Index: /trunk/src/sh_portcheck.c =================================================================== --- /trunk/src/sh_portcheck.c (revision 467) +++ /trunk/src/sh_portcheck.c (revision 468) @@ -97,4 +97,14 @@ #define SH_PORT_IGN 3 #define SH_PORT_BLACKLIST 4 + +static char * sh_port_type2str (int type) +{ + if (type == 0) return _("not"); + if (type == 1) return _("req"); + if (type == 2) return _("opt"); + if (type == 3) return _("ign"); + if (type == 4) return _("blc"); + return _("???"); +} #define SH_PORT_MISS 0 @@ -755,4 +765,7 @@ char saddr[SH_IP_BUF]; + if (portchk_debug) + fprintf(stderr, _("call to sh_ipvx_ntoa (port %d)\n"), port); + sh_ipvx_ntoa(saddr, sizeof(saddr), paddr); @@ -991,5 +1004,5 @@ { sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr); - fprintf(stderr, _("check port_tcp: %5d on %15s established/time_wait\n"), + fprintf(stderr, _("check port_tcp: %5d on %15s closed\n"), port, ipbuf); } @@ -1114,5 +1127,5 @@ static int sh_portchk_init_internal (void) { - volatile int i; /* might be clobbered by ‘longjmp’ or ‘vfork’*/ + volatile int i, j; /* might be clobbered by ‘longjmp’ or ‘vfork’*/ char errbuf[256]; #if defined(USE_IPVX) @@ -1147,6 +1160,17 @@ { struct sockaddr_in sin; + struct sh_sockaddr iface_tmp; memcpy(&(sin.sin_addr.s_addr), hent->h_addr_list[i], sizeof(in_addr_t)); + sh_ipvx_save(&iface_tmp, AF_INET, (struct sockaddr *)&sin); + + for (j = 0; j < iface_list.used; ++j) + { + if (0 == sh_ipvx_cmp(&iface_tmp, &(iface_list.iface[j]))) + { + goto next_iface; + } + } + sh_ipvx_save(&(iface_list.iface[iface_list.used]), AF_INET, (struct sockaddr *)&sin); @@ -1156,7 +1180,9 @@ char buf[256]; sh_ipvx_ntoa(buf, sizeof(buf), &(iface_list.iface[iface_list.used])); - fprintf(stderr, _("interface[%d]: %s\n"), i, buf); + fprintf(stderr, _("added interface[%d]: %s\n"), i, buf); } ++iface_list.used; + + next_iface: ++i; } @@ -1170,10 +1196,39 @@ { struct addrinfo *p = res; + struct sh_sockaddr iface_tmp; while ((p != NULL) && (iface_list.used < SH_IFACE_MAX)) { + sh_ipvx_save(&iface_tmp, p->ai_family, p->ai_addr); + + for (j = 0; j < iface_list.used; ++j) + { + if (portchk_debug) + { + char buf1[256], buf2[256]; + sh_ipvx_ntoa(buf1, sizeof(buf1), &(iface_list.iface[j])); + sh_ipvx_ntoa(buf2, sizeof(buf2), &iface_tmp); + fprintf(stderr, _("check interface[%d]: %s vs %s\n"), j, buf1, buf2); + } + if (0 == sh_ipvx_cmp(&iface_tmp, &(iface_list.iface[j]))) + { + if (portchk_debug) + fprintf(stderr, _("skipping interface[%d]\n"), j); + goto next_iface; + } + } sh_ipvx_save(&(iface_list.iface[iface_list.used]), p->ai_family, p->ai_addr); + + if (portchk_debug) + { + char buf[256]; + sh_ipvx_ntoa(buf, sizeof(buf), &(iface_list.iface[iface_list.used])); + fprintf(stderr, _("added interface[%d]: %s\n"), iface_list.used, buf); + } + ++iface_list.used; + + next_iface: p = p->ai_next; } @@ -1185,5 +1240,5 @@ { sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), &(iface_list.iface[i])); - sl_snprintf(errbuf, sizeof(errbuf), _("interface: %s"), ipbuf); + sl_snprintf(errbuf, sizeof(errbuf), _("added interface: %s"), ipbuf); SH_MUTEX_LOCK(mutex_thread_nolog); @@ -1390,4 +1445,9 @@ max_port = 65535; + if (portchk_debug) + fprintf(stderr, _("scan_ports_generic %d-%d %s %s\n"), + min_port, max_port, (domain == AF_INET6) ? _("AF_INET6") : _("AF_INET"), + (protocol == IPPROTO_TCP) ? _("tcp") : _("udp")); + for (port = min_port; port <= max_port; ++port) { @@ -1612,4 +1672,11 @@ else blacklist_udp = black; + + if (portchk_debug) + { + int checkit = sh_portchk_is_blacklisted(port, saddr, proto); + fprintf(stderr, _("port blacklisted: %d %s\n"), port, + (checkit == 1) ? _("ok") : _("fail")); + } return 0; } @@ -1647,4 +1714,13 @@ port = strtoul(buf, &endptr, 0); + if (portchk_debug) + { + char buf[SH_IP_BUF]; + sh_ipvx_ntoa(buf, sizeof(buf), &saddr); + fprintf(stderr, _("add_port_generic: %s (%s) %d %s (%s)\n"), + interface, buf, (int) port, (proto == IPPROTO_TCP) ? _("tcp") : _("udp"), + sh_port_type2str(type)); + } + /* Blacklisted ports */ @@ -1707,5 +1783,4 @@ static int sh_portchk_add_required_generic (const char * str, int type) { - size_t len; size_t ll = 0; int status; @@ -1723,16 +1798,16 @@ if (strchr(str, ':')) { - len = strlen(str); - for (ll = 0; ll < len; ++ll) - { - if (str[ll] == ':' || str[ll] == ' ' || str[ll] == '\t') - { - interface = SH_ALLOC(ll+1); - sl_strlcpy(interface, str, ll+1); - interface[ll] = '\0'; - while (str[ll] == ':' || str[ll] == ' ' || str[ll] == '\t') - ++ll; - break; - } + char *last = strrchr(str, ':'); + if (last != NULL) + { + size_t tolast = (last - str); + interface = SH_ALLOC(tolast+1); + sl_strlcpy(interface, str, tolast+1); + interface[tolast] = '\0'; + + ll = tolast; + + while (str[ll] == ':' || str[ll] == ' ' || str[ll] == '\t') + ++ll; } } @@ -1756,5 +1831,5 @@ if (portchk_debug) - fprintf(stderr, "add ports for interface: %s\n", interface); + fprintf(stderr, "add ports for interface: %s (%s)\n", interface, sh_port_type2str(type)); list = sh_util_strdup(&str[ll]); Index: /trunk/test/testrun_1e.sh =================================================================== --- /trunk/test/testrun_1e.sh (revision 467) +++ /trunk/test/testrun_1e.sh (revision 468) @@ -75,5 +75,5 @@ egrep 'CRIT.*POLICY \[ServiceNew\]' $LOGFILE >/dev/null 2>&1 if [ $? -eq 0 ]; then - + [ -z "$verbose" ] || egrep 'CRIT.*POLICY \[ServiceNew\]' $LOGFILE [ -z "$verbose" ] || log_msg_fail "Open ports"; return 1