Changeset 149 for trunk/src/sh_portcheck.c
- Timestamp:
- Jan 7, 2008, 8:52:13 PM (17 years ago)
- File:
-
- 1 edited
-
trunk/src/sh_portcheck.c (modified) (53 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/sh_portcheck.c
r140 r149 80 80 #define SH_PORT_OPT 2 81 81 #define SH_PORT_IGN 3 82 #define SH_PORT_BLACKLIST 4 82 83 83 84 #define SH_PORT_MISS 0 … … 87 88 #define SH_PORT_NOREPT 0 88 89 #define SH_PORT_REPORT 1 90 91 #define SH_PROTO_TCP 0 92 #define SH_PROTO_UDP 1 93 #define SH_PROTO_STR(a) (((a) == IPPROTO_TCP) ? _("tcp") : _("udp")) 89 94 90 95 struct sh_portentry { … … 101 106 static struct sh_portentry * portlist_udp = NULL; 102 107 108 struct sh_port { 109 int port; 110 struct in_addr haddr; 111 struct sh_port * next; 112 }; 113 114 static struct sh_port * blacklist_tcp = NULL; 115 static struct sh_port * blacklist_udp = NULL; 116 103 117 #define SH_PORTCHK_INTERVAL 300 104 118 … … 117 131 #include "sh_pthread.h" 118 132 133 SH_MUTEX_STATIC(mutex_port_check, PTHREAD_MUTEX_INITIALIZER); 134 119 135 static int sh_portchk_severity = SH_ERR_SEVERE; 120 136 #endif … … 132 148 static int sh_portchk_add_optional (const char * str); 133 149 150 /* Exported interface to add blacklisted ports as 'iface:portlist' 151 */ 152 static int sh_portchk_add_blacklist (const char * str); 153 134 154 /* Exported interface to add an ethernet interface 135 155 */ 136 156 static int sh_portchk_add_interface (const char * str); 137 157 158 /* verify whether port/interface is blacklisted (do not check) 159 */ 160 static int sh_portchk_is_blacklisted(int port, struct in_addr haddr, int proto); 138 161 139 162 #ifndef TEST_ONLY … … 148 171 if (val <= 0) 149 172 { 173 SH_MUTEX_LOCK(mutex_thread_nolog); 150 174 sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, 151 175 _("port check interval"), c); 176 SH_MUTEX_UNLOCK(mutex_thread_nolog); 152 177 retval = -1; 153 178 } … … 196 221 }, 197 222 { 223 N_("portcheckskip"), 224 sh_portchk_add_blacklist, 225 }, 226 { 198 227 N_("portcheckactive"), 199 228 sh_portchk_set_active, … … 232 261 233 262 234 static char * check_services (int port, char *proto);263 static char * check_services (int port, int proto); 235 264 236 265 #ifdef TEST_ONLY … … 249 278 #endif 250 279 251 static void sh_portchk_add_to_list ( char *proto,280 static void sh_portchk_add_to_list (int proto, 252 281 int port, struct in_addr haddr, char * service, 253 282 int flag, int status) … … 257 286 if (portchk_debug) 258 287 fprintf(stderr, _("add to list: port %d/%s %d %d (%s)\n"), 259 port, proto, flag, status, service ? service : _("undef"));288 port, SH_PROTO_STR(proto), flag, status, service ? service : _("undef")); 260 289 261 290 new->port = port; … … 270 299 else 271 300 new->service = NULL; 272 if ( 0 == strcmp(proto, "tcp"))301 if (proto == IPPROTO_TCP) 273 302 { 274 303 new->next = portlist_tcp; … … 322 351 } 323 352 353 static struct sh_port * sh_portchk_kill_blacklist (struct sh_port * head) 354 { 355 if (head) 356 { 357 if (head->next) 358 sh_portchk_kill_blacklist (head->next); 359 360 SH_FREE(head); 361 } 362 return NULL; 363 } 364 324 365 /* check the list of open ports for any that are marked as UNKN 325 366 */ 326 static void sh_portchk_check_list (struct sh_portentry ** head, char *proto, int report)367 static void sh_portchk_check_list (struct sh_portentry ** head, int proto, int report) 327 368 { 328 369 struct sh_portentry * ptr = *head; … … 334 375 if (portchk_debug && report) 335 376 fprintf(stderr, _("check list: port %d/%s %d %d\n"), 336 ptr->port, proto, ptr->flag, ptr->status);377 ptr->port, SH_PROTO_STR(proto), ptr->flag, ptr->status); 337 378 338 379 if (ptr->status == SH_PORT_UNKN) … … 343 384 { 344 385 snprintf (errbuf, sizeof(errbuf), _("POLICY [ServiceMissing] port %s:%d/%s (%s)"), 345 ptr->interface, ptr->port, proto,386 ptr->interface, ptr->port, SH_PROTO_STR(proto), 346 387 ptr->service ? ptr->service : check_services(ptr->port, proto)); 347 388 #ifdef TEST_ONLY … … 350 391 #else 351 392 if (report == SH_PORT_REPORT) 352 sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0, 353 MSG_PORT_REPORT, errbuf); 393 { 394 SH_MUTEX_LOCK(mutex_thread_nolog); 395 sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0, 396 MSG_PORT_REPORT, errbuf); 397 SH_MUTEX_UNLOCK(mutex_thread_nolog); 398 } 354 399 #endif 355 400 } … … 361 406 if (portchk_debug && report) 362 407 fprintf(stderr, _("removing: port %d/%s %d %d\n"), 363 ptr->port, proto, ptr->flag, ptr->status);408 ptr->port, SH_PROTO_STR(proto), ptr->flag, ptr->status); 364 409 365 410 if (ptr == *head) … … 399 444 400 445 401 static struct sh_portentry * sh_portchk_get_from_list ( char *proto, int port,446 static struct sh_portentry * sh_portchk_get_from_list (int proto, int port, 402 447 struct in_addr haddr, char * service) 403 448 { … … 407 452 sl_strlcpy (iface_all, _("0.0.0.0"), sizeof(iface_all)); 408 453 409 if ( 0 == strcmp(proto, "tcp"))454 if (proto == IPPROTO_TCP) 410 455 portlist = portlist_tcp; 411 456 else … … 439 484 440 485 441 static void sh_portchk_cmp_to_list ( char *proto, int port, struct in_addr haddr, char * service)486 static void sh_portchk_cmp_to_list (int proto, int port, struct in_addr haddr, char * service) 442 487 { 443 488 struct sh_portentry * portent; … … 452 497 { 453 498 snprintf (errbuf, sizeof(errbuf), _("POLICY [ServiceNew] port %s:%d/%s (%s)"), 454 inet_ntoa(haddr), port, proto, service);499 inet_ntoa(haddr), port, SH_PROTO_STR(proto), service); 455 500 #ifdef TEST_ONLY 456 501 fprintf(stderr, _("open port: %s:%d/%s (%s)\n"), 457 inet_ntoa(haddr), port, proto, service); 458 #else 502 inet_ntoa(haddr), port, SH_PROTO_STR(proto), service); 503 #else 504 SH_MUTEX_LOCK(mutex_thread_nolog); 459 505 sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0, 460 506 MSG_PORT_REPORT, errbuf); 507 SH_MUTEX_UNLOCK(mutex_thread_nolog); 461 508 #endif 462 509 /* … … 468 515 { 469 516 snprintf (errbuf, sizeof(errbuf), _("POLICY [ServiceRestarted] port %s:%d/%s to %d/%s (%s)"), 470 inet_ntoa(haddr), portent->port, proto, port, proto, service);517 inet_ntoa(haddr), portent->port, SH_PROTO_STR(proto), port, SH_PROTO_STR(proto), service); 471 518 #ifdef TEST_ONLY 472 519 fprintf(stderr, _("service: %s\n"), errbuf); 473 520 #else 521 SH_MUTEX_LOCK(mutex_thread_nolog); 474 522 sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0, 475 523 MSG_PORT_REPORT, errbuf); 524 SH_MUTEX_UNLOCK(mutex_thread_nolog); 476 525 #endif 477 526 … … 481 530 { 482 531 snprintf (errbuf, sizeof(errbuf), _("POLICY [ServicePortSwitch] port %s:%d/%s to %d/%s (%s)"), 483 inet_ntoa(haddr), portent->port, proto, port, proto, service);532 inet_ntoa(haddr), portent->port, SH_PROTO_STR(proto), port, SH_PROTO_STR(proto), service); 484 533 #ifdef TEST_ONLY 485 534 fprintf(stderr, _("service: %s\n"), errbuf); 486 535 #else 536 SH_MUTEX_LOCK(mutex_thread_nolog); 487 537 sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0, 488 538 MSG_PORT_REPORT, errbuf); 539 SH_MUTEX_UNLOCK(mutex_thread_nolog); 489 540 #endif 490 541 portent->port = port; … … 501 552 { 502 553 snprintf (errbuf, sizeof(errbuf), _("POLICY [ServiceNew] port %s:%d/%s (%s)"), 503 inet_ntoa(haddr), port, proto, check_services(port, proto));554 inet_ntoa(haddr), port, SH_PROTO_STR(proto), check_services(port, proto)); 504 555 #ifdef TEST_ONLY 505 556 fprintf(stderr, _("open port: %s:%d/%s (%s)\n"), 506 inet_ntoa(haddr), port, proto, check_services(port, proto)); 507 #else 557 inet_ntoa(haddr), port, SH_PROTO_STR(proto), check_services(port, proto)); 558 #else 559 SH_MUTEX_LOCK(mutex_thread_nolog); 508 560 sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0, 509 561 MSG_PORT_REPORT, errbuf); 562 SH_MUTEX_UNLOCK(mutex_thread_nolog); 510 563 #endif 511 564 … … 517 570 { 518 571 snprintf (errbuf, sizeof(errbuf), _("POLICY [ServiceRestarted] port %s:%d/%s (%s)"), 519 inet_ntoa(haddr), port, proto, check_services(port, proto));572 inet_ntoa(haddr), port, SH_PROTO_STR(proto), check_services(port, proto)); 520 573 #ifdef TEST_ONLY 521 574 fprintf(stderr, _("port : %s\n"), errbuf); 522 575 #else 576 SH_MUTEX_LOCK(mutex_thread_nolog); 523 577 sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0, 524 578 MSG_PORT_REPORT, errbuf); 579 SH_MUTEX_UNLOCK(mutex_thread_nolog); 525 580 #endif 526 581 … … 541 596 * Returns NULL on failure 542 597 */ 543 static char * check_services (int port, char *proto)598 static char * check_services (int port, int proto) 544 599 { 545 600 static char buf[256]; 546 struct servent * service = getservbyport(htons(port), proto);601 struct servent * service = getservbyport(htons(port), SH_PROTO_STR(proto)); 547 602 548 603 if (service && service->s_name && service->s_name[0] != '\0') … … 630 685 sl_snprintf(errmsg, sizeof(errmsg), _("check port: %5d/udp on %15s: %s"), 631 686 port, inet_ntoa(haddr), sh_error_message(errno, errbuf, sizeof(errbuf))); 687 SH_MUTEX_LOCK(mutex_thread_nolog); 632 688 sh_error_handle((-1), FIL__, __LINE__, nerr, MSG_E_SUBGEN, 633 689 errmsg, _("connect")); 690 SH_MUTEX_UNLOCK(mutex_thread_nolog); 634 691 #endif 635 692 } … … 666 723 p = check_rpc_list (port, &sinr, IPPROTO_UDP); 667 724 668 sh_portchk_cmp_to_list ( "udp", port, haddr, p ? p : NULL);725 sh_portchk_cmp_to_list (IPPROTO_UDP, port, haddr, p ? p : NULL); 669 726 670 727 /* If not an RPC service, try to get name from /etc/services 671 728 */ 672 729 if (!p) 673 p = check_services(port, "udp");730 p = check_services(port, IPPROTO_UDP); 674 731 675 732 if (portchk_debug) … … 722 779 sl_snprintf(errmsg, sizeof(errmsg), _("check port: %5d/tcp on %15s: %s"), 723 780 port, inet_ntoa(haddr), sh_error_message(errno, errbuf, sizeof(errbuf))); 781 SH_MUTEX_LOCK(mutex_thread_nolog); 724 782 sh_error_handle((-1), FIL__, __LINE__, nerr, MSG_E_SUBGEN, 725 783 errmsg, _("connect")); 784 