diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000000..e2dcd2b8a4 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,12 @@ +[submodule "aux/bro-aux"] + path = aux/bro-aux + url = git://git.icir.org/bro-aux +[submodule "aux/binpac"] + path = aux/binpac + url = git://git.icir.org/binpac +[submodule "aux/broccoli"] + path = aux/broccoli + url = git://git.icir.org/broccoli +[submodule "aux/broctl"] + path = aux/broctl + url = git://git.icir.org/broctl diff --git a/CMakeLists.txt b/CMakeLists.txt new file mode 100644 index 0000000000..7dd0f4d457 --- /dev/null +++ b/CMakeLists.txt @@ -0,0 +1,276 @@ +project(Bro) + +######################################################################## +## CMake Configuration +cmake_minimum_required(VERSION 2.8 FATAL_ERROR) + +# Prohibit in-source builds. +if ("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}") + message(FATAL_ERROR "In-source builds are not allowed. Please use " + "./configure to choose a build directory and " + "initialize the build configuration.") +endif () + +set(CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/cmake) + +if ("${PROJECT_SOURCE_DIR}" STREQUAL "${CMAKE_SOURCE_DIR}") + # uninstall target + configure_file("${CMAKE_CURRENT_SOURCE_DIR}/cmake/cmake_uninstall.cmake.in" + "${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake" + @ONLY) + + add_custom_target(uninstall COMMAND + ${CMAKE_COMMAND} -P ${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake) +endif () + +######################################################################## +## Project/Build Configuration + +set(BRO_ROOT_DIR ${CMAKE_INSTALL_PREFIX}) +if (NOT POLICYDIR) + # set the default policy installation path (user did not specify one) + set(POLICYDIR ${BRO_ROOT_DIR}/share/bro) +endif () + +# sanitize the policy install directory into an absolute path +# (CMake is confused by ~ as a representation of home directory) +get_filename_component(POLICYDIR ${POLICYDIR} ABSOLUTE) + +file(STRINGS "${CMAKE_CURRENT_SOURCE_DIR}/VERSION" VERSION LIMIT_COUNT 1) + +set(EXTRA_COMPILE_FLAGS "-Wall -Wno-unused") + +if (ENABLE_DEBUG) + set(CMAKE_BUILD_TYPE Debug) + set(EXTRA_COMPILE_FLAGS "${EXTRA_COMPILE_FLAGS} -DDEBUG") +else () + set(CMAKE_BUILD_TYPE RelWithDebInfo) +endif () + +# Compiler flags may already exist in CMake cache (e.g. when specifying +# CFLAGS environment variable before running cmake for the the first time) +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_COMPILE_FLAGS}") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${EXTRA_COMPILE_FLAGS}") + +######################################################################## +## Dependency Configuration + +include(FindRequiredPackage) + +# Check cache value first to avoid displaying "Found sed" messages everytime +if (NOT SED_EXE) + find_program(SED_EXE sed) + if (NOT SED_EXE) + message(FATAL_ERROR "Could not find required dependency: sed") + else () + message(STATUS "Found sed: ${SED_EXE}") + endif () +endif () + +FindRequiredPackage(Perl) +FindRequiredPackage(FLEX) +FindRequiredPackage(BISON) +FindRequiredPackage(PCAP) +FindRequiredPackage(OpenSSL) +FindRequiredPackage(BIND) + +if (EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/aux/binpac/CMakeLists.txt) + add_subdirectory(aux/binpac) +endif () +FindRequiredPackage(BinPAC) + +if (MISSING_PREREQS) + foreach (prereq ${MISSING_PREREQ_DESCS}) + message(SEND_ERROR ${prereq}) + endforeach () + message(FATAL_ERROR "Configuration aborted due to missing prerequisites") +endif () + +include_directories(BEFORE + ${PCAP_INCLUDE_DIR} + ${OpenSSL_INCLUDE_DIR} + ${BIND_INCLUDE_DIR} + ${BinPAC_INCLUDE_DIR} +) + +# Optional Dependencies + +set(HAVE_LIBMAGIC false) +find_package(LibMagic) +if (LIBMAGIC_FOUND) + set(HAVE_LIBMAGIC true) + include_directories(BEFORE ${LibMagic_INCLUDE_DIR}) + list(APPEND OPTLIBS ${LibMagic_LIBRARY}) +endif () + +set(HAVE_LIBZ false) +find_package(ZLIB) +if (ZLIB_FOUND) + set(HAVE_LIBZ true) + include_directories(BEFORE ${ZLIB_INCLUDE_DIR}) + list(APPEND OPTLIBS ${ZLIB_LIBRARY}) +endif () + +set(USE_GEOIP false) +find_package(LibGeoIP) +if (LIBGEOIP_FOUND) + set(USE_GEOIP true) + include_directories(BEFORE ${LibGeoIP_INCLUDE_DIR}) + list(APPEND OPTLIBS ${LibGeoIP_LIBRARY}) +endif () + +set(USE_PERFTOOLS false) +if (ENABLE_PERFTOOLS) + find_package(GooglePerftools) + if (GOOGLEPERFTOOLS_FOUND) + set(USE_PERFTOOLS true) + include_directories(BEFORE ${GooglePerftools_INCLUDE_DIR}) + list(APPEND OPTLIBS ${GooglePerftools_LIBRARIES}) + endif () +endif () + +######################################################################## +## System Introspection + +include(TestBigEndian) +test_big_endian(WORDS_BIGENDIAN) + +include(OSSpecific) +include(CheckTypes) +include(CheckHeaders) +include(CheckFunctions) +include(MiscTests) +include(PCAPTests) +include(OpenSSLTests) +include(CheckNameserCompat) + +configure_file(${CMAKE_CURRENT_SOURCE_DIR}/config.h.in + ${CMAKE_CURRENT_BINARY_DIR}/config.h) + +include_directories(${CMAKE_CURRENT_BINARY_DIR}) + +######################################################################## +## Recurse on sub-directories + +add_subdirectory(src) +add_subdirectory(policy) +#add_subdirectory(scripts) +#add_subdirectory(doc) + +if (INSTALL_BROCCOLI) + if (EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/aux/broccoli/CMakeLists.txt) + add_subdirectory(aux/broccoli) + else () + message(FATAL_ERROR "Broccoli selected for installation, " + "but the source code does not exist in " + "${CMAKE_CURRENT_SOURCE_DIR}/aux/broccoli") + endif () +endif () + +if (INSTALL_BROCTL) + if (EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/aux/broctl/CMakeLists.txt) + add_subdirectory(aux/broctl) + else () + message(FATAL_ERROR "Broctl selected for installation, " + "but the source code does not exist in " + "${CMAKE_CURRENT_SOURCE_DIR}/aux/broctl") + endif () +endif () + +if (INSTALL_AUX_TOOLS) + if (EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/aux/bro-aux/CMakeLists.txt) + add_subdirectory(aux/bro-aux) + else () + message(FATAL_ERROR "Bro auxilliary tools selected for installation, " + "but the source code does not exist in " + "${CMAKE_CURRENT_SOURCE_DIR}/aux/bro-aux") + endif () +endif () + +######################################################################## +## Packaging Setup + +include(SetPackageVersion) +SetPackageVersion(${VERSION}) +include(SetPackageGenerators) +include(SetPackageFileName) + +set(CPACK_PACKAGE_VENDOR "Lawrence Berkeley National Laboratory") +set(CPACK_PACKAGE_CONTACT "info@bro-ids.org") +set(CPACK_PACKAGE_DESCRIPTION_SUMMARY + "The Bro Network Intrusion Detection System") + +# CPack may enforce file name extensions for certain package generators +configure_file(${CMAKE_CURRENT_SOURCE_DIR}/README + ${CMAKE_CURRENT_BINARY_DIR}/README.txt + COPYONLY) +configure_file(${CMAKE_CURRENT_SOURCE_DIR}/COPYING + ${CMAKE_CURRENT_BINARY_DIR}/COPYING.txt + COPYONLY) + +set(CPACK_PACKAGE_DESCRIPTION_FILE ${CMAKE_CURRENT_BINARY_DIR}/README.txt) +set(CPACK_RESOURCE_FILE_LICENSE ${CMAKE_CURRENT_BINARY_DIR}/COPYING.txt) +set(CPACK_RESOURCE_FILE_README ${CMAKE_CURRENT_BINARY_DIR}/README.txt) +set(CPACK_RESOURCE_FILE_WELCOME ${CMAKE_CURRENT_BINARY_DIR}/README.txt) + +if (APPLE) + # /usr prefix is hardcoded for PackageMaker generator, but that + # directory may not be ideal for OS X (it's tricky to remove + # packages installed there). So instead we rely on CMAKE_INSTALL_PREFIX + # and set the following variable to workaround the hardcoded /usr prefix + set(CPACK_PACKAGING_INSTALL_PREFIX "/") + set(CPACK_PACKAGE_DEFAULT_LOCATION ${CMAKE_INSTALL_PREFIX}) +elseif (${CMAKE_SYSTEM_NAME} MATCHES "Linux") + # A prefix of /usr would follow Filesystem Hierarchy Standard. + # For RPM packaging by CPack, /usr should be a default, but + # CMAKE_INSTALL_PREFIX also needs to be set to /usr so that + # the default BROPATH is set right at build time + set(CPACK_RPM_PACKAGE_LICENSE "BSD") +endif () + +# Ignore the build directory +set(CPACK_SOURCE_IGNORE_FILES ${CMAKE_BINARY_DIR} ".git") + +include(CPack) + +######################################################################## +## Build Summary + +if (CMAKE_BUILD_TYPE) + string(TOUPPER ${CMAKE_BUILD_TYPE} BuildType) +endif () + +if (INSTALL_BROCTL) + if (STANDALONE) + set(BROCTL_INSTALL_MODE "standalone") + else () + set(BROCTL_INSTALL_MODE "cluster") + endif () +else () + set(BROCTL_INSTALL_MODE "false") +endif () + +message( + "\n====================| Bro Build Summary |=====================" + "\n" + "\nInstall prefix: ${CMAKE_INSTALL_PREFIX}" + "\nPolicy dir: ${POLICYDIR}" + "\nDebug mode: ${ENABLE_DEBUG}" + "\n" + "\nCC: ${CMAKE_C_COMPILER}" + "\nCFLAGS: ${CMAKE_C_FLAGS} ${CMAKE_C_FLAGS_${BuildType}}" + "\nCXX: ${CMAKE_CXX_COMPILER}" + "\nCXXFLAGS: ${CMAKE_CXX_FLAGS} ${CMAKE_CXX_FLAGS_${BuildType}}" + "\nCPP: ${CMAKE_CXX_COMPILER}" + "\n" + "\nBroccoli: ${INSTALL_BROCCOLI}" + "\nBroctl: ${BROCTL_INSTALL_MODE}" + "\nAux. Tools: ${INSTALL_AUX_TOOLS}" + "\n" + "\nGeoIP: ${USE_GEOIP}" + "\nlibz: ${HAVE_LIBZ}" + "\nlibmagic: ${HAVE_LIBMAGIC}" + "\nGoogle perftools: ${USE_PERFTOOLS}" + "\n" + "\n================================================================\n" +) diff --git a/INSTALL b/INSTALL index 0e71d2bfe3..9fd880c242 100644 --- a/INSTALL +++ b/INSTALL @@ -2,71 +2,73 @@ Prerequisites ============= Bro relies on the following libraries and tools, which need to be installed -before you begin with the installation: +before you begin: - * Libpcap - If libpcap is already installed on the system, by default Bro - will use that one. Otherwise, it falls back to a version shipped - with the Bro distribution. + * Libpcap headers and libraries + Network traffic capture library - * Flex - Flex is already installed on most systems, so with luck you can - skip having to install it yourself. + * Flex (Fast Lexical Analyzer) + Flex is already installed on most systems, so with luck you can + skip having to install it yourself. - * Bison or byacc - These come with many systems, but if you get errors compiling - parse.y, you will need to install them. bison is available - from GNU sites such as ftp.gnu.org. + * Bison (GNU Parser Generator) + This comes with many systems, but if you get errors compiling + parse.y, you will need to install it. + + * Perl + Used only during the Bro build process + + * sed + Used only during the Bro build process * BIND8 headers and libraries - These are usually already installed as well. + These are usually already installed as well. - * Autotools - If you have checked the source out from Bro's Subversion - repository, you need the autotools suite installed. In this - case, run "./autogen.sh" first right after the check out. - Otherwise the installation steps below will fail. + * OpenSSL headers and libraries + For analysis of SSL certificates by the HTTP analyzer, and + for encrypted Bro-to-Bro communication. These are likely installed, + though some platforms may require installation of a 'devel' package + for the headers. + + * CMake 2.8 or greater + CMake is a cross-platform, open-source build system, typically + not installed by default. See http://www.cmake.org for more + information regarding CMake and the installation steps below for + how to use it to build this distribution. CMake generates native + Makefiles that depend on GNU Make by default. Bro can also make uses of some optional libraries if they are found at installation time: - * OpenSSL - For analysis of SSL certificates by the HTTP analyzer, and - for encrypted Bro-to-Bro communication. - * Libmagic - For identifying file types (e.g., in FTP transfers). + For identifying file types (e.g., in FTP transfers). * LibGeoIP - For geo-locating IP addresses. + For geo-locating IP addresses. * Libz - For decompressing HTTP bodies by the HTTP analyzer, and for - compressed Bro-to-Bro communication. - - * Endace's DAG tools: - For native support of Endace DAG cards. - + For decompressing HTTP bodies by the HTTP analyzer, and for + compressed Bro-to-Bro communication. Installation ============ -To build and install into /usr/local: +To build and install into /usr/local/bro: - > ./configure - > make - > make install + > ./configure + > cd build + > make + > make install -This will install the Bro binary into /usr/local/bin/bro and the policy -files into /usr/local/share/bro. +This will perform an out-of-source build into the build directory using the +default build options and then install binaries into /usr/local/bro/bin. -As usual you can specify a different installation directory with +You can specify a different installation directory with - > ./configure --prefix=". + > ./configure --prefix= Run "./configure --help" for more options. - Running Bro =========== @@ -77,17 +79,17 @@ http://www.bro-ids.org/wiki for more information. To run a policy file from /usr/local/share/bro, such as mt.bro, on a previously captured tcpdump save file named foo: - bro -r foo mt.bro + bro -r foo mt.bro To run from interface le0: - bro -i le0 mt + bro -i le0 mt You can alternatively specify interface and scripts to load in your own policy file: - @load mt - redef interfaces = "le0"; + @load mt + redef interfaces = "le0"; and then run @@ -95,10 +97,10 @@ and then run You can see the BPF filter Bro will use (if not overridden) by executing - bro mt print-filter + bro mt print-filter To run interactively (e.g., for playing with expression evaluation): - bro + bro "bro -h" lists the various options. diff --git a/aux/Makefile.am b/aux/Makefile.am deleted file mode 100644 index d109d7ce05..0000000000 --- a/aux/Makefile.am +++ /dev/null @@ -1,77 +0,0 @@ -## Process this file with automake to produce Makefile.in - -LIBPCAP_VER = libpcap-0.9.8 -LIBPCAP_LIB = $(LIBPCAP_VER)/libpcap.a - -EXTRA_DIST = README $(LIBPCAP_VER).tar.gz - -# if we don't have ssl, can't build bdcat -if USE_SSL -bdcat_dir = bdcat -else -bdcat_dir = -endif - -# don't compile libpcap if they did a '--disable-localpcap' to configure -if USE_LOCALPCAP -built_srcs = $(LIBPCAP_LIB) -LARGE_FILE = "-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE" -else -built_srcs = -endif - -if USEV6 -PCAPARGS = --enable-ipv6 -else -PCAPARGS = -endif - -if USE_BROCCOLI -broccoli = broccoli -else -broccoli = -endif - -if USE_BROCTL -broctl = broctl -else -broctl = -endif - -BUILT_SOURCES = $(built_srcs) - -SUBDIRS = adtrace binpac cf hf nftools rst scripts \ - $(bdcat_dir) $(broccoli) $(broctl) - -DIST_SUBDIRS = adtrace binpac cf hf nftools rst scripts \ - $(bdcat_dir) $(broccoli) $(broctl) - -clean-local: - rm -rf $(LIBPCAP_VER) - - -$(LIBPCAP_LIB): $(top_srcdir)/aux/$(LIBPCAP_VER).tar.gz - @echo "Unpacking libpcap sources" - @gzip -d < $(top_srcdir)/aux/$(LIBPCAP_VER).tar.gz | tar xf - - @echo "Building libpcap" - ( cd $(LIBPCAP_VER) && ./configure --prefix=$(prefix) $(PCAPARGS) CFLAGS=$(LARGE_FILE) && $(MAKE) ) - @chmod -R 755 $(LIBPCAP_VER) - - -# This is a hack. These are hardcoded here to mimic the previous -# brolite installation. While these should better go into the -# subdirs' Makefile.am, it's not really worth the effort as -# we will get rid of all this at some point anyway. -install-brolite: - $(INSTALL) ./hf/hf ${bindir} - $(INSTALL) ./hf/nf ${bindir} - $(INSTALL) ./hf/pf ${bindir} - $(INSTALL) ./cf/cf ${bindir} - $(INSTALL) ./rst/rst ${bindir} - - install -d $(prefix)/scripts/ - $(INSTALL) ./scripts/host-to-addrs $(prefix)/scripts - $(INSTALL) ./scripts/bro-logchk.pl $(prefix)/scripts - $(INSTALL) ./scripts/host-grep $(prefix)/scripts - $(INSTALL) ./scripts/mvlog $(prefix)/scripts - - diff --git a/aux/README b/aux/README deleted file mode 100644 index ace78cb3a0..0000000000 --- a/aux/README +++ /dev/null @@ -1,61 +0,0 @@ -This directory contains handy auxiliary programs: - -adtrace/ - Makefile and source for the adtrace utility. This program is used - in conjunction with the localnetMAC.pl perl script to compute the - network address that compose the internal and extern nets that bro - is monitoring. This program when run by itself just reads a pcap - (tcpcump) file and writes out the src MAC, dst MAC, src IP, dst - IP for each packet seen in the file. This output is processed by - the localnetMAC.pl script during 'make install'. - -bdcat/ - A utility for decrypting encrypted Bro log files. - -binpac/ - A compiler for generating protocol analyzers from high-level, - declarative specifications. Used extensively for constructing - Bro's protocol analyzers, but capable of stand-alone use for - building analyzers outside of the Bro system. - -broccoli/ - A C client library for interfacing programs with the Bro system. - Enables sending and receiving of Bro values and events. - -cf/ - Makefile and source for the "cf" utility. cf reads lines from - stdin and if the line begins with a number, then it assumes that - the number corresponds to a Unix timestamp and replaces it with - the corresponding local time in a readable format. Useful for - running on log files. See cf/cf.man.txt for documentation. - -contrib/ - Unsupported contributions to Bro. - -hf/ - The main utility in this subdirectory is hf, which translates - any dotted-quad (in text) appearing on stdin to the corresponding - DNS hostname (via a PTR lookup) on stdout. - -nftools/ - Utilities for dealing with Bro's custom file format for storing - NetFlow records. nfcollector reads NetFlow data from a socket - and writes it in Bro's format. ftwire2bro reads NetFlow "wire" - format (e.g., as generated by a 'flow-export' directive) and writes - it in Bro's format. - -rst/ - Makefile and source for the rst utility. "rst" can be invoked by - a Bro script to terminate an established TCP connection by forging - RST tear-down packets. See terminate_connection() in conn.bro. - -scripts/ - A set of utility scripts for munching on Bro connection summaries. - - bro_logchk: orders and scans through FTP and HTTP logs - host-grep: greps a summary file for a particular host's activities - host-to-addrs: converts a hostname to a list of IP addresses - hot-report: formats a summary file in a readable fashion - ip-grep: returns a grep pattern for a given IP address - mon-report: summarizes a particular host's activity - mvlog: compresses and archives log files diff --git a/aux/adtrace/Makefile.am b/aux/adtrace/Makefile.am deleted file mode 100644 index 858a6fb362..0000000000 --- a/aux/adtrace/Makefile.am +++ /dev/null @@ -1,10 +0,0 @@ -## Process this file with automake to produce Makefile.in - -AM_CFLAGS=@V_INCLS@ - -# Should use AM_ vars, but automake 1.5 errors out. -#AM_LDFLAGS = @LDFLAGS@ -LDFLAGS = @LDFLAGS@ - -noinst_PROGRAMS = adtrace -adtrace_SOURCES = adtrace.c ether.h ethertype.h ip.h diff --git a/aux/adtrace/adtrace.c b/aux/adtrace/adtrace.c deleted file mode 100644 index 4c2c9e1136..0000000000 --- a/aux/adtrace/adtrace.c +++ /dev/null @@ -1,92 +0,0 @@ -#include -#include -#include -#include -#include - -#include -#include -#include - -#include "../../config.h" -#include "ip.h" -#include "ether.h" -#include "ethertype.h" - -pcap_t *p; - -const u_char* printEAddr(const u_char* pkt, u_char* endp){ - const struct ether_header *ep; - int i=0; - ep = (const struct ether_header*) pkt; - - if (pkt+ETHER_HDRLEN > endp || - ntohs(ep->ether_type) != ETHERTYPE_IP){ - return 0; - } - - for (i = 0; i0) putchar(':'); - printf("%02x", ep->ether_shost[i]); - } - putchar (' '); - for (i = 0; i0) putchar(':'); - printf("%02x", ep->ether_dhost[i]); - } - putchar(' '); - return (pkt+ETHER_HDRLEN); -} - -void printIPAddr(const u_char* pkt, u_char* endp){ - const struct ip* iph; - if (pkt+sizeof(struct ip) > endp) return; - iph = (const struct ip*) pkt; - fputs ((char*) inet_ntoa(iph->ip_src), stdout); - putchar(' '); - puts ((char*) inet_ntoa(iph->ip_dst)); -} - -void handler(u_char *user, const struct pcap_pkthdr *head, const u_char *packet){ - u_char* endp; - - endp =(u_char*) packet + head->caplen; - packet = printEAddr(packet, endp); - if (packet) - printIPAddr(packet, endp); -} - -void usage(char *av[]) -{ - fprintf(stderr,"usage: %s filename \n", av[0]); - exit(1); -} - -int main (int argc, char *argv[]) -{ - char *file; - char errbuf[PCAP_ERRBUF_SIZE]; - u_char* pkt, endp; - struct pcap_pkthdr *head; - - if ( argc != 2 ) - usage(argv); - - file = argv[1]; - - p = pcap_open_offline(file, errbuf); - if(p==NULL){ - fprintf (stderr, "cannot open %s: %s\n", file, errbuf); - exit(2); - } - - if (pcap_datalink(p) != DLT_EN10MB){ - fputs ("sorry, currently only ethernet links supported\n", stderr); - exit(1); //if it is not ethernet we are watching we won't have MACs - } - - pcap_loop(p, -1, handler, NULL); - pcap_close(p); - return(0); -} - diff --git a/aux/adtrace/ether.h b/aux/adtrace/ether.h deleted file mode 100644 index 77d0377945..0000000000 --- a/aux/adtrace/ether.h +++ /dev/null @@ -1,59 +0,0 @@ -/* @(#) $Header$ (LBL) */ -/* - * Copyright (c) 1982, 1986, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)if_ether.h 8.3 (Berkeley) 5/2/95 - */ - -#define ETHERMTU 1500 - -/* - * The number of bytes in an ethernet (MAC) address. - */ -#define ETHER_ADDR_LEN 6 - -/* - * Structure of a DEC/Intel/Xerox or 802.3 Ethernet header. - */ -struct ether_header { - u_int8_t ether_dhost[ETHER_ADDR_LEN]; - u_int8_t ether_shost[ETHER_ADDR_LEN]; - u_int16_t ether_type; -}; - -/* - * Length of a DEC/Intel/Xerox or 802.3 Ethernet header; note that some - * compilers may pad "struct ether_header" to a multiple of 4 bytes, - * for example, so "sizeof (struct ether_header)" may not give the right - * answer. - */ -#define ETHER_HDRLEN 14 diff --git a/aux/adtrace/ethertype.h b/aux/adtrace/ethertype.h deleted file mode 100644 index 1f6aab6776..0000000000 --- a/aux/adtrace/ethertype.h +++ /dev/null @@ -1,122 +0,0 @@ -/* - * Copyright (c) 1993, 1994, 1996 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that: (1) source code distributions - * retain the above copyright notice and this paragraph in its entirety, (2) - * distributions including binary code include the above copyright notice and - * this paragraph in its entirety in the documentation or other materials - * provided with the distribution, and (3) all advertising materials mentioning - * features or use of this software display the following acknowledgement: - * ``This product includes software developed by the University of California, - * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of - * the University nor the names of its contributors may be used to endorse - * or promote products derived from this software without specific prior - * written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - * - * @(#) $Header$ (LBL) - */ - -/* - * Ethernet types. - * - * We wrap the declarations with #ifdef, so that if a file includes - * , which may declare some of these, we don't - * get a bunch of complaints from the C compiler about redefinitions - * of these values. - * - * We declare all of them here so that no file has to include - * if all it needs are ETHERTYPE_ values. - */ - -#ifndef ETHERTYPE_PUP -#define ETHERTYPE_PUP 0x0200 /* PUP protocol */ -#endif -#ifndef ETHERTYPE_IP -#define ETHERTYPE_IP 0x0800 /* IP protocol */ -#endif -#ifndef ETHERTYPE_ARP -#define ETHERTYPE_ARP 0x0806 /* Addr. resolution protocol */ -#endif -#ifndef ETHERTYPE_REVARP -#define ETHERTYPE_REVARP 0x8035 /* reverse Addr. resolution protocol */ -#endif -#ifndef ETHERTYPE_NS -#define ETHERTYPE_NS 0x0600 -#endif -#ifndef ETHERTYPE_SPRITE -#define ETHERTYPE_SPRITE 0x0500 -#endif -#ifndef ETHERTYPE_TRAIL -#define ETHERTYPE_TRAIL 0x1000 -#endif -#ifndef ETHERTYPE_MOPDL -#define ETHERTYPE_MOPDL 0x6001 -#endif -#ifndef ETHERTYPE_MOPRC -#define ETHERTYPE_MOPRC 0x6002 -#endif -#ifndef ETHERTYPE_DN -#define ETHERTYPE_DN 0x6003 -#endif -#ifndef ETHERTYPE_LAT -#define ETHERTYPE_LAT 0x6004 -#endif -#ifndef ETHERTYPE_SCA -#define ETHERTYPE_SCA 0x6007 -#endif -#ifndef ETHERTYPE_REVARP -#define ETHERTYPE_REVARP 0x8035 -#endif -#ifndef ETHERTYPE_LANBRIDGE -#define ETHERTYPE_LANBRIDGE 0x8038 -#endif -#ifndef ETHERTYPE_DECDNS -#define ETHERTYPE_DECDNS 0x803c -#endif -#ifndef ETHERTYPE_DECDTS -#define ETHERTYPE_DECDTS 0x803e -#endif -#ifndef ETHERTYPE_VEXP -#define ETHERTYPE_VEXP 0x805b -#endif -#ifndef ETHERTYPE_VPROD -#define ETHERTYPE_VPROD 0x805c -#endif -#ifndef ETHERTYPE_ATALK -#define ETHERTYPE_ATALK 0x809b -#endif -#ifndef ETHERTYPE_AARP -#define ETHERTYPE_AARP 0x80f3 -#endif -#ifndef ETHERTYPE_8021Q -#define ETHERTYPE_8021Q 0x8100 -#endif -#ifndef ETHERTYPE_IPX -#define ETHERTYPE_IPX 0x8137 -#endif -#ifndef ETHERTYPE_IPV6 -#define ETHERTYPE_IPV6 0x86dd -#endif -#ifndef ETHERTYPE_PPP -#define ETHERTYPE_PPP 0x880b -#endif -#ifndef ETHERTYPE_MPLS -#define ETHERTYPE_MPLS 0x8847 -#endif -#ifndef ETHERTYPE_MPLS_MULTI -#define ETHERTYPE_MPLS_MULTI 0x8848 -#endif -#ifndef ETHERTYPE_PPPOED -#define ETHERTYPE_PPPOED 0x8863 -#endif -#ifndef ETHERTYPE_PPPOES -#define ETHERTYPE_PPPOES 0x8864 -#endif -#ifndef ETHERTYPE_LOOPBACK -#define ETHERTYPE_LOOPBACK 0x9000 -#endif diff --git a/aux/adtrace/ip.h b/aux/adtrace/ip.h deleted file mode 100644 index 3d930537c9..0000000000 --- a/aux/adtrace/ip.h +++ /dev/null @@ -1,159 +0,0 @@ -/* @(#) $Header$ (LBL) */ -/* - * Copyright (c) 1982, 1986, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)ip.h 8.2 (Berkeley) 6/1/94 - */ - -/* - * Definitions for internet protocol version 4. - * Per RFC 791, September 1981. - */ -#define IPVERSION 4 - -/* - * Structure of an internet header, naked of options. - * - * We declare ip_len and ip_off to be short, rather than u_short - * pragmatically since otherwise unsigned comparisons can result - * against negative integers quite easily, and fail in subtle ways. - */ -struct ip { - u_int8_t ip_vhl; /* header length, version */ -#define IP_V(ip) (((ip)->ip_vhl & 0xf0) >> 4) -#define IP_HL(ip) ((ip)->ip_vhl & 0x0f) - u_int8_t ip_tos; /* type of service */ - u_int16_t ip_len; /* total length */ - u_int16_t ip_id; /* identification */ - u_int16_t ip_off; /* fragment offset field */ -#define IP_DF 0x4000 /* dont fragment flag */ -#define IP_MF 0x2000 /* more fragments flag */ -#define IP_OFFMASK 0x1fff /* mask for fragmenting bits */ - u_int8_t ip_ttl; /* time to live */ - u_int8_t ip_p; /* protocol */ - u_int16_t ip_sum; /* checksum */ - struct in_addr ip_src,ip_dst; /* source and dest address */ -}; - -#define IP_MAXPACKET 65535 /* maximum packet size */ - -/* - * Definitions for IP type of service (ip_tos) - */ -#define IPTOS_LOWDELAY 0x10 -#define IPTOS_THROUGHPUT 0x08 -#define IPTOS_RELIABILITY 0x04 - -/* - * Definitions for IP precedence (also in ip_tos) (hopefully unused) - */ -#define IPTOS_PREC_NETCONTROL 0xe0 -#define IPTOS_PREC_INTERNETCONTROL 0xc0 -#define IPTOS_PREC_CRITIC_ECP 0xa0 -#define IPTOS_PREC_FLASHOVERRIDE 0x80 -#define IPTOS_PREC_FLASH 0x60 -#define IPTOS_PREC_IMMEDIATE 0x40 -#define IPTOS_PREC_PRIORITY 0x20 -#define IPTOS_PREC_ROUTINE 0x00 - -/* - * Definitions for options. - */ -#define IPOPT_COPIED(o) ((o)&0x80) -#define IPOPT_CLASS(o) ((o)&0x60) -#define IPOPT_NUMBER(o) ((o)&0x1f) - -#define IPOPT_CONTROL 0x00 -#define IPOPT_RESERVED1 0x20 -#define IPOPT_DEBMEAS 0x40 -#define IPOPT_RESERVED2 0x60 - -#define IPOPT_EOL 0 /* end of option list */ -#define IPOPT_NOP 1 /* no operation */ - -#define IPOPT_RR 7 /* record packet route */ -#define IPOPT_TS 68 /* timestamp */ -#define IPOPT_SECURITY 130 /* provide s,c,h,tcc */ -#define IPOPT_LSRR 131 /* loose source route */ -#define IPOPT_SATID 136 /* satnet id */ -#define IPOPT_SSRR 137 /* strict source route */ - -/* - * Offsets to fields in options other than EOL and NOP. - */ -#define IPOPT_OPTVAL 0 /* option ID */ -#define IPOPT_OLEN 1 /* option length */ -#define IPOPT_OFFSET 2 /* offset within option */ -#define IPOPT_MINOFF 4 /* min value of above */ - -/* - * Time stamp option structure. - */ -struct ip_timestamp { - u_int8_t ipt_code; /* IPOPT_TS */ - u_int8_t ipt_len; /* size of structure (variable) */ - u_int8_t ipt_ptr; /* index of current entry */ - u_int8_t ipt_oflwflg; /* flags, overflow counter */ -#define IPTS_OFLW(ip) (((ipt)->ipt_oflwflg & 0xf0) >> 4) -#define IPTS_FLG(ip) ((ipt)->ipt_oflwflg & 0x0f) - union ipt_timestamp { - u_int32_t ipt_time[1]; - struct ipt_ta { - struct in_addr ipt_addr; - u_int32_t ipt_time; - } ipt_ta[1]; - } ipt_timestamp; -}; - -/* flag bits for ipt_flg */ -#define IPOPT_TS_TSONLY 0 /* timestamps only */ -#define IPOPT_TS_TSANDADDR 1 /* timestamps and addresses */ -#define IPOPT_TS_PRESPEC 3 /* specified modules only */ - -/* bits for security (not byte swapped) */ -#define IPOPT_SECUR_UNCLASS 0x0000 -#define IPOPT_SECUR_CONFID 0xf135 -#define IPOPT_SECUR_EFTO 0x789a -#define IPOPT_SECUR_MMMM 0xbc4d -#define IPOPT_SECUR_RESTR 0xaf13 -#define IPOPT_SECUR_SECRET 0xd788 -#define IPOPT_SECUR_TOPSECRET 0x6bc5 - -/* - * Internet implementation parameters. - */ -#define MAXTTL 255 /* maximum time to live (seconds) */ -#define IPDEFTTL 64 /* default ttl, from RFC 1340 */ -#define IPFRAGTTL 60 /* time to live for frags, slowhz */ -#define IPTTLDEC 1 /* subtracted when forwarding */ - -#define IP_MSS 576 /* default maximum segment size */ diff --git a/aux/bdcat/Makefile.am b/aux/bdcat/Makefile.am deleted file mode 100644 index 8a4427d3d1..0000000000 --- a/aux/bdcat/Makefile.am +++ /dev/null @@ -1,4 +0,0 @@ -## Process this file with automake to produce Makefile.in - -noinst_PROGRAMS = bdcat -bdcat_SOURCES = bdcat.cc diff --git a/aux/bdcat/bdcat.cc b/aux/bdcat/bdcat.cc deleted file mode 100644 index 631f1b3801..0000000000 --- a/aux/bdcat/bdcat.cc +++ /dev/null @@ -1,175 +0,0 @@ -// $Id: bdcat.cc 6 2004-04-30 00:31:26Z jason $ -// -// Decrypts Bro's log files. -// -// Usage: bdcat [-k file-with-secret-rsa-key] [files...] -// -// The key file may be alternatively set via the env variable BDCAT_KEY. - -#include -#include -#include -#include -#include - -#include "openssl/evp.h" -#include "openssl/pem.h" -#include "openssl/err.h" - -EVP_PKEY* SecKey = 0; -EVP_CIPHER* CipherType = 0; - -void cryptcat(FILE* f) - { - unsigned char magic[7]; - unsigned long secret_len; - - // Read file header. - if ( ! (fread(&magic, 7, 1, f) && - fread(&secret_len, sizeof(secret_len), 1, f)) ) - { - fprintf(stderr, "can't read file header: %s\n", strerror(errno)); - exit(1); - } - - if ( memcmp("BROENC1", (const char*) magic, 7) != 0 ) - { - fputs("not a Bro encrypted file\n", stderr); - exit(1); - } - - secret_len = ntohl(secret_len); - int iv_len = EVP_CIPHER_iv_length(CipherType); - unsigned char secret[secret_len]; - unsigned char iv[iv_len]; - - if ( ! (fread(&secret, secret_len, 1, f) && - fread(&iv, iv_len, 1, f)) ) - { - fprintf(stderr, "can't read file header: %s\n", strerror(errno)); - exit(1); - } - - // Decrypt data. - EVP_CIPHER_CTX cipher_ctx; - if ( ! EVP_OpenInit(&cipher_ctx, CipherType, - secret, secret_len, iv, SecKey) ) - { - fprintf( stderr, "can't init decryption: %s\n", - ERR_error_string(ERR_get_error(), 0)); - exit(1); - return; - } - - int block_size = EVP_CIPHER_block_size(CipherType); - unsigned char buffer_in[block_size]; - unsigned char buffer_out[block_size]; - - int inl, outl; - while ( (inl = fread(buffer_in, 1, block_size, f)) ) - { - if ( ! EVP_OpenUpdate(&cipher_ctx, buffer_out, - &outl, buffer_in, inl) ) - { - fprintf( stderr, "can't decrypt: %s\n", - ERR_error_string(ERR_get_error(), 0)); - exit(1); - } - - if ( outl && ! fwrite(buffer_out, outl, 1, stdout) ) - { - fprintf(stderr, "can't write to stdout: %s\n", - strerror(errno)); - exit(1); - } - } - - if ( ! EVP_OpenFinal(&cipher_ctx, buffer_out, &outl) ) - { - fprintf( stderr, "can't decrypt: %s\n", - ERR_error_string(ERR_get_error(), 0)); - exit(1); - } - - if ( outl && ! fwrite(buffer_out, outl, 1, stdout) ) - { - fprintf(stderr, "can't write to stdout: %s\n", strerror(errno)); - exit(1); - } - - fclose(f); - } - -void Usage() - { - fprintf(stderr, "bdcat [-k ] [files]\n"); - exit(1); - } - -int main(int argc, char** argv) - { - char* keyfile = getenv("BDCAT_KEY"); - - // Read options. - char op; - while ( (op = getopt(argc, argv, "k:")) >= 0 ) - { - if ( op == 'k' ) - keyfile = optarg; - else - Usage(); - } - - if ( ! keyfile ) - { - fputs("no keyfile given\n", stderr); - exit(1); - } - - // Init crypto. - - ERR_load_crypto_strings(); - OpenSSL_add_all_algorithms(); - - FILE* f = fopen(keyfile, "r"); - if ( ! f ) - { - fprintf(stderr, "can't open key file %s: %s\n", - keyfile, strerror(errno)); - exit(1); - } - - SecKey = PEM_read_PrivateKey(f, 0, 0, 0); - if ( ! SecKey ) - { - fprintf(stderr, "can't read key from %s: %s\n", keyfile, - ERR_error_string(ERR_get_error(), 0)); - exit(1); - } - - fclose(f); - - // Depending on the OpenSSL version, EVP_*_cbc() - // returns a const or a non-const. - CipherType = (EVP_CIPHER*) EVP_bf_cbc(); - - // Decrypt the files. - if ( optind == argc ) - cryptcat(stdin); - else - { - while ( optind < argc ) - { - FILE* f = fopen(argv[optind], "r"); - if ( ! f ) - { - fprintf(stderr, "can't open %s: %s\n", - argv[optind], strerror(errno)); - exit(1); - } - - cryptcat(f); - ++optind; - } - } - } diff --git a/aux/binpac b/aux/binpac new file mode 160000 index 0000000000..10243a89bb --- /dev/null +++ b/aux/binpac @@ -0,0 +1 @@ +Subproject commit 10243a89bb563a22eccd0e1bba842edfb82da33f diff --git a/aux/bro-aux b/aux/bro-aux new file mode 160000 index 0000000000..afb29b38bc --- /dev/null +++ b/aux/bro-aux @@ -0,0 +1 @@ +Subproject commit afb29b38bcb08b67f2a86ea580a9b55d1a9ace05 diff --git a/aux/broccoli b/aux/broccoli new file mode 160000 index 0000000000..35318e2a35 --- /dev/null +++ b/aux/broccoli @@ -0,0 +1 @@ +Subproject commit 35318e2a35d537c804567957f884f40c95a58424 diff --git a/aux/broctl b/aux/broctl new file mode 160000 index 0000000000..2467a76106 --- /dev/null +++ b/aux/broctl @@ -0,0 +1 @@ +Subproject commit 2467a76106bad6a2224b7902d686dd6749088bd8 diff --git a/aux/cf/Makefile.am b/aux/cf/Makefile.am deleted file mode 100644 index 9f77c90020..0000000000 --- a/aux/cf/Makefile.am +++ /dev/null @@ -1,5 +0,0 @@ -## Process this file with automake to produce Makefile.in - -noinst_PROGRAMS = cf -cf_CFLAGS = -I$(top_srcdir)/src -I../src/ -I../../src -cf_SOURCES = cf.c version.c diff --git a/aux/cf/cf.1 b/aux/cf/cf.1 deleted file mode 100755 index 1f4808cfd5..0000000000 --- a/aux/cf/cf.1 +++ /dev/null @@ -1,133 +0,0 @@ -.\" @(#) $Id: cf.1 2410 2005-12-27 00:58:20Z vern $ (LBL) -.\" -.\" Copyright (c) 2004 -.\" The Regents of the University of California. All rights reserved. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that: (1) source code distributions -.\" retain the above copyright notice and this paragraph in its entirety, (2) -.\" distributions including binary code include the above copyright notice and -.\" this paragraph in its entirety in the documentation or other materials -.\" provided with the distribution, and (3) all advertising materials mentioning -.\" features or use of this software display the following acknowledgement: -.\" ``This product includes software developed by the University of California, -.\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of -.\" the University nor the names of its contributors may be used to endorse -.\" or promote products derived from this software without specific prior -.\" written permission. -.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED -.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. -.TH CF 1 "December 20, 2005" -.UC 4 -.SH NAME -cf - unix time to formated time and date filter -.SH SYNOPSIS -.B cf -[ -.B -f fmt -] [ -.B -lpsu -] [ -.I file ... -] -.SH DESCRIPTION -This filter reads the named files (or from stdin if there are none) -and replaces numeric timestamps found at the beginning of each line -with a formated time and date time and date. For example: -.LP -.RS -.na -.nh -\% echo '1074558944 default format' | cf -.br -Jan 19 16:35:44 default format -.ad -.hy -.RE - -The default format is '%b\ %e\ %H:%M:%S'. The -.B \-l -flag appends the year ('%Y') to the default format. There are two -ways to specify a custom format; one is with the -.B \-f -flag. The other is to set the -.B CFTIMEFMT -environment variable. Finally, using an empty format with the -.B \-f -flag causes -.B cf -to revert to its default format. -Note that the -.B \-f -and -.B \-l -flags override the -.B CFTIMEFMT -environment variable. -.SH OPTIONS -.LP -.TP -.B \-f fmt -Specify a strftime(1) format string. For example: -.LP -.RS -.RS -.na -.nh -% echo '1074558944 custom format' | \\ - cf -f '%Y-%m-%d\ %H:%M:%S' -.br -2004-01-19 16:35:44 custom format -.ad -.hy -.RE -.LP -.RE -.TP -.B \-l -Use the long format (which includes the year). For example: -.LP -.RS -.RS -.na -.nh -% echo '1074558944 long format' | cf -l -.br -Jan 19 16:35:44 2004 long format -.ad -.hy -.RE -.RE -.TP -.B \-p -Preserve sub-second timestamp info. For example: -.LP -.RS -.RS -.na -.nh -% echo '1100980501.867105 preserve format' | cf -p -.br -Nov 20 11:55:01.867105 preserve format -.ad -.hy -.RE -.RE -.TP -.B \-s -Do strict checking of the timestamp. The number is only considered -to be a valid timestamp and converted if it 9 or more characters -long and contains one or less dots. -.TP -.B \-u -Format using UTC (Coordinated Universal) instead of local time. -.LP -.SH "SEE ALSO" -.na -.nh -hf(1), strftime(3) -.ad -.hy -.