- Timestamp:
- Mar 25, 2015, 11:55:11 PM (10 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/sh_portcheck.c
r439 r468 97 97 #define SH_PORT_IGN 3 98 98 #define SH_PORT_BLACKLIST 4 99 100 static char * sh_port_type2str (int type) 101 { 102 if (type == 0) return _("not"); 103 if (type == 1) return _("req"); 104 if (type == 2) return _("opt"); 105 if (type == 3) return _("ign"); 106 if (type == 4) return _("blc"); 107 return _("???"); 108 } 99 109 100 110 #define SH_PORT_MISS 0 … … 755 765 char saddr[SH_IP_BUF]; 756 766 767 if (portchk_debug) 768 fprintf(stderr, _("call to sh_ipvx_ntoa (port %d)\n"), port); 769 757 770 sh_ipvx_ntoa(saddr, sizeof(saddr), paddr); 758 771 … … 991 1004 { 992 1005 sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr); 993 fprintf(stderr, _("check port_tcp: %5d on %15s established/time_wait\n"),1006 fprintf(stderr, _("check port_tcp: %5d on %15s closed\n"), 994 1007 port, ipbuf); 995 1008 } … … 1114 1127 static int sh_portchk_init_internal (void) 1115 1128 { 1116 volatile int i ; /* might be clobbered by âlongjmpâ or âvforkâ*/1129 volatile int i, j; /* might be clobbered by âlongjmpâ or âvforkâ*/ 1117 1130 char errbuf[256]; 1118 1131 #if defined(USE_IPVX) … … 1147 1160 { 1148 1161 struct sockaddr_in sin; 1162 struct sh_sockaddr iface_tmp; 1149 1163 1150 1164 memcpy(&(sin.sin_addr.s_addr), hent->h_addr_list[i], sizeof(in_addr_t)); 1165 sh_ipvx_save(&iface_tmp, AF_INET, (struct sockaddr *)&sin); 1166 1167 for (j = 0; j < iface_list.used; ++j) 1168 { 1169 if (0 == sh_ipvx_cmp(&iface_tmp, &(iface_list.iface[j]))) 1170 { 1171 goto next_iface; 1172 } 1173 } 1174 1151 1175 sh_ipvx_save(&(iface_list.iface[iface_list.used]), 1152 1176 AF_INET, (struct sockaddr *)&sin); … … 1156 1180 char buf[256]; 1157 1181 sh_ipvx_ntoa(buf, sizeof(buf), &(iface_list.iface[iface_list.used])); 1158 fprintf(stderr, _(" interface[%d]: %s\n"), i, buf);1182 fprintf(stderr, _("added interface[%d]: %s\n"), i, buf); 1159 1183 } 1160 1184 ++iface_list.used; 1185 1186 next_iface: 1161 1187 ++i; 1162 1188 } … … 1170 1196 { 1171 1197 struct addrinfo *p = res; 1198 struct sh_sockaddr iface_tmp; 1172 1199 1173 1200 while ((p != NULL) && (iface_list.used < SH_IFACE_MAX)) 1174 1201 { 1202 sh_ipvx_save(&iface_tmp, p->ai_family, p->ai_addr); 1203 1204 for (j = 0; j < iface_list.used; ++j) 1205 { 1206 if (portchk_debug) 1207 { 1208 char buf1[256], buf2[256]; 1209 sh_ipvx_ntoa(buf1, sizeof(buf1), &(iface_list.iface[j])); 1210 sh_ipvx_ntoa(buf2, sizeof(buf2), &iface_tmp); 1211 fprintf(stderr, _("check interface[%d]: %s vs %s\n"), j, buf1, buf2); 1212 } 1213 if (0 == sh_ipvx_cmp(&iface_tmp, &(iface_list.iface[j]))) 1214 { 1215 if (portchk_debug) 1216 fprintf(stderr, _("skipping interface[%d]\n"), j); 1217 goto next_iface; 1218 } 1219 } 1175 1220 sh_ipvx_save(&(iface_list.iface[iface_list.used]), 1176 1221 p->ai_family, p->ai_addr); 1222 1223 if (portchk_debug) 1224 { 1225 char buf[256]; 1226 sh_ipvx_ntoa(buf, sizeof(buf), &(iface_list.iface[iface_list.used])); 