SH_MUTEX_UNLOCK(mutex_thread_nolog); 726 785 #endif 727 786 } … … 732 791 p = check_rpc_list (port, &sinr, IPPROTO_TCP); 733 792 734 sh_portchk_cmp_to_list ( "tcp", port, haddr, p ? p : NULL);793 sh_portchk_cmp_to_list (IPPROTO_TCP, port, haddr, p ? p : NULL); 735 794 736 795 /* If not an RPC service, try to get name from /etc/services 737 796 */ 738 797 if (!p) 739 p = check_services(port, "tcp");798 p = check_services(port, IPPROTO_TCP); 740 799 741 800 if (portchk_debug) … … 815 874 #endif 816 875 817 int sh_portchk_init (struct mod_type * arg)876 static int sh_portchk_init_internal (void) 818 877 { 819 878 struct hostent * hent; 820 879 int i = 0; 821 880 char errbuf[256]; 822 (void) arg;823 881 824 882 if (portchk_debug) … … 831 889 return -1; 832 890 891 SH_MUTEX_LOCK(mutex_port_check); 833 892 if (iface_initialized == 0) 834 893 { … … 852 911 sl_snprintf(errbuf, sizeof(errbuf), _("interface: %s"), 853 912 inet_ntoa(iface_list.iface[i])); 913 SH_MUTEX_LOCK(mutex_thread_nolog); 854 914 sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN, 855 915 errbuf, _("sh_portchk_init")); 856 } 916 SH_MUTEX_UNLOCK(mutex_thread_nolog); 917 } 918 SH_MUTEX_UNLOCK(mutex_port_check); 857 919 858 920 return 0; 859 921 } 922 923 int sh_portchk_init (struct mod_type * arg) 924 { 925 if (sh_portchk_active == S_FALSE) 926 return SH_MOD_FAILED; 927 if (!portchk_hostname) 928 return SH_MOD_FAILED; 929 930 #ifdef HAVE_PTHREAD 931 if (arg != NULL && arg->initval < 0 && 932 (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE)) 933 { 934 if (0 == sh_pthread_create(sh_threaded_module_run, (void *)arg)) 935 return SH_MOD_THREAD; 936 else 937 return SH_MOD_FAILED; 938 } 939 #endif 940 return sh_portchk_init_internal(); 941 } 942 943 860 944 861 945 #if !defined(TEST_ONLY) 862 946 int sh_portchk_reconf () 863 947 { 948 SH_MUTEX_LOCK(mutex_port_check); 864 949 iface_initialized = 0; 865 866 950 sh_portchk_active = 1; 867 951 sh_portchk_check_udp = 1; 952 sh_portchk_interval = SH_PORTCHK_INTERVAL; 868 953 869 954 portlist_udp = sh_portchk_kill_list (portlist_udp); 870 955 portlist_tcp = sh_portchk_kill_list (portlist_tcp); 956 957 blacklist_udp = sh_portchk_kill_blacklist (blacklist_udp); 958 blacklist_tcp = sh_portchk_kill_blacklist (blacklist_tcp); 959 SH_MUTEX_UNLOCK(mutex_port_check); 871 960 return 0; 872 961 } … … 903 992 while (i < iface_list.used) 904 993 { 994 haddr.s_addr = iface_list.iface[i].s_addr; 995 996 if (0 != sh_portchk_is_blacklisted(port, haddr, protocol)) 997 { 998 ++i; continue; 999 } 1000 905 1001 if ((sock = socket(AF_INET, type, protocol)) < 0 ) 906 1002 { … … 909 1005 perror(_("socket")); 910 1006 #else 1007 SH_MUTEX_LOCK(mutex_thread_nolog); 911 1008 sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, 912 1009 sh_error_message(errno, errbuf, sizeof(errbuf)), _("socket")); 1010 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1011 ++i; 1012 continue; 913 1013 #endif 914 1014 } … … 920 1020 perror(_("setsockopt")); 921 1021 #else 1022 SH_MUTEX_LOCK(mutex_thread_nolog); 922 1023 sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, 923 1024 sh_error_message(errno, errbuf, sizeof(errbuf)),_("setsockopt")); 924 #endif 925 } 926 927 memcpy (&(haddr.s_addr), &(iface_list.iface[i].s_addr), sizeof(in_addr_t)); 