\" .SH BUGS diff --git a/aux/cf/cf.c b/aux/cf/cf.c deleted file mode 100755 index 00e46f4b41..0000000000 --- a/aux/cf/cf.c +++ /dev/null @@ -1,189 +0,0 @@ -/* - * Copyright (c) 1991, 1994, 1995, 1996, 1998, 1999, 2001, 2004 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that: (1) source code distributions - * retain the above copyright notice and this paragraph in its entirety, (2) - * distributions including binary code include the above copyright notice and - * this paragraph in its entirety in the documentation or other materials - * provided with the distribution, and (3) all advertising materials mentioning - * features or use of this software display the following acknowledgement: - * ``This product includes software developed by the University of California, - * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of - * the University nor the names of its contributors may be used to endorse - * or promote products derived from this software without specific prior - * written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#ifndef lint -static const char copyright[] = - "@(#) Copyright (c) 1991, 1994, 1995, 1996, 1998, 1999, 2001, 2004\n\ -The Regents of the University of California. All rights reserved.\n"; -static const char rcsid[] = - "@(#) $Id: cf.c 5857 2008-06-26 23:00:03Z vern $ (LBL)"; -#endif - -#include - -#include -#include -#include -#include -#include -#include - -static char *argv0; - -extern char *optarg; -extern int optind, opterr; - -int preserve = 0; -int strict = 0; -int utc = 0; -char *sfmt = "%b %e %H:%M:%S"; -char *lfmt = "%b %e %H:%M:%S %Y"; -char *fmt; - -/* Forwards */ -int main(int, char **); -void doone(FILE *, FILE *); -void usage(void); - -int -main(argc, argv) - int argc; - char **argv; -{ - register char *cp; - register int status, didany, op; - FILE *f; - int targc; - char **targv; - - if ((cp = strrchr(argv[0], '/')) != NULL) - argv0 = cp + 1; - else - argv0 = argv[0]; - - /* Set default format */ - if ((fmt = getenv("CFTIMEFMT")) == NULL) - fmt = sfmt; - - opterr = 0; - while ((op = getopt(argc, argv, "f:lpsu")) != EOF) - switch (op) { - - case 'f': - if (*optarg == '\0') - fmt = sfmt; - else - fmt = optarg; - break; - - case 'l': - fmt = lfmt; - break; - - case 'p': - ++preserve; - break; - - case 's': - ++strict; - break; - - case 'u': - ++utc; - break; - - default: - usage(); - /* NOTREACHED */ - } - targc = argc - optind; - targv = &argv[optind]; - - status = 0; - didany = 0; - while (targc > 0) { - f = fopen(*targv, "r"); - if (f) { - doone(f, stdout); - (void) fclose(f); - } else { - (void) fprintf(stderr, "%s: fopen: ", argv0); - perror(*targv); - status |= 1; - } - --targc; - ++targv; - ++didany; - } - if (!didany) - doone(stdin, stdout); - exit(status); -} - -void -doone(fin, fout) - FILE *fin, *fout; -{ - time_t ts; - register char *bp, *dotbp; - register struct tm *tp; - register int dot_count; - char buf[1024]; - char tstr[128] = ""; - static time_t lastts = 0; - - while (fgets(buf, sizeof(buf), fin)) { - bp = buf; - dotbp = NULL; - if (isdigit(*bp)) { - ts = atol(bp); - ++bp; - dot_count = 0; - while (isdigit(*bp) || *bp == '.') { - if (*bp == '.') { - dotbp = bp; - ++dot_count; - } - ++bp; - } - if (strict && (bp - buf < 9 || dot_count > 1 || - (bp - buf > 10 && dot_count != 1))) { - /* Doesn't look like a genuine timestamp - - * skip it. - */ - fputs(buf, fout); - continue; - } - if (lastts != ts) { - if (!utc) - tp = localtime(&ts); - else - tp = gmtime(&ts); - (void)strftime(tstr, sizeof(tstr), fmt, tp); - lastts = ts; - } - fputs(tstr, fout); - if (preserve && dotbp != NULL) - bp = dotbp; - } - fputs(bp, fout); - } -} - -void -usage() -{ - extern char version[]; - - (void)fprintf(stderr, "%s version %s\n", argv0, version); - (void)fprintf(stderr, "usage: %s [-f fmt] [-lpsu] [file ...]\n", argv0); - exit(1); -} diff --git a/aux/cf/gnuc.h b/aux/cf/gnuc.h deleted file mode 100755 index deba3e6fef..0000000000 --- a/aux/cf/gnuc.h +++ /dev/null @@ -1,43 +0,0 @@ -/* @(#) $Header$ (LBL) */ - -/* Define __P() macro, if necessary */ -#ifndef __P -#if __STDC__ -#define __P(protos) protos -#else -#define __P(protos) () -#endif -#endif - -/* inline foo */ -#ifdef __GNUC__ -#define inline __inline -#else -#define inline -#endif - -/* - * Handle new and old "dead" routine prototypes - * - * For example: - * - * __dead void foo(void) __attribute__((volatile)); - * - */ -#ifdef __GNUC__ -#ifndef __dead -#define __dead volatile -#endif -#if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) -#ifndef __attribute__ -#define __attribute__(args) -#endif -#endif -#else -#ifndef __dead -#define __dead -#endif -#ifndef __attribute__ -#define __attribute__(args) -#endif -#endif diff --git a/aux/cf/version.c b/aux/cf/version.c deleted file mode 100644 index 076ba4f713..0000000000 --- a/aux/cf/version.c +++ /dev/null @@ -1 +0,0 @@ -char version[] = "1.2"; diff --git a/aux/contrib/README b/aux/contrib/README deleted file mode 100644 index fbba44b3b2..0000000000 --- a/aux/contrib/README +++ /dev/null @@ -1,8 +0,0 @@ -This directory contains unsupported contributions to Bro. If you have -something to contribute to this directory please send it to us. - -policy/ - miscellaneous .bro policy file you might find useful - -scripts/ - miscellaneous support scripts, alternate report formats, etc. diff --git a/aux/contrib/policy/README b/aux/contrib/policy/README deleted file mode 100644 index 5c63fd5017..0000000000 --- a/aux/contrib/policy/README +++ /dev/null @@ -1,8 +0,0 @@ -Contents of this directory: - -syslog.bro: Bro analyzer for broccoli-based syslog data - -user-check.bro: Bro analyzer for syslog-based user data (bad usernames, etc.) - -client-heartbeat.bro: Generate heartbeat events and send to other Bro's -server-heartbeat.bro: Generate alarm if don't receive a heartbeat event diff --git a/aux/contrib/policy/client-heartbeat.bro b/aux/contrib/policy/client-heartbeat.bro deleted file mode 100644 index 36b1f81540..0000000000 --- a/aux/contrib/policy/client-heartbeat.bro +++ /dev/null @@ -1,55 +0,0 @@ -# client-heartbeat.bro -# Send heartbeat events to a remote server -# $Id: client-heartbeat.bro,v 1.3 2007/02/26 07:03:20 jason Exp $ - -# load remote communications -@load remote - -global bro_heartbeat_interval = 15 min &redef; - -# heartbeat server (ip address) -global bro_heartbeat_server: addr = 127.0.0.1 &redef; - -# name of this host (optional, its not used) -global myhostname = "foo.example.com" &redef; -global myip = 127.0.0.1 &redef; - -###################################################################### -# Shouldn't need to modifiy anything below this -# (Unless your not using SSL, then you will) -###################################################################### - -# who to 'heartbeat' to (i.e. the heartbeat server) -# usually hostname-service (i.e. host.lbl.gov-syslog) -redef Remote::destinations += { - ["server-heartbeat"] = [$host=bro_heartbeat_server, - $retry=60 sec, $connect=T, $ssl=F], - }; - -# do nothing in the client -event heartbeat_event( ts: double, myip: addr, hostname: string ) - { - # intentionally left empty - } - - -# call heartbeat_event and schedule ourselves to run again -event send_heartbeat_event() - { - local hb_host = fmt ("%s", get_event_peer()); - # NOT USED - local foo: double = 0.0; - event heartbeat_event( foo, myip, myhostname ); - schedule bro_heartbeat_interval { send_heartbeat_event() }; - } - -# stick us in the queue to run -event bro_init() - { -# waiting till gethostname is put into production bro.bif -# if myhostname == "") -# { -# myhostname = gethostname(); -# } - schedule bro_heartbeat_interval { send_heartbeat_event() }; - } diff --git a/aux/contrib/policy/server-heartbeat.bro b/aux/contrib/policy/server-heartbeat.bro deleted file mode 100644 index 852f270fb1..0000000000 --- a/aux/contrib/policy/server-heartbeat.bro +++ /dev/null @@ -1,92 +0,0 @@ -# heartbeat-server.bro -# Listen for remote heartbeat events -# $Id: server-heartbeat.bro,v 1.6 2007/02/26 07:03:20 jason Exp $ - -# To use this analyzer, be sure to redef Remote::destinations -# and probably mail_dest too. - -# start listening for remote hosts -@load listen-clear - -# how long till 'lost' messages are genterated -global max_timeout = 30 min &redef; - -# how often to bug about missing servers (60minutes) -global report_nag_time = 1 hr &redef; - -# how many times to do this for? (0 forever) -global report_nag_times: count = 0 &redef; - -################################################# -# shouldn't need to modifiy anything below here # -################################################# -# setup our Notice type -redef enum Notice += { LostHeartBeat } ; - -global report_missing_heartbeat: - function(t: table[string] of count, idx: string) : interval; - -global reported_address_heartbeat: table[string] of count &default=0 - &create_expire = report_nag_time &expire_func = report_missing_heartbeat; - -# function called when a monitored stream times-out -global lost_heartbeat: - function(t: table[string] of event_peer, idx: string) : interval; - -# table holding who we are monitoring (cache peer for use in notice) -global heartbeats : table[string] of event_peer &write_expire = max_timeout &expire_func = lost_heartbeat; - -# send email if we expire an entry in the table -function lost_heartbeat(t: table[string] of event_peer, idx: string): interval -{ - NOTICE([$note=LostHeartBeat, $src_peer=heartbeats[idx], - $msg=fmt("Lost heartbeat from %s", idx) ]); - - # pop him into the report table - reported_address_heartbeat[idx]= report_nag_times; - - return 0 sec; -} - -# send email if this server is *still* down -function report_missing_heartbeat(t: table[string] of count, idx: string): interval -{ - # if he is back, just let this entry expire - if (idx in heartbeats) - { - return 0 secs; - } - - NOTICE([$note=LostHeartBeat, - $msg=fmt("Still missing heartbeat from %s", idx) ]); - - # pop him back into the report table - local times: count; - times = reported_address_heartbeat[idx]; - - # if he has time left put him back - if ( times > 1 ) - reported_address_heartbeat[idx] = times - 1; - # if he is set to 0, keep him forever - else if (times == 0 ) - reported_address_heartbeat[idx] = 0; - - # not exactly sure why, but .... - return 60 sec; -} - - -# update table that we recieved a msg -event heartbeat_event( ts:double, orig_h:addr, info:string ) - { - local hb_peer = get_event_peer(); - local hb_host = fmt("%s", hb_peer$host); - - print fmt("got heartbeat from %s", orig_h) ; - - # use this one if you want to be notified if the service - # went down and came back up on a differnt port - #local hb_host = fmt("%s:%s", hb_peer$host, hb_peer$p); - heartbeats[hb_host] = hb_peer; - - } diff --git a/aux/contrib/policy/syslog.bro b/aux/contrib/policy/syslog.bro deleted file mode 100644 index 3f479812eb..0000000000 --- a/aux/contrib/policy/syslog.bro +++ /dev/null @@ -1,418 +0,0 @@ -# general syslog analyzer 0.3 -# -# NOTES: -# - for now, all IP addresses need to be expressed in IPv4 notation here or it will end up -# looking like 255.255.255.255 - -@load listen-clear -@load listen-ssl -@load user-check - -# put something like this in hostname.bro file -#redef Remote::destinations += { -# ["syslog"] = [$host = 10.0.0.1, $events = /.*/, $connect=F, $retry = 60 secs, $ssl=T], -#}; - - -# list of notices -redef enum Notice += { - LoginFail, # too many failed attempt to a given dest - LoginFailSrc, # num failed logins from source IP exceeds thresh - LoginFailPair, # num failed logins from IP pair exceeds thresh - LoginFailAccount, # num failed accounts from IP->IP exceeds thresh - LoginFailAccountPair, # num failed accounts from IP->account@IP exceeds thresh - LoginFailDict, # num failed authentications for IP->account@IP exceeds thresh - LoginAfterFail, # succ login after a series of bad from source IP -}; - -global syslog = open_log_file("syslog") &redef; - - -# overall design is as follows: -# -# SIP --->table[DIPs] of login_record for each SIP<->DIP -# --->count of total failed logins for SIP -# --->count of total failed accounts for SIP -# access cluster data fia the cluster.bro script since it can -# deal better with the general notion. -# -# data will be stored in two tables, one holding global data for the source IP, -# the other holding origIP<->respIP information. There is likely as better -# way to go about this. - -# list of ssh auth_strings to ignore; -# gssapi-with-mic: ssh sometimes tries, this, fails, and they -# uses pass phrase to log in. Dont count this type of failure for now -# (may need to revisit this later if every see attack using this) -const skip_auth_strings = {"gssapi-with-mic", } &redef; - -### config data ### -const dest_num_fail_logins = 25; # to a single dest -const source_num_fail_logins = 20; # across all hosts, from a single source -const source_num_fail_accounts = 20; # -const pair_num_fail_logins = 25; # applies to single IP<->IP sets -const pair_num_fail_accounts = 20; # - -const single_account_fail = 25; # threshold for a single IP -> account@IP fail - # works also as dictionary threshold on a single account - -### end config data ### - -### data structs ### - # IP<->IP record - type pair_record: record { - total_logins: count &default=0; # failed login count in total - total_accounts: count &default=0; # total count of accounts seen - accounts: table[string] of count; # running count per unique account - #peer: set[count]; # event_peer$id for distributed analysis - }; - - # source record - type source_record: record { - stotal_logins: count &default=0; - stotal_accounts: count &default=0; - }; - -# table for source data -global source_list: table[addr] of source_record &write_expire = 24 hr; - -# table for pair data -global pair_list: table[addr,addr] of pair_record &write_expire = 24 hr; - -global dests : table[addr] of count &write_expire = 1 hr; - -### end data structs, config and control - -### begin functions and events ### - -# for the following events, the existance test takes place since -# there is a chance that the postponed_ssh_login has removed the account -# as a problem. See that event for more information and complaining... - -event login_fail_src(ts:double, orig_h:addr) - { - # Here we look for the total number of failed accounts assosciated with - # a source IP. - - # make sure the problem still exists for the host - if ( orig_h in source_list ) - { - local srec: source_record = source_list[orig_h]; - - if ( srec$stotal_logins >= source_num_fail_logins ) - NOTICE([$note=LoginFailSrc, $src=orig_h, - $msg=fmt("%s Exceeded %d failed logins to multiple hosts", - orig_h, source_num_fail_logins)]); - } - } - -event login_fail_account(ts:double, orig_h:addr, account:string) - { - # Here we look at the total number of unique failed accounts assosciated - # with a given source IP. - - # make sure the problem still exists for the host - if ( orig_h in source_list ) - { - local srec: source_record = source_list[orig_h]; - - if ( srec$stotal_accounts >= source_num_fail_accounts ) - NOTICE([$note=LoginFailAccount, $src=orig_h, - $msg=fmt("%s has %s different account attempts to multiple hosts ", - orig_h, source_num_fail_accounts)]); - } - } - -event login_fail_pair(ts:double, orig_h:addr, resp_h:addr, account:string) - { - # Here we look at the number of failed logins for a pair of IP addresses. - - # make sure the problem still exists for the host - if ( [orig_h, resp_h] in pair_list ) - { - local prec: pair_record = pair_list[orig_h, resp_h]; - - if ( prec$total_logins >= pair_num_fail_logins ) - NOTICE([$note=LoginFailPair, $src=orig_h, $dst=resp_h, - $msg=fmt("%s -> %s Exceeded %s failed logins for %s", - orig_h, resp_h, prec$total_logins, account)]); - - } - } - -event login_fail_account_pair(ts:double, orig_h:addr, resp_h:addr, account:string) - { - # Here we look at the number of failed accounts per IP pair. - - if ( [orig_h, resp_h] in pair_list ) - { - local prec: pair_record = pair_list[orig_h, resp_h]; - - if ( prec$total_logins >= pair_num_fail_accounts ) - NOTICE([$note=LoginFailAccountPair, $src=orig_h, $dst=resp_h, - $msg=fmt("%s -> %s Exceeded %s failed accounts", - orig_h, resp_h, prec$total_accounts)]); - } - } - -event login_fail_dict(ts:double, orig_h:addr, resp_h:addr, account:string) - { - # Here we look at the number of times an account has failed for a given IP - # pair. This is looking in particular for dictionary attacks - - if ( [orig_h, resp_h] in pair_list ) - { - local prec: pair_record = pair_list[orig_h, resp_h]; - - # make sure that the account is still there - if ( account in prec$accounts ) - { - if ( prec$accounts[account] >= single_account_fail ) - # *finally* we are able to send the notice. seems - # like a lot of work... - NOTICE([$note=LoginFailDict, $src=orig_h, $dst=resp_h, - $msg=fmt("%s -> %s@%s Exceeded %s failed tries", - orig_h, account, resp_h, prec$accounts[account])]); - } - } # end pair check - } - - -event ssh_login(ts:double, orig_h:addr, resp_h:addr, account:string, auth_type:string) - { - print syslog, fmt("%.1f ssh_login %s -> %s@%s %s", ts, orig_h, account, resp_h, auth_type); - - local prec: pair_record; - - # run a basic check on the user - check_user(ts, orig_h, resp_h, account, auth_type); - - if ( [orig_h,resp_h] in pair_list ) - { - # we have seen the pair, have we seen the account? - prec = pair_list[orig_h, resp_h]; - - if ( account in prec$accounts ) - { - # there is a history of failure, check threshold. Also skip the - # informational accounts since there is a great deal of noise with them - if ( (prec$accounts[account] == single_account_fail) && (!informational_user(account)) ) - { - NOTICE([$note=LoginAfterFail, $src=orig_h, $dst=resp_h, - $msg=fmt("%s -> %s@%s user login after %s failed logins ", - orig_h, account, resp_h, single_account_fail)]); - } - } - } - else - { - # add new pair list - local tmp_accounts: table[string] of count; - tmp_accounts[account] = 1; - - prec$total_logins = 1; - prec$total_accounts = 1; - prec$accounts = tmp_accounts; - - pair_list[orig_h, resp_h] = prec; - } - - } # end ssh_ok_login - -event ssh_fail_login(ts:double, orig_h:addr, resp_h:addr, account:string, auth_type:string) - { - local prec: pair_record; - local srec: source_record; - - print syslog, fmt("%.1f ssh_fail_login %s -> %s@%s %s", ts, orig_h, account, resp_h, auth_type); - - if (auth_type in skip_auth_strings ) - { - print syslog, fmt("ignoring ssh_fail: %s", auth_type); - return; - } - - # run a basic check on the user - check_user(ts, orig_h, resp_h, account, "ssh_fail"); - - # there are a number of accounts that are infrastructural in nature - # and used internally. We skip them for now even though this is - # probably not such a good idea - - # include local addrs too and see what happens - #if ( (!is_local_addr(orig_h)) && (!informational_user(account)) ) - - if ( (!informational_user(account)) ) - { - # look at dest - if ( resp_h !in dests ) - dests[resp_h] = 0; - ++dests[resp_h]; - - if (dests[resp_h] == dest_num_fail_logins) - NOTICE([$note=LoginFail, $src=orig_h, $dst=resp_h, - $msg=fmt("Exceeded %d failed logins from %s to %s", - dest_num_fail_logins, orig_h, resp_h)]); - - if ( orig_h !in source_list ) - { # add a new record - srec$stotal_logins = 1; - srec$stotal_accounts = 1; - - source_list[orig_h] = srec; - } - else - { - srec = source_list[orig_h]; - - # schedule an event to trigger the notice to provide an opportunity - # to correct for pam running thorough 'false negatives' - if ( ++srec$stotal_logins == source_num_fail_logins ) - schedule 10 sec { login_fail_src(ts, orig_h) }; - - # for the time being this is being commented out ... - #if ( ++srec$stotal_accounts == source_num_fail_accounts ) - # schedule 10 sec { login_fail_account(ts, orig_h, account) }; - } - - # look at pair - if ( [orig_h, resp_h] !in pair_list ) - { - local tmp_accounts: table[string] of count; - tmp_accounts[account] = 1; - - prec$total_logins = 1; - prec$total_accounts = 1; - prec$accounts = tmp_accounts; - - } - else - { - prec = pair_list[orig_h, resp_h]; - - # this is a gross evaluation of the total login failures between two hosts - # which is really the sum of all failures - accounts single or multiple - if ( ++prec$total_logins == pair_num_fail_logins ) - schedule 10 sec - { - login_fail_pair(ts, orig_h, resp_h, account) - }; - - # have we seen the account before? - if ( account !in prec$accounts ) - { - prec$accounts[account] = 1; - - # look for multiple failures for many accounts: increment since this is new - if ( ++prec$total_accounts == pair_num_fail_accounts ) - schedule 10 sec - { - login_fail_account_pair(ts, orig_h, resp_h, account) - }; - } - else - { - # look for multiple failures for a single account - if ( ++prec$accounts[account] == single_account_fail ) - schedule 10 sec - { - login_fail_dict(ts, orig_h, resp_h, account) - }; - } - } - - # update data - #print "syslog: ssh_fail, updating source_list and pair_list ", srec, prec; - source_list[orig_h] = srec; - pair_list[orig_h, resp_h] = prec; - - } # end initial internal/user filter - - } - -event postponed_ssh_login(ts:double, orig_h:addr, resp_h:addr, account:string, auth_type:string) - { - # This abomination is a result of a login passing through pam and ssh sending - # sperious 'failed' messages with the final successful login message. - # Here we intercept the data before the scheduled NOTICE event and change it back. - # This is a prime example of how to introduce race conditions into code, but for the time - # being I have nothing better. - - print syslog, fmt("%.1f postponed_ssh_login %s -> %s@%s %s", ts, orig_h, account, resp_h, auth_type); - - # this code is almost the same as above except that we are removing values (which introduces - # more testing). - local prec: pair_record; - local srec: source_record; - local delta: count = 2; # ammount to decrement - - # look at source, skip if record does not exist - if ( orig_h in source_list ) - { - srec = source_list[orig_h]; - - if ( (srec$stotal_logins - delta) >= 0 ) - srec$stotal_logins = srec$stotal_logins - delta; - - if ( (srec$stotal_accounts - delta) >= 0 ) - srec$stotal_accounts = srec$stotal_logins - delta; - } - - # look at pair, again skipping unknown sessions (throw weird?) - if ( [orig_h, resp_h] in pair_list ) - { - prec = pair_list[orig_h, resp_h]; - - if ( (prec$total_logins - delta) >= 0 ) - prec$total_logins = prec$total_logins - delta; - - if ( (prec$total_accounts - delta) >= 0 ) - prec$total_accounts = prec$total_logins - delta; - - if ( account in prec$accounts ) - { - if ( (prec$accounts[account] - delta) >= 0 ) - prec$accounts[account] = prec$accounts[account] - delta; - } - } # end pair check - - source_list[orig_h] = srec; - pair_list[orig_h, resp_h] = prec; - - - } # end of postpend - -# really want both users, waiting for fix.. -#event failed_su(ts:double, orig_h:addr, user:string, user2:string) -event failed_su(ts:double, orig_h:addr, user:string) -{ - #print syslog, fmt("%.1f failed_su %s %s", ts, orig_h, user, user2 ); - print syslog, fmt("%.1f failed_su %s %s", ts, orig_h, user); - # should generate a notice if too many of these -} - -event successful_su (ts:double, orig_h:addr, logname: string, user:string ) -{ - print syslog, fmt("%.1f sucussful_su %s %s to %s", ts, orig_h, logname, user ); -} - -event failed_sudo (ts:double, orig_h:addr, user:string ) -{ - print syslog, fmt("%.1f failed_sudo %s@%s", ts, user, orig_h ); - # should generate a notice if too many of these -} - -event successful_sudo (ts:double, orig_h:addr, user:string, command:string) -{ - print syslog, fmt("%.1f sucussful_sudo %s@%s %s", ts, user, orig_h, command ); -} - -#other syslog events: Grid stuff -#"gateInit double=$time addr=$runhost addr=$reqhost count=$p \n"; -#"gateUser addr=$runhost count=$p2 string=$IDFields[9]\n"; -#"gateService addr=$runhost count=$p2 string=$srvFields[8]\n"; -#"gateLocalUser addr=$runhost count=$p2 string=$LUFields [10] string=$LUFields[6]\n"; -#"gateLocalUID addr=$runhost count=$p2 count=$LUFields[10] string=$LUFields[6]\n"; -#print "gateLocalGID addr=$runhost count=$p2 count=$GUFields[9]\n"; - - diff --git a/aux/contrib/policy/user-check.bro b/aux/contrib/policy/user-check.bro deleted file mode 100644 index c3d929ba89..0000000000 --- a/aux/contrib/policy/user-check.bro +++ /dev/null @@ -1,82 +0,0 @@ -# version 0.1 -# script to make detailed decisions about user logins -# -# there are three levels of interest - -# informational : general interest (say root) for account use -# suspicious : specific accounts that you do not -# expect to see and should know (such as 'lp') -# dead_man_walkin : accounts that may represent former employies -# or known bad entities. -# -# the choice to differentiate between the second and third may be gratuitious... -# -# - -redef enum Notice += { - SuspiciousUser, # a user is seen that should not normally be there - ForbiddenUser, # known bad user account, more dangerous than suspicous - SensitiveRemoteLogin, # root ssh connection from remote host -}; - -global check_dead_man_walkin = T &redef; -global check_user_list = T &redef; -global check_remote_access_accounts = T &redef; - -# this one not finished: might want to flag these someday -const information_accounts = { "operator", } &redef; - -const suspicious_accounts = { "lp", "toor", "admin", "test", "r00t", "bash", } &redef; - -const forbidden_accounts = { "", } &redef; - -# this is for accounts that you do not want logging in remotely -const no_remote_accounts = { "root", "system", "operator", } &redef; - -function informational_user(user: string) : bool - { - if ( user in information_accounts ) - return T; - - return F; - } - -function check_user(ts:double, orig_h:addr, resp_h:addr, account:string, auth_type:string) : bool - { - - # compare provided user with a list of potential bad accounts - # see note above about hot-ids: this provides a little better - # flexability for general checking - # - - #print "checking user: ", account; - - if ( check_dead_man_walkin && account in forbidden_accounts ) - { - NOTICE([$note=ForbiddenUser, - $msg=fmt("%s -> %s@%s forbidden user login", - orig_h, account, resp_h)]); - - return T; - } - - if ( check_user_list && account in suspicious_accounts ) - { - NOTICE([$note=SuspiciousUser, - $msg=fmt("%s -> %s@%s suspicious user login", - orig_h, account, resp_h)]); - return T; - } - - if ( check_remote_access_accounts && account in no_remote_accounts - && !is_local_addr(orig_h) && auth_type != "ssh_fail" ) - { - NOTICE([$note=SensitiveRemoteLogin, - $msg=fmt("%s -> %s@%s successful sensitive remote login", - orig_h, account, resp_h)]); - return T; - } - - return F; - - } - diff --git a/aux/contrib/scripts/README b/aux/contrib/scripts/README deleted file mode 100644 index 1b3c47ea7a..0000000000 --- a/aux/contrib/scripts/README +++ /dev/null @@ -1,5 +0,0 @@ -Contents of this directory: - -syslog2broccoli.py: converts syslog data to Broccoli events - -bro_report.py: alternate report script diff --git a/aux/contrib/scripts/bro_report.py b/aux/contrib/scripts/bro_report.py deleted file mode 100644 index f56f760dc0..0000000000 --- a/aux/contrib/scripts/bro_report.py +++ /dev/null @@ -1,553 +0,0 @@ -#!/usr/bin/env python -# -# Alternate script to generate a report using the alarm and -# conn files for a given day. -# Notes: My experience is that everyone has their own ideas on what -# Bro reports should look like, so rather than try to please -# everyone, we'd like to include several sample report scripts, and -# encourage people to generate their own script based on the -# sample scripts. This is one such example. If you have your -# own script to contribute, please email to the Bro team. -# -# Brian Tierney, LBL -# -# input: date of report, bro.cfg file, and bro/site/local.site.bro file -# output: a report emailed address specified -# - -__doc__=""" - Usage: bro_report.py [-s start_time -e end_time] [-x] -m email_address - default start/end time = 24 period ending now - date format = YYYY-MM-DD-HH-mm - [-y] put connection logs at the end of the report -""" - -# TO DO: -# add ability to use report_alarms instead of ignore_alarms -# add non-html option (for Vern :-) ) -# add css for more formatting options -# - -import os, time, sys, datetime, socket, getopt, glob, re - -# initialize globals - -# set this for your preferences -ignore_alarms = ["AddressScan", "PortScan", "ScanSummary", "AddressDropped"] -# not yet implemented -report_alarms = [] - -brohome = os.getenv("BROHOME") -if brohome == None: - brohome = "/usr/local/bro" # try using this - -path = "%s/logs" % brohome -cf = "%s/bin/cf" % brohome -hf = "%s/bin/hf -l" % brohome -# this program uses mutt to send email with attachment -# Note: probably want to add something like this to your .muttrc file -# set from="bro@brohost.mysite.org" -# There is probably a more standard way to make this work... - -mutt = "/usr/local/bin/mutt" -bro_local_nets = "%s/site/local.site.bro" % brohome - -use_mtime = 1 # if set, use file modification time to find alarm files, -#conn_reports_at_end = 0 # set if want all connection info at end of the report -######################################################## -# otherwise use file name - - - -def get_file_names(start_time, end_time): - """ - using stat, get a list of all files modified on a given date - """ - - global alarm_file_list - global conn_file_list - - print "looking for alarms between %s and %s " % (time.ctime(start_time), time.ctime(end_time)) - alarm_file_list = [] - if use_mtime: - globstring = "%s/alarm*" % (path) - alarm_files = glob.glob(globstring) - cnt = 0 - for afile in alarm_files: - st = os.stat(afile) - ctime = st[8] - mtime = st[9] - if (mtime >= start_time or ctime >= start_time) and (mtime <= end_time or ctime >= end_time): - alarm_file_list.append(afile) - cnt += 1 - else: - rdate = time.strftime("%y-%m-%d", time.localtime(start_time)) - globstring = "%s/alarm*%s*" % (path,rdate) - alarm_files = glob.glob(globstring) - cnt = 0 - for afile in alarm_files: - alarm_file_list.append(afile) - cnt += 1 - - #print "Using this list of alarm files: ", alarm_file_list - - conn_file_list = [] - globstring = "%s/conn*" % (path) - conn_files = glob.glob(globstring) - for cfile in conn_files: - st = os.stat(cfile) - ctime = st[8] - mtime = st[9] - #if mtime >= start_time and mtime <= end_time: - if (mtime >= start_time or ctime >= start_time) and (mtime <= end_time or ctime >= end_time): - conn_file_list.append(cfile) - - #print "Using this list of conn files: ", conn_file_list - return cnt - -######################################################## - -def get_time(sdate): - """ - take command line arg and generate time - """ - - if len(sdate.split("-")) == 3: - yr,mn,dy = sdate.split("-") - stime = (int(yr), int(mn), int(dy), 0, 0, 0, 0, 0, -1) - elif len(sdate.split("-")) == 4: - yr,mn,dy,hr = sdate.split("-") - stime = (int(yr), int(mn), int(dy), int(hr), 0, 0, 0, 0, -1) - elif len(sdate.split("-")) == 5: - try: - yr,mn,dy,hr,min = sdate.split("-") - except: - print "Error parsing date: ", sdate - usage() - stime = (int(yr), int(mn), int(dy), int(hr), int(min), 0, 0, 0, -1) - else: - print "Invalid data format" - usage() - rtime = time.mktime(stime) - - return rtime - -######################################################## - -def get_site_name(broConfig): - - f = open(broConfig) - lines = f.readlines() - site_name = "Default" - for line in lines: - if line.startswith("BRO_SITE_NAME"): - site_name = line.split("=")[1] - site_name = site_name.replace('"','') - # no way to pass this directly to mutt, need to put in .muttrc instead - #if line.startswith("BRO_EMAIL_FROM"): - # mail_from = line.split("=")[1] - # mail_from = site_name.replace('"','') - - return site_name - -######################################################## -def get_local_nets(localnets): - """ - reads Bro local.site.bro file to get a list of local networks - """ - - # this ugly thing will match IP addresses - regexp = re.compile("([01]?\d\d?|2[0-4]\d|25[0-5])\.([01]?\d\d?|2[0-4]\d|25[0-5])\.([01]?\d\d?|2[0-4]\d|25[0 -5])\.([01]?\d\d?|2[0-4]\d|25[0-5])") - - f = open(localnets) - lines = f.readlines() - - local_nets = [] - if len(lines) > 0: - for line in lines: - fields = line.split() - if len(fields) > 0 and not fields[0].startswith("#"): # skip comment lines - #print fields - for f in fields: - match = regexp.match(f) - if match: - t = f.split("/") - local_nets.append(t[0]) - else: - print "Bro local nets not found. Exiting. " - sys.exit(-1) - - return local_nets - -######################################################## - -def get_local_host(ip1,ip2,sh,dh,local_nets): - """ - based on contents of bro site file, determine which host is local - """ - local_host = "" - if ip2 != "none": - #print "debug:", ip1, ip2, sh, dh, local_nets - # HACK Alert: this will only work for /16 and /24 networks - for net in local_nets: - if net.split(".")[2] == "0": # assume class B - ipa = "%s.%s.0.0" % (ip1.split(".")[0] , ip1.split(".")[1] ) - ipb = "%s.%s.0.0" % (ip2.split(".")[0] , ip2.split(".")[1] ) - else: # assume class C - ipa = "%s.%s.%s.0" % (ip1.split(".")[0] , ip1.split(".")[1], ip1.split(".")[2] ) - ipb = "%s.%s.%s.0" % (ip2.split(".")[0] , ip2.split(".")[1], ip2.split(".")[2] ) - - if ipa == net: - local_host = sh - break - if ipb == net: - local_host = dh - break - else: - local_host = sh - #print " found local host: ", local_host - - if local_host == "": # sometimes see packets not on either net! - local_host = "host from unknown subnet!" - return local_host - -######################################################## - -def create_alarm_info(aline, start_time, end_time): - """ - create log info record from alarm message - """ - - # assume tagged alarm file; trick to parse correctly - if aline[:2] != "t=": # if line does not start with "t=", continue - print "Warning: not a tagged alarm: ", aline - return [] - reformated_alarm = [t.replace('~',' ') for t in aline.replace('\\ ','~').split()] - ip1 = ip2 = sp = dp = "none" - alarm = msg = tm = tag = "" - for s in reformated_alarm: - field = s.split("=") - if field[0] == "sa": - ip1 = field[1] - if field[0] == "sp": - sp = field[1] - if field[0] == "da": - ip2 = field[1] - if field[0] == "dp": - dp = field[1] - if field[0] == "t": - try: - utime = float(field[1]) # unix-style time in seconds - except: - print "Error, unknown alarm format ", reformated_alarm - return [] - if utime < start_time or utime > end_time: - return [] - tm = time.ctime(float(field[1])) - if field[0] == "no": - alarm = field[1] - if field[0] == "tag": - tag = field[1] - if field[0] == "msg": - msg = field[1] - msg = msg.replace('\\ ', ' ') - # end for - - if alarm in ignore_alarms: # skip if wrong type of alarm - return [] - - if tag == "": - tag = "missing tag" - print "Warning: Alarm tag not found: ", reformated_alarm - #return [] # only continue for tagged alarms - - # look up src/dst addresses - sh = [""] - dh = [""] - try: - sh = socket.gethostbyaddr(ip1); - except: - sh[0] = ip1 - try: - dh = socket.gethostbyaddr(ip2); - except: - dh[0] = ip2 - #print "hostnames: %s = %s; %s = %s" % (ip1, sh[0], ip2, dh[0]) - - # save all useful info from this alarm - alarm_info = [alarm, tm, ip1, sp, sh[0], ip2, dp, dh[0], msg, tag, 0] - - #print "alarm info: ", alarm_info - return alarm_info - -######################################################## - -def load_alarms(start_time, end_time): - """ - load alarms from alarm log files into alarm_list - """ - - # fills in alarm_list and host_list data structure - - global alarm_list - global host_list - - alarm_list = [] - host_list = [] - - report_date = time.strftime("%y-%m-%d", time.localtime(end_time)) - yr, mn, dy = report_date.split("-") - - cnt = 0 - for afile in alarm_file_list: - print "opening file:", afile - fd = open(afile) - - # first read through entire alarm file and create list of hosts involved. - done = 0 - while not done: - try: - tl = fd.readline() - except Exception, E: - print E - done = 1 - continue - #print "read line: ",tl - - if len(tl) == 0: - done = 1 - #print "end of file" - continue - - alarm_info = create_alarm_info(tl,start_time, end_time) - if alarm_info != []: - cnt += 1 - #only add if this alarm for this host pair has not been seen before - alarm_exists = 0 - for curr_alarm_info in alarm_list: - alarm,tm,ip1,sp,shost,ip2,dp,dhost,msg,tag,a_cnt = curr_alarm_info - if alarm == alarm_info[0] and ip1 == alarm_info[2] and ip2 == alarm_info[5]: - curr_alarm_info[10] += 1 # increment count - alarm_exists = 1 - if not alarm_exists: - alarm_list.append(alarm_info) - - # figure out which host is local and add to host_list[] - local_host = get_local_host(alarm_info[2], alarm_info[5], alarm_info[4], alarm_info[7], local_nets) - if local_host not in host_list: - print "Adding to host list: ", local_host - host_list.append(local_host) - - #print host_list - #print alarm_list - print "Found %d alarms in this time period " % cnt - return cnt - -###################################################################### -def print_alarm(alarminfo,out): - """ Formats and outputs the alarms - """ - - alarm,tm,ip1,sp,sh,ip2,dp,dh,msg,tag,a_cnt = alarminfo - - out.write (' \n \n') - out.write (' \n \n \n
') - # reformat alarm and write to file in a more readable format - alarm_string = '%s:
%s
source: %s %s port = %s
dest: %s %s port = %s
alarm message: %s %s
\n' % (alarm, tm, ip1, sh, sp, ip2, dh, dp, msg, tag) - out.write(alarm_string) - if a_cnt > 1: - out.write("
    %d instances of this alarm for this host pair
" % a_cnt) - - out.write ("

