130 lines
3.6 KiB
Text
130 lines
3.6 KiB
Text
|
|
netmond-2.2-b6-port
|
|
|
|
This document describe additions & changes relatively original
|
|
netmon-2.2-b6 source code.
|
|
|
|
##################################################################
|
|
|
|
SrcAddress patch
|
|
|
|
##################################################################
|
|
|
|
Sometimes you need explisitly set source IP address for packets
|
|
ejected to some host from multihoming (or multialiasing) host.
|
|
|
|
For example:
|
|
|
|
- you need to check host accessability via predefined route, not
|
|
matching default route for this host.
|
|
|
|
- remote host can have "strange" configured packet filters so only
|
|
specific IP addresses accepted.
|
|
|
|
- traffic priority settings exits somethere on trace to host.
|
|
This may impact network managenment traffic while
|
|
some channels overloaded.
|
|
|
|
Added directive "SrcAddress" in global context and in object contest.
|
|
|
|
In global context this directive explisitly set source IP address for all
|
|
objects when source IP not defined inside this object definition.
|
|
If no directive specified, default source address 0.0.0.0 assigned.
|
|
|
|
Inside object definition this directive set source IP address for this
|
|
object only. All IP packets ejected to this host have this source address.
|
|
|
|
When nowhere directive specified, the programm behave like before
|
|
patch applying.
|
|
|
|
Example:
|
|
|
|
SrcAddress "192.168.2.1"
|
|
|
|
Object "somehost" {
|
|
Address "192.168.1.2"
|
|
SrcAddress "192.168.1.1"
|
|
....................
|
|
}
|
|
|
|
Flaws:
|
|
No preliminary IP address validity check applied. So until first packet processed
|
|
you can't to know IP address mistaken.
|
|
NetState server can't report source IP addresses for objects.
|
|
|
|
##################################################################
|
|
|
|
UID-GID-ChRoot Patch
|
|
|
|
##################################################################
|
|
For save methods PIPE or FILE in some cases need to fork daugther process.
|
|
Usally, "netmond" working under "root" privrleges, so daugther processes
|
|
will have "root" privrleges too. This is unsecure.
|
|
|
|
Directives "UserName" "GroupName" "ChrootDir" added in global context.
|
|
When used this directives, before daugther process launching
|
|
(after 'fork' but before 'exec') "chroot" syscall performed for specified
|
|
directory ( if no direcive - no "chroot") and process GID, UID changes.
|
|
|
|
By default, no chroot performed, UserName = netmon, GroupName = netmon.
|
|
|
|
Example:
|
|
|
|
UserName "nobody"
|
|
GroupName "nogroup"
|
|
ChRootDir "/var/netmon"
|
|
|
|
However you can set UserName=root GroupName=wheel if needed.
|
|
|
|
##################################################################
|
|
|
|
NetState BindAddress Patch
|
|
|
|
##################################################################
|
|
Sometimes you need explicitly set IP address to bind for NetState
|
|
server.
|
|
|
|
Directive "BindAddress" added in "Port" context.
|
|
|
|
Example:
|
|
|
|
Port 3333 {
|
|
BindAddress "192.168.1.1"
|
|
............
|
|
}
|
|
Or:
|
|
|
|
NetState {
|
|
Port 3333
|
|
BindAddress "192.168.1.1"
|
|
}
|
|
|
|
By default, NetState expect incoming TCP connection on all local
|
|
addresses.
|
|
|
|
##################################################################
|
|
|
|
Trap Patch
|
|
|
|
##################################################################
|
|
Sometimes you need explicitly set IP Address to accept incoming SNMP
|
|
traps on.
|
|
|
|
|
|
Direcive "TrapBindAddress" added in global context.
|
|
|
|
Example:
|
|
TrapBindAddress "192.168.1.1"
|
|
|
|
By default, trap collector expect incoming SNMP traps on all local
|
|
addresses.
|
|
|
|
|
|
##################################################################
|
|
|
|
PID-file all the time is written to /var/run/netmond.pid
|
|
|
|
##################################################################
|
|
|
|
Possibility added to use russian letters in NetState requests and
|
|
regular expressions.
|