1025 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1026 #endif 1027 ++i; 1028 continue; 1029 } 1030 928 1031 929 1032 if (protocol == IPPROTO_TCP) … … 982 1085 perror(_("socket")); 983 1086 #else 1087 SH_MUTEX_LOCK(mutex_thread_nolog); 984 1088 sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, 985 1089 sh_error_message(errno, errbuf, sizeof(errbuf)), _("socket")); 986 #endif 1090 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1091 #endif 1092 continue; 987 1093 } 988 1094 if ( setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, … … 993 1099 perror(_("setsockopt")); 994 1100 #else 1101 SH_MUTEX_LOCK(mutex_thread_nolog); 995 1102 sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, 996 1103 sh_error_message(errno, errbuf, sizeof(errbuf)),_("setsockopt")); 997 #endif 1104 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1105 #endif 1106 continue; 998 1107 } 999 1108 … … 1027 1136 perror(_("bind")); 1028 1137 #else 1138 SH_MUTEX_LOCK(mutex_thread_nolog); 1029 1139 sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, 1030 1140 sh_error_message(errno, errbuf, sizeof(errbuf)), _("bind")); 1141 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1031 1142 #endif 1032 1143 } … … 1067 1178 1068 1179 sl_snprintf(errbuf, sizeof(errbuf), _("interface: %s"), inet_ntoa(haddr)); 1180 SH_MUTEX_LOCK(mutex_thread_nolog); 1069 1181 sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN, 1070 1182 errbuf, _("sh_portchk_add_interface")); 1183 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1071 1184 1072 1185 memcpy (&(iface_list.iface[iface_list.used].s_addr), &(haddr.s_addr), sizeof(in_addr_t)); … … 1076 1189 } 1077 1190 1191 /* verify whether port/interface is blacklisted (do not check) 1192 */ 1193 static int sh_portchk_is_blacklisted(int port, struct in_addr haddr, int proto) 1194 { 1195 struct sh_port * head; 1196 1197 if (proto == IPPROTO_TCP) 1198 head = blacklist_tcp; 1199 else 1200 head = blacklist_udp; 1201 1202 while (head) 1203 { 1204 if (head->port == port) 1205 { 1206 if ((head->haddr.s_addr == 0) || (head->haddr.s_addr == haddr.s_addr)) 1207 return 1; 1208 else 1209 return 0; 1210 } 1211 head = head->next; 1212 } 1213 return 0; 1214 } 1215 1216 1217 static int sh_portchk_blacklist(int port, struct in_addr haddr, int proto) 1218 { 1219 struct sh_port * black; 1220 struct sh_port * head; 1221 1222 if (proto == IPPROTO_TCP) 1223 head = blacklist_tcp; 1224 else 1225 head = blacklist_udp; 1226 1227 black = head; 1228 1229 while (black) 1230 { 1231 if (black->port == port && head->haddr.s_addr == haddr.s_addr) 1232 return -1; 1233 black = black->next; 1234 } 1235 black = SH_ALLOC (sizeof(struct sh_port)); 1236 black->port = port; 1237 black->haddr.s_addr = haddr.s_addr; 1238 black->next = head; 1239 1240 if (proto == IPPROTO_TCP) 1241 blacklist_tcp = black; 1242 else 1243 blacklist_udp = black; 1244 return 0; 1245 } 1246 1078 1247 1079 1248 /* Subroutine to add a required or optional port/service … … 1082 1251 { 1083 1252 char buf[256]; 1084 char proto[4];1253 int proto; 1085 1254 char * p; 1086 1255 char * endptr; … … 1098 1267 return -1; 1099 1268 if (0 == strcmp(p, _("/tcp"))) 1100 sl_strlcpy(proto, _("tcp"), sizeof(proto));1101 else if (0 == strcmp(p, _("/udp"))) 1102 