\n") - -###################################################################### -def print_connections(connfiles,ip,tag,out): - """ Formats and outputs the connection logs - """ - - # there must be a clever way to do this with the pipes module, but this will work for now - # only include connections that have state SF or S1 (should also include RSTO) - - cmd = "grep -h ' %s ' %s | grep -e 'SF' -e 'S1' -e 'RSTO' | grep -A 10 -B 5 '%s$' | %s | %s > %s" % (ip, connfiles, tag, cf, hf, "/tmp/bro-report.tmp") - print "running program: ", cmd - os.system(cmd) - f = open("/tmp/bro-report.tmp") - lines = f.readlines() # read entire file - - if len(lines) > 0: - out.write ('\n \n') - out.write('') - - for line in lines: - fields = line.split() - out.write('') - for f in fields: - out.write("" % f) - out.write("") - out.write("
Time Duration Src host Dst host Service Src port Dst port Prot Bytes sent Bytes rcv State Flag Tag
%s
\n ") - - else: - out.write ("

    No suscessful connections found.
\n") - - out.write ("
\n") - - -###################################################################### -def usage(m=None): - """This just prints the doc string for the whole program. - """ - if m: print "Error: %s" % m - print __doc__ - sys.exit() - -######################################################## - -def main(): - """ - parse opts, collect alarms, generate report - """ - - global local_nets - global report_date - global conn_reports_at_end - conn_reports_at_end = 0 - - try: - options,prog_args = getopt.getopt(sys.argv[1:],'hxys:e:m:') - except getopt.GetoptError, E: - usage(E) - - do_today = 0 - report_date = sdate = edate = dest = "" - for opt,val in options: - if opt == '-s': - sdate = val - elif opt == '-e': - edate = val - elif opt == '-m': - dest = val - elif opt == '-y': - conn_reports_at_end = 1 - else: - usage() - - if dest == "": - print "Missing email address for report" - usage() - - if sdate == "": - # set defauts - end_time = time.time() - start_time = end_time - (24 * 60 * 60) # number of seconds in 1 day - else: - # if start/stop times given at the command line, convert them to Unix time - if sdate != "": - start_time = get_time(sdate) - if edate == "": # if not specified, add 24 hrs - end_time = start_time + (24 * 60 * 60) - if edate != "": - end_time = get_time(edate) - if sdate == "": # if not specified, subtract 24 hrs - start_time = end_time + (24 * 60 * 60) - else: - end_time = start_time + (24 * 60 * 60) # number of seconds in 1 day - - #print "start time: %f, %s " % (start_time, time.ctime(start_time)) - #print "end time: %f, %s " % (end_time, time.ctime(end_time)) - - outfile = "%s/reports/bro.report.%d.html" % (brohome, os.getpid()) - out = open(outfile, 'w') - - if conn_reports_at_end: # open file to save all conn information, then cat to report at the end - outfile_conn = "%s/reports/bro.report.%d.tmp" % (brohome, os.getpid()) - out_conn = open(outfile_conn, 'w') - - rstart = time.strftime("%y-%m-%d %H:%M", time.localtime(start_time)) - rend = time.strftime("%y-%m-%d %H:%M", time.localtime(end_time)) - - if get_file_names(start_time, end_time) <= 0: - print "No alarms found for time specified" - out.write (" Bro Report %s to %s \n" % (rstart, rend ) ) - out.write ("

Bro Report %s-%s

\n" % (rstart, rend ) ) - out.write ("

No alarms found for time specified \n " ) - sys.exit(0) - - connfiles = "" - for connfile in conn_file_list: # build single string with all names in it - connfiles += "%s " % connfile - #print "connfiles ", connfiles - - site_name = get_site_name("%s/etc/bro.cfg" % brohome) - local_nets = get_local_nets(bro_local_nets) - cnt = load_alarms(start_time, end_time) - - out.write (" Bro Report %s-%s \n" % (rstart, rend ) ) - out.write ("") - out.write ("

Bro Report: %s-%s \n" % (rstart, rend ) ) - out.write ("

Total Number of Alarms: %d \n " % cnt) - if cnt > 0: - out.write ("
List of %s hosts with Alarms in this report: \n

    " % site_name) - - # now loop through alarm_list and generate report - for host in host_list: - out.write ("

    %s " % (host)) - out.write ("

\n") - else: - print "No Alarms found" - - for alarm in alarm_list: - #print alarm - print_alarm(alarm,out) - tag = alarm[9] - - if conn_reports_at_end: - taglink = "#alarm%s" % (tag) - out.write ('\n

\n' % taglink) - else: - out.write ("Successful Connections just before and after this alarm: \n\n

\n" ) - - print "searching conn files '%s' for tag %s " % ( connfiles, tag) - - if conn_reports_at_end: - out_conn.write('

\n' % taglink.strip("#")) - - if len(connfiles) > 0: - if conn_reports_at_end: - out_conn.write ('\n

\n Successful Connections just before and after alarm %s

\n' % tag) - print_connections(connfiles, alarm[2], tag, out_conn ) - else: - print_connections(connfiles, alarm[2], tag, out ) - - if conn_reports_at_end and cnt > 0: - out.write ("

\n") - out.write ("

