svn commit: r221099 - projects/pf/pf45/contrib/pf/pflogd

Ermal Luçi eri at FreeBSD.org
Tue Apr 26 22:59:50 UTC 2011


Author: eri
Date: Tue Apr 26 22:59:50 2011
New Revision: 221099
URL: http://svn.freebsd.org/changeset/base/221099

Log:
  Update pflogd to OpenBSD 4.5 code.

Replaced:
  projects/pf/pf45/contrib/pf/pflogd/pidfile.c   (contents, props changed)
  projects/pf/pf45/contrib/pf/pflogd/pidfile.h   (contents, props changed)
Modified:
  projects/pf/pf45/contrib/pf/pflogd/pflogd.8
  projects/pf/pf45/contrib/pf/pflogd/pflogd.c
  projects/pf/pf45/contrib/pf/pflogd/privsep.c
  projects/pf/pf45/contrib/pf/pflogd/privsep_fdpass.c

Modified: projects/pf/pf45/contrib/pf/pflogd/pflogd.8
==============================================================================
--- projects/pf/pf45/contrib/pf/pflogd/pflogd.8	Tue Apr 26 22:48:22 2011	(r221098)
+++ projects/pf/pf45/contrib/pf/pflogd/pflogd.8	Tue Apr 26 22:59:50 2011	(r221099)
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: pflogd.8,v 1.32 2006/12/08 10:26:38 joel Exp $
+.\"	$OpenBSD: pflogd.8,v 1.37 2008/10/22 08:16:49 henning Exp $
 .\"
 .\" Copyright (c) 2001 Can Erkin Acar.  All rights reserved.
 .\"
@@ -26,7 +26,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd July 9, 2001
+.Dd October 22 2008
 .Dt PFLOGD 8
 .Os
 .Sh NAME
@@ -34,12 +34,14 @@
 .Nd packet filter logging daemon
 .Sh SYNOPSIS
 .Nm pflogd
+.Bk -words
 .Op Fl Dx
 .Op Fl d Ar delay
 .Op Fl f Ar filename
 .Op Fl i Ar interface
 .Op Fl s Ar snaplen
 .Op Ar expression
+.Ek
 .Sh DESCRIPTION
 .Nm
 is a background daemon which reads packets logged by
@@ -94,6 +96,13 @@ or a
 .Dv SIGALRM
 is received.
 .Pp
+.Nm
+will also log the pcap statistics for the
+.Xr pflog 4
+interface to syslog when a
+.Dv SIGUSR1
+is received.
+.Pp
 The options are as follows:
 .Bl -tag -width Ds
 .It Fl D
@@ -116,6 +125,11 @@ By default,
 .Nm
 will use
 .Ar pflog0 .
+Writes a file containing the process ID of the program to
+.Pa /var/run .
+The file name has the form
+The default is
+.Ar pflogd .
 .It Fl s Ar snaplen
 Analyze at most the first
 .Ar snaplen
@@ -204,12 +218,12 @@ the wi0 interface:
 # tcpdump -n -e -ttt -i pflog0 inbound and action block and on wi0
 .Ed
 .Sh SEE ALSO
-.Xr tcpdump 1 ,
 .Xr pcap 3 ,
 .Xr pf 4 ,
 .Xr pflog 4 ,
 .Xr pf.conf 5 ,
-.Xr newsyslog 8
+.Xr newsyslog 8 ,
+.Xr tcpdump 1
 .Sh HISTORY
 The
 .Nm

Modified: projects/pf/pf45/contrib/pf/pflogd/pflogd.c
==============================================================================
--- projects/pf/pf45/contrib/pf/pflogd/pflogd.c	Tue Apr 26 22:48:22 2011	(r221098)
+++ projects/pf/pf45/contrib/pf/pflogd/pflogd.c	Tue Apr 26 22:59:50 2011	(r221099)
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pflogd.c,v 1.37 2006/10/26 13:34:47 jmc Exp $	*/
+/*	$OpenBSD: pflogd.c,v 1.46 2008/10/22 08:16:49 henning Exp $	*/
 
