rpms/pads/devel import.log, NONE, 1.1 pads+vlan.patch, NONE, 1.1 pads-1.2-arp.patch, NONE, 1.1 pads-1.2-bstring.patch, NONE, 1.1 pads-1.2-cleanup.patch, NONE, 1.1 pads-1.2-daemon.patch, NONE, 1.1 pads-1.2-daemonize.patch, NONE, 1.1 pads-1.2-disable-debug.patch, NONE, 1.1 pads-1.2-ether-codes-update.patch, NONE, 1.1 pads-1.2-leak.patch, NONE, 1.1 pads-1.2-memleak.patch, NONE, 1.1 pads-1.2-misc.patch, NONE, 1.1 pads-1.2-overrun.patch, NONE, 1.1 pads-1.2-perf.patch, NONE, 1.1 pads-1.2-prelude-cleanup.patch, NONE, 1.1 pads-1.2-prelude.patch, NONE, 1.1 pads-1.2-readonly.patch, NONE, 1.1 pads.init, NONE, 1.1 pads.spec, NONE, 1.1 pads.sysconfig, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
Steve Grubb (sgrubb)
fedora-extras-commits at redhat.com
Wed Aug 13 17:35:41 UTC 2008
Author: sgrubb
Update of /cvs/pkgs/rpms/pads/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10039/devel
Modified Files:
.cvsignore sources
Added Files:
import.log pads+vlan.patch pads-1.2-arp.patch
pads-1.2-bstring.patch pads-1.2-cleanup.patch
pads-1.2-daemon.patch pads-1.2-daemonize.patch
pads-1.2-disable-debug.patch pads-1.2-ether-codes-update.patch
pads-1.2-leak.patch pads-1.2-memleak.patch pads-1.2-misc.patch
pads-1.2-overrun.patch pads-1.2-perf.patch
pads-1.2-prelude-cleanup.patch pads-1.2-prelude.patch
pads-1.2-readonly.patch pads.init pads.spec pads.sysconfig
Log Message:
initial import
--- NEW FILE import.log ---
pads-1_2-1_fc9:HEAD:pads-1.2-1.fc9.src.rpm:1218648805
pads+vlan.patch:
--- NEW FILE pads+vlan.patch ---
diff -r -c ./src/packet.c ../pads-1.2+vlan/src/packet.c
*** ./src/packet.c 2005-02-15 20:47:35.000000000 -0500
--- ../pads-1.2+vlan/src/packet.c 2007-08-24 10:11:59.000000000 -0400
***************
*** 35,59 ****
* : 1 - Packet
* RETURN : None!
* ---------------------------------------------------------- */
void process_eth (const struct pcap_pkthdr* pkthdr, const u_char* packet)
{
struct ether_header *ethh; /* net/ethernet.h */
! /* Extract the ethernet header from the packet. */
! ethh = (struct ether_header*) packet;
/* Determine what type of ethernet packet this is. */
switch (ntohs(ethh->ether_type)) {
/* IP */
case ETHERTYPE_IP:
! process_ip (pkthdr, packet, sizeof(struct ether_header));
! break;
/* ARP */
case ETHERTYPE_ARP:
! process_arp (pkthdr, packet, sizeof(struct ether_header));
break;
!
/* Unknown Type */
default:
return;
--- 35,72 ----
* : 1 - Packet
* RETURN : None!
* ---------------------------------------------------------- */
+
+ /* Update - david at vorant.com 18 June 2007
+ * Try to detect whether the packet has an 802.1Q VLAN tag on it. If so,
+ * try to automatically skip the tag and treat it as regular TCP/IP traffic.
+ * Otherwise the handler won't process the packet. This is useful when,
+ * for example, you are monitoring a VLAN trunk line.
+ */
void process_eth (const struct pcap_pkthdr* pkthdr, const u_char* packet)
{
struct ether_header *ethh; /* net/ethernet.h */
+ u_char * my_packet;
! my_packet = (u_char *)packet;
+ /* Extract the ethernet header from the packet. */
+ ethh = (struct ether_header*) my_packet;
+ if(ntohs(ethh->ether_type) == VLAN_ETHERTYPE) { /* strip the vlan tags */
+ ethh = (struct ether_header*) (packet + VLAN_HDRLEN);
+ my_packet += VLAN_HDRLEN;
+ }
/* Determine what type of ethernet packet this is. */
switch (ntohs(ethh->ether_type)) {
/* IP */
case ETHERTYPE_IP:
! process_ip (pkthdr, my_packet, sizeof(struct ether_header));
! break;
/* ARP */
case ETHERTYPE_ARP:
! process_arp (pkthdr, my_packet, sizeof(struct ether_header));
break;
!
/* Unknown Type */
default:
return;
***************
*** 113,120 ****
struct ip *iph; /* netinet/ip.h */
/* Extract the IP header from this packet. */
! iph = (struct ip*)(packet + len);
!
/* Determine what type of IP packet this is. */
switch (iph->ip_p) {
case IPPROTO_TCP:
--- 126,132 ----
struct ip *iph; /* netinet/ip.h */
/* Extract the IP header from this packet. */
! iph = (struct ip*)(packet + len);
/* Determine what type of IP packet this is. */
switch (iph->ip_p) {
case IPPROTO_TCP:
diff -r -c ./src/packet.h ../pads-1.2+vlan/src/packet.h
*** ./src/packet.h 2005-02-10 01:05:05.000000000 -0500
--- ../pads-1.2+vlan/src/packet.h 2007-08-24 10:11:02.000000000 -0400
***************
*** 40,45 ****
--- 40,51 ----
#endif /* ifdef LINUX */
+ /* 802.1Q VLAN tags are 4 bytes long. */
+ #define VLAN_HDRLEN 4
+
+ /* This is the decimal equivalent of the VLAN tag's ether frame type */
+ #define VLAN_ETHERTYPE 33024
+
/* INCLUDES ---------------------------------------- */
#include "global.h"
***************
*** 47,53 ****
#include <netinet/tcp.h>
#include <netinet/ip_icmp.h>
-
/* DATA STRUCTURES --------------------------------- */
/*
--- 53,58 ----
diff -r -c ./src/pads.c ../pads-1.2+vlan/src/pads.c
*** ./src/pads.c 2005-06-15 18:00:40.000000000 -0400
--- ../pads-1.2+vlan/src/pads.c 2007-06-18 15:29:17.000000000 -0400
***************
*** 204,209 ****
--- 204,210 ----
void
main_pads (void)
{
+ char pcap_filter[1044];
/* Initialize */
init_pads();
***************
*** 255,262 ****
/* Compile libpcap filter */
if (prog_argc > 0) {
! log_message("Filter: %s\n", gc.pcap_filter);
! if (pcap_compile(gc.handle, &gc.filter, gc.pcap_filter, 0, gc.net) == -1) {
err_message("Unable to compile pcap filter! %s", pcap_geterr(gc.handle));
}
if (pcap_setfilter(gc.handle, &gc.filter)) {
--- 256,269 ----
/* Compile libpcap filter */
if (prog_argc > 0) {
! if(gc.pcap_filter) {
! strcpy(pcap_filter, "(ip or vlan) and ");
! strncat(pcap_filter, gc.pcap_filter, 1024);
! } else {
! strcpy(pcap_filter, "(ip or vlan)");
! }
! log_message("Filter: %s\n", pcap_filter);
! if (pcap_compile(gc.handle, &gc.filter, pcap_filter, 0, gc.net) == -1) {
err_message("Unable to compile pcap filter! %s", pcap_geterr(gc.handle));
}
if (pcap_setfilter(gc.handle, &gc.filter)) {
pads-1.2-arp.patch:
--- NEW FILE pads-1.2-arp.patch ---
diff -urp pads-1.2.orig/src/mac-resolution.c pads-1.2/src/mac-resolution.c
--- pads-1.2.orig/src/mac-resolution.c 2008-06-30 13:56:52.000000000 -0400
+++ pads-1.2/src/mac-resolution.c 2008-07-07 12:07:36.000000000 -0400
@@ -160,7 +160,7 @@ int add_vendor (char *mac, char *vendor)
* INPUT : 0 - MAC Address
* RETURN : Vendor Name
* ---------------------------------------------------------- */
-bstring get_vendor (char *m)
+bstring get_vendor (const char *m)
{
Vendor *list;
char mac[4];
diff -urp pads-1.2.orig/src/mac-resolution.h pads-1.2/src/mac-resolution.h
--- pads-1.2.orig/src/mac-resolution.h 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/src/mac-resolution.h 2008-07-07 12:07:36.000000000 -0400
@@ -41,7 +41,7 @@
int init_mac_resolution (void);
int parse_raw_mac (bstring line);
int add_vendor (char *mac, char *vendor);
-bstring get_vendor (char *m);
+bstring get_vendor (const char *m);
void end_mac_resolution (void);
#ifdef DEBUG
diff -urp pads-1.2.orig/src/output/output-csv.c pads-1.2/src/output/output-csv.c
--- pads-1.2.orig/src/output/output-csv.c 2008-07-02 09:24:19.000000000 -0400
+++ pads-1.2/src/output/output-csv.c 2008-07-07 12:07:36.000000000 -0400
@@ -91,6 +91,7 @@ init_output_csv (bstring filename)
/* File does not exist, create new.. */
if ((output_csv_conf.file = fopen((char *)bdata(output_csv_conf.filename), "w")) != NULL) {
fprintf(output_csv_conf.file, "asset,port,proto,service,application,discovered\n");
+ fflush(output_csv_conf.file);
} else {
err_message("Cannot open file %s!", bdata(output_csv_conf.filename));
@@ -216,8 +217,11 @@ parse_raw_report (bstring line)
/* Add Asset to Data Structure */
if (proto == 0 && ret != -1) {
/* ARP */
- mac2hex((char *)bdata(application), mac_addr, MAC_LEN);
- add_arp_asset(ip_addr, mac_addr, discovered);
+ if (mac2hex((char *)bdata(application), mac_addr, MAC_LEN) == 0)
+ add_arp_asset(ip_addr, mac_addr, discovered);
+ else
+ log_message("Error parsing HWaddr %s - skipping",
+ (char *)bdata(application));
} else {
/* Everything Else */
add_asset(ip_addr, port, proto, service, application, discovered);
diff -urp pads-1.2.orig/src/storage.c pads-1.2/src/storage.c
--- pads-1.2.orig/src/storage.c 2008-06-30 17:54:33.000000000 -0400
+++ pads-1.2/src/storage.c 2008-07-07 12:07:36.000000000 -0400
@@ -108,7 +108,7 @@ int check_arp_asset (struct in_addr ip_a
rec = arp_asset_list;
while (rec != NULL) {
if (rec->ip_addr.s_addr == ip_addr.s_addr
- && (strcmp(rec->mac_addr, mac_addr) == 0)) {
+ && (memcmp(rec->mac_addr, mac_addr, MAC_LEN) == 0)) {
return 0;
} else {
@@ -200,7 +200,7 @@ void add_asset (struct in_addr ip_addr,
* : 2 - Discovered
* RETURN : None!
