6dca1823d9
Corrected DESCR regarding name of BPF in -CURRENT. Added #!/bin/sh to two shellscripts in the distribution. PR: 14520 Submitted by: maintainer adding the following functionality to trafd: -D run in foregroud -I don't distinguish ports/protocols (count only by IP) -S count only IP from this range(s) (all other IP accounted AS 255.255.255.255) -A aggregate IP-addresses in given network(s) PR: 14521 Submitted by: maintainer
228 lines
5.8 KiB
Text
228 lines
5.8 KiB
Text
--- trafd.orig/main.c Sun Jun 6 08:54:09 1999
|
|
+++ trafd/main.c Sun Jun 6 08:53:33 1999
|
|
@@ -53,6 +53,17 @@
|
|
int pflag; /* don't put the interface into promiscuous mode */
|
|
int rflag; /* attempt to resume data from safe file if exist */
|
|
|
|
+int Iflag = 0; /* don't destinguish packets by port/protocol -> only by IP */
|
|
+int Dflag = 1; /* do daemonize */
|
|
+
|
|
+#define MAX_ACC_ADDRESSES 256
|
|
+
|
|
+struct AccRecord AccAddr[MAX_ACC_ADDRESSES];
|
|
+int AccRecNum = 0;
|
|
+
|
|
+struct AccRecord AggAddr[MAX_ACC_ADDRESSES];
|
|
+int AggRecNum = 0;
|
|
+
|
|
/* Global interrupts flags */
|
|
int flag_hup; /* SIGHUP - drop collected data to tempfile */
|
|
int flag_int; /* SIGINT - append collected data to savefile */
|
|
@@ -80,7 +91,52 @@
|
|
|
|
static int if_fd = -1;
|
|
|
|
-void
|
|
+int getnet(char *s, struct AccRecord *ar)
|
|
+{
|
|
+ int rc;
|
|
+ char *r;
|
|
+ r = strchr(s, '/');
|
|
+ if (r) *r++ = '\0';
|
|
+ rc = inet_aton(s, (struct in_addr *)&ar->network);
|
|
+ if (rc != 1 || !r || !atoi(r)) {
|
|
+ fprintf(stderr, "Incorrect parametr '%s' must be in XXX.XXX.XXX.XXX/MASKLEN form\n", s);
|
|
+ exit(1);
|
|
+ }
|
|
+ ar->netmask = htonl(~(0xFFFFFFFF >> atoi(r)));
|
|
+ ar->network &= ar->netmask;
|
|
+ return(0);
|
|
+}
|
|
+
|
|
+void AccAdd(char *s, struct AccRecord *ar, int *ap) {
|
|
+ if (isdigit(*s)) { /* network */
|
|
+ if (*ap + 1 >= MAX_ACC_ADDRESSES) {
|
|
+ fprintf( stderr, "too many '-S/-A' flags, only %d allowed for each\n", MAX_ACC_ADDRESSES );
|
|
+ exit(1);
|
|
+ }
|
|
+ getnet(optarg, &ar[(*ap)++]);
|
|
+ } else { /* file */
|
|
+ char buf[256];
|
|
+ FILE *f = fopen(s, "r");
|
|
+ if (!f) {
|
|
+ perror("can't open file");
|
|
+ exit(1);
|
|
+ }
|
|
+ while(fgets(buf, sizeof(buf)-1, f)) {
|
|
+ char *ent;
|
|
+ if (*ap + 1 >= MAX_ACC_ADDRESSES) {
|
|
+ fprintf( stderr, "too many entries in %s, only %d allowed for each\n", s, MAX_ACC_ADDRESSES );
|
|
+ exit(1);
|
|
+ }
|
|
+ ent = buf;
|
|
+ while(*ent && isspace(*ent)) ent++;
|
|
+ if (!*ent || *ent == '#') continue;
|
|
+ getnet(buf, &ar[(*ap)++]);
|
|
+ }
|
|
+ fclose(f);
|
|
+ }
|
|
+}
|
|
+
|
|
+int
|
|
main(argc, argv)
|
|
int argc;
|
|
char **argv;
|
|
@@ -100,7 +156,7 @@
|
|
program_name = stripdir(argv[0]);
|
|
|
|
opterr = 0;
|
|
- while ((op = getopt(argc, argv, "c:df:F:i:Opr")) != EOF)
|
|
+ while ((op = getopt(argc, argv, "c:df:F:i:OprIS:A:D")) != EOF)
|
|
switch (op) {
|
|
case 'c':
|
|
cnt = atoi(optarg);
|
|
@@ -126,6 +182,18 @@
|
|
case 'r':
|
|
++rflag;
|
|
break;
|
|
+ case 'I':
|
|
+ Iflag = 1;
|
|
+ break;
|
|
+ case 'D':
|
|
+ Dflag = 0;
|
|
+ break;
|
|
+ case 'S':
|
|
+ AccAdd(optarg, AccAddr, &AccRecNum);
|
|
+ break;
|
|
+ case 'A':
|
|
+ AccAdd(optarg, AggAddr, &AggRecNum);
|
|
+ break;
|
|
default:
|
|
usage();
|
|
}
|
|
@@ -185,7 +253,9 @@
|
|
device_name);
|
|
|
|
/* Jump to background */
|
|
- daemon(1, 0);
|
|
+ if (Dflag)
|
|
+ daemon(1, 0);
|
|
+
|
|
if ((fd = fopen(file_pid, "w")) == NULL)
|
|
exit(1);
|
|
|
|