Connection Summary Information \n" ) - out_conn.close() - out.close() - cmd = "cat %s >> %s " % (outfile_conn, outfile) - print "Running command: ", cmd - os.system(cmd) - # next reopen the file - out = open(outfile, 'a') - - out.write (" \n") - out.close() - - # done building report, now send it - - #cmd = "/usr/bin/Mail -s 'Bro Report: %s' %s < %s" % (tm, dest, outfile) - # mail does not handle HTML attachments, so use mutt instead - cmd = "%s -s 'Bro Report from %s: %s to %s ' -a %s %s < /dev/null" % (mutt, socket.gethostname(), rstart, rend, outfile, dest) - print "running program: ", cmd - os.system(cmd) - - try: - os.remove("/tmp/bro-report.tmp") - #os.remove(outfile) - except: - pass - - sys.exit(0) - -###################################################################### -if __name__ == '__main__': main() - diff --git a/aux/contrib/scripts/syslog2broccoli.py b/aux/contrib/scripts/syslog2broccoli.py deleted file mode 100644 index 294486cb9f..0000000000 --- a/aux/contrib/scripts/syslog2broccoli.py +++ /dev/null @@ -1,600 +0,0 @@ -#! /usr/bin/env python -# -# this script finds the end of the syslog file, and then watches -# for new events to send to Bro. Actually they are reformatted -# as Broccoli events, and written to stdout. Then some other -# process can send them to Bro. -# -# started as a perl script from unknon source -# modified for syslog parsing by Scott Campbell -# more options added by Brian Tierney -# -# CHANGELOG: started 07/07/05 -# fixed IPv6 support in sshd login analysis -# 07/12/05 change logic in ssh deny parsing to only look at what -# we want rather than reverse. -# -""" -script that looks at interesting entries in a syslog file -and print out information in a format that broccoli understands -""" -import optparse, logging, re, time -import select, socket, sys, threading - -RE_SSH = re.compile(r"[\w,\s,\W]*sshd") -RE_SSH_ACCEPT = re.compile(r"[\w,\s,\W]*Accept") -# all Failures; leads to false possitives -# RE_SSH_FAIL = re.compile(r"[\w,\s,\W]*Failed") -# just failed passwords -RE_SSH_FAIL = re.compile(r"[\w,\s,\W]*Failed[\s]*password") -RE_SSH_FAIL_ILLEGAL_USER = re.compile(r"[\w,\s,\W]*illegal[\s]*user|[\w,\s,\W]*invalid[\s]*user") -RE_SSH_EXCLUDE = re.compile(r"[\w,\s,\W]*com\.apple\.SecurityServer") - -# only do failures for now - -RE_SUDO = re.compile(r"[\w,\s,\W]*sudo[\w,\s,\W]+failure|[\w,\s,\W]*sudo[\w,\s,\W]+incorrect password attempts") -RE_SUDO_FORMAT1 = re.compile(r"[\w,\s,\W]*sudo[\w,\s,\W]+failure") -RE_SUDO_FORMAT2 = re.compile(r"[\w,\s,\W]*sudo[\w,\s,\W]+incorrect password attempts") - -RE_SU_SUCCESS = re.compile(r"[\w,\s\W]*su: \(|[\w,\s,\W]*su: SU |[\w,\s,\W]*su[\w,s,\W]+session opened") -RE_SU_FORMAT1 = re.compile(r"[\w,\s,\W]*session opened for user [\w,\W]+ by [\w,\W]+") -RE_SU_FORMAT2 = re.compile(r"[\w,\s,\W]*su:[\s]*\(to [\w]+\) [\w]+") -RE_SU_FORMAT3 = re.compile(r"[\w,\s,\W]*su: SU") - - -RE_SU_FAIL = re.compile(r"[\w,\s\W]* BAD SU |[\w,\s,\W]* FAILED SU |[\w,\s,\W]*su[\w,\s,\W]*authentication failure") -RE_SU_FAIL_FORMAT1 = re.compile(r"[\w,\s,\W]*authentication failure") -RE_SU_FAIL_FORMAT2 = re.compile(r"[\w,\s,\W]*FAILED SU") -RE_SU_FAIL_FORMAT3 = re.compile(r"[\w,\s,\W]*BAD SU") - -RE_GRID = re.compile(r"[\w,\s\W]* GRAM") -RE_GRID_AUTHORIZE_LOCALUSER = re.compile(r"[\w,\s,\W]* Authorized as local user") -RE_GRID_AUTHORIZE_LOCALUID = re.compile(r"[\w,\s,\W]* Authorized as local uid:") -RE_GRID_AUTHORIZE_LOCALGID = re.compile(r"[\w,\s,\W]* and local gid:") -RE_GRID_AUTHENTICATE = re.compile(r"[\w,\s,\W]* Authenticated globus user:") -RE_GRID_CONNECT = re.compile(r"[\w,\s,\W]* Got connection ") -RE_GRID_SERVICE = re.compile(r"[\w,\s,\W]* Requested service: ") -RE_GRID_INFO = re.compile(r"[\w,\s,W]*gridinfo") - -# not done: generate Bro event for these too -RE_NEWUSER = re.compile(r"[\w,\s,\W]*new user:[\w,\s,\W]+useradd") - -# not done: generate Bro event for user root sending mail to yahoo, gmail, hotmail, aol, etc. -# (maybe even any .com ?) -RE_ROOT_EMAIL = re.compile(r"[\w,\s,\W]*sendmail[\w,\s,\W]+root[\w,\s,\W]+to `[\w,\s,\W]+\.com") - - -class HeartBeatThread(threading.Thread): - """ - HeartBeat class that inherits from Python Thread class - """ - def __init__(self, sleep_seconds): - threading.Thread.__init__(self) - self._sleeptime = sleep_seconds - - def run(self): - """ - Sends out a heartbeat event, then goes to sleep for 15 minutes - """ - addr = socket.gethostbyname(socket.gethostname()) - heartbeat_string = "Syslog_daemon_heartbeat" - while True: - time_double = time.time() - print "heartbeat_event double=%d addr=%s string=%s" % (time_double, addr, heartbeat_string) - time.sleep(self._sleeptime) - -def time_conversion(month, date, clocktime): - """ - Convert time string to double, need to handle the - year field - """ - year = time.asctime().split()[-1:][0] - time_str = " ".join((month, date, clocktime, year)) - try: - time_tuple = time.strptime(time_str, "%b %d %H:%M:%S %Y") - except: - log.error( "time.strptime error converting %s" % time_str ) - return 0.0 - time_double = time.mktime(time_tuple) - return time_double - -def check_ip(ip): - """ - Covert hostname to IP if necessary, and check if valid IP - """ - - try: - ip = socket.gethostbyname(ip) - except: - log.error( "Error converting %s to an IP " % ip ) - return "" - - # if passed in something that looked like an IP, gethostbyname might not return an error, so best to check - try: - ips = ip.split('.') - except: - log.error("Error spliting IP into components: %s" % ip) - return "" - - if len(ips) == 4: - if int(ips[0]) < 256 and int(ips[1]) < 256 and int(ips[2]) < 256 and int(ips[3]) < 256: - return ip - else: - return "" - else: - return "" - -def find_user(fields): - """ - Find the user in a list of fields where user is the name in user=name - """ - user = "unknown" - for f in fields: - try: - user1, user2 = f.split('=') - if user1 == 'user' or user1 == 'ruser': - if user2 != "": - return user2 - except: - pass - return user - -def parse_ssh(line, line_cnt): - """ - print out the ssh fields into the broccoli format - - Note: still needs to handle odd syslog formats, such as (double set of timestamps): - Jan 1 00:03:44 127.0.0.1 2005-12-31 21:51:10.163447500 isthiswhatyouwant.jay.lbl.gov sshd[] PAM: Authentication failure for ldoolitt from astound-69-42-20-231.ca.astound.net - - There are many different formats, but the following seem fairly consistant: - for username - from hostname - so look for works "for" and "from", and then take the fields after that - - """ - - fields = line.split() - time_double = time_conversion(fields[0], fields[1], fields[2]) - # look for 'from' hostname - n = 0 - from_ip = "" - for f in fields: - if f == "from": - from_ip = fields[n+1] - break - n += 1 - - # check for valid IP (some look like this: "::ffff:128.3.60.86") - ipf = from_ip.split(':') - if len(ipf) > 1: - ip = ipf[len(ipf) - 1] - else: - ip = ipf[0] - - # verify that this is a valid IP address - ip = check_ip(ip) - lh_ip = check_ip(fields[3]) - - success = False - failed = False - auth_type = "unknown" - username = "unknown" - - if RE_SSH_ACCEPT.match(line): - success = True - try: - auth_index = fields.index('Accepted') - username_index = fields.index('for') - except ValueError: - log.error( "Error: sshd line with unknown format: line %d,%s" % (line_cnt, line)) - return - - auth_type = fields[auth_index +1] - username = fields[username_index +1] - - if RE_SSH_FAIL.match(line) and not RE_SSH_EXCLUDE.match(line): - failed = True - try: - auth_index = fields.index('Failed') - username_index = fields.index('for') - except ValueError: - log.error( "Error: sshd line with unknown format: line %d,%s" % (line_cnt, line)) - return - - auth_type = fields[auth_index + 1] - if RE_SSH_FAIL_ILLEGAL_USER.match(line): - username = fields[username_index +3] - else: - username = fields[username_index +1] - - if ip and lh_ip: - if success: - print "ssh_login double=%d addr=%s addr=%s string=%s string=%s" % (time_double, ip, lh_ip, username, auth_type) - - if failed: - print "ssh_fail_login double=%d addr=%s addr=%s string=%s string=%s" % (time_double, ip, lh_ip, username, auth_type) - - else: - log.error( "Error: sshd line with unknown format: line %d" % (line_cnt)) - - -def parse_sudo(line): - """ - print out the sudo fields in the broccoli format - Supports these formats - 1. host sudo(pam_unix)[5835]: authentication failure; logname=user uid=0 euid=0 tty=pts/4 ruser= rhost= user=user - 2. host sudo: user: 3 incorrect password attempts ; - TTY=pts/11 ; PWD=directory COMMAND=/bin/ls - - """ - - fields = line.split() - time_double = time_conversion(fields[0], fields[1], fields[2]) - - # look for user - user = "unknown" - if RE_SUDO_FORMAT1.match(line): - user = find_user(fields) - - if RE_SUDO_FORMAT2.match(line): - user = fields[5] - - if user == "": - user = "unknown" - - # check if need to convert to IP addr - lh_ip = check_ip(fields[3]) - - if user == "unknown": - log.debug("unhandled user in next line" ) - log.debug(line) - - print "failed_sudo double=%d addr=%s string=%s " % (time_double, lh_ip, user ) - -def parse_su_success(line, line_cnt): - """ - print out the su fields in the broccoli format - - This one is hard because there are MANY formats used for this, including: - This function handles these 3 formats - 1. session opened for user by user - 2. (to root) user - 3. su: SU - - user to root - 'su root' succeeded for user - - Not quite done: does not always correctly find logname or username - """ - fields = line.split() - time_double = time_conversion(fields[0], fields[1], fields[2]) - logname = "unknown" - user = "unknown" - - if RE_SU_FORMAT1.match(line): - try: - index = fields.index('user') - except ValueError: - log.error( "Error: su line with unknown format: line %d,%s" % (line_cnt, line)) - return - - logname = fields[index +1] - user = fields[index +3] - - if RE_SU_FORMAT2.match(line): - logname = fields[6].rstrip(')') - user = fields[7] - - if RE_SU_FORMAT3.match(line): - try: - index = fields.index('SU') - except ValueError: - log.error( "Error: su line with unknown format: line %d,%s" % (line_cnt, line)) - return - - user = fields[index +1] - - if user == "unknown": - log.debug("unhandled case on line: %d " % line_cnt) - log.debug(line) - lh_ip = check_ip(fields[3]) - print "successful_su double=%d addr=%s string=%s string=%s" % (time_double, lh_ip, logname, user) - - -def parse_su_fail(line, line_cnt): - """ - print out the su fields in the broccoli format - This one is hard because there are MANY formats used for this, including: - authentication failure; - logname=user uid=uid euid=0 tty= ruser=jason rhost= user=root - - We match this case only - 1. BAD SU user to root - These cases are not handled - FAILED SU (to root) user - 'su root' failed for user - """ - fields = line.split() - time_double = time_conversion(fields[0], fields[1], fields[2]) - user = "unknown" - - if RE_SU_FAIL_FORMAT1.match(line): - user = find_user(fields) - - if RE_SU_FAIL_FORMAT2.match(line): - fail_test1 = False - fail_test2 = False - try: - index = fields.index('to') - except: - fail_test1 = True - try: - index = fields.index('(to') - except: - fail_test2 = True - - if fail_test1 and fail_test2: - log.error("su fail: -to- not found: line %d" % line_cnt) - else: - user = fields[index +1] - - if RE_SU_FAIL_FORMAT3.match(line): - try: - index = fields.index('to') - user = fields[index - 1] - except: - log.error("su fail: -to- not found: line %d " % line_cnt) - - if user == "": - user = "unknown" - - if user == "unknown": - log.debug("unhandled case on line %d" % line_cnt) - log.debug(line) - - lh_ip = check_ip(fields[3]) - - print "failed_su double=%d addr=%s string=%s" % (time_double, lh_ip, user) - -def parse_gate(line, line_cnt): - """ - print out the globus fields in the broccoli format - - Not finished - """ - fields = line.split() - time_double = time_conversion(fields[0], fields[1], fields[2]) - - if RE_GRID_AUTHORIZE_LOCALUSER.match(line): - gate_ip = check_ip(fields[3]) - pid = fields[5].strip("gatekeeper[]:") - user = fields[10] - print "gatekeeper_local_user addr=%s count=%s string=%s string=Authorized" % (gate_ip, pid, user) - - elif RE_GRID_AUTHORIZE_LOCALUID.match(line): - gate_ip = check_ip(fields[3]) - pid = fields[5].strip("gatekeeper[]:") - uid = fields[10] - print "gatekeeper_local_uid addr=%s count=%s string=%s string=Authorized" % (gate_ip, pid, uid) - elif RE_GRID_AUTHORIZE_LOCALGID.match(line): - gate_ip = check_ip(fields[3]) - pid = fields[5].strip("gatekeeper[]:") - gid = fields[9] - print "gatekeeper_local_uid addr=%s count=%s string=%s string=Authorized" % (gate_ip, pid, gid) - elif RE_GRID_AUTHENTICATE.match(line): - print "authenticate" - gate_ip = check_ip(fields[3]) - pid = fields[5].strip("gatekeeper[]:") - dn = " ".join(fields[9:]) - print "gatekeeper_auth_user addr=%s count=%s string=%s string=Authorized" % (gate_ip, pid, dn) - elif RE_GRID_CONNECT.match(line): - gate_ip = check_ip(fields[3]) - src_ip = check_ip(fields[8]) - pid = fields[5].strip("gatekeeper[]:") - print "gateekeeper_connect double=%d addr=%s addr=%s count=%s" % (time_double, gate_ip, src_ip, pid) - elif RE_GRID_SERVICE.match(line): - gate_ip = check_ip(fields[3]) - pid = fields[5].strip("gatekeeper[]:") - service = fields[8] - print "gatekeeper_service double=%d addr=%s count=%s string=%s" % (time_double, gate_ip, pid, service) - - else: - log.debug("unhandled case on line %d" % line_cnt) - log.debug(line) - - - - - - - - -def parse_newuser(line): - """ - print out the newuser fields in the broccoli format - - Not finished - """ - fields = line.split() - time_double = time_conversion(fields[0], fields[1], fields[2]) - lh_ip = check_ip(fields[3]) - - #print "new_user double=%d addr=%s string=%s" % (time_double, lh_ip, user) - -def parse_root_email(line): - """ - print out the root email fields in the broccoli format - - Not finished - """ - fields = line.split() - time_double = time_conversion(fields[0], fields[1], fields[2]) - lh_ip = check_ip(fields[3]) - - #print "root_email double=%d addr=%s addr=%s" % (time_double, lh_ip, ip) - - - -def log_parse(syslog_file, opts): - """ - Continually parse the log file, and print information to stdout - """ - - line_cnt = 0 - done = 0 - if opts.begin_tail or opts.begin: - tail = 0 - else: - tail = 1 - - day = int(time.strftime("%d")) # day that program is started - today = time.strftime("%Y-%m-%d") - - while not done: - try: - line = syslog_file.readline() - except Exception, E: - log.error ("Error reading file. Possibly log file was rotated, so try to reopen " ) - syslog_file.close() - fname = "%s/all-%s" % (opts.path, today) - try: - syslog_file = open(fname) - except: - log.error( "Error opening syslog file %s " % (fname)) - sys.exit(-1) - - if len(line) == 0 and opts.begin: # if not tailing the file - done = 1 - log.debug ("End of file. Num lines = %d. Exiting" % line_cnt) - sys.exit(1); - - if len(line) == 0 and opts.begin_tail and tail == 0: - tail = 1 # start tailing the file - log.debug ("Reached End of file, now tailing the file") - - line_cnt += 1 - if not (line_cnt % 50000): - log.debug ("Processed %d lines" % line_cnt) - - - try: - if RE_SSH.match(line) and ( RE_SSH_ACCEPT.match(line) or RE_SSH_FAIL.match(line) ): - parse_ssh(line, line_cnt) - - elif RE_SUDO.match(line): - parse_sudo(line) - - elif RE_SU_SUCCESS.match(line): - parse_su_success(line, line_cnt) - - elif RE_SU_FAIL.match(line): - parse_su_fail(line, line_cnt) - - elif RE_GRID.match(line): - parse_gate(line, line_cnt) - - elif RE_NEWUSER.match(line): - parse_newuser(line.split()) - - elif RE_ROOT_EMAIL.match(line): - parse_root_email(line.split()) - - else: - #This outputs too much information, this should be turned - #on if we set verbose to the next level - #log.debug("Not matching line: %s" % line) - pass - - except: - log.error ("Error parsing log file. Corrupt log entry: %s" % line ) - continue - - sys.stdout.flush() - - if tail: # go slow if tailing the file - select.select([], [], [], .01) - # if tailing the file and path is set, - #need to roll over to a new file at midnight - if opts.path: - check_day = int(time.strftime("%d")) - if day != check_day: - # new day, so open new file - syslog_file.close() - today = time.strftime("%Y-%m-%d") - fname = "%s/all-%s" % (opts.path, today) - log.debug( "New Day, so opening new syslog file: %s " % (fname)) - try: - syslog_file = open(fname) - except: - log.error( "Error opening syslog file %s " % (fname)) - sys.exit(-1) - day = check_day - line_cnt = 0 - - -def log_open(opts): - """ - open the logfile at the beginning or end - depending on the command line arguments - """ - global log - logging.basicConfig() - log = logging.getLogger("sys2broccoli") - - if opts.verbose: - log.setLevel(logging.DEBUG) - else: - log.setLevel(logging.NOTSET) - - if opts.path and opts.start_date: - fname = "%s/all-%s" % (opts.path, opts.start_date) - else: - fname = opts.syslog_file - - try: - syslog_file = open(fname) - except: - log.error( "Error opening syslog file %s " % (fname)) - sys.exit(-1) - - if opts.begin or opts.begin_tail: - log.debug("Will start at the beginning of the file.") - else: - syslog_file.seek(0, 2) - - log_parse(syslog_file, opts) - - - -def main(): - """ - Read in the command line arguments, then open the log - """ - parser = optparse.OptionParser() - begin_help = """Start at the begining of the syslog file, - and exit when get to the end""" - parser.add_option("-b", action="store_true", dest="begin", - help=begin_help, default=False) - begin_tail_help = """Start at the begining of the syslog file, - and tail the file when get to the end""" - parser.add_option("-B", action="store_true", dest="begin_tail", - help=begin_tail_help, default=False) - parser.add_option("-v", "--verbose", action="store_true", dest="verbose", - help="be more verbose", default=False) - parser.add_option("-f", "--file", action="store", dest="syslog_file", - help="Location of the syslog file.", - default="/var/log/syslog") - # these are for use on syslog.lbl.gov - parser.add_option("-d", "--dir", action="store", dest="path", - help="Directory of the archived syslog files.") - parser.add_option("-t", "--date", action="store", dest="start_date", - help="Date of file to process.", default=False) - opts, args = parser.parse_args() - heartbeat = HeartBeatThread(900) - heartbeat.setDaemon(True) - heartbeat.start() - log_open(opts) - - - -if __name__ == "__main__": main() diff --git a/aux/hf/Makefile.am b/aux/hf/Makefile.am deleted file mode 100755 index 2e127f5084..0000000000 --- a/aux/hf/Makefile.am +++ /dev/null @@ -1,16 +0,0 @@ -DISTCLEANFILES = hf.c nf.c pf.c - -noinst_PROGRAMS = hf nf pf - -#LEX = @V_LEX@ - -#.l.c: -# $(LEX) $(srcdir)/$*.l ; rm -f $@ ; mv lex.yy.c $@ - -if USE_NBDNS -dns_srcs = nb_dns.c -endif - -hf_SOURCES = hf.l setsignal.c version.c nb_dns.h setsignal.h gnuc.h $(dns_srcs) -nf_SOURCES = nf.l setsignal.c -pf_SOURCES = pf.l setsignal.c diff --git a/aux/hf/VERSION b/aux/hf/VERSION deleted file mode 100755 index f71668fbd8..0000000000 --- a/aux/hf/VERSION +++ /dev/null @@ -1 +0,0 @@ -1.0a10 diff --git a/aux/hf/gnuc.h b/aux/hf/gnuc.h deleted file mode 100755 index deba3e6fef..0000000000 --- a/aux/hf/gnuc.h +++ /dev/null @@ -1,43 +0,0 @@ -/* @(#) $Header$ (LBL) */ - -/* Define __P() macro, if necessary */ -#ifndef __P -#if __STDC__ -#define __P(protos) protos -#else -#define __P(protos) () -#endif -#endif - -/* inline foo */ -#ifdef __GNUC__ -#define inline __inline -#else -#define inline -#endif - -/* - * Handle new and old "dead" routine prototypes - * - * For example: - * - * __dead void foo(void) __attribute__((volatile)); - * - */ -#ifdef __GNUC__ -#ifndef __dead -#define __dead volatile -#endif -#if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) -#ifndef __attribute__ -#define __attribute__(args) -#endif -#endif -#else -#ifndef __dead -#define __dead -#endif -#ifndef __attribute__ -#define __attribute__(args) -#endif -#endif diff --git a/aux/hf/hf.l b/aux/hf/hf.l deleted file mode 100755 index d5ef9198c4..0000000000 --- a/aux/hf/hf.l +++ /dev/null @@ -1,950 +0,0 @@ -N [0-9] -O ({N}{1,3}) - -C [0-9A-Fa-f] -H ({C}{1,4}) - - #include "config.h" - #include - #include - #include - #include - - #include - - #include - - #ifdef NEED_NAMESER_COMPAT_H - #include - #else - #include - #endif - - #ifndef NS_MAXDNAME - #define NS_MAXDNAME 1025 - #endif - #ifndef NS_INADDRSZ - #define NS_INADDRSZ 4 - #endif - #ifndef NS_IN6ADDRSZ - #define NS_IN6ADDRSZ 16 - #endif - - #include - #include - #ifdef HAVE_MEMORY_H - #include - #endif - #include - #include - #include - #include - #include - #include - #include - - #include "gnuc.h" - #ifdef HAVE_OS_PROTO_H - #include "os-proto.h" - #endif - - #include "setsignal.h" - #include "nb_dns.h" - - #undef yywrap - #ifdef FLEX_SCANNER - #define YY_NO_UNPUT - #endif - int yywrap(void); - int yylex(void); - void convert(const char *, int); - - #ifdef HAVE_ASYNC_DNS - #define ECHO \ - if (!lookup_pass) { (void) fwrite( yytext, yyleng, 1, yyout ); } - int lookup_pass; /* true if lookup only */ - #endif - int linemode; /* convert at most one entry per line */ - int triedone; - -%% - - -::{O}(\.{O}){3} convert(yytext, 1); -{O}(\.{O}){3} convert(yytext, 0); - -{H}(:{H}){7} convert(yytext, 1); -{H}:(:{H}){1,6} convert(yytext, 1); -({H}:){2}(:{H}){1,5} convert(yytext, 1); -({H}:){3}(:{H}){1,4} convert(yytext, 1); -({H}:){4}(:{H}){1,3} convert(yytext, 1); -({H}:){5}(:{H}){1,2} convert(yytext, 1); -({H}:){6}:{H} convert(yytext, 1); - -({O}\.){1,3} ECHO; /* anti-backtrack */ -{O}((\.{O}){1,2}) ECHO; /* anti-backtrack */ - -{N}+ ECHO; -[^0-9\n]+ ECHO; -[^0-9\n]+\n { - ECHO; - triedone = 0; - } - -\n { - ECHO; - triedone = 0; - } - -%% - -/* - * Copyright (c) 1989, 1990, 1991, 1992, 1993, 1994, 1996, 1998, 1999, 2000, 2001, 2002, 2004 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that: (1) source code distributions - * retain the above copyright notice and this paragraph in its entirety, (2) - * distributions including binary code include the above copyright notice and - * this paragraph in its entirety in the documentation or other materials - * provided with the distribution, and (3) all advertising materials mentioning - * features or use of this software display the following acknowledgement: - * ``This product includes software developed by the University of California, - * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of - * the University nor the names of its contributors may be used to endorse - * or promote products derived from this software without specific prior - * written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#ifndef lint -static const char copyright[] = - "@(#) Copyright (c) 1989, 1990, 1991, 1992, 1993, 1994, 1996, 1998, 1999, 2000, 2001, 2002, 2004\n\ -The Regents of the University of California. All rights reserved.\n"; -static const char rcsid[] = - "@(#) $Id: hf.l 1420 2005-09-29 22:25:14Z vern $ (LBL)"; -#endif - - -#define HSIZE 8192 /* must be a power of two */ - -struct htable { - char addr[NS_IN6ADDRSZ]; - int af; /* address family */ - int alen; - int state; - char *name; /* overloaded variable */ - struct htable *next; -} htable[HSIZE]; - -#define STATE_FREE 0 /* not in use */ -#define STATE_RAW 1 /* couldn't translate */ -#define STATE_SENTPTR 2 -#define STATE_HAVEPTR 3 -#define STATE_SENTA 4 -#define STATE_HAVEA 5 - -int strip = 1; /* strip local domain when possible */ -int lcase = 1; /* force lowercase */ -int shortdomain; /* strip entire domain */ -int printboth; /* print both addr & name */ -#ifdef HAVE_ASYNC_DNS -int asyncdns; /* 2 pass async dns hack */ -int numasync; /* number of outstanding async requests */ -int asyncfd; -#endif -int networknumber; /* convert to network numbers */ -int check; /* check PTR's against A records */ -#ifdef DEBUG -int debug = 0; -#endif - -int tmo; /* seconds to wait for a answer from the dns */ -int doingdns; /* true if we're waiting for the nameserver */ -jmp_buf alrmenv; /* longjmp() buffer */ - -char *prog; - -char domain[64]; /* current domain name (including '.') */ -int domainlen; /* length of domain name */ - -char azero[NS_IN6ADDRSZ]; - -#ifdef HAVE_ASYNC_DNS -struct nb_dns_info *nd; -#endif - -int targc; -char **targv; - -extern char *optarg; -extern int optind, opterr; - -/* ANSI C defines this */ -#ifndef __STDC__ -extern char *malloc(); -#endif - -/* Forwards */ -char *a2h(const char *, int, int); -char *addr2host(const char *, int, int); -#ifdef HAVE_ASYNC_DNS -void asyncreap(int); -#endif -struct htable *cacheaddr(const char *, int, int, int, const char *); -#ifdef DEBUG -void dump(void); -#endif -int getdomain(void); -struct htable *hash(const char *, int, int); -#ifdef HAVE_ASYNC_DNS -int ispipe(FILE *); -#endif -struct htable *lookupaddr(const char *, int, int); -int main(int, char **); -void massagename(char *); -RETSIGTYPE timeout(int); -void usage(void); - -int -main(argc, argv) - int argc; - char **argv; -{ - register char *cp; - register int op; -#ifdef HAVE_ASYNC_DNS - char errstr[NB_DNS_ERRSIZE]; -#endif - - if ((cp = strrchr(argv[0], '/')) != NULL) - prog = cp + 1; - else - prog = argv[0]; - - opterr = 0; - while ((op = getopt(argc, argv, "1abcdilnNt:")) != EOF) - switch (op) { - - case '1': - ++linemode; - break; - - case 'a': -#ifdef HAVE_ASYNC_DNS - ++asyncdns; -#else - fprintf(stderr, - "%s: warning: -a not supported; ignored\n", prog); -#endif - break; - - case 'b': - ++printboth; - break; - - case 'c': - ++check; - break; - -#ifdef DEBUG - case 'd': - ++debug; - break; -#endif - - case 'i': - lcase = 0; - break; - - case 'l': - strip = 0; - break; - - case 'n': -#ifdef notdef - ++networknumber; -#else - fprintf(stderr, "%s: -n not currently impemented\n", - prog); - exit(1); -#endif - break; - - case 'N': - ++shortdomain; - break; - - case 't': - tmo = atoi(optarg); - if (tmo <= 0) - usage(); - break; - - default: - usage(); - } - -#ifdef HAVE_ASYNC_DNS - if (asyncdns) { - nd = nb_dns_init(errstr); - if (nd == NULL) { - fprintf(stderr, "%s: nb_dns_init: %s\n", prog, errstr); - exit(1); - } - asyncfd = nb_dns_fd(nd); - /* If no explicit timeout, use resolver retransmit */ - if (tmo == 0) - tmo = _res.retrans; - } -#endif - - /* Figure out our domain, if necessary */ - if (!strip || shortdomain || !getdomain()) - domain[0] = '\0'; - - /* Up number of retries, we really want answers */ - _res.retry = 20; - - /* Don't search, we'll use only FQDNs */ - _res.options &= ~RES_DNSRCH; - - /* Setup alarm catcher if -t */ -#ifdef HAVE_ASYNC_DNS - if (!asyncdns) -#endif - if (tmo > 0) - (void)setsignal(SIGALRM, timeout); - - /* Let yywrap() figure out if there are any arguments to open */ - targc = argc - optind; - targv = &argv[optind]; - yyin = NULL; - (void)yywrap(); - - /* Process file opened by yywrap() or stdin if no arguments */ - if (yyin) { -#ifdef HAVE_ASYNC_DNS - /* XXX depends on the type of stdin */ - /* XXX can we do a test rewind? */ -#ifdef notdef - if (asyncdns && yyin == stdin) - fprintf(stderr, - "%s: warning: can't use -a on stdin\n", prog); -#endif -#endif - yylex(); - } - -#ifdef DEBUG - if (debug) { - fflush(stdout); - dump(); - } -#endif - exit(0); -} - -int -yywrap() -{ - register char *file; - static int didany = 0; - - /* Close file, if necessary */ - if (yyin) { -#ifdef HAVE_ASYNC_DNS - if (asyncdns) { - if (lookup_pass) { - if (fseek(yyin, 0L, SEEK_SET) < 0) { - fprintf(stderr, - "%s: fseek/rewind: %s\n", - prog, strerror(errno)); - exit(1); - } - yyrestart(yyin); - lookup_pass = 0; - asyncreap(1); - return (0); - } - numasync = 0; - } -#endif - if (yyin != stdin) - (void)fclose(yyin); - yyin = NULL; - } - - /* Spin through arguments until we run out or successfully open one */ - while (targc > 0) { - file = targv[0]; - --targc; - ++targv; - ++didany; - if ((yyin = fopen(file, "r")) != NULL) { -#ifdef HAVE_ASYNC_DNS - if (asyncdns) - lookup_pass = 1; -#endif - return (0); - } - perror(file); - } - if (!didany) { - yyin = stdin; -#ifdef HAVE_ASYNC_DNS - if (asyncdns) { - if (ispipe(yyin)) { - fprintf(stderr, - "%s: warning: can't use -a on a pipe\n", - prog); - asyncdns = 0; - } else - lookup_pass = 1; - } -#endif - } - return (1); -} - -int -getdomain() -{ - register char *cp; - register struct hostent *hp; - char host[128]; - - if (gethostname(host, sizeof(host) - 1) < 0) - return (0); - if ((cp = strchr(host, '.')) == NULL) { - /* Not already canonical */ - if (tmo > 0) - alarm(tmo); - doingdns = 1; - if (setjmp(alrmenv)) - return (0); - hp = gethostbyname(host); - doingdns = 0; - if (hp == NULL) - return (0); - if ((cp = strchr(hp->h_name, '.')) == NULL) - return (0); - } - (void)strncpy(domain, cp, sizeof(domain)); - domain[sizeof(domain) - 1] = '\0'; - if (lcase) - for (cp = domain; *cp; ++cp) - if (isupper((int)*cp)) - *cp = tolower(*cp); - domainlen = strlen(domain); - return (1); -} - -RETSIGTYPE -timeout(int signo) -{ - - if (doingdns) { - doingdns = 0; - longjmp(alrmenv, 1); - } - return RETSIGVAL; -} - -/* Convert address to hostname via the dns */ -char * -a2h(register const char *ap, register int alen, register int af) -{ - register char **pp; - register size_t len; - static struct hostent *hp; - static char *host = NULL; - static size_t hostlen = 0; - - /* Look up the PTR */ - if (tmo > 0) - alarm(tmo); - doingdns = 1; - if (setjmp(alrmenv)) - return (NULL); - hp = gethostbyaddr(ap, alen, af); - doingdns = 0; - if (hp == NULL) - return (NULL); - - len = strlen(hp->h_name) + 1; - if (hostlen < len) { - if (len < 132) - len = 132; - if (host == NULL) - host = malloc(len); - else - host = realloc(host, len); - if (host == NULL) { - hostlen = 0; - return (NULL); - } - hostlen = len; - } - (void)strcpy(host, hp->h_name); - - /* Done if we aren't checking */ - if (!check) - return (host); - -#ifndef HAVE_GETHOSTBYNAME2 - if (af != AF_INET) - return (NULL); -#endif - - /* Check PTR against the A record */ - if (tmo > 0) - alarm(tmo); - doingdns = 1; - if (setjmp(alrmenv)) - return (NULL); -#ifdef HAVE_GETHOSTBYNAME2 - hp = gethostbyname2(host, af); -#else - hp = gethostbyname(host); -#endif - doingdns = 0; - if (hp == NULL) - return (NULL); - if (af != hp->h_addrtype) - return (NULL); - - /* Spin through ip addresses looking for a match */ - for (pp = hp->h_addr_list; *pp != NULL; ++pp) - if (memcmp(ap, *pp, alen) == 0) - return (host); - - return (NULL); -} - -/* Convert address to hostname via the cache and/or dns */ -char * -addr2host(register const char *ap, register int alen, register int af) -{ - register int state; - register char *host; - register struct htable *p; - - /* First look in hash table */ - p = lookupaddr(ap, alen, af); - if (p != NULL) - return (p->name); - - /* Lookup this host */ - host = a2h(ap, alen, af); - state = STATE_RAW; - if (host != NULL) { - if (check) - state = STATE_HAVEA; - else - state = STATE_HAVEPTR; - massagename(host); - } - - p = cacheaddr(ap, state, alen, af, host); - if (p != NULL) - return (p->name); - - return (host); -} - -/* Look hash table entry for address */ -struct htable * -lookupaddr(register const char *ap, register int alen, register int af) -{ - register struct htable *p; - - for (p = hash(ap, alen, af); p != NULL; p = p->next) - if (p->af == af && memcmp(p->addr, ap, alen) == 0) - return (p); - return (NULL); -} - -void -massagename(register char *name) -{ - register char *cp; - - if (shortdomain) { - /* Throw away entire domain */ - cp = strchr(name, '.'); - if (cp) - *cp = '\0'; - } else if (strip && *domain != '\0') { - /* Strip the local domain */ - cp = name + strlen(name) - domainlen; - if (cp > name && strcasecmp(cp, domain) == 0) - *cp = '\0'; - } - if (lcase) - for (cp = name; *cp; ++cp) - if (isupper((int)*cp)) - *cp = tolower(*cp); -} - -struct htable * -cacheaddr(register const char *ap, register int state, register int alen, - register int af, register const char *host) -{ - register struct htable *p, *p2; - - /* Don't cache zero */ - if (memcmp(ap, azero, alen) == 0) - return (NULL); - - /* Look for existing slot in hash table */ - for (p = hash(ap, alen, af); p != NULL; p = p->next) - if (p->state != STATE_FREE && - p->af == af && - memcmp(p->addr, ap, alen) == 0) - break; - - /* Allocate a new slot */ - if (p == NULL) { - p = hash(ap, alen, af); - if (p->state != STATE_FREE) { - /* Handle the collision */ - p2 = (struct htable *)malloc(sizeof(struct htable)); - /* Lose, lose */ - if (p2 == NULL) - return (NULL); - memset((char *)p2, 0, sizeof(struct htable)); - p2->next = p->next; - p->next = p2; - p = p2; - } - } - - /* Install new host */ - memmove(p->addr, ap, alen); - p->alen = alen; - p->af = af; - if (host != NULL) - p->name = strdup(host); - if (state != 0) - p->state = state; - if (p->state == STATE_FREE) - abort(); - - /* Return answer entry */ - return (p); -} - -#ifdef DEBUG -void -dump() -{ - register char *cp; - register int i, j, n, d; - register struct htable *p, *p2; - char buf[132]; - - d = n = 0; - for (p = htable, i = 0; i < HSIZE; ++p, ++i) - if (p->name) { - ++n; - j = 0; - for (p2 = p; p2; p2 = p2->next) { - if ((cp = p2->name) == NULL) - cp = ""; - else if (cp == (char *)1) - cp = ""; - (void)fprintf(stderr, "%4d:%d ", i, j); - if (inet_ntop(p2->af, p2->addr, - buf, sizeof(buf)) == NULL) - (void)fprintf(stderr, "?"); - else - (void)fprintf(stderr, "%s", buf); - switch (p2->state) { - - case STATE_HAVEA: - (void)fprintf(stderr, " HAVEA"); - break; - - case STATE_HAVEPTR: - (void)fprintf(stderr, " HAVEPTR"); - break; - - case STATE_SENTPTR: - (void)fprintf(stderr, " SENTPTR"); - break; - - case STATE_RAW: - (void)fprintf(stderr, " RAW"); - break; - - default: - (void)fprintf(stderr, " #%d", - p2->state); - break; - } - (void)fprintf(stderr, " \"%s\"\n", cp); - ++d; - ++j; - } - } - d -= n; - (void)fprintf(stderr, "%d entries (%d dynamically linked)\n", n, d); -} -#endif - -#ifdef HAVE_ASYNC_DNS -void -asyncreap(register int ateof) -{ - register char *host; - register int n; - register char **pp; - register struct htable *p; - register struct nb_dns_result *nr; - register struct hostent *hp; - fd_set fds; - struct timeval to; - char errstr[NB_DNS_ERRSIZE]; - struct nb_dns_result xxxnr; - - nr = &xxxnr; - memset(nr, 0, sizeof(*nr)); - while (numasync > 0) { - FD_ZERO(&fds); - FD_SET(asyncfd, &fds); - /* If we're not at EOF, just poll */ - if (!ateof) { - to.tv_sec = 0; - to.tv_usec = 0; - } else { - to.tv_sec = tmo; - to.tv_usec = 0; - } - n = select(asyncfd + 1, &fds, NULL, NULL, &to); - if (n < 0) { - fprintf(stderr, "%s: select: %s\n", - prog, strerror(errno)); - exit(1); - } - - /* Done if timed out */ - if (n == 0) - break; - - n = nb_dns_activity(nd, nr, errstr); - if (n < 0) { - fprintf(stderr, "%s: nb_dns_activity: %s\n", - prog, errstr); - exit(1); - } - - /* Bail if reply doesn't match any current queries */ - if (n == 0) - continue; - - /* Decrement outstanding request counter */ - --numasync; - - /* Bail if not a good answer */ - if (nr->host_errno != NETDB_SUCCESS) - continue; - - /* Bail if no hostname (probably shouldn't happen) */ - hp = nr->hostent; - host = hp->h_name; - if (host == NULL) - continue; - - /* Recover hash table pointer */ - p = (struct htable *)nr->cookie; - - switch (p->state) { - - case STATE_SENTPTR: - /* Are we done? */ - if (!check) { - p->state = STATE_HAVEPTR; - break; - } - - /* Now look up the A record */ - if (nb_dns_host_request2(nd, host, p->af, - (void *)p, errstr) < 0) { - fprintf(stderr, "%s: nb_dns_host_request: %s\n", - prog, errstr); - p->state = STATE_RAW; - free(p->name); - p->name = NULL; - break; - } - - /* Cache the fact that we're looking */ - ++numasync; - p->state = STATE_SENTA; - break; - - case STATE_SENTA: - /* Check A against our address */ - if (p->af != hp->h_addrtype) { - p->state = STATE_RAW; - free(p->name); - p->name = NULL; - break; - } - - /* Spin through ip addresses looking for a match */ - for (pp = hp->h_addr_list; *pp != NULL; ++pp) - if (memcmp(p->addr, *pp, p->alen) == 0) - break; - - if (pp == NULL) { - p->state = STATE_RAW; - free(p->name); - p->name = NULL; - break; - } - p->state = STATE_HAVEA; - break; - - default: - abort(); - } - massagename(host); - if (p->name != NULL) - abort(); - if (host != NULL) - p->name = strdup(host); - } -} -#endif - -void -convert(register const char *str, register int isv6) -{ - register char *host; - register int alen; - register int af; -#ifdef HAVE_ASYNC_DNS - register struct htable *p; - char errstr[NB_DNS_ERRSIZE]; - static int num = 0; -#endif - char addr[NS_IN6ADDRSZ]; - - if (isv6) { -#ifdef AF_INET6 - af = AF_INET6; - alen = NS_IN6ADDRSZ; -#else -#ifdef HAVE_ASYNC_DNS - if (!asyncdns || !lookup_pass) -#endif - fputs(str, stdout); - return; -#endif - } else { - af = AF_INET; - alen = NS_INADDRSZ; - } - -#ifdef HAVE_ASYNC_DNS - if (asyncdns && lookup_pass) { - if (inet_pton(af, str, addr) != 1) - return; - - /* Done if already in hash table */ - if (lookupaddr(addr, alen, af) != NULL) - return; - - p = cacheaddr(addr, STATE_SENTPTR, alen, af, NULL); - if (p == NULL) - return; - - if (nb_dns_addr_request2(nd, addr, af, - (void *)p, errstr) >= 0) { - /* Cache the fact that we're looking */ - ++numasync; - ++num; - } else - fprintf(stderr, "%s: nb_dns_host_request: %s\n", - prog, errstr); - /* reap replies after we send a number of queries */ - if (num > 10) { - asyncreap(0); - num = 0; - } - return; - } -#endif - - if (linemode && triedone) { - fputs(str, stdout); - return; - } - ++triedone; - - if (inet_pton(af, str, addr) == 1) { - host = addr2host(addr, alen, af); - if (host != NULL) { - fputs(host, stdout); - if (printboth) { - putchar('('); - fputs(str, stdout); - putchar(')'); - } - return; - } - } - fputs(str, stdout); -} - -struct htable * -hash(register const char *ap, register int alen, register int af) -{ - u_int32_t h; - - switch (alen) { - - case NS_INADDRSZ: - memmove(&h, ap, sizeof(h)); - break; - - case NS_IN6ADDRSZ: - memmove(&h, ap + NS_IN6ADDRSZ - sizeof(h), sizeof(h)); - break; - - default: - abort(); - } - return (&htable[h & (HSIZE - 1)]); -} - -#ifdef HAVE_ASYNC_DNS -int -ispipe(FILE *f) -{ - struct stat sbuf; - - if (fstat(fileno(f), &sbuf) < 0) { - fprintf(stderr, "%s: fstat: %s\n", prog, strerror(errno)); - exit(1); - } - if ((sbuf.st_mode & S_IFMT) != S_IFREG) - return (1); - return (0); -} -#endif - -void -usage() -{ - extern char version[]; - - (void)fprintf(stderr, "Version %s\n", version); - (void)fprintf(stderr, "usage: %s [-1abcdilN] [-t secs] [file ...]