 /*
  * Copyright (c) 2001 Theo de Raadt
@@ -37,9 +37,8 @@ __FBSDID("$FreeBSD$");
 #include <sys/ioctl.h>
 #include <sys/file.h>
 #include <sys/stat.h>
-#ifdef __FreeBSD__
-#include <net/bpf.h>	/* BIOCLOCK */
-#endif
+#include <sys/socket.h>
+#include <net/if.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -48,15 +47,16 @@ __FBSDID("$FreeBSD$");
 #include <pcap.h>
 #include <syslog.h>
 #include <signal.h>
+#include <err.h>
 #include <errno.h>
 #include <stdarg.h>
 #include <fcntl.h>
 #ifdef __FreeBSD__
+#include <ifaddrs.h>
 #include "pidfile.h"
 #else
 #include <util.h>
 #endif
-
 #include "pflogd.h"
 
 pcap_t *hpcap;
@@ -66,7 +66,7 @@ int Debug = 0;
 static int snaplen = DEF_SNAPLEN;
 static int cur_snaplen = DEF_SNAPLEN;
 
-volatile sig_atomic_t gotsig_close, gotsig_alrm, gotsig_hup;
+volatile sig_atomic_t gotsig_close, gotsig_alrm, gotsig_hup, gotsig_usr1;
 
 char *filename = PFLOGD_LOG_FILE;
 char *interface = PFLOGD_DEFAULT_IF;
@@ -80,7 +80,9 @@ unsigned int delay = FLUSH_DELAY;
 char *copy_argv(char * const *);
 void  dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
 void  dump_packet_nobuf(u_char *, const struct pcap_pkthdr *, const u_char *);
+void  log_pcap_stats(void);
 int   flush_buffer(FILE *);
+int   if_exists(char *);
 int   init_pcap(void);
 void  logmsg(int, const char *, ...);
 void  purge_buffer(void);
@@ -89,6 +91,7 @@ int   scan_dump(FILE *, off_t);
 int   set_snaplen(int);
 void  set_suspended(int);
 void  sig_alrm(int);
+void  sig_usr1(int);
 void  sig_close(int);
 void  sig_hup(int);
 void  usage(void);
@@ -166,8 +169,8 @@ __dead void
 usage(void)
 {
 	fprintf(stderr, "usage: pflogd [-Dx] [-d delay] [-f filename]");
-	fprintf(stderr, " [-i interface] [-s snaplen]\n");
-	fprintf(stderr, "              [expression]\n");
+	fprintf(stderr, " [-i interface] [-p pidfile]\n");
+	fprintf(stderr, "              [-s snaplen] [expression]\n");
 	exit(1);
 }
 
@@ -190,6 +193,12 @@ sig_alrm(int sig)
 }
 
 void
+sig_usr1(int sig)
+{
+	gotsig_usr1 = 1;
+}
+
+void
 set_pcap_filter(void)
 {
 	struct bpf_program bprog;
@@ -204,6 +213,51 @@ set_pcap_filter(void)
 }
 
 int
+if_exists(char *ifname)
+{
+#ifdef __FreeBSD__
+	struct ifaddrs *ifdata, *mb;
+	int exists = 0;
+
+	getifaddrs(&ifdata);
+        if (ifdata == NULL)
+		return (0);
+
+	for (mb = ifdata; mb != NULL; mb = mb->ifa_next) {
+		if (mb == NULL)
+			continue;
+		if (strlen(ifname) != strlen(mb->ifa_name))
+			continue;
+		if (strncmp(ifname, mb->ifa_name, strlen(ifname)) != 0)
+			continue;
+		exists = 1;
+		break;
+	}
+	freeifaddrs(ifdata);
+
+	return (exists);
+#else
+	int s;
+	struct ifreq ifr;
+	struct if_data ifrdat;
+
+	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
+		err(1, "socket");
+	bzero(&ifr, sizeof(ifr));
+	if (strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)) >=
+		sizeof(ifr.ifr_name))
+			errx(1, "main ifr_name: strlcpy");
+	ifr.ifr_data = (caddr_t)&ifrdat;
+	if (ioctl(s, SIOCGIFDATA, (caddr_t)&ifr) == -1)
+		return (0);
+	if (close(s))
+		err(1, "close");
+
+	return (1);
+#endif
+}
+
+int
 init_pcap(void)
 {
 	hpcap = pcap_open_live(interface, snaplen, 1, PCAP_TO_MS, errbuf);
@@ -554,10 +608,10 @@ dump_packet(u_char *user, const struct p
 		return;
 	}
 
