='' while test $# -ne 0 ; do pathcomp="${pathcomp}${1}" shift if test ! -d "${pathcomp}"; then echo "mkdir $pathcomp" 1>&2 mkdir "${pathcomp}" fi pathcomp="${pathcomp}/" done done # eof argus-2.0.6.fixes.1/configure0000775000076600007660000061506510047675544011553 #! /bin/sh # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.57. # # Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, 2002 # Free Software Foundation, Inc. # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. ## --------------------- ## ## M4sh Initialization. ## ## --------------------- ## # Be Bourne compatible if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then set -o posix fi # Support unset when possible. if (FOO=FOO; unset FOO) >/dev/null 2>&1; then as_unset=unset else as_unset=false fi # Work around bugs in pre-3.0 UWIN ksh. $as_unset ENV MAIL MAILPATH PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. for as_var in \ LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ LC_TELEPHONE LC_TIME do if (set +x; test -n "`(eval $as_var=C; export $as_var) 2>&1`"); then eval $as_var=C; export $as_var else $as_unset $as_var fi done # Required to use basename. if expr a : '\(a\)' >/dev/null 2>&1; then as_expr=expr else as_expr=false fi if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi # Name of the executable. as_me=`$as_basename "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)$' \| \ . : '\(.\)' 2>/dev/null || echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; } /^X\/\(\/\/\)$/{ s//\1/; q; } /^X\/\(\/\).*/{ s//\1/; q; } s/.*/./; q'` # PATH needs CR, and LINENO needs CR and PATH. # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then echo "#! /bin/sh" >conf$$.sh echo "exit 0" >>conf$$.sh chmod +x conf$$.sh if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then PATH_SEPARATOR=';' else PATH_SEPARATOR=: fi rm -f conf$$.sh fi as_lineno_1=$LINENO as_lineno_2=$LINENO as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` test "x$as_lineno_1" != "x$as_lineno_2" && test "x$as_lineno_3" = "x$as_lineno_2" || { # Find who we are. Look in the path if we contain no path at all # relative or not. case $0 in *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then { echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2 { (exit 1); exit 1; }; } fi case $CONFIG_SHELL in '') as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for as_base in sh bash ksh sh5; do case $as_dir in /*) if ("$as_dir/$as_base" -c ' as_lineno_1=$LINENO as_lineno_2=$LINENO as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` test "x$as_lineno_1" != "x$as_lineno_2" && test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; } $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; } CONFIG_SHELL=$as_dir/$as_base export CONFIG_SHELL exec "$CONFIG_SHELL" "$0" ${1+"$@"} fi;; esac done done ;; esac # Create $as_me.lineno as a copy of $as_myself, but with $LINENO # uniformly replaced by the line number. The first 'sed' inserts a # line-number line before each line; the second 'sed' does the real # work. The second script uses 'N' to pair each line-number line # with the numbered line, and appends trailing '-' during # substitution so that $LINENO is not a special case at line end. # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-) sed '=' <$as_myself | sed ' N s,$,-, : loop s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3, t loop s,-$,, s,^['$as_cr_digits']*\n,, ' >$as_me.lineno && chmod +x $as_me.lineno || { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 { (exit 1); exit 1; }; } # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensible to this). . ./$as_me.lineno # Exit status is that of the last command. exit } case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in *c*,-n*) ECHO_N= ECHO_C=' ' ECHO_T=' ' ;; *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;; *) ECHO_N= ECHO_C='\c' ECHO_T= ;; esac if expr a : '\(a\)' >/dev/null 2>&1; then as_expr=expr else as_expr=false fi rm -f conf$$ conf$$.exe conf$$.file echo >conf$$.file if ln -s conf$$.file conf$$ 2>/dev/null; then # We could just check for DJGPP; but this test a) works b) is more generic # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04). if test -f conf$$.exe; then # Don't use ln at all; we don't have any links as_ln_s='cp -p' else as_ln_s='ln -s' fi elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -p' fi rm -f conf$$ conf$$.exe conf$$.file if mkdir -p . 2>/dev/null; then as_mkdir_p=: else as_mkdir_p=false fi as_executable_p="test -f" # Sed expression to map a string onto a valid CPP name. as_tr_cpp="sed y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g" # Sed expression to map a string onto a valid variable name. as_tr_sh="sed y%*+%pp%;s%[^_$as_cr_alnum]%_%g" # IFS # We need space, tab and new line, in precisely that order. as_nl=' ' IFS=" $as_nl" # CDPATH. $as_unset CDPATH # Name of the host. # hostname on some systems (SVR3.2, Linux) returns a bogus exit status, # so uname gets run too. ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` exec 6>&1 # # Initializations. # ac_default_prefix=/usr/local ac_config_libobj_dir=. cross_compiling=no subdirs= MFLAGS= MAKEFLAGS= SHELL=${CONFIG_SHELL-/bin/sh} # Maximum number of lines to put in a shell here document. # This variable seems obsolete. It should probably be removed, and # only ac_max_sed_lines should be used. : ${ac_max_here_lines=38} # Identity of this package. PACKAGE_NAME= PACKAGE_TARNAME= PACKAGE_VERSION= PACKAGE_STRING= PACKAGE_BUGREPORT= ac_unique_file="server/argus.c" ac_default_prefix=/usr/local # Factoring default headers for most tests. ac_includes_default="\ #include #if HAVE_SYS_TYPES_H # include #endif #if HAVE_SYS_STAT_H # include #endif #if STDC_HEADERS # include # include #else # if HAVE_STDLIB_H # include # endif #endif #if HAVE_STRING_H # if !STDC_HEADERS && HAVE_MEMORY_H # include # endif # include #endif #if HAVE_STRINGS_H # include #endif #if HAVE_INTTYPES_H # include #else # if HAVE_STDINT_H # include # endif #endif #if HAVE_UNISTD_H # include #endif" ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os target target_cpu target_vendor target_os SHLICC2 CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT CPP SET_MAKE RANLIB ac_ct_RANLIB V_LEX V_YACC V_RANLIB EGREP LIB_SASL SASLFLAGS V_PCAP V_CCOPT V_INCLS V_PCAPDEP V_WRAPDEP COMPATLIB INSTALL_LIB INSTALL_BIN INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA LIBOBJS LTLIBOBJS' ac_subst_files='' # Initialize some variables set by options. ac_init_help= ac_init_version=false # The variables have the same names as the options, with # dashes changed to underlines. cache_file=/dev/null exec_prefix=NONE no_create= no_recursion= prefix=NONE program_prefix=NONE program_suffix=NONE program_transform_name=s,x,x, silent= site= srcdir= verbose= x_includes=NONE x_libraries=NONE # Installation directory options. # These are left unexpanded so users can "make install exec_prefix=/foo" # and all the variables that are supposed to be based on exec_prefix # by default will actually change. # Use braces instead of parens because sh, perl, etc. also accept them. bindir='${exec_prefix}/bin' sbindir='${exec_prefix}/sbin' libexecdir='${exec_prefix}/libexec' datadir='${prefix}/share' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' libdir='${exec_prefix}/lib' includedir='${prefix}/include' oldincludedir='/usr/include' infodir='${prefix}/info' mandir='${prefix}/man' ac_prev= for ac_option do # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval "$ac_prev=\$ac_option" ac_prev= continue fi ac_optarg=`expr "x$ac_option" : 'x[^=]*=\(.*\)'` # Accept the important Cygnus configure options, so we can diagnose typos. case $ac_option in -bindir | --bindir | --bindi | --bind | --bin | --bi) ac_prev=bindir ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) bindir=$ac_optarg ;; -build | --build | --buil | --bui | --bu) ac_prev=build_alias ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) build_alias=$ac_optarg ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) cache_file=$ac_optarg ;; --config-cache | -C) cache_file=config.cache ;; -datadir | --datadir | --datadi | --datad | --data | --dat | --da) ac_prev=datadir ;; -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \ | --da=*) datadir=$ac_optarg ;; -disable-* | --disable-*) ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null && { echo "$as_me: error: invalid feature name: $ac_feature" >&2 { (exit 1); exit 1; }; } ac_feature=`echo $ac_feature | sed 's/-/_/g'` eval "enable_$ac_feature=no" ;; -enable-* | --enable-*) ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null && { echo "$as_me: error: invalid feature name: $ac_feature" >&2 { (exit 1); exit 1; }; } ac_feature=`echo $ac_feature | sed 's/-/_/g'` case $ac_option in *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; *) ac_optarg=yes ;; esac eval "enable_$ac_feature='$ac_optarg'" ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | --exec | --exe | --ex) ac_prev=exec_prefix ;; -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) exec_prefix=$ac_optarg ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; -help | --help | --hel | --he | -h) ac_init_help=long ;; -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) ac_init_help=recursive ;; -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) ac_init_help=short ;; -host | --host | --hos | --ho) ac_prev=host_alias ;; -host=* | --host=* | --hos=* | --ho=*) host_alias=$ac_optarg ;; -includedir | --includedir | --includedi | --included | --include \ | --includ | --inclu | --incl | --inc) ac_prev=includedir ;; -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | --includ=* | --inclu=* | --incl=* | --inc=*) includedir=$ac_optarg ;; -infodir | --infodir | --infodi | --infod | --info | --inf) ac_prev=infodir ;; -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) infodir=$ac_optarg ;; -libdir | --libdir | --libdi | --libd) ac_prev=libdir ;; -libdir=* | --libdir=* | --libdi=* | --libd=*) libdir=$ac_optarg ;; -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | --libexe | --libex | --libe) ac_prev=libexecdir ;; -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | --libexe=* | --libex=* | --libe=*) libexecdir=$ac_optarg ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst \ | --locals | --local | --loca | --loc | --lo) ac_prev=localstatedir ;; -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* \ | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) localstatedir=$ac_optarg ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) mandir=$ac_optarg ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. with_fp=no ;; -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c | -n) no_create=yes ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) no_recursion=yes ;; -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ | --oldin | --oldi | --old | --ol | --o) ac_prev=oldincludedir ;; -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) oldincludedir=$ac_optarg ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) prefix=$ac_optarg ;; -program-prefix | --program-prefix | --program-prefi | --program-pref \ | --program-pre | --program-pr | --program-p) ac_prev=program_prefix ;; -program-prefix=* | --program-prefix=* | --program-prefi=* \ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) program_prefix=$ac_optarg ;; -program-suffix | --program-suffix | --program-suffi | --program-suff \ | --program-suf | --program-su | --program-s) ac_prev=program_suffix ;; -program-suffix=* | --program-suffix=* | --program-suffi=* \ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) program_suffix=$ac_optarg ;; -program-transform-name | --program-transform-name \ | --program-transform-nam | --program-transform-na \ | --program-transform-n | --program-transform- \ | --program-transform | --program-transfor \ | --program-transfo | --program-transf \ | --program-trans | --program-tran \ | --progr-tra | --program-tr | --program-t) ac_prev=program_transform_name ;; -program-transform-name=* | --program-transform-name=* \ | --program-transform-nam=* | --program-transform-na=* \ | --program-transform-n=* | --program-transform-=* \ | --program-transform=* | --program-transfor=* \ | --program-transfo=* | --program-transf=* \ | --program-trans=* | --program-tran=* \ | --progr-tra=* | --program-tr=* | --program-t=*) program_transform_name=$ac_optarg ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) sbindir=$ac_optarg ;; -sharedstatedir | --sharedstatedir | --sharedstatedi \ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ | --sharedst | --shareds | --shared | --share | --shar \ | --sha | --sh) ac_prev=sharedstatedir ;; -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | --sha=* | --sh=*) sharedstatedir=$ac_optarg ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) site=$ac_optarg ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) srcdir=$ac_optarg ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) sysconfdir=$ac_optarg ;; -target | --target | --targe | --targ | --tar | --ta | --t) ac_prev=target_alias ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) target_alias=$ac_optarg ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; -version | --version | --versio | --versi | --vers | -V) ac_init_version=: ;; -with-* | --with-*) ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null && { echo "$as_me: error: invalid package name: $ac_package" >&2 { (exit 1); exit 1; }; } ac_package=`echo $ac_package| sed 's/-/_/g'` case $ac_option in *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; *) ac_optarg=yes ;; esac eval "with_$ac_package='$ac_optarg'" ;; -without-* | --without-*) ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null && { echo "$as_me: error: invalid package name: $ac_package" >&2 { (exit 1); exit 1; }; } ac_package=`echo $ac_package | sed 's/-/_/g'` eval "with_$ac_package=no" ;; --x) # Obsolete; use --with-x. with_x=yes ;; -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ | --x-incl | --x-inc | --x-in | --x-i) ac_prev=x_includes ;; -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) x_includes=$ac_optarg ;; -x-libraries | --x-libraries | --x-librarie | --x-librari \ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; -*) { echo "$as_me: error: unrecognized option: $ac_option Try \`$0 --help' for more information." >&2 { (exit 1); exit 1; }; } ;; *=*) ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null && { echo "$as_me: error: invalid variable name: $ac_envvar" >&2 { (exit 1); exit 1; }; } ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` eval "$ac_envvar='$ac_optarg'" export $ac_envvar ;; *) # FIXME: should be removed in autoconf 3.0. echo "$as_me: WARNING: you should use --build, --host, --target" >&2 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && echo "$as_me: WARNING: invalid host type: $ac_option" >&2 : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} ;; esac done if test -n "$ac_prev"; then ac_option=--`echo $ac_prev | sed 's/_/-/g'` { echo "$as_me: error: missing argument to $ac_option" >&2 { (exit 1); exit 1; }; } fi # Be sure to have absolute paths. for ac_var in exec_prefix prefix do eval ac_val=$`echo $ac_var` case $ac_val in [\\/$]* | ?:[\\/]* | NONE | '' ) ;; *) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 { (exit 1); exit 1; }; };; esac done # Be sure to have absolute paths. for ac_var in bindir sbindir libexecdir datadir sysconfdir sharedstatedir \ localstatedir libdir includedir oldincludedir infodir mandir do eval ac_val=$`echo $ac_var` case $ac_val in [\\/$]* | ?:[\\/]* ) ;; *) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 { (exit 1); exit 1; }; };; esac done # There might be people who depend on the old broken behavior: `$host' # used to hold the argument of --host etc. # FIXME: To remove some day. build=$build_alias host=$host_alias target=$target_alias # FIXME: To remove some day. if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. If a cross compiler is detected then cross compile mode will be used." >&2 elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi fi ac_tool_prefix= test -n "$host_alias" && ac_tool_prefix=$host_alias- test "$silent" = yes && exec 6>/dev/null # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then its parent. ac_confdir=`(dirname "$0") 2>/dev/null || $as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$0" : 'X\(//\)[^/]' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| \ . : '\(.