This patch adds support for labeling interfaces in arpwatch

reports.  Labels are created by making a symlink in the
arpwatch data directory that points at the textual description
(e.g. ln -s "Internal Network" dc0).

PR:		ports/67838
Submitted by:	maintainer
This commit is contained in:
Kirill Ponomarev 2004-06-11 18:30:10 +00:00
parent 53ea9fc8f1
commit a427774043
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=111294
5 changed files with 209 additions and 27 deletions

View file

@ -7,7 +7,7 @@
PORTNAME= arpwatch PORTNAME= arpwatch
PORTVERSION= 2.1.a11 PORTVERSION= 2.1.a11
PORTREVISION= 2 PORTREVISION= 3
CATEGORIES= net-mgmt CATEGORIES= net-mgmt
MASTER_SITES= http://www.Awfulhak.org/arpwatch/ \ MASTER_SITES= http://www.Awfulhak.org/arpwatch/ \
ftp://ftp.ee.lbl.gov/ ftp://ftp.ee.lbl.gov/

View file

@ -1,5 +1,11 @@
--- ../arpwatch-2.1a11/arpwatch.8 Sun Oct 8 16:31:28 2000 --- arpwatch.8.orig Sun Oct 8 16:31:28 2000
+++ ./arpwatch.8 Mon Sep 15 17:30:45 2003 +++ arpwatch.8 Fri Jun 11 12:35:32 2004
@@ -1,4 +1,4 @@
-.\" @(#) $Id: arpwatch.8,v 1.13 2000/10/08 20:31:25 leres Exp $ (LBL)
+.\" @(#) $Id: arpwatch.8,v 1.5 2004/06/11 16:26:22 mdg Exp $ (LBL)
.\"
.\" Copyright (c) 1992, 1994, 1996, 1997, 2000
.\" The Regents of the University of California. All rights reserved.
@@ -30,7 +30,10 @@ @@ -30,7 +30,10 @@
.B -dN .B -dN
] [ ] [
@ -57,7 +63,7 @@
.LP .LP
The The
.B -r .B -r
@@ -96,6 +120,8 @@ @@ -96,21 +120,31 @@
.LP .LP
Note that an empty Note that an empty
.I arp.dat .I arp.dat
@ -66,17 +72,22 @@
file must be created before the first time you run file must be created before the first time you run
.BR arpwatch . .BR arpwatch .
.LP .LP
@@ -105,12 +131,19 @@ .SH "REPORT MESSAGES"
Here's a quick list of the report messages generated by
-.BR arpwatch (1)
+.BR arpwatch
(and (and
.BR arpsnmp (1)): -.BR arpsnmp (1)):
.TP +.BR arpsnmp
+):
+.TP
+.B "new ethernet device" +.B "new ethernet device"
+The ethernet address has not been seen before. +The ethernet address has not been seen before.
+.TP +.TP
+.B "ethernet device changed interfaces" +.B "ethernet device changed interfaces"
+An ethernet address associated with one interface has moved to a +An ethernet address associated with one interface has moved to a
+different interface. +different interface.
+.TP .TP
.B "new activity" .B "new activity"
This ethernet/ip address pair has been used for the first time six This ethernet/ip address pair has been used for the first time six
months or more. months or more.
@ -88,7 +99,23 @@
.TP .TP
.B "flip flop" .B "flip flop"
The ethernet address has changed from the most recently seen address to The ethernet address has changed from the most recently seen address to
@@ -152,8 +185,9 @@ @@ -148,12 +182,25 @@
.B "suppressed DECnet flip flop"
A "flip flop" report was suppressed because one of the two
addresses was a DECnet address.
+.SH "INTERFACE LABELS"
+Interfaces can be assigned labels that are displayed in reports
+next to the interface name. This is useful for identifying connected
+networks. In order to assign a label, create a symbolic link in
+the arpwatch data directory. The link should have the same name
+as the interface, and should point to the textual label. For example:
+.LP
+ln -s "Internal Network" dc0
+.LP
+Labels are read when
+.BR arpwatch
+initializes. The process must be restarted for label changes to take effect.
.SH FILES
.na .na
.nh .nh
.nf .nf