* ---------------------------------------------------------- */
-void add_arp_asset (struct in_addr ip_addr, char mac_addr[MAC_LEN],
+void add_arp_asset (struct in_addr ip_addr, const char *mac_addr,
time_t discovered)
{
ArpAsset *list;
diff -urp pads-1.2.orig/src/storage.h pads-1.2/src/storage.h
--- pads-1.2.orig/src/storage.h 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/src/storage.h 2008-07-07 12:07:36.000000000 -0400
@@ -52,7 +52,7 @@ int check_tcp_asset (struct in_addr ip_a
int check_icmp_asset (struct in_addr ip_addr);
int check_arp_asset (struct in_addr ip_addr, char mac_addr[MAC_LEN]);
void add_asset (struct in_addr ip_addr, u_int16_t port, unsigned short proto, bstring service, bstring application, time_t discovered);
-void add_arp_asset (struct in_addr ip_addr, char mac_addr[MAC_LEN], time_t discovered);
+void add_arp_asset (struct in_addr ip_addr, const char *mac_addr, time_t discovered);
unsigned short get_i_attempts (struct in_addr ip_addr, u_int16_t port, unsigned short proto);
short update_i_attempts (struct in_addr ip_addr, u_int16_t port, unsigned short proto, unsigned short i_attempts);
short update_asset (struct in_addr ip_addr, u_int16_t port, unsigned short proto, bstring service, bstring application);
diff -urp pads-1.2.orig/src/util.c pads-1.2/src/util.c
--- pads-1.2.orig/src/util.c 2008-07-02 09:24:19.000000000 -0400
+++ pads-1.2/src/util.c 2008-07-07 12:08:00.000000000 -0400
@@ -27,6 +27,7 @@
**************************************************************************/
#include <unistd.h>
#include <ctype.h>
+#include <errno.h>
#include "util.h"
#include "pads.h"
@@ -426,31 +427,39 @@ drop_privs (bstring newuser, bstring new
* INPUT : 0 - MAC Address
* : 1 - Converted
* : 0 - Size of 1
- * RETURN : None
+ * RETURN : 0 - success, -1 failure
* ---------------------------------------------------------- */
-void
+int
mac2hex(const char *mac, char *dst, int len)
{
int i;
- long l;
- char *pp;
+ unsigned long l;
if (len < 6)
- return;
+ return -1;
while (isspace(*mac))
mac++;
/* expect 6 hex octets separated by ':' or space/NUL if last octet */
- for (i = 0; i < 6; i++) {
- l = strtol(mac, &pp, 16);
- if (pp == mac || l > 0xFF || l < 0)
- return;
- if (!(*pp == ':' || (i == 5 && (isspace(*pp) || *pp == '\0'))))
- return;
- dst[i] = (u_char) l;
- mac = pp + 1;
+ for (i = 0; i < MAC_LEN; i++) {
+ char tmp[3];
+
+ while (*mac == ':' || *mac == ' ')
+ mac++;
+ if (mac[0] == 0 || mac[1] == 0)
+ return -1;
+ tmp[0] = mac[0];
+ tmp[1] = mac[1];
+ tmp[2] = 0;
+ errno = 0;
+ l = strtoul(tmp, NULL, 16);
+ if (errno)
+ return -1;
+ dst[i] = (u_char)(l & 0xFF);
+ mac+=2;
}
+ return 0;
}
/* ----------------------------------------------------------
@@ -464,11 +473,11 @@ mac2hex(const char *mac, char *dst, int
char *
hex2mac(const char *mac)
{
- static char buf[18];
+ static char buf[32];
snprintf(buf, sizeof(buf), "%02X:%02X:%02X:%02X:%02X:%02X",
- mac[0], mac[1], mac[2],
- mac[3], mac[4], mac[5]);
+ (mac[0] & 0xFF) , (mac[1] & 0xFF), (mac[2] & 0xFF),
+ (mac[3] & 0xFF), (mac[4] & 0xFF), (mac[5] & 0xFF));
return buf;
}
diff -urp pads-1.2.orig/src/util.h pads-1.2/src/util.h
--- pads-1.2.orig/src/util.h 2008-06-30 13:56:52.000000000 -0400
+++ pads-1.2/src/util.h 2008-07-07 12:07:36.000000000 -0400
@@ -52,7 +52,7 @@ size_t strlcpy(char *dst, const char *sr
size_t strlcat(char *dst, const char *src, size_t len);
#endif
void drop_privs (bstring newuser, bstring newgroup);
-void mac2hex(const char *mac, char *dst, int len);
+int mac2hex(const char *mac, char *dst, int len);
char *hex2mac(const char *mac);
/* GLOBALS ----------------------------------------- */
pads-1.2-bstring.patch:
--- NEW FILE pads-1.2-bstring.patch ---
diff -urp pads-1.2.orig/lib/bstring/bstraux.c pads-1.2/lib/bstring/bstraux.c
--- pads-1.2.orig/lib/bstring/bstraux.c 2008-07-08 14:28:29.000000000 -0400
+++ pads-1.2/lib/bstring/bstraux.c 2008-07-10 18:09:21.000000000 -0400
@@ -1,8 +1,8 @@
/*
* This source file is part of the bstring string library. This code was
- * written by Paul Hsieh in 2002-2004, and is covered by the BSD open source
- * license. Refer to the accompanying documentation for details on usage and
- * license.
+ * written by Paul Hsieh in 2002-2008, and is covered by the BSD open source
+ * license and the GPL. Refer to the accompanying documentation for details
+ * on usage and license.
*/
/*
@@ -17,28 +17,16 @@
#include <stdlib.h>
#include <string.h>
#include <limits.h>
+#include <ctype.h>
#include "bstrlib.h"
#include "bstraux.h"
-/* int bTrunc (bstring b, int n)
- *
- * Truncate the bstring to at most n characters.
- */
-int bTrunc (bstring b, int n) {
- if (b == NULL || n < 0 || b->mlen < b->slen) return -__LINE__;
- if (b->slen > n) {
- b->slen = n;
- b->data[n] = '\0'; /* Required for Clib interoperability */
- }
- return 0;
-}
-
/* bstring bTail (bstring b, int n)
*
* Return with a string of the last n characters of b.
*/
bstring bTail (bstring b, int n) {
- if (b == NULL || n < 0 || b->mlen < b->slen) return NULL;
+ if (b == NULL || n < 0 || (b->mlen < b->slen && b->mlen > 0)) return NULL;
if (n >= b->slen) return bstrcpy (b);
return bmidstr (b, b->slen - n, n);
}
@@ -48,7 +36,7 @@ bstring bTail (bstring b, int n) {
* Return with a string of the first n characters of b.
*/
bstring bHead (bstring b, int n) {
- if (b == NULL || n < 0 || b->mlen < b->slen) return NULL;
+ if (b == NULL || n < 0 || (b->mlen < b->slen && b->mlen > 0)) return NULL;
if (n >= b->slen) return bstrcpy (b);
return bmidstr (b, 0, n);
}
@@ -57,10 +45,10 @@ bstring bHead (bstring b, int n) {
*
* Fill a given bstring with the character in parameter c, for a length n.
*/
-int bFill (bstring a, char c, int len) {
- if (a == NULL || len < 0 || a->mlen < a->slen) return -__LINE__;
- a->slen = 0;
- return bsetstr (a, len, NULL, c);
+int bFill (bstring b, char c, int len) {
+ if (b == NULL || len < 0 || (b->mlen < b->slen && b->mlen > 0)) return -__LINE__;
+ b->slen = 0;
+ return bsetstr (b, len, NULL, c);
}
/* int bReplicate (bstring b, int n)
@@ -79,14 +67,16 @@ int bReverse (bstring b) {
int i, n, m;
unsigned char t;
- if (b == NULL || b->slen < 2 || b->mlen < b->slen) return -__LINE__;
+ if (b == NULL || b->slen < 0 || b->mlen < b->slen) return -__LINE__;
n = b->slen;
- m = ((unsigned)n) >> 1;
- n--;
- for (i=0; i < m; i++) {
- t = b->data[n - i];
- b->data[n - i] = b->data[i];
- b->data[i] = t;
+ if (2 <= n) {
+ m = ((unsigned)n) >> 1;
+ n--;
+ for (i=0; i < m; i++) {
+ t = b->data[n - i];
+ b->data[n - i] = b->data[i];
+ b->data[i] = t;
+ }
}
return 0;
}
@@ -106,7 +96,7 @@ int bInsertChrs (bstring b, int pos, int
if (pos < b->slen) memmove (b->data + pos + len, b->data + pos, b->slen - pos);
memset (b->data + pos, c, len);
b->slen += len;
- b->data[b->slen] = '\0';
+ b->data[b->slen] = (unsigned char) '\0';
return BSTR_OK;
}
@@ -128,7 +118,7 @@ unsigned char c = (unsigned char) space;
}
if (j > 0 && b->data[j-1] == c) j--;
- b->data[j] = '\0';
+ b->data[j] = (unsigned char) '\0';
b->slen = j;
return BSTR_OK;
}
@@ -170,6 +160,7 @@ int bJustifyMargin (bstring b, int width
struct bstrList * sl;
int i, l, c;
+ if (b == NULL || b->slen < 0 || b->mlen == 0 || b->mlen < b->slen) return -__LINE__;
if (NULL == (sl = bsplit (b, (unsigned char) space))) return -__LINE__;
for (l=c=i=0; i < sl->qty; i++) {
if (sl->entry[i]->slen > 0) {
@@ -201,28 +192,74 @@ int i, l, c;
return BSTR_OK;
}
-/* char * bStr2NetStr (const bstring b)
+static size_t readNothing (void *buff, size_t elsize, size_t nelem, void *parm) {
+ buff = buff;
+ elsize = elsize;
+ nelem = nelem;
+ parm = parm;
+ return 0; /* Immediately indicate EOF. */
+}
+
+/* struct bStream * bsFromBstr (const_bstring b);
+ *
+ * Create a bStream whose contents are a copy of the bstring passed in.
+ * This allows the use of all the bStream APIs with bstrings.
+ */
+struct bStream * bsFromBstr (const_bstring b) {
+struct bStream * s = bsopen ((bNread) readNothing, NULL);
+ bsunread (s, b); /* Push the bstring data into the empty bStream. */
+ return s;
+}
+
+static size_t readRef (void *buff, size_t elsize, size_t nelem, void *parm) {
+struct tagbstring * t = (struct tagbstring *) parm;
+size_t tsz = elsize * nelem;
+
+ if (tsz > (size_t) t->slen) tsz = (size_t) t->slen;
+ if (tsz > 0) {
+ memcpy (buff, t->data, tsz);
+ t->slen -= (int) tsz;
+ t->data += tsz;
+ return tsz / elsize;
+ }
+ return 0;
+}
+
+/* The "by reference" version of the above function. This function puts
+ * a number of restrictions on the call site (the passed in struct
+ * tagbstring *will* be modified by this function, and the source data
+ * must remain alive and constant for the lifetime of the bStream).
+ * Hence it is not presented as an extern.