- append:	
+ append:       
 #ifdef __FreeBSD__
- 	sh.ts.tv_sec = (bpf_int32)h->ts.tv_sec;
- 	sh.ts.tv_usec = (bpf_int32)h->ts.tv_usec;
+	sh.ts.tv_sec = (bpf_int32)h->ts.tv_sec;
+	sh.ts.tv_usec = (bpf_int32)h->ts.tv_usec;
 	sh.caplen = h->caplen;
 	sh.len = h->len;
 
@@ -575,17 +629,31 @@ dump_packet(u_char *user, const struct p
 	return;
 }
 
+void
+log_pcap_stats(void)
+{
+	struct pcap_stat pstat;
+	if (pcap_stats(hpcap, &pstat) < 0)
+		logmsg(LOG_WARNING, "Reading stats: %s", pcap_geterr(hpcap));
+	else
+		logmsg(LOG_NOTICE,
+			"%u packets received, %u/%u dropped (kernel/pflogd)",
+			pstat.ps_recv, pstat.ps_drop, packets_dropped);
+}
+
 int
 main(int argc, char **argv)
 {
-	struct pcap_stat pstat;
-	int ch, np, Xflag = 0;
+	int ch, np, ret, Xflag = 0;
 	pcap_handler phandler = dump_packet;
 	const char *errstr = NULL;
+	char *pidf = NULL;
+
+	ret = 0;
 
 	closefrom(STDERR_FILENO + 1);
 
-	while ((ch = getopt(argc, argv, "Dxd:f:i:s:")) != -1) {
+	while ((ch = getopt(argc, argv, "Dxd:f:i:p:s:")) != -1) {
 		switch (ch) {
 		case 'D':
 			Debug = 1;
@@ -601,6 +669,9 @@ main(int argc, char **argv)
 		case 'i':
 			interface = optarg;
 			break;
+		case 'p':
+			pidf = optarg;
+			break;
 		case 's':
 			snaplen = strtonum(optarg, 0, PFLOGD_MAXSNAPLEN,
 			    &errstr);
@@ -622,13 +693,21 @@ main(int argc, char **argv)
 	argc -= optind;
 	argv += optind;
 
+	/* does interface exist */
+	if (!if_exists(interface)) {
+		warn("Failed to initialize: %s", interface);
+		logmsg(LOG_ERR, "Failed to initialize: %s", interface);
+		logmsg(LOG_ERR, "Exiting, init failure");
+		exit(1);
+	}
+
 	if (!Debug) {
 		openlog("pflogd", LOG_PID | LOG_CONS, LOG_DAEMON);
 		if (daemon(0, 0)) {
 			logmsg(LOG_WARNING, "Failed to become daemon: %s",
 			    strerror(errno));
 		}
-		pidfile(NULL);
+		pidfile(pidf);
 	}
 
 	tzset();
@@ -659,6 +738,7 @@ main(int argc, char **argv)
 	signal(SIGINT, sig_close);
 	signal(SIGQUIT, sig_close);
 	signal(SIGALRM, sig_alrm);
+	signal(SIGUSR1, sig_usr1);
 	signal(SIGHUP, sig_hup);
 	alarm(delay);
 
@@ -686,13 +766,12 @@ main(int argc, char **argv)
 		np = pcap_dispatch(hpcap, PCAP_NUM_PKTS,
 		    phandler, (u_char *)dpcap);
 		if (np < 0) {
-#ifdef __FreeBSD__
-			if (errno == ENXIO) {
-				logmsg(LOG_ERR,
-				    "Device not/no longer configured");
+			if (!if_exists(interface) == -1) {
+				logmsg(LOG_NOTICE, "interface %s went away",
+				    interface);
+				ret = -1;
 				break;
 			}
-#endif
 			logmsg(LOG_NOTICE, "%s", pcap_geterr(hpcap));
 		}
 