View file

@ -1,5 +1,14 @@
--- report.c.orig Sat Sep 30 19:41:10 2000 --- report.c.orig Sat Sep 30 19:41:10 2000
+++ report.c Tue Apr 13 14:39:50 2004 +++ report.c Fri Jun 11 12:35:32 2004
@@ -20,7 +20,7 @@
*/
#ifndef lint
static const char rcsid[] =
- "@(#) $Id: report.c,v 1.46 2000/09/30 23:41:04 leres Exp $ (LBL)";
+ "@(#) $Id: report.c,v 1.8 2004/06/10 19:56:57 mdg Exp $ (LBL)";
#endif
/*
@@ -45,6 +45,8 @@ @@ -45,6 +45,8 @@
#include <ctype.h> #include <ctype.h>
@ -18,7 +27,16 @@
static int cdepth; /* number of outstanding children */ static int cdepth; /* number of outstanding children */
static char *fmtdate(time_t); static char *fmtdate(time_t);
@@ -232,15 +236,16 @@ @@ -77,6 +81,8 @@
RETSIGTYPE reaper(int);
static int32_t gmt2local(void);
+extern struct ifdesc *if_desc;
+
static char *
fmtdelta(register time_t t)
{
@@ -232,28 +238,37 @@
} }
void void
@ -38,7 +56,12 @@
char *watchee = WATCHEE; char *watchee = WATCHEE;
char *sendmail = PATH_SENDMAIL; char *sendmail = PATH_SENDMAIL;
char *unknown = "<unknown>"; char *unknown = "<unknown>";
@@ -251,9 +256,15 @@ char buf[132];
+ char *newif, *newif_old;
static int init = 0;
+ struct ifdesc *idp = if_desc;
/* No report until we're initialized */
if (initializing) if (initializing)
return; return;
@ -55,7 +78,7 @@
return; return;
} }
f = stdout; f = stdout;
@@ -270,7 +281,7 @@ @@ -270,7 +285,7 @@
} }
/* Syslog this event too */ /* Syslog this event too */
@ -64,7 +87,35 @@
/* Update child depth */ /* Update child depth */
++cdepth; ++cdepth;
@@ -303,13 +314,32 @@ @@ -286,6 +301,7 @@
/* Child */
closelog();
+
(void)strcpy(tempfile, "/tmp/arpwatch.XXXXXX");
if ((fd = mkstemp(tempfile)) < 0) {
syslog(LOG_ERR, "mkstemp(%s) %m", tempfile);
@@ -300,16 +316,52 @@
syslog(LOG_ERR, "unlink(%s): %m", tempfile);
}
+ newif = newif_old = NULL;
+ if (interface != NULL)
+ for (idp = if_desc; idp != NULL; idp = idp->next)
+ if (strcmp(idp->name, interface) == 0)
+ asprintf(&newif, "%s (%s)", interface, idp->desc);
+
+ if (newif == NULL && interface != NULL)
+ asprintf(&newif, "%s", interface);
+
+ if (old_interface != NULL)
+ for (idp = if_desc; idp != NULL; idp = idp->next)
+ if (strcmp(idp->name, old_interface) == 0)
+ asprintf(&newif_old, "%s (%s)", old_interface, idp->desc);
+
+ if (newif_old == NULL && old_interface != NULL)
+ asprintf(&newif_old, "%s", old_interface);
+
(void)fprintf(f, "From: %s\n", watchee); (void)fprintf(f, "From: %s\n", watchee);
(void)fprintf(f, "To: %s\n", watcher); (void)fprintf(f, "To: %s\n", watcher);
hn = gethname(a); hn = gethname(a);
@ -92,15 +143,27 @@
+ if (event & FLIPFLOP) + if (event & FLIPFLOP)
+ (void)fprintf(f, fmt, "event", "flip flop"); + (void)fprintf(f, fmt, "event", "flip flop");
+ +
+ (void)fprintf(f, fmt, "interface", interface); + (void)fprintf(f, fmt, "interface", newif);
+ +
+ if (old_interface != NULL) + if (old_interface != NULL)
+ (void)fprintf(f, fmt, "old interface", old_interface); + (void)fprintf(f, fmt, "old interface", newif_old);
+ +
(void)fprintf(f, fmt, "hostname", hn); (void)fprintf(f, fmt, "hostname", hn);
(void)fprintf(f, fmt, "ip address", intoa(a)); (void)fprintf(f, fmt, "ip address", intoa(a));
(void)fprintf(f, fmt, "ethernet address", e2str(e1)); (void)fprintf(f, fmt, "ethernet address", e2str(e1));
@@ -344,6 +374,25 @@ @@ -339,11 +391,37 @@
}
(void)rewind(f);
+
+ if (newif != NULL)
+ free(newif);
+
+ if (newif_old != NULL)
+ free(newif_old);
+
if (dup2(fileno(f), fileno(stdin)) < 0) {
syslog(LOG_ERR, "dup2: %m");
exit(1); exit(1);
} }
/* XXX Need to freopen()? */ /* XXX Need to freopen()? */