\)' 2>/dev/null || echo X"$0" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } /^X\(\/\/\)[^/].*/{ s//\1/; q; } /^X\(\/\/\)$/{ s//\1/; q; } /^X\(\/\).*/{ s//\1/; q; } s/.*/./; q'` srcdir=$ac_confdir if test ! -r $srcdir/$ac_unique_file; then srcdir=.. fi else ac_srcdir_defaulted=no fi if test ! -r $srcdir/$ac_unique_file; then if test "$ac_srcdir_defaulted" = yes; then { echo "$as_me: error: cannot find sources ($ac_unique_file) in $ac_confdir or .." >&2 { (exit 1); exit 1; }; } else { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2 { (exit 1); exit 1; }; } fi fi (cd $srcdir && test -r ./$ac_unique_file) 2>/dev/null || { echo "$as_me: error: sources are in $srcdir, but \`cd $srcdir' does not work" >&2 { (exit 1); exit 1; }; } srcdir=`echo "$srcdir" | sed 's%\([^\\/]\)[\\/]*$%\1%'` ac_env_build_alias_set=${build_alias+set} ac_env_build_alias_value=$build_alias ac_cv_env_build_alias_set=${build_alias+set} ac_cv_env_build_alias_value=$build_alias ac_env_host_alias_set=${host_alias+set} ac_env_host_alias_value=$host_alias ac_cv_env_host_alias_set=${host_alias+set} ac_cv_env_host_alias_value=$host_alias ac_env_target_alias_set=${target_alias+set} ac_env_target_alias_value=$target_alias ac_cv_env_target_alias_set=${target_alias+set} ac_cv_env_target_alias_value=$target_alias ac_env_CC_set=${CC+set} ac_env_CC_value=$CC ac_cv_env_CC_set=${CC+set} ac_cv_env_CC_value=$CC ac_env_CFLAGS_set=${CFLAGS+set} ac_env_CFLAGS_value=$CFLAGS ac_cv_env_CFLAGS_set=${CFLAGS+set} ac_cv_env_CFLAGS_value=$CFLAGS ac_env_LDFLAGS_set=${LDFLAGS+set} ac_env_LDFLAGS_value=$LDFLAGS ac_cv_env_LDFLAGS_set=${LDFLAGS+set} ac_cv_env_LDFLAGS_value=$LDFLAGS ac_env_CPPFLAGS_set=${CPPFLAGS+set} ac_env_CPPFLAGS_value=$CPPFLAGS ac_cv_env_CPPFLAGS_set=${CPPFLAGS+set} ac_cv_env_CPPFLAGS_value=$CPPFLAGS ac_env_CPP_set=${CPP+set} ac_env_CPP_value=$CPP ac_cv_env_CPP_set=${CPP+set} ac_cv_env_CPP_value=$CPP # # Report the --help message. # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF \`configure' configures this package to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets. Configuration: -h, --help display this help and exit --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit -q, --quiet, --silent do not print \`checking...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files --srcdir=DIR find the sources in DIR [configure dir or \`..'] _ACEOF cat <<_ACEOF Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] By default, \`make install' will install all the files in \`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify an installation prefix other than \`$ac_default_prefix' using \`--prefix', for instance \`--prefix=\$HOME'. For better control, use the options below. Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] --datadir=DIR read-only architecture-independent data [PREFIX/share] --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] --infodir=DIR info documentation [PREFIX/info] --mandir=DIR man documentation [PREFIX/man] _ACEOF cat <<\_ACEOF System types: --build=BUILD configure for building on BUILD [guessed] --host=HOST cross-compile to build programs to run on HOST [BUILD] --target=TARGET configure for building compilers for TARGET [HOST] _ACEOF fi if test -n "$ac_init_help"; then cat <<\_ACEOF Optional Features: --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --disable-largefile omit support for large files Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --without-gcc don't use gcc --with-pcap=TYPE use packet capture TYPE --with-sasl=DIR|yes use libsasl in no Some influential environment variables: CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a nonstandard directory CPPFLAGS C/C++ preprocessor flags, e.g. -I if you have headers in a nonstandard directory CPP C preprocessor Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. _ACEOF fi if test "$ac_init_help" = "recursive"; then # If there are subdirs, report their specific --help. ac_popdir=`pwd` for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue test -d $ac_dir || continue ac_builddir=. if test "$ac_dir" != .; then ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` # A "../" for each directory in $ac_dir_suffix. ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` else ac_dir_suffix= ac_top_builddir= fi case $srcdir in .) # No --srcdir option. We are building in place. ac_srcdir=. if test -z "$ac_top_builddir"; then ac_top_srcdir=. else ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` fi ;; [\\/]* | ?:[\\/]* ) # Absolute path. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ;; *) # Relative path. ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_builddir$srcdir ;; esac # Don't blindly perform a `cd "$ac_dir"/$ac_foo && pwd` since $ac_foo can be # absolute. ac_abs_builddir=`cd "$ac_dir" && cd $ac_builddir && pwd` ac_abs_top_builddir=`cd "$ac_dir" && cd ${ac_top_builddir}. && pwd` ac_abs_srcdir=`cd "$ac_dir" && cd $ac_srcdir && pwd` ac_abs_top_srcdir=`cd "$ac_dir" && cd $ac_top_srcdir && pwd` cd $ac_dir # Check for guested configure; otherwise get Cygnus style configure. if test -f $ac_srcdir/configure.gnu; then echo $SHELL $ac_srcdir/configure.gnu --help=recursive elif test -f $ac_srcdir/configure; then echo $SHELL $ac_srcdir/configure --help=recursive elif test -f $ac_srcdir/configure.ac || test -f $ac_srcdir/configure.in; then echo $ac_configure --help else echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 fi cd $ac_popdir done fi test -n "$ac_init_help" && exit 0 if $ac_init_version; then cat <<\_ACEOF Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF exit 0 fi exec 5>config.log cat >&5 <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by $as_me, which was generated by GNU Autoconf 2.57. Invocation command line was $ $0 $@ _ACEOF { cat <<_ASUNAME ## --------- ## ## Platform. ## ## --------- ## hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` hostinfo = `(hostinfo) 2>/dev/null || echo unknown` /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` _ASUNAME as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. echo "PATH: $as_dir" done } >&5 cat >&5 <<_ACEOF ## ----------- ## ## Core tests. ## ## ----------- ## _ACEOF # Keep a trace of the command line. # Strip out --no-create and --no-recursion so they do not pile up. # Strip out --silent because we don't want to record it for future runs. # Also quote any args containing shell meta-characters. # Make two passes to allow for proper duplicate-argument suppression. ac_configure_args= ac_configure_args0= ac_configure_args1= ac_sep= ac_must_keep_next=false for ac_pass in 1 2 do for ac_arg do case $ac_arg in -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) continue ;; *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*) ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac case $ac_pass in 1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;; 2) ac_configure_args1="$ac_configure_args1 '$ac_arg'" if test $ac_must_keep_next = true; then ac_must_keep_next=false # Got value, back to normal. else case $ac_arg in *=* | --config-cache | -C | -disable-* | --disable-* \ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ | -with-* | --with-* | -without-* | --without-* | --x) case "$ac_configure_args0 " in "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; esac ;; -* ) ac_must_keep_next=true ;; esac fi ac_configure_args="$ac_configure_args$ac_sep'$ac_arg'" # Get rid of the leading space. ac_sep=" " ;; esac done done $as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; } $as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; } # When interrupted or exit'd, cleanup temporary files, and complete # config.log. We remove comments because anyway the quotes in there # would cause problems or look ugly. # WARNING: Be sure not to use single quotes in there, as some shells, # such as our DU 5.0 friend, will then `close' the trap. trap 'exit_status=$? # Save into config.log some information that might help in debugging. { echo cat <<\_ASBOX ## ---------------- ## ## Cache variables. ## ## ---------------- ## _ASBOX echo # The following way of writing the cache mishandles newlines in values, { (set) 2>&1 | case `(ac_space='"'"' '"'"'; set | grep ac_space) 2>&1` in *ac_space=\ *) sed -n \ "s/'"'"'/'"'"'\\\\'"'"''"'"'/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='"'"'\\2'"'"'/p" ;; *) sed -n \ "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p" ;; esac; } echo cat <<\_ASBOX ## ----------------- ## ## Output variables. ## ## ----------------- ## _ASBOX echo for ac_var in $ac_subst_vars do eval ac_val=$`echo $ac_var` echo "$ac_var='"'"'$ac_val'"'"'" done | sort echo if test -n "$ac_subst_files"; then cat <<\_ASBOX ## ------------- ## ## Output files. ## ## ------------- ## _ASBOX echo for ac_var in $ac_subst_files do eval ac_val=$`echo $ac_var` echo "$ac_var='"'"'$ac_val'"'"'" done | sort echo fi if test -s confdefs.h; then cat <<\_ASBOX ## ----------- ## ## confdefs.h. ## ## ----------- ## _ASBOX echo sed "/^$/d" confdefs.h | sort echo fi test "$ac_signal" != 0 && echo "$as_me: caught signal $ac_signal" echo "$as_me: exit $exit_status" } >&5 rm -f core core.* *.core && rm -rf conftest* confdefs* conf$$* $ac_clean_files && exit $exit_status ' 0 for ac_signal in 1 2 13 15; do trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal done ac_signal=0 # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -rf conftest* confdefs.h # AIX cpp loses on an empty file, so make sure it contains at least a newline. echo >confdefs.h # Predefined preprocessor variables. cat >>confdefs.h <<_ACEOF #define PACKAGE_NAME "$PACKAGE_NAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_TARNAME "$PACKAGE_TARNAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_VERSION "$PACKAGE_VERSION" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_STRING "$PACKAGE_STRING" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" _ACEOF # Let the site file select an alternate cache file if it wants to. # Prefer explicitly selected file to automatically selected ones. if test -z "$CONFIG_SITE"; then if test "x$prefix" != xNONE; then CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site" else CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" fi fi for ac_site_file in $CONFIG_SITE; do if test -r "$ac_site_file"; then { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5 echo "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" fi done if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special # files actually), so we avoid doing that. if test -f "$cache_file"; then { echo "$as_me:$LINENO: loading cache $cache_file" >&5 echo "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . $cache_file;; *) . ./$cache_file;; esac fi else { echo "$as_me:$LINENO: creating cache $cache_file" >&5 echo "$as_me: creating cache $cache_file" >&6;} >$cache_file fi # Check that the precious variables saved in the cache have kept the same # value. ac_cache_corrupted=false for ac_var in `(set) 2>&1 | sed -n 's/^ac_env_\([a-zA-Z_0-9]*\)_set=.*/\1/p'`; do eval ac_old_set=\$ac_cv_env_${ac_var}_set eval ac_new_set=\$ac_env_${ac_var}_set eval ac_old_val="\$ac_cv_env_${ac_var}_value" eval ac_new_val="\$ac_env_${ac_var}_value" case $ac_old_set,$ac_new_set in set,) { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) { echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5 echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) if test "x$ac_old_val" != "x$ac_new_val"; then { echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5 echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} { echo "$as_me:$LINENO: former value: $ac_old_val" >&5 echo "$as_me: former value: $ac_old_val" >&2;} { echo "$as_me:$LINENO: current value: $ac_new_val" >&5 echo "$as_me: current value: $ac_new_val" >&2;} ac_cache_corrupted=: fi;; esac # Pass precious variables to config.status. if test "$ac_new_set" = set; then case $ac_new_val in *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*) ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; *) ac_arg=$ac_var=$ac_new_val ;; esac case " $ac_configure_args " in *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. *) ac_configure_args="$ac_configure_args '$ac_arg'" ;; esac fi done if $ac_cache_corrupted; then { echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5 echo "$as_me: error: changes in the environment can compromise the build" >&2;} { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5 echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;} { (exit 1); exit 1; }; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu ac_aux_dir= for ac_dir in config $srcdir/config; do if test -f $ac_dir/install-sh; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install-sh -c" break elif test -f $ac_dir/install.sh; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install.sh -c" break elif test -f $ac_dir/shtool; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/shtool install -c" break fi done if test -z "$ac_aux_dir"; then { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in config $srcdir/config" >&5 echo "$as_me: error: cannot find install-sh or install.sh in config $srcdir/config" >&2;} { (exit 1); exit 1; }; } fi ac_config_guess="$SHELL $ac_aux_dir/config.guess" ac_config_sub="$SHELL $ac_aux_dir/config.sub" ac_configure="$SHELL $ac_aux_dir/configure" # This should be Cygnus configure. # Make sure we can run config.sub. $ac_config_sub sun4 >/dev/null 2>&1 || { { echo "$as_me:$LINENO: error: cannot run $ac_config_sub" >&5 echo "$as_me: error: cannot run $ac_config_sub" >&2;} { (exit 1); exit 1; }; } echo "$as_me:$LINENO: checking build system type" >&5 echo $ECHO_N "checking build system type... $ECHO_C" >&6 if test "${ac_cv_build+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_cv_build_alias=$build_alias test -z "$ac_cv_build_alias" && ac_cv_build_alias=`$ac_config_guess` test -z "$ac_cv_build_alias" && { { echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5 echo "$as_me: error: cannot guess build type; you must specify one" >&2;} { (exit 1); exit 1; }; } ac_cv_build=`$ac_config_sub $ac_cv_build_alias` || { { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_build_alias failed" >&5 echo "$as_me: error: $ac_config_sub $ac_cv_build_alias failed" >&2;} { (exit 1); exit 1; }; } fi echo "$as_me:$LINENO: result: $ac_cv_build" >&5 echo "${ECHO_T}$ac_cv_build" >&6 build=$ac_cv_build build_cpu=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` build_vendor=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` build_os=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` echo "$as_me:$LINENO: checking host system type" >&5 echo $ECHO_N "checking host system type... $ECHO_C" >&6 if test "${ac_cv_host+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_cv_host_alias=$host_alias test -z "$ac_cv_host_alias" && ac_cv_host_alias=$ac_cv_build_alias ac_cv_host=`$ac_config_sub $ac_cv_host_alias` || { { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_host_alias failed" >&5 echo "$as_me: error: $ac_config_sub $ac_cv_host_alias failed" >&2;} { (exit 1); exit 1; }; } fi echo "$as_me:$LINENO: result: $ac_cv_host" >&5 echo "${ECHO_T}$ac_cv_host" >&6 host=$ac_cv_host host_cpu=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` host_vendor=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` host_os=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` echo "$as_me:$LINENO: checking target system type" >&5 echo $ECHO_N "checking target system type... $ECHO_C" >&6 if test "${ac_cv_target+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_cv_target_alias=$target_alias test "x$ac_cv_target_alias" = "x" && ac_cv_target_alias=$ac_cv_host_alias