\n", - prog); - exit(1); -} diff --git a/aux/hf/nb_dns.c b/aux/hf/nb_dns.c deleted file mode 100755 index 283bcde1a3..0000000000 --- a/aux/hf/nb_dns.c +++ /dev/null @@ -1,612 +0,0 @@ -/* - * See the file "COPYING" in the main distribution directory for copyright. - */ -#ifndef lint -static const char rcsid[] = - "@(#) $Id: nb_dns.c 7074 2010-09-13 01:52:50Z vern $ (LBL)"; -#endif -/* - * nb_dns - non-blocking dns routines - * - * This version works with BIND 9 - * - * Note: The code here is way more complicated than it should be but - * although the interface to send requests is public, the routine to - * crack reply buffers is private. - */ - -#include "config.h" /* must appear before first ifdef */ - -#include -#include - -#include - -#include -#include -#ifdef NEED_NAMESER_COMPAT_H -#include -#endif - -#include -#ifdef HAVE_MEMORY_H -#include -#endif -#include -#include -#include -#include -#include -#include - -#ifdef notdef -#include "gnuc.h" -#ifdef HAVE_OS_PROTO_H -#include "os-proto.h" -#endif -#endif - -#include "nb_dns.h" - -#if PACKETSZ > 1024 -#define MAXPACKET PACKETSZ -#else -#define MAXPACKET 1024 -#endif - -#ifdef DO_SOCK_DECL -extern int socket(int, int, int); -extern int connect(int, const struct sockaddr *, int); -extern int send(int, const void *, int, int); -extern int recvfrom(int, void *, int, int, struct sockaddr *, int *); -#endif - -/* Private data */ -struct nb_dns_entry { - struct nb_dns_entry *next; - char name[NS_MAXDNAME + 1]; - int qtype; /* query type */ - int atype; /* address family */ - int asize; /* address size */ - u_short id; - void *cookie; -}; - -#ifndef MAXALIASES -#define MAXALIASES 35 -#endif -#ifndef MAXADDRS -#define MAXADDRS 35 -#endif - -struct nb_dns_hostent { - struct hostent hostent; - int numaliases; - int numaddrs; - char *host_aliases[MAXALIASES + 1]; - char *h_addr_ptrs[MAXADDRS + 1]; - char hostbuf[8 * 1024]; -}; - -struct nb_dns_info { - int s; /* Resolver file descriptor */ - struct sockaddr_in server; /* server address to bind to */ - struct nb_dns_entry *list; /* outstanding requests */ - struct nb_dns_hostent dns_hostent; -}; - -/* Forwards */ -static int _nb_dns_mkquery(struct nb_dns_info *, const char *, int, int, - void *, char *); -static int _nb_dns_cmpsockaddr(struct sockaddr *, struct sockaddr *, char *); - -static char * -my_strerror(int errnum) -{ -#if HAVE_STRERROR - extern char *strerror(int); - return strerror(errnum); -#else - static char errnum_buf[32]; - snprintf(errnum_buf, sizeof(errnum_buf), "errno %d", errnum); - return errnum_buf; -#endif -} - -struct nb_dns_info * -nb_dns_init(char *errstr) -{ - register struct nb_dns_info *nd; - - nd = (struct nb_dns_info *)malloc(sizeof(*nd)); - if (nd == NULL) { - snprintf(errstr, NB_DNS_ERRSIZE, "nb_dns_init: malloc(): %s", - my_strerror(errno)); - return (NULL); - } - memset(nd, 0, sizeof(*nd)); - nd->s = -1; - - /* XXX should be able to init static hostent struct some other way */ - (void)gethostbyname("localhost."); - - if ((_res.options & RES_INIT) == 0 && res_init() == -1) { - snprintf(errstr, NB_DNS_ERRSIZE, "res_init() failed"); - free(nd); - return (NULL); - } - nd->s = socket(PF_INET, SOCK_DGRAM, 0); - if (nd->s < 0) { - snprintf(errstr, NB_DNS_ERRSIZE, "socket(): %s", - my_strerror(errno)); - free(nd); - return (NULL); - } - - /* XXX should use resolver config */ - nd->server = _res.nsaddr_list[0]; - - if (connect(nd->s, (struct sockaddr *)&nd->server, - sizeof(struct sockaddr)) < 0) { - snprintf(errstr, NB_DNS_ERRSIZE, "connect(%s): %s", - inet_ntoa(nd->server.sin_addr), my_strerror(errno)); - close(nd->s); - free(nd); - return (NULL); - } - - return (nd); -} - -void -nb_dns_finish(struct nb_dns_info *nd) -{ - register struct nb_dns_entry *ne, *ne2; - - ne = nd->list; - while (ne != NULL) { - ne2 = ne; - ne = ne->next; - free(ne2); - } - close(nd->s); - free(nd); -} - -int -nb_dns_fd(struct nb_dns_info *nd) -{ - - return (nd->s); -} - -static int -_nb_dns_cmpsockaddr(register struct sockaddr *sa1, - register struct sockaddr *sa2, register char *errstr) -{ - register struct sockaddr_in *sin1, *sin2; -#ifdef AF_INET6 - register struct sockaddr_in6 *sin6a, *sin6b; -#endif - static const char serr[] = "answer from wrong nameserver (%d)"; - - if (sa1->sa_family != sa1->sa_family) { - snprintf(errstr, NB_DNS_ERRSIZE, serr, 1); - return (-1); - } - switch (sa1->sa_family) { - - case AF_INET: - sin1 = (struct sockaddr_in *)sa1; - sin2 = (struct sockaddr_in *)sa2; - if (sin1->sin_port != sin2->sin_port) { - snprintf(errstr, NB_DNS_ERRSIZE, serr, 2); - return (-1); - } - if (sin1->sin_addr.s_addr != sin2->sin_addr.s_addr) { - snprintf(errstr, NB_DNS_ERRSIZE, serr, 3); - return (-1); - } - break; - -#ifdef AF_INET6 - case AF_INET6: - sin6a = (struct sockaddr_in6 *)sa1; - sin6b = (struct sockaddr_in6 *)sa2; - if (sin6a->sin6_port != sin6b->sin6_port) { - snprintf(errstr, NB_DNS_ERRSIZE, serr, 2); - return (-1); - } - if (memcmp(&sin6a->sin6_addr, &sin6b->sin6_addr, - sizeof(sin6a->sin6_addr)) != 0) { - snprintf(errstr, NB_DNS_ERRSIZE, serr, 3); - return (-1); - } - break; -#endif - - default: - snprintf(errstr, NB_DNS_ERRSIZE, serr, 4); - return (-1); - } - return (0); -} - -static int -_nb_dns_mkquery(register struct nb_dns_info *nd, register const char *name, - register int atype, register int qtype, register void * cookie, - register char *errstr) -{ - register struct nb_dns_entry *ne; - register HEADER *hp; - register int n; - u_long msg[MAXPACKET / sizeof(u_long)]; - - /* Allocate an entry */ - ne = (struct nb_dns_entry *)malloc(sizeof(*ne)); - if (ne == NULL) { - snprintf(errstr, NB_DNS_ERRSIZE, "malloc(): %s", - my_strerror(errno)); - return (-1); - } - memset(ne, 0, sizeof(*ne)); - strncpy(ne->name, name, sizeof(ne->name)); - ne->name[sizeof(ne->name) - 1] = '\0'; - ne->qtype = qtype; - ne->atype = atype; - switch (atype) { - - case AF_INET: - ne->asize = NS_INADDRSZ; - break; - -#ifdef AF_INET6 - case AF_INET6: - ne->asize = NS_IN6ADDRSZ; - break; -#endif - - default: - snprintf(errstr, NB_DNS_ERRSIZE, - "_nb_dns_mkquery: bad family %d", atype); - return (-1); - } - - /* Build the request */ - n = res_mkquery( - ns_o_query, /* op code (query) */ - name, /* domain name */ - ns_c_in, /* query class (internet) */ - qtype, /* query type */ - NULL, /* data */ - 0, /* length of data */ - NULL, /* new rr */ - (u_char *)msg, /* buffer */ - sizeof(msg)); /* size of buffer */ - if (n < 0) { - snprintf(errstr, NB_DNS_ERRSIZE, "res_mkquery() failed"); - free(ne); - return (-1); - } - - hp = (HEADER *)msg; - ne->id = htons(hp->id); - - if (send(nd->s, (char *)msg, n, 0) != n) { - snprintf(errstr, NB_DNS_ERRSIZE, "send(): %s", - my_strerror(errno)); - free(ne); - return (-1); - } - - ne->next = nd->list; - ne->cookie = cookie; - nd->list = ne; - - return(0); -} - -int -nb_dns_host_request(register struct nb_dns_info *nd, register const char *name, - register void *cookie, register char *errstr) -{ - - return (nb_dns_host_request2(nd, name, AF_INET, cookie, errstr)); -} - -int -nb_dns_host_request2(register struct nb_dns_info *nd, register const char *name, - register int af, register void *cookie, register char *errstr) -{ - register int qtype; - - switch (af) { - - case AF_INET: - qtype = T_A; - break; - -#ifdef AF_INET6 - case AF_INET6: - qtype = T_AAAA; - break; -#endif - - default: - snprintf(errstr, NB_DNS_ERRSIZE, - "nb_dns_host_request2(): uknown address family %d", af); - return (-1); - } - return (_nb_dns_mkquery(nd, name, af, qtype, cookie, errstr)); -} - -int -nb_dns_addr_request(register struct nb_dns_info *nd, nb_uint32_t addr, - register void *cookie, register char *errstr) -{ - - return (nb_dns_addr_request2(nd, (char *)&addr, AF_INET, - cookie, errstr)); -} - -int -nb_dns_addr_request2(register struct nb_dns_info *nd, char *addrp, - register int af, register void *cookie, register char *errstr) -{ -#ifdef AF_INET6 - register char *cp; - register int n, i; - register size_t size; -#endif - register u_char *uaddr; - char name[NS_MAXDNAME + 1]; - - switch (af) { - - case AF_INET: - uaddr = (u_char *)addrp; - snprintf(name, sizeof(name), "%u.%u.%u.%u.in-addr.arpa", - (uaddr[3] & 0xff), - (uaddr[2] & 0xff), - (uaddr[1] & 0xff), - (uaddr[0] & 0xff)); - break; - -#ifdef AF_INET6 - case AF_INET6: - uaddr = (u_char *)addrp; - cp = name; - size = sizeof(name); - for (n = NS_IN6ADDRSZ - 1; n >= 0; --n) { - snprintf(cp, size, "%x.%x.", - (uaddr[n] & 0xf), - (uaddr[n] >> 4) & 0xf); - i = strlen(cp); - size -= i; - cp += i; - } - snprintf(cp, size, "ip6.int"); - break; -#endif - - default: - snprintf(errstr, NB_DNS_ERRSIZE, - "nb_dns_addr_request2(): uknown address family %d", af); - return (-1); - } - - return (_nb_dns_mkquery(nd, name, af, T_PTR, cookie, errstr)); -} - -int -nb_dns_abort_request(struct nb_dns_info *nd, void *cookie) -{ - register struct nb_dns_entry *ne, *lastne; - - /* Try to find this request on the outstanding request list */ - lastne = NULL; - for (ne = nd->list; ne != NULL; ne = ne->next) { - if (ne->cookie == cookie) - break; - lastne = ne; - } - - /* Not a currently pending request */ - if (ne == NULL) - return (-1); - - /* Unlink this entry */ - if (lastne == NULL) - nd->list = ne->next; - else - lastne->next = ne->next; - ne->next = NULL; - - return (0); -} - -/* Returns 1 with an answer, 0 when reply was old, -1 on fatal errors */ -int -nb_dns_activity(struct nb_dns_info *nd, struct nb_dns_result *nr, char *errstr) -{ - register int msglen, qtype, atype, n, i; - register struct nb_dns_entry *ne, *lastne; - socklen_t fromlen; - struct sockaddr from; - u_long msg[MAXPACKET / sizeof(u_long)]; - register char *bp, *ep; - register char **ap, **hap; - register u_int16_t id; - register const u_char *rdata; - register struct hostent *he; - register size_t rdlen; - ns_msg handle; - ns_rr rr; - - /* This comes from the second half of do_query() */ - fromlen = sizeof(from); - msglen = recvfrom(nd->s, (char *)msg, sizeof(msg), 0, &from, &fromlen); - if (msglen <= 0) { - snprintf(errstr, NB_DNS_ERRSIZE, "recvfrom(): %s", - my_strerror(errno)); - return (-1); - } - if (msglen < HFIXEDSZ) { - snprintf(errstr, NB_DNS_ERRSIZE, "recvfrom(): undersized: %d", - msglen); - return (-1); - } - if (ns_initparse((u_char *)msg, msglen, &handle) < 0) { - snprintf(errstr, NB_DNS_ERRSIZE, "ns_initparse(): %s", - my_strerror(errno)); - nr->host_errno = NO_RECOVERY; - return (-1); - } - - /* RES_INSECURE1 style check */ - if (_nb_dns_cmpsockaddr((struct sockaddr *)&nd->server, &from, - errstr) < 0) { - nr->host_errno = NO_RECOVERY; - return (-1); - } - - /* Search for this request */ - lastne = NULL; - id = ns_msg_id(handle); - for (ne = nd->list; ne != NULL; ne = ne->next) { - if (ne->id == id) - break; - lastne = ne; - } - - /* Not an answer to a question we care about anymore */ - if (ne == NULL) - return (0); - - /* Unlink this entry */ - if (lastne == NULL) - nd->list = ne->next; - else - lastne->next = ne->next; - ne->next = NULL; - - /* RES_INSECURE2 style check */ - /* XXX not implemented */ - - /* Initialize result struct */ - memset(nr, 0, sizeof(*nr)); - nr->cookie = ne->cookie; - qtype = ne->qtype; - - /* Deal with various errors */ - switch (ns_msg_getflag(handle, ns_f_rcode)) { - - case ns_r_nxdomain: - nr->host_errno = HOST_NOT_FOUND; - free(ne); - return (1); - - case ns_r_servfail: - nr->host_errno = TRY_AGAIN; - free(ne); - return (1); - - case ns_r_noerror: - break; - - case ns_r_formerr: - case ns_r_notimpl: - case ns_r_refused: - default: - nr->host_errno = NO_RECOVERY; - free(ne); - return (1); - } - - /* Loop through records in packet */ - memset(&rr, 0, sizeof(rr)); - memset(&nd->dns_hostent, 0, sizeof(nd->dns_hostent)); - he = &nd->dns_hostent.hostent; - /* XXX no support for aliases */ - he->h_aliases = nd->dns_hostent.host_aliases; - he->h_addr_list = nd->dns_hostent.h_addr_ptrs; - he->h_addrtype = ne->atype; - he->h_length = ne->asize; - free(ne); - - bp = nd->dns_hostent.hostbuf; - ep = bp + sizeof(nd->dns_hostent.hostbuf); - hap = he->h_addr_list; - ap = he->h_aliases; - - for (i = 0; i < ns_msg_count(handle, ns_s_an); i++) { - /* Parse next record */ - if (ns_parserr(&handle, ns_s_an, i, &rr) < 0) { - if (errno != ENODEV) { - nr->host_errno = NO_RECOVERY; - return (1); - } - /* All done */ - break; - } - - /* Ignore records that don't answer our query (e.g. CNAMEs) */ - atype = ns_rr_type(rr); - if (atype != qtype) - continue; - - rdata = ns_rr_rdata(rr); - rdlen = ns_rr_rdlen(rr); - switch (atype) { - - case T_A: - case T_AAAA: - if (rdlen != (unsigned int) he->h_length) { - snprintf(errstr, NB_DNS_ERRSIZE, - "nb_dns_activity(): bad rdlen %d", - (int) rdlen); - nr->host_errno = NO_RECOVERY; - return (-1); - } - - if (bp + rdlen >= ep) { - snprintf(errstr, NB_DNS_ERRSIZE, - "nb_dns_activity(): overflow 1"); - nr->host_errno = NO_RECOVERY; - return (-1); - } - if (nd->dns_hostent.numaddrs + 1 >= MAXADDRS) { - snprintf(errstr, NB_DNS_ERRSIZE, - "nb_dns_activity(): overflow 2"); - nr->host_errno = NO_RECOVERY; - return (-1); - } - memcpy(bp, rdata, rdlen); - *hap++ = bp; - bp += rdlen; - ++nd->dns_hostent.numaddrs; - - /* Keep looking for more A records */ - break; - - case T_PTR: - n = dn_expand((const u_char *)msg, - (const u_char *)msg + msglen, rdata, bp, ep - bp); - if (n < 0) { - /* XXX return -1 here ??? */ - nr->host_errno = NO_RECOVERY; - return (1); - } - he->h_name = bp; - /* XXX check for overflow */ - bp += n; /* returned len includes EOS */ - - /* "Find first satisfactory answer" */ - nr->hostent = he; - return (1); - } - } - - nr->hostent = he; - return (1); -} diff --git a/aux/hf/nb_dns.h b/aux/hf/nb_dns.h deleted file mode 100755 index 8a5a140c07..0000000000 --- a/aux/hf/nb_dns.h +++ /dev/null @@ -1,52 +0,0 @@ -/* @(#) $Id: nb_dns.h 909 2004-12-09 04:27:10Z jason $ (LBL) - * - * Copyright (c) 2000, 2002 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that: (1) source code distributions - * retain the above copyright notice and this paragraph in its entirety, (2) - * distributions including binary code include the above copyright notice and - * this paragraph in its entirety in the documentation or other materials - * provided with the distribution, and (3) all advertising materials mentioning - * features or use of this software display the following acknowledgement: - * ``This product includes software developed by the University of California, - * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of - * the University nor the names of its contributors may be used to endorse - * or promote products derived from this software without specific prior - * written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -/* Private data */ -struct nb_dns_info; - -/* Public data */ -struct nb_dns_result { - void *cookie; - int host_errno; - struct hostent *hostent; -}; - -typedef unsigned int nb_uint32_t; - -/* Public routines */ -struct nb_dns_info *nb_dns_init(char *); -void nb_dns_finish(struct nb_dns_info *); - -int nb_dns_fd(struct nb_dns_info *); - -int nb_dns_host_request(struct nb_dns_info *, const char *, void *, char *); -int nb_dns_host_request2(struct nb_dns_info *, const char *, int, - void *, char *); - -int nb_dns_addr_request(struct nb_dns_info *, nb_uint32_t, void *, char *); -int nb_dns_addr_request2(struct nb_dns_info *, char *, int, void *, char *); - -int nb_dns_abort_request(struct nb_dns_info *, void *); - -int nb_dns_activity(struct nb_dns_info *, struct nb_dns_result *, char *); - -#define NB_DNS_ERRSIZE 256 diff --git a/aux/hf/nf.l b/aux/hf/nf.l deleted file mode 100755 index 485c6160d2..0000000000 --- a/aux/hf/nf.l +++ /dev/null @@ -1,312 +0,0 @@ -N [0-9] -O ({N}{1,3}) - - #include - #include - - #include - - #include - #include - - #include - #ifdef HAVE_MEMORY_H - #include - #endif - #include - #include - #include - #include - #include - - #include "gnuc.h" - #ifdef HAVE_OS_PROTO_H - #include "os-proto.h" - #endif - - #undef yywrap - #ifdef FLEX_SCANNER - #define YY_NO_UNPUT - #endif - int yywrap(void); - int yylex(void); - char *addr2host(char *); - void convert(char *); - int pad; - -%% - -{O}\.{O}\.{O}\.{O} convert(yytext); -{O}\.{O}\.{O} if (pad) { - char buf[256]; - strcpy(buf, yytext); - strcat(buf, ".0"); - convert(buf); - } else { - ECHO; - } -{O}\.{O} if (pad) { - char buf[256]; - strcpy(buf, yytext); - strcat(buf, ".0.0"); - convert(buf); - } else { - ECHO; - } -{O} if (pad) { - char buf[256]; - strcpy(buf, yytext); - strcat(buf, ".0.0.0"); - convert(buf); - } else { - ECHO; - } - -{N}+ ECHO; -[^0-9\n]+ ECHO; -[^0-9\n]+\n ECHO; - -%% - -/* - * Copyright (c) 1990, 1991, 1996, 1999, 2000, 2004 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that: (1) source code distributions - * retain the above copyright notice and this paragraph in its entirety, (2) - * distributions including binary code include the above copyright notice and - * this paragraph in its entirety in the documentation or other materials - * provided with the distribution, and (3) all advertising materials mentioning - * features or use of this software display the following acknowledgement: - * ``This product includes software developed by the University of California, - * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of - * the University nor the names of its contributors may be used to endorse - * or promote products derived from this software without specific prior - * written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#ifndef lint -static const char copyright[] = - "@(#) Copyright (c) 1990, 1991, 1996, 1999, 2000, 2004\n\ -The Regents of the University of California. All rights reserved.\n"; -static const char rcsid[] = - "@(#) $Id: nf.l 909 2004-12-09 04:27:10Z jason $ (LBL)"; -#endif - -#define HSIZE 2048 /* must be a power of two */ - -struct htable { - u_int addr; - char *name; - struct htable *next; -} htable[HSIZE]; - -int lcase = 1; /* force lowercase */ -int printboth = 0; -#ifdef DEBUG -int debug = 0; -#endif - -int targc; -char **targv; - -extern char *optarg; -extern int optind, opterr; - -/* Forwards */ -int main(int, char **); -#ifdef DEBUG -void dump(void); -#endif - -int -main(argc, argv) - int argc; - char **argv; -{ - register char *cp; - register int op; - char *argv0; - - if ((cp = strrchr(argv[0], '/')) != NULL) - argv0 = cp + 1; - else - argv0 = argv[0]; - - opterr = 0; - while ((op = getopt(argc, argv, "dibp")) != EOF) - switch (op) { - -#ifdef DEBUG - case 'd': - ++debug; - break; -#endif - - case 'i': - lcase = 0; - break; - - case 'p': - pad = 1; - break; - - case 'b': - printboth = 1; - break; - - default: - (void)fprintf(stderr, "usage: %s [-dibp] [file ...]\n", - argv0); - exit(1); - /* NOTREACHED */ - } - - setnetent(1); - - /* Let yywrap() figure out if there are any arguments to open */ - targc = argc - optind; - targv = &argv[optind]; - yyin = 0; - (void)yywrap(); - - /* Process file opened by yywrap() or stdin if no arguments */ - if (yyin) - yylex(); - -#ifdef DEBUG - if (debug) { - fflush(stdout); - dump(); - } -#endif - exit(0); -} - -int -yywrap() -{ - register char *file; - static int didany = 0; - - /* Close file, if necessary */ - if (yyin && yyin != stdin) { - (void)fclose(yyin); - yyin = 0; - } - - /* Spin through arguments until we run out or successfully open one */ - while (targc > 0) { - file = targv[0]; - --targc; - ++targv; - ++didany; - if ((yyin = fopen(file, "r")) != NULL) - return(0); - else - perror(file); - } - if (!didany) - yyin = stdin; - return(1); -} - -void -convert(str) - char *str; -{ - fputs(addr2host(str), stdout); - if (printboth) { - putchar('('); - fputs(str, stdout); - putchar(')'); - } -} - -char * -addr2host(str) - char *str; -{ - register u_long addr, net; - register char *cp, *host; - register struct netent *hp; - register struct htable *p, *p2; - struct in_addr ia; - - addr = inet_addr(str); - - /* First check if we already know about it */ - for (p = &htable[addr & (HSIZE - 1)]; p; p = p->next) - if (p->addr == addr && p->name) - return(p->name); - - /* Try to lookup this net */ - ia.s_addr = addr; - net = inet_netof(ia); - if ((hp = getnetbyaddr(net, AF_INET)) != NULL) - host = hp->n_name; - else - host = inet_ntoa(ia); - - if (lcase) - for (cp = host; *cp; ++cp) - if (isupper(*cp)) - *cp = tolower(*cp); - - /* Malloc space for new hostname */ - cp = malloc((u_int) strlen(host) + 1); - if (cp == 0) - return(host); - - /* Find slot in hash table */ - p = &htable[addr & (HSIZE - 1)]; - if (p->name) { - /* Handle the collision */ - p2 = (struct htable *)malloc(sizeof(struct htable)); - if (p2 == 0) { - /* Lose, lose */ - free(cp); - return(host); - } - memset((char *)p2, 0, sizeof(struct htable)); - p2->next = p->next; - p->next = p2; - p = p2; - } - - /* Install new host */ - p->addr = addr; - p->name = strcpy(cp, host); - - /* Return answer */ - return(p->name); -} - -#ifdef DEBUG -void -dump() -{ - register int i, j, n, d; - register struct htable *p, *p2; - - d = n = 0; - for (p = htable, i = 0; i < HSIZE; ++p, ++i) - if (p->name) { - ++n; - j = 0; - for (p2 = p; p2; p2 = p2->next) { - (void)fprintf(stderr, - "%4d:%d 0x%08x \"%s\"\n", i, j, - p2->addr, p2->name ? p2->name : ""); - ++d; - ++j; - } - } - d -= n; - (void)fprintf(stderr, "%d entries (%d dynamically linked)\n", n, d); -} -#endif diff --git a/aux/hf/pf.l b/aux/hf/pf.l deleted file mode 100755 index 734e43a7ec..0000000000 --- a/aux/hf/pf.l +++ /dev/null @@ -1,196 +0,0 @@ -N [0-9] - - #include - - #include - #include - #include - - #include "gnuc.h" - #ifdef HAVE_OS_PROTO_H - #include "os-proto.h" - #endif - - #undef yywrap - #ifdef FLEX_SCANNER - #define YY_NO_UNPUT - #endif - int yywrap(void); - int yylex(void); - void convert(char *); - -%% - -"["{N}+"]" convert(yytext); -[^0-9[\]\n]+\n? ECHO; -.|\n ECHO; - -%% - -/* - * Copyright (c) 1990, 1991, 1996, 1999, 2000, 2004 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that: (1) source code distributions - * retain the above copyright notice and this paragraph in its entirety, (2) - * distributions including binary code include the above copyright notice and - * this paragraph in its entirety in the documentation or other materials - * provided with the distribution, and (3) all advertising materials mentioning - * features or use of this software display the following acknowledgement: - * ``This product includes software developed by the University of California, - * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of - * the University nor the names of its contributors may be used to endorse - * or promote products derived from this software without specific prior - * written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#ifndef lint -static const char copyright[] = - "@(#) Copyright (c) 1990, 1991, 1996, 1999, 2000, 2004\n\ -The Regents of the University of California. All rights reserved.\n"; -static const char rcsid[] = - "@(#) $Id: pf.l 909 2004-12-09 04:27:10Z jason $ (LBL)"; -#endif - -#ifdef DEBUG -int debug = 0; -#endif - -#define MAX_PORT_NUM 65535 -char *port_to_name[MAX_PORT_NUM+1]; - -int targc; -char **targv; - -extern char *optarg; -extern int optind, opterr; - -/* Forwards */ -int main(int, char **); -char *dup_string(char *); -void portinit(void); - -int -main(argc, argv) - int argc; - char **argv; -{ - register char *cp; - register int op; - char *argv0; - - if ((cp = strrchr(argv[0], '/')) != NULL) - argv0 = cp + 1; - else - argv0 = argv[0]; - - opterr = 0; - while ((op = getopt(argc, argv, "d")) != EOF) - switch (op) { - -#ifdef DEBUG - case 'd': - ++debug; - break; -#endif - - default: - (void)fprintf(stderr, "usage: %s [-d] [file ...]\n", - argv0); - exit(1); - /* NOTREACHED */ - } - - /* Let yywrap() figure out if there are any arguments to open */ - targc = argc - optind; - targv = &argv[optind]; - yyin = 0; - (void)yywrap(); - - portinit(); - - /* Process file opened by yywrap() or stdin if no arguments */ - if (yyin) - yylex(); - -#ifdef DEBUG - if (debug) { - register int i; - for (i=0; i <= MAX_PORT_NUM; ++i) - if (port_to_name[i]) - fprintf(stderr, "[%d]\t%s\n", i, - port_to_name[i]); - } -#endif /* DEBUG */ - exit(0); -} - -int -yywrap() -{ - register char *file; - static int didany = 0; - - /* Close file, if necessary */ - if (yyin && yyin != stdin) { - (void)fclose(yyin); - yyin = 0; - } - - /* Spin through arguments until we run out or successfully open one */ - while (targc > 0) { - file = targv[0]; - --targc; - ++targv; - ++didany; - if ((yyin = fopen(file, "r")) != NULL) - return(0); - else - perror(file); - } - if (!didany) - yyin = stdin; - return(1); -} - -char * -dup_string(src) - char *src; -{ - char *dst; - - dst = malloc(strlen(src)+1); - if (dst) - strcpy(dst, src); - return dst; -} - -void -convert(str) - char *str; -{ - register int port; - - port = atoi(str+1); - if (port >= 0 && port <= MAX_PORT_NUM && port_to_name[port] != 0) - str = port_to_name[port]; - fputs(str, stdout); -} - -void -portinit() -{ - struct servent *sp; - - while ((sp = getservent()) != 0) { - if (port_to_name[sp->s_port] == 0 || - sp->s_proto[0] == 't') - port_to_name[sp->s_port] = dup_string(sp->s_name); - } - endservent(); - -} diff --git a/aux/hf/setsignal.c b/aux/hf/setsignal.c deleted file mode 100755 index 9711ebef49..0000000000 --- a/aux/hf/setsignal.c +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright (c) 1997 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that: (1) source code distributions - * retain the above copyright notice and this paragraph in its entirety, (2) - * distributions including binary code include the above copyright notice and - * this paragraph in its entirety in the documentation or other materials - * provided with the distribution, and (3) all advertising materials mentioning - * features or use of this software display the following acknowledgement: - * ``This product includes software developed by the University of California, - * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of - * the University nor the names of its contributors may be used to endorse - * or promote products derived from this software without specific prior - * written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#ifndef lint -static const char rcsid[] = - "@(#) $Header$ (LBL)"; -#endif - -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - -#include - -#ifdef HAVE_MEMORY_H -#include -#endif -#include -#ifdef HAVE_SIGACTION -#include -#endif - -#include "gnuc.h" -#ifdef HAVE_OS_PROTO_H -#include "os-proto.h" -#endif - -#include "setsignal.h" - -/* - * An os independent signal() with BSD semantics, e.g. the signal - * catcher is restored following service of the signal. - * - * When sigset() is available, signal() has SYSV semantics and sigset() - * has BSD semantics and call interface. Unfortunately, Linux does not - * have sigset() so we use the more complicated sigaction() interface - * there. - * - * Did I mention that signals suck? - */ -RETSIGTYPE -(*setsignal (int sig, RETSIGTYPE (*func)(int)))(int) -{ -#ifdef HAVE_SIGACTION - struct sigaction old, new; - - memset(&new, 0, sizeof(new)); - new.sa_handler = func; -#ifdef SA_RESTART - new.sa_flags |= SA_RESTART; -#endif - if (sigaction(sig, &new, &old) < 0) - return (SIG_ERR); - return (old.sa_handler); - -#else -#ifdef HAVE_SIGSET - return (sigset(sig, func)); -#else - return (signal(sig, func)); -#endif -#endif -} - diff --git a/aux/hf/setsignal.h b/aux/hf/setsignal.h deleted file mode 100755 index 6df239f2d3..0000000000 --- a/aux/hf/setsignal.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright (c) 1997 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that: (1) source code distributions - * retain the above copyright notice and this paragraph in its entirety, (2) - * distributions including binary code include the above copyright notice and - * this paragraph in its entirety in the documentation or other materials - * provided with the distribution, and (3) all advertising materials mentioning - * features or use of this software display the following acknowledgement: - * ``This product includes software developed by the University of California, - * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of - * the University nor the names of its contributors may be used to endorse - * or promote products derived from this software without specific prior - * written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - * - * @(#) $Header$ (LBL) - */ -#ifndef setsignal_h -#define setsignal_h - -RETSIGTYPE (*setsignal(int, RETSIGTYPE (*)(int)))(int); -#endif diff --git a/aux/hf/strerror.c b/aux/hf/strerror.c deleted file mode 100755 index d330a6523e..0000000000 --- a/aux/hf/strerror.c +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright (c) 1988, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static const char sccsid[] = "@(#)strerror.c 8.1 (Berkeley) 6/4/93"; -#endif /* LIBC_SCCS and not lint */ - -#include - -#include - -#include "gnuc.h" -#ifdef HAVE_OS_PROTO_H -#include "os-proto.h" -#endif - -char * -strerror(num) - int num; -{ - extern int sys_nerr; - extern char *sys_errlist[]; -#define UPREFIX "Unknown error: " - static char ebuf[40] = UPREFIX; /* 64-bit number + slop */ - register unsigned int errnum; - register char *p, *t; - char tmp[40]; - - errnum = num; /* convert to unsigned */ - if (errnum < sys_nerr) - return(sys_errlist[errnum]); - - /* Do this by hand, so we don't include stdio(3). */ - t = tmp; - do { - *t++ = "0123456789"[errnum % 10]; - } while (errnum /= 10); - for (p = ebuf + sizeof(UPREFIX) - 1;;) { - *p++ = *--t; - if (t <= tmp) - break; - } - *p = '\0'; - return(ebuf); -} diff --git a/aux/hf/version.c b/aux/hf/version.c deleted file mode 100644 index 1b09c66cdd..0000000000 --- a/aux/hf/version.c +++ /dev/null @@ -1 +0,0 @@ -char version[] = "1.0a10"; diff --git a/aux/libpcap-0.7.2.tar.gz b/aux/libpcap-0.7.2.tar.gz deleted file mode 100644 index 435880ccf7..0000000000 Binary files a/aux/libpcap-0.7.2.tar.gz and /dev/null differ diff --git a/aux/libpcap-0.8.3.tar.gz b/aux/libpcap-0.8.3.tar.gz deleted file mode 100644 index 54ef183f4b..0000000000 Binary files a/aux/libpcap-0.8.3.tar.gz and /dev/null differ diff --git a/aux/libpcap-0.9.8.tar.gz b/aux/libpcap-0.9.8.tar.gz deleted file mode 100644 index 14344a44dd..0000000000 Binary files a/aux/libpcap-0.9.8.tar.gz and /dev/null differ diff --git a/aux/nftools/Makefile.am b/aux/nftools/Makefile.am deleted file mode 100644 index 4b2ace77d7..0000000000 --- a/aux/nftools/Makefile.am +++ /dev/null @@ -1,5 +0,0 @@ - -noinst_PROGRAMS = ftwire2bro nfcollector - -ftwire2bro_SOURCES = ftwire2bro.c nfcommon.h -nfcollector_SOURCES = nfcollector.c nfcommon.h diff --git a/aux/nftools/ftwire2bro.c b/aux/nftools/ftwire2bro.c deleted file mode 100644 index c277e23096..0000000000 --- a/aux/nftools/ftwire2bro.c +++ /dev/null @@ -1,94 +0,0 @@ -/* $Id:$ */ -/* Written by Bernhard Ager (2007). */ -/* Works only with NFv5. */ - -#include -#include -#include -#include -#include -#include -#include - -#include "nfcommon.h" - -void leave (int errlvl, const char *msg) { - fprintf (stderr, "%s", msg); - exit (errlvl); -} - -void usage () { - puts ("Converts NetFlow v5 files in 'wire' format to bro format.\n" - "A flow-tools file can be converted to 'wire' format with\n" - " flow-export -f 4\n" - "Note this is a hack: The network time is calculated from the\n" - "export time and an optional offset; the exporter is set statically.\n" - "Usage: ftwire2bro [-e [-t ]\n" - " defaults to 0.0.0.0, defaults to 0.0\n" - " data is read from stdin and written to stdout"); -} - -size_t pdusize(NFv5Header hdr) { - return sizeof(hdr)+ntohs(hdr.count)*V5_RECORD_SIZE; -} - -int main (int argc, char** argv) { - int opt; - struct in_addr exporter = {0}; - double offset = 0.0; - FlowFileSrcPDUHeader ffphdr; - NFv5PDU v5pdu; - unsigned short count; - - while ((opt = getopt (argc, argv, "e:t:h")) >= 0) { - switch (opt) { - case 'e': - if (! inet_aton (optarg, &exporter)) { - fprintf (stderr, "could not convert exporter_ip: '%s'\n", optarg); - exit (1); - } - break; - case 't': - offset = atof(optarg); - break; - case 'h': - usage(); - exit (0); - default: -/* fprintf (stderr, "Unknown option: %c\n", optopt); */ - exit(1); - } - } - - while (1) { - if (fread (&(v5pdu.header), sizeof (NFv5Header), 1, stdin) == 0) { - if (feof(stdin)) - break; - leave (1, "Could not read header\n"); - } - - count = ntohs (v5pdu.header.count); - if (ntohs(v5pdu.header.version) != 5) - leave (1, "Header indicates flow not in version 5 format\n"); - if (count > V5_RECORD_MAXCOUNT) { - fprintf (stderr, "header indicates too many records: %d\n", - count); - exit (1); - } - - if (fread (v5pdu.records, sizeof(NFv5Record), count, stdin) < count) - leave (1, "Could not read enough records from stdin\n"); - - ffphdr.network_time = ntohl(v5pdu.header.unix_secs) + - ntohl(v5pdu.header.unix_nsecs)/1e9 + offset; - ffphdr.pdu_length = pdusize(v5pdu.header); - ffphdr.ipaddr = exporter.s_addr; - - if (fwrite (&ffphdr, sizeof(ffphdr), 1, stdout) == 0) - leave (1, "Could not write ffpheader\n"); - if (fwrite (&v5pdu, ffphdr.pdu_length, 1, stdout) == 0) - leave (1, "Could not write netflow PDU\n"); - } - - return 0; -} diff --git a/aux/nftools/nfcollector.c b/aux/nftools/nfcollector.c deleted file mode 100644 index 0b80983f8c..0000000000 --- a/aux/nftools/nfcollector.c +++ /dev/null @@ -1,83 +0,0 @@ -/* $Id;$ */ -/* Written by Bernhard Ager (2007). */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "nfcommon.h" - -void pleave (int errlvl, const char *msg) { - perror (msg); - exit (errlvl); -} - -void usage () { - puts ("collects NetFlow data and writes it to a file (or stdout)\n" - " such that Bro can read the NetFlow dump file.\n" - " Usage: nfcollector [-p ] [-o ]\n" - " port defaults to 1234, outputfile defaults to stdout"); -} - -int main (int argc, char** argv) { - int opt; - int s = -1; - char *outfile = NULL; - int outfd = 1; // default to stdout - struct timeval tv; - struct sockaddr_in sa = { .sin_family = AF_INET, - .sin_port = htons(1234), - .sin_addr = {0} }; - struct sockaddr_in from; - socklen_t fromlen; - FlowFilePDU ffp; - - while ((opt = getopt (argc, argv, "p:o:h")) >= 0) { - switch (opt) { - case 'o': - outfile = malloc (strlen(optarg) + 1); - strcpy (outfile, optarg); - break; - case 'p': - sa.sin_port = htons(atoi(optarg)); - break; - case 'h': - usage(); - exit (0); - default: - fprintf (stderr, "Unknown option: %c\n", optopt); - } - } - - if ((s = socket (PF_INET, SOCK_DGRAM, 0)) < 0) - pleave(1, "opening socket"); - - if (bind (s, (struct sockaddr*) &sa, sizeof (sa)) < 0) - pleave (1, "bind"); - - if (outfile && (outfd = open (outfile, O_TRUNC|O_WRONLY|O_CREAT, 0666)) < 0) - pleave (1, "open"); - - while (1) { - fromlen = sizeof (from); - if ((ffp.header.pdu_length = recvfrom(s, ffp.data, MAX_PKT_SIZE, 0, (struct sockaddr*)&from, &fromlen)) < 0) - pleave (1, "recvfrom"); - if (gettimeofday(&tv, NULL) == 0) - ffp.header.network_time = tv.tv_sec + tv.tv_usec / 1000000.; - else { - ffp.header.network_time = -1.; - perror ("gettimeofday"); - } - - ffp.header.ipaddr = from.sin_addr.s_addr; - write (outfd, &ffp, ffp.header.pdu_length + sizeof (FlowFileSrcPDUHeader)); - } - - return 0; -} diff --git a/aux/nftools/nfcommon.h b/aux/nftools/nfcommon.h deleted file mode 100644 index fd91d1341c..0000000000 --- a/aux/nftools/nfcommon.h +++ /dev/null @@ -1,45 +0,0 @@ -/* $Id:$ */ -/* Written by Bernhard Ager (2007). */ -/* For now this only works with IPv4. */ - -#include "../../config.h" - -/* Enough for NFv5 - how about the others? */ -#define MAX_PKT_SIZE 8192 - -/* from FlowSrc.h */ -typedef struct { - double network_time; - int pdu_length; - u_int32_t ipaddr; -} FlowFileSrcPDUHeader; - -typedef struct { - u_int16_t version; - u_int16_t count; - u_int32_t sysuptime; - u_int32_t unix_secs; - u_int32_t unix_nsecs; - u_int32_t flow_seq; - u_int8_t eng_type; - u_int8_t eng_id; - u_int16_t sample_int; -} NFv5Header; - -#define V5_RECORD_SIZE 48 -#define V5_RECORD_MAXCOUNT 30 - -typedef struct { - char data[V5_RECORD_SIZE]; -} NFv5Record; - -typedef struct { - NFv5Header header; - NFv5Record records[V5_RECORD_MAXCOUNT]; -} NFv5PDU; - -/* TODO: replace char data[] by NFv5PDU pdu*/ -typedef struct { - FlowFileSrcPDUHeader header; - char data [MAX_PKT_SIZE]; -} FlowFilePDU; diff --git a/aux/rst/Makefile.am b/aux/rst/Makefile.am deleted file mode 100644 index b56859335f..0000000000 --- a/aux/rst/Makefile.am +++ /dev/null @@ -1,4 +0,0 @@ -## Process this file with automake to produce Makefile.in - -noinst_PROGRAMS = rst -rst_SOURCES = rst.c diff --git a/aux/rst/rst.c b/aux/rst/rst.c deleted file mode 100644 index 8dca07bb7f..0000000000 --- a/aux/rst/rst.c +++ /dev/null @@ -1,380 +0,0 @@ -/* $Id: rst.c 7073 2010-09-13 00:45:02Z vern $ */ - -/* Derived from traceroute, which has the following copyright: - * - * Copyright (c) 1999, 2002 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that: (1) source code distributions - * retain the above copyright notice and this paragraph in its entirety, (2) - * distributions including binary code include the above copyright notice and - * this paragraph in its entirety in the documentation or other materials - * provided with the distribution, and (3) all advertising materials mentioning - * features or use of this software display the following acknowledgement: - * ``This product includes software developed by the University of California, - * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of - * the University nor the names of its contributors may be used to endorse - * or promote products derived from this software without specific prior - * written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ -#ifndef lint -static const char copyright[] = - "@(#) Copyright (c) 1999, 2002\nThe Regents of the University of California. All rights reserved.\n"; -static const char rcsid[] = - "@(#) $Id: rst.c 7073 2010-09-13 00:45:02Z vern $ (LBL)"; -#endif - -/* need this due to linux's funny idea of a tcphdr */ -#if defined(__linux__) -#define _BSD_SOURCE -#endif - -#include -#include - -#include -#include -#include -#include - -#include - -#include -#include -#include -#include -#include - -#include "../../config.h" - -/* Forwards */ -void gripe(const char *, const char *); -void pgripe(const char *); -u_short in_cksum(register u_short *, register int); -int ones_complement_checksum(const void *, int, u_int32_t); -int tcp_checksum(const struct ip *, const struct tcphdr *, int); -void send_pkt(int, struct in_addr, int, u_int32_t, struct in_addr, - int, u_int32_t, int, int, int, int, const char *); -void terminate(int, const char *, int, u_int32_t, const char *, - int, u_int32_t, int, int, int, int, const char *); -void usage(void); -int main(int, char **); - -const char *prog_name; - -void gripe(const char *fmt, const char *arg) -{ - fprintf(stderr, "%s: ", prog_name); - fprintf(stderr, fmt, arg); - fprintf(stderr, "\n"); -} - -void pgripe(const char *msg) -{ - fprintf(stderr, "%s: %s (%s)\n", prog_name, msg, strerror(errno)); - exit(1); -} - -/* - * Checksum routine for Internet Protocol family headers (C Version) - */ -u_short -in_cksum(register u_short *addr, register int len) -{ - register int nleft = len; - register u_short *w = addr; - register u_short answer; - register int sum = 0; - - /* - * Our algorithm is simple, using a 32 bit accumulator (sum), - * we add sequential 16 bit words to it, and at the end, fold - * back all the carry bits from the top 16 bits into the lower - * 16 bits. - */ - while (nleft > 1) { - sum += *w++; - nleft -= 2; - } - - /* mop up an odd byte, if necessary */ - if (nleft == 1) - sum += *(u_char *)w; - - /* - * add back carry outs from top 16 bits to low 16 bits - */ - sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */ - sum += (sum >> 16); /* add carry */ - answer = ~sum; /* truncate to 16 bits */ - return (answer); -} - -// - adapted from tcpdump -// Returns the ones-complement checksum of a chunk of b short-aligned bytes. -int ones_complement_checksum(const void *p, int b, u_int32_t sum) -{ - const u_short *sp = (u_short *) p; // better be aligned! - - b /= 2; // convert to count of short's - - /* No need for endian conversions. */ - while ( --b >= 0 ) - sum += *sp++; - - while ( sum > 0xffff ) - sum = (sum & 0xffff) + (sum >> 16); - - return sum; -} - -int tcp_checksum(const struct ip *ip, const struct tcphdr *tp, int len) -{ - int tcp_len = tp->th_off * 4 + len; - u_int32_t sum, addl_pseudo; - - if ( len % 2 == 1 ) - // Add in pad byte. - sum = htons(((const u_char*) tp)[tcp_len - 1] << 8); - else - sum = 0; - - sum = ones_complement_checksum((void*) &ip->ip_src.s_addr, 4, sum); - sum = ones_complement_checksum((void*) &ip->ip_dst.s_addr, 4, sum); - - addl_pseudo = (htons(IPPROTO_TCP) << 16) | htons((unsigned short) tcp_len); - - sum = ones_complement_checksum((void*) &addl_pseudo, 4, sum); - sum = ones_complement_checksum((void*) tp, tcp_len, sum); - - return sum; -} - -void send_pkt(int s, struct in_addr from, int from_port, u_int32_t from_seq, - struct in_addr to, int to_port, u_int32_t to_seq, - int size, int redundancy, int delay, int flags, - const char *inject) -{ - int cc; - int pktlen = 40 + size; - const int max_injection_size = 4096; - char *pkt = malloc(pktlen + max_injection_size + 1024 /* slop */); - struct ip *ip = (struct ip *) pkt; - struct tcphdr *tcp = (struct tcphdr *) &pkt[20]; - - if ( ! pkt ) - pgripe("couldn't malloc memory"); - - if ( inject && *inject ) { - size = strlen(inject); - - if ( size > max_injection_size ) - gripe("injection text too large%s", ""); - - pktlen = 40 + size; - } - - memset(pkt, 0, pktlen); - - ip->ip_v = IPVERSION; - ip->ip_len = pktlen; /* on FreeBSD, don't use htons(); YMMV */ - ip->ip_off = 0; - ip->ip_src = from; - ip->ip_dst = to; - ip->ip_hl = 5; - ip->ip_p = IPPROTO_TCP; - ip->ip_ttl = 255; - ip->ip_id = 0; - - ip->ip_sum = in_cksum((u_short *) ip, sizeof(*ip)); - - if (ip->ip_sum == 0) - ip->ip_sum = 0xffff; - - tcp->th_sport = htons(from_port); - tcp->th_dport = htons(to_port); - tcp->th_seq = htonl(from_seq); - tcp->th_ack = htonl(to_seq); - tcp->th_off = 5; - tcp->th_flags = flags; - tcp->th_win = 0; - tcp->th_urp = 0; - tcp->th_sum = 0; - - if ( inject && *inject ) { - char *payload = &pkt[40]; - strcpy(payload, inject); - - } else if ( size > 0 ) - { - const char *fill_string = - (inject && *inject) ? inject : "BRO-RST\n"; - char *payload = &pkt[40]; - int n = strlen(fill_string); - int i; - for ( i = size; i > n + 1; i -= n ) - { - strcpy(payload, fill_string); - payload += n; - } - - for ( ; i > 0; --i ) - *(payload++) = '\n'; - } - - tcp->th_sum = ~tcp_checksum(ip, tcp, size); - - while ( redundancy-- > 0 ) - { - cc = send(s, (char *) ip, pktlen, 0); - if (cc < 0 || cc != pktlen) - pgripe("problem in sendto()"); - usleep(delay * 1000); - } - - free(pkt); -} - -void terminate(int s, const char *from_addr, int from_port, u_int32_t from_seq, - const char *to_addr, int to_port, u_int32_t to_seq, - int num, int redundancy, int stride, int delay, - const char *inject) -{ - struct sockaddr where_from, where_to; - struct sockaddr_in *from = (struct sockaddr_in *) &where_from; - struct sockaddr_in *to = (struct sockaddr_in *) &where_to; - - memset(from, 0, sizeof(*from)); - memset(to, 0, sizeof(*to)); -#ifdef SIN_LEN - from->sin_len = to->sin_len = sizeof(*to); -#endif /* SIN_LEN */ - from->sin_family = to->sin_family = AF_INET; - - if ( inet_aton(from_addr, (struct in_addr *) &from->sin_addr) == 0 ) - gripe("bad from address %s", from_addr); - if ( inet_aton(to_addr, (struct in_addr *) &to->sin_addr) == 0 ) - gripe("bad to address %s", to_addr); - - if ( connect(s, &where_to, sizeof(where_to)) < 0 ) - pgripe("can't connect"); - - while ( num-- > 0 ) - { - send_pkt(s, from->sin_addr, from_port, from_seq, - to->sin_addr, to_port, to_seq, 0, redundancy, delay, - (*inject ? 