sl_strlcpy(proto, _("udp"), sizeof(proto));1269 proto = IPPROTO_TCP; 1270 else if (0 == strcmp(p, _("/udp"))) 1271 proto = IPPROTO_UDP; 1103 1272 else 1104 1273 return -1; … … 1106 1275 *p = '\0'; 1107 1276 port = strtoul(buf, &endptr, 0); 1277 1278 /* Blacklisted ports 1279 */ 1280 if (*endptr == '\0' && port <= 65535 && type == SH_PORT_BLACKLIST) 1281 return (sh_portchk_blacklist(port, haddr, proto)); 1108 1282 1109 1283 if (*endptr != '\0') … … 1115 1289 { 1116 1290 #ifdef TEST_ONLY 1117 fprintf(stderr, "** WARNING: duplicate port definition %s/%s\n", buf, proto); 1118 #else 1291 fprintf(stderr, "** WARNING: duplicate port definition %s/%s\n", buf, SH_PROTO_STR(proto)); 1292 #else 1293 SH_MUTEX_LOCK(mutex_thread_nolog); 1119 1294 sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, 1120 1295 _("duplicate port definition"), _("sh_portchk_add_required_port_generic")); 1296 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1121 1297 #endif 1122 1298 return -1; … … 1131 1307 { 1132 1308 #ifdef TEST_ONLY 1133 fprintf(stderr, "** WARNING: duplicate port definition %lu/%s\n", port, proto); 1134 #else 1309 fprintf(stderr, "** WARNING: duplicate port definition %lu/%s\n", port, SH_PROTO_STR(proto)); 1310 #else 1311 SH_MUTEX_LOCK(mutex_thread_nolog); 1135 1312 sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, 1136 1313 _("duplicate port definition"), _("sh_portchk_add_required_port_generic")); 1314 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1137 1315 #endif 1138 1316 return -1; … … 1151 1329 size_t len; 1152 1330 size_t ll = 0; 1331 int status; 1153 1332 1154 1333 char * interface = NULL; … … 1213 1392 while (p) 1214 1393 { 1215 if (-1 == sh_portchk_add_required_port_generic (p, interface, type)) 1394 status = sh_portchk_add_required_port_generic (p, interface, type); 1395 1396 if (-1 == status) 1216 1397 { 1217 1398 SH_FREE(interface); … … 1251 1432 } 1252 1433 1434 /* User interface to add ports that should not be checked as 'iface:portlist' 1435 */ 1436 static int sh_portchk_add_blacklist (const char * str) 1437 { 1438 return sh_portchk_add_required_generic (str, SH_PORT_BLACKLIST); 1439 } 1440 1253 1441 /* Interface to run port check 1254 1442 */ … … 1257 1445 int min_port = 0; 1258 1446 1447 SH_MUTEX_LOCK(mutex_port_check); 1259 1448 if (sh_portchk_active != S_FALSE) 1260 1449 { … … 1266 1455 fprintf(stderr, "** WARNING not scanning ports < 1024\n"); 1267 1456 #else 1457 SH_MUTEX_LOCK(mutex_thread_nolog); 1268 1458 sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, 1269 1459 _("not scanning ports below 1024"), _("sh_portchk_check")); 1460 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1270 1461 #endif 1271 1462 } … … 1273 1464 sh_portchk_scan_ports_udp(min_port, -1); 1274 1465 sh_portchk_scan_ports_tcp(min_port, -1); 1275 sh_portchk_check_list (&portlist_tcp, "tcp", SH_PORT_REPORT);1466 sh_portchk_check_list (&portlist_tcp, IPPROTO_TCP, SH_PORT_REPORT); 1276 1467 if (sh_portchk_check_udp == 1) 1277 sh_portchk_check_list (&portlist_udp, "udp", SH_PORT_REPORT); 1278 } 1468 sh_portchk_check_list (&portlist_udp, IPPROTO_UDP, SH_PORT_REPORT); 1469 } 1470 SH_MUTEX_UNLOCK(mutex_port_check); 1279 1471 return 0; 1280 1472 } … … 1292 1484 CuAssertTrue(tc, 0 != inet_aton("127.0.0.1", &haddr_local)); 