ac_cv_target=`$ac_config_sub $ac_cv_target_alias` || { { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_target_alias failed" >&5 echo "$as_me: error: $ac_config_sub $ac_cv_target_alias failed" >&2;} { (exit 1); exit 1; }; } fi echo "$as_me:$LINENO: result: $ac_cv_target" >&5 echo "${ECHO_T}$ac_cv_target" >&6 target=$ac_cv_target target_cpu=`echo $ac_cv_target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` target_vendor=`echo $ac_cv_target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` target_os=`echo $ac_cv_target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` # The aliases save the names the user supplied, while $host etc. # will get canonicalized. test -n "$target_alias" && test "$program_prefix$program_suffix$program_transform_name" = \ NONENONEs,x,x, && program_prefix=${target_alias}- # Check whether --with-gcc or --without-gcc was given. if test "${with_gcc+set}" = set; then withval="$with_gcc" fi; V_CCOPT="-O" V_INCLS="" if test "${srcdir}" != "." ; then V_INCLS="-I\$(srcdir)" fi if test "${CFLAGS+set}" = set; then LBL_CFLAGS="$CFLAGS" fi if test -z "$CC" ; then case "$target_os" in bsdi*) # Extract the first word of "shlicc2", so it can be a program name with args. set dummy shlicc2; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_SHLICC2+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$SHLICC2"; then ac_cv_prog_SHLICC2="$SHLICC2" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_SHLICC2="yes" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done test -z "$ac_cv_prog_SHLICC2" && ac_cv_prog_SHLICC2="no" fi fi SHLICC2=$ac_cv_prog_SHLICC2 if test -n "$SHLICC2"; then echo "$as_me:$LINENO: result: $SHLICC2" >&5 echo "${ECHO_T}$SHLICC2" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi if test $SHLICC2 = yes ; then CC=shlicc2 export CC fi ;; esac fi if test -z "$CC" -a "$with_gcc" = no ; then CC=cc export CC fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. set dummy ${ac_tool_prefix}gcc; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}gcc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then echo "$as_me:$LINENO: result: $CC" >&5 echo "${ECHO_T}$CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi fi if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_ac_ct_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="gcc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 echo "${ECHO_T}$ac_ct_CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi CC=$ac_ct_CC else CC="$ac_cv_prog_CC" fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. set dummy ${ac_tool_prefix}cc; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}cc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then echo "$as_me:$LINENO: result: $CC" >&5 echo "${ECHO_T}$CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi fi if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_ac_ct_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="cc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 echo "${ECHO_T}$ac_ct_CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi CC=$ac_ct_CC else CC="$ac_cv_prog_CC" fi fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done if test $ac_prog_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $ac_cv_prog_CC shift if test $# != 0; then # We chose a different compiler from the bogus one. # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" fi fi fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then echo "$as_me:$LINENO: result: $CC" >&5 echo "${ECHO_T}$CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then for ac_prog in cl do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then echo "$as_me:$LINENO: result: $CC" >&5 echo "${ECHO_T}$CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi test -n "$CC" && break done fi if test -z "$CC"; then ac_ct_CC=$CC for ac_prog in cl do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_ac_ct_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="$ac_prog" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 echo "${ECHO_T}$ac_ct_CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi test -n "$ac_ct_CC" && break done CC=$ac_ct_CC fi fi test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH See \`config.log' for more details." >&5 echo "$as_me: error: no acceptable C compiler found in \$PATH See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } # Provide some information about the compiler. echo "$as_me:$LINENO:" \ "checking for C compiler version" >&5 ac_compiler=`set X $ac_compile; echo $2` { (eval echo "$as_me:$LINENO: \"$ac_compiler --version &5\"") >&5 (eval $ac_compiler --version &5) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } { (eval echo "$as_me:$LINENO: \"$ac_compiler -v &5\"") >&5 (eval $ac_compiler -v &5) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } { (eval echo "$as_me:$LINENO: \"$ac_compiler -V &5\"") >&5 (eval $ac_compiler -V &5) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files a.out a.exe b.out" # Try to create an executable without -o first, disregard a.out. # It will help us diagnose broken compilers, and finding out an intuition # of exeext. echo "$as_me:$LINENO: checking for C compiler default output" >&5 echo $ECHO_N "checking for C compiler default output... $ECHO_C" >&6 ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` if { (eval echo "$as_me:$LINENO: \"$ac_link_default\"") >&5 (eval $ac_link_default) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then # Find the output, starting from the most likely. This scheme is # not robust to junk in `.', hence go to wildcards (a.*) only as a last # resort. # Be careful to initialize this variable, since it used to be cached. # Otherwise an old cache value of `no' led to `EXEEXT = no' in a Makefile. ac_cv_exeext= # b.out is created by i960 compilers. for ac_file in a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj ) ;; conftest.$ac_ext ) # This is the source file. ;; [ab].out ) # We found the default executable, but exeext='' is most # certainly right. break;; *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` # FIXME: I believe we export ac_cv_exeext for Libtool, # but it would be cool to find out if it's true. Does anybody # maintain Libtool? --akim. export ac_cv_exeext break;; * ) break;; esac done else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { echo "$as_me:$LINENO: error: C compiler cannot create executables See \`config.log' for more details." >&5 echo "$as_me: error: C compiler cannot create executables See \`config.log' for more details." >&2;} { (exit 77); exit 77; }; } fi ac_exeext=$ac_cv_exeext echo "$as_me:$LINENO: result: $ac_file" >&5 echo "${ECHO_T}$ac_file" >&6 # Check the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. echo "$as_me:$LINENO: checking whether the C compiler works" >&5 echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6 # FIXME: These cross compiler hacks should be removed for Autoconf 3.0 # If not cross compiling, check that we can run a simple program. if test "$cross_compiling" != yes; then if { ac_try='./$ac_file' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then cross_compiling=no else if test "$cross_compiling" = maybe; then cross_compiling=yes else { { echo "$as_me:$LINENO: error: cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details." >&5 echo "$as_me: error: cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } fi fi fi echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6 rm -f a.out a.exe conftest$ac_cv_exeext b.out ac_clean_files=$ac_clean_files_save # Check the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. echo "$as_me:$LINENO: checking whether we are cross compiling" >&5 echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6 echo "$as_me:$LINENO: result: $cross_compiling" >&5 echo "${ECHO_T}$cross_compiling" >&6 echo "$as_me:$LINENO: checking for suffix of executables" >&5 echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6 if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then # If both `conftest.exe' and `conftest' are `present' (well, observable) # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will # work properly (i.e., refer to `conftest.exe'), while it won't with # `rm'. for ac_file in conftest.exe conftest conftest.*; do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj ) ;; *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` export ac_cv_exeext break;; * ) break;; esac done else { { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link See \`config.log' for more details." >&5 echo "$as_me: error: cannot compute suffix of executables: cannot compile and link See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } fi rm -f conftest$ac_cv_exeext echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5 echo "${ECHO_T}$ac_cv_exeext" >&6 rm -f conftest.$ac_ext EXEEXT=$ac_cv_exeext ac_exeext=$EXEEXT echo "$as_me:$LINENO: checking for suffix of object files" >&5 echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6 if test "${ac_cv_objext+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.o conftest.obj if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then for ac_file in `(ls conftest.o conftest.obj; ls conftest.*) 2>/dev/null`; do case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg ) ;; *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` break;; esac done else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile See \`config.log' for more details." >&5 echo "$as_me: error: cannot compute suffix of object files: cannot compile See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi echo "$as_me:$LINENO: result: $ac_cv_objext" >&5 echo "${ECHO_T}$ac_cv_objext" >&6 OBJEXT=$ac_cv_objext ac_objext=$OBJEXT echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5 echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6 if test "${ac_cv_c_compiler_gnu+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { #ifndef __GNUC__ choke me #endif ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_compiler_gnu=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_compiler_gnu=no fi rm -f conftest.$ac_objext conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu fi echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5 echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6 GCC=`test $ac_compiler_gnu = yes && echo yes` ac_test_CFLAGS=${CFLAGS+set} ac_save_CFLAGS=$CFLAGS CFLAGS="-g" echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5 echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6 if test "${ac_cv_prog_cc_g+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_prog_cc_g=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_prog_cc_g=no fi rm -f conftest.$ac_objext conftest.$ac_ext fi echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 echo "${ECHO_T}$ac_cv_prog_cc_g" >&6 if test "$ac_test_CFLAGS" = set; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then CFLAGS="-g -O2" else CFLAGS="-g" fi else if test "$GCC" = yes; then CFLAGS="-O2" else CFLAGS= fi fi echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5 echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6 if test "${ac_cv_prog_cc_stdc+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_cv_prog_cc_stdc=no ac_save_CC=$CC cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #include #include /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); static char *e (p, i) char **p; int i; { return p[i]; } static char *f (char * (*g) (char **, int), char **p, ...) { char *s; va_list v; va_start (v,p); s = g (p, va_arg (v,int)); va_end (v); return s; } int test (int i, double x); struct s1 {int (*f) (int a);}; struct s2 {int (*f) (double a);}; int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); int argc; char **argv; int main () { return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; ; return 0; } _ACEOF # Don't try gcc -ansi; that turns off useful extensions and # breaks some systems' header files. # AIX -qlanglvl=ansi # Ultrix and OSF/1 -std1 # HP-UX 10.20 and later -Ae # HP-UX older versions -Aa -D_HPUX_SOURCE # SVR4 -Xc -D__EXTENSIONS__ for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_prog_cc_stdc=$ac_arg break else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.$ac_objext done rm -f conftest.$ac_ext conftest.$ac_objext CC=$ac_save_CC fi case "x$ac_cv_prog_cc_stdc" in x|xno) echo "$as_me:$LINENO: result: none needed" >&5 echo "${ECHO_T}none needed" >&6 ;; *) echo "$as_me:$LINENO: result: $ac_cv_prog_cc_stdc" >&5 echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6 CC="$CC $ac_cv_prog_cc_stdc" ;; esac # Some people use a C++ compiler to compile C. Since we use `exit', # in C++ we need to declare it. In case someone uses the same compiler # for both compiling C and C++ we need to have the C++ compiler decide # the declaration of exit, since it's the most demanding environment. cat >conftest.$ac_ext <<_ACEOF #ifndef __cplusplus choke me #endif _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then for ac_declaration in \ ''\ '#include ' \ 'extern "C" void std::exit (int) throw (); using std::exit;' \ 'extern "C" void std::exit (int); using std::exit;' \ 'extern "C" void exit (int) throw ();' \ 'extern "C" void exit (int);' \ 'void exit (int);' do cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include $ac_declaration int main () { exit (42); ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then : else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 continue fi rm -f conftest.$ac_objext conftest.$ac_ext cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_declaration int main () { exit (42); ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then break else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.$ac_objext conftest.$ac_ext done rm -f conftest* if test -n "$ac_declaration"; then echo '#ifdef __cplusplus' >>confdefs.h echo $ac_declaration >>confdefs.h echo '#endif' >>confdefs.h fi else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.$ac_objext conftest.$ac_ext ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test "$GCC" = yes ; then if test "$SHLICC2" = yes ; then ac_cv_lbl_gcc_vers=2 V_CCOPT="-O2" else echo "$as_me:$LINENO: checking gcc version" >&5 echo $ECHO_N "checking gcc version... $ECHO_C" >&6 if test "${ac_cv_lbl_gcc_vers+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_cv_lbl_gcc_vers=`$CC -v 2>&1 | \ sed -e '/^gcc version /!d' \ -e 's/^gcc version //' \ -e 's/ .*//' -e 's/^[^0-9]*//' \ -e 's/\..*//'` fi echo "$as_me:$LINENO: result: $ac_cv_lbl_gcc_vers" >&5 echo "${ECHO_T}$ac_cv_lbl_gcc_vers" >&6 if test $ac_cv_lbl_gcc_vers -gt 1 ; then V_CCOPT="-O2" fi fi else echo "$as_me:$LINENO: checking that $CC handles ansi prototypes" >&5 echo $ECHO_N "checking that $CC handles ansi prototypes... $ECHO_C" >&6 if test "${ac_cv_lbl_cc_ansi_prototypes+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include int main () { int frob(int, char *) ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lbl_cc_ansi_prototypes=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lbl_cc_ansi_prototypes=no fi rm -f conftest.$ac_objext conftest.$ac_ext fi echo "$as_me:$LINENO: result: $ac_cv_lbl_cc_ansi_prototypes" >&5 echo "${ECHO_T}$ac_cv_lbl_cc_ansi_prototypes" >&6 if test $ac_cv_lbl_cc_ansi_prototypes = no ; then case "$target_os" in hpux*) echo "$as_me:$LINENO: checking for HP-UX ansi compiler ($CC -Aa -D_HPUX_SOURCE)" >&5 echo $ECHO_N "checking for HP-UX ansi compiler ($CC -Aa -D_HPUX_SOURCE)... $ECHO_C" >&6 savedcflags="$CFLAGS" CFLAGS="-Aa -D_HPUX_SOURCE $CFLAGS" if test "${ac_cv_lbl_cc_hpux_cc_aa+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include int main () { int frob(int, char *) ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lbl_cc_hpux_cc_aa=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lbl_cc_hpux_cc_aa=no fi rm -f conftest.$ac_objext conftest.