0 : TH_RST) | TH_ACK, inject); - - if ( num > 0 && stride > 1 ) - send_pkt(s, from->sin_addr, from_port, from_seq, - to->sin_addr, to_port, to_seq, stride, - redundancy, delay, TH_ACK, inject); - - from_seq += stride; - } -} - -void usage() -{ - fprintf(stderr, "%s [-R] [-I text-to-inject] [-d delay-msec] [-n num] [-r redundancy] [-s stride] from_addr from_port from_seq to_addr to_port to_seq\n", prog_name); - exit(0); -} - -int main(int argc, char **argv) -{ - extern char* optarg; - extern int optind, opterr; - const char *from_addr, *to_addr; - char inject[8192]; - int from_port, to_port; - u_int32_t from_seq, to_seq; - int delay = 0.0; - int redundancy = 1; - int num = 1; - int stride = 1; - int reverse = 0; - int s; - int on = 1; - int op; - - prog_name = argv[0]; - - opterr = 0; - - inject[0] = 0; - - while ( (op = getopt(argc, argv, "RI:d:n:r:s:")) != EOF ) - switch ( op ) { - case 'R': - reverse = 1; - break; - - case 'I': - { - char *ap = optarg; - char *ip; - for ( ip = inject; *ap; ++ip, ++ap ) { - if ( ap[0] == '\\' && ap[1] == 'n' ) - *ip = '\n', ++ap; - else - *ip = *ap; - } - } - break; - - case 'd': - delay = atoi(optarg); - break; - - case 'n': - num = atoi(optarg); - break; - - case 'r': - redundancy = atoi(optarg); - break; - - case 's': - stride = atoi(optarg); - break; - - default: - usage(); - break; - } - - if ( argc - optind != 6 ) - usage(); - - s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW); - if ( s < 0 ) - pgripe("couldn't create raw socket"); - - setuid(getuid()); - - if (setsockopt(s, 0, IP_HDRINCL, (char *) &on, sizeof(on)) < 0) - pgripe("can't turn on IP_HDRINCL"); - - from_addr = argv[optind++]; - from_port = atoi(argv[optind++]); - from_seq = strtoul(argv[optind++], 0, 10); - - to_addr = argv[optind++]; - to_port = atoi(argv[optind++]); - to_seq = strtoul(argv[optind++], 0, 10); - - if ( reverse ) - terminate(s, to_addr, to_port, to_seq, - from_addr, from_port, from_seq, - num, redundancy, stride, delay, inject); - else - terminate(s, from_addr, from_port, from_seq, - to_addr, to_port, to_seq, - num, redundancy, stride, delay, inject); - - return 0; -} diff --git a/aux/scripts/Makefile.am b/aux/scripts/Makefile.am deleted file mode 100644 index c0a7ebb1b1..0000000000 --- a/aux/scripts/Makefile.am +++ /dev/null @@ -1,3 +0,0 @@ -## Process this file with automake to produce Makefile.in - -EXTRA_DIST = hot-report mon-report ip-grep ca-create ca-issue bro-logchk.pl host-to-addrs mvlog host-grep lock_file diff --git a/aux/scripts/bro-logchk.pl b/aux/scripts/bro-logchk.pl deleted file mode 100755 index f711feab29..0000000000 --- a/aux/scripts/bro-logchk.pl +++ /dev/null @@ -1,197 +0,0 @@ -#!/usr/bin/perl - -# Written by: -# James J. Barlow -# June 2002 -# -# Orders and scans through bro http and ftp logs. - -use Getopt::Std; -use Socket; - -# Get the options on the command line -getopts('DFHdshra:f:x:'); - -# Check for invalid options or help option -if ($opt_h || ($opt_a && $opt_x) || (($opt_s || $opt_d) && !$opt_a) || - ($opt_F && $opt_H) || !($opt_F || $opt_H)) { - &Usage; -} - -# Read file -if ($opt_f) { - open(INFILE, "$opt_f") || die "Can't open $opt_f: $!\n"; -} else { - &Usage; -} - -$max = 0; - -while () { - - # is it the start of a connection - if (check_start_conn()) { - - # Set to resolve IP address if $opt_r. - $resolve = 1; - - # Do we want a specific IP address - if ($opt_a) { - if ((($source EQ $opt_a) && !$opt_d) || (($dest EQ $opt_a) && !$opt_s)) { - # Yes, push connection number on list - push @ipconlist, $conn; - } else { - $resolve = 0; # don't try to resolve IP address - } - } - - # Do we want to exclude an IP address - if ($opt_x) { - # Check if ipaddr is not excluded address - if (($source NE $opt_x) && ($dest NE $opt_x)) { - # if not push connection number on list - push @ipconlist, $conn; - } else { - $resolve = 0; # don't try to resolve IP address - } - } - - # set max connection number - $max = $conn if ($max < $conn); - - # Do we want to try and resolve IP addresses - if ($opt_r && $resolve) { - # get source and dest hostnames from IP addresses - $sname = gethostbyaddr(inet_aton($source), AF_INET); - # set source name to IP address if not resolvable - if (!$sname) { - $sname = $source; - } - $dname = gethostbyaddr(inet_aton($dest), AF_INET); - # set destination name to IP address if not resolvable - if (!$dname) { - $dname = $dest; - } - } else { - $sname = $source; - $dname = $dest; - } - - # Get timestamp - $time = localtime($secs); - - # push connection - push @{$connlist[$conn]}, "$time - $conn ${sname}${source_port} > $dname"; - print "$time - $conn ${sname}${source_port} > $dname\n" if $opt_D; - next; - } - - # is it a request - if (check_request()) { - - # set max connection number - $max = $conn if ($max < $conn); - - push @{$connlist[$conn]}, "${time}${conn} $request"; - print "${time}${conn} $request\n" if $opt_D; - next; - } - - print "Unrecognized line: $_"; -} - -for ($i=1;$i<=$max;$i++) { - # skip connections not on list if we want specific addrs - # or are excluding addresses - if ($opt_a || $opt_x) { - next if !(grep /^$i$/, @ipconlist); - } - # print connections - foreach $entry (@{$connlist[$i]}) { - print "$entry\n"; - } -} - -close(INFILE); - - -sub check_start_conn { - - $valid_conn = 0; - - # http connection? - if ($opt_H) { - if ((m/^(\d+)\s+%(\d+)\s+start\s+(\S+)\s+>\s+(\S+)/) || - (m/^(\d+)\.\d+\s+%(\d+)\s+start\s+(\S+)\s+>\s+(\S+)/)) { - $secs = $1; - $conn = $2; - $source = $3; - $dest = $4; - chomp($dest); - $source_port = ""; - $valid_conn = 1; - } - # ftp connection? - } elsif ($opt_F) { - if ((m/^(\d+)\s+#(\d+)\s+(\S+)\/(\d+)\s+>\s+(\S+)\/ftp start/) || - (m/^(\d+)\.\d+\s+#(\d+)\s+(\S+)\/(\d+)\s+>\s+(\S+)\/ftp start/)) { - $secs = $1; - $conn = $2; - $source = $3; - $source_port = "/$4"; - $dest = $5; - $valid_conn = 1; - } - } - - return $valid_conn; -} - -sub check_request { - - $valid_request = 0; - - if ($opt_H) { - if (m/^%(\d+)\s+\S+\s+(.*)/) { - $conn = $1; - $request = "GET $2"; - chomp($request); - $time = ""; - $valid_conn = 1; - } - } elsif ($opt_F) { - if (m/^(\d+)\.\d+ #(\d+) (.*)/) { - $time = localtime($1)." - "; - $conn = $2; - $request = $3; - chomp($request); - $valid_conn = 1; - } - } - - return $valid_conn; -} - - -# -# Usage -# -# Prints out usage for script. - -sub Usage { - print "Usage:\n"; - print " bro-logchk.pl -[hrDFHds] -f filename -a ipaddr -x ipaddr\n"; - print " -h print this usage information\n"; - print " -F using ftp log\n"; - print " -H using http log\n"; - print " -r try to resolve IP addresses to hostnames\n"; - print " -f file log file to parse\n"; - print " -a ipaddr only output connections from this address\n"; - print " -s only want matching source address (used with -a option)\n"; - print " -d only want matching destination address (used with -a option)\n"; - print " -D debug option\n"; - print " -x ipaddr exclude connections from this address\n"; - print "\n"; - exit; -} - diff --git a/aux/scripts/ca-create b/aux/scripts/ca-create deleted file mode 100755 index f9cb5e13e8..0000000000 --- a/aux/scripts/ca-create +++ /dev/null @@ -1,148 +0,0 @@ -#! /bin/sh - -###################################################################### -# prompt for input for a variable -# $1 name of var -# $2 defualt value -# $3 prompt string (if empty get from config file ) -bro_config_input() -{ - if [ -z $1 ] ; then - name="" - else - name=$1 - fi - - if [ -z $2 ] ; then - default="" - else - default=$2 - fi - - if [ -z "$3" ] ; then - prompt="" - else - prompt=$3 - fi - - #empty it out - RESP= - desc=$prompt - - while [ -z "$RESP" ]; do - echo -n "$desc [$default]: " >&0 - read RESP - - case "$RESP" in - [Yy]|[Yy][Ee][Ss]) ret="YES"; RESP="YES";; - [Nn]|[Nn][Oo] ) ret="NO"; RESP="NO" ;; - "") ret=$default ; RESP="$default" ;; - *) ret=$RESP;; - esac - done - - # set back the value - eval $1=\$ret - eval $name=\$ret - return 1 -} - - -echo "Creating SSL certificate authority" -echo "----------------------------------" -echo - -dir=$HOME - -if [ "x$BRO_CA_DIR" != "x" ]; then - dir=$BRO_CA_DIR -fi - -bro_config_input "dir" $dir "Directory for CA setup" - -mkdir -p $dir -if [ $? -ne 0 ]; then - echo "Couldn't create directory $dir." - exit 1 -fi - -mkdir -p $dir/certs $dir/private -chmod g-rwx,o-rwx $dir/private -echo '01' > $dir/serial -touch $dir/issued.txt - -echo "- Directory structure created in directory $dir" - -cat - > $dir/openssl.cfg << _EOF -# OpenSSL config file for Root CA -# - -# Global variable so it can be used everywhere: -dir = $dir - -[ ca ] -default_ca = bro_ca - -[ bro_ca ] -certificate = \$dir/ca_cert.pem -database = \$dir/issued.txt -new_certs_dir = \$dir/certs -private_key = \$dir/private/ca_key.pem -serial = \$dir/serial - -# Number of days before CRLs are published -default_crl_days = 7 - -# Number of days a certificate will be valud -default_days = 365 - -# Digest used to sign issued certificates -default_md = sha1 - -# Policy for distinguished name in certificate requests -policy = bro_policy -x509_extensions = cert_exts - - -[ bro_policy ] -commonName = supplied -emailAddress = optional - -[ cert_exts ] -# Certificates we hand out must not be used as CA certificates -basicConstraints = CA:false - -[ req ] -default_bits = 2048 # Private key length - -default_keyfile = \$dir/private/ca_key.pem -default_md = sha1 - -# Don't ask for distinguished name, use what's given below: -prompt = no -distinguished_name = root_ca_dist_name - -x509_extensions = root_ca_exts - -[ root_ca_dist_name ] -commonName = Bro Root Certification Authority - -[ root_ca_exts ] -basicConstraints = CA:true - -_EOF - -echo "- OpenSSL config file created at $dir/openssl.cfg" -echo -echo "I will now generate the CA's certificate. You will be asked to" -echo "enter the password for the CA's private key." -echo -openssl req -config $dir/openssl.cfg -x509 -new -out $dir/ca_cert.pem -outform PEM - -if [ $? -ne 0 ]; then - echo "Couldn't create root certificate." - exit 1 -fi - -echo "- Root certificate created successfully" -echo "- Done." diff --git a/aux/scripts/ca-issue b/aux/scripts/ca-issue deleted file mode 100755 index 6bac0bd1eb..0000000000 --- a/aux/scripts/ca-issue +++ /dev/null @@ -1,112 +0,0 @@ -#! /bin/sh - -###################################################################### -# prompt for input for a variable -# $1 name of var -# $2 defualt value -# $3 prompt string (if empty get from config file ) -bro_config_input() -{ - if [ -z $1 ] ; then - name="" - else - name=$1 - fi - - if [ -z $2 ] ; then - default="" - else - default=$2 - fi - - if [ -z "$3" ] ; then - prompt="" - else - prompt=$3 - fi - - #empty it out - RESP= - desc=$prompt - - while [ -z "$RESP" ]; do - echo -n "$desc [$default]: " >&0 - read RESP - - case "$RESP" in - [Yy]|[Yy][Ee][Ss]) ret="YES"; RESP="YES";; - [Nn]|[Nn][Oo] ) ret="NO"; RESP="NO" ;; - "") ret=$default ; RESP="$default" ;; - *) ret=$RESP;; - esac - done - - # set back the value - eval $1=\$ret - eval $name=\$ret - return 1 -} - - -echo "Issuing SSL certificate" -echo "-----------------------" -echo - -dir=$HOME - -if [ "x$BRO_CA_DIR" != "x" ]; then - dir=$BRO_CA_DIR -fi - -bro_config_input "dir" $dir "CA installation directory" - - -if [ ! -r $dir/openssl.cfg ]; then - echo "Could not find config file for root CA in $BRO_CA_DIR/openssl.cfg" - exit 1 -fi - -prefix=bro -bro_config_input "prefix" $prefix "Prefix for the generated certificate request and private key" - -if [ "x$OPENSSL_CONF" = "x$BRO_CA_DIR/openssl.cfg" ]; then - OPENSSL_CONF= - echo "*Not* using $BRO_CA_DIR/openssl.cfg as configuration file" -fi - -echo -echo "I will now generate a certificate request. You will be asked" -echo "for a passphrase with which the private key will be encrypted." -echo "You will also be asked for a challenge phrase stored in the" -echo "certificate request, which is ignored by OpenSSL." -echo -openssl req -newkey rsa:1024 -days 730 -nodes -keyout ${prefix}_key.pem -keyform PEM -out ${prefix}_req.pem - -if [ $? -ne 0 ]; then - echo "Couldn't create certificate request." - exit 1 -fi - -echo "- Certificate request created in ${prefix}_req.pem, with private key in ${prefix}_key.pem" -echo -echo "Issuing certificate using ${prefix}_req.pem" -openssl ca -config $BRO_CA_DIR/openssl.cfg -days 730 -in ${prefix}_req.pem -notext -out ${prefix}_cert.pem - -if [ $? -ne 0 ]; then - echo "Couldn't create certificate. Make sure the parameters" - echo "of the certificate request are unique." - exit 1 -fi - -echo -echo "- Certificate created in ${prefix}_cert.pem" - -cat ${prefix}_key.pem ${prefix}_cert.pem > ${prefix}.pem -rm ${prefix}_key.pem ${prefix}_cert.pem ${prefix}_req.pem -echo "- Created host certificate and key configuration in $prefix.pem" -echo -echo "Now configure your Bro agent to use" -echo " * CA certificate $dir/ca_cert.pem" -echo " * Host certificate $prefix.pem" -echo -echo "- Done." diff --git a/aux/scripts/host-grep b/aux/scripts/host-grep deleted file mode 100755 index 1aa62ad279..0000000000 --- a/aux/scripts/host-grep +++ /dev/null @@ -1,29 +0,0 @@ -#! /bin/csh -f -# -# Greps a Bro connection summary file on stdin for the given hosts. Usage: -# -# host-grep [-a] host ... -# -# If -a is specified then we only want lines with *all* of the listed hosts. - -if ( "$1" == "-a" ) then - shift - if ( "$2" != "" ) then - # More than one host, recurse. - set h1 = $1 - shift - host-grep $h1 | host-grep -a $* - exit - else - # Just one host, fall through. - endif -endif - -# Thank you csh, for your totally busted sense of command composition -# and error propagation. -set sheesh=`ip-grep $*` -if ( $status != 0 ) then - exit 1 -endif - -grep -E " $sheesh " diff --git a/aux/scripts/host-to-addrs b/aux/scripts/host-to-addrs deleted file mode 100755 index ed0b615c01..0000000000 --- a/aux/scripts/host-to-addrs +++ /dev/null @@ -1,47 +0,0 @@ -#! /bin/sh -e -# -# Returns a list of IP addresses associated with hostname $1. - -sheesh=`dig +noauthor +noaddit $1 a | - -awk ' -BEGIN { - name = "'$1'" - - if ( name ~ /^[0-9][0-9]*\.[0-9][0-9]*/ ) - # An address, not a name. - print name - - name = name "." - } - -/^;; ANSWER/ { - getline - - # First reduce CNAMEs. - while ( $4 == "CNAME" ) - { - name = $5 - getline - } - - # Now pick off the addresses. - while ( $1 == name ) - { - print $5 - getline - } - - ++num_answers - } - -END { - if ( num_answers == 0 ) - { - print "no DNS answers to query for", name >"/dev/stderr" - exit 1; - } - } -'` - -echo "$sheesh" | sort -u diff --git a/aux/scripts/hot-report b/aux/scripts/hot-report deleted file mode 100755 index 2e8b5b7ab6..0000000000 --- a/aux/scripts/hot-report +++ /dev/null @@ -1,160 +0,0 @@ -#! /bin/sh -# -# Generate readable output from a Bro connection summary file. If the -# -n flag is given, then the input is not run through hf to convert addresses -# to hostnames, otherwise it is. If -x is given, then exact sizes and times -# are reported, otherwise approximate. -# -# Requires the hf and cf utilities. See doc/conn-logs for a summary of -# the mnemonics used to indicate different connection states. - -if [ "$1" = "-n" ] -then - shift - HF="cat" export HF - exec $0 "$@" -fi - -if [ "$1" = "-x" ] -then - shift - EXACT=1 export EXACT - exec $0 "$@" -fi - -usage="usage: hot-report [-n -x] [file ...]" - -if [ ! "$HF" ] -then - HF="hf -cl -t 15" -fi - -if [ ! "$EXACT" ] -then - EXACT=0 -fi - -$HF $* | cf | -mawk ' -BEGIN { - interactive["telnet"] = interactive["login"] = interative["klogin"] = 1 - version_probe["smtp"] = 1 - - no_flag["www"] = no_flag["gopher"] = no_flag["smtp"] = 1 - no_flag["www?"] = no_flag["www??"] = no_flag["gopher?"] = 1 - no_flag["http"] = no_flag["http?"] = no_flag["http??"] = 1 - no_flag["https"] = 1 - - no_rej["finger"] = no_rej["time"] = no_rej["daytime"] = 1 - no_rej["nntp"] = no_rej["auth"] = 1 - } - - { - state = $10 - if ( state == "REJ" ) - marker = "[" - else if ( state ~ /S0/ ) - marker = "}" - else if ( state ~ /RSTR/ ) - marker = state ~ /H/ ? "<[" : ">[" - else if ( state ~ /RSTO/ ) - marker = ">]" - else if ( state ~ /SHR/ ) - marker = " 11 ) - { # Collect additional status - for ( i = 12; i <= NF; ++i ) - status = status " " $i - } - - flag_it = flag(proto, $4+0, $6+0, $7+0, state) - - printf("%-15s %s%s%s %s %s/%s%s%s%s\n", time, flag_it ? "*" : " ", - ohost, osize, marker, rhost, proto, rsize, dur, status) - } - -# Returns true if a connection should be flagged (represents successful -# and sensitive activity), false otherwise -function flag(proto, dur, osize, rsize, state) - { - if ( proto in interactive ) - return osize > 200 || rsize > 1000 || dur > 300 - - if ( proto in version_probe && (osize == 0 || osize == 6) ) - return 1 - - if ( proto in no_rej && (state == "REJ" || state == "S0") ) - return 0 - - if ( proto ~ /^ftpdata-/ || proto ~ /^ftp-data/ ) - return 0 - - return ! (proto in no_flag) - } - -function size(bytes, state) - { - if ( state == "S0" ) - return "" - - if ( state == "REJ" ) - return "" - - if ( bytes == "?" ) - s = "?" - - else if ( '$EXACT' ) - s = sprintf("%db", bytes) - - else if ( bytes < 1000 ) - s = sprintf("%.1fkb", bytes / 1000) - - else - s = sprintf("%.0fkb", bytes / 1000) - - return " " s - } - -function duration(t, state) - { - if ( t == "?" ) - return " " t - - if ( state == "S0" || state == "S1" || state == "REJ" ) - return "" - - if ( '$EXACT' ) - s = sprintf("%.1fs", t) - - else if ( t < 60 ) - s = sprintf("%.1fm", t / 60) - - else - s = sprintf("%.0fm", t / 60) - - return " " s - } -' diff --git a/aux/scripts/ip-grep b/aux/scripts/ip-grep deleted file mode 100755 index 8f34d6040f..0000000000 --- a/aux/scripts/ip-grep +++ /dev/null @@ -1,9 +0,0 @@ -#! /bin/sh -# -# Returns a grep pattern for matching the IP addresses of the given hosts. -# Note that generally when using the pattern you should surround it with -# some form of anchoring, such as blanks, to avoid false hits. - -sheesh=`(for i do host-to-addrs $i; done)` -if [ "$sheesh" = "" ]; then exit 1; fi; -echo "$sheesh" | xargs | sed 's/\./\\./g;s/ /|/g;s/.*/(&)/' diff --git a/aux/scripts/lock_file b/aux/scripts/lock_file deleted file mode 100755 index 718b6c04c6..0000000000 --- a/aux/scripts/lock_file +++ /dev/null @@ -1,70 +0,0 @@ -#! /bin/sh -# Inspired by http://members.toast.net/art.ross/rute/node24.html - -TAG=default -CMD= - -help() { - echo "USAGE: lock_file (lock|unlock) []" - echo - echo "lock_file locks or unlocks a lock file, for synchronization" - echo "across multiple processes. The lock command will block until" - echo "the lock can be obtained, upon which it exits with code 0." - echo "The exit code will be 1 on failures, and 2 on input error." - echo "You can use different tags for different locks." -} - -while test "x$1" != "x"; do - case "$1" in - "-h"|"--help"|"-help"|"-?"|"help") - help - exit 0 - ;; - "lock") - CMD=lock - shift 1 - ;; - "unlock") - CMD=unlock - shift 1 - ;; - *) - TAG="$1" - shift 1 - ;; - esac -done - -TEMPFILE="/tmp/lock_${TAG}.$$" -LOCKFILE="/tmp/lock_${TAG}.lock" - -if test "${CMD}" = "lock"; then - - { echo $$ > $TEMPFILE; } >/dev/null 2>&1 || { - echo "You don't have permission to access `dirname $TEMPFILE`" - exit 1 - } - - while true; do - ln $TEMPFILE $LOCKFILE >/dev/null 2>&1 && { - rm -f $TEMPFILE - exit 0; - } - - if test -e "$LOCKFILE"; then - kill -0 `cat $LOCKFILE` >/dev/null 2>&1 || { - echo "Removing stale lock file" - rm -f $LOCKFILE - } - fi - - sleep 1 - done -fi - -if test "${CMD}" = "unlock"; then - rm -f $LOCKFILE && exit 0 - exit 1 -fi - -exit 2 diff --git a/aux/scripts/mon-report b/aux/scripts/mon-report deleted file mode 100755 index 0b39819362..0000000000 --- a/aux/scripts/mon-report +++ /dev/null @@ -1,79 +0,0 @@ -#! /bin/csh -f -# -# Given Bro connection summary files, reports on the activities of -# particular host(s) or net(s). -# -# mon-report [-n] [-t] [-x] h1 [-a h2] file ... -# -# reports on all connections involving host "h1", or "h1" and "h2" if -a -# specified. -n means that h1 and h2 should be interpreted as IP addresses -# (either host or network) instead of hostnames. -t means to write to stdout -# the raw trace file instead of the hot report. -x is passed along to -# hot-report to specify exact byte counts and durations (unless -t is given). - -set usage = "mon-report [-n] [-t] [-x] h1 [-a h2] file ..." -set GREP = "grep -E" - -if ( "$1" == "-n" ) then - setenv REPORT_NET - shift - mon-report $* - exit -endif - -if ( "$1" == "-t" ) then - setenv REPORT_TO_STDOUT - shift - mon-report $* - exit -endif - -if ( "$1" == "-x" ) then - setenv EXACT - shift - mon-report $* - exit -endif - -if ( "$1" == "" ) then - echo "$usage" - exit -endif - -set h1=$1 -shift - -set h2 -if ( "$1" == "-a" ) then - shift - if ( "$1" == "" ) then - echo "$usage" - exit - endif - setenv H2 - set h2=$1 - shift -endif - -if ( $?REPORT_TO_STDOUT ) then - set out="cat" -else - if ( $?EXACT ) then - set out="hot-report -x" - else - set out="hot-report" - endif -endif - -if ( $?REPORT_NET ) then - if ( $?H2 ) then - cat $* | $GREP " `echo $h1 | sed 's/\./\\./g;s/ /|/g'`[. ]" | \ - $GREP " `echo $h2 | sed 's/\./\\./g;s/ /|/g'`[. ]" | \ - sort -n | $out - else - cat $* | $GREP " `echo $h1 | sed 's/\./\\./g;s/ /|/g'`[. ]" | \ - sort -n | $out - endif -else - cat $* | host-grep -a $h1 $h2 | sort -n | $out -endif diff --git a/aux/scripts/mvlog b/aux/scripts/mvlog deleted file mode 100755 index 6136744dec..0000000000 --- a/aux/scripts/mvlog +++ /dev/null @@ -1,58 +0,0 @@ -#! /usr/bin/env bash -# -# This script may be used as a postprocessor for Bro's log files to -# automatically compress and archive them. -# -# Example use: -# -# 1. Add two lines to your Bro configuration: -# -# redef log_rotate_interval = 6 hrs &redef; -# redef log_postprocessor = "mvlog"; -# -# 2. Put the script into your PATH. -# -# 3. Define an environment variable BROBASE giving -# a base directory to store the archived logs in. -# -# Now Bro rotates log files every six hours, gzips them -# and moves them into directories $BROBASE/logs// -# -# General usage (this is how Bro calls all postprocessors): -# -# mvlog -# -# Example of how Bro may call the script: -# -# mvlog alert.log.28799.1069381104 alert.log 03-11-21_03.18.18 03-11-21_04.0.24 - -if [ "$BROBASE" == "" ]; then - echo BROBASE not set. - exit 1 -fi - -# Base of archive. -BASE="$BROBASE/logs" - -# Build archive name -DAY=`echo $3 | sed 's/_.*$//'` -FROM=`echo $3 | sed 's/^.*_//' | sed 's/\./:/g'` -TO=`echo $4 | sed 's/^.*._//' | sed 's/\./:/g'` - -CENTURY=`date +%Y | sed 's/..$//g'` -DAY="$CENTURY$DAY" - -DEST="$BASE/$DAY/$2.$FROM-$TO" - -# Create archive sub-dir if not existent. - -if [ ! -d "$BASE" ]; then - mkdir "$BASE" -fi - -if [ ! -d "$BASE/$DAY" ]; then - mkdir "$BASE/$DAY" -fi - -# Zip it and move into archive. -nice gzip -6 <$1 >$DEST.gz && rm $1 diff --git a/cmake/ChangeMacInstallNames.cmake b/cmake/ChangeMacInstallNames.cmake new file mode 100644 index 0000000000..1e7370d3e7 --- /dev/null +++ b/cmake/ChangeMacInstallNames.cmake @@ -0,0 +1,87 @@ +# Calling this macro with the name of a list variable will modify that +# list such that any third party libraries that do not come with a +# vanilla Mac OS X system will be replaced by an adjusted library that +# has an install_name relative to the location of any executable that +# links to it. +# +# Also, it will schedule the modified libraries for installation in a +# 'support_libs' subdirectory of the CMAKE_INSTALL_PREFIX. +# +# The case of third party libraries depending on other third party +# libraries is currently not handled by this macro. +# +# Ex. +# +# set(libs /usr/lib/libz.dylib +# /usr/lib/libssl.dylib +# /usr/local/lib/libmagic.dylib +# /usr/local/lib/libGeoIP.dylib +# /usr/local/lib/somestaticlib.a) +# +# include(ChangeMacInstallNames) +# ChangeMacInstallNames(libs) +# +# Should result in ${libs} containing: +# /usr/lib/libz.dylib +# /usr/lib/libssl.dylib +# ${CMAKE_BINARY_DIR}/darwin_support_libs/libmagic.dylib +# ${CMAKE_BINARY_DIR}/darwin_support_libs/libGeoIP.dylib +# /usr/local/lib/somestaticlib.a +# +# such that we can now do: +# +# add_executable(some_exe ${srcs}) +# target_link_libraries(some_exe ${libs}) +# +# Any binary packages created from such a build should be self-contained +# and provide working installs on vanilla OS X systems. + +macro(ChangeMacInstallNames libListVar) + if (APPLE) + find_program(INSTALL_NAME_TOOL install_name_tool) + + set(MAC_INSTALL_NAME_DEPS) + set(SUPPORT_BIN_DIR ${CMAKE_BINARY_DIR}/darwin_support_libs) + set(SUPPORT_INSTALL_DIR support_libs) + + file(MAKE_DIRECTORY ${SUPPORT_BIN_DIR}) + + foreach (_lib ${${libListVar}}) + # only care about install_name for shared libraries that are + # not shipped in Apple's vanilla OS X installs + string(REGEX MATCH ^/usr/lib/* apple_provided_lib ${_lib}) + string(REGEX MATCH dylib$ is_shared_lib ${_lib}) + + if (NOT apple_provided_lib AND is_shared_lib) + get_filename_component(_libname ${_lib} NAME) + set(_adjustedLib ${SUPPORT_BIN_DIR}/${_libname}) + set(_tmpLib + ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/${_libname}) + + # make a tempory copy so we can adjust permissions + configure_file(${_lib} ${_tmpLib} COPYONLY) + + # copy to build directory with correct write permissions + file(COPY ${_tmpLib} + DESTINATION ${SUPPORT_BIN_DIR} + FILE_PERMISSIONS OWNER_READ OWNER_WRITE + GROUP_READ WORLD_READ) + + # remove the old library from the list provided as macro + # argument and add the new library with modified install_name + list(REMOVE_ITEM ${libListVar} ${_lib}) + list(APPEND ${libListVar} ${_adjustedLib}) + + # update the install target to install the third party libs + # with modified install_name + install(FILES ${_adjustedLib} + DESTINATION ${SUPPORT_INSTALL_DIR}) + + # perform the install_name change + execute_process(COMMAND install_name_tool -id + @executable_path/../${SUPPORT_INSTALL_DIR}/${_libname} + ${_adjustedLib}) + endif () + endforeach () + endif () +endmacro() diff --git a/cmake/CheckFunctions.cmake b/cmake/CheckFunctions.cmake new file mode 100644 index 0000000000..0ea7bdc2e1 --- /dev/null +++ b/cmake/CheckFunctions.cmake @@ -0,0 +1,15 @@ +include(CheckFunctionExists) + +check_function_exists(getopt_long HAVE_GETOPT_LONG) +check_function_exists(mallinfo HAVE_MALLINFO) +check_function_exists(strcasestr HAVE_STRCASESTR) +check_function_exists(strerror HAVE_STRERROR) +check_function_exists(strsep HAVE_STRSEP) +check_function_exists(sigset HAVE_SIGSET) + +if (HAVE_SIGSET) + set(SIG_FUNC sigset) +else () + set(SIG_FUNC signal) + check_function_exists(sigaction HAVE_SIGACTION) +endif () diff --git a/cmake/CheckHeaders.cmake b/cmake/CheckHeaders.cmake new file mode 100644 index 0000000000..ff206679d2 --- /dev/null +++ b/cmake/CheckHeaders.cmake @@ -0,0 +1,28 @@ +include(CheckIncludeFiles) +include(CheckStructHasMember) + +check_include_files(getopt.h HAVE_GETOPT_H) +check_include_files(magic.h HAVE_MAGIC_H) +check_include_files(memory.h HAVE_MEMORY_H) +check_include_files("sys/socket.h;netinet/in.h;net/if.h;netinet/if_ether.h" + HAVE_NETINET_IF_ETHER_H) +check_include_files("sys/socket.h;netinet/in.h;net/if.h;netinet/ip6.h" + HAVE_NETINET_IP6_H) +check_include_files("sys/socket.h;net/if.h;net/ethernet.h" HAVE_NET_ETHERNET_H) +check_include_files(sys/ethernet.h HAVE_SYS_ETHERNET_H) +check_include_files(sys/time.h HAVE_SYS_TIME_H) +check_include_files("time.h;sys/time.h" TIME_WITH_SYS_TIME) +check_include_files(os-proto.h HAVE_OS_PROTO_H) + +check_struct_has_member(HISTORY_STATE entries "stdio.h;readline/readline.h" + HAVE_READLINE_HISTORY_ENTRIES) +check_include_files("stdio.h;readline/readline.h" HAVE_READLINE_READLINE_H) +check_include_files("stdio.h;readline/history.h" HAVE_READLINE_HISTORY_H) + +if (HAVE_READLINE_READLINE_H AND + HAVE_READLINE_HISTORY_H AND + HAVE_READLINE_HISTORY_ENTRIES) + set(HAVE_READLINE true) +endif () + +check_struct_has_member("struct sockaddr_in" sin_len "netinet/in.h" SIN_LEN) diff --git a/cmake/CheckNameserCompat.cmake b/cmake/CheckNameserCompat.cmake new file mode 100644 index 0000000000..1a71411f1b --- /dev/null +++ b/cmake/CheckNameserCompat.cmake @@ -0,0 +1,21 @@ +include(CheckCSourceCompiles) + +# Check whether the namser compatibility header is required +# This can be the case on the Darwin platform + +check_c_source_compiles(" + #include + int main() { HEADER *hdr; int d = NS_IN6ADDRSZ; return 0; }" + have_nameser_header) + +if (NOT have_nameser_header) + check_c_source_compiles(" + #include + #include + int main() { HEADER *hdr; int d = NS_IN6ADDRSZ; return 0; }" + NEED_NAMESER_COMPAT_H) + if (NOT NEED_NAMESER_COMPAT_H) + message(FATAL_ERROR + "Asynchronous DNS support compatibility check failed.") + endif () +endif () diff --git a/cmake/CheckTypes.cmake b/cmake/CheckTypes.cmake new file mode 100644 index 0000000000..ec561eda5b --- /dev/null +++ b/cmake/CheckTypes.cmake @@ -0,0 +1,46 @@ +include(CheckTypeSize) + +check_type_size("long int" SIZEOF_LONG_INT) +check_type_size("long long" SIZEOF_LONG_LONG) +check_type_size("void *" SIZEOF_VOID_P) + +set(CMAKE_EXTRA_INCLUDE_FILES sys/types.h) + +check_type_size(int32_t INT32_T) +if (INT32_T) + set(INT32_T int32_t) +else() + set(INT32_T int) +endif() + +check_type_size(u_int32_t U_INT32_T) +if (U_INT32_T) + set(U_INT32_T u_int32_t) +else () + set(INT32_T u_int) +endif () + +check_type_size(u_int16_t U_INT16_T) +if (U_INT16_T) + set(U_INT16_T u_int16_t) +else () + set(INT16_T u_short) +endif () + +check_type_size(u_int8_t U_INT8_T) +if (U_INT8_T) + set(U_INT8_T u_int8_t) +else () + set(INT8_T u_char) +endif () + +unset(CMAKE_EXTRA_INCLUDE_FILES) + +set(CMAKE_EXTRA_INCLUDE_FILES sys/socket.h) +check_type_size(socklen_t SOCKLEN_T) +if (SOCKLEN_T) + set(SOCKLEN_T socklen_t) +else () + set(SOCKLEN_T int) +endif () +unset(CMAKE_EXTRA_INCLUDE_FILES) diff --git a/cmake/FindBIND.cmake b/cmake/FindBIND.cmake new file mode 100644 index 0000000000..5046bb29a7 --- /dev/null +++ b/cmake/FindBIND.cmake @@ -0,0 +1,101 @@ +# - Try to find libpcap include dirs and libraries +# +# Usage of this module as follows: +# +# find_package(BIND) +# +# Variables used by this module, they can change the default behaviour and need +# to be set before calling find_package: +# +# BIND_ROOT_DIR Set this variable to the root installation of BIND +# if the module has problems finding the proper +# installation path. +# +# Variables defined by this module: +# +# BIND_FOUND System has BIND, include and library dirs found +# BIND_INCLUDE_DIR The BIND include directories. +# BIND_LIBRARY The BIND library (if any) required for +# ns_inittab and res_mkquery symbols + +find_path(BIND_ROOT_DIR + NAMES include/resolv.h +) + +find_path(BIND_INCLUDE_DIR + NAMES resolv.h + HINTS ${BIND_ROOT_DIR}/include +) + +if (${CMAKE_SYSTEM_NAME} MATCHES "Linux") + # the static resolv library is preferred because + # on some systems, the ns_initparse symbol is not + # exported in the shared library (strangely) + # see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=291609 + set(bind_libs none libresolv.a resolv bind) +else () + set(bind_libs none resolv bind) +endif () + +include(CheckCSourceCompiles) + +# Find which library has the res_mkquery and ns_initparse symbols +set(CMAKE_REQUIRED_INCLUDES ${BIND_INCLUDE_DIR}) +foreach (bindlib ${bind_libs}) + if (NOT ${bindlib} MATCHES "none") + find_library(BIND_LIBRARY + NAMES ${bindlib} + HINTS ${BIND_ROOT_DIR}/lib + ) + endif () + + set(CMAKE_REQUIRED_LIBRARIES ${BIND_LIBRARY}) + + check_c_source_compiles(" + #include + int main() { + ns_initparse(0, 0, 0); + return 0; + } +" ns_initparse_works_${bindlib}) + + check_c_source_compiles(" + #include + #include + #include + #include + #include + int main() { + int (*p)() = res_mkquery; + } +" res_mkquery_works_${bindlib}) + + unset(CMAKE_REQUIRED_LIBRARIES) + + if (ns_initparse_works_${bindlib} AND res_mkquery_works_${bindlib}) + break () + else () + set(BIND_LIBRARY BIND_LIBRARY-NOTFOUND) + endif () +endforeach () +unset(CMAKE_REQUIRED_INCLUDES) + +include(FindPackageHandleStandardArgs) + +if (ns_initparse_works_none AND res_mkquery_works_none) + # system does not require linking to a BIND library + find_package_handle_standard_args(BIND DEFAULT_MSG + BIND_INCLUDE_DIR + ) +else () + find_package_handle_standard_args(BIND DEFAULT_MSG + BIND_LIBRARY + BIND_INCLUDE_DIR + ) +endif () + +mark_as_advanced( + BIND_ROOT_DIR + BIND_LIBRARY + BIND_INCLUDE_DIR +) diff --git a/cmake/FindBISON.cmake b/cmake/FindBISON.cmake new file mode 100644 index 0000000000..3f6d11d04f --- /dev/null +++ b/cmake/FindBISON.cmake @@ -0,0 +1,221 @@ +# - Find bison executable and provides macros to generate custom build rules +# The module defines the following variables: +# +# BISON_EXECUTABLE - path to the bison program +# BISON_VERSION - version of bison +# BISON_FOUND - true if the program was found +# +# If bison is found, the module defines the macros: +# BISON_TARGET( [VERBOSE ] +# [COMPILE_FLAGS ] [HEADER ]) +# which will create a custom rule to generate a parser. is +# the path to a yacc file. is the name of the source file +# generated by bison. A header file containing the token list is also +# generated according to bison's -d option by default or if the HEADER +# option is used, the argument is passed to bison's --defines option to +# specify output file. If COMPILE_FLAGS option is specified, the next +# parameter is added in the bison command line. if VERBOSE option is +# specified, is created and contains verbose descriptions of the +# grammar and parser. The macro defines a set of variables: +# BISON_${Name}_DEFINED - true is the macro ran successfully +# BISON_${Name}_INPUT - The input source file, an alias for +# BISON_${Name}_OUTPUT_SOURCE - The source file generated by bison +# BISON_${Name}_OUTPUT_HEADER - The header file generated by bison +# BISON_${Name}_OUTPUTS - The sources files generated by bison +# BISON_${Name}_COMPILE_FLAGS - Options used in the bison command line +# +# ==================================================================== +# Example: +# +# find_package(BISON) +# BISON_TARGET(MyParser parser.y ${CMAKE_CURRENT_BINARY_DIR}/parser.cpp) +# add_executable(Foo main.cpp ${BISON_MyParser_OUTPUTS}) +# ==================================================================== + +#============================================================================= +# Copyright 2009 Kitware, Inc. +# Copyright 2006 Tristan Carel +# Modified 2010 by Jon Siwek, adding HEADER option +# +# Distributed under the OSI-approved BSD License (the "License"): +# CMake - Cross Platform Makefile Generator +# Copyright 2000-2009 Kitware, Inc., Insight Software Consortium +# All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# * Neither the names of Kitware, Inc., the Insight Software Consortium, +# nor the names of their contributors may be used to endorse or promote +# products derived from this software without specific prior written +# permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# This software is distributed WITHOUT ANY WARRANTY; without even the +# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# See the License for more information. +#============================================================================= + +FIND_PROGRAM(BISON_EXECUTABLE bison DOC "path to the bison executable") +MARK_AS_ADVANCED(BISON_EXECUTABLE) + +IF(BISON_EXECUTABLE) + + EXECUTE_PROCESS(COMMAND ${BISON_EXECUTABLE} --version + OUTPUT_VARIABLE BISON_version_output + ERROR_VARIABLE BISON_version_error + RESULT_VARIABLE BISON_version_result + OUTPUT_STRIP_TRAILING_WHITESPACE) + IF(NOT ${BISON_version_result} EQUAL 0) + MESSAGE(SEND_ERROR "Command \"${BISON_EXECUTABLE} --version\" failed with output:\n${BISON_version_error}") + ELSE() + STRING(REGEX REPLACE "^bison \\(GNU Bison\\) ([^\n]+)\n.*" "\\1" + BISON_VERSION "${BISON_version_output}") + ENDIF() + + # internal macro + MACRO(BISON_TARGET_option_verbose Name BisonOutput filename) + LIST(APPEND BISON_TARGET_cmdopt "--verbose") + GET_FILENAME_COMPONENT(BISON_TARGET_output_path "${BisonOutput}" PATH) + GET_FILENAME_COMPONENT(BISON_TARGET_output_name "${BisonOutput}" NAME_WE) + ADD_CUSTOM_COMMAND(OUTPUT ${filename} + COMMAND ${CMAKE_COMMAND} + ARGS -E copy + "${BISON_TARGET_output_path}/${BISON_TARGET_output_name}.output" + "${filename}" + DEPENDS + "${BISON_TARGET_output_path}/${BISON_TARGET_output_name}.output" + COMMENT "[BISON][${Name}] Copying bison verbose table to ${filename}" + WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}) + SET(BISON_${Name}_VERBOSE_FILE ${filename}) + LIST(APPEND BISON_TARGET_extraoutputs + "${BISON_TARGET_output_path}/${BISON_TARGET_output_name}.output") + ENDMACRO(BISON_TARGET_option_verbose) + + # internal macro + MACRO(BISON_TARGET_option_extraopts Options) + SET(BISON_TARGET_extraopts "${Options}") + SEPARATE_ARGUMENTS(BISON_TARGET_extraopts) + LIST(APPEND BISON_TARGET_cmdopt ${BISON_TARGET_extraopts}) + ENDMACRO(BISON_TARGET_option_extraopts) + + #============================================================ + # BISON_TARGET (public macro) + #============================================================ + # + MACRO(BISON_TARGET Name BisonInput BisonOutput) + SET(BISON_TARGET_output_header "") + #SET(BISON_TARGET_command_opt "") + SET(BISON_TARGET_cmdopt "") + SET(BISON_TARGET_outputs "${BisonOutput}") + IF(NOT ${ARGC} EQUAL 3 AND + NOT ${ARGC} EQUAL 5 AND + NOT ${ARGC} EQUAL 7 AND + NOT ${ARGC} EQUAL 9) + MESSAGE(SEND_ERROR "Usage") + ELSE() + # Parsing parameters + IF(${ARGC} GREATER 5 OR ${ARGC} EQUAL 5) + IF("${ARGV3}" STREQUAL "VERBOSE") + BISON_TARGET_option_verbose(${Name} ${BisonOutput} "${ARGV4}") + ENDIF() + IF("${ARGV3}" STREQUAL "COMPILE_FLAGS") + BISON_TARGET_option_extraopts("${ARGV4}") + ENDIF() + IF("${ARGV3}" STREQUAL "HEADER") + set(BISON_TARGET_output_header "${ARGV4}") + ENDIF() + ENDIF() + + IF(${ARGC} GREATER 7 OR ${ARGC} EQUAL 7) + IF("${ARGV5}" STREQUAL "VERBOSE") + BISON_TARGET_option_verbose(${Name} ${BisonOutput} "${ARGV6}") + ENDIF() + + IF("${ARGV5}" STREQUAL "COMPILE_FLAGS") + BISON_TARGET_option_extraopts("${ARGV6}") + ENDIF() + + IF("${ARGV5}" STREQUAL "HEADER") + set(BISON_TARGET_output_header "${ARGV6}") + ENDIF() + ENDIF() + + IF(${ARGC} EQUAL 9) + IF("${ARGV7}" STREQUAL "VERBOSE") + BISON_TARGET_option_verbose(${Name} ${BisonOutput} "${ARGV8}") + ENDIF() + + IF("${ARGV7}" STREQUAL "COMPILE_FLAGS") + BISON_TARGET_option_extraopts("${ARGV8}") + ENDIF() + + IF("${ARGV7}" STREQUAL "HEADER") + set(BISON_TARGET_output_header "${ARGV8}") + ENDIF() + ENDIF() + + IF(BISON_TARGET_output_header) + # Header's name passed in as argument to be used in --defines option + LIST(APPEND BISON_TARGET_cmdopt + "--defines=${BISON_TARGET_output_header}") + set(BISON_${Name}_OUTPUT_HEADER ${BISON_TARGET_output_header}) + ELSE() + # Header's name generated by bison (see option -d) + LIST(APPEND BISON_TARGET_cmdopt "-d") + STRING(REGEX REPLACE "^(.