+ */
+static struct bStream * bsFromBstrRef (struct tagbstring * t) {
+ if (!t) return NULL;
+ return bsopen ((bNread) readRef, t);
+}
+
+/* char * bStr2NetStr (const_bstring b)
*
* Convert a bstring to a netstring. See
* http://cr.yp.to/proto/netstrings.txt for a description of netstrings.
- * Note: 1) The value returned should be freed with a call to free() at the
- * point when it will no longer be referenced to avoid a memory
+ * Note: 1) The value returned should be freed with a call to bcstrfree() at
+ * the point when it will no longer be referenced to avoid a memory
* leak.
* 2) If the returned value is non-NULL, then it also '\0' terminated
* in the character position one past the "," terminator.
*/
-char * bStr2NetStr (const bstring b) {
+char * bStr2NetStr (const_bstring b) {
+char strnum[sizeof (b->slen) * 3 + 1];
bstring s;
unsigned char * buff;
if (b == NULL || b->data == NULL || b->slen < 0) return NULL;
- if (NULL == (s = bformat ("%d:", b->slen))
- || bconcat (s, b) == BSTR_ERR || bconchar (s, ',') == BSTR_ERR) {
+ sprintf (strnum, "%d:", b->slen);
+ if (NULL == (s = bfromcstr (strnum))
+ || bconcat (s, b) == BSTR_ERR || bconchar (s, (char) ',') == BSTR_ERR) {
bdestroy (s);
return NULL;
}
buff = s->data;
- free (s);
+ bcstrfree ((char *) s);
[...4272 lines suppressed...]
+extern int bsplitscb (const_bstring str, const_bstring splitStr, int pos,
int (* cb) (void * parm, int ofs, int len), void * parm);
-extern int bsplitscb (const bstring str, const bstring splitStr, int pos,
+extern int bsplitstrcb (const_bstring str, const_bstring splitStr, int pos,
int (* cb) (void * parm, int ofs, int len), void * parm);
/* Miscellaneous functions */
extern int bpattern (bstring b, int len);
extern int btoupper (bstring b);
extern int btolower (bstring b);
+extern int bltrimws (bstring b);
+extern int brtrimws (bstring b);
+extern int btrimws (bstring b);
+
+#if !defined (BSTRLIB_NOVSNP)
extern bstring bformat (const char * fmt, ...);
extern int bformata (bstring b, const char * fmt, ...);
+extern int bassignformat (bstring b, const char * fmt, ...);
+extern int bvcformata (bstring b, int count, const char * fmt, va_list arglist);
+
+#define bvformata(ret, b, fmt, lastarg) { \
+bstring bstrtmp_b = (b); \
+const char * bstrtmp_fmt = (fmt); \
+int bstrtmp_r = BSTR_ERR, bstrtmp_sz = 16; \
+ for (;;) { \
+ va_list bstrtmp_arglist; \
+ va_start (bstrtmp_arglist, lastarg); \
+ bstrtmp_r = bvcformata (bstrtmp_b, bstrtmp_sz, bstrtmp_fmt, bstrtmp_arglist); \
+ va_end (bstrtmp_arglist); \
+ if (bstrtmp_r >= 0) { /* Everything went ok */ \
+ bstrtmp_r = BSTR_OK; \
+ break; \
+ } else if (-bstrtmp_r <= bstrtmp_sz) { /* A real error? */ \
+ bstrtmp_r = BSTR_ERR; \
+ break; \
+ } \
+ bstrtmp_sz = -bstrtmp_r; /* Doubled or target size */ \
+ } \
+ ret = bstrtmp_r; \
+}
+
+#endif
typedef int (*bNgetc) (void *parm);
typedef size_t (* bNread) (void *buff, size_t elsize, size_t nelem, void *parm);
@@ -102,21 +162,26 @@ typedef size_t (* bNread) (void *buff, s
/* Input functions */
extern bstring bgets (bNgetc getcPtr, void * parm, char terminator);
extern bstring bread (bNread readPtr, void * parm);
+extern int bgetsa (bstring b, bNgetc getcPtr, void * parm, char terminator);
+extern int bassigngets (bstring b, bNgetc getcPtr, void * parm, char terminator);
+extern int breada (bstring b, bNread readPtr, void * parm);
/* Stream functions */
extern struct bStream * bsopen (bNread readPtr, void * parm);
extern void * bsclose (struct bStream * s);
extern int bsbufflength (struct bStream * s, int sz);
extern int bsreadln (bstring b, struct bStream * s, char terminator);
-extern int bsreadlns (bstring r, struct bStream * s, const bstring term);
+extern int bsreadlns (bstring r, struct bStream * s, const_bstring term);
extern int bsread (bstring b, struct bStream * s, int n);
extern int bsreadlna (bstring b, struct bStream * s, char terminator);
-extern int bsreadlnsa (bstring r, struct bStream * s, const bstring term);
+extern int bsreadlnsa (bstring r, struct bStream * s, const_bstring term);
extern int bsreada (bstring b, struct bStream * s, int n);
-extern int bsunread (struct bStream * s, const bstring b);
+extern int bsunread (struct bStream * s, const_bstring b);
extern int bspeek (bstring r, const struct bStream * s);
-extern int bssplitscb (struct bStream * s, const bstring splitStr,
- int (* cb) (void * parm, int ofs, const bstring entry), void * parm);
+extern int bssplitscb (struct bStream * s, const_bstring splitStr,
+ int (* cb) (void * parm, int ofs, const_bstring entry), void * parm);
+extern int bssplitstrcb (struct bStream * s, const_bstring splitStr,
+ int (* cb) (void * parm, int ofs, const_bstring entry), void * parm);
extern int bseof (const struct bStream * s);
struct tagbstring {
@@ -126,9 +191,9 @@ struct tagbstring {
};
/* Accessor macros */
-#define blengthe(b, e) (((b) == (void *)0 || (b)->slen < 0) ? (unsigned int)(e) : ((b)->slen))
+#define blengthe(b, e) (((b) == (void *)0 || (b)->slen < 0) ? (int)(e) : ((b)->slen))
#define blength(b) (blengthe ((b), 0))
-#define bdataofse(b, o, e) (((b) == (void *)0 || (b)->data == (void*)0) ? (unsigned char *)(e) : ((b)->data) + (o))
+#define bdataofse(b, o, e) (((b) == (void *)0 || (b)->data == (void*)0) ? (char *)(e) : ((char *)(b)->data) + (o))
#define bdataofs(b, o) (bdataofse ((b), (o), (void *)0))
#define bdatae(b, e) (bdataofse (b, 0, e))
#define bdata(b) (bdataofs (b, 0))
@@ -136,28 +201,101 @@ struct tagbstring {
#define bchar(b, p) bchare ((b), (p), '\0')
/* Static constant string initialization macro */
-#define bsStatic(q) {-__LINE__, sizeof(q)-1, (unsigned char *)(q)}
+#define bsStaticMlen(q,m) {(m), (int) sizeof(q)-1, (unsigned char *) ("" q "")}
+#if defined(_MSC_VER)
+# define bsStatic(q) bsStaticMlen(q,-32)
+#endif
+#ifndef bsStatic
+# define bsStatic(q) bsStaticMlen(q,-__LINE__)
+#endif
+
+/* Static constant block parameter pair */
+#define bsStaticBlkParms(q) ((void *)("" q "")), ((int) sizeof(q)-1)
/* Reference building macros */
#define cstr2tbstr btfromcstr
-#define btfromcstr(t,s) { \
- (t).data = (unsigned char *) (s); \
- (t).slen = (int) (strlen) ((char *)(t).data); \
- (t).mlen = -1; \
+#define btfromcstr(t,s) { \
+ (t).data = (unsigned char *) (s); \
+ (t).slen = ((t).data) ? ((int) (strlen) ((char *)(t).data)) : 0; \
+ (t).mlen = -1; \
}
#define blk2tbstr(t,s,l) { \
+ (t).data = (unsigned char *) (s); \
(t).slen = l; \
(t).mlen = -1; \
- (t).data = (unsigned char *) (s); \
+}
+#define btfromblk(t,s,l) blk2tbstr(t,s,l)
+#define bmid2tbstr(t,b,p,l) { \
+ const_bstring bstrtmp_s = (b); \
+ if (bstrtmp_s && bstrtmp_s->data && bstrtmp_s->slen >= 0) { \
+ int bstrtmp_left = (p); \
+ int bstrtmp_len = (l); \
+ if (bstrtmp_left < 0) { \
+ bstrtmp_len += bstrtmp_left; \
+ bstrtmp_left = 0; \
+ } \
+ if (bstrtmp_len > bstrtmp_s->slen - bstrtmp_left) \
+ bstrtmp_len = bstrtmp_s->slen - bstrtmp_left; \
+ if (bstrtmp_len <= 0) { \
+ (t).data = (unsigned char *)""; \
+ (t).slen = 0; \
+ } else { \
+ (t).data = bstrtmp_s->data + bstrtmp_left; \
+ (t).slen = bstrtmp_len; \
+ } \
+ } else { \
+ (t).data = (unsigned char *)""; \
+ (t).slen = 0; \
+ } \
+ (t).mlen = -__LINE__; \
+}
+#define btfromblkltrimws(t,s,l) { \
+ int bstrtmp_idx = 0, bstrtmp_len = (l); \
+ unsigned char * bstrtmp_s = (s); \
+ if (bstrtmp_s && bstrtmp_len >= 0) { \
+ for (; bstrtmp_idx < bstrtmp_len; bstrtmp_idx++) { \
+ if (!isspace (bstrtmp_s[bstrtmp_idx])) break; \
+ } \
+ } \
+ (t).data = bstrtmp_s + bstrtmp_idx; \
+ (t).slen = bstrtmp_len - bstrtmp_idx; \
+ (t).mlen = -__LINE__; \
+}
+#define btfromblkrtrimws(t,s,l) { \
+ int bstrtmp_len = (l) - 1; \
+ unsigned char * bstrtmp_s = (s); \
+ if (bstrtmp_s && bstrtmp_len >= 0) { \
+ for (; bstrtmp_len >= 0; bstrtmp_len--) { \
+ if (!isspace (bstrtmp_s[bstrtmp_len])) break; \
+ } \
+ } \
+ (t).data = bstrtmp_s; \
+ (t).slen = bstrtmp_len + 1; \
+ (t).mlen = -__LINE__; \
+}
+#define btfromblktrimws(t,s,l) { \
+ int bstrtmp_idx = 0, bstrtmp_len = (l) - 1; \
+ unsigned char * bstrtmp_s = (s); \
+ if (bstrtmp_s && bstrtmp_len >= 0) { \
+ for (; bstrtmp_idx <= bstrtmp_len; bstrtmp_idx++) { \
+ if (!isspace (bstrtmp_s[bstrtmp_idx])) break; \
+ } \
+ for (; bstrtmp_len >= bstrtmp_idx; bstrtmp_len--) { \
+ if (!isspace (bstrtmp_s[bstrtmp_len])) break; \
+ } \
+ } \
+ (t).data = bstrtmp_s + bstrtmp_idx; \
+ (t).slen = bstrtmp_len + 1 - bstrtmp_idx; \
+ (t).mlen = -__LINE__; \
}
/* Write protection macros */
-#define bwriteprotect(t) { if ((t).mlen >= 0) (t).mlen = -1; }
-#define bwriteallow(t) { if ((t).mlen == -1) (t).mlen = (t).slen + ((t).slen == 0); }
+#define bwriteprotect(t) { if ((t).mlen >= 0) (t).mlen = -1; }
+#define bwriteallow(t) { if ((t).mlen == -1) (t).mlen = (t).slen + ((t).slen == 0); }
+#define biswriteprotected(t) ((t).mlen <= 0)
#ifdef __cplusplus
}
#endif
-
#endif
pads-1.2-cleanup.patch:
--- NEW FILE pads-1.2-cleanup.patch ---
diff -urp pads-1.2.orig/src/configuration.c pads-1.2/src/configuration.c
--- pads-1.2.orig/src/configuration.c 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/src/configuration.c 2008-06-30 13:28:28.000000000 -0400
@@ -26,6 +26,9 @@