@@ -207,6 +277,7 @@
|
|
(void)syslog(LOG_ERR, "(%s) traffic collector aborted: %m",
|
|
device_name);
|
|
exit(1);
|
|
+ return(1);
|
|
}
|
|
|
|
/* make a clean exit on interrupts */
|
|
@@ -284,6 +355,22 @@
|
|
fprintf(stderr, "trafd v%s - tcp/udp data traffic collector daemon\n",
|
|
version);
|
|
fprintf(stderr,
|
|
-"Usage: %s [-dOpr] [-c count] [-i iface] [-f ext] [-F file | expr]\n", program_name);
|
|
+ "Usage: %s [<flags>] [-F file | expr]\n"
|
|
+ "flags:\n"
|
|
+ "\t-d\t\tdump packet-matching code\n"
|
|
+ "\t-O\t\tdon't run the packet-matching code optimizer\n"
|
|
+ "\t-p\t\tdon't put the interface into promiscuous mode\n"
|
|
+ "\t-r\t\tattempt to resume data from safe file if exist\n"
|
|
+ "\t-I\t\tdon't destinguish ports and protocols\n"
|
|
+ "\t-D\t\trun in foreground\n"
|
|
+ "\t-c <N>\t\taccount only <N> packets\n"
|
|
+ "\t-i <iface>\tlisten interface <iface>\n"
|
|
+ "\t-S <net/mlen>\tdo accounting only for this address range\n"
|
|
+ "\t-S <filename>\t--\"\"--, read address ranges from file\n"
|
|
+ "\t-A <net/mlen>\taggregate addreses from this range to one\n"
|
|
+ "\t-A <filename>\t--\"\"--, read address range from file\n"
|
|
+ "\t-f <ext>\tuse <ext> as interface name for data files\n"
|
|
+ "\n",
|
|
+ program_name);
|
|
exit(-1);
|
|
}
|
|
diff -u -N -r trafd.orig/trafd.h trafd/trafd.h
|
|
--- trafd.orig/trafd.h Sun Jun 6 08:54:09 1999
|
|
+++ trafd/trafd.h Sun Jun 6 08:16:50 1999
|
|
@@ -32,3 +32,15 @@
|
|
extern void traf_save();
|
|
extern void traf_pipe();
|
|
extern void traf_clear();
|
|
+
|
|
+struct AccRecord {
|
|
+ unsigned int network;
|
|
+ unsigned int netmask;
|
|
+};
|
|
+
|
|
+extern struct AccRecord AccAddr[];
|
|
+extern int AccRecNum;
|
|
+
|
|
+extern struct AccRecord AggAddr[];
|
|
+extern int AggRecNum;
|
|
+
|
|
\ No newline at end of file
|
|
diff -u -N -r trafd.orig/traffic.c trafd/traffic.c
|
|
--- trafd.orig/traffic.c Sun Jun 6 08:54:09 1999
|
|
+++ trafd/traffic.c Sun Jun 6 08:53:33 1999
|
|
@@ -138,6 +138,9 @@
|
|
return -2;
|
|
}
|
|
|
|
+
|
|
+extern int Iflag;
|
|
+extern struct bpf_program *Scode;
|
|
/*
|
|
* Insert entry.
|
|
*/
|
|
@@ -146,8 +149,48 @@
|
|
register p_entry e;
|
|
/* return -1 if success digit if already in table or -2 if table full */
|
|
{
|
|
- register int ec = findentry(e);
|
|
+ register int ec;
|
|
register unsigned inx;
|
|
+
|
|
+ if (Iflag) { /* don't match/store protocol&ports */
|
|
+ e->ip_protocol = 0;
|
|
+ e->who_srv = 0;
|
|
+ e->p_port = 0;
|
|
+ }
|
|
+
|
|
+ if (AccRecNum) {
|
|
+ int i;
|
|
+ int src = 0, dst = 0;
|
|
+ for(i = 0; i < AccRecNum; i++) {
|
|
+ if ((e->in_ip.s_addr & AccAddr[i].netmask) ==
|
|
+ AccAddr[i].network) src = 1;
|
|
+ if ((e->out_ip.s_addr & AccAddr[i].netmask) ==
|
|
+ AccAddr[i].network) dst = 1;
|
|
+ }
|
|
+ if (!src) e->in_ip.s_addr = 0xFFFFFFFF;
|
|
+ if (!dst) e->out_ip.s_addr = 0xFFFFFFFF;
|
|
+ }
|
|
+
|
|
+ if (AggRecNum) {
|
|
+ int i;
|
|
+ int src = 0, dst = 0;
|
|
+ for(i = 0; i < AggRecNum; i++) {
|
|
+ if (!src &&
|
|
+ (e->in_ip.s_addr & AggAddr[i].netmask) ==
|
|
+ AggAddr[i].network) {
|
|
+ src = 1;
|
|
+ e->in_ip.s_addr = (e->in_ip.s_addr & AggAddr[i].netmask);
|
|
+ }
|
|
+ if (!dst &&
|
|
+ (e->out_ip.s_addr & AggAddr[i].netmask) ==
|
|
+ AggAddr[i].network) {
|
|
+ dst = 1;
|
|
+ e->out_ip.s_addr = (e->out_ip.s_addr & AggAddr[i].netmask);
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+
|
|
+ ec = findentry(e);
|
|
if (ec != -1)
|
|
return ec;
|
|
inx = hash(e);
|