$ac_ext fi echo "$as_me:$LINENO: result: $ac_cv_lbl_cc_hpux_cc_aa" >&5 echo "${ECHO_T}$ac_cv_lbl_cc_hpux_cc_aa" >&6 if test $ac_cv_lbl_cc_hpux_cc_aa = no ; then { { echo "$as_me:$LINENO: error: see the INSTALL doc for more info" >&5 echo "$as_me: error: see the INSTALL doc for more info" >&2;} { (exit 1); exit 1; }; } fi CFLAGS="$savedcflags" V_CCOPT="-Aa $V_CCOPT" cat >>confdefs.h <<\_ACEOF #define _HPUX_SOURCE 1 _ACEOF ;; *) { { echo "$as_me:$LINENO: error: see the INSTALL doc for more info" >&5 echo "$as_me: error: see the INSTALL doc for more info" >&2;} { (exit 1); exit 1; }; } ;; esac fi V_INCLS="$V_INCLS -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib" case "$target_os" in irix*) V_CCOPT="$V_CCOPT -xansi -signed -g3" ;; osf*) V_CCOPT="$V_CCOPT -std1 -g3" ;; ultrix*) echo "$as_me:$LINENO: checking that Ultrix $CC hacks const in prototypes" >&5 echo $ECHO_N "checking that Ultrix $CC hacks const in prototypes... $ECHO_C" >&6 if test "${ac_cv_lbl_cc_const_proto+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include int main () { struct a { int b; }; void c(const struct a *) ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lbl_cc_const_proto=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lbl_cc_const_proto=no fi rm -f conftest.$ac_objext conftest.$ac_ext fi echo "$as_me:$LINENO: result: $ac_cv_lbl_cc_const_proto" >&5 echo "${ECHO_T}$ac_cv_lbl_cc_const_proto" >&6 if test $ac_cv_lbl_cc_const_proto = no ; then cat >>confdefs.h <<\_ACEOF #define const _ACEOF fi ;; esac fi echo "$as_me:$LINENO: checking for inline" >&5 echo $ECHO_N "checking for inline... $ECHO_C" >&6 if test "${ac_cv_c_inline+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_cv_c_inline=no for ac_kw in inline __inline__ __inline; do cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #ifndef __cplusplus typedef int foo_t; static $ac_kw foo_t static_foo () {return 0; } $ac_kw foo_t foo () {return 0; } #endif _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_c_inline=$ac_kw; break else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.$ac_objext conftest.$ac_ext done fi echo "$as_me:$LINENO: result: $ac_cv_c_inline" >&5 echo "${ECHO_T}$ac_cv_c_inline" >&6 case $ac_cv_c_inline in inline | yes) ;; no) cat >>confdefs.h <<\_ACEOF #define inline _ACEOF ;; *) cat >>confdefs.h <<_ACEOF #define inline $ac_cv_c_inline _ACEOF ;; esac ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. set dummy ${ac_tool_prefix}gcc; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}gcc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then echo "$as_me:$LINENO: result: $CC" >&5 echo "${ECHO_T}$CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi fi if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_ac_ct_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="gcc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 echo "${ECHO_T}$ac_ct_CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi CC=$ac_ct_CC else CC="$ac_cv_prog_CC" fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. set dummy ${ac_tool_prefix}cc; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}cc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then echo "$as_me:$LINENO: result: $CC" >&5 echo "${ECHO_T}$CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi fi if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_ac_ct_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="cc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 echo "${ECHO_T}$ac_ct_CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi CC=$ac_ct_CC else CC="$ac_cv_prog_CC" fi fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done if test $ac_prog_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $ac_cv_prog_CC shift if test $# != 0; then # We chose a different compiler from the bogus one. # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" fi fi fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then echo "$as_me:$LINENO: result: $CC" >&5 echo "${ECHO_T}$CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then for ac_prog in cl do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then echo "$as_me:$LINENO: result: $CC" >&5 echo "${ECHO_T}$CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi test -n "$CC" && break done fi if test -z "$CC"; then ac_ct_CC=$CC for ac_prog in cl do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_ac_ct_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="$ac_prog" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 echo "${ECHO_T}$ac_ct_CC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi test -n "$ac_ct_CC" && break done CC=$ac_ct_CC fi fi test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH See \`config.log' for more details." >&5 echo "$as_me: error: no acceptable C compiler found in \$PATH See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } # Provide some information about the compiler. echo "$as_me:$LINENO:" \ "checking for C compiler version" >&5 ac_compiler=`set X $ac_compile; echo $2` { (eval echo "$as_me:$LINENO: \"$ac_compiler --version &5\"") >&5 (eval $ac_compiler --version &5) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } { (eval echo "$as_me:$LINENO: \"$ac_compiler -v &5\"") >&5 (eval $ac_compiler -v &5) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } { (eval echo "$as_me:$LINENO: \"$ac_compiler -V &5\"") >&5 (eval $ac_compiler -V &5) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5 echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6 if test "${ac_cv_c_compiler_gnu+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { #ifndef __GNUC__ choke me #endif ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_compiler_gnu=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_compiler_gnu=no fi rm -f conftest.$ac_objext conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu fi echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5 echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6 GCC=`test $ac_compiler_gnu = yes && echo yes` ac_test_CFLAGS=${CFLAGS+set} ac_save_CFLAGS=$CFLAGS CFLAGS="-g" echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5 echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6 if test "${ac_cv_prog_cc_g+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_prog_cc_g=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_prog_cc_g=no fi rm -f conftest.$ac_objext conftest.$ac_ext fi echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 echo "${ECHO_T}$ac_cv_prog_cc_g" >&6 if test "$ac_test_CFLAGS" = set; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then CFLAGS="-g -O2" else CFLAGS="-g" fi else if test "$GCC" = yes; then CFLAGS="-O2" else CFLAGS= fi fi echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5 echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6 if test "${ac_cv_prog_cc_stdc+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_cv_prog_cc_stdc=no ac_save_CC=$CC cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #include #include /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); static char *e (p, i) char **p; int i; { return p[i]; } static char *f (char * (*g) (char **, int), char **p, ...) { char *s; va_list v; va_start (v,p); s = g (p, va_arg (v,int)); va_end (v); return s; } int test (int i, double x); struct s1 {int (*f) (int a);}; struct s2 {int (*f) (double a);}; int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); int argc; char **argv; int main () { return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; ; return 0; } _ACEOF # Don't try gcc -ansi; that turns off useful extensions and # breaks some systems' header files. # AIX -qlanglvl=ansi # Ultrix and OSF/1 -std1 # HP-UX 10.20 and later -Ae # HP-UX older versions -Aa -D_HPUX_SOURCE # SVR4 -Xc -D__EXTENSIONS__ for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_prog_cc_stdc=$ac_arg break else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.$ac_objext done rm -f conftest.$ac_ext conftest.$ac_objext CC=$ac_save_CC fi case "x$ac_cv_prog_cc_stdc" in x|xno) echo "$as_me:$LINENO: result: none needed" >&5 echo "${ECHO_T}none needed" >&6 ;; *) echo "$as_me:$LINENO: result: $ac_cv_prog_cc_stdc" >&5 echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6 CC="$CC $ac_cv_prog_cc_stdc" ;; esac # Some people use a C++ compiler to compile C. Since we use `exit', # in C++ we need to declare it. In case someone uses the same compiler # for both compiling C and C++ we need to have the C++ compiler decide # the declaration of exit, since it's the most demanding environment. cat >conftest.$ac_ext <<_ACEOF #ifndef __cplusplus choke me #endif _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then for ac_declaration in \ ''\ '#include ' \ 'extern "C" void std::exit (int) throw (); using std::exit;' \ 'extern "C" void std::exit (int); using std::exit;' \ 'extern "C" void exit (int) throw ();' \ 'extern "C" void exit (int);' \ 'void exit (int);' do cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include $ac_declaration int main () { exit (42); ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then : else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 continue fi rm -f conftest.$ac_objext conftest.$ac_ext cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_declaration int main () { exit (42); ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then break else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.$ac_objext conftest.$ac_ext done rm -f conftest* if test -n "$ac_declaration"; then echo '#ifdef __cplusplus' >>confdefs.h echo $ac_declaration >>confdefs.h echo '#endif' >>confdefs.h fi else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.$ac_objext conftest.$ac_ext ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5 echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6 # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then if test "${ac_cv_prog_CPP+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else # Double quotes because CPP needs to be expanded for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" do ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag else ac_cpp_err= fi else ac_cpp_err=yes fi if test -z "$ac_cpp_err"; then : else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Broken: fails on valid input. continue fi rm -f conftest.err conftest.$ac_ext # OK, works on sane cases. Now check whether non-existent headers # can be detected and how. cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag else ac_cpp_err= fi else ac_cpp_err=yes fi if test -z "$ac_cpp_err"; then # Broken: success on invalid input. continue else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.err conftest.$ac_ext if $ac_preproc_ok; then break fi done ac_cv_prog_CPP=$CPP fi CPP=$ac_cv_prog_CPP else ac_cv_prog_CPP=$CPP fi echo "$as_me:$LINENO: result: $CPP" >&5 echo "${ECHO_T}$CPP" >&6 ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag else ac_cpp_err= fi else ac_cpp_err=yes fi if test -z "$ac_cpp_err"; then : else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Broken: fails on valid input. continue fi rm -f conftest.err conftest.$ac_ext # OK, works on sane cases. Now check whether non-existent headers # can be detected and how. cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag else ac_cpp_err= fi else ac_cpp_err=yes fi if test -z "$ac_cpp_err"; then # Broken: success on invalid input. continue else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.err conftest.$ac_ext if $ac_preproc_ok; then : else { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check See \`config.log' for more details." >&5 echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5 echo $ECHO_N "checking whether ${MAKE-make} sets \$(MAKE)... $ECHO_C" >&6 set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y,./+-,__p_,'` if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.make <<\_ACEOF all: @echo 'ac_maketemp="$(MAKE)"' _ACEOF # GNU make sometimes prints "make[1]: Entering...", which would confuse us. eval `${MAKE-make} -f conftest.make 2>/dev/null | grep temp=` if test -n "$ac_maketemp"; then eval ac_cv_prog_make_${ac_make}_set=yes else eval ac_cv_prog_make_${ac_make}_set=no fi rm -f conftest.make fi if eval "test \"`echo '$ac_cv_prog_make_'${ac_make}_set`\" = yes"; then echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6 SET_MAKE= else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 SET_MAKE="MAKE=${MAKE-make}" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. set dummy ${ac_tool_prefix}ranlib; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_RANLIB+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$RANLIB"; then ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi RANLIB=$ac_cv_prog_RANLIB if test -n "$RANLIB"; then echo "$as_me:$LINENO: result: $RANLIB" >&5 echo "${ECHO_T}$RANLIB" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi fi if test -z "$ac_cv_prog_RANLIB"; then ac_ct_RANLIB=$RANLIB # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_RANLIB"; then ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_RANLIB="ranlib" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done test -z "$ac_cv_prog_ac_ct_RANLIB" && ac_cv_prog_ac_ct_RANLIB=":" fi fi ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB if test -n "$ac_ct_RANLIB"; then echo "$as_me:$LINENO: result: $ac_ct_RANLIB" >&5 echo "${ECHO_T}$ac_ct_RANLIB" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi RANLIB=$ac_ct_RANLIB else RANLIB="$ac_cv_prog_RANLIB" fi for ac_prog in flex do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_V_LEX+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$V_LEX"; then ac_cv_prog_V_LEX="$V_LEX" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_V_LEX="$ac_prog" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi V_LEX=$ac_cv_prog_V_LEX if test -n "$V_LEX"; then echo "$as_me:$LINENO: result: $V_LEX" >&5 echo "${ECHO_T}$V_LEX" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi test -n "$V_LEX" && break done test -n "$V_LEX" || V_LEX="lex" if test "$V_LEX" = flex ; then echo "$as_me:$LINENO: checking for flex 2.4 or higher" >&5 echo $ECHO_N "checking for flex 2.4 or higher... $ECHO_C" >&6 if test "${ac_cv_lbl_flex_v24+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if flex -V >/dev/null 2>&1; then ac_cv_lbl_flex_v24=yes else ac_cv_lbl_flex_v24=no fi fi echo "$as_me:$LINENO: result: $ac_cv_lbl_flex_v24" >&5 echo "${ECHO_T}$ac_cv_lbl_flex_v24" >&6 if test $ac_cv_lbl_flex_v24 = no ; then s="2.4 or higher required" { echo "$as_me:$LINENO: WARNING: ignoring obsolete flex executable ($s)" >&5 echo "$as_me: WARNING: ignoring obsolete flex executable ($s)" >&2;} V_LEX=lex fi else { { echo "$as_me:$LINENO: error: flex not found. see the INSTALL for more info" >&5 echo "$as_me: error: flex not found. see the INSTALL for more info" >&2;} { (exit 1); exit 1; }; } fi for ac_prog in bison do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_V_YACC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$V_YACC"; then ac_cv_prog_V_YACC="$V_YACC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_V_YACC="$ac_prog" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi V_YACC=$ac_cv_prog_V_YACC if test -n "$V_YACC"; then echo "$as_me:$LINENO: result: $V_YACC" >&5 echo "${ECHO_T}$V_YACC" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi test -n "$V_YACC" && break done test -n "$V_YACC" || V_YACC="yacc" if test "$V_YACC" = bison ; then V_YACC="$V_YACC -y" else { { echo "$as_me:$LINENO: error: bison not found. see the INSTALL for more info" >&5 echo "$as_me: error: bison not found. see the INSTALL for more info" >&2;} { (exit 1); exit 1; }; } fi if test "$V_LEX" = flex -a -n "argus_" ; then V_LEX="$V_LEX -Pargus_" V_YACC="$V_YACC -p argus_" fi for ac_prog in ranlib do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_V_RANLIB+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$V_RANLIB"; then ac_cv_prog_V_RANLIB="$V_RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_V_RANLIB="$ac_prog" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done fi fi V_RANLIB=$ac_cv_prog_V_RANLIB if test -n "$V_RANLIB"; then echo "$as_me:$LINENO: result: $V_RANLIB" >&5 echo "${ECHO_T}$V_RANLIB" >&6 else echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 