View file

@ -1,14 +1,35 @@
--- ../arpwatch.orig/util.c Fri Oct 13 18:49:03 2000 --- util.c.orig Fri Oct 13 18:49:03 2000
+++ ./util.c Wed Sep 10 13:03:27 2003 +++ util.c Fri Jun 11 12:35:32 2004
@@ -53,6 +53,7 @@ @@ -20,7 +20,7 @@
*/
#ifndef lint
static const char rcsid[] =
- "@(#) $Id: util.c,v 1.9 2000/10/13 22:48:55 leres Exp $ (LBL)";
+ "@(#) $Id: util.c,v 1.5 2004/06/10 19:48:37 mdg Exp $ (LBL)";
#endif
/*
@@ -39,6 +39,7 @@
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
+#include <dirent.h>
#include "gnuc.h"
#ifdef HAVE_OS_PROTO_H
@@ -53,8 +54,11 @@
char *arpdir = ARPDIR; char *arpdir = ARPDIR;
char *arpfile = ARPFILE; char *arpfile = ARPFILE;
+char *etherfile = ETHERFILE; +char *etherfile = ETHERFILE;
char *ethercodes = ETHERCODES; char *ethercodes = ETHERCODES;
+struct ifdesc *if_desc = NULL;
+
/* Broadcast ethernet addresses */ /* Broadcast ethernet addresses */
@@ -105,7 +106,7 @@ u_char zero[6] = { 0, 0, 0, 0, 0, 0 };
u_char allones[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
@@ -105,7 +109,7 @@
dump(void) dump(void)
{ {
register int fd; register int fd;
@ -17,7 +38,7 @@
(void)sprintf(oldarpfile, "%s-", arpfile); (void)sprintf(oldarpfile, "%s-", arpfile);
(void)sprintf(newarpfile, "%s.new", arpfile); (void)sprintf(newarpfile, "%s.new", arpfile);
@@ -130,6 +131,32 @@ @@ -130,6 +134,32 @@
syslog(LOG_ERR, "rename %s -> %s: %m", newarpfile, arpfile); syslog(LOG_ERR, "rename %s -> %s: %m", newarpfile, arpfile);
return(0); return(0);
} }
@ -50,17 +71,72 @@
return(1); return(1);
} }
@@ -138,7 +165,9 @@ @@ -138,7 +168,64 @@
readdata(void) readdata(void)
{ {
register FILE *f; register FILE *f;
+ char line[1024]; + char line[1024];
+ char buf[MAXNAMLEN];
+ char path[MAXNAMLEN + 1];
+ int len, i;
+ DIR *dirp;
+ struct dirent *dp;
+ struct ifdesc *idp;
+
+ /* interface descriptions */
+ if ((dirp = opendir(arpdir)) == NULL)
+ {
+ syslog(LOG_ERR, "opendir(%s)", arpdir);
+ return(0);
+ }
+
+ idp = if_desc = (struct ifdesc *) malloc(sizeof(struct ifdesc));
+ idp->name = idp->desc = NULL;
+ idp->next = NULL;
+
+ while ((dp = readdir(dirp)) != NULL)
+ {
+ if (dp->d_type == DT_LNK)
+ {
+ for (i=0; i < dp->d_namlen; i++)
+ path[i] = dp->d_name[i];
+
+ path[dp->d_namlen] = '\0';
+
+ if ((len = readlink(path, buf, MAXNAMLEN)) == -1)
+ {
+ syslog(LOG_ERR, "readlink(path) failed");
+ return(0);
+ }
+
+ buf[len] = '\0';
+
+ idp->next = (struct ifdesc *) malloc(sizeof(struct ifdesc));
+ idp = idp->next;
+ idp->next = NULL;
+ asprintf(&idp->name, "%s", path);
+ asprintf(&idp->desc, "%s", buf);
+ }
+ }
+
+ if (if_desc->next == NULL)
+ {
+ free(if_desc);
+ idp = if_desc = NULL;
+ }
+ else
+ {
+ idp = if_desc;
+ if_desc = if_desc->next;
+ free(idp);
+ idp = NULL;
+ }
+ /* arp.dat */ + /* arp.dat */
if ((f = fopen(arpfile, "r")) == NULL) { if ((f = fopen(arpfile, "r")) == NULL) {
syslog(LOG_ERR, "fopen(%s): %m", arpfile); syslog(LOG_ERR, "fopen(%s): %m", arpfile);
return(0); return(0);
@@ -147,6 +176,15 @@ @@ -147,6 +234,15 @@
(void)fclose(f); (void)fclose(f);
return(0); return(0);
} }

View file

@ -1,6 +1,12 @@
--- ../arpwatch.orig/util.h Sun Oct 6 06:22:14 1996 --- util.h.orig Sun Oct 6 06:22:14 1996
+++ ./util.h Wed Sep 10 13:03:27 2003 +++ util.h Fri Jun 11 12:35:32 2004
@@ -11,6 +11,9 @@ @@ -1,4 +1,4 @@
-/* @(#) $Header: util.h,v 1.2 96/10/06 03:22:13 leres Exp $ (LBL) */
+/* @(#) $Header: /src/arpwatch/util.h,v 1.4 2004/06/10 19:19:38 mdg Exp $ (LBL) */
void dosyslog(int, char *, u_int32_t, u_char *, u_char *);
int dump(void);
@@ -11,9 +11,19 @@
extern char *arpfile; extern char *arpfile;
extern char *oldarpfile; extern char *oldarpfile;
extern char *ethercodes; extern char *ethercodes;
@ -10,3 +16,13 @@
extern u_char zero[6]; extern u_char zero[6];
extern u_char allones[6]; extern u_char allones[6];
extern int debug;
extern int initializing;
+
+struct ifdesc
+{
+ char *name;
+ char *desc;
+ struct ifdesc *next;
+};