1227 fprintf(stderr, _("added interface[%d]: %s\n"), iface_list.used, buf); 1228 } 1229 1177 1230 ++iface_list.used; 1231 1232 next_iface: 1178 1233 p = p->ai_next; 1179 1234 } … … 1185 1240 { 1186 1241 sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), &(iface_list.iface[i])); 1187 sl_snprintf(errbuf, sizeof(errbuf), _(" interface: %s"), ipbuf);1242 sl_snprintf(errbuf, sizeof(errbuf), _("added interface: %s"), ipbuf); 1188 1243 1189 1244 SH_MUTEX_LOCK(mutex_thread_nolog); … … 1390 1445 max_port = 65535; 1391 1446 1447 if (portchk_debug) 1448 fprintf(stderr, _("scan_ports_generic %d-%d %s %s\n"), 1449 min_port, max_port, (domain == AF_INET6) ? _("AF_INET6") : _("AF_INET"), 1450 (protocol == IPPROTO_TCP) ? _("tcp") : _("udp")); 1451 1392 1452 for (port = min_port; port <= max_port; ++port) 1393 1453 { … … 1612 1672 else 1613 1673 blacklist_udp = black; 1674 1675 if (portchk_debug) 1676 { 1677 int checkit = sh_portchk_is_blacklisted(port, saddr, proto); 1678 fprintf(stderr, _("port blacklisted: %d %s\n"), port, 1679 (checkit == 1) ? _("ok") : _("fail")); 1680 } 1614 1681 return 0; 1615 1682 } … … 1647 1714 port = strtoul(buf, &endptr, 0); 1648 1715 1716 if (portchk_debug) 1717 { 1718 char buf[SH_IP_BUF]; 1719 sh_ipvx_ntoa(buf, sizeof(buf), &saddr); 1720 fprintf(stderr, _("add_port_generic: %s (%s) %d %s (%s)\n"), 1721 interface, buf, (int) port, (proto == IPPROTO_TCP) ? _("tcp") : _("udp"), 1722 sh_port_type2str(type)); 1723 } 1724 1649 1725 /* Blacklisted ports 1650 1726 */ … … 1707 1783 static int sh_portchk_add_required_generic (const char * str, int type) 1708 1784 { 1709 size_t len;1710 1785 size_t ll = 0; 1711 1786 int status; … … 1723 1798 if (strchr(str, ':')) 1724 1799 { 1725 len = strlen(str);1726 for (ll = 0; ll < len; ++ll)1727 { 1728 if (str[ll] == ':' || str[ll] == ' ' || str[ll] == '\t')1729 {1730 interface = SH_ALLOC(ll+1);1731 sl_strlcpy(interface, str, ll+1);1732 interface[ll] = '\0'; 1733 while (str[ll] == ':' || str[ll] == ' ' || str[ll] == '\t')1734 ++ll; 1735 break;1736 }1800 char *last = strrchr(str, ':'); 1801 if (last != NULL) 1802 { 1803 size_t tolast = (last - str); 1804 interface = SH_ALLOC(tolast+1); 1805 sl_strlcpy(interface, str, tolast+1); 1806 interface[tolast] = '\0'; 1807 1808 ll = tolast; 1809 1810 while (str[ll] == ':' || str[ll] == ' ' || str[ll] == '\t') 1811 ++ll; 1737 1812 } 1738 1813 } … … 1756 1831 1757 1832 if (portchk_debug) 1758 fprintf(stderr, "add ports for interface: %s \n", interface);1833 fprintf(stderr, "add ports for interface: %s (%s)\n", interface, sh_port_type2str(type)); 1759 1834 1760 1835 list = sh_util_strdup(&str[ll]); -
trunk/test/testrun_1e.sh
r295 r468 75 75 egrep 'CRIT.*POLICY \[ServiceNew\]' $LOGFILE >/dev/null 2>&1 76 76 if [ $? -eq 0 ]; then 77 77 [ -z "$verbose" ] || egrep 'CRIT.*POLICY \[ServiceNew\]' $LOGFILE 78 78 [ -z "$verbose" ] || log_msg_fail "Open ports"; 79 79 return 1
Note:
See TracChangeset
for help on using the changeset viewer.