fi test -n "$V_RANLIB" && break done test -n "$V_RANLIB" || V_RANLIB="@true" if test -z "$with_pcap" && test "$cross_compiling" = yes; then { { echo "$as_me:$LINENO: error: pcap type not determined when cross-compiling; use --with-pcap=..." >&5 echo "$as_me: error: pcap type not determined when cross-compiling; use --with-pcap=..." >&2;} { (exit 1); exit 1; }; } fi # Check whether --with-pcap or --without-pcap was given. if test "${with_pcap+set}" = set; then withval="$with_pcap" fi; echo "$as_me:$LINENO: checking packet capture type" >&5 echo $ECHO_N "checking packet capture type... $ECHO_C" >&6 if test ! -z "$with_pcap" ; then V_PCAP="$withval" elif test -r /dev/bpf0 ; then V_PCAP=bpf elif test -r /usr/include/net/pfilt.h ; then V_PCAP=pf elif test -r /dev/enet ; then V_PCAP=enet elif test -r /dev/nit ; then V_PCAP=snit elif test -r /usr/include/sys/net/nit.h ; then V_PCAP=nit elif test -r /usr/include/net/raw.h ; then V_PCAP=snoop elif test -r /usr/include/sys/dlpi.h ; then V_PCAP=dlpi elif test -r /usr/include/linux/socket.h ; then V_PCAP=linux elif test -c /dev/bpf0 ; then # check again in case not readable V_PCAP=bpf elif test -c /dev/enet ; then # check again in case not readable V_PCAP=enet elif test -c /dev/nit ; then # check again in case not readable V_PCAP=snit else V_PCAP=null fi echo "$as_me:$LINENO: result: $V_PCAP" >&5 echo "${ECHO_T}$V_PCAP" >&6 echo "$as_me:$LINENO: checking if unaligned accesses fail" >&5 echo $ECHO_N "checking if unaligned accesses fail... $ECHO_C" >&6 if test "${ac_cv_lbl_unaligned_fail+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else case "$target_cpu" in # XXX: should also check that they don't do weird things (like on arm) alpha*|arm*|hp*|mips|sparc) ac_cv_lbl_unaligned_fail=yes ;; *) cat >conftest.c < # include # include unsigned char a[5] = { 1, 2, 3, 4, 5 }; main() { unsigned int i; pid_t pid; int status; /* avoid "core dumped" message */ pid = fork(); if (pid < 0) exit(2); if (pid > 0) { /* parent */ pid = waitpid(pid, &status, 0); if (pid < 0) exit(3); exit(!WIFEXITED(status)); } /* child */ i = *(unsigned int *)&a[1]; printf("%d\n", i); exit(0); } EOF ${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS \ conftest.c $LIBS >/dev/null 2>&1 if test ! -x conftest ; then ac_cv_lbl_unaligned_fail=yes else ./conftest >conftest.out if test ! -s conftest.out ; then ac_cv_lbl_unaligned_fail=yes else ac_cv_lbl_unaligned_fail=no fi fi rm -f conftest* core core.conftest ;; esac fi echo "$as_me:$LINENO: result: $ac_cv_lbl_unaligned_fail" >&5 echo "${ECHO_T}$ac_cv_lbl_unaligned_fail" >&6 if test $ac_cv_lbl_unaligned_fail = yes ; then cat >>confdefs.h <<\_ACEOF #define LBL_ALIGN 1 _ACEOF fi rm -f os-proto.h if test "${LBL_CFLAGS+set}" = set; then V_CCOPT="$V_CCOPT ${LBL_CFLAGS}" fi if test -f .devel ; then if test "$GCC" = yes ; then if test "${LBL_CFLAGS+set}" != set; then if test "$ac_cv_prog_cc_g" = yes ; then V_CCOPT="-g $V_CCOPT" fi V_CCOPT="$V_CCOPT -Wall" if test $ac_cv_lbl_gcc_vers -gt 1 ; then V_CCOPT="$V_CCOPT -Wmissing-prototypes -Wstrict-prototypes" fi fi else case "$target_os" in irix6*) V_CCOPT="$V_CCOPT -n32" ;; *) ;; esac fi fi if test -f .debug ; then cat >> confdefs.h <<\EOF #define ARGUSDEBUG 1 EOF fi echo "$as_me:$LINENO: checking for egrep" >&5 echo $ECHO_N "checking for egrep... $ECHO_C" >&6 if test "${ac_cv_prog_egrep+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if echo a | (grep -E '(a|b)') >/dev/null 2>&1 then ac_cv_prog_egrep='grep -E' else ac_cv_prog_egrep='egrep' fi fi echo "$as_me:$LINENO: result: $ac_cv_prog_egrep" >&5 echo "${ECHO_T}$ac_cv_prog_egrep" >&6 EGREP=$ac_cv_prog_egrep echo "$as_me:$LINENO: checking for ANSI C header files" >&5 echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6 if test "${ac_cv_header_stdc+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #include #include int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_header_stdc=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_header_stdc=no fi rm -f conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "memchr" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "free" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : else cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #if ((' ' & 0x0FF) == 0x020) # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ || ('j' <= (c) && (c) <= 'r') \ || ('s' <= (c) && (c) <= 'z')) # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) #endif #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2); exit (0); } _ACEOF rm -f conftest$ac_exeext if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then : else echo "$as_me: program exited with status $ac_status" >&5 echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ( exit $ac_status ) ac_cv_header_stdc=no fi rm -f core core.* *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi fi fi echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5 echo "${ECHO_T}$ac_cv_header_stdc" >&6 if test $ac_cv_header_stdc = yes; then cat >>confdefs.h <<\_ACEOF #define STDC_HEADERS 1 _ACEOF fi # On IRIX 5.3, sys/types and inttypes.h are conflicting. for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ inttypes.h stdint.h unistd.h do as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` echo "$as_me:$LINENO: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 if eval "test \"\${$as_ac_Header+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include <$ac_header> _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_Header=yes" else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 eval "$as_ac_Header=no" fi rm -f conftest.$ac_objext conftest.$ac_ext fi echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 if test `eval echo '${'$as_ac_Header'}'` = yes; then cat >>confdefs.h <<_ACEOF #define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done # Check whether --with-sasl or --without-sasl was given. if test "${with_sasl+set}" = set; then withval="$with_sasl" with_sasl="$withval" else with_sasl=no fi; SASLFLAGS="" LIB_SASL="" if test "$with_sasl" != no ; then cmu_saved_CPPFLAGS=$CPPFLAGS cmu_saved_LDFLAGS=$LDFLAGS cmu_saved_LIBS=$LIBS if test -d ${with_sasl}; then ac_cv_sasl_where_lib=${with_sasl}/lib ac_cv_sasl_where_inc=${with_sasl}/include SASLFLAGS="-I$ac_cv_sasl_where_inc" LIB_SASL="-L$ac_cv_sasl_where_lib" CPPFLAGS="${cmu_saved_CPPFLAGS} -I${ac_cv_sasl_where_inc}" LDFLAGS="${cmu_saved_LDFLAGS} -L${ac_cv_sasl_where_lib}" fi if test "${ac_cv_header_sasl_h+set}" = set; then echo "$as_me:$LINENO: checking for sasl.h" >&5 echo $ECHO_N "checking for sasl.h... $ECHO_C" >&6 if test "${ac_cv_header_sasl_h+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 fi echo "$as_me:$LINENO: result: $ac_cv_header_sasl_h" >&5 echo "${ECHO_T}$ac_cv_header_sasl_h" >&6 else # Is the header compilable? echo "$as_me:$LINENO: checking sasl.h usability" >&5 echo $ECHO_N "checking sasl.h usability... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_header_compiler=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f conftest.$ac_objext conftest.$ac_ext echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 echo "${ECHO_T}$ac_header_compiler" >&6 # Is the header present? echo "$as_me:$LINENO: checking sasl.h presence" >&5 echo $ECHO_N "checking sasl.h presence... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag else ac_cpp_err= fi else ac_cpp_err=yes fi if test -z "$ac_cpp_err"; then ac_header_preproc=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 echo "${ECHO_T}$ac_header_preproc" >&6 # So? What about this header? case $ac_header_compiler:$ac_header_preproc in yes:no ) { echo "$as_me:$LINENO: WARNING: sasl.h: accepted by the compiler, rejected by the preprocessor!" >&5 echo "$as_me: WARNING: sasl.h: accepted by the compiler, rejected by the preprocessor!" >&2;} { echo "$as_me:$LINENO: WARNING: sasl.h: proceeding with the preprocessor's result" >&5 echo "$as_me: WARNING: sasl.h: proceeding with the preprocessor's result" >&2;} ( cat <<\_ASBOX ## ------------------------------------ ## ## Report this to bug-autoconf@gnu.org. ## ## ------------------------------------ ## _ASBOX ) | sed "s/^/$as_me: WARNING: /" >&2 ;; no:yes ) { echo "$as_me:$LINENO: WARNING: sasl.h: present but cannot be compiled" >&5 echo "$as_me: WARNING: sasl.h: present but cannot be compiled" >&2;} { echo "$as_me:$LINENO: WARNING: sasl.h: check for missing prerequisite headers?" >&5 echo "$as_me: WARNING: sasl.h: check for missing prerequisite headers?" >&2;} { echo "$as_me:$LINENO: WARNING: sasl.h: proceeding with the preprocessor's result" >&5 echo "$as_me: WARNING: sasl.h: proceeding with the preprocessor's result" >&2;} ( cat <<\_ASBOX ## ------------------------------------ ## ## Report this to bug-autoconf@gnu.org. ## ## ------------------------------------ ## _ASBOX ) | sed "s/^/$as_me: WARNING: /" >&2 ;; esac echo "$as_me:$LINENO: checking for sasl.h" >&5 echo $ECHO_N "checking for sasl.h... $ECHO_C" >&6 if test "${ac_cv_header_sasl_h+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_cv_header_sasl_h=$ac_header_preproc fi echo "$as_me:$LINENO: result: $ac_cv_header_sasl_h" >&5 echo "${ECHO_T}$ac_cv_header_sasl_h" >&6 fi if test $ac_cv_header_sasl_h = yes; then echo "$as_me:$LINENO: checking for sasl_getprop in -lsasl" >&5 echo $ECHO_N "checking for sasl_getprop in -lsasl... $ECHO_C" >&6 if test "${ac_cv_lib_sasl_sasl_getprop+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsasl $LIBS" cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any gcc2 internal prototype to avoid an error. */ #ifdef __cplusplus extern "C" #endif /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char sasl_getprop (); int main () { sasl_getprop (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_sasl_sasl_getprop=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_sasl_sasl_getprop=no fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi echo "$as_me:$LINENO: result: $ac_cv_lib_sasl_sasl_getprop" >&5 echo "${ECHO_T}$ac_cv_lib_sasl_sasl_getprop" >&6 if test $ac_cv_lib_sasl_sasl_getprop = yes; then ac_cv_found_sasl=yes else ac_cv_found_sasl=no fi else ac_cv_found_sasl=no fi LIBS="$cmu_saved_LIBS" LDFLAGS="$cmu_saved_LDFLAGS" CPPFLAGS="$cmu_saved_CPPFLAGS" if test "$ac_cv_found_sasl" = yes; then LIB_SASL="$LIB_SASL -lsasl" if test "$with_sasl" != no; then cat >>confdefs.h <<\_ACEOF #define ARGUS_SASL 1 _ACEOF fi else LIB_SASL="" SASLFLAGS="" fi fi # Check whether --enable-largefile or --disable-largefile was given. if test "${enable_largefile+set}" = set; then enableval="$enable_largefile" fi; if test "$enable_largefile" != no; then echo "$as_me:$LINENO: checking for special C compiler options needed for large files" >&5 echo $ECHO_N "checking for special C compiler options needed for large files... $ECHO_C" >&6 if test "${ac_cv_sys_largefile_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_cv_sys_largefile_CC=no if test "$GCC" != yes; then ac_save_CC=$CC while :; do # IRIX 6.2 and later do not support large files by default, # so use the C compiler's -n32 option if that helps. cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then break else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.$ac_objext CC="$CC -n32" rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_sys_largefile_CC=' -n32'; break else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.$ac_objext break done CC=$ac_save_CC rm -f conftest.$ac_ext fi fi echo "$as_me:$LINENO: result: $ac_cv_sys_largefile_CC" >&5 echo "${ECHO_T}$ac_cv_sys_largefile_CC" >&6 if test "$ac_cv_sys_largefile_CC" != no; then CC=$CC$ac_cv_sys_largefile_CC fi echo "$as_me:$LINENO: checking for _FILE_OFFSET_BITS value needed for large files" >&5 echo $ECHO_N "checking for _FILE_OFFSET_BITS value needed for large files... $ECHO_C" >&6 if test "${ac_cv_sys_file_offset_bits+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else while :; do ac_cv_sys_file_offset_bits=no cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then break else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.$ac_objext conftest.$ac_ext cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #define _FILE_OFFSET_BITS 64 #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_sys_file_offset_bits=64; break else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.$ac_objext conftest.$ac_ext break done fi echo "$as_me:$LINENO: result: $ac_cv_sys_file_offset_bits" >&5 echo "${ECHO_T}$ac_cv_sys_file_offset_bits" >&6 if test "$ac_cv_sys_file_offset_bits" != no; then cat >>confdefs.h <<_ACEOF #define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits _ACEOF fi rm -f conftest* echo "$as_me:$LINENO: checking for _LARGE_FILES value needed for large files" >&5 echo $ECHO_N "checking for _LARGE_FILES value needed for large files... $ECHO_C" >&6 if test "${ac_cv_sys_large_files+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else while :; do ac_cv_sys_large_files=no cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then break else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.$ac_objext conftest.$ac_ext cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #define _LARGE_FILES 1 #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_sys_large_files=1; break else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.$ac_objext conftest.$ac_ext break done fi echo "$as_me:$LINENO: result: $ac_cv_sys_large_files" >&5 echo "${ECHO_T}$ac_cv_sys_large_files" >&6 if test "$ac_cv_sys_large_files" != no; then cat >>confdefs.h <<_ACEOF #define _LARGE_FILES $ac_cv_sys_large_files _ACEOF fi rm -f conftest* fi # Most operating systems have gethostbyname() in the default searched # libraries (i.e. libc): # Some OSes (eg. Solaris) place it in libnsl # Some strange OSes (SINIX) have it in libsocket: echo "$as_me:$LINENO: checking for library containing gethostbyname" >&5 echo $ECHO_N "checking for library containing gethostbyname... $ECHO_C" >&6 if test "${ac_cv_search_gethostbyname+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_func_search_save_LIBS=$LIBS ac_cv_search_gethostbyname=no cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any gcc2 internal prototype to avoid an error. */ #ifdef __cplusplus extern "C" #endif /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char gethostbyname (); int main () { gethostbyname (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_gethostbyname="none required" else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext if test "$ac_cv_search_gethostbyname" = no; then for ac_lib in nsl socket resolv; do LIBS="-l$ac_lib $ac_func_search_save_LIBS" cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any gcc2 internal prototype to avoid an error. */ #ifdef __cplusplus extern "C" #endif /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char gethostbyname (); int main () { gethostbyname (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_gethostbyname="-l$ac_lib" break else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext done fi LIBS=$ac_func_search_save_LIBS fi echo "$as_me:$LINENO: result: $ac_cv_search_gethostbyname" >&5 echo "${ECHO_T}$ac_cv_search_gethostbyname" >&6 if test "$ac_cv_search_gethostbyname" != no; then test "$ac_cv_search_gethostbyname" = "none required" || LIBS="$ac_cv_search_gethostbyname $LIBS" fi # Unfortunately libsocket sometimes depends on libnsl and # AC_SEARCH_LIBS isn't up to the task of handling dependencies like this. if test "$ac_cv_search_gethostbyname" = "no" then echo "$as_me:$LINENO: checking for gethostbyname in -lsocket" >&5 echo $ECHO_N "checking for gethostbyname in -lsocket... $ECHO_C" >&6 if test "${ac_cv_lib_socket_gethostbyname+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsocket -lnsl $LIBS" cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any gcc2 internal prototype to avoid an error. */ #ifdef __cplusplus extern "C" #endif /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char gethostbyname (); int main () { gethostbyname (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_socket_gethostbyname=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_socket_gethostbyname=no fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi echo "$as_me:$LINENO: result: $ac_cv_lib_socket_gethostbyname" >&5 echo "${ECHO_T}$ac_cv_lib_socket_gethostbyname" >&6 if test $ac_cv_lib_socket_gethostbyname = yes; then LIBS="-lsocket -lnsl $LIBS" fi fi echo "$as_me:$LINENO: checking for library containing socket" >&5 echo $ECHO_N "checking for library containing socket... $ECHO_C" >&6 if test "${ac_cv_search_socket+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_func_search_save_LIBS=$LIBS ac_cv_search_socket=no cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any gcc2 internal prototype to avoid an error. */ #ifdef __cplusplus extern "C" #endif /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char socket (); int main () { socket (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_socket="none required" else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext if test "$ac_cv_search_socket" = no; then for ac_lib in socket; do LIBS="-l$ac_lib $ac_func_search_save_LIBS" cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any gcc2 internal prototype to avoid an error. */ #ifdef __cplusplus extern "C" #endif /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char socket (); int main () { socket (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_socket="-l$ac_lib" break else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext done fi LIBS=$ac_func_search_save_LIBS fi echo "$as_me:$LINENO: result: $ac_cv_search_socket" >&5 echo "${ECHO_T}$ac_cv_search_socket" >&6 if test "$ac_cv_search_socket" != no; then test "$ac_cv_search_socket" = "none required" || LIBS="$ac_cv_search_socket $LIBS" else echo "$as_me:$LINENO: checking for socket in -lsocket" >&5 echo $ECHO_N "checking for socket in -lsocket... $ECHO_C" >&6 if test "${ac_cv_lib_socket_socket+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsocket -lnsl $LIBS" cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any gcc2 internal prototype to avoid an error. */ #ifdef __cplusplus extern "C" #endif /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char socket (); int main () { socket (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_socket_socket=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_socket_socket=no fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi echo "$as_me:$LINENO: result: $ac_cv_lib_socket_socket" >&5 echo "${ECHO_T}$ac_cv_lib_socket_socket" >&6 if test $ac_cv_lib_socket_socket = yes; then LIBS="-lsocket -lnsl $LIBS" fi fi # DLPI needs putmsg under HPUX so test for -lstr while we're at it echo "$as_me:$LINENO: checking for library containing putmsg" >&5 echo $ECHO_N "checking for library containing putmsg... $ECHO_C" >&6 if test "${ac_cv_search_putmsg+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_func_search_save_LIBS=$LIBS ac_cv_search_putmsg=no cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any gcc2 internal prototype to avoid an error. */ #ifdef __cplusplus extern "C" #endif /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char putmsg (); int main () { putmsg (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_putmsg="none required" else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext if test "$ac_cv_search_putmsg" = no; then for ac_lib in str; do LIBS="-l$ac_lib $ac_func_search_save_LIBS" cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any gcc2 internal prototype to avoid an error. */ #ifdef __cplusplus extern "C" #endif /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char putmsg (); int main () { putmsg (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_putmsg="-l$ac_lib" break else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext done fi LIBS=$ac_func_search_save_LIBS fi echo "$as_me:$LINENO: result: $ac_cv_search_putmsg" >&5 echo "${ECHO_T}$ac_cv_search_putmsg" >&6 if test "$ac_cv_search_putmsg" != no; then test "$ac_cv_search_putmsg" = "none required" || LIBS="$ac_cv_search_putmsg $LIBS" fi LBL_LIBS="$LIBS" pfopen=/usr/examples/packetfilter/pfopen.c if test -f $pfopen ; then for ac_func in pfopen do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` echo "$as_me:$LINENO: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 if eval "test \"\${$as_ac_var+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif /* Override any gcc2 internal prototype to avoid an error. */ #ifdef __cplusplus extern "C" { #endif /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char $ac_func (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else char (*f) () = $ac_func; #endif #ifdef __cplusplus } #endif int main () { return f != $ac_func; ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_var=yes" else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 eval "$as_ac_var=no" fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <<_ACEOF #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done if test $ac_cv_func_pfopen = "no" ; then echo "$as_me:$LINENO: result: Using $pfopen" >&5 echo "${ECHO_T}Using $pfopen" >&6 LIBS="$LIBS $pfopen" fi fi echo "$as_me:$LINENO: checking for local pcap library" >&5 echo $ECHO_N "checking for local pcap library... $ECHO_C" >&6 libpcap=FAIL pcapdir=FAIL lastdir=FAIL places=`ls .. | sed -e 's,/$,,' -e 's,^,../,' | \ egrep '/libpcap-[0-9]*.[0-9]*(.[0-9]*)?([ab][0-9]*)?$'` for dir in $places ../libpcap libpcap ; do basedir=`echo $dir | sed -e 's/[ab][0-9]*$//'` if test $lastdir = $basedir ; then continue; fi lastdir=$dir if test -r $dir/libpcap.a ; then libpcap=$dir/libpcap.a d=$dir if test -f $dir/pcap.h ; then pcapdir=$dir else pcapdir=FAIL fi fi done if test $libpcap = FAIL ; then if test -f /usr/local/lib/libpcap.a ; then libpcap=/usr/local/lib/libpcap.a if test -f /usr/local/include/pcap.h ; then pcapdir=/usr/local/include else libpcap=FAIL fi fi fi if test $libpcap = FAIL ; then echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 echo "$as_me:$LINENO: checking for main in -lpcap" >&5 echo $ECHO_N "checking for main in -lpcap... $ECHO_C" >&6 if test "${ac_cv_lib_pcap_main+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lpcap $LIBS" cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { main (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_pcap_main=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_pcap_main=no fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi echo "$as_me:$LINENO: result: $ac_cv_lib_pcap_main" >&5 echo "${ECHO_T}$ac_cv_lib_pcap_main" >&6 if test $ac_cv_lib_pcap_main = yes; then libpcap="-lpcap" fi fi if test $libpcap = FAIL ; then echo "$as_me:$LINENO: checking for local wpcap library" >&5 echo $ECHO_N "checking for local wpcap library... $ECHO_C" >&6 dir=../wpdpack/Lib if test -r $dir/libwpcap.a ; then libpcap=$dir/libwpcap.a pcapdir=../wpdpack/Include fi if test $libpcap = FAIL ; then echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 echo "$as_me:$LINENO: checking for main in -lwpcap" >&5 echo $ECHO_N "checking for main in -lwpcap... $ECHO_C" >&6 if test "${ac_cv_lib_wpcap_main+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lwpcap $LIBS" cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { main (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_wpcap_main=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_wpcap_main=no fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi echo "$as_me:$LINENO: result: $ac_cv_lib_wpcap_main" >&5 echo "${ECHO_T}$ac_cv_lib_wpcap_main" >&6 if test $ac_cv_lib_wpcap_main = yes; then libpcap="-lwpcap" fi fi fi if ! test $libpcap = FAIL ; then V_PCAPDEP=$libpcap echo "$as_me:$LINENO: checking for pcap.h" >&5 echo $ECHO_N "checking for pcap.h... $ECHO_C" >&6 if test $pcapdir = FAIL; then if test $libpcap = "-lpcap" ; then for dir in /usr/local/include/pcap /usr/include /usr/include/pcap; do if test -f $dir/pcap.h ; then pcapdir=$dir fi done else places=`ls $srcdir/.. | sed -e 's,/$,,' -e "s,^,$srcdir/../," | \ egrep '/libpcap-[0-9]*.[0-9]*(.[0-9]*)?([ab][0-9]*)?$'` for dir in $places ../wpdpack/Include ; do if test -f $dir/pcap.h ; then pcapdir=$dir fi done fi if test $pcapdir = FAIL; then echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 { { echo "$as_me:$LINENO: error: cannot find pcap.h" >&5 echo "$as_me: error: cannot find pcap.h" >&2;} { (exit see INSTALL); exit see INSTALL; }; } fi fi if ! test $pcapdir = FAIL; then echo "$as_me:$LINENO: result: yes $pcapdir" >&5 echo "${ECHO_T}yes $pcapdir" >&6 tdir=`echo $pcapdir | sed -e 's/^\.\./..\/../'` V_INCLS="-I$tdir $V_INCLS" fi else { { echo "$as_me:$LINENO: error: cannot find packet capture library" >&5 echo "$as_me: error: cannot find packet capture library" >&2;} { (exit see INSTALL); exit see INSTALL; }; } fi case "$host_os" in aix*) pseexe="/lib/pse.exp" echo "$as_me:$LINENO: checking for $pseexe" >&5 echo $ECHO_N "checking for $pseexe... $ECHO_C" >&6 if test -f $pseexe ; then echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6 LIBS="$LIBS -I:$pseexe" fi ;; esac if test ! -z "$V_PCAPDEP"; then if test -f $V_PCAPDEP; then if test -f lib/libpcap.a; then rm -rf lib/libpcap.a fi pcapdir=`echo $V_PCAPDEP | sed -e 's/^\.\./..\/../'` ln -s $pcapdir lib/libpcap.a V_PCAPDEP="../lib/libpcap.a" else if test $V_PCAPDEP = "-lpcap" ; then if test -f lib/libpcap.a; then rm -rf lib/libpcap.a fi fi if test $V_PCAPDEP = "-lwpcap" ; then if test -f lib/libpcap.a; then rm -rf lib/libpcap.a fi fi fi LIBS="$LIBS $V_PCAPDEP" fi echo "$as_me:$LINENO: checking for local tcp_wrappers library" >&5 echo $ECHO_N "checking for local tcp_wrappers library... $ECHO_C" >&6 libwrap=FAIL lastdir=FAIL pwdir=`pwd` places=`ls .. | sed -e 's,/$,,' -e 's,^,../,' | egrep 'tcp_wrappers'` for dir in $places; do if test $lastdir = $dir ; then continue; fi lastdir=$dir if test -r $dir/libwrap.a ; then libwrap=$dir/libwrap.a d=$dir fi done if test $libwrap = FAIL ; then echo "$as_me:$LINENO: result: not found" >&5 echo "${ECHO_T}not found" >&6 echo "$as_me:$LINENO: checking for system tcp_wrappers library" >&5 echo $ECHO_N "checking for system tcp_wrappers library... $ECHO_C" >&6 echo "$as_me:$LINENO: checking for main in -lwrap" >&5 echo $ECHO_N "checking for main in -lwrap... $ECHO_C" >&6 if test "${ac_cv_lib_wrap_main+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lwrap $LIBS" cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { main (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_wrap_main=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_wrap_main=no fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi echo "$as_me:$LINENO: result: $ac_cv_lib_wrap_main" >&5 echo "${ECHO_T}$ac_cv_lib_wrap_main" >&6 if test $ac_cv_lib_wrap_main = yes; then libwrap="-lwrap" fi if test $libwrap = FAIL ; then { echo "$as_me:$LINENO: WARNING: tcp_wrapper not found" >&5 echo "$as_me: WARNING: tcp_wrapper not found" >&2;} else V_WRAPDEP=$libwrap LIBS="$libwrap $LIBS" if test -r /usr/local/include/tcpd.h; then V_INCLS="-I/usr/local/include $V_INCLS" fi fi else V_WRAPDEP=$libwrap if test -r $d/tcpd.h; then V_INCLS="-I../$d $V_INCLS" elif test -r $srcdir/../libwrap/tcpd.h; then V_INCLS="-I$srcdir/../libwrap $V_INCLS" elif test -r /usr/local/include/tcpd.h; then V_INCLS="-I/usr/local/include $V_INCLS" elif test -r /usr/include/tcpd.h; then V_INCLS="-I$d -I$srcdir/../libwrap $V_INCLS" else { echo "$as_me:$LINENO: WARNING: cannot find tcpd.h" >&5 echo "$as_me: WARNING: cannot find tcpd.h" >&2;} libwrap=FAIL fi echo "$as_me:$LINENO: result: $libwrap" >&5 echo "${ECHO_T}$libwrap" >&6 fi if test ! -z "$V_WRAPDEP"; then if test -f $V_WRAPDEP; then if test -f lib/libwrap.a; then rm -rf lib/libwrap.a fi wrapdir=`echo $V_WRAPDEP | sed -e 's/^\.\./..\/../'` ln -s $wrapdir lib/libwrap.a V_WRAPDEP="../lib/libwrap.a" cat >>confdefs.h <<\_ACEOF #define HAVE_TCP_WRAPPER 1 _ACEOF LIBS="$LIBS $V_WRAPDEP" else if test $V_WRAPDEP = "-lwrap" ; then cat >>confdefs.h <<\_ACEOF #define HAVE_TCP_WRAPPER 1 _ACEOF case "$target_os" in linux*) LIBS="-lnsl $LIBS" ;; esac fi fi fi umask 002 if test -z "$PWD"; then PWD=`pwd` fi for ac_header in sys/sockio.h string.h fcntl.h sys/file.h syslog.h do as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` if eval "test \"\${$as_ac_Header+set}\" = set"; then echo "$as_me:$LINENO: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 if eval "test \"\${$as_ac_Header+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 fi echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 else # Is the header compilable? echo "$as_me:$LINENO: checking $ac_header usability" >&5 echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include <$ac_header> _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_header_compiler=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f conftest.$ac_objext conftest.$ac_ext echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 echo "${ECHO_T}$ac_header_compiler" >&6 # Is the header present? echo "$as_me:$LINENO: checking $ac_header presence" >&5 echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include <$ac_header> _ACEOF if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag else ac_cpp_err= fi else ac_cpp_err=yes fi if test -z "$ac_cpp_err"; then ac_header_preproc=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 echo "${ECHO_T}$ac_header_preproc" >&6 # So? What about this header? case $ac_header_compiler:$ac_header_preproc in yes:no ) { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} ( cat <<\_ASBOX ## ------------------------------------ ## ## Report this to bug-autoconf@gnu.org. ## ## ------------------------------------ ## _ASBOX ) | sed "s/^/$as_me: WARNING: /" >&2 ;; no:yes ) { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} ( cat <<\_ASBOX ## ------------------------------------ ## ## Report this to bug-autoconf@gnu.org. ## ## ------------------------------------ ## _ASBOX ) | sed "s/^/$as_me: WARNING: /" >&2 ;; esac echo "$as_me:$LINENO: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 if eval "test \"\${$as_ac_Header+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else eval "$as_ac_Header=$ac_header_preproc" fi echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 fi if test `eval echo '${'$as_ac_Header'}'` = yes; then cat >>confdefs.h <<_ACEOF #define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in ether_hostton strerror do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` echo "$as_me:$LINENO: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 if eval "test \"\${$as_ac_var+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif /* Override any gcc2 internal prototype to avoid an error. */ #ifdef __cplusplus extern "C" { #endif /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char $ac_func (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else char (*f) () = $ac_func; #endif #ifdef __cplusplus } #endif int main () { return f != $ac_func; ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_var=yes" else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 eval "$as_ac_var=no" fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <<_ACEOF #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done case "$target_cpu" in *86*) cat >>confdefs.h <<\_ACEOF #define CONFIG_X86_BSWAP 1 _ACEOF ;; powerpc*) V_CCOPT="-mpowerpc $V_CCOPT" ;; esac case "$target_os" in aix*) cat >>confdefs.h <<\_ACEOF #define _SUN 1 _ACEOF ;; hpux9*) cat >>confdefs.h <<\_ACEOF #define HAVE_HPUX9 1 _ACEOF ;; hpux10.0*) ;; hpux10.1*) ;; hpux*) cat >>confdefs.h <<\_ACEOF #define HAVE_HPUX10_20 1 _ACEOF ;; sinix*) echo "$as_me:$LINENO: checking if SINIX compiler defines sinix" >&5 echo $ECHO_N "checking if SINIX compiler defines sinix... $ECHO_C" >&6 if test "${ac_cv_cc_sinix_defined+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { int i = sinix; ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_cc_sinix_defined=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_cc_sinix_defined=no fi rm -f conftest.$ac_objext conftest.