@@ -715,6 +794,11 @@ main(int argc, char **argv)
 			gotsig_alrm = 0;
 			alarm(delay);
 		}
+
+		if (gotsig_usr1) {
+			log_pcap_stats();
+			gotsig_usr1 = 0;
+		}
 	}
 
 	logmsg(LOG_NOTICE, "Exiting");
@@ -724,15 +808,9 @@ main(int argc, char **argv)
 	}
 	purge_buffer();
 
-	if (pcap_stats(hpcap, &pstat) < 0)
-		logmsg(LOG_WARNING, "Reading stats: %s", pcap_geterr(hpcap));
-	else
-		logmsg(LOG_NOTICE,
-		    "%u packets received, %u/%u dropped (kernel/pflogd)",
-		    pstat.ps_recv, pstat.ps_drop, packets_dropped);
-
+	log_pcap_stats();
 	pcap_close(hpcap);
 	if (!Debug)
 		closelog();
-	return (0);
+	return (ret);
 }

Added: projects/pf/pf45/contrib/pf/pflogd/pidfile.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ projects/pf/pf45/contrib/pf/pflogd/pidfile.c	Tue Apr 26 22:59:50 2011	(r221099)
@@ -0,0 +1,122 @@
+/*	$FreeBSD$ */
+/*	$OpenBSD: pidfile.c,v 1.5 2002/05/26 09:29:02 deraadt Exp $	*/
+/*	$NetBSD: pidfile.c,v 1.4 2001/02/19 22:43:42 cgd Exp $	*/
+
+/*-
+ * Copyright (c) 1999 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Jason R. Thorpe.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *        This product includes software developed by the NetBSD
+ *        Foundation, Inc. and its contributors.
+ * 4. Neither the name of The NetBSD Foundation nor the names of its
+ *    contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static const char rcsid[] = "$OpenBSD: pidfile.c,v 1.5 2002/05/26 09:29:02 deraadt Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/param.h>
+#include <errno.h>
+#include <paths.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#ifdef __FreeBSD__
+#include "pidfile.h"
+#else
+#include <util.h>
+#endif
+
+static char *pidfile_path;
+static pid_t pidfile_pid;
+
+static void pidfile_cleanup(void);
+
+extern char *__progname;
+
+int
+pidfile(const char *basename)
+{
+	FILE *f;
+	int save_errno;
+	pid_t pid;
+
+	if (basename == NULL)
+		basename = __progname;
+
+	if (pidfile_path != NULL) {
+		free(pidfile_path);
+		pidfile_path = NULL;
+	}
+
+	/* _PATH_VARRUN includes trailing / */
+	(void) asprintf(&pidfile_path, "%s%s.pid", _PATH_VARRUN, basename);
+	if (pidfile_path == NULL)
+		return (-1);
+
+	if ((f = fopen(pidfile_path, "w")) == NULL) {
+		save_errno = errno;
+		free(pidfile_path);
+		pidfile_path = NULL;
+		errno = save_errno;
+		return (-1);
+	}
+
+	pid = getpid();
+	if (fprintf(f, "%ld\n", (long)pid) <= 0 || fclose(f) != 0) {
+		save_errno = errno;
+		(void) unlink(pidfile_path);
+		free(pidfile_path);
+		pidfile_path = NULL;
+		errno = save_errno;
+		return (-1);
+	}
+
+	pidfile_pid = pid;
+	if (atexit(pidfile_cleanup) < 0) {
+		save_errno = errno;
+		(void) unlink(pidfile_path);
+		free(pidfile_path);
+		pidfile_path = NULL;
+		pidfile_pid = 0;
+		errno = save_errno;
+		return (-1);
+	}
+
+	return (0);
+}
+
+static void
+pidfile_cleanup(void)
+{
+
+	if (pidfile_path != NULL && pidfile_pid == getpid())
+		(void) unlink(pidfile_path);
+}

Added: projects/pf/pf45/contrib/pf/pflogd/pidfile.h
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ projects/pf/pf45/contrib/pf/pflogd/pidfile.h	Tue Apr 26 22:59:50 2011	(r221099)
@@ -0,0 +1,3 @@
+/* $FreeBSD$ */
+
+int pidfile(const char *);