*)(\\.[^.]*)$" "\\2" _fileext "${ARGV2}") + STRING(REPLACE "c" "h" _fileext ${_fileext}) + STRING(REGEX REPLACE "^(.*)(\\.[^.]*)$" "\\1${_fileext}" + BISON_${Name}_OUTPUT_HEADER "${ARGV2}") + ENDIF() + + LIST(APPEND BISON_TARGET_outputs "${BISON_${Name}_OUTPUT_HEADER}") + + ADD_CUSTOM_COMMAND(OUTPUT ${BISON_TARGET_outputs} + ${BISON_TARGET_extraoutputs} + COMMAND ${BISON_EXECUTABLE} + ARGS ${BISON_TARGET_cmdopt} -o ${ARGV2} ${ARGV1} + DEPENDS ${ARGV1} + COMMENT "[BISON][${Name}] Building parser with bison ${BISON_VERSION}" + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) + + # define target variables + SET(BISON_${Name}_DEFINED TRUE) + SET(BISON_${Name}_INPUT ${ARGV1}) + SET(BISON_${Name}_OUTPUTS ${BISON_TARGET_outputs}) + SET(BISON_${Name}_COMPILE_FLAGS ${BISON_TARGET_cmdopt}) + SET(BISON_${Name}_OUTPUT_SOURCE "${BisonOutput}") + + ENDIF(NOT ${ARGC} EQUAL 3 AND + NOT ${ARGC} EQUAL 5 AND + NOT ${ARGC} EQUAL 7 AND + NOT ${ARGC} EQUAL 9) + ENDMACRO(BISON_TARGET) + # + #============================================================ + +ENDIF(BISON_EXECUTABLE) + +INCLUDE(FindPackageHandleStandardArgs) +FIND_PACKAGE_HANDLE_STANDARD_ARGS(BISON DEFAULT_MSG BISON_EXECUTABLE) + +# FindBISON.cmake ends here diff --git a/cmake/FindBinPAC.cmake b/cmake/FindBinPAC.cmake new file mode 100644 index 0000000000..5cd1697bb3 --- /dev/null +++ b/cmake/FindBinPAC.cmake @@ -0,0 +1,53 @@ +# - Try to find BinPAC binary and library +# +# Usage of this module as follows: +# +# find_package(BinPAC) +# +# Variables used by this module, they can change the default behaviour and need +# to be set before calling find_package: +# +# BinPAC_ROOT_DIR Set this variable to the root installation of +# BinPAC if the module has problems finding the +# proper installation path. +# +# Variables defined by this module: +# +# BINPAC_FOUND System has BinPAC binary and library +# BinPAC_EXE The binpac executable +# BinPAC_LIBRARY The libbinpac.a library +# BinPAC_INCLUDE_DIR The binpac headers + +# look for BinPAC in standard locations or user-provided root +find_path(BinPAC_ROOT_DIR + NAMES include/binpac.h +) + +find_file(BinPAC_EXE + NAMES binpac + HINTS ${BinPAC_ROOT_DIR}/bin +) + +find_library(BinPAC_LIBRARY + NAMES libbinpac.a + HINTS ${BinPAC_ROOT_DIR}/lib +) + +find_path(BinPAC_INCLUDE_DIR + NAMES binpac.h + HINTS ${BinPAC_ROOT_DIR}/include +) + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(BinPAC DEFAULT_MSG + BinPAC_EXE + BinPAC_LIBRARY + BinPAC_INCLUDE_DIR +) + +mark_as_advanced( + BinPAC_ROOT_DIR + BinPAC_EXE + BinPAC_LIBRARY + BinPAC_INCLUDE_DIR +) diff --git a/cmake/FindGooglePerftools.cmake b/cmake/FindGooglePerftools.cmake new file mode 100644 index 0000000000..7ddd5a532e --- /dev/null +++ b/cmake/FindGooglePerftools.cmake @@ -0,0 +1,44 @@ +# - Try to find GooglePerftools headers and libraries +# +# Usage of this module as follows: +# +# find_package(GooglePerftools) +# +# Variables used by this module, they can change the default behaviour and need +# to be set before calling find_package: +# +# GooglePerftools_ROOT_DIR Set this variable to the root installation of +# GooglePerftools if the module has problems finding +# the proper installation path. +# +# Variables defined by this module: +# +# GOOGLEPERFTOOLS_FOUND System has GooglePerftools libs/headers +# GooglePerftools_LIBRARIES The GooglePerftools libraries +# GooglePerftools_INCLUDE_DIR The location of GooglePerftools headers + +find_path(GooglePerftools_ROOT_DIR + NAMES include/google/heap-profiler.h +) + +find_library(GooglePerftools_LIBRARIES + NAMES tcmalloc + HINTS ${GooglePerftools_ROOT_DIR}/lib +) + +find_path(GooglePerftools_INCLUDE_DIR + NAMES google/heap-profiler.h + HINTS ${GooglePerftools_ROOT_DIR}/include +) + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(GooglePerftools DEFAULT_MSG + GooglePerftools_LIBRARIES + GooglePerftools_INCLUDE_DIR +) + +mark_as_advanced( + GooglePerftools_ROOT_DIR + GooglePerftools_LIBRARIES + GooglePerftools_INCLUDE_DIR +) diff --git a/cmake/FindLibGeoIP.cmake b/cmake/FindLibGeoIP.cmake new file mode 100644 index 0000000000..ef8529e2e3 --- /dev/null +++ b/cmake/FindLibGeoIP.cmake @@ -0,0 +1,44 @@ +# - Try to find GeoIP headers and libraries +# +# Usage of this module as follows: +# +# find_package(LibGeoIP) +# +# Variables used by this module, they can change the default behaviour and need +# to be set before calling find_package: +# +# LibGeoIP_ROOT_DIR Set this variable to the root installation of +# libGeoIP if the module has problems finding the +# proper installation path. +# +# Variables defined by this module: +# +# LIBGEOIP_FOUND System has GeoIP libraries and headers +# LibGeoIP_LIBRARY The GeoIP library +# LibGeoIP_INCLUDE_DIR The location of GeoIP headers + +find_path(LibGeoIP_ROOT_DIR + NAMES include/GeoIPCity.h +) + +find_library(LibGeoIP_LIBRARY + NAMES GeoIP + HINTS ${LibGeoIP_ROOT_DIR}/lib +) + +find_path(LibGeoIP_INCLUDE_DIR + NAMES GeoIPCity.h + HINTS ${LibGeoIP_ROOT_DIR}/include +) + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(LibGeoIP DEFAULT_MSG + LibGeoIP_LIBRARY + LibGeoIP_INCLUDE_DIR +) + +mark_as_advanced( + LibGeoIP_ROOT_DIR + LibGeoIP_LIBRARY + LibGeoIP_INCLUDE_DIR +) diff --git a/cmake/FindLibMagic.cmake b/cmake/FindLibMagic.cmake new file mode 100644 index 0000000000..e96245e8c0 --- /dev/null +++ b/cmake/FindLibMagic.cmake @@ -0,0 +1,44 @@ +# - Try to find libmagic header and library +# +# Usage of this module as follows: +# +# find_package(LibMagic) +# +# Variables used by this module, they can change the default behaviour and need +# to be set before calling find_package: +# +# LibMagic_ROOT_DIR Set this variable to the root installation of +# libmagic if the module has problems finding the +# proper installation path. +# +# Variables defined by this module: +# +# LIBMAGIC_FOUND System has libmagic and magic.h +# LibMagic_LIBRARY The libmagic library +# LibMagic_INCLUDE_DIR The location of magic.h + +find_path(LibMagic_ROOT_DIR + NAMES include/magic.h +) + +find_library(LibMagic_LIBRARY + NAMES magic + HINTS ${LibMagic_ROOT_DIR}/lib +) + +find_path(LibMagic_INCLUDE_DIR + NAMES magic.h + HINTS ${LibMagic_ROOT_DIR}/include +) + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(LibMagic DEFAULT_MSG + LibMagic_LIBRARY + LibMagic_INCLUDE_DIR +) + +mark_as_advanced( + LibMagic_ROOT_DIR + LibMagic_LIBRARY + LibMagic_INCLUDE_DIR +) diff --git a/cmake/FindOpenSSL.cmake b/cmake/FindOpenSSL.cmake new file mode 100644 index 0000000000..599a846f0a --- /dev/null +++ b/cmake/FindOpenSSL.cmake @@ -0,0 +1,56 @@ +# - Try to find openssl include dirs and libraries +# +# Usage of this module as follows: +# +# find_package(OpenSSL) +# +# Variables used by this module, they can change the default behaviour and need +# to be set before calling find_package: +# +# OpenSSL_ROOT_DIR Set this variable to the root installation of +# openssl if the module has problems finding the +# proper installation path. +# +# Variables defined by this module: +# +# OPENSSL_FOUND System has openssl, include and library dirs found +# OpenSSL_INCLUDE_DIR The openssl include directories. +# OpenSSL_LIBRARIES The openssl libraries. +# OpenSSL_CYRPTO_LIBRARY The openssl crypto library. +# OpenSSL_SSL_LIBRARY The openssl ssl library. + +find_path(OpenSSL_ROOT_DIR + NAMES include/openssl/ssl.h +) + +find_path(OpenSSL_INCLUDE_DIR + NAMES openssl/ssl.h + HINTS ${OpenSSL_ROOT_DIR}/include +) + +find_library(OpenSSL_SSL_LIBRARY + NAMES ssl ssleay32 ssleay32MD + HINTS ${OpenSSL_ROOT_DIR}/lib +) + +find_library(OpenSSL_CRYPTO_LIBRARY + NAMES crypto + HINTS ${OpenSSL_ROOT_DIR}/lib +) + +set(OpenSSL_LIBRARIES ${OpenSSL_SSL_LIBRARY} ${OpenSSL_CRYPTO_LIBRARY} + CACHE STRING "OpenSSL SSL and crypto libraries" FORCE) + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(OpenSSL DEFAULT_MSG + OpenSSL_LIBRARIES + OpenSSL_INCLUDE_DIR +) + +mark_as_advanced( + OpenSSL_ROOT_DIR + OpenSSL_INCLUDE_DIR + OpenSSL_LIBRARIES + OpenSSL_CRYPTO_LIBRARY + OpenSSL_SSL_LIBRARY +) diff --git a/cmake/FindPCAP.cmake b/cmake/FindPCAP.cmake new file mode 100644 index 0000000000..61ce602821 --- /dev/null +++ b/cmake/FindPCAP.cmake @@ -0,0 +1,44 @@ +# - Try to find libpcap include dirs and libraries +# +# Usage of this module as follows: +# +# find_package(PCAP) +# +# Variables used by this module, they can change the default behaviour and need +# to be set before calling find_package: +# +# PCAP_ROOT_DIR Set this variable to the root installation of +# libpcap if the module has problems finding the +# proper installation path. +# +# Variables defined by this module: +# +# PCAP_FOUND System has libpcap, include and library dirs found +# PCAP_INCLUDE_DIR The libpcap include directories. +# PCAP_LIBRARY The libpcap library. + +find_path(PCAP_ROOT_DIR + NAMES include/pcap.h +) + +find_path(PCAP_INCLUDE_DIR + NAMES pcap.h + HINTS ${PCAP_ROOT_DIR}/include +) + +find_library(PCAP_LIBRARY + NAMES pcap + HINTS ${PCAP_ROOT_DIR}/lib +) + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(PCAP DEFAULT_MSG + PCAP_LIBRARY + PCAP_INCLUDE_DIR +) + +mark_as_advanced( + PCAP_ROOT_DIR + PCAP_INCLUDE_DIR + PCAP_LIBRARY +) diff --git a/cmake/FindRequiredPackage.cmake b/cmake/FindRequiredPackage.cmake new file mode 100644 index 0000000000..ff76b646cc --- /dev/null +++ b/cmake/FindRequiredPackage.cmake @@ -0,0 +1,44 @@ +# A wrapper macro around the standard CMake find_package macro that +# facilitates displaying better error messages by default, or even +# accepting custom error messages on a per package basis. +# +# If a package is not found, then the MISSING_PREREQS variable gets +# set to true and either a default or custom error message appended +# to MISSING_PREREQ_DESCS. +# +# The caller can use these variables to display a list of any missing +# packages and abort the build/configuration if there were any. +# +# Use as follows: +# +# include(FindRequiredPackage) +# FindRequiredPackage(Perl) +# FindRequiredPackage(FLEX "You need to install flex (Fast Lexical Analyzer)") +# +# if (MISSING_PREREQS) +# foreach (prereq ${MISSING_PREREQ_DESCS}) +# message(SEND_ERROR ${prereq}) +# endforeach () +# message(FATAL_ERROR "Configuration aborted due to missing prerequisites") +# endif () + +macro(FindRequiredPackage packageName) + find_package(${packageName}) + string(TOUPPER ${packageName} canonPackageName) + if (NOT ${canonPackageName}_FOUND) + set(MISSING_PREREQS true) + + set(customDesc) + foreach (descArg ${ARGN}) + set(customDesc "${customDesc} ${descArg}") + endforeach () + + if (customDesc) + # append the custom error message that was provided as an argument + list(APPEND MISSING_PREREQ_DESCS ${customDesc}) + else () + list(APPEND MISSING_PREREQ_DESCS + " Could not find prerequisite package '${packageName}'") + endif () + endif () +endmacro(FindRequiredPackage) diff --git a/cmake/MiscTests.cmake b/cmake/MiscTests.cmake new file mode 100644 index 0000000000..da46dd83d7 --- /dev/null +++ b/cmake/MiscTests.cmake @@ -0,0 +1,34 @@ +include(CheckCXXSourceCompiles) +include(CheckCSourceCompiles) + +# This autoconf variable is obsolete; it's portable to assume C89 and signal +# handlers returning void +set(RETSIGTYPE "void") +set(RETSIGVAL "") + +check_c_source_compiles(" + #include + #include + extern int socket(int, int, int); + extern int connect(int, const struct sockaddr *, int); + extern int send(int, const void *, int, int); + extern int recvfrom(int, void *, int, int, struct sockaddr *, int *); + int main() { return 0; } +" DO_SOCK_DECL) +if (DO_SOCK_DECL) + message(STATUS "socket() and friends need explicit declaration") +endif () + +check_cxx_source_compiles(" + #include + #include + extern \"C\" { + int openlog(const char* ident, int logopt, int facility); + int syslog(int priority, const char* message_fmt, ...); + int closelog(); + } + int main() { return 0; } +" SYSLOG_INT) +if (SYSLOG_INT) + message(STATUS "syslog prototypes need declaration") +endif () diff --git a/cmake/OSSpecific.cmake b/cmake/OSSpecific.cmake new file mode 100644 index 0000000000..568427e177 --- /dev/null +++ b/cmake/OSSpecific.cmake @@ -0,0 +1,67 @@ +if (${CMAKE_SYSTEM_NAME} MATCHES "FreeBSD") + # alternate malloc is faster for FreeBSD, but needs more testing + # need to add way to set this from the command line + set(USE_NMALLOC true) + +elseif (${CMAKE_SYSTEM_NAME} MATCHES "OpenBSD") + set(USE_NMALLOC true) + +elseif (${CMAKE_SYSTEM_NAME} MATCHES "Darwin") + +elseif (${CMAKE_SYSTEM_NAME} MATCHES "Linux") + set(HAVE_LINUX true) + include_directories(BEFORE ${CMAKE_SOURCE_DIR}/linux-include) + +elseif (${CMAKE_SYSTEM_NAME} MATCHES "Solaris") + set(SOCKET_LIBS nsl socket) + +elseif (${CMAKE_SYSTEM_NAME} MATCHES "osf") + # Workaround ip_hl vs. ip_vhl problem in netinet/ip.h + add_definitions(-D__STDC__=2) + +elseif (${CMAKE_SYSTEM_NAME} MATCHES "irix") + list(APPEND CMAKE_C_FLAGS -xansi -signed -g3) + list(APPEND CMAKE_CXX_FLAGS -xansi -signed -g3) + +elseif (${CMAKE_SYSTEM_NAME} MATCHES "ultrix") + list(APPEND CMAKE_C_FLAGS -std1 -g3) + list(APPEND CMAKE_CXX_FLAGS -std1 -g3) + include(CheckCSourceCompiles) + check_c_source_compiles(" + #include + int main() { + void c(const struct a *); + return 0; + } + " have_ultrix_const) + if (NOT have_ultrix_const) + set(NEED_ULTRIX_CONST_HACK true) + endif () + +elseif (${CMAKE_SYSTEM_NAME} MATCHES "hpux" OR + ${CMAKE_SYSTEM_NAME} MATCHES "HP-UX") + include(CheckCSourceCompiles) + set(CMAKE_REQUIRED_FLAGS -Aa) + set(CMAKE_REQUIRED_DEFINITIONS -D_HPUX_SOURCE) + check_c_source_compiles(" + #include + int main() { + int frob(int, char *); + return 0; + } + " have_ansi_prototypes) + unset(CMAKE_REQUIRED_FLAGS) + unset(CMAKE_REQUIRED_DEFINITIONS) + + if (have_ansi_prototypes) + add_definitions(-D_HPUX_SOURCE) + list(APPEND CMAKE_C_FLAGS -Aa) + list(APPEND CMAKE_CXX_FLAGS -Aa) + endif () + + if (NOT have_ansi_prototypes) + message(FATAL_ERROR "Can't get HPUX compiler to handle ANSI prototypes") + endif () +endif () + + diff --git a/cmake/OpenSSLTests.cmake b/cmake/OpenSSLTests.cmake new file mode 100644 index 0000000000..e8dda34b41 --- /dev/null +++ b/cmake/OpenSSLTests.cmake @@ -0,0 +1,72 @@ +include(CheckCSourceCompiles) +include(CheckCXXSourceCompiles) + +set(CMAKE_REQUIRED_LIBRARIES ${OpenSSL_LIBRARIES}) +set(CMAKE_REQUIRED_INCLUDES ${OpenSSL_INCLUDE_DIR}) + +check_c_source_compiles(" + #include + int main() { return 0; } +" including_ssl_h_works) + +if (NOT including_ssl_h_works) + # On Red Hat we may need to include Kerberos header. + set(CMAKE_REQUIRED_INCLUDES ${OpenSSL_INCLUDE_DIR} /usr/kerberos/include) + check_c_source_compiles(" + #include + #include + int main() { return 0; } + " NEED_KRB5_H) + set(CMAKE_REQUIRED_INCLUDES ${OpenSSL_INCLUDE_DIR}) + if (NOT NEED_KRB5_H) + message(FATAL_ERROR + "OpenSSL test failure. See CmakeError.log for details.") + else () + message(STATUS "OpenSSL requires Kerberos header") + include_directories("/usr/kerberos/include") + endif () +endif () + +# check for OPENSSL_add_all_algorithms_conf function +# and thus OpenSSL >= v0.9.7 +check_c_source_compiles(" + #include + int main() { + OPENSSL_add_all_algorithms_conf(); + return 0; + } +" openssl_greater_than_0_9_7) + +if (NOT openssl_greater_than_0_9_7) + message(FATAL_ERROR "OpenSSL >= v0.9.7 required") +endif () + +check_cxx_source_compiles(" +#include + int main() { + const unsigned char** cpp = 0; + X509** x =0; + d2i_X509(x, cpp, 0); + return 0; + } +" OPENSSL_D2I_X509_USES_CONST_CHAR) + +if (NOT OPENSSL_D2I_X509_USES_CONST_CHAR) + # double check that it compiles without const + check_cxx_source_compiles(" + #include + int main() { + unsigned char** cpp = 0; + X509** x =0; + d2i_X509(x, cpp, 0); + return 0; + } + " OPENSSL_D2I_X509_USES_CHAR) + if (NOT OPENSSL_D2I_X509_USES_CHAR) + message(FATAL_ERROR + "Can't determine if openssl_d2i_x509() takes const char parameter") + endif () +endif () + +unset(CMAKE_REQUIRED_INCLUDES) +unset(CMAKE_REQUIRED_LIBRARIES) diff --git a/cmake/PCAPTests.cmake b/cmake/PCAPTests.cmake new file mode 100644 index 0000000000..520b666974 --- /dev/null +++ b/cmake/PCAPTests.cmake @@ -0,0 +1,63 @@ +include(CheckFunctionExists) +include(CheckCSourceCompiles) +include(CheckIncludeFiles) + +set(CMAKE_REQUIRED_INCLUDES ${LIBPCAP_INCLUDE_DIR}) +set(CMAKE_REQUIRED_LIBRARIES ${PCAP_LIBRARY}) + +check_include_files(pcap-int.h HAVE_PCAP_INT_H) + +check_function_exists(pcap_freecode HAVE_LIBPCAP_PCAP_FREECODE) +if (NOT HAVE_LIBPCAP_PCAP_FREECODE) + set(DONT_HAVE_LIBPCAP_PCAP_FREECODE true) + message(STATUS "No implementation for pcap_freecode()") +endif () + +check_c_source_compiles(" +#include +int main () { + int snaplen; + int linktype; + struct bpf_program fp; + int optimize; + bpf_u_int32 netmask; + char str[10]; + char error[1024]; + snaplen = 50; + linktype = DLT_EN10MB; + optimize = 1; + netmask = 0L; + str[0] = 'i'; str[1] = 'p'; str[2] = '\\\\0'; + (void)pcap_compile_nopcap( + snaplen, linktype, &fp, str, optimize, netmask, &error); + return 0; +} +" LIBPCAP_PCAP_COMPILE_NOPCAP_HAS_ERROR_PARAMETER) +if (NOT LIBPCAP_PCAP_COMPILE_NOPCAP_HAS_ERROR_PARAMETER) + # double check + check_c_source_compiles(" +#include +int main () { + int snaplen; + int linktype; + struct bpf_program fp; + int optimize; + bpf_u_int32 netmask; + char str[10]; + snaplen = 50; + linktype = DLT_EN10MB; + optimize = 1; + netmask = 0L; + str[0] = 'i'; str[1] = 'p'; str[2] = '\\\\0'; + (void)pcap_compile_nopcap(snaplen, linktype, &fp, str, optimize, netmask); + return 0; +} +" LIBPCAP_PCAP_COMPILE_NOPCAP_NO_ERROR_PARAMETER) + if (NOT LIBPCAP_PCAP_COMPILE_NOPCAP_NO_ERROR_PARAMETER) + message(FATAL_ERROR + "Can't determine if pcap_compile_nopcap takes an error parameter") + endif () +endif () + +unset(CMAKE_REQUIRED_INCLUDES) +unset(CMAKE_REQUIRED_LIBRARIES) diff --git a/cmake/SetPackageFileName.cmake b/cmake/SetPackageFileName.cmake new file mode 100644 index 0000000000..759f72ab82 --- /dev/null +++ b/cmake/SetPackageFileName.cmake @@ -0,0 +1,18 @@ +# Sets CPACK_PACKAGE_FILE name in the following format: +# +# --- +# +# The version must already be set in the VERSION variable + +set(CPACK_PACKAGE_FILE_NAME "${CMAKE_PROJECT_NAME}-${VERSION}") +set(CPACK_PACKAGE_FILE_NAME "${CPACK_PACKAGE_FILE_NAME}-${CMAKE_SYSTEM_NAME}") +if (APPLE) + # Only Intel-based Macs are supported. CMAKE_SYSTEM_PROCESSOR may + # return the confusing 'i386' if running a 32-bit kernel, but chances + # are the binary is x86_64 (or more generally 'Intel') compatible. + set(arch "Intel") +else () + set (arch ${CMAKE_SYSTEM_PROCESSOR}) +endif () + +set(CPACK_PACKAGE_FILE_NAME "${CPACK_PACKAGE_FILE_NAME}-${arch}") diff --git a/cmake/SetPackageGenerators.cmake b/cmake/SetPackageGenerators.cmake new file mode 100644 index 0000000000..edd80ee3d6 --- /dev/null +++ b/cmake/SetPackageGenerators.cmake @@ -0,0 +1,23 @@ +# Sets the list of desired package types to be created by the make +# package target. A .tar.gz is always made, and depending on the +# operating system, more are added: +# +# Darwin - PackageMaker +# Linux - RPM if the platform has rpmbuild installed +# DEB is ommitted because CPack does not give enough +# control over how the package is created and lacks support +# for automatic dependency detection. +# +# +# CPACK_GENERATOR is set by this module + +set(CPACK_GENERATOR TGZ) +set(CPACK_SOURCE_GENERATOR TGZ) +if (APPLE) + list(APPEND CPACK_GENERATOR PackageMaker) +elseif (${CMAKE_SYSTEM_NAME} MATCHES "Linux") + find_program(RPMBUILD_EXE rpmbuild) + if (RPMBUILD_EXE) + set(CPACK_GENERATOR ${CPACK_GENERATOR} RPM) + endif () +endif () diff --git a/cmake/SetPackageVersion.cmake b/cmake/SetPackageVersion.cmake new file mode 100644 index 0000000000..19c9d404e3 --- /dev/null +++ b/cmake/SetPackageVersion.cmake @@ -0,0 +1,27 @@ +# Sets CPack version variables by splitting the first macro argument +# using "." as a delimiter. If the length of the split list is +# greater than 2, all remaining elements are tacked on to the patch +# level version. + +macro(SetPackageVersion _version) + string(REPLACE "." " " version_numbers ${_version}) + separate_arguments(version_numbers) + + list(GET version_numbers 0 CPACK_PACKAGE_VERSION_MAJOR) + list(REMOVE_AT version_numbers 0) + list(GET version_numbers 0 CPACK_PACKAGE_VERSION_MINOR) + list(REMOVE_AT version_numbers 0) + list(LENGTH version_numbers version_length) + + while (version_length GREATER 0) + list(GET version_numbers 0 patch_level) + if (CPACK_PACKAGE_VERSION_PATCH) + set(CPACK_PACKAGE_VERSION_PATCH + "${CPACK_PACKAGE_VERSION_PATCH}.${patch_level}") + else () + set(CPACK_PACKAGE_VERSION_PATCH ${patch_level}) + endif () + list(REMOVE_AT version_numbers 0) + list(LENGTH version_numbers version_length) + endwhile () +endmacro(SetPackageVersion) diff --git a/cmake/cmake_uninstall.cmake.in b/cmake/cmake_uninstall.cmake.in new file mode 100644 index 0000000000..e801cff1c3 --- /dev/null +++ b/cmake/cmake_uninstall.cmake.in @@ -0,0 +1,35 @@ +function(uninstall_manifest manifestPath) + file(READ "${manifestPath}" files) + string(REGEX REPLACE "\n" ";" files "${files}") + foreach (file ${files}) + set(fileName $ENV{DESTDIR}${file}) + + if (EXISTS "${fileName}" OR IS_SYMLINK "${fileName}") + message(STATUS "Uninstalling: ${fileName}") + + execute_process( + COMMAND @CMAKE_COMMAND@ -E remove "${fileName}" + OUTPUT_VARIABLE rm_out + RESULT_VARIABLE rm_retval + ) + + if (NOT ${rm_retval} EQUAL 0) + message(FATAL_ERROR "Problem when removing: ${fileName}") + endif () + else () + message(STATUS "Does not exist: ${fileName}") + endif () + + endforeach () +endfunction(uninstall_manifest) + +file(GLOB install_manifests @CMAKE_CURRENT_BINARY_DIR@/install_manifest*.txt) + +if (install_manifests) + foreach (manifest ${install_manifests}) + uninstall_manifest(${manifest}) + endforeach () +else () + message(FATAL_ERROR "Cannot find any install manifests in: " + "\"@CMAKE_CURRENT_BINARY_DIR@/install_manifest*.txt\"") +endif () diff --git a/config.h.in b/config.h.in new file mode 100644 index 0000000000..f1405813fc --- /dev/null +++ b/config.h.in @@ -0,0 +1,148 @@ +/* enable IPV6 processing */ +#cmakedefine BROv6 + +/* Old libpcap versions (< 0.6.1) need defining pcap_freecode and + pcap_compile_nopcap */ +#cmakedefine DONT_HAVE_LIBPCAP_PCAP_FREECODE + +/* should explicitly declare socket() and friends */ +#cmakedefine DO_SOCK_DECL + +/* Define if you have the header file. */ +#cmakedefine HAVE_GETOPT_H + +/* Define if you have the `getopt_long' function. */ +#cmakedefine HAVE_GETOPT_LONG + +/* Define if you have the `magic' library (-lmagic). */ +#cmakedefine HAVE_LIBMAGIC + +/* Define if you have the `z' library (-lz). */ +#cmakedefine HAVE_LIBZ + +/* We are on a Linux system */ +#cmakedefine HAVE_LINUX + +/* Define if you have the header file. */ +#cmakedefine HAVE_MAGIC_H + +/* Define if you have the `mallinfo' function. */ +#cmakedefine HAVE_MALLINFO + +/* Define if you have the header file. */ +#cmakedefine HAVE_MEMORY_H + +/* Define if you have the header file. */ +#cmakedefine HAVE_NETINET_IF_ETHER_H + +/* Define if you have the header file. */ +#cmakedefine HAVE_NETINET_IP6_H + +/* Define if you have the header file. */ +#cmakedefine HAVE_NET_ETHERNET_H + +/* We are on a OpenBSD system */ +#cmakedefine HAVE_OPENBSD + +/* have os-proto.h */ +#cmakedefine HAVE_OS_PROTO_H + +/* Define if you have the header file. */ +#cmakedefine HAVE_PCAP_INT_H + +/* line editing & history powers */ +#cmakedefine HAVE_READLINE + +/* Define if you have the `sigaction' function, but not `sigset'. */ +#cmakedefine HAVE_SIGACTION + +/* Define if you have the `sigset' function. */ +#cmakedefine HAVE_SIGSET + +/* Define if you have the `strcasestr' function. */ +#cmakedefine HAVE_STRCASESTR + +/* Define if you have the `strerror' function. */ +#cmakedefine HAVE_STRERROR + +/* Define if you have the `strsep' function. */ +#cmakedefine HAVE_STRSEP + +/* Define if you have the header file. */ +#cmakedefine HAVE_SYS_ETHERNET_H + +/* Some libpcap versions use an extra parameter (error) in pcap_compile_nopcap + */ +#cmakedefine LIBPCAP_PCAP_COMPILE_NOPCAP_HAS_ERROR_PARAMETER + +/* Include krb5.h */ +#cmakedefine NEED_KRB5_H + +/* Compatibility for Darwin */ +#cmakedefine NEED_NAMESER_COMPAT_H + +/* d2i_x509 uses const char** */ +#cmakedefine OPENSSL_D2I_X509_USES_CONST_CHAR + +/* Define as the return type of signal handlers (`int' or `void'). */ +#define RETSIGTYPE @RETSIGTYPE@ + +/* signal function return value */ +#define RETSIGVAL @RETSIGVAL@ + +/* have sin_len field in sockaddr_in */ +#cmakedefine SIN_LEN + +/* The size of `long int', as computed by sizeof. */ +#define SIZEOF_LONG_INT @SIZEOF_LONG_INT@ + +/* The size of `long long', as computed by sizeof. */ +#define SIZEOF_LONG_LONG @SIZEOF_LONG_LONG@ + +/* The size of `void *', as computed by sizeof. */ +#define SIZEOF_VOID_P @SIZEOF_VOID_P@ + +/* should we declare syslog() and openlog() */ +#cmakedefine SYSLOG_INT + +/* Define if you have */ +#cmakedefine HAVE_SYS_TIME_H + +/* Define if you can safely include both and . */ +#cmakedefine TIME_WITH_SYS_TIME + +/* GeoIP geographic lookup functionality */ +#cmakedefine USE_GEOIP + +/* Use Google's perftools */ +#cmakedefine USE_PERFTOOLS + +/* Version number of package */ +#define VERSION "@VERSION@" + +/* whether words are stored with the most significant byte first */ +#cmakedefine WORDS_BIGENDIAN + +/* ultrix can't hack const */ +#cmakedefine NEED_ULTRIX_CONST_HACK +#ifdef NEED_ULTRIX_CONST_HACK +#define const +#endif + +/* Define int32_t */ +#define int32_t @INT32_T@ + +/* use sigset() instead of signal() */ +#define signal @SIG_FUNC@ + +/* define to int if socklen_t not available */ +#define socklen_t @SOCKLEN_T@ + +/* Define u_int16_t */ +#define u_int16_t @U_INT16_T@ + +/* Define u_int32_t */ +#define u_int32_t @U_INT32_T@ + +/* Define u_int8_t */ +#define u_int8_t @U_INT8_T@ diff --git a/configure b/configure new file mode 100755 index 0000000000..d82c79b1ae --- /dev/null +++ b/configure @@ -0,0 +1,189 @@ +#!/bin/sh +# Convenience wrapper for easily viewing/setting options that +# the project's CMake scripts will recognize + +# check for `cmake` command +type cmake > /dev/null 2>&1 || { + echo "\ +This package requires CMake, please install it first, then you may +use this configure script to access CMake equivalent functionality.\ +" >&2; + exit 1; +} + +usage="\ +Usage: $0 [OPTION]... [VAR=VALUE]... + + Build Directory: + --builddir=DIR place build files in directory [build] + + Installation Directories: + --prefix=PREFIX installation directory [/usr/local/bro] + --policydir=PATH policy file installation directory + [PREFIX/share/bro] + + Optional Features: + --enable-debug compile in debugging mode + --enable-brov6 enable IPv6 processing + --enable-perftools use Google's perftools + --enable-cluster install Broctl configured for cluster operation + (overridden by --disable-broctl) + --disable-broccoli don't build or install the Broccoli library + --disable-broctl don't install Broctl + --disable-auxtools don't build or install auxilliary tools + + Required Packages in Non-Standard Locations: + --with-openssl=PATH path to OpenSSL install root + --with-bind=PATH path to BIND install root + --with-pcap=PATH path to libpcap install root + --with-binpac=PATH path to BinPAC install root + + Optional Packages in Non-Standard Locations: + --with-libmagic=PATH path to libmagic install root + --with-geoip=PATH path to the libGeoIP install root + --with-perftools=PATH path to Google Perftools install root + + Influential Environment Variables (only on first invocation + per build directory): + CC C compiler command + CFLAGS C compiler flags + CXX C++ compiler command + CXXFLAGS C++ compiler flags +" + +sourcedir="$( cd "$( dirname "$0" )" && pwd )" + +# Function to append a CMake cache entry definition to the +# CMakeCacheEntries variable +# $1 is the cache entry variable name +# $2 is the cache entry variable type +# $3 is the cache entry variable value +append_cache_entry () { + CMakeCacheEntries="$CMakeCacheEntries -D $1:$2=$3" +} + +# set defaults +builddir=build +CMakeCacheEntries="" +append_cache_entry CMAKE_INSTALL_PREFIX PATH /usr/local/bro +append_cache_entry BRO_ROOT_DIR PATH /usr/local/bro +append_cache_entry PY_MOD_INSTALL_DIR PATH /usr/local/bro/lib/broctl +append_cache_entry POLICYDIR STRING /usr/local/bro/share/bro +append_cache_entry ENABLE_DEBUG BOOL false +append_cache_entry BROv6 BOOL false +append_cache_entry ENABLE_PERFTOOLS BOOL false +append_cache_entry BinPAC_SKIP_INSTALL BOOL true +append_cache_entry BUILD_SHARED_LIBS BOOL true +append_cache_entry INSTALL_AUX_TOOLS BOOL true +append_cache_entry INSTALL_BROCCOLI BOOL true +append_cache_entry INSTALL_BROCTL BOOL true +append_cache_entry STANDALONE BOOL true + +# parse arguments +while [ $# -ne 0 ]; do + case "$1" in + -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; + *) optarg= ;; + esac + + case "$1" in + --help|-h) + echo "${usage}" 1>&2 + exit 1 + ;; + --builddir=*) + builddir=$optarg + ;; + --prefix=*) + append_cache_entry CMAKE_INSTALL_PREFIX PATH $optarg + append_cache_entry BRO_ROOT_DIR PATH $optarg + append_cache_entry PY_MOD_INSTALL_DIR PATH $optarg/lib/broctl + if [ "$user_set_policydir" != "true" ]; then + append_cache_entry POLICYDIR STRING $optarg/share/bro + fi + ;; + --policydir=*) + append_cache_entry POLICYDIR STRING $optarg + user_set_policydir="true" + ;; + --enable-debug) + append_cache_entry ENABLE_DEBUG BOOL true + ;; + --enable-brov6) + append_cache_entry BROv6 BOOL true + ;; + --enable-perftools) + append_cache_entry ENABLE_PERFTOOLS BOOL true + ;; + --disable-broccoli) + append_cache_entry INSTALL_BROCCOLI BOOL false + ;; + --disable-broctl) + append_cache_entry INSTALL_BROCTL BOOL false + user_disabled_broctl="true" + ;; + --enable-cluster) + if [ "$user_disabled_broctl" != "true" ]; then + append_cache_entry STANDALONE BOOL false + fi + ;; + --disable-auxtools) + append_cache_entry INSTALL_AUX_TOOLS BOOL false + ;; + --with-openssl=*) + append_cache_entry OpenSSL_ROOT_DIR PATH $optarg + ;; + --with-bind=*) + append_cache_entry BIND_ROOT_DIR PATH $optarg + ;; + --with-pcap=*) + append_cache_entry PCAP_ROOT_DIR PATH $optarg + ;; + --with-binpac=*) + append_cache_entry BinPAC_ROOT_DIR PATH $optarg + ;; + --with-libmagic=*) + append_cache_entry LibMagic_ROOT_DIR PATH $optarg + ;; + --with-geoip=*) + append_cache_entry LibGeoIP_ROOT_DIR PATH $optarg + ;; + --with-perftools=*) + append_cache_entry GooglePerftools_ROOT_DIR PATH $optarg + ;; + *) + echo "Invalid option '$1'. Try $0 --help to see available options." + exit 1 + ;; + esac + shift +done + +if [ -d $builddir ]; then + # If build directory exists, check if it has a CMake cache + if [ -f $builddir/CMakeCache.txt ]; then + # If the Cmake cache exists, then check that it thinks + # the source tree exists where it's currently located + cmakehomedir=`grep CMAKE_HOME_DIRECTORY $builddir/CMakeCache.txt | \ + sed 's/CMAKE_HOME_DIRECTORY:INTERNAL=//g'` + if [ "$cmakehomedir" != "$sourcedir" ]; then + # The source tree moved since the build was last configured + echo "\ +The source tree has been moved from: + $cmakehomedir +to: + $sourcedir +To reconfigure in the new source directory, please delete: + $builddir/CMakeCache.txt" >&2 + exit 1 + fi + fi +else + # Create build directory + mkdir -p $builddir +fi + +echo "Build Directory : $builddir" +echo "Source Directory: $sourcedir" +cd $builddir +cmake $CMakeCacheEntries $sourcedir diff --git a/policy/CMakeLists.txt b/policy/CMakeLists.txt new file mode 100644 index 0000000000..a79e841661 --- /dev/null +++ b/policy/CMakeLists.txt @@ -0,0 +1,10 @@ +install(DIRECTORY ./ DESTINATION ${POLICYDIR} FILES_MATCHING + PATTERN "summaries" EXCLUDE + PATTERN "all.bro" EXCLUDE + PATTERN "bro.init" + PATTERN "*.bro" + PATTERN "*.sig" + PATTERN "*.osf" +) + +install(DIRECTORY DESTINATION ${POLICYDIR}/site) diff --git a/src/ARP.h b/src/ARP.h index e815c038d9..c7765eb9a9 100644 --- a/src/ARP.h +++ b/src/ARP.h @@ -13,9 +13,9 @@ #include #ifdef HAVE_NET_ETHERNET_H #include -#elif HAVE_SYS_ETHERNET_H +#elif defined(HAVE_SYS_ETHERNET_H) #include -#elif HAVE_NETINET_IF_ETHER_H +#elif defined(HAVE_NETINET_IF_ETHER_H) #include #endif diff --git a/src/Analyzer.cc b/src/Analyzer.cc index 6ad1f7998f..c323f99e23 100644 --- a/src/Analyzer.cc +++ b/src/Analyzer.cc @@ -113,10 +113,8 @@ const Analyzer::Config Analyzer::analyzer_configs[] = { SMTP_Analyzer::Available, 0, false }, { AnalyzerTag::SSH, "SSH", SSH_Analyzer::InstantiateAnalyzer, SSH_Analyzer::Available, 0, false }, -#ifdef USE_OPENSSL { AnalyzerTag::SSL, "SSL", SSLProxy_Analyzer::InstantiateAnalyzer, SSLProxy_Analyzer::Available, 0, false }, -#endif { AnalyzerTag::Telnet, "TELNET", Telnet_Analyzer::InstantiateAnalyzer, Telnet_Analyzer::Available, 0, false }, @@ -167,9 +165,7 @@ const Analyzer::Config Analyzer::analyzer_configs[] = { { AnalyzerTag::Contents_SMB, "CONTENTS_SMB", 0, 0, 0, false }, { AnalyzerTag::Contents_RPC, "CONTENTS_RPC", 0, 0, 0, false }, { AnalyzerTag::Contents_NFS, "CONTENTS_NFS", 0, 0, 0, false }, -#ifdef USE_OPENSSL { AnalyzerTag::Contents_SSL, "CONTENTS_SSL", 0, 0, 0, false }, -#endif }; AnalyzerTimer::~AnalyzerTimer() diff --git a/src/AnalyzerTags.h b/src/AnalyzerTags.h index eafa5de300..9bf3efbd3c 100644 --- a/src/AnalyzerTags.h +++ b/src/AnalyzerTags.h @@ -29,9 +29,7 @@ namespace AnalyzerTag { DCE_RPC, DNS, Finger, FTP, Gnutella, HTTP, Ident, IRC, Login, NCP, NetbiosSSN, NFS, NTP, POP3, Portmapper, Rlogin, RPC, Rsh, SMB, SMTP, SSH, -#ifdef USE_OPENSSL SSL, -#endif Telnet, // Application-layer analyzers, binpac-generated. @@ -45,9 +43,7 @@ namespace AnalyzerTag { Contents, ContentLine, NVT, Zip, Contents_DNS, Contents_NCP, Contents_NetbiosSSN, Contents_Rlogin, Contents_Rsh, Contents_DCE_RPC, Contents_SMB, Contents_RPC, Contents_NFS, -#ifdef USE_OPENSSL Contents_SSL, -#endif // End-marker. LastAnalyzer }; diff --git a/src/BitTorrentTracker.cc b/src/BitTorrentTracker.cc index be72a17d26..50f6d0449c 100644 --- a/src/BitTorrentTracker.cc +++ b/src/BitTorrentTracker.cc @@ -8,13 +8,8 @@ #include #include -#ifdef USE_INT64 # define FMT_INT "%lld" # define FMT_UINT "%llu" -#else -# define FMT_INT "%d" -# define FMT_UINT "%u" -#endif static TableType* bt_tracker_headers = 0; static RecordType* bittorrent_peer; diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt new file mode 100644 index 0000000000..576ad1a844 --- /dev/null +++ b/src/CMakeLists.txt @@ -0,0 +1,399 @@ +include_directories(${CMAKE_CURRENT_SOURCE_DIR} + ${CMAKE_CURRENT_BINARY_DIR} +) + +configure_file(version.c.in ${CMAKE_CURRENT_BINARY_DIR}/version.c) + +# This creates a custom command to transform a bison output file (inFile) +# into outFile in order to avoid symbol conflicts: +# - replaces instances of 'yylex' in inFile with yylexPrefix +# - replaces instances of 'yy' in inFile with yyPrefix +# - deletes instances of 'extern char.*getenv' in inFile +# - writes results to outFile and adds it to list TRANSFORMED_BISON_OUTPUTS +macro(REPLACE_YY_PREFIX_TARGET inFile outFile yylexPrefix yyPrefix) + set(args "'/extern char.