$ac_ext fi echo "$as_me:$LINENO: result: $ac_cv_cc_sinix_defined" >&5 echo "${ECHO_T}$ac_cv_cc_sinix_defined" >&6 if test $ac_cv_cc_sinix_defined = no ; then cat >>confdefs.h <<\_ACEOF #define sinix 1 _ACEOF fi ;; solaris*) cat >>confdefs.h <<\_ACEOF #define HAVE_SOLARIS 1 _ACEOF echo "$as_me:$LINENO: checking for LD_LIBRARY_PATH" >&5 echo $ECHO_N "checking for LD_LIBRARY_PATH... $ECHO_C" >&6 if test x$LD_LIBRARY_PATH != x ; then LIBS="$LIBS -R$LD_LIBRARY_PATH" echo "$as_me:$LINENO: result: yes -- added LD_LIBRARY_PATH to run-time linker path" >&5 echo "${ECHO_T}yes -- added LD_LIBRARY_PATH to run-time linker path" >&6 else echo "$as_me:$LINENO: result: no -- this may be a problem in a few seconds" >&5 echo "${ECHO_T}no -- this may be a problem in a few seconds" >&6 fi COMPATLIB="-lsocket -lnsl" ;; cygwin*) cat >>confdefs.h <<\_ACEOF #define CYGWIN 1 _ACEOF V_INCLS="$V_INCLS -I../include/cygwin-include" ;; linux*) ;; esac INSTALL_LIB="../lib" INSTALL_BIN="../bin" # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or # incompatible versions: # SysV /etc/install, /usr/sbin/install # SunOS /usr/etc/install # IRIX /sbin/install # AIX /bin/install # AmigaOS /C/install, which installs bootblocks on floppy discs # AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag # AFS /usr/afsws/bin/install, which mishandles nonexistent args # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # ./install, which can be erroneously created by make from ./install.sh. echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5 echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6 if test -z "$INSTALL"; then if test "${ac_cv_path_install+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. # Account for people who put trailing slashes in PATH elements. case $as_dir/ in ./ | .// | /cC/* | \ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ /usr/ucb/* ) ;; *) # OSF1 and SCO ODT 3.0 have their own names for install. # Don't use installbsd from OSF since it installs stuff as root # by default. for ac_prog in ginstall scoinst install; do for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then if test $ac_prog = install && grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # AIX install. It has an incompatible calling convention. : elif test $ac_prog = install && grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # program-specific install script used by HP pwplus--don't use. : else ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" break 3 fi fi done done ;; esac done fi if test "${ac_cv_path_install+set}" = set; then INSTALL=$ac_cv_path_install else # As a last resort, use the slow shell script. We don't cache a # path for INSTALL within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the path is relative. INSTALL=$ac_install_sh fi fi echo "$as_me:$LINENO: result: $INSTALL" >&5 echo "${ECHO_T}$INSTALL" >&6 # Use test -z because SunOS4 sh mishandles braces in ${var-val}. # It thinks the first close brace ends the variable substitution. test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' echo "$as_me:$LINENO: checking for ANSI C header files" >&5 echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6 if test "${ac_cv_header_stdc+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #include #include int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_header_stdc=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_header_stdc=no fi rm -f conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "memchr" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "free" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : else cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #if ((' ' & 0x0FF) == 0x020) # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ || ('j' <= (c) && (c) <= 'r') \ || ('s' <= (c) && (c) <= 'z')) # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) #endif #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2); exit (0); } _ACEOF rm -f conftest$ac_exeext if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then : else echo "$as_me: program exited with status $ac_status" >&5 echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ( exit $ac_status ) ac_cv_header_stdc=no fi rm -f core core.* *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi fi fi echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5 echo "${ECHO_T}$ac_cv_header_stdc" >&6 if test $ac_cv_header_stdc = yes; then cat >>confdefs.h <<\_ACEOF #define STDC_HEADERS 1 _ACEOF fi ac_config_files="$ac_config_files Makefile ./common/Makefile ./server/Makefile" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure # scripts and configure runs, see configure's option --config-cache. # It is not useful on other systems. If it contains results you don't # want to keep, you may remove or edit it. # # config.status only pays attention to the cache file if you give it # the --recheck option to rerun configure. # # `ac_cv_env_foo' variables (set or unset) will be overridden when # loading this file, other *unset* `ac_cv_foo' will be assigned the # following values. _ACEOF # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, don't put newlines in cache variables' values. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. { (set) 2>&1 | case `(ac_space=' '; set | grep ac_space) 2>&1` in *ac_space=\ *) # `set' does not quote correctly, so add quotes (double-quote # substitution turns \\\\ into \\, and sed turns \\ into \). sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ;; *) # `set' quotes correctly as required by POSIX, so do not add quotes. sed -n \ "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p" ;; esac; } | sed ' t clear : clear s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ t end /^ac_cv_env/!s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ : end' >>confcache if diff $cache_file confcache >/dev/null 2>&1; then :; else if test -w $cache_file; then test "x$cache_file" != "x/dev/null" && echo "updating cache $cache_file" cat confcache >$cache_file else echo "not updating unwritable cache $cache_file" fi fi rm -f confcache test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' # VPATH may cause trouble with some makes, so we remove $(srcdir), # ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and # trailing colons and then remove the whole line if VPATH becomes empty # (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then ac_vpsub='/^[ ]*VPATH[ ]*=/{ s/:*\$(srcdir):*/:/; s/:*\${srcdir}:*/:/; s/:*@srcdir@:*/:/; s/^\([^=]*=[ ]*\):*/\1/; s/:*$//; s/^[^=]*=[ ]*$//; }' fi # Transform confdefs.h into DEFS. # Protect against shell expansion while executing Makefile rules. # Protect against Makefile macro expansion. # # If the first sed substitution is executed (which looks for macros that # take arguments), then we branch to the quote section. Otherwise, # look for a macro that doesn't take arguments. cat >confdef2opt.sed <<\_ACEOF t clear : clear s,^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\),-D\1=\2,g t quote s,^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\),-D\1=\2,g t quote d : quote s,[ `~#$^&*(){}\\|;'"<>?],\\&,g s,\[,\\&,g s,\],\\&,g s,\$,$$,g p _ACEOF # We use echo to avoid assuming a particular line-breaking character. # The extra dot is to prevent the shell from consuming trailing # line-breaks from the sub-command output. A line-break within # single-quotes doesn't work because, if this script is created in a # platform that uses two characters for line-breaks (e.g., DOS), tr # would break. ac_LF_and_DOT=`echo; echo .` DEFS=`sed -n -f confdef2opt.sed confdefs.h | tr "$ac_LF_and_DOT" ' .'` rm -f confdef2opt.sed ac_libobjs= ac_ltlibobjs= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_i=`echo "$ac_i" | sed 's/\$U\././;s/\.o$//;s/\.obj$//'` # 2. Add them. ac_libobjs="$ac_libobjs $ac_i\$U.$ac_objext" ac_ltlibobjs="$ac_ltlibobjs $ac_i"'$U.lo' done LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs : ${CONFIG_STATUS=./config.status} ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" { echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5 echo "$as_me: creating $CONFIG_STATUS" >&6;} cat >$CONFIG_STATUS <<_ACEOF #! $SHELL # Generated by $as_me. # Run this file to recreate the current configuration. # Compiler output produced by configure, useful for debugging # configure, is in config.log if it exists. debug=false ac_cs_recheck=false ac_cs_silent=false SHELL=\${CONFIG_SHELL-$SHELL} _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF ## --------------------- ## ## M4sh Initialization. ## ## --------------------- ## # Be Bourne compatible if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then set -o posix fi # Support unset when possible. if (FOO=FOO; unset FOO) >/dev/null 2>&1; then as_unset=unset else as_unset=false fi # Work around bugs in pre-3.0 UWIN ksh. $as_unset ENV MAIL MAILPATH PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. for as_var in \ LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ LC_TELEPHONE LC_TIME do if (set +x; test -n "`(eval $as_var=C; export $as_var) 2>&1`"); then eval $as_var=C; export $as_var else $as_unset $as_var fi done # Required to use basename. if expr a : '\(a\)' >/dev/null 2>&1; then as_expr=expr else as_expr=false fi if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi # Name of the executable. as_me=`$as_basename "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)$' \| \ . : '\(.\)' 2>/dev/null || echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; } /^X\/\(\/\/\)$/{ s//\1/; q; } /^X\/\(\/\).*/{ s//\1/; q; } s/.*/./; q'` # PATH needs CR, and LINENO needs CR and PATH. # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then echo "#! /bin/sh" >conf$$.sh echo "exit 0" >>conf$$.sh chmod +x conf$$.sh if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then PATH_SEPARATOR=';' else PATH_SEPARATOR=: fi rm -f conf$$.sh fi as_lineno_1=$LINENO as_lineno_2=$LINENO as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` test "x$as_lineno_1" != "x$as_lineno_2" && test "x$as_lineno_3" = "x$as_lineno_2" || { # Find who we are. Look in the path if we contain no path at all # relative or not. case $0 in *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then { { echo "$as_me:$LINENO: error: cannot find myself; rerun with an absolute path" >&5 echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;} { (exit 1); exit 1; }; } fi case $CONFIG_SHELL in '') as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for as_base in sh bash ksh sh5; do case $as_dir in /*) if ("$as_dir/$as_base" -c ' as_lineno_1=$LINENO as_lineno_2=$LINENO as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` test "x$as_lineno_1" != "x$as_lineno_2" && test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; } $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; } CONFIG_SHELL=$as_dir/$as_base export CONFIG_SHELL exec "$CONFIG_SHELL" "$0" ${1+"$@"} fi;; esac done done ;; esac # Create $as_me.lineno as a copy of $as_myself, but with $LINENO # uniformly replaced by the line number. The first 'sed' inserts a # line-number line before each line; the second 'sed' does the real # work. The second script uses 'N' to pair each line-number line # with the numbered line, and appends trailing '-' during # substitution so that $LINENO is not a special case at line end. # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-) sed '=' <$as_myself | sed ' N s,$,-, : loop s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3, t loop s,-$,, s,^['$as_cr_digits']*\n,, ' >$as_me.lineno && chmod +x $as_me.lineno || { { echo "$as_me:$LINENO: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5 echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;} { (exit 1); exit 1; }; } # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensible to this). . ./$as_me.lineno # Exit status is that of the last command. exit } case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in *c*,-n*) ECHO_N= ECHO_C=' ' ECHO_T=' ' ;; *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;; *) ECHO_N= ECHO_C='\c' ECHO_T= ;; esac if expr a : '\(a\)' >/dev/null 2>&1; then as_expr=expr else as_expr=false fi rm -f conf$$ conf$$.exe conf$$.file echo >conf$$.file if ln -s conf$$.file conf$$ 2>/dev/null; then # We could just check for DJGPP; but this test a) works b) is more generic # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04). if test -f conf$$.exe; then # Don't use ln at all; we don't have any links as_ln_s='cp -p' else as_ln_s='ln -s' fi elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -p' fi rm -f conf$$ conf$$.exe conf$$.file if mkdir -p . 2>/dev/null; then as_mkdir_p=: else as_mkdir_p=false fi as_executable_p="test -f" # Sed expression to map a string onto a valid CPP name. as_tr_cpp="sed y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g" # Sed expression to map a string onto a valid variable name. as_tr_sh="sed y%*+%pp%;s%[^_$as_cr_alnum]%_%g" # IFS # We need space, tab and new line, in precisely that order. as_nl=' ' IFS=" $as_nl" # CDPATH. $as_unset CDPATH exec 6>&1 # Open the log real soon, to keep \$[0] and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. Logging --version etc. is OK. exec 5>>config.log { echo sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## Running $as_me. ## _ASBOX } >&5 cat >&5 <<_CSEOF This file was extended by $as_me, which was generated by GNU Autoconf 2.57. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS CONFIG_LINKS = $CONFIG_LINKS CONFIG_COMMANDS = $CONFIG_COMMANDS $ $0 $@ _CSEOF echo "on `(hostname || uname -n) 2>/dev/null | sed 1q`" >&5 echo >&5 _ACEOF # Files that config.status was made for. if test -n "$ac_config_files"; then echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS fi if test -n "$ac_config_headers"; then echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS fi if test -n "$ac_config_links"; then echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS fi if test -n "$ac_config_commands"; then echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS fi cat >>$CONFIG_STATUS <<\_ACEOF ac_cs_usage="\ \`$as_me' instantiates files from templates according to the current configuration. Usage: $0 [OPTIONS] [FILE]... -h, --help print this help, then exit -V, --version print version number, then exit -q, --quiet do not print progress messages -d, --debug don't remove temporary files --recheck update $as_me by reconfiguring in the same conditions --file=FILE[:TEMPLATE] instantiate the configuration file FILE Configuration files: $config_files Report bugs to ." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ config.status configured by $0, generated by GNU Autoconf 2.57, with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." srcdir=$srcdir INSTALL="$INSTALL" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF # If no file are specified by the user, then we need to provide default # value. By we need to know if files were specified by the user. ac_need_defaults=: while test $# != 0 do case $1 in --*=*) ac_option=`expr "x$1" : 'x\([^=]*\)='` ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'` ac_shift=: ;; -*) ac_option=$1 ac_optarg=$2 ac_shift=shift ;; *) # This is not an option, so the user has probably given explicit # arguments. ac_option=$1 ac_need_defaults=false;; esac case $ac_option in # Handling of the options. _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) ac_cs_recheck=: ;; --version | --vers* | -V ) echo "$ac_cs_version"; exit 0 ;; --he | --h) # Conflict between --help and --header { { echo "$as_me:$LINENO: error: ambiguous option: $1 Try \`$0 --help' for more information." >&5 echo "$as_me: error: ambiguous option: $1 Try \`$0 --help' for more information." >&2;} { (exit 1); exit 1; }; };; --help | --hel | -h ) echo "$ac_cs_usage"; exit 0 ;; --debug | --d* | -d ) debug=: ;; --file | --fil | --fi | --f ) $ac_shift CONFIG_FILES="$CONFIG_FILES $ac_optarg" ac_need_defaults=false;; --header | --heade | --head | --hea ) $ac_shift CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg" ac_need_defaults=false;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) ac_cs_silent=: ;; # This is an error. -*) { { echo "$as_me:$LINENO: error: unrecognized option: $1 Try \`$0 --help' for more information." >&5 echo "$as_me: error: unrecognized option: $1 Try \`$0 --help' for more information." >&2;} { (exit 1); exit 1; }; } ;; *) ac_config_targets="$ac_config_targets $1" ;; esac shift done ac_configure_extra_args= if $ac_cs_silent; then exec 6>/dev/null ac_configure_extra_args="$ac_configure_extra_args --silent" fi _ACEOF cat >>$CONFIG_STATUS <<_ACEOF if \$ac_cs_recheck; then echo "running $SHELL $0 " $ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6 exec $SHELL $0 $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion fi _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF for ac_config_target in $ac_config_targets do case "$ac_config_target" in # Handling of arguments. "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;; "./common/Makefile" ) CONFIG_FILES="$CONFIG_FILES ./common/Makefile" ;; "./server/Makefile" ) CONFIG_FILES="$CONFIG_FILES ./server/Makefile" ;; *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 echo "$as_me: error: invalid argument: $ac_config_target" >&2;} { (exit 1); exit 1; }; };; esac done # If the user did not use the arguments to specify the items to instantiate, # then the envvar interface is used. Set only those that are not. # We use the long form for the default assignment because of an extremely # bizarre bug on SunOS 4.1.3. if $ac_need_defaults; then test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files fi # Have a temporary directory for convenience. Make it in the build tree # simply because there is no reason to put it here, and in addition, # creating and moving files from /tmp can sometimes cause problems. # Create a temporary directory, and hook for its removal unless debugging. $debug || { trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0 trap '{ (exit 1); exit 1; }' 1 2 13 15 } # Create a (secure) tmp directory for tmp files. { tmp=`(umask 077 && mktemp -d -q "./confstatXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" } || { tmp=./confstat$$-$RANDOM (umask 077 && mkdir $tmp) } || { echo "$me: cannot create a temporary directory in ." >&2 { (exit 1); exit 1; } } _ACEOF cat >>$CONFIG_STATUS <<_ACEOF # # CONFIG_FILES section. # # No need to generate the scripts if there are no CONFIG_FILES. # This happens for instance when ./config.status config.h if test -n "\$CONFIG_FILES"; then # Protect against being on the right side of a sed subst in config.status. sed 's/,@/@@/; s/@,/@@/; s/,;t t\$/@;t t/; /@;t t\$/s/[\\\\&,]/\\\\&/g; s/@@/,@/; s/@@/@,/; s/@;t t\$/,;t t/' >\$tmp/subs.sed <<\\CEOF s,@SHELL@,$SHELL,;t t s,@PATH_SEPARATOR@,$PATH_SEPARATOR,;t t s,@PACKAGE_NAME@,$PACKAGE_NAME,;t t s,@PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t s,@PACKAGE_VERSION@,$PACKAGE_VERSION,;t t s,@PACKAGE_STRING@,$PACKAGE_STRING,;t t s,@PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t s,@exec_prefix@,$exec_prefix,;t t s,@prefix@,$prefix,;t t s,@program_transform_name@,$program_transform_name,;t t s,@bindir@,$bindir,;t t s,@sbindir@,$sbindir,;t t s,@libexecdir@,$libexecdir,;t t s,@datadir@,$datadir,;t t s,@sysconfdir@,$sysconfdir,;t t s,@sharedstatedir@,$sharedstatedir,;t t s,@localstatedir@,$localstatedir,;t t s,@libdir@,$libdir,;t t s,@includedir@,$includedir,;t t s,@oldincludedir@,$oldincludedir,;t t s,@infodir@,$infodir,;t t s,@mandir@,$mandir,;t t s,@build_alias@,$build_alias,;t t s,@host_alias@,$host_alias,;t t s,@target_alias@,$target_alias,;t t s,@DEFS@,$DEFS,;t t s,@ECHO_C@,$ECHO_C,;t t s,@ECHO_N@,$ECHO_N,;t t s,@ECHO_T@,$ECHO_T,;t t s,@LIBS@,$LIBS,;t t s,@build@,$build,;t t s,@build_cpu@,$build_cpu,;t t s,@build_vendor@,$build_vendor,;t t s,@build_os@,$build_os,;t t s,@host@,$host,;t t s,@host_cpu@,$host_cpu,;t t s,@host_vendor@,$host_vendor,;t t s,@host_os@,$host_os,;t t s,@target@,$target,;t t s,@target_cpu@,$target_cpu,;t t s,@target_vendor@,$target_vendor,;t t s,@target_os@,$target_os,;t t s,@SHLICC2@,$SHLICC2,;t t s,@CC@,$CC,;t t s,@CFLAGS@,$CFLAGS,;t t s,@LDFLAGS@,$LDFLAGS,;t t s,@CPPFLAGS@,$CPPFLAGS,;t t s,@ac_ct_CC@,$ac_ct_CC,;t t s,@EXEEXT@,$EXEEXT,;t t s,@OBJEXT@,$OBJEXT,;t t s,@CPP@,$CPP,;t t s,@SET_MAKE@,$SET_MAKE,;t t s,@RANLIB@,$RANLIB,;t t s,@ac_ct_RANLIB@,$ac_ct_RANLIB,;t t s,@V_LEX@,$V_LEX,;t t s,@V_YACC@,$V_YACC,;t t s,@V_RANLIB@,$V_RANLIB,;t t s,@EGREP@,$EGREP,;t t s,@LIB_SASL@,$LIB_SASL,;t t s,@SASLFLAGS@,$SASLFLAGS,;t t s,@V_PCAP@,$V_PCAP,;t t s,@V_CCOPT@,$V_CCOPT,;t t s,@V_INCLS@,$V_INCLS,;t t s,@V_PCAPDEP@,$V_PCAPDEP,;t t s,@V_WRAPDEP@,$V_WRAPDEP,;t t s,@COMPATLIB@,$COMPATLIB,;t t s,@INSTALL_LIB@,$INSTALL_LIB,;t t s,@INSTALL_BIN@,$INSTALL_BIN,;t t s,@INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t s,@INSTALL_DATA@,$INSTALL_DATA,;t t s,@LIBOBJS@,$LIBOBJS,;t t s,@LTLIBOBJS@,$LTLIBOBJS,;t t CEOF _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF # Split the substitutions into bite-sized pieces for seds with # small command number limits, like on Digital OSF/1 and HP-UX. ac_max_sed_lines=48 ac_sed_frag=1 # Number of current file. ac_beg=1 # First line for current file. ac_end=$ac_max_sed_lines # Line after last line for current file. ac_more_lines=: ac_sed_cmds= while $ac_more_lines; do if test $ac_beg -gt 1; then sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag else sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag fi if test ! -s $tmp/subs.frag; then ac_more_lines=false else # The purpose of the label and of the branching condition is to # speed up the sed processing (if there are no `@' at all, there # is no need to browse any of the substitutions). # These are the two extra sed commands mentioned above. (echo ':t /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed if test -z "$ac_sed_cmds"; then ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed" else ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed" fi ac_sed_frag=`expr $ac_sed_frag + 1` ac_beg=$ac_end ac_end=`expr $ac_end + $ac_max_sed_lines` fi done if test -z "$ac_sed_cmds"; then ac_sed_cmds=cat fi fi # test -n "$CONFIG_FILES" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". case $ac_file in - | *:- | *:-:* ) # input from stdin cat >$tmp/stdin ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; * ) ac_file_in=$ac_file.in ;; esac # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories. ac_dir=`(dirname "$ac_file") 2>/dev/null || $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$ac_file" : 'X\(//\)[^/]' \| \ X"$ac_file" : 'X\(//\)$' \| \ X"$ac_file" : 'X\(/\)' \| \ . : '\(.\)' 2>/dev/null || echo X"$ac_file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } /^X\(\/\/\)[^/].*/{ s//\1/; q; } /^X\(\/\/\)$/{ s//\1/; q; } /^X\(\/\).*/{ s//\1/; q; } s/.*/./; q'` { if $as_mkdir_p; then mkdir -p "$ac_dir" else as_dir="$ac_dir" as_dirs= while test ! -d "$as_dir"; do as_dirs="$as_dir $as_dirs" as_dir=`(dirname "$as_dir") 2>/dev/null || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| \ . : '\(.\)' 2>/dev/null || echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } /^X\(\/\/\)[^/].*/{ s//\1/; q; } /^X\(\/\/\)$/{ s//\1/; q; } /^X\(\/\).*/{ s//\1/; q; } s/.*/./; q'` done test ! -n "$as_dirs" || mkdir $as_dirs fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} { (exit 1); exit 1; }; }; } ac_builddir=. if test "$ac_dir" != .; then ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` # A "../" for each directory in $ac_dir_suffix. ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` else ac_dir_suffix= ac_top_builddir= fi case $srcdir in .) # No --srcdir option. We are building in place. ac_srcdir=. if test -z "$ac_top_builddir"; then ac_top_srcdir=. else ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` fi ;; [\\/]* | ?:[\\/]* ) # Absolute path. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ;; *) # Relative path. ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_builddir$srcdir ;; esac # Don't blindly perform a `cd "$ac_dir"/$ac_foo && pwd` since $ac_foo can be # absolute. ac_abs_builddir=`cd "$ac_dir" && cd $ac_builddir && pwd` ac_abs_top_builddir=`cd "$ac_dir" && cd ${ac_top_builddir}. && pwd` ac_abs_srcdir=`cd "$ac_dir" && cd $ac_srcdir && pwd` ac_abs_top_srcdir=`cd "$ac_dir" && cd $ac_top_srcdir && pwd` case $INSTALL in [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; *) ac_INSTALL=$ac_top_builddir$INSTALL ;; esac if test x"$ac_file" != x-; then { echo "$as_me:$LINENO: creating $ac_file" >&5 echo "$as_me: creating $ac_file" >&6;} rm -f "$ac_file" fi # Let's still pretend it is `configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ if test x"$ac_file" = x-; then configure_input= else configure_input="$ac_file. " fi configure_input=$configure_input"Generated from `echo $ac_file_in | sed 's,.*/,,'` by configure." # First look for the input files in the build tree, otherwise in the # src tree. ac_file_inputs=`IFS=: for f in $ac_file_in; do case $f in -) echo $tmp/stdin ;; [\\/$]*) # Absolute (can't be DOS-style, as IFS=:) test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 echo "$as_me: error: cannot find input file: $f" >&2;} { (exit 1); exit 1; }; } echo $f;; *) # Relative if test -f "$f"; then # Build tree echo $f elif test -f "$srcdir/$f"; then # Source tree echo $srcdir/$f else # /dev/null tree { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 echo "$as_me: error: cannot find input file: $f" >&2;} { (exit 1); exit 1; }; } fi;; esac done` || { (exit 1); exit 1; } _ACEOF cat >>$CONFIG_STATUS <<_ACEOF sed "$ac_vpsub $extrasub _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF :t /@[a-zA-Z_][a-zA-Z_0-9]*@/!b s,@configure_input@,$configure_input,;t t s,@srcdir@,$ac_srcdir,;t t s,@abs_srcdir@,$ac_abs_srcdir,;t t s,@top_srcdir@,$ac_top_srcdir,;t t s,@abs_top_srcdir@,$ac_abs_top_srcdir,;t t s,@builddir@,$ac_builddir,;t t s,@abs_builddir@,$ac_abs_builddir,;t t s,@top_builddir@,$ac_top_builddir,;t t s,@abs_top_builddir@,$ac_abs_top_builddir,;t t s,@INSTALL@,$ac_INSTALL,;t t " $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out rm -f $tmp/stdin if test x"$ac_file" != x-; then mv $tmp/out $ac_file else cat $tmp/out rm -f $tmp/out fi done _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF { (exit 0); exit 0; } _ACEOF chmod +x $CONFIG_STATUS ac_clean_files=$ac_clean_files_save # configure is writing to config.log, and then calls config.status. # config.status does its own redirection, appending to config.log. # Unfortunately, on DOS this fails, as config.log is still kept open # by configure, so config.status won't be able to write to it; its # output is simply discarded. So we exec the FD to /dev/null, # effectively closing config.log, so it can be properly (re)opened and # appended to by config.status. When coming back to configure, we # need to make the FD available again. if test "$no_create" != yes; then ac_cs_success=: ac_config_status_args= test "$silent" = yes && ac_config_status_args="$ac_config_status_args --quiet" exec 5>/dev/null $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. $ac_cs_success || { (exit 1); exit 1; } fi if test -f .devel ; then make depend fi exit 0 argus-2.0.6.fixes.1/configure.in0000664000076600007660000001267110046174725012141 dnl dnl Copyright (c) 2000-2004 QoSient, LLC dnl All rights reserved. dnl dnl This program is free software; you can redistribute it and/or modify dnl it under the terms of the GNU General Public License as published by dnl the Free Software Foundation; either version 2, or (at your option) dnl any later version. dnl dnl This program is distributed in the hope that it will be useful, dnl but WITHOUT ANY WARRANTY; without even the implied warranty of dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the dnl GNU General Public License for more details. dnl dnl You should have received a copy of the GNU General Public License dnl along with this program; if not, write to the Free Software dnl Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ dnl dnl dnl Process this file with autoconf to produce a configure script. dnl AC_INIT(server/argus.c) dnl all our local stuff like install scripts and include files dnl is in there AC_CONFIG_AUX_DIR(config) AC_CANONICAL_SYSTEM AC_LBL_C_INIT(V_CCOPT, V_INCLS) AC_C_INLINE dnl where we install our stuff ... AC_PREFIX_DEFAULT( /usr/local ) dnl Minimum Autoconf version required. AC_PREREQ(2.13) AC_PROG_CC AC_PROG_CPP AC_PROG_MAKE_SET AC_PROG_RANLIB AC_QOSIENT_LEX_AND_YACC(V_LEX, V_YACC, argus_) AC_CHECK_PROGS(V_RANLIB, ranlib, @true) if test -z "$with_pcap" && test "$cross_compiling" = yes; then AC_MSG_ERROR(pcap type not determined when cross-compiling; use --with-pcap=...) fi AC_ARG_WITH(pcap, [ --with-pcap=TYPE use packet capture TYPE]) AC_MSG_CHECKING(packet capture type) if test ! -z "$with_pcap" ; then V_PCAP="$withval" elif test -r /dev/bpf0 ; then V_PCAP=bpf elif test -r /usr/include/net/pfilt.h ; then V_PCAP=pf elif test -r /dev/enet ; then V_PCAP=enet elif test -r /dev/nit ; then V_PCAP=snit elif test -r /usr/include/sys/net/nit.h ; then V_PCAP=nit elif test -r /usr/include/net/raw.h ; then V_PCAP=snoop elif test -r /usr/include/sys/dlpi.h ; then V_PCAP=dlpi elif test -r /usr/include/linux/socket.h ; then V_PCAP=linux elif test -c /dev/bpf0 ; then # check again in case not readable V_PCAP=bpf elif test -c /dev/enet ; then # check again in case not readable V_PCAP=enet elif test -c /dev/nit ; then # check again in case not readable V_PCAP=snit else V_PCAP=null fi AC_MSG_RESULT($V_PCAP) AC_LBL_UNALIGNED_ACCESS AC_LBL_DEVEL(V_CCOPT) AC_QOSIENT_DEBUG(V_CCOPT) AC_CMU_SASL AC_SYS_LARGEFILE AC_LBL_LIBPCAP(V_PCAPDEP, V_INCLS) if test ! -z "$V_PCAPDEP"; then if test -f $V_PCAPDEP; then if test -f lib/libpcap.a; then rm -rf lib/libpcap.a fi pcapdir=`echo $V_PCAPDEP | sed -e 's/^\.\./..\/../'` ln -s $pcapdir lib/libpcap.a V_PCAPDEP="../lib/libpcap.a" else if test $V_PCAPDEP = "-lpcap" ; then if test -f lib/libpcap.a; then rm -rf lib/libpcap.a fi fi if test $V_PCAPDEP = "-lwpcap" ; then if test -f lib/libpcap.a; then rm -rf lib/libpcap.a fi fi fi LIBS="$LIBS $V_PCAPDEP" fi AC_QOSIENT_TCPWRAP(V_WRAPDEP, V_INCLS) if test ! -z "$V_WRAPDEP"; then if test -f $V_WRAPDEP; then if test -f lib/libwrap.a; then rm -rf lib/libwrap.a fi wrapdir=`echo $V_WRAPDEP | sed -e 's/^\.\./..\/../'` ln -s $wrapdir lib/libwrap.a V_WRAPDEP="../lib/libwrap.a" AC_DEFINE(HAVE_TCP_WRAPPER) LIBS="$LIBS $V_WRAPDEP" else if test $V_WRAPDEP = "-lwrap" ; then AC_DEFINE(HAVE_TCP_WRAPPER) case "$target_os" in linux*) LIBS="-lnsl $LIBS" ;; esac fi fi fi umask 002 if test -z "$PWD"; then PWD=`pwd` fi AC_HAVE_HEADERS(sys/sockio.h string.h fcntl.h sys/file.h syslog.h) AC_CHECK_FUNCS(ether_hostton strerror) case "$target_cpu" in *86*) AC_DEFINE(CONFIG_X86_BSWAP,1) ;; powerpc*) V_CCOPT="-mpowerpc $V_CCOPT" ;; esac case "$target_os" in aix*) dnl Workaround to enable certain features AC_DEFINE(_SUN) ;; hpux9*) AC_DEFINE(HAVE_HPUX9) ;; hpux10.0*) ;; hpux10.1*) ;; hpux*) dnl HPUX 10.20 and above is similar to HPUX 9... AC_DEFINE(HAVE_HPUX10_20) ;; sinix*) AC_MSG_CHECKING(if SINIX compiler defines sinix) AC_CACHE_VAL(ac_cv_cc_sinix_defined, AC_TRY_COMPILE( [], [int i = sinix;], ac_cv_cc_sinix_defined=yes, ac_cv_cc_sinix_defined=no)) AC_MSG_RESULT($ac_cv_cc_sinix_defined) if test $ac_cv_cc_sinix_defined = no ; then AC_DEFINE(sinix) fi ;; solaris*) AC_DEFINE(HAVE_SOLARIS,1,[On solaris]) AC_MSG_CHECKING(for LD_LIBRARY_PATH, since you appear to be running Solaris) if test x$LD_LIBRARY_PATH != x ; then LIBS="$LIBS -R$LD_LIBRARY_PATH" AC_MSG_RESULT(yes -- added LD_LIBRARY_PATH to run-time linker path) else AC_MSG_RESULT(no -- this may be a problem in a few seconds) fi COMPATLIB="-lsocket -lnsl" ;; cygwin*) AC_DEFINE(CYGWIN,1) V_INCLS="$V_INCLS -I../include/cygwin-include" ;; linux*) ;; esac INSTALL_LIB="../lib" INSTALL_BIN="../bin" AC_SUBST(V_PCAP) AC_SUBST(V_CCOPT) AC_SUBST(V_INCLS) AC_SUBST(V_RANLIB) AC_SUBST(V_PCAPDEP) AC_SUBST(V_WRAPDEP) AC_SUBST(V_YACC) AC_SUBST(V_LEX) AC_SUBST(LIBS) AC_SUBST(COMPATLIB) AC_SUBST(INSTALL_LIB) AC_SUBST(INSTALL_BIN) AC_PROG_INSTALL AC_STDC_HEADERS AC_OUTPUT( Makefile ./common/Makefile ./server/Makefile ) if test -f .devel ; then make depend fi exit 0