1293 1485 1294 sh_portchk_add_to_list ( "tcp", 8000, haddr_local, NULL, SH_PORT_NOT, SH_PORT_UNKN);1295 1296 portent = sh_portchk_get_from_list( "tcp", 8000, haddr_local, NULL);1486 sh_portchk_add_to_list (IPPROTO_TCP, 8000, haddr_local, NULL, SH_PORT_NOT, SH_PORT_UNKN); 1487 1488 portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, haddr_local, NULL); 1297 1489 CuAssertPtrNotNull(tc, portent); 1298 1490 … … 1302 1494 CuAssertTrue(tc, portent->flag == SH_PORT_NOT); 1303 1495 1304 sh_portchk_check_list (&portlist_tcp, "tcp", SH_PORT_NOREPT);1496 sh_portchk_check_list (&portlist_tcp, IPPROTO_TCP, SH_PORT_NOREPT); 1305 1497 1306 1498 CuAssertTrue(tc, NULL == portlist_tcp); 1307 1499 1308 sh_portchk_add_to_list ( "tcp", 8000, haddr_local, NULL, SH_PORT_REQ, SH_PORT_UNKN);1309 sh_portchk_add_to_list ( "tcp", 8001, haddr_local, NULL, SH_PORT_NOT, SH_PORT_UNKN);1310 sh_portchk_add_to_list ( "tcp", 8002, haddr_local, NULL, SH_PORT_REQ, SH_PORT_UNKN);1311 sh_portchk_add_to_list ( "tcp", 8003, haddr_local, NULL, SH_PORT_NOT, SH_PORT_UNKN);1312 sh_portchk_add_to_list ( "tcp", 8004, haddr_local, NULL, SH_PORT_IGN, SH_PORT_UNKN);1313 sh_portchk_add_to_list ( "tcp", -1, haddr_local, "foo1", SH_PORT_NOT, SH_PORT_UNKN);1314 sh_portchk_add_to_list ( "tcp", -1, haddr_local, "foo2", SH_PORT_REQ, SH_PORT_UNKN);1315 sh_portchk_add_to_list ( "tcp", -1, haddr_local, "foo3", SH_PORT_NOT, SH_PORT_UNKN);1316 sh_portchk_add_to_list ( "tcp", -1, haddr_local, "foo4", SH_PORT_REQ, SH_PORT_UNKN);1317 sh_portchk_add_to_list ( "tcp", -1, haddr_local, "foo5", SH_PORT_IGN, SH_PORT_UNKN);1318 1319 sh_portchk_check_list (&portlist_tcp, "tcp", SH_PORT_NOREPT);1500 sh_portchk_add_to_list (IPPROTO_TCP, 8000, haddr_local, NULL, SH_PORT_REQ, SH_PORT_UNKN); 1501 sh_portchk_add_to_list (IPPROTO_TCP, 8001, haddr_local, NULL, SH_PORT_NOT, SH_PORT_UNKN); 1502 sh_portchk_add_to_list (IPPROTO_TCP, 8002, haddr_local, NULL, SH_PORT_REQ, SH_PORT_UNKN); 1503 sh_portchk_add_to_list (IPPROTO_TCP, 8003, haddr_local, NULL, SH_PORT_NOT, SH_PORT_UNKN); 1504 sh_portchk_add_to_list (IPPROTO_TCP, 8004, haddr_local, NULL, SH_PORT_IGN, SH_PORT_UNKN); 1505 sh_portchk_add_to_list (IPPROTO_TCP, -1, haddr_local, "foo1", SH_PORT_NOT, SH_PORT_UNKN); 1506 sh_portchk_add_to_list (IPPROTO_TCP, -1, haddr_local, "foo2", SH_PORT_REQ, SH_PORT_UNKN); 1507 sh_portchk_add_to_list (IPPROTO_TCP, -1, haddr_local, "foo3", SH_PORT_NOT, SH_PORT_UNKN); 1508 sh_portchk_add_to_list (IPPROTO_TCP, -1, haddr_local, "foo4", SH_PORT_REQ, SH_PORT_UNKN); 1509 sh_portchk_add_to_list (IPPROTO_TCP, -1, haddr_local, "foo5", SH_PORT_IGN, SH_PORT_UNKN); 1510 1511 sh_portchk_check_list (&portlist_tcp, IPPROTO_TCP, SH_PORT_NOREPT); 1320 1512 1321 1513 CuAssertPtrNotNull(tc, portlist_tcp); 1322 1514 1323 portent = sh_portchk_get_from_list( "tcp", 8000, haddr_local, NULL);1515 portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, haddr_local, NULL); 1324 1516 CuAssertPtrNotNull(tc, portent); 1325 1517 1326 portent = sh_portchk_get_from_list( "tcp", 8001, haddr_local, NULL);1518 portent = sh_portchk_get_from_list(IPPROTO_TCP, 8001, haddr_local, NULL); 1327 1519 CuAssertTrue(tc, NULL == portent); 1328 1520 1329 portent = sh_portchk_get_from_list( "tcp", 8002, haddr_local, NULL);1521 portent = sh_portchk_get_from_list(IPPROTO_TCP, 8002, haddr_local, NULL); 1330 1522 CuAssertPtrNotNull(tc, portent); 1331 1523 1332 portent = sh_portchk_get_from_list( "tcp", 8003, haddr_local, NULL);1524 portent = sh_portchk_get_from_list(IPPROTO_TCP, 8003, haddr_local, NULL); 1333 1525 CuAssertTrue(tc, NULL == portent); 1334 1526 1335 portent = sh_portchk_get_from_list( "tcp", 8004, haddr_local, NULL);1527 portent = sh_portchk_get_from_list(IPPROTO_TCP, 8004, haddr_local, NULL); 1336 1528 CuAssertPtrNotNull(tc, portent); 1337 1529 1338 portent = sh_portchk_get_from_list( "tcp", 8000, haddr_local, "foo1");1530 portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, haddr_local, "foo1"); 1339 1531 CuAssertTrue(tc, NULL == portent); 1340 1532 1341 portent = sh_portchk_get_from_list( "tcp", 8000, haddr_local, "foo2");1533 portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, haddr_local, "foo2"); 1342 1534 CuAssertPtrNotNull(tc, portent); 1343 1535 CuAssertTrue(tc, 0 == strcmp(portent->service, "foo2")); 1344 1536 1345 portent = sh_portchk_get_from_list( "tcp", 8000, haddr_local, "foo3");1537 portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, haddr_local, "foo3"); 1346 1538 CuAssertTrue(tc, NULL == portent); 1347 1539 1348 portent = sh_portchk_get_from_list( "tcp", 8000, haddr_local, "foo4");1540 portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, haddr_local, "foo4"); 1349 1541 CuAssertPtrNotNull(tc, portent); 1350 1542 CuAssertTrue(tc, 0 == strcmp(portent->service, "foo4")); 1351 1543 1352 portent = sh_portchk_get_from_list( "tcp", 8000, haddr_local, "foo5");1544 portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, haddr_local, "foo5"); 1353 1545 CuAssertPtrNotNull(tc, portent); 1354 1546 CuAssertTrue(tc, 0 == strcmp(portent->service, "foo5")); 1547 1548 CuAssertTrue(tc, 0 == sh_portchk_blacklist(666, haddr_local, IPPROTO_TCP)); 1549 CuAssertTrue(tc, 0 != sh_portchk_blacklist(666, haddr_local, IPPROTO_TCP)); 1550 CuAssertTrue(tc, 0 == sh_portchk_blacklist(667, haddr_local, IPPROTO_TCP)); 1551 CuAssertTrue(tc, 0 == sh_portchk_blacklist(668, haddr_local, IPPROTO_TCP)); 1552 CuAssertTrue(tc, 0 == sh_portchk_blacklist(666, haddr_local, IPPROTO_UDP)); 1553 CuAssertTrue(tc, 0 != sh_portchk_blacklist(666, haddr_local, IPPROTO_UDP)); 1554 CuAssertTrue(tc, 0 == sh_portchk_blacklist(667, haddr_local, IPPROTO_UDP)); 1555 CuAssertTrue(tc, 0 == sh_portchk_blacklist(668, haddr_local, IPPROTO_UDP)); 1556 1557 CuAssertTrue(tc, 0 != sh_portchk_is_blacklisted(668, haddr_local, IPPROTO_UDP)); 1558 CuAssertTrue(tc, 0 != sh_portchk_is_blacklisted(667, haddr_local, IPPROTO_UDP)); 1559 CuAssertTrue(tc, 0 != sh_portchk_is_blacklisted(666, haddr_local, IPPROTO_UDP)); 1560 CuAssertTrue(tc, 0 == sh_portchk_is_blacklisted(665, haddr_local, IPPROTO_UDP)); 1561 1562 CuAssertTrue(tc, 0 != sh_portchk_is_blacklisted(668, haddr_local, IPPROTO_TCP)); 1563 CuAssertTrue(tc, 0 != sh_portchk_is_blacklisted(667, haddr_local, IPPROTO_TCP)); 1564 CuAssertTrue(tc, 0 != sh_portchk_is_blacklisted(666, haddr_local, IPPROTO_TCP)); 1565 CuAssertTrue(tc, 0 == sh_portchk_is_blacklisted(665, haddr_local, IPPROTO_TCP)); 1355 1566 #else 1356 1567 (void) tc; /* fix compiler warning */
Note:
See TracChangeset
for help on using the changeset viewer.