*getenv/d") + set(args "${args}\;s/yylex/${yylexPrefix}lex/") + set(args "${args}\;s/yy/${yyPrefix}/g'" < ${inFile} > ${outFile}) + add_custom_command(OUTPUT ${outFile} + COMMAND ${SED_EXE} + ARGS ${args} + DEPENDS ${inFile} + COMMENT "[sed] replacing stuff in ${inFile}" + ) + list(APPEND TRANSFORMED_BISON_OUTPUTS ${outFile}) +endmacro(REPLACE_YY_PREFIX_TARGET) + +######################################################################## +## Create targets to generate parser and scanner code + +set(BISON_FLAGS "--debug") + +# BIF parser/scanner +bison_target(BIFParser builtin-func.y + ${CMAKE_CURRENT_BINARY_DIR}/bif_parse.cc + HEADER ${CMAKE_CURRENT_BINARY_DIR}/bif_parse.h + VERBOSE ${CMAKE_CURRENT_BINARY_DIR}/bif_parse.output + COMPILE_FLAGS "${BISON_FLAGS}") +flex_target(BIFScanner builtin-func.l ${CMAKE_CURRENT_BINARY_DIR}/bif_lex.cc) +add_flex_bison_dependency(BIFScanner BIFParser) + +# Rule parser/scanner +bison_target(RuleParser rule-parse.y + ${CMAKE_CURRENT_BINARY_DIR}/rup.cc + HEADER ${CMAKE_CURRENT_BINARY_DIR}/rup.h + VERBOSE ${CMAKE_CURRENT_BINARY_DIR}/rule_parse.output + COMPILE_FLAGS "${BISON_FLAGS}") +replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/rup.cc + ${CMAKE_CURRENT_BINARY_DIR}/rule-parse.cc + rules_ rules_) +replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/rup.h + ${CMAKE_CURRENT_BINARY_DIR}/rule-parse.h + rules_ rules_) +flex_target(RuleScanner rule-scan.l ${CMAKE_CURRENT_BINARY_DIR}/rule-scan.cc + COMPILE_FLAGS "-Prules_") + +# RE parser/scanner +bison_target(REParser re-parse.y + ${CMAKE_CURRENT_BINARY_DIR}/rep.cc + HEADER ${CMAKE_CURRENT_BINARY_DIR}/re-parse.h + VERBOSE ${CMAKE_CURRENT_BINARY_DIR}/re_parse.output + COMPILE_FLAGS "${BISON_FLAGS}") +replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/rep.cc + ${CMAKE_CURRENT_BINARY_DIR}/re-parse.cc + re_ RE_) +flex_target(REScanner re-scan.l ${CMAKE_CURRENT_BINARY_DIR}/re-scan.cc + COMPILE_FLAGS "-Pre_") +add_flex_bison_dependency(REScanner REParser) + +# Parser/Scanner +bison_target(Parser parse.y + ${CMAKE_CURRENT_BINARY_DIR}/p.cc + HEADER ${CMAKE_CURRENT_BINARY_DIR}/broparse.h + VERBOSE ${CMAKE_CURRENT_BINARY_DIR}/parse.output + COMPILE_FLAGS "${BISON_FLAGS}") +replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/p.cc + ${CMAKE_CURRENT_BINARY_DIR}/parse.cc + bro yy) +flex_target(Scanner scan.l ${CMAKE_CURRENT_BINARY_DIR}/scan.cc + COMPILE_FLAGS "-Pbro") + +######################################################################## +## bifcl (BIF compiler) target + +set(bifcl_SRCS + ${BISON_BIFParser_OUTPUTS} + ${FLEX_BIFScanner_OUTPUTS} + bif_arg.cc +) + +add_executable(bifcl ${bifcl_SRCS}) + +target_link_libraries(bifcl) + +######################################################################## +## bifcl-dependent targets + +# A macro to define a command that uses the BIF compiler to produce +# C++ segments and Bro language declarations from .bif file +# The outputs are appended to list ALL_BIF_OUTPUTS +# Outputs that should be installed are appended to INSTALL_BIF_OUTPUTS +macro(BIF_TARGET bifInput) + get_bif_output_files(${bifInput} bifOutputs) + add_custom_command(OUTPUT ${bifOutputs} + COMMAND bifcl + ARGS ${CMAKE_CURRENT_SOURCE_DIR}/${bifInput} + DEPENDS ${bifInput} + COMMENT "[BIFCL] Processing ${bifInput}" + ) + list(APPEND ALL_BIF_OUTPUTS ${bifOutputs}) + list(APPEND INSTALL_BIF_OUTPUTS + ${CMAKE_CURRENT_BINARY_DIR}/${bifInput}.bro) +endmacro(BIF_TARGET) + +# returns a list of output files that bifcl will produce +# for given input file in ${outputFileVar} +macro(GET_BIF_OUTPUT_FILES inputFile outputFileVar) + set(${outputFileVar} + ${inputFile}.bro + ${inputFile}.func_def + ${inputFile}.func_h + ${inputFile}.func_init + ${inputFile}.netvar_def + ${inputFile}.netvar_h + ${inputFile}.netvar_init + ) +endmacro(GET_BIF_OUTPUT_FILES) + +set(BIF_SRCS + bro.bif + event.bif + const.bif + common-rw.bif + finger-rw.bif + ident-rw.bif + dns-rw.bif + ftp-rw.bif + smtp-rw.bif + http-rw.bif + strings.bif + smb-rw.bif +) + +foreach (bift ${BIF_SRCS}) + bif_target(${bift}) +endforeach () + +######################################################################## +## BinPAC-dependent targets + +set(BINPAC_AUXSRC + binpac.pac + bro.pac + binpac_bro.h +) + +# A macro to define a command that uses the BinPac compiler to +# produce C++ code that implements a protocol parser/analyzer +# The outputs of the command are appended to list ALL_BINPAC_OUTPUTS +macro(BINPAC_TARGET pacFile) + get_filename_component(basename ${pacFile} NAME_WE) + add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${basename}_pac.h + ${CMAKE_CURRENT_BINARY_DIR}/${basename}_pac.cc + COMMAND ${BinPAC_EXE} + ARGS -d ${CMAKE_CURRENT_BINARY_DIR} + -I ${CMAKE_CURRENT_SOURCE_DIR} + ${CMAKE_CURRENT_SOURCE_DIR}/${pacFile} + DEPENDS ${BinPAC_EXE} ${pacFile} + ${BINPAC_AUXSRC} ${ARGN} + COMMENT "[BINPAC] Processing ${pacFile}" + ) + list(APPEND ALL_BINPAC_OUTPUTS + ${CMAKE_CURRENT_BINARY_DIR}/${basename}_pac.h + ${CMAKE_CURRENT_BINARY_DIR}/${basename}_pac.cc) +endmacro(BINPAC_TARGET) + +binpac_target(binpac-lib.pac) +binpac_target(binpac_bro-lib.pac) +binpac_target(bittorrent.pac + bittorrent-protocol.pac bittorrent-analyzer.pac) +binpac_target(dce_rpc.pac + dce_rpc-protocol.pac dce_rpc-analyzer.pac) +binpac_target(dce_rpc_simple.pac + dce_rpc-protocol.pac) +binpac_target(dhcp.pac + dhcp-protocol.pac dhcp-analyzer.pac) +binpac_target(dns.pac + dns-protocol.pac dns-analyzer.pac) +binpac_target(dns_tcp.pac + dns.pac) +binpac_target(http.pac + http-protocol.pac http-analyzer.pac) +binpac_target(ncp.pac) +binpac_target(netflow.pac + netflow-protocol.pac netflow-analyzer.pac) +binpac_target(rpc.pac + rpc-analyzer.pac portmap-analyzer.pac) +binpac_target(smb.pac + smb-protocol.pac smb-pipe.pac smb-mailslot.pac) +binpac_target(ssl.pac + ssl-defs.pac ssl-protocol.pac ssl-analyzer.pac) +binpac_target(ssl-record-layer.pac + ssl-defs.pac ssl.pac) + +######################################################################## +## bro target + +# define a command that's used to run the make_dbg_constants.pl script +# building the bro binary depends on the outputs of this script +add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdConstants.h + ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdInfoConstants.cc + COMMAND ${PERL_EXECUTABLE} + ARGS ${CMAKE_CURRENT_SOURCE_DIR}/make_dbg_constants.pl + ${CMAKE_CURRENT_SOURCE_DIR}/DebugCmdInfoConstants.in + DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/make_dbg_constants.pl + ${CMAKE_CURRENT_SOURCE_DIR}/DebugCmdInfoConstants.in + COMMENT "[Perl] Processing debug commands" + WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} +) + +set(dns_SRCS nb_dns.c nb_dns.h) + +set(openssl_SRCS X509.cc SSLCiphers.cc SSLInterpreter.cc SSLProxy.cc + SSLv2.cc SSLv3.cc SSLv3Automaton.cc) + +if (USE_NMALLOC) + set(malloc_SRCS malloc.c) +endif () + +set(bro_SRCS + ${CMAKE_CURRENT_BINARY_DIR}/version.c + ${ALL_BIF_OUTPUTS} + ${ALL_BINPAC_OUTPUTS} + ${TRANSFORMED_BISON_OUTPUTS} + ${FLEX_RuleScanner_OUTPUTS} + ${FLEX_REScanner_OUTPUTS} + ${FLEX_Scanner_OUTPUTS} + ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdConstants.h + main.cc + net_util.cc + util.cc + Active.cc + Analyzer.cc + Anon.cc + ARP.cc + Attr.cc + BackDoor.cc + Base64.cc + BitTorrent.cc + BitTorrentTracker.cc + BPF_Program.cc + BroString.cc + CCL.cc + ChunkedIO.cc + CompHash.cc + Conn.cc + ConnCompressor.cc + ContentLine.cc + DCE_RPC.cc + DFA.cc + DHCP-binpac.cc + DNS.cc + DNS-binpac.cc + DNS_Mgr.cc + DbgBreakpoint.cc + DbgHelp.cc + DbgWatch.cc + Debug.cc + DebugCmds.cc + DebugLogger.cc + Desc.cc + Dict.cc + Discard.cc + DPM.cc + EquivClass.cc + Event.cc + EventHandler.cc + EventLauncher.cc + EventRegistry.cc + Expr.cc + FTP.cc + File.cc + FileAnalyzer.cc + Finger.cc + FlowSrc.cc + Frag.cc + Frame.cc + Func.cc + Gnutella.cc + HTTP.cc + HTTP-binpac.cc + Hash.cc + ICMP.cc + ID.cc + Ident.cc + IntSet.cc + InterConn.cc + IOSource.cc + IRC.cc + List.cc + Logger.cc + Login.cc + MIME.cc + NCP.cc + NFA.cc + NFS.cc + NTP.cc + NVT.cc + Net.cc + NetVar.cc + NetbiosSSN.cc + Obj.cc + OSFinger.cc + PacketFilter.cc + PacketSort.cc + PersistenceSerializer.cc + PktSrc.cc + PIA.cc + PolicyFile.cc + POP3.cc + Portmap.cc + PrefixTable.cc + PriorityQueue.cc + Queue.cc + RE.cc + RPC.cc + Reassem.cc + RemoteSerializer.cc + Rlogin.cc + RSH.cc + Rule.cc + RuleAction.cc + RuleCondition.cc + RuleMatcher.cc + ScriptAnaly.cc + SmithWaterman.cc + SMB.cc + SMTP.cc + SSH.cc + SSL-binpac.cc + Scope.cc + SerializationFormat.cc + SerialObj.cc + Serializer.cc + Sessions.cc + StateAccess.cc + Stats.cc + SteppingStone.cc + Stmt.cc + TCP.cc + TCP_Endpoint.cc + TCP_Reassembler.cc + TCP_Rewriter.cc + Telnet.cc + Timer.cc + Traverse.cc + Trigger.cc + TwoWise.cc + Type.cc + UDP.cc + Val.cc + Var.cc + XDR.cc + ZIP.cc + bsd-getopt-long.c + cq.c + md5.c + patricia.c + setsignal.c + UDP_Rewriter.cc + DNS_Rewriter.cc + PacketDumper.cc + Rewriter.cc + strsep.c + ${dns_SRCS} + ${malloc_SRCS} + ${openssl_SRCS} +) + +add_definitions(-DPOLICYDEST="${POLICYDIR}") + +add_executable(bro ${bro_SRCS}) + +set(brolibs + ${BinPAC_LIBRARY} + ${PCAP_LIBRARY} + ${OpenSSL_LIBRARIES} + ${BIND_LIBRARY} + ${OPTLIBS} +) + +include(ChangeMacInstallNames) +ChangeMacInstallNames(brolibs) + +target_link_libraries(bro ${brolibs}) + +install(TARGETS bro DESTINATION bin) +install(FILES ${INSTALL_BIF_OUTPUTS} DESTINATION ${POLICYDIR}) + +set(BRO_EXE bro + CACHE STRING "Bro executable binary" FORCE) diff --git a/src/ChunkedIO.cc b/src/ChunkedIO.cc index 7eb2158184..0db5675766 100644 --- a/src/ChunkedIO.cc +++ b/src/ChunkedIO.cc @@ -7,6 +7,7 @@ #include #include #include +#include #include "config.h" #include "ChunkedIO.h" @@ -650,11 +651,6 @@ void ChunkedIOFd::Stats(char* buffer, int length) ChunkedIO::Stats(buffer + i, length - i); } - -#ifdef USE_OPENSSL - -#include - SSL_CTX* ChunkedIOSSL::ctx; ChunkedIOSSL::ChunkedIOSSL(int arg_socket, bool arg_server) @@ -1174,8 +1170,6 @@ void ChunkedIOSSL::Stats(char* buffer, int length) ChunkedIO::Stats(buffer + i, length - i); } -#endif /* USE_OPENSSL */ - #ifdef HAVE_LIBZ bool CompressedChunkedIO::Init() diff --git a/src/ChunkedIO.h b/src/ChunkedIO.h index 393f6c8d5d..516f0f7ddc 100644 --- a/src/ChunkedIO.h +++ b/src/ChunkedIO.h @@ -11,6 +11,13 @@ #include +#ifdef NEED_KRB5_H +# include +#endif + +#include +#include + class CompressedChunkedIO; // #define DEBUG_COMMUNICATION 10 @@ -214,17 +221,7 @@ private: pid_t pid; }; -#ifdef USE_OPENSSL - -#ifdef NEED_KRB5_H -# include -#endif - -#include -#include - // Chunked I/O using an SSL connection. - class ChunkedIOSSL : public ChunkedIO { public: // Argument is an open socket and a flag indicating whether we are the @@ -287,8 +284,6 @@ private: static SSL_CTX* ctx; }; -#endif /* USE_OPENSSL */ - #ifdef HAVE_LIBZ #include diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index c205b1f829..742ff00b8f 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -6,11 +6,11 @@ #include #include -#if TIME_WITH_SYS_TIME +#ifdef TIME_WITH_SYS_TIME # include # include #else -# if HAVE_SYS_TIME_H +# ifdef HAVE_SYS_TIME_H # include # else # include @@ -53,9 +53,7 @@ public: const char* ReqHost() const { return host; } uint32 ReqAddr() const { return addr; } -#ifdef HAVE_NB_DNS int MakeRequest(nb_dns_info* nb_dns); -#endif int RequestPending() const { return request_pending; } void RequestDone() { request_pending = 0; } @@ -66,7 +64,6 @@ protected: int request_pending; }; -#ifdef HAVE_NB_DNS int DNS_Mgr_Request::MakeRequest(nb_dns_info* nb_dns) { if ( ! nb_dns ) @@ -80,7 +77,6 @@ int DNS_Mgr_Request::MakeRequest(nb_dns_info* nb_dns) else return nb_dns_addr_request(nb_dns, addr, (void*) this, err) >= 0; } -#endif class DNS_Mapping { public: @@ -350,13 +346,11 @@ DNS_Mgr::DNS_Mgr(DNS_MgrMode arg_mode) host_mappings.SetDeleteFunc(DNS_Mgr_mapping_delete_func); addr_mappings.SetDeleteFunc(DNS_Mgr_mapping_delete_func); -#ifdef HAVE_NB_DNS char err[NB_DNS_ERRSIZE]; nb_dns = nb_dns_init(err); if ( ! nb_dns ) warn(fmt("problem initializing NB-DNS: %s", err)); -#endif dns_mapping_valid = dns_mapping_unverified = dns_mapping_new_name = dns_mapping_lost_name = dns_mapping_name_changed = @@ -372,10 +366,8 @@ DNS_Mgr::DNS_Mgr(DNS_MgrMode arg_mode) DNS_Mgr::~DNS_Mgr() { -#ifdef HAVE_NB_DNS if ( nb_dns ) nb_dns_finish(nb_dns); -#endif delete [] cache_name; delete [] dir; @@ -410,14 +402,12 @@ bool DNS_Mgr::Init() did_init = 1; -#ifdef HAVE_NB_DNS io_sources.Register(this, true); // We never set idle to false, having the main loop only calling us from // time to time. If we're issuing more DNS requests than we can handle // in this way, we are having problems anyway ... idle = true; -#endif return true; } @@ -531,7 +521,6 @@ void DNS_Mgr::Resolve() int i; -#ifdef HAVE_NB_DNS int first_req = 0; int num_pending = min(requests.length(), MAX_PENDING_REQUESTS); int last_req = num_pending - 1; @@ -597,7 +586,6 @@ void DNS_Mgr::Resolve() --num_pending; } } -#endif // All done with the list of requests. for ( i = requests.length() - 1; i >= 0; --i ) @@ -860,7 +848,6 @@ TableVal* DNS_Mgr::LookupNameInCache(string name) return d->AddrsSet(); } -#ifdef HAVE_NB_DNS void DNS_Mgr::AsyncLookupAddr(dns_mgr_addr_type host, LookupCallback* callback) { if ( ! did_init ) @@ -956,13 +943,10 @@ void DNS_Mgr::IssueAsyncRequests() ++asyncs_pending; } } -#endif void DNS_Mgr::GetFds(int* read, int* write, int* except) { -#ifdef HAVE_NB_DNS *read = nb_dns_fd(nb_dns); -#endif } double DNS_Mgr::NextTimestamp(double* network_time) @@ -971,7 +955,6 @@ double DNS_Mgr::NextTimestamp(double* network_time) return asyncs_timeouts.size() ? timer_mgr->Time() : -1.0; } -#ifdef HAVE_NB_DNS void DNS_Mgr::CheckAsyncAddrRequest(dns_mgr_addr_type addr, bool timeout) { // Note that this code is a mirror of that for CheckAsyncHostRequest. @@ -1030,13 +1013,9 @@ void DNS_Mgr::CheckAsyncHostRequest(const char* host, bool timeout) // eventually times out. } } -#endif void DNS_Mgr::Process() { -#ifndef HAVE_NB_DNS - internal_error("DNS_Mgr::Process(): should never be reached"); -#else while ( asyncs_timeouts.size() > 0 ) { @@ -1084,9 +1063,8 @@ void DNS_Mgr::Process() IssueAsyncRequests(); } -#endif } -#ifdef HAVE_NB_DNS + int DNS_Mgr::AnswerAvailable(int timeout) { int fd = nb_dns_fd(nb_dns); @@ -1116,4 +1094,3 @@ int DNS_Mgr::AnswerAvailable(int timeout) return status; } -#endif diff --git a/src/DNS_Mgr.h b/src/DNS_Mgr.h index 7431f7d987..580eae92f1 100644 --- a/src/DNS_Mgr.h +++ b/src/DNS_Mgr.h @@ -79,10 +79,8 @@ public: virtual void Timeout() = 0; }; -#ifdef HAVE_NB_DNS void AsyncLookupAddr(dns_mgr_addr_type host, LookupCallback* callback); void AsyncLookupName(string name, LookupCallback* callback); -#endif protected: friend class LookupCallback; @@ -102,7 +100,6 @@ protected: void LoadCache(FILE* f); void Save(FILE* f, PDict(DNS_Mapping)& m); -#ifdef HAVE_NB_DNS // Selects on the fd to see if there is an answer available (timeout is // secs). Returns 0 on timeout, -1 on EINTR, and 1 if answer is ready. int AnswerAvailable(int timeout); @@ -115,8 +112,6 @@ protected: void CheckAsyncAddrRequest(dns_mgr_addr_type addr, bool timeout); void CheckAsyncHostRequest(const char* host, bool timeout); -#endif - // IOSource interface. virtual void GetFds(int* read, int* write, int* except); virtual double NextTimestamp(double* network_time); diff --git a/src/Desc.cc b/src/Desc.cc index 0a494bcd9c..baf3ad1160 100644 --- a/src/Desc.cc +++ b/src/Desc.cc @@ -105,7 +105,6 @@ void ODesc::Add(uint32 u) } } -#ifdef USE_INT64 void ODesc::Add(int64 i) { if ( IsBinary() ) @@ -129,7 +128,6 @@ void ODesc::Add(uint64 u) Add(tmp); } } -#endif void ODesc::Add(double d) { diff --git a/src/Desc.h b/src/Desc.h index de09f12be4..49b331d51b 100644 --- a/src/Desc.h +++ b/src/Desc.h @@ -57,10 +57,8 @@ public: void AddN(const char* s, int len) { AddBytes(s, len); } void Add(int i); void Add(uint32 u); -#ifdef USE_INT64 void Add(int64 i); void Add(uint64 u); -#endif void Add(double d); // Add s as a counted string. diff --git a/src/File.cc b/src/File.cc index d72c67b4ef..3d3401471f 100644 --- a/src/File.cc +++ b/src/File.cc @@ -5,11 +5,11 @@ #include "config.h" #include -#if TIME_WITH_SYS_TIME +#ifdef TIME_WITH_SYS_TIME # include # include #else -# if HAVE_SYS_TIME_H +# ifdef HAVE_SYS_TIME_H # include # else # include @@ -233,10 +233,7 @@ BroFile::~BroFile() delete [] name; delete [] access; - -#ifdef USE_OPENSSL delete [] cipher_buffer; -#endif #ifdef USE_PERFTOOLS heap_checker->UnIgnoreObject(this); @@ -257,12 +254,9 @@ void BroFile::Init() print_hook = true; raw_output = false; t = 0; - -#ifdef USE_OPENSSL pub_key = 0; cipher_ctx = 0; cipher_buffer = 0; -#endif #ifdef USE_PERFTOOLS heap_checker->IgnoreObject(this); @@ -348,9 +342,7 @@ int BroFile::Close() if ( ! is_open ) return 1; -#ifdef USE_OPENSSL FinishEncrypt(); -#endif // Do not close stdout/stderr. if ( f == stdout || f == stderr ) @@ -640,19 +632,6 @@ void BroFile::CloseCachedFiles() } } -#ifndef USE_OPENSSL - -void BroFile::InitEncrypt(const char* keyfile) - { - if ( keyfile ) - { - error("file encryption requested, but OpenSSL support not compiled in."); - Close(); - } - } - -#else - void BroFile::InitEncrypt(const char* keyfile) { if ( ! (pub_key || keyfile) ) @@ -716,14 +695,12 @@ void BroFile::InitEncrypt(const char* keyfile) int buf_size = MIN_BUFFER_SIZE + EVP_CIPHER_block_size(cipher_type); cipher_buffer = new unsigned char[buf_size]; } -#endif void BroFile::FinishEncrypt() { if ( ! is_open ) return; -#ifdef USE_OPENSSL if ( ! pub_key ) return; @@ -742,7 +719,6 @@ void BroFile::FinishEncrypt() delete cipher_ctx; cipher_ctx = 0; } -#endif } @@ -757,7 +733,6 @@ int BroFile::Write(const char* data, int len) if ( ! len ) len = strlen(data); -#ifdef USE_OPENSSL if ( cipher_ctx ) { while ( len ) @@ -789,7 +764,6 @@ int BroFile::Write(const char* data, int len) return 1; } -#endif len = fwrite(data, 1, len, f); if ( len <= 0 ) diff --git a/src/File.h b/src/File.h index aa76b665b6..250729532d 100644 --- a/src/File.h +++ b/src/File.h @@ -10,7 +10,6 @@ #include "Obj.h" #include "Attr.h" -#ifdef USE_OPENSSL # ifdef NEED_KRB5_H # include # endif // NEED_KRB5_H @@ -19,7 +18,6 @@ extern "C" { # include "openssl/pem.h" # include "openssl/err.h" } -#endif class BroType; class RotateTimer; @@ -149,13 +147,11 @@ protected: static double default_rotation_interval; static double default_rotation_size; -#ifdef USE_OPENSSL EVP_PKEY* pub_key; EVP_CIPHER_CTX* cipher_ctx; static const int MIN_BUFFER_SIZE = 1024; unsigned char* cipher_buffer; -#endif }; diff --git a/src/FileAnalyzer.cc b/src/FileAnalyzer.cc index 91645334ad..7f9e0b2c2d 100644 --- a/src/FileAnalyzer.cc +++ b/src/FileAnalyzer.cc @@ -7,10 +7,6 @@ magic_t File_Analyzer::magic = 0; magic_t File_Analyzer::magic_mime = 0; #endif -#ifdef HAVE_LIBCLAMAV -struct cl_node* File_Analyzer::clam_root = 0; -#endif - File_Analyzer::File_Analyzer(Connection* conn) : TCP_ApplicationAnalyzer(AnalyzerTag::File, conn) { @@ -23,11 +19,6 @@ File_Analyzer::File_Analyzer(Connection* conn) InitMagic(&magic_mime, MAGIC_MIME); } #endif - -#ifdef HAVE_LIBCLAMAV - if ( ! clam_root ) - InitClamAV(); -#endif } void File_Analyzer::DeliverStream(int len, const u_char* data, bool orig) @@ -74,19 +65,6 @@ void File_Analyzer::Identify() vl->append(new StringVal(descr ? descr : "")); vl->append(new StringVal(mime ? mime : "")); ConnectionEvent(file_transferred, vl); - -#ifdef HAVE_LIBCLAMAV - const char* virname; - int ret = cl_scanbuff(buffer, buffer_len, &virname, clam_root); - - if ( ret == CL_VIRUS ) - { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(virname)); - ConnectionEvent(file_virus, vl); - } -#endif } #ifdef HAVE_LIBMAGIC @@ -105,27 +83,3 @@ void File_Analyzer::InitMagic(magic_t* magic, int flags) } } #endif - -#ifdef HAVE_LIBCLAMAV -void File_Analyzer::InitClamAV() - { - unsigned int sigs; - int ret = cl_loaddbdir(cl_retdbdir(), &clam_root, &sigs); - - if ( ret ) - { - error(fmt("can't load ClamAV database: %s", cl_perror(ret))); - clam_root = 0; - return; - } - - ret = cl_build(clam_root); - if ( ret ) - { - error(fmt("can't init ClamAV database: %s", cl_perror(ret))); - cl_free(clam_root); - clam_root = 0; - return; - } - } -#endif diff --git a/src/FileAnalyzer.h b/src/FileAnalyzer.h index a978181d57..f343547210 100644 --- a/src/FileAnalyzer.h +++ b/src/FileAnalyzer.h @@ -11,10 +11,6 @@ #include #endif -#ifdef HAVE_LIBCLAMAV -#include -#endif - class File_Analyzer : public TCP_ApplicationAnalyzer { public: File_Analyzer(Connection* conn); @@ -43,11 +39,6 @@ protected: static magic_t magic; static magic_t magic_mime; #endif - -#ifdef HAVE_LIBCLAMAV - static void InitClamAV(); - static struct cl_node *clam_root; -#endif }; #endif diff --git a/src/FlowSrc.cc b/src/FlowSrc.cc index e97ad8eb25..4f94d7e4a8 100644 --- a/src/FlowSrc.cc +++ b/src/FlowSrc.cc @@ -12,6 +12,7 @@ #include "FlowSrc.h" #include "Net.h" #include "netflow_pac.h" +#include FlowSrc::FlowSrc() { // TODO: v9. @@ -28,10 +29,8 @@ FlowSrc::~FlowSrc() void FlowSrc::GetFds(int* read, int* write, int* except) { -#ifdef USE_SELECT_LOOP if ( selectable_fd >= 0 ) *read = selectable_fd; -#endif } double FlowSrc::NextTimestamp(double* network_time) diff --git a/src/Func.cc b/src/Func.cc index 0657cfa2c4..5d71be2b0f 100644 --- a/src/Func.cc +++ b/src/Func.cc @@ -6,11 +6,11 @@ #include #include -#if TIME_WITH_SYS_TIME +#ifdef TIME_WITH_SYS_TIME # include # include #else -# if HAVE_SYS_TIME_H +# ifdef HAVE_SYS_TIME_H # include # else # include diff --git a/src/Hash.cc b/src/Hash.cc index 47216a8d9d..ef8b2a61cf 100644 --- a/src/Hash.cc +++ b/src/Hash.cc @@ -237,8 +237,6 @@ HashKey::HashKey(bro_uint_t u) is_our_dynamic = 0; } -#ifdef USE_INT64 - HashKey::HashKey(uint32 u) { key_u.u32 = u; @@ -248,8 +246,6 @@ HashKey::HashKey(uint32 u) is_our_dynamic = 0; } -#endif // USE_INT64 - HashKey::HashKey(const uint32 u[], int n) { size = n * sizeof(u[0]); diff --git a/src/Hash.h b/src/Hash.h index 5ed41b05e9..fa1f00f91f 100644 --- a/src/Hash.h +++ b/src/Hash.h @@ -24,9 +24,7 @@ class HashKey { public: HashKey(bro_int_t i); HashKey(bro_uint_t u); -#ifdef USE_INT64 HashKey(uint32 u); -#endif HashKey(const uint32 u[], int n); HashKey(double d); HashKey(const void* p); @@ -78,9 +76,7 @@ protected: union { bro_int_t i; -#ifdef USE_INT64 uint32 u32; -#endif double d; const void* p; } key_u; diff --git a/src/Net.cc b/src/Net.cc index 73b02aa141..80ad234b64 100644 --- a/src/Net.cc +++ b/src/Net.cc @@ -5,11 +5,11 @@ #include "config.h" #include -#if TIME_WITH_SYS_TIME +#ifdef TIME_WITH_SYS_TIME # include # include #else -# if HAVE_SYS_TIME_H +# ifdef HAVE_SYS_TIME_H # include # else # include @@ -34,10 +34,6 @@ #include "Serializer.h" #include "PacketDumper.h" -#ifdef USE_DAG -#include "PktDagSrc.h" -#endif - extern "C" { #include "setsignal.h" }; @@ -243,12 +239,7 @@ void net_init(name_list& interfaces, name_list& readfiles, for ( int i = 0; i < interfaces.length(); ++i ) { PktSrc* ps; -#ifdef USE_DAG - if ( strncmp(interfaces[i], "dag", 3) == 0 ) - ps = new PktDagSrc(interfaces[i], filter); - else -#endif - ps = new PktInterfaceSrc(interfaces[i], filter); + ps = new PktInterfaceSrc(interfaces[i], filter); if ( ! ps->IsOpen() ) { @@ -265,14 +256,8 @@ void net_init(name_list& interfaces, name_list& readfiles, if ( secondary_filter ) { PktSrc* ps; -#ifdef USE_DAG - if ( strncmp(interfaces[i], "dag", 3) == 0 ) - ps = new PktDagSrc(interfaces[i], - filter, TYPE_FILTER_SECONDARY); - else -#endif - ps = new PktInterfaceSrc(interfaces[i], - filter, TYPE_FILTER_SECONDARY); + ps = new PktInterfaceSrc(interfaces[i], + filter, TYPE_FILTER_SECONDARY); if ( ! ps->IsOpen() ) { diff --git a/src/PktDagSrc.cc b/src/PktDagSrc.cc deleted file mode 100644 index 1a5c6573de..0000000000 --- a/src/PktDagSrc.cc +++ /dev/null @@ -1,294 +0,0 @@ -// $Id: PktDagSrc.cc 6909 2009-09-10 19:42:19Z vern $ -// -// See the file "COPYING" in the main distribution directory for copyright. - -#include "config.h" - -#ifdef USE_DAG - -extern "C" { -#include -#include -} -#include - -#include -#include - -#include "PktDagSrc.h" - -// Length of ERF Header before Ethernet header. -#define DAG_ETH_ERFLEN 18 - -static set used_interfaces; - -PktDagSrc::PktDagSrc(const char* arg_interface, const char* filter, - PktSrc_Filter_Type ft) -: PktSrc() - { - interface = copy_string(fmt("/dev/%s", arg_interface)); - fd = -1; - closed = true; - - if ( used_interfaces.find(interface) != used_interfaces.end() ) - { - Error("DAG interface already in use, can't be used multiple times"); - return; - } - - - // We only support Ethernet. - hdr_size = 14; - datalink = DLT_EN10MB; - filter_type = ft; - netmask = 0xffffff00; // XXX does this make sense? - - current_filter = 0; - - // We open a dummy pcap file to get access to pcap data structures. - // Ideally, Bro's PktSrc would be less dependent on pcap ... - - pd = pcap_open_dead(datalink, snaplen); - if ( ! pd ) - { - // Note: errno not trustworthy, for example it's sometimes - // set by malloc inside pcap_open_dead(). - Error("pcap_open_dead"); - return; - } - - fd = dag_open(interface); - - // XXX Currently, the DAG fd is not selectable :-(. - selectable_fd = -1; - - if ( fd < 0 ) - { - Error("dag_open"); - return; - } - - int dag_recordtype = dag_linktype(fd); - if ( dag_recordtype < TYPE_MIN || dag_recordtype > TYPE_MAX ) - { - Error("dag_linktype"); - return; - } - - if ( dag_recordtype != TYPE_ETH ) - { - sprintf(errbuf, "unsupported DAG link type 0x%x", dag_recordtype); - return; - } - - // long= is needed to prevent the DAG card from truncating jumbo frames. - char* dag_configure_string = - copy_string(fmt("slen=%d varlen long=%d", - snaplen, snaplen > 1500 ? snaplen : 1500)); - - fprintf(stderr, "Configuring %s with options \"%s\"...\n", - interface, dag_configure_string); - - if ( dag_configure(fd, dag_configure_string) < 0 ) - { - Error("dag_configure"); - delete [] dag_configure_string; - return; - } - - delete [] dag_configure_string; - - if ( dag_attach_stream(fd, stream_num, 0, EXTRA_WINDOW_SIZE) < 0 ) - { - Error("dag_attach_stream"); - return; - } - - if ( dag_start_stream(fd, stream_num) < 0 ) - { - Error("dag_start_stream"); - return; - } - - struct timeval maxwait, poll; - maxwait.tv_sec = 0; // arbitrary due to mindata == 0 - maxwait.tv_usec = 0; - poll.tv_sec = 0; // don't wait until more data arrives. - poll.tv_usec = 0; - - // mindata == 0 for non-blocking. - if ( dag_set_stream_poll(fd, stream_num, 0, &maxwait, &poll) < 0 ) - { - Error("dag_set_stream_poll"); - return; - } - - closed = false; - - if ( PrecompileFilter(0, filter) && SetFilter(0) ) - fprintf(stderr, "listening on DAG card on %s\n", interface); - - stats.link = stats.received = stats.dropped = 0; - } - -PktDagSrc::~PktDagSrc() - { - } - - -void PktDagSrc::Close() - { - if ( fd >= 0 ) - { - PktSrc::Close(); - dag_stop_stream(fd, stream_num); - dag_detach_stream(fd, stream_num); - dag_close(fd); - fd = -1; - } - - closed = true; - used_interfaces.erase(interface); - } - -int PktDagSrc::ExtractNextPacket() - { - unsigned link_count = 0; // # packets on link for this call - - // As we can't use select() on the fd, we always have to pretend - // we're busy (in fact this is probably even true; otherwise - // we shouldn't be using such expensive monitoring hardware!). - idle = false; - - struct bpf_insn* fcode = current_filter->bf_insns; - if ( ! fcode ) - { - run_time("filter code not valid when extracting DAG packet"); - return 0; - } - - dag_record_t* r = 0; - - do - { - r = (dag_record_t*) dag_rx_stream_next_record(fd, 0); - - if ( ! r ) - { - data = last_data = 0; // make dataptr invalid - - if ( errno != EAGAIN ) - { - run_time(fmt("dag_rx_stream_next_record: %s", - strerror(errno))); - Close(); - return 0; - } - - else - { // gone dry - idle = true; - return 0; - } - } - - // Return after 20 unwanted packets on the link. - if ( ++link_count > 20 ) - { - data = last_data = 0; - return 0; - } - - hdr.len = ntohs(r->wlen); - hdr.caplen = ntohs(r->rlen) - DAG_ETH_ERFLEN; - - // Locate start of the Ethernet header. - data = last_data = (const u_char*) r->rec.eth.dst; - - ++stats.link; - // lctr_sum += ntohs(r->lctr); - stats.dropped += ntohs(r->lctr); - } - while ( ! bpf_filter(fcode, (u_char*) data, hdr.len, hdr.caplen) ); - - ++stats.received; - - // Timestamp conversion taken from DAG programming manual. - unsigned long long lts = r->ts; - hdr.ts.tv_sec = lts >> 32; - lts = ((lts & 0xffffffffULL) * 1000 * 1000); - lts += (lts & 0x80000000ULL) << 1; - hdr.ts.tv_usec = lts >> 32; - if ( hdr.ts.tv_usec >= 1000000 ) - { - hdr.ts.tv_usec -= 1000000; - hdr.ts.tv_sec += 1; - } - - next_timestamp = hdr.ts.tv_sec + double(hdr.ts.tv_usec) / 1e6; - - return 1; - } - -void PktDagSrc::GetFds(int* read, int* write, int* except) - { - // We don't have a selectable fd, but we take the opportunity to - // reset our idle flag if we have data now. - if ( ! data ) - ExtractNextPacket(); - } - -void PktDagSrc::Statistics(Stats* s) - { - s->received = stats.received; - s->dropped = stats.dropped; - s->link = stats.link + stats.dropped; - } - -int PktDagSrc::SetFilter(int index) - { - // We don't want load-level filters for the secondary path. - if ( filter_type == TYPE_FILTER_SECONDARY && index > 0 ) - return 1; - - HashKey* hash = new HashKey(HashKey(bro_int_t(index))); - BPF_Program* code = filters.Lookup(hash); - delete hash; - - if ( ! code ) - { - sprintf(errbuf, "No precompiled pcap filter for index %d", - index); - return 0; - } - - current_filter = code->GetProgram(); - - // Reset counters. - stats.received = stats.dropped = stats.link = 0; - - return 1; - } - -int PktDagSrc::SetNewFilter(const char* filter) - { - bpf_program* code = 0; - - if ( pcap_compile(pd, code, (char*) filter, 1, netmask) < 0 ) - { - snprintf(errbuf, sizeof(errbuf), "pcap_compile(%s): %s", - filter, pcap_geterr(pd)); - errbuf[sizeof(errbuf) - 1] = '\0'; - return 0; - } - - current_filter = code; - return 1; - } - -void PktDagSrc::Error(const char *s) - { - snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", s, strerror(errno)); - Close(); - } -#endif diff --git a/src/PktDagSrc.h b/src/PktDagSrc.h deleted file mode 100644 index c7ea49e106..0000000000 --- a/src/PktDagSrc.h +++ /dev/null @@ -1,54 +0,0 @@ -// $Id: PktDagSrc.h 6219 2008-10-01 05:39:07Z vern $ -// -// See the file "COPYING" in the main distribution directory for copyright. -// -// Support for Endace's DAG interface card. -// -// Caveats: -// - No support for hardware-side filtering yet. -// - No support for secondary filter path yet. -// - No support for other media than Ethernet. -// - Mutex should be per interface -// - No support for multiple rx streams - -#ifndef PKTDAGSRC_H -#define PKTDAGSRC_H - -#ifdef USE_DAG - -extern int snaplen; - -#include "PktSrc.h" - -class PktDagSrc : public PktSrc { -public: - PktDagSrc(const char* interface, const char* filter, - PktSrc_Filter_Type ft = TYPE_FILTER_NORMAL); - virtual ~PktDagSrc(); - - // PktSrc interface: - virtual void Statistics(Stats* stats); - virtual int SetFilter(int index); - virtual int SetNewFilter(const char* filter); - -protected: - virtual int ExtractNextPacket(); - virtual void GetFds(int* read, int* write, int* except); - virtual void Close(); - - void Error(const char* str); - - static const unsigned int EXTRA_WINDOW_SIZE = 4 * 1024 * 1024; - static const int stream_num = 0; // use receive stream 0 - - // Unfortunaly the DAG API has some problems with locking streams, - // so we do our own checks to ensure we don't use more than one - // stream. In particular, the secondary filter won't work. - static int mutex; - - int fd; - bpf_program* current_filter; -}; -#endif - -#endif diff --git a/src/PktSrc.cc b/src/PktSrc.cc index bd92982722..dea20c1396 100644 --- a/src/PktSrc.cc +++ b/src/PktSrc.cc @@ -65,10 +65,8 @@ void PktSrc::GetFds(int* read, int* write, int* except) return; } -#ifdef USE_SELECT_LOOP if ( selectable_fd >= 0 ) *read = selectable_fd; -#endif } int PktSrc::ExtractNextPacket() @@ -90,11 +88,7 @@ int PktSrc::ExtractNextPacket() if ( ! first_timestamp ) first_timestamp = next_timestamp; -#ifdef USE_SELECT_LOOP idle = (data == 0); -#else - idle = false; -#endif if ( data ) ++stats.received; @@ -370,16 +364,12 @@ PktInterfaceSrc::PktInterfaceSrc(const char* arg_interface, const char* filter, netmask = 0xffffff00; } -#ifdef USE_SELECT_LOOP // We use the smallest time-out possible to return almost immediately if // no packets are available. (We can't use set_nonblocking() as it's // broken on FreeBSD: even when select() indicates that we can read // something, we may get nothing if the store buffer hasn't filled up // yet.) pd = pcap_open_live(interface, snaplen, 1, 1, tmp_errbuf); -#else - pd = pcap_open_live(interface, snaplen, 1, PCAP_TIMEOUT, tmp_errbuf); -#endif if ( ! pd ) { @@ -394,8 +384,6 @@ PktInterfaceSrc::PktInterfaceSrc(const char* arg_interface, const char* filter, fprintf(stderr, "pcap bufsize = %d\n", ((struct pcap *) pd)->bufsize); #endif -#ifdef USE_SELECT_LOOP - #ifdef HAVE_LINUX if ( pcap_setnonblock(pd, 1, tmp_errbuf) < 0 ) { @@ -407,7 +395,6 @@ PktInterfaceSrc::PktInterfaceSrc(const char* arg_interface, const char* filter, } #endif selectable_fd = pcap_fileno(pd); -#endif if ( PrecompileFilter(0, filter) && SetFilter(0) ) { @@ -437,7 +424,6 @@ PktFileSrc::PktFileSrc(const char* arg_readfile, const char* filter, // Unknown link layer type. return; -#ifdef USE_SELECT_LOOP // We don't put file sources into non-blocking mode as // otherwise we would not be able to identify the EOF // via next_packet(). @@ -446,7 +432,6 @@ PktFileSrc::PktFileSrc(const char* arg_readfile, const char* filter, if ( selectable_fd < 0 ) internal_error("OS does not support selectable pcap fd"); -#endif } else closed = true; diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index 203bcd04f5..8577435502 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -161,11 +161,11 @@ #include #include "config.h" -#if TIME_WITH_SYS_TIME +#ifdef TIME_WITH_SYS_TIME # include # include #else -# if HAVE_SYS_TIME_H +# ifdef HAVE_SYS_TIME_H # include # else # include @@ -1170,14 +1170,6 @@ bool RemoteSerializer::Listen(addr_type ip, uint16 port, bool expect_ssl) if ( ! using_communication ) return true; -#ifndef USE_OPENSSL - if ( expect_ssl ) - { - Error("listening for SSL connections requested, but SSL support is not compiled in"); - return false; - } -#endif - if ( ! initialized ) internal_error("remote serializer not initialized"); @@ -3481,13 +3473,7 @@ bool SocketComm::Connect(Peer* peer) { if ( peer->ssl ) { -#ifdef USE_OPENSSL peer->io = new ChunkedIOSSL(sockfd, false); -#else - run_time("SSL connection requested, but SSL support not compiled in"); - CloseConnection(peer, false); - return 0; -#endif } else peer->io = new ChunkedIOFd(sockfd, "child->peer"); @@ -3621,15 +3607,10 @@ bool SocketComm::AcceptConnection(int fd) peer->ssl = (fd == listen_fd_ssl); peer->compressor = false; -#ifdef USE_OPENSSL if ( peer->ssl ) peer->io = new ChunkedIOSSL(clientfd, true); else peer->io = new ChunkedIOFd(clientfd, "child->peer"); -#else - assert(! peer->ssl); - peer->io = new ChunkedIOFd(clientfd, "child->peer"); -#endif if ( ! peer->io->Init() ) { diff --git a/src/SSL-binpac.cc b/src/SSL-binpac.cc index 73f2852aa7..551861aaee 100644 --- a/src/SSL-binpac.cc +++ b/src/SSL-binpac.cc @@ -71,10 +71,5 @@ void SSL_Analyzer_binpac::generate_warnings() if ( ssl_store_key_material ) warn_("storage of key material (ssl_store_key_material) not supported"); -#ifndef USE_OPENSSL - if ( ssl_verify_certificates ) - warn_("verification of certificates (ssl_verify_certificates) not supported due to non-existing OpenSSL support"); -#endif - warnings_generated = true; } diff --git a/src/SSLInterpreter.cc b/src/SSLInterpreter.cc index 0f12915ef5..7e185c9e7f 100644 --- a/src/SSLInterpreter.cc +++ b/src/SSLInterpreter.cc @@ -3,9 +3,7 @@ #include "SSLInterpreter.h" #include "SSLv2.h" -#ifdef USE_OPENSSL #include "X509.h" -#endif #include #include @@ -173,17 +171,12 @@ void SSL_Interpreter::analyzeCertificate(SSL_InterpreterEndpoint* s, int invalid = 0; switch ( type ) { case SSLv2_CT_X509_CERTIFICATE: -#ifdef USE_OPENSSL if ( ! isChain ) invalid = X509_Cert::verify(s->GetProxyEndpoint(), pCert, certLength); else invalid = X509_Cert::verifyChain(s->GetProxyEndpoint(), data, length); -#else - proxy->Weak("SSL: Could not verify certificate (missing OpenSSL support)!"); - invalid = 0; -#endif break; default: diff --git a/src/TCP_Endpoint.cc b/src/TCP_Endpoint.cc index 826c7f5636..6cb52f1f03 100644 --- a/src/TCP_Endpoint.cc +++ b/src/TCP_Endpoint.cc @@ -161,8 +161,6 @@ bro_int_t TCP_Endpoint::Size() const { bro_int_t size; -#ifdef USE_INT64 - uint64 last_seq_64 = (uint64(last_seq_high) << 32) | last_seq; uint64 ack_seq_64 = (uint64(ack_seq_high) << 32) | ack_seq; if ( last_seq_64 > ack_seq_64 ) @@ -170,26 +168,6 @@ bro_int_t TCP_Endpoint::Size() const else size = ack_seq_64 - start_seq; -#else - - if ( seq_delta(last_seq, ack_seq) > 0 || ack_seq == start_seq + 1 ) - // Either last_seq corresponds to more data sent than we've - // seen ack'd, or we haven't seen any data ack'd (in which - // case we should trust last_seq anyway). This last test - // matters for the case in which the connection has - // transferred > 2 GB of data, in which case we will find - // seq_delta(last_seq, ack_seq) < 0 even if ack_seq - // corresponds to no data transferred. - size = last_seq - start_seq; - - else - // It could be that ack_seq > last_seq, if we've seen an - // ack for the connection (say in a FIN) without seeing - // the corresponding data. - size = ack_seq - start_seq; - -#endif - // Don't include SYN octet in sequence space. For partial connections // (no SYN seen), we're still careful to adjust start_seq as though // there was an initial SYN octet, because if we don't then the diff --git a/src/Val.cc b/src/Val.cc index 91c0159158..9a1ee700ff 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -524,7 +524,7 @@ Val* Val::SizeVal() const { switch ( type->InternalType() ) { case TYPE_INTERNAL_INT: - return new Val(abs(val.int_val), TYPE_COUNT); + return new Val(llabs(val.int_val), TYPE_COUNT); case TYPE_INTERNAL_UNSIGNED: return new Val(val.uint_val, TYPE_COUNT); diff --git a/src/Val.h b/src/Val.h index 925015c9c1..5a2faee9d7 100644 --- a/src/Val.h +++ b/src/Val.h @@ -127,7 +127,6 @@ public: #endif } -#ifdef USE_INT64 Val(int64 i, TypeTag t) { val.int_val = i; @@ -147,7 +146,6 @@ public: bound_id = 0; #endif } -#endif // USE_INT64 Val(double d, TypeTag t) { diff --git a/src/bro.bif b/src/bro.bif index a4111bb041..0de77bfc49 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -222,25 +222,15 @@ static void do_fmt(const char*& fmt, Val* v, ODesc* d) u = ntohl(uint32(u)); } -#ifdef USE_INT64 snprintf(fmt_buf, sizeof(fmt_buf), "%%%s%s", num_fmt, *fmt == 'd' ? "llu" : "llx"); -#else - snprintf(fmt_buf, sizeof(fmt_buf), "%%%s%c", num_fmt, - *fmt == 'd' ? 'u' : 'x'); -#endif snprintf(out_buf, sizeof(out_buf), fmt_buf, u); } else { -#ifdef USE_INT64 snprintf(fmt_buf, sizeof(fmt_buf), "%%%s%s", num_fmt, *fmt == 'd' ? "lld" : "llx"); -#else - snprintf(fmt_buf, sizeof(fmt_buf), "%%%s%c", num_fmt, - *fmt == 'd' ? 'd' : 'x'); -#endif snprintf(out_buf, sizeof(out_buf), fmt_buf, v->CoerceToInt()); } @@ -2818,10 +2808,6 @@ private: # function result. Therefore, they can only be called inside a when-condition. function lookup_addr%(host: addr%) : string %{ -#ifndef HAVE_NB_DNS - run_time("lookup_addr(): not configured for asynchronous DNS lookups"); - return new StringVal(""); -#else // FIXME: Is should be easy to adapt the function to synchronous // lookups if we're reading a trace. Trigger* trigger = frame->GetTrigger(); @@ -2849,15 +2835,10 @@ function lookup_addr%(host: addr%) : string new LookupHostCallback(trigger, frame->GetCall(), true)); #endif return 0; -#endif %} function lookup_hostname%(host: string%) : addr_set %{ -#ifndef HAVE_NB_DNS - run_time("lookup_hostname(): not configured for asynchronous DNS lookups"); - return new StringVal(""); -#else // FIXME: Is should be easy to adapt the function to synchronous // lookups if we're reading a trace. Trigger* trigger = frame->GetTrigger(); @@ -2874,7 +2855,6 @@ function lookup_hostname%(host: string%) : addr_set dns_mgr->AsyncLookupName(host->CheckString(), new LookupHostCallback(trigger, frame->GetCall(), false)); return 0; -#endif %} # Stop Bro's packet processing. diff --git a/src/main.cc b/src/main.cc index 21b8166267..5df9b1c65c 100644 --- a/src/main.cc +++ b/src/main.cc @@ -18,9 +18,7 @@ extern "C" { } #endif -#ifdef USE_OPENSSL extern "C" void OPENSSL_add_all_algorithms_conf(void); -#endif #include "bsd-getopt-long.h" #include "input.h" @@ -408,11 +406,7 @@ int main(int argc, char** argv) enum DNS_MgrMode dns_type = DNS_DEFAULT; -#ifdef HAVE_NB_DNS dns_type = getenv("BRO_DNS_FAKE") ? DNS_FAKE : DNS_DEFAULT; -#else - dns_type = DNS_FAKE; -#endif RETSIGTYPE (*oldhandler)(int); @@ -663,7 +657,6 @@ int main(int argc, char** argv) // DEBUG_MSG("HMAC key: %s\n", md5_digest_print(shared_hmac_md5_key)); init_hash_function(); -#ifdef USE_OPENSSL ERR_load_crypto_strings(); OPENSSL_add_all_algorithms_conf(); SSL_library_init(); @@ -672,7 +665,6 @@ int main(int argc, char** argv) // FIXME: On systems that don't provide /dev/urandom, OpenSSL doesn't // seed the PRNG. We should do this here (but at least Linux, FreeBSD // and Solaris provide /dev/urandom). -#endif if ( (interfaces.length() > 0 || netflows.length() > 0) && (read_files.length() > 0 || flow_files.length() > 0 )) diff --git a/src/make_parser.pl b/src/make_parser.pl deleted file mode 100644 index 63cb432ed6..0000000000 --- a/src/make_parser.pl +++ /dev/null @@ -1,44 +0,0 @@ -# -# Generate the yacc/bison grammar file parse.y from parse.in -# -# Importantly, it will eliminate the dependence on the internal location stack -# if it is not supported. -# - -use strict; - - -# figure out which yacc-like thing is used -# ### Kind of a hack since it uses the Makefile - -my $srcdir = $ARGV[0]; -my $builddir = $ARGV[1]; -my $yacc = $ARGV[2]; - -my $is_bison = ($yacc =~ /bison/); - -if ($is_bison) - { - system ("cp $srcdir/parse.in $builddir/parse.y") == 0 or die "Could not make parse.y: $!\n"; - } -else - { - make_parser(); - } - - -sub make_parser -{ - open PARSE_OUT, ">$builddir/parse.y" or die "Could not open $builddir/parse.y: $!"; - open PARSE_IN, "$srcdir/parse.in" or die "Could not open $srcdir/parse.in: $!"; - - while () - { - $_ =~ s/\@\d+/GetCurrentLocation\(\)/g; - print PARSE_OUT $_; - } - - # yylloc needs to be non-extern for non-bison systems, so stick it here - print PARSE_OUT "\n/* Non-extern yylloc needed for non-bison system */\n", - "YYLTYPE yylloc;\n" -} diff --git a/src/nb_dns.c b/src/nb_dns.c index c2092a8b5b..5033aadad4 100644 --- a/src/nb_dns.c +++ b/src/nb_dns.c @@ -103,7 +103,7 @@ static int _nb_dns_cmpsockaddr(struct sockaddr *, struct sockaddr *, char *); static char * my_strerror(int errnum) { -#if HAVE_STRERROR +#ifdef HAVE_STRERROR extern char *strerror(int); return strerror(errnum); #else diff --git a/src/parse.in b/src/parse.y similarity index 100% rename from src/parse.in rename to src/parse.y diff --git a/src/ssl-analyzer.pac b/src/ssl-analyzer.pac index bbebdc0fa3..d08be0c886 100644 --- a/src/ssl-analyzer.pac +++ b/src/ssl-analyzer.pac @@ -10,11 +10,9 @@ #include "util.h" -#ifdef USE_OPENSSL #include #include #include "X509.h" -#endif %} @@ -27,14 +25,11 @@ } }; -#ifdef USE_OPENSSL void free_X509(void *); X509* d2i_X509_binpac(X509** px, const uint8** in, int len); -#endif %} %code{ -#ifdef USE_OPENSSL void free_X509(void* cert) { X509_free((X509*) cert); @@ -48,8 +43,6 @@ return d2i_X509(px, (u_char**) in, len); #endif } - -#endif %} @@ -123,10 +116,8 @@ refine analyzer SSLAnalyzer += { version_ = -1; cipher_ = -1; -#ifdef USE_OPENSSL if ( ! X509_Cert::bInited ) X509_Cert::init(); -#endif %} %eof{ @@ -172,12 +163,10 @@ refine analyzer SSLAnalyzer += { function certificate_error(err_num : int) : void %{ -#ifdef USE_OPENSSL StringVal* err_str = new StringVal(X509_verify_cert_error_string(err_num)); bro_event_ssl_X509_error(bro_analyzer_, bro_analyzer_->Conn(), err_num, err_str); -#endif %} function proc_change_cipher_spec(msg : ChangeCipherSpec) : bool @@ -331,7 +320,6 @@ refine analyzer SSLAnalyzer += { bro_analyzer_->Conn(), ! current_record_is_orig_); -#ifdef USE_OPENSSL const bytestring& cert = (*certificates)[0]; const uint8* data = cert.data(); @@ -421,7 +409,6 @@ refine analyzer SSLAnalyzer += { } X509_free(pCert); -#endif return true; %} diff --git a/src/util.cc b/src/util.cc index 0e49600cc2..d24e7ee7cb 100644 --- a/src/util.cc +++ b/src/util.cc @@ -4,11 +4,11 @@ #include "config.h" -#if TIME_WITH_SYS_TIME +#ifdef TIME_WITH_SYS_TIME # include # include #else -# if HAVE_SYS_TIME_H +# ifdef HAVE_SYS_TIME_H # include # else # include diff --git a/src/util.h b/src/util.h index 96aeb761e1..f4f007a27d 100644 --- a/src/util.h +++ b/src/util.h @@ -44,15 +44,8 @@ typedef unsigned int uint32; typedef unsigned short uint16; typedef unsigned char uint8; typedef long long int int64; - -#ifdef USE_INT64 - typedef int64 bro_int_t; - typedef uint64 bro_uint_t; -#else - typedef int bro_int_t; - typedef uint32 bro_uint_t; -// # error "USE_INT64 not defined!" -#endif +typedef int64 bro_int_t; +typedef uint64 bro_uint_t; #if SIZEOF_LONG_LONG == 8 typedef unsigned long long uint64; diff --git a/src/version.c.in b/src/version.c.in new file mode 100644 index 0000000000..86c4b16f24 --- /dev/null +++ b/src/version.c.in @@ -0,0 +1 @@ +char version[] = "@VERSION@";