Modified: projects/pf/pf45/contrib/pf/pflogd/privsep.c
==============================================================================
--- projects/pf/pf45/contrib/pf/pflogd/privsep.c	Tue Apr 26 22:48:22 2011	(r221098)
+++ projects/pf/pf45/contrib/pf/pflogd/privsep.c	Tue Apr 26 22:59:50 2011	(r221099)
@@ -16,13 +16,10 @@
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
 #include <sys/types.h>
 #include <sys/time.h>
 #include <sys/socket.h>
+#include <sys/ioctl.h>
 
 #include <net/if.h>
 #include <net/bpf.h>
@@ -31,20 +28,13 @@ __FBSDID("$FreeBSD$");
 #include <errno.h>
 #include <fcntl.h>
 #include <limits.h>
-#ifndef __FreeBSD__
 #include <pcap.h>
 #include <pcap-int.h>
-#endif
 #include <pwd.h>
 #include <signal.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#ifdef __FreeBSD__
-/* XXX: pcap pollutes namespace with strlcpy if not present previously */
-#include <pcap.h>
-#include <pcap-int.h>
-#endif
 #include <syslog.h>
 #include <unistd.h>
 #include "pflogd.h"

Modified: projects/pf/pf45/contrib/pf/pflogd/privsep_fdpass.c
==============================================================================
--- projects/pf/pf45/contrib/pf/pflogd/privsep_fdpass.c	Tue Apr 26 22:48:22 2011	(r221098)
+++ projects/pf/pf45/contrib/pf/pflogd/privsep_fdpass.c	Tue Apr 26 22:59:50 2011	(r221099)
@@ -1,4 +1,4 @@
-/*	$OpenBSD: privsep_fdpass.c,v 1.2 2004/08/13 02:51:48 djm Exp $	*/
+/*	$OpenBSD: privsep_fdpass.c,v 1.5 2008/03/24 16:11:08 deraadt Exp $	*/
 
 /*
  * Copyright 2001 Niels Provos <provos at citi.umich.edu>
@@ -50,7 +50,10 @@ void
 send_fd(int sock, int fd)
 {
 	struct msghdr msg;
-	char tmp[CMSG_SPACE(sizeof(int))];
+	union {
+		struct cmsghdr hdr;
+		char buf[CMSG_SPACE(sizeof(int))];
+	} cmsgbuf;
 	struct cmsghdr *cmsg;
 	struct iovec vec;
 	int result = 0;
@@ -59,8 +62,8 @@ send_fd(int sock, int fd)
 	memset(&msg, 0, sizeof(msg));
 
 	if (fd >= 0) {
-		msg.msg_control = (caddr_t)tmp;
-		msg.msg_controllen = CMSG_LEN(sizeof(int));
+		msg.msg_control = (caddr_t)&cmsgbuf.buf;
+		msg.msg_controllen = sizeof(cmsgbuf.buf);
 		cmsg = CMSG_FIRSTHDR(&msg);
 		cmsg->cmsg_len = CMSG_LEN(sizeof(int));
 		cmsg->cmsg_level = SOL_SOCKET;
@@ -86,7 +89,10 @@ int
 receive_fd(int sock)
 {
 	struct msghdr msg;
-	char tmp[CMSG_SPACE(sizeof(int))];
+	union {
+		struct cmsghdr hdr;
+		char buf[CMSG_SPACE(sizeof(int))];
+	} cmsgbuf;
 	struct cmsghdr *cmsg;
 	struct iovec vec;
 	ssize_t n;
@@ -98,8 +104,8 @@ receive_fd(int sock)
 	vec.iov_len = sizeof(int);
 	msg.msg_iov = &vec;
 	msg.msg_iovlen = 1;
-	msg.msg_control = tmp;
-	msg.msg_controllen = sizeof(tmp);
+	msg.msg_control = &cmsgbuf.buf;
+	msg.msg_controllen = sizeof(cmsgbuf.buf);
 
 	if ((n = recvmsg(sock, &msg, 0)) == -1)
 		warn("%s: recvmsg", __func__);


More information about the svn-src-projects mailing list