*
**************************************************************************/
#include "configuration.h"
+#include "util.h"
+#include "bstring/util.h"
+#include "monnet.h"
/* Variable Declarations */
@@ -44,7 +47,7 @@ void init_configuration (bstring filenam
verbose_message("config - Processing '%s'.", bdata(filename));
- if ((fp = fopen(bdata(filename), "r")) == NULL) {
+ if ((fp = fopen((char *)bdata(filename), "r")) == NULL) {
err_message("Unable to open configuration file - %s", bdata(filename));
}
@@ -59,7 +62,7 @@ void init_configuration (bstring filenam
/* Clean Up */
bdestroy(filedata);
bstrListDestroy(lines);
- close(fp);
+ fclose(fp);
}
/* ----------------------------------------------------------
@@ -147,7 +150,7 @@ void parse_line (bstring line)
} else if ((biseqcstr(param, "network")) == 1) {
/* NETWORK */
- parse_networks(bdata(value));
+ parse_networks((char *)bdata(value));
}
diff -urp pads-1.2.orig/src/global.h pads-1.2/src/global.h
--- pads-1.2.orig/src/global.h 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/src/global.h 2008-06-30 13:28:28.000000000 -0400
@@ -25,6 +25,9 @@
* $Id: global.h,v 1.7 2005/04/27 13:45:47 mattshelton Exp $
*
**************************************************************************/
+#ifndef GLOBAL_HEADER
+#define GLOBAL_HEADER
+
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
@@ -68,6 +71,7 @@
#include <netinet/if_ether.h>
#include <pcap.h>
#include <pcre.h>
+#include <time.h>
#include "bstring/bstrlib.h"
@@ -160,3 +164,6 @@ extern GC gc;
/* vim:expandtab:cindent:smartindent:ts=4:tw=0:sw=4:
*/
+
+#endif
+
diff -urp pads-1.2.orig/src/identification.c pads-1.2/src/identification.c
--- pads-1.2.orig/src/identification.c 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/src/identification.c 2008-06-30 13:28:28.000000000 -0400
@@ -26,6 +26,9 @@
*
**************************************************************************/
#include "identification.h"
+#include "util.h"
+#include "storage.h"
+#include "output/output.h"
Signature *signature_list;
@@ -57,7 +60,7 @@ int init_identification()
}
/* Open Signature File */
- if ((fp = fopen(bdata(filename), "r")) == NULL) {
+ if ((fp = fopen((char *)bdata(filename), "r")) == NULL) {
err_message("Unable to open signature file - %s", bdata(filename));
}
@@ -73,7 +76,7 @@ int init_identification()
bdestroy(filename);
bdestroy(filedata);
bstrListDestroy(lines);
- close(fp);
+ fclose(fp);
return 0;
}
@@ -91,7 +94,7 @@ int init_identification()
int parse_raw_signature (bstring line, int lineno)
{
struct bstrList *raw_sig;
- struct bstrList *title;
+ struct bstrList *title = NULL;
Signature *sig;
bstring pcre_string;
const char *err; /* PCRE */
@@ -101,7 +104,7 @@ int parse_raw_signature (bstring line, i
/* Check to see if this line has something to read. */
if (line->data[0] == '\0' || line->data[0] == '#')
- return;
+ return -1;
/* Split Line */
if ((raw_sig = bsplit(line, ',')) == NULL)
@@ -125,8 +128,10 @@ int parse_raw_signature (bstring line, i
/* Split Title */
if (raw_sig->entry[1] != NULL && ret != -1)
- if ((title = bsplit(raw_sig->entry[1], '/')) == NULL)
- ret = -1;
+ title = bsplit(raw_sig->entry[1], '/');
+ if (title == NULL)
+ return -1;
+
if (title->qty < 3)
ret = -1;
@@ -145,7 +150,7 @@ int parse_raw_signature (bstring line, i
/* PCRE */
if (pcre_string != NULL) {
- if ((sig->regex = pcre_compile (bdata(pcre_string), 0, &err, &erroffset, NULL)) == NULL) {
+ if ((sig->regex = pcre_compile ((char *)bdata(pcre_string), 0, &err, &erroffset, NULL)) == NULL) {
err_message("Unable to compile signature: %s at line %d (%s)",
err, lineno, bdata(line));
ret = -1;
@@ -265,7 +270,6 @@ int pcre_identify (struct in_addr ip_add
Signature *list = signature_list;
int rc;
int ovector[15];
- int i;
bstring app;
while (list != NULL) {
@@ -312,18 +316,18 @@ bstring get_app_name (Signature *sig,
/* Create Application string using the values in signature[i].title. */
if (sig->title.app != NULL) {
- strlcpy(app, bdata(sig->title.app), MAX_APP);
+ strlcpy(app, (char *)bdata(sig->title.app), MAX_APP);
}
if (sig->title.ver != NULL) {
if (sig->title.ver->slen > 0) {
strcat(app, " ");
- strlcat(app, bdata(sig->title.ver), MAX_VER);
+ strlcat(app, (char *)bdata(sig->title.ver), MAX_VER);
}
}
if (sig->title.misc != NULL) {
if (sig->title.misc->slen > 0) {
strcat(app, " (");
- strlcat(app, bdata(sig->title.misc), MAX_MISC);
+ strlcat(app, (char *)bdata(sig->title.misc), MAX_MISC);
strcat(app, ")");
}
}
@@ -416,7 +420,8 @@ void print_signature()
printf("2a: %s\n", bdata(list->title.app));
printf("2b: %s\n", bdata(list->title.ver));
printf("2c: %s\n", bdata(list->title.misc));
- printf("3: %s\n", list->regex);
+ // FIXME: This is a compiled expression
+ // printf("3: %s\n", list->regex);
printf("\n");
i++;
diff -urp pads-1.2.orig/src/mac-resolution.c pads-1.2/src/mac-resolution.c
--- pads-1.2.orig/src/mac-resolution.c 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/src/mac-resolution.c 2008-06-30 13:28:28.000000000 -0400
@@ -32,6 +32,7 @@
#ifndef DISABLE_VENDOR
#include "mac-resolution.h"
+#include "util.h"
Vendor *vendor_list = NULL;
@@ -60,7 +61,7 @@ int init_mac_resolution (void) {
}
/* Open Signature File */
- if ((fp = fopen(bdata(filename), "r")) == NULL) {
+ if ((fp = fopen((char *)bdata(filename), "r")) == NULL) {
err_message("Unable to open MAC resolution file - %s", bdata(filename));
}
@@ -79,7 +80,7 @@ int init_mac_resolution (void) {
bdestroy(filedata);
if (lines != NULL)
bstrListDestroy(lines);
- close(fp);
+ fclose(fp);
return 0;
}
@@ -99,10 +100,8 @@ int parse_raw_mac (bstring line)
char vendor[80];
int m1, m2, m3;
- int pos;
-
/* Parse out the contents of the line. */
- if (sscanf(bdata(line), "%02X:%02X:%02X %80[^,\n],\n", &m1, &m2, &m3, vendor) != 4)
+ if (sscanf((char *)bdata(line), "%02X:%02X:%02X %80[^,\n],\n", &m1, &m2, &m3, vendor) != 4)
return -1;
mac[0] = (char) (m1);
@@ -215,7 +214,7 @@ void show_vendor (void){
list = vendor_list;
while(list != NULL) {
- printf("Mac: %s\nVendor: %s\n\n", list->mac, bdata(list->vendor));
+ printf("Mac: %u\nVendor: %s\n\n", list->mac, bdata(list->vendor));
list = list->next;
}
}
diff -urp pads-1.2.orig/src/monnet.c pads-1.2/src/monnet.c
--- pads-1.2.orig/src/monnet.c 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/src/monnet.c 2008-06-30 13:28:28.000000000 -0400
@@ -27,7 +27,10 @@
* $Id: monnet.c,v 1.3 2005/02/17 16:29:14 mattshelton Exp $
*
**************************************************************************/
+#include <stdlib.h>
+#include <arpa/inet.h>
#include "monnet.h"
+#include "util.h"
struct mon_net *mn;
@@ -45,7 +48,6 @@ void parse_networks (char *cmdline)
{
int i = 0;
char network[16], netmask[3], tmp[16];
- struct in_addr in_net;
/* Make sure something was defined. */
if (cmdline == NULL)
@@ -81,7 +83,7 @@ void parse_networks (char *cmdline)
i++;
}
- *cmdline++;
+ cmdline++;
}
}
diff -urp pads-1.2.orig/src/output/output.c pads-1.2/src/output/output.c
--- pads-1.2.orig/src/output/output.c 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/src/output/output.c 2008-06-30 13:28:28.000000000 -0400
@@ -26,6 +26,10 @@
*
**************************************************************************/
#include "output.h"
+#include "output-screen.h"
+#include "output-csv.h"
+#include "output-fifo.h"
+#include "storage.h"
/* Global Variables */
OutputPluginList *output_plugin_list;
@@ -149,7 +153,7 @@ int print_asset (struct in_addr ip_addr,
/* Make sure that a record was found. */
if (rec == NULL)
- return;
+ return -1;
/* Cycle through output plugins and print to those that are active. */
head = output_plugin_list;
@@ -182,7 +186,7 @@ int print_arp_asset (struct in_addr ip_a
/* Find Asset */
ArpAsset *list;
- ArpAsset *rec;
+ ArpAsset *rec = NULL;
list = (ArpAsset *)get_arp_pointer();
while (list != NULL) {
@@ -199,7 +203,7 @@ int print_arp_asset (struct in_addr ip_a
/* Make sure that a record was found. */
if (rec == NULL)
- return;
+ return -1;
/* Cycle through output plugins and print to those that are active. */
head = output_plugin_list;
@@ -298,8 +302,8 @@ void end_output (void)
#ifdef DEBUG
int debug_output_list (void)
{
- OutputPluginList *head, *head2;
- OutputPlugin *tmp, *tmp2;
+ OutputPluginList *head;
+ OutputPlugin *tmp;
int i = 1;
printf("output_plugin_list:\n");
diff -urp pads-1.2.orig/src/output/output-csv.c pads-1.2/src/output/output-csv.c
--- pads-1.2.orig/src/output/output-csv.c 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/src/output/output-csv.c 2008-06-30 13:28:28.000000000 -0400
@@ -24,7 +24,10 @@
* $Id: output-csv.c,v 1.6 2005/02/22 16:09:25 mattshelton Exp $
*
**************************************************************************/
+#include <arpa/inet.h>
#include "output-csv.h"
+#include "util.h"
+#include "storage.h"
OutputCSVConf output_csv_conf;
@@ -40,7 +43,6 @@ int
setup_output_csv (void)
{
OutputPlugin *plugin;
- bstring name;
/* Allocate and setup plugin data record. */
plugin = (OutputPlugin*)malloc(sizeof(OutputPlugin));
@@ -68,7 +70,7 @@ setup_output_csv (void)
* : will read in the file and add each asset
* : to the asset data structure.
* INPUT : 0 - CSV filename
- * RETURN : None!
+ * RETURN : 0 success, -1 fail
* --------------------------------------------------------- */
int
init_output_csv (bstring filename)
@@ -84,14 +86,15 @@ init_output_csv (bstring filename)
output_csv_conf.filename = bstrcpy(bfromcstr("assets.csv"));
/* Check to see if *filename exists. */
- if ((fp = fopen(bdata(output_csv_conf.filename), "r")) == NULL) {
+ if ((fp = fopen((char *)bdata(output_csv_conf.filename), "r")) == NULL) {
/* File does not exist, create new.. */
- if ((output_csv_conf.file = fopen(bdata(output_csv_conf.filename), "w")) != NULL) {
+ if ((output_csv_conf.file = fopen((char *)bdata(output_csv_conf.filename), "w")) != NULL) {
fprintf(output_csv_conf.file, "asset,port,proto,service,application,discovered\n");
} else {
err_message("Cannot open file %s!", bdata(output_csv_conf.filename));
+ return -1;
}
} else {
@@ -101,12 +104,13 @@ init_output_csv (bstring filename)
read_report_file();
/* Open file and assign it to the global FILE pointer. */
- if ((output_csv_conf.file = fopen(bdata(output_csv_conf.filename), "a")) == NULL) {
+ if ((output_csv_conf.file = fopen((char *)bdata(output_csv_conf.filename), "a")) == NULL) {
err_message("Cannot open file %s!", bdata(output_csv_conf.filename));
+ return -1;
}
}
- return;
+ return 0;
}
/* ----------------------------------------------------------
@@ -129,7 +133,7 @@ read_report_file (void)
printf("[-] Processing Existing %s\n", bdata(output_csv_conf.filename));
/* Open Signature File */
- if ((fp = fopen(bdata(output_csv_conf.filename), "r")) == NULL) {
+ if ((fp = fopen((char *)bdata(output_csv_conf.filename), "r")) == NULL) {
err_message("Unable to open CSV file - %s", bdata(output_csv_conf.filename));
}
@@ -144,7 +148,7 @@ read_report_file (void)
/* Clean Up */
bdestroy(filedata);
bstrListDestroy(lines);
- close(fp);
+ fclose(fp);
}
/* ----------------------------------------------------------
@@ -172,7 +176,7 @@ parse_raw_report (bstring line)
/* Check to see if this line has something to read. */
if (line->data[0] == '\0' || line->data[0] == '#')
- return;
+ return -1;
/* Break line apart. */
if ((list = bsplit(line, ',')) == NULL)
@@ -186,13 +190,13 @@ parse_raw_report (bstring line)
}
/* Place data from 'list' into temporary data storage. */
- if ((inet_aton(bdata(list->entry[0]), &ip_addr)) == -1)
+ if ((inet_aton((char *)bdata(list->entry[0]), &ip_addr)) == -1)
ret = -1;
- if ((port = htons(atoi(bdata(list->entry[1])))) == -1)
+ if ((port = htons(atoi((char *)bdata(list->entry[1])))) == -1)
ret = -1;
- if ((proto = atoi(bdata(list->entry[2]))) == -1)
+ if ((proto = atoi((char *)bdata(list->entry[2]))) == -1)
ret = -1;
if ((service = bstrcpy(list->entry[3])) == NULL)
@@ -201,7 +205,7 @@ parse_raw_report (bstring line)
if ((application = bstrcpy(list->entry[4])) == NULL)
ret = -1;
- if ((discovered = atol(bdata(list->entry[5]))) == -1)
+ if ((discovered = atol((char *)bdata(list->entry[5]))) == -1)
ret = -1;
/* Make sure that this line contains 'good' data. */
@@ -211,7 +215,7 @@ parse_raw_report (bstring line)
/* Add Asset to Data Structure */
if (proto == 0 && ret != -1) {
/* ARP */
- mac2hex(bdata(application), mac_addr, MAC_LEN);
+ mac2hex((char *)bdata(application), mac_addr, MAC_LEN);
add_arp_asset(ip_addr, mac_addr, discovered);
} else {
/* Everything Else */
@@ -249,8 +253,9 @@ print_asset_csv (Asset *rec)
if (gc.hide_unknowns == 0 || ((biseqcstr(rec->service, "unknown") != 0) &&
(biseqcstr(rec->application, "unknown") != 0))) {
fprintf(output_csv_conf.file, "%s,%d,%d,%s,%s,%d\n",
- inet_ntoa(rec->ip_addr), ntohs(rec->port), rec->proto, bdata(rec->service),
- bdata(rec->application), rec->discovered);
+ inet_ntoa(rec->ip_addr), ntohs(rec->port), rec->proto,
+ bdata(rec->service), bdata(rec->application),
+ (int)rec->discovered);
fflush(output_csv_conf.file);
}
} else {
@@ -277,11 +282,13 @@ print_arp_asset_csv (ArpAsset *rec)
/* Print to File */
if (output_csv_conf.file != NULL) {
if (rec->mac_resolved != NULL) {
- fprintf(output_csv_conf.file, "%s,0,0,ARP (%s),%s,%d\n", inet_ntoa(rec->ip_addr),
- bdata(rec->mac_resolved), hex2mac(rec->mac_addr), rec->discovered);
+ fprintf(output_csv_conf.file, "%s,0,0,ARP (%s),%s,%d\n",
+ inet_ntoa(rec->ip_addr), bdata(rec->mac_resolved),
+ hex2mac(rec->mac_addr), (int)rec->discovered);
} else {
- fprintf(output_csv_conf.file, "%s,0,0,ARP,%s,%d\n", inet_ntoa(rec->ip_addr),
- hex2mac(rec->mac_addr), rec->discovered);
+ fprintf(output_csv_conf.file, "%s,0,0,ARP,%s,%d\n",
+ inet_ntoa(rec->ip_addr), hex2mac(rec->mac_addr),
+ (int)rec->discovered);
}
fflush(output_csv_conf.file);
@@ -311,5 +318,7 @@ end_output_csv ()
if (output_csv_conf.filename != NULL)
bdestroy(output_csv_conf.filename);
+
+ return 0;
}
diff -urp pads-1.2.orig/src/output/output-csv.h pads-1.2/src/output/output-csv.h
--- pads-1.2.orig/src/output/output-csv.h 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/src/output/output-csv.h 2008-06-30 13:28:28.000000000 -0400
@@ -25,6 +25,8 @@
* $Id: output-csv.h,v 1.3 2005/02/18 05:39:09 mattshelton Exp $
*
**************************************************************************/
+#ifndef OUTPUT_CSV_HEADER
+#define OUTPUT_CSV_HEADER
/* DEFINES ----------------------------------------- */
#ifdef LINUX
@@ -64,3 +66,5 @@ int print_asset_csv (Asset *rec);
int print_arp_asset_csv (ArpAsset *rec);
int end_output_csv (void);
+#endif
+
diff -urp pads-1.2.orig/src/output/output-fifo.c pads-1.2/src/output/output-fifo.c
--- pads-1.2.orig/src/output/output-fifo.c 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/src/output/output-fifo.c 2008-06-30 13:28:45.000000000 -0400
@@ -25,7 +25,9 @@
* $Id: output-fifo.c,v 1.6 2005/02/22 16:09:25 mattshelton Exp $
*
**************************************************************************/
+#include <arpa/inet.h>
#include "output-fifo.h"
+#include "util.h"
/*
* MODULE NOTES
@@ -66,7 +68,6 @@ int
setup_output_fifo (void)
{
OutputPlugin *plugin;
- bstring name;
/* Allocate and setup plugin data record. */
plugin = (OutputPlugin*)malloc(sizeof(OutputPlugin));
@@ -92,15 +93,11 @@ setup_output_fifo (void)
* DESCRIPTION : This function will initialize the FIFO
* : file.
* INPUT : 0 - FIFO filename
- * RETURN : None!
+ * RETURN : 0 success, -1 failure
* --------------------------------------------------------- */
int
init_output_fifo (bstring fifo_file)
{
- FILE *fp;
- register u_int len = 0;
- char *filename;
-
verbose_message("Initializing FIFO output plugin.");
/* Make sure report_file isn't NULL. */
@@ -109,13 +106,13 @@ init_output_fifo (bstring fifo_file)
output_fifo_conf.filename = bstrcpy(fifo_file);
- mkfifo (bdata(fifo_file), S_IFIFO | 0755);
+ mkfifo ((char *)bdata(fifo_file), 0755);
verbose_message("Open FIFO File\n");
- if ((output_fifo_conf.file = fopen(bdata(fifo_file), "w+")) == NULL)
+ if ((output_fifo_conf.file = fopen((char*)bdata(fifo_file), "w+")) == NULL)
err_message("Unable to open FIFO file (%s)!\n", bdata(fifo_file));
- return;
+ return 0;
}
/* ----------------------------------------------------------
@@ -138,8 +135,9 @@ print_asset_fifo (Asset *rec)
if (gc.hide_unknowns == 0 || ((biseq(rec->service, bfromcstr("unknown")) != 0) &&
(biseq(rec->application, bfromcstr("unknown")) != 0))) {
fprintf(output_fifo_conf.file, "01,%s,%d,%d,%s,%s,%d\n",
- inet_ntoa(rec->ip_addr), ntohs(rec->port), rec->proto, bdata(rec->service),
- bdata(rec->application), rec->discovered);
+ inet_ntoa(rec->ip_addr), ntohs(rec->port), rec->proto,
+ bdata(rec->service), bdata(rec->application),
+ (int)rec->discovered);
fflush(output_fifo_conf.file);
}
} else {
@@ -165,11 +163,13 @@ print_arp_asset_fifo (ArpAsset *rec)
/* Print to File */
if (output_fifo_conf.file != NULL) {
if (rec->mac_resolved != NULL) {
- fprintf(output_fifo_conf.file, "02,%s,%s,%s,%d\n", inet_ntoa(rec->ip_addr),
- rec->mac_resolved, hex2mac(&rec->mac_addr), rec->discovered);
+ fprintf(output_fifo_conf.file, "02,%s,%s,%s,%d\n",
+ inet_ntoa(rec->ip_addr), bdata(rec->mac_resolved),
+ hex2mac(rec->mac_addr), (int)rec->discovered);
} else {
- fprintf(output_fifo_conf.file, "02,%s,unknown,%s,%d\n", inet_ntoa(rec->ip_addr),
- hex2mac(&rec->mac_addr), rec->discovered);
+ fprintf(output_fifo_conf.file, "02,%s,unknown,%s,%d\n",
+ inet_ntoa(rec->ip_addr), hex2mac(rec->mac_addr),
+ (int)rec->discovered);
}
fflush(output_fifo_conf.file);
@@ -196,7 +196,8 @@ print_stat_fifo (Asset *rec)
{
if (output_fifo_conf.file != NULL) {
fprintf(output_fifo_conf.file, "03,%s,%d,%d,%d\n",
- inet_ntoa(rec->ip_addr), ntohs(rec->port), rec->proto, time(NULL));
+ inet_ntoa(rec->ip_addr), ntohs(rec->port), rec->proto,
+ (int)time(NULL));
fflush(output_fifo_conf.file);
} else {
diff -urp pads-1.2.orig/src/output/output-fifo.h pads-1.2/src/output/output-fifo.h
--- pads-1.2.orig/src/output/output-fifo.h 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/src/output/output-fifo.h 2008-06-30 13:28:28.000000000 -0400
@@ -25,6 +25,8 @@
* $Id: output-fifo.h,v 1.3 2005/02/18 05:39:09 mattshelton Exp $
*
**************************************************************************/
+#ifndef OUTPUT_FIFO_HEADER
+#define OUTPUT_FIFO_HEADER
/* DEFINES ----------------------------------------- */
#ifdef LINUX
@@ -56,9 +58,11 @@ typedef struct _OutputFIFOConf
/* PROTOTYPES -------------------------------------- */
+int setup_output_fifo (void);
int init_output_fifo (bstring fifo_file);
int print_asset_fifo (Asset *rec);
int print_arp_asset_fifo (ArpAsset *rec);
int print_stat_fifo (Asset *rec);
int end_output_fifo (void);
+#endif
diff -urp pads-1.2.orig/src/output/output.h pads-1.2/src/output/output.h
--- pads-1.2.orig/src/output/output.h 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/src/output/output.h 2008-06-30 13:28:28.000000000 -0400
@@ -25,6 +25,8 @@
* $Id: output.h,v 1.3 2005/02/18 05:39:09 mattshelton Exp $
*
**************************************************************************/
+#ifndef OUTPUT_HEADER
+#define OUTPUT_HEADER
/* DEFINES ----------------------------------------- */
#ifdef LINUX
@@ -77,3 +79,4 @@ int print_arp_asset (struct in_addr ip_a
int print_stat(struct in_addr ip_addr, u_int16_t port, unsigned short proto);
void end_output (void);
+#endif
diff -urp pads-1.2.orig/src/output/output-screen.c pads-1.2/src/output/output-screen.c
--- pads-1.2.orig/src/output/output-screen.c 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/src/output/output-screen.c 2008-06-30 13:28:28.000000000 -0400
@@ -24,7 +24,9 @@
* $Id: output-screen.c,v 1.5 2005/02/22 16:09:25 mattshelton Exp $
*
**************************************************************************/
+#include <arpa/inet.h>
#include "output-screen.h"
+#include "util.h"
/* ----------------------------------------------------------
* FUNCTION : setup_output_screen
@@ -38,7 +40,6 @@ int
setup_output_screen (void)
{
OutputPlugin *plugin;
- bstring name;
/* Allocate and setup plugin data record. */
plugin = (OutputPlugin*)malloc(sizeof(OutputPlugin));
diff -urp pads-1.2.orig/src/output/output-screen.h pads-1.2/src/output/output-screen.h
--- pads-1.2.orig/src/output/output-screen.h 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/src/output/output-screen.h 2008-06-30 13:28:28.000000000 -0400
@@ -25,6 +25,8 @@
* $Id: output-screen.h,v 1.3 2005/02/18 05:39:09 mattshelton Exp $
*
**************************************************************************/
+#ifndef OUTPUT_SCREEN_HEADER
+#define OUTPUT_SCREEN_HEADER
/* DEFINES ----------------------------------------- */
#ifdef LINUX
@@ -43,16 +45,12 @@
#include "output.h"
-/* TYPEDEFS ---------------------------------------- */
-typedef struct _OutputCSVConf
-{
- FILE *file;
-} OutputCSVConf;
-
-
/* PROTOTYPES -------------------------------------- */
int setup_output_screen (void);
int init_output_screen (bstring args);
int print_asset_screen (Asset *rec);
int print_arp_asset_screen (ArpAsset *rec);
int end_output_screen (void);
+
+#endif
+
diff -urp pads-1.2.orig/src/packet.c pads-1.2/src/packet.c
--- pads-1.2.orig/src/packet.c 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/src/packet.c 2008-06-30 13:28:28.000000000 -0400
@@ -26,6 +26,10 @@
*
**************************************************************************/
#include "packet.h"
+#include "output/output.h"
+#include "storage.h"
+#include "monnet.h"
+#include "identification.h"
/* ----------------------------------------------------------
* FUNCTION : process_eth
@@ -157,9 +161,9 @@ void process_arp (const struct pcap_pkth
case ARPOP_REPLY:
memcpy(&ip_addr.s_addr, arph->arp_spa, sizeof(u_int8_t) * 4);
- if (check_arp_asset(ip_addr, arph->arp_sha) == 1) {
- add_arp_asset(ip_addr, arph->arp_sha, 0);
- print_arp_asset (ip_addr, arph->arp_sha);
+ if (check_arp_asset(ip_addr, (char *)arph->arp_sha) == 1) {
+ add_arp_asset(ip_addr, (char *)arph->arp_sha, 0);
+ print_arp_asset (ip_addr, (char *)arph->arp_sha);
}
break;
@@ -222,7 +226,7 @@ void process_tcp (const struct pcap_pkth
* Check to see if this ACK packet needs to be
* identified.
*/
- payload = (u_char *)(packet + sizeof(struct tcphdr) + len);
+ payload = (char *)(packet + sizeof(struct tcphdr) + len);
/* Attempt to identify this asset. */
if(tcp_identify(ip_src, tcph->th_sport, payload,
diff -urp pads-1.2.orig/src/pads.c pads-1.2/src/pads.c
--- pads-1.2.orig/src/pads.c 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/src/pads.c 2008-06-30 13:28:28.000000000 -0400
@@ -26,6 +26,13 @@
*
**************************************************************************/
#include "pads.h"
+#include "util.h"
+#include "storage.h"
+#include "output/output.h"
+#include "identification.h"
+#include "mac-resolution.h"
+#include "monnet.h"
+#include "configuration.h"
/* Variable Declarations */
GC gc; /* Global Configuration */
@@ -34,6 +41,9 @@ proc_t processor;
char **prog_argv;
int prog_argc;
+/* Function Declarations */
+static int process_cmdline (int argc, char *argv[]);
+
/* ----------------------------------------------------------
* FUNCTION : process_pkt
* DESCRIPTION : This function takes data from libpcap and
@@ -210,7 +220,7 @@ main_pads (void)
if (gc.pcap_file) {
/* Read from PCAP file specified by '-r' switch. */
log_message("Reading from file %s\n", bdata(gc.pcap_file));
- if (!(gc.handle = pcap_open_offline(bdata(gc.pcap_file), errbuf))) {
+ if (!(gc.handle = pcap_open_offline((char *)bdata(gc.pcap_file), errbuf))) {
err_message("Unable to open %s. (%s)", bdata(gc.pcap_file), errbuf);
}
@@ -268,7 +278,7 @@ main_pads (void)
/* Open banner dump file if specified (-d). */
if (gc.dump_file) {
verbose_message("Opening Banner Dump File");
- if (!(gc.dumper = pcap_dump_open(gc.handle, bdata(gc.dump_file))))
+ if (!(gc.dumper = pcap_dump_open(gc.handle, (char *)bdata(gc.dump_file))))
err_message("Cannot open dump file - %s\n", pcap_geterr(gc.handle));
}
@@ -323,7 +333,7 @@ end_pads(void)
/* Remove PID File */
if (gc.daemon_mode == 1)
- if ((unlink(bdata(gc.pid_file))) != 0)
+ if ((unlink((char *)bdata(gc.pid_file))) != 0)
log_message("WARNING: Unable to remove PID file - %s\n", bdata(gc.pid_file));
/* End Modules */
@@ -370,7 +380,7 @@ end_pads(void)
* RETURN : 0 - Success
* : -1 - Error
* ---------------------------------------------------------- */
-int
+static int
process_cmdline (int argc, char *argv[])
{
int ch;
@@ -477,11 +487,6 @@ sig_hup_handler(int signal)
int
main(int argc, char *argv[])
{
- /* Variables */
- int i;
- struct pcap_pkthdr header; /* The header that pcap gives us */
- const u_char *packet; /* The actual packet */
-
/* Copy Command Line Args */
prog_argc = argc;
prog_argv = argv;
diff -urp pads-1.2.orig/src/storage.c pads-1.2/src/storage.c
--- pads-1.2.orig/src/storage.c 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/src/storage.c 2008-06-30 13:28:28.000000000 -0400
@@ -24,7 +24,10 @@
* $Id: storage.c,v 1.3 2005/02/16 01:47:35 mattshelton Exp $
*
**************************************************************************/
+#include <arpa/inet.h>
+#include <netinet/ether.h>
#include "storage.h"
+#include "mac-resolution.h"
Asset *asset_list;
ArpAsset *arp_asset_list;
@@ -400,7 +403,7 @@ inline Asset *
find_asset (struct in_addr ip_addr, u_int16_t port, unsigned short proto)
{
Asset *list;
- Asset *rec;
+ Asset *rec = NULL;
list = asset_list;
@@ -469,7 +472,7 @@ void print_database ()
while (rec != NULL) {
printf("%d: %s,%d,%d,%d,%s,%s,%d\n",
id, inet_ntoa(rec->ip_addr), ntohs(rec->port),
- rec->proto, rec->discovered,
+ rec->proto, (int)rec->discovered,
bdata(rec->service), bdata(rec->application),
rec->i_attempts);
rec = rec->next;
@@ -482,7 +485,7 @@ void print_database ()
arp = arp_asset_list;
while (arp != NULL) {
printf("%d: %s,%s,%d\n", id, inet_ntoa(arp->ip_addr),
- ether_ntoa(&arp->mac_addr), arp->discovered);
+ ether_ntoa((struct ether_addr *)arp->mac_addr), (int)arp->discovered);
arp = arp->next;
id++;
}
diff -urp pads-1.2.orig/src/util.c pads-1.2/src/util.c
--- pads-1.2.orig/src/util.c 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/src/util.c 2008-06-30 13:28:28.000000000 -0400
@@ -25,8 +25,10 @@
* $Id: util.c,v 1.6 2005/03/11 01:31:15 mattshelton Exp $
*
**************************************************************************/
+#include <unistd.h>
+#include <ctype.h>
#include "util.h"
-
+#include "pads.h"
/* ----------------------------------------------------------
* FUNCTION : strip_comment
@@ -60,11 +62,12 @@ strip_comment (char *string)
int
chomp (char *string, int size)
{
- for (size; size >= 0; size--) {
+ while (size >= 0) {
if (string[size] == '\n') {
string[size] = '\0';
return 1;
}
+ size--;
}
return 0;
@@ -121,7 +124,7 @@ init_pid_file (bstring pid_file, bstring
gc.pid_file = bfromcstr("/var/run/pads.pid");
/* Create PID File */
- if ((fp = fopen(bdata(gc.pid_file), "w")) != NULL) {
+ if ((fp = fopen((char *)bdata(gc.pid_file), "w")) != NULL) {
pid = (int) getpid();
fprintf(fp, "%d\n", pid);
fclose(fp);
@@ -133,11 +136,11 @@ init_pid_file (bstring pid_file, bstring
if (user == NULL || group == NULL)
return;
- if ((this_group = getgrnam(bdata(group))) == NULL)
+ if ((this_group = getgrnam((char *)bdata(group))) == NULL)
err_message("'%s' group does not appear to exist.", bdata(group));
- if ((this_user = getpwnam(bdata(user))) == NULL)
+ if ((this_user = getpwnam((char *)bdata(user))) == NULL)
err_message("'%s' user does not appear to exist.", bdata(user));
- if ((chown(pid_file, this_user->pw_uid, this_group->gr_gid)) != 0)
+ if ((chown((char *)bdata(pid_file), this_user->pw_uid, this_group->gr_gid)) != 0)
err_message("Unable to change PID file's ownership.");
}
@@ -343,7 +346,7 @@ strlcpy(char *dst, const char *src, size
size_t
strlcat(char *dst, const char *src, size_t len) {
char *dstptr = dst;
- size_t dstlen, tocopy;
+ size_t dstlen, tocopy = len;
const char *srcptr = src;
while (tocopy-- && *dstptr) dstptr++;
@@ -384,10 +387,10 @@ drop_privs (bstring newuser, bstring new
if (newuser == NULL || newgroup == NULL)
return;
- if ((this_group = getgrnam(bdata(newgroup))) == NULL)
+ if ((this_group = getgrnam((char *)bdata(newgroup))) == NULL)
err_message("'%s' group does not appear to exist.", bdata(newgroup));
- if ((this_user = getpwnam(bdata(newuser))) == NULL)
+ if ((this_user = getpwnam((char *)bdata(newuser))) == NULL)
err_message("'%s' user does not appear to exist.", bdata(newuser));
/* Set Group */
@@ -458,7 +461,7 @@ mac2hex(const char *mac, char *dst, int
* RETURN : 0 - MAC Address String
* ---------------------------------------------------------- */
char *
-hex2mac(unsigned const char *mac)
+hex2mac(const char *mac)
{
static char buf[18];
diff -urp pads-1.2.orig/src/util.h pads-1.2/src/util.h
--- pads-1.2.orig/src/util.h 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/src/util.h 2008-06-30 13:28:28.000000000 -0400
@@ -53,6 +53,6 @@ size_t strlcat(char *dst, const char *sr
#endif
void drop_privs (bstring newuser, bstring newgroup);
void mac2hex(const char *mac, char *dst, int len);
-char *hex2mac(unsigned const char *mac);
+char *hex2mac(const char *mac);
/* GLOBALS ----------------------------------------- */
pads-1.2-daemon.patch:
--- NEW FILE pads-1.2-daemon.patch ---
diff -urp pads-1.2.orig/src/configuration.c pads-1.2/src/configuration.c
--- pads-1.2.orig/src/configuration.c 2008-07-08 14:28:29.000000000 -0400
+++ pads-1.2/src/configuration.c 2008-07-15 15:59:49.000000000 -0400
@@ -115,7 +115,7 @@ void parse_line (bstring line)
else
gc.daemon_mode = 0;
}
-
+ become_daemon();
} else if ((biseqcstr(param, "pid_file")) == 1) {
/* PID FILE */
gc.pid_file = bstrcpy(value);
diff -urp pads-1.2.orig/src/pads.c pads-1.2/src/pads.c
--- pads-1.2.orig/src/pads.c 2008-07-12 08:36:10.000000000 -0400
+++ pads-1.2/src/pads.c 2008-07-15 16:02:25.000000000 -0400
@@ -236,21 +236,13 @@ init_pads (void)
if ((activate_output_plugin(name, gc.report_file)) == -1)
err_message("Error: 'activate_output_plugin' in function 'init_pads' failed.");
bdestroy(name);
+ become_daemon();
}
/* Initialize Modules */
init_identification();
init_mac_resolution();
- /* Daemon Mode: fork child process */
- if (gc.daemon_mode) {
- verbose_message("[-] Daemonizing...\n");
- if (daemon(0, 0) < 0) {
- err_message("Daemonize failed");
- }
- init_pid_file(gc.pid_file, gc.priv_user, gc.priv_group);
- }
-
/* Signal Trapping */
(void) signal(SIGTERM, sig_term_handler);
(void) signal(SIGINT, sig_int_handler);
@@ -291,9 +283,13 @@ main_pads (void)
/* Determine Sniffing Interface */
if (!gc.dev) {
+ char *dev;
verbose_message("Looking for sniffing interface");
- if (!(gc.dev = pcap_lookupdev(errbuf)))
- err_message("Unable to find a sniffing interface! (%s)", errbuf);
+ dev = pcap_lookupdev(errbuf);
+ if (!dev)
+ err_message("Unable to find a sniffing interface! (%s)",
+ errbuf);
+ gc.dev = strdup(dev);
}
/* Set up libpcap connection. */
diff -urp pads-1.2.orig/src/util.c pads-1.2/src/util.c
--- pads-1.2.orig/src/util.c 2008-07-08 14:28:29.000000000 -0400
+++ pads-1.2/src/util.c 2008-07-15 16:02:38.000000000 -0400
@@ -81,7 +81,7 @@ chomp (char *string, int size)
* INPUT : 0 - PID filename
* RETURN : None!
* ---------------------------------------------------------- */
-void
+static void
init_pid_file (bstring pid_file, bstring user, bstring group)
{
int pid;
@@ -116,6 +116,23 @@ init_pid_file (bstring pid_file, bstring
}
/* ----------------------------------------------------------
+ * * FUNCTION : become_daemon
+ * * DESCRIPTION : This function makes pads into a daemon
+ * * RETURN : none
+ * * ---------------------------------------------------------- */
+void become_daemon(void)
+{
+ if (gc.daemon_mode) {
+ /* Daemon Mode: fork child process */
+ verbose_message("[-] Daemonizing...\n");
+ if (daemon(0, 0) < 0) {
+ err_message("Daemonize failed");
+ }
+ init_pid_file(gc.pid_file, gc.priv_user, gc.priv_group);
+ }
+}
+
+/* ----------------------------------------------------------
* FUNCTION : copy_argv
* DESCRIPTION : This function will flatten argv into a
* : single string. This function was taken
diff -urp pads-1.2.orig/src/util.h pads-1.2/src/util.h
--- pads-1.2.orig/src/util.h 2008-07-08 14:28:29.000000000 -0400
+++ pads-1.2/src/util.h 2008-07-15 16:03:04.000000000 -0400
@@ -39,7 +39,7 @@
/* PROTOTYPES -------------------------------------- */
void strip_comment (char *string);
int chomp (char *string, int size);
-void init_pid_file (bstring pid_file, bstring user, bstring group);
+void become_daemon(void);
char *copy_argv(register char **argv);
void log_message (const char *msg, ...)
#ifdef __GNUC__
pads-1.2-daemonize.patch:
--- NEW FILE pads-1.2-daemonize.patch ---
diff -urp pads-1.2.orig/etc/pads.conf pads-1.2/etc/pads.conf
--- pads-1.2.orig/etc/pads.conf 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/etc/pads.conf 2008-07-01 15:54:01.000000000 -0400
@@ -15,7 +15,7 @@
# -------------------------
# This parameter determines whether the application will go into the background.
# 0 = Disable, 1 = Enable
-daemon 0
+daemon 1
# pid_file
# -------------------------
@@ -62,13 +62,13 @@ pid_file /var/run/pads.pid
# -------------------------
# This output plugin displays PADS data to the screen. It is mainly used for
# debugging purposes.
-output screen
+#output screen
# output: csv
# -------------------------
# This output plugin writes PADS data to a CSV file. Optionally, a CSV filename
# can be specified as an argument.
-output csv: assets.csv
+output csv: /etc/pads-assets.csv
# output: fifo
# -------------------------
diff -urp pads-1.2.orig/src/output/output-csv.c pads-1.2/src/output/output-csv.c
--- pads-1.2.orig/src/output/output-csv.c 2008-06-30 17:54:33.000000000 -0400
+++ pads-1.2/src/output/output-csv.c 2008-07-01 15:53:30.000000000 -0400
@@ -130,7 +130,8 @@ read_report_file (void)
struct bstrList *lines;
int i;
- printf("[-] Processing Existing %s\n", bdata(output_csv_conf.filename));
+
+ log_message("[-] Processing Existing %s\n", bdata(output_csv_conf.filename));
/* Open Signature File */
if ((fp = fopen((char *)bdata(output_csv_conf.filename), "r")) == NULL) {
diff -urp pads-1.2.orig/src/pads.c pads-1.2/src/pads.c
--- pads-1.2.orig/src/pads.c 2008-06-30 17:54:33.000000000 -0400
+++ pads-1.2/src/pads.c 2008-07-01 15:53:30.000000000 -0400
@@ -195,6 +195,9 @@ init_pads (void)
/* Process the command line parameters. */
process_cmdline(prog_argc, prog_argv);
+ if (!gc.daemon_mode)
+ print_header();
+
/* Initialize Output Module */
init_output();
@@ -523,7 +526,6 @@ main(int argc, char *argv[])
prog_argv = argv;
/* Main Program */
- print_header();
main_pads();
return(0);
diff -urp pads-1.2.orig/src/util.c pads-1.2/src/util.c
--- pads-1.2.orig/src/util.c 2008-07-01 12:46:15.000000000 -0400
+++ pads-1.2/src/util.c 2008-07-01 15:53:30.000000000 -0400
@@ -85,7 +85,8 @@ daemonize ()
{
pid_t pid;
- printf("[-] Daemonizing...\n");
+ if (!gc.daemon_mode)
+ printf("[-] Daemonizing...\n");
pid = fork();
if (pid > 0) {
pads-1.2-disable-debug.patch:
--- NEW FILE pads-1.2-disable-debug.patch ---
diff -ur pads-1.2.orig/src/global.h pads-1.2/src/global.h
--- pads-1.2.orig/src/global.h 2008-06-30 13:56:52.000000000 -0400
+++ pads-1.2/src/global.h 2008-07-01 13:57:59.000000000 -0400
@@ -45,7 +45,7 @@
#define I_ATTEMPTS 4
-#define DEBUG
+//#define DEBUG
#define PADS_SIGNATURE_LIST "pads-signature-list"
#define PADS_ETHER_CODES "pads-ether-codes"
pads-1.2-ether-codes-update.patch:
--- NEW FILE pads-1.2-ether-codes-update.patch ---
--- pads-1.2.orig/etc/pads-ether-codes 2005-02-10 01:05:01.000000000 -0500
+++ pads-1.2/etc/pads-ether-codes 2004-07-20 10:33:42.000000000 -0400
@@ -32,7 +40,7 @@
00:00:14 Netronix
00:00:15 Datapoint Corporation
00:00:16 Du Pont Pixel Systems .
-00:00:17 Private
+00:00:17 Tekelec
00:00:18 Webster Computer Corporation
00:00:19 Applied Dynamics International
00:00:1A Advanced Micro Devices
@@ -47,11 +55,11 @@
00:00:23 Abb Industrial Systems Ab
00:00:24 Connect As
00:00:25 Ramtek Corp.
-00:00:26 Sha-ken Co., Ltd.
+00:00:26 Sha-Ken Co., Ltd.
00:00:27 Japan Radio Company
00:00:28 Prodigy Systems Corporation
00:00:29 Imc Networks Corp.
-00:00:2A Trw - Sedd/inp
+00:00:2A Trw - Sedd/Inp
00:00:2B Crisp Automation, Inc
00:00:2C Autotote Limited
00:00:2D Chromatics Inc
@@ -91,10 +99,10 @@
00:00:4F Logicraft, Inc.
00:00:50 Radisys Corporation
00:00:51 Hob Electronic Gmbh & Co. Kg
-00:00:52 Intrusion.com, Inc.
+00:00:52 Intrusion.Com, Inc.
00:00:53 Compucorp
00:00:54 Modicon, Inc.
-00:00:55 Commissariat A L`energie Atom.
+00:00:55 Commissariat A L`Energie Atom.
00:00:56 Dr. B. Struck
00:00:57 Scitex Corporation Ltd.
00:00:58 Racore Computer Products Inc.
@@ -108,7 +116,7 @@
00:00:60 Kontron Elektronik Gmbh
00:00:61 Gateway Communications
00:00:62 Bull Hn Information Systems
-00:00:63 Dr.ing.seufert Gmbh
+00:00:63 Dr.Ing.Seufert Gmbh
00:00:64 Yokogawa Digital Computer Corp
00:00:65 Network Associates, Inc.
00:00:66 Talaris Systems, Inc.
@@ -116,11 +124,11 @@
00:00:68 Rosemount Controls
00:00:69 Concord Communications Inc
00:00:6A Computer Consoles Inc.
-00:00:6B Silicon Graphics Inc./mips
+00:00:6B Silicon Graphics Inc./Mips
00:00:6C Private
00:00:6D Cray Communications, Ltd.
00:00:6E Artisoft, Inc.
-00:00:6F Madge Networks Ltd.
+00:00:6F Madge Ltd.
00:00:70 Hcl Limited
00:00:71 Adra Systems Inc.
00:00:72 Miniware Technology
@@ -136,8 +144,8 @@
00:00:7C Ampere Incorporated
00:00:7D Sun Microsystems, Inc.
00:00:7E Clustrix Corporation
-00:00:7F Linotype-hell Ag
-00:00:80 Cray Communications A/s
+00:00:7F Linotype-Hell Ag
+00:00:80 Cray Communications A/S
00:00:81 Bay Networks
00:00:82 Lectra Systemes Sa
00:00:83 Tadpole Technology Plc
@@ -149,7 +157,7 @@
00:00:89 Cayman Systems Inc.
00:00:8A Datahouse Information Systems
00:00:8B Infotron
-00:00:8C Alloy Computer Products (australia) Pty Ltd
+00:00:8C Alloy Computer Products (Australia) Pty Ltd
00:00:8D Verdix Corporation
00:00:8E Solbourne Computer, Inc.
00:00:8F Raytheon Company
@@ -163,11 +171,11 @@
00:00:97 Epoch Systems
00:00:98 Crosscomm Corporation
00:00:99 Mtx, Inc.
-00:00:9A Rc Computer A/s
+00:00:9A Rc Computer A/S
00:00:9B Information International, Inc
-00:00:9C Rolm Mil-spec Computers
+00:00:9C Rolm Mil-Spec Computers
00:00:9D Locus Computing Corporation
-00:00:9E Marli S.a.
+00:00:9E Marli S.A.
00:00:9F Ameristar Technologies Inc.
00:00:A0 Tokyo Sanyo Electric Co. Ltd.
00:00:A1 Marquette Electric Co.
@@ -185,34 +193,34 @@
00:00:AD Bruker Instruments Inc.
00:00:AE Dassault Electronique
00:00:AF Nuclear Data Instrumentation
-00:00:B0 Rnd-rad Network Devices
+00:00:B0 Rnd-Rad Network Devices
00:00:B1 Alpha Microsystems Inc.
00:00:B2 Televideo Systems, Inc.
00:00:B3 Cimlinc Incorporated
00:00:B4 Edimax Computer Company
00:00:B5 Datability Software Sys. Inc.
-00:00:B6 Micro-matic Research
+00:00:B6 Micro-Matic Research
00:00:B7 Dove Computer Corporation
00:00:B8 Seikosha Co., Ltd.
00:00:B9 Mcdonnell Douglas Computer Sys
00:00:BA Siig, Inc.
-00:00:BB Tri-data
-00:00:BC Allen-bradley Co. Inc.
+00:00:BB Tri-Data
+00:00:BC Allen-Bradley Co. Inc.
00:00:BD Mitsubishi Cable Company
00:00:BE The Nti Group
00:00:BF Symmetric Computer Systems
00:00:C0 Western Digital Corporation
-00:00:C1 Madge Networks Ltd.
+00:00:C1 Madge Ltd.
00:00:C2 Information Presentation Tech.
00:00:C3 Harris Corp Computer Sys Div
00:00:C4 Waters Div. Of Millipore
-00:00:C5 Farallon Computing/netopia
+00:00:C5 Farallon Computing/Netopia
00:00:C6 Eon Systems
00:00:C7 Arix Corporation
00:00:C8 Altos Computer Systems
00:00:C9 Emulex Corporation
00:00:CA Applitek
-00:00:CB Compu-shack Electronic Gmbh
+00:00:CB Compu-Shack Electronic Gmbh
00:00:CC Densan Co., Ltd.
00:00:CD Allied Telesyn Research Ltd.
00:00:CE Megadata Corp.
@@ -267,8 +275,8 @@
00:00:FF Camtec Electronics Ltd.
00:01:00 Equip'trans
00:01:01 Private
-00:01:02 3com Corporation
-00:01:03 3Com 3CRWE62092A
+00:01:02 3Com Corporation
+00:01:03 3Com Corporation
00:01:04 Dvico Co., Ltd.
00:01:05 Beckhoff Gmbh
00:01:06 Tews Datentechnik Gmbh
@@ -279,12 +287,12 @@
00:01:0B Space Cyberlink, Inc.
00:01:0C System Talks Inc.
00:01:0D Coreco, Inc.
-00:01:0E Bri-link Technologies Co., Ltd
+00:01:0E Bri-Link Technologies Co., Ltd
00:01:0F Nishan Systems, Inc.
00:01:10 Gotham Networks
00:01:11 Idigm Inc.
00:01:12 Shark Multimedia Inc.
-00:01:13 Olympus Optical Co., Ltd.
+00:01:13 Olympus Corporation
00:01:14 Kanda Tsushin Kogyo Co., Ltd.
00:01:15 Extratech Corporation
00:01:16 Netspect Technologies, Inc.
@@ -297,8 +305,8 @@
00:01:1D Centillium Communications
00:01:1E Precidia Technologies, Inc.
00:01:1F Rc Networks, Inc.
-00:01:20 Oscilloquartz S.a.
-00:01:21 Rapidstream Inc.
+00:01:20 Oscilloquartz S.A.
+00:01:21 Watchguard Technologies, Inc.
00:01:22 Trend Communications, Ltd.
00:01:23 Digital Electronics Corp.
00:01:24 Acer Incorporated
@@ -337,9 +345,9 @@
00:01:45 Winsystems, Inc.
00:01:46 Tesco Controls, Inc.
00:01:47 Zhone Technologies
-00:01:48 X-traweb Inc.
-00:01:49 T.d.t. Transfer Data Test Gmbh
-00:01:4A Sony Computer Science Labs., I
+00:01:48 X-Traweb Inc.
+00:01:49 T.D.T. Transfer Data Test Gmbh
+00:01:4A Sony Corporation
00:01:4B Ennovate Networks, Inc.
00:01:4C Berkeley Process Control
00:01:4D Shin Kin Enterprises Co., Ltd
@@ -349,16 +357,16 @@
00:01:51 Ensemble Communications
00:01:52 Chromatek Inc.
00:01:53 Archtek Telecom Corporation
-00:01:54 G3m Corporation
+00:01:54 G3M Corporation
00:01:55 Promise Technology, Inc.
-00:01:56 Firewiredirect.com, Inc.
+00:01:56 Firewiredirect.Com, Inc.
00:01:57 Syswave Co., Ltd
-00:01:58 Electro Industries/gauge Tech
[...5824 lines suppressed...]
@@ -6089,11 +7370,11 @@
00:E0:BF Torrent Networking Technologies Corp.
00:E0:C0 Seiwa Electric Mfg. Co., Ltd.
00:E0:C1 Memorex Telex Japan, Ltd.
-00:E0:C2 Necsy S.p.a.
+00:E0:C2 Necsy S.P.A.
00:E0:C3 Sakai System Development Corp.
00:E0:C4 Horner Electric, Inc.
00:E0:C5 Bcom Electronics Inc.
-00:E0:C6 Link2it, L.l.c.
+00:E0:C6 Link2It, L.L.C.
00:E0:C7 Eurotech Srl
00:E0:C8 Virtual Access, Ltd.
00:E0:C9 Automatedlogic Corporation
@@ -6118,15 +7399,15 @@
00:E0:DC Nexware Corp.
00:E0:DD Zenith Electronics Corporation
00:E0:DE Datax Nv
-00:E0:DF Ke Kommunikations-electronik
+00:E0:DF Ke Kommunikations-Electronik
00:E0:E0 Si Electronics, Ltd.
00:E0:E1 G2 Networks, Inc.
00:E0:E2 Innova Corp.
-00:E0:E3 Sk-elektronik Gmbh
+00:E0:E3 Sk-Elektronik Gmbh
00:E0:E4 Fanuc Robotics North America, Inc.
00:E0:E5 Cinco Networks, Inc.
-00:E0:E6 Incaa Datacom B.v.
-00:E0:E7 Raytheon E-systems, Inc.
+00:E0:E6 Incaa Datacom B.V.
+00:E0:E7 Raytheon E-Systems, Inc.
00:E0:E8 Gretacoder Data Systems Ag
00:E0:E9 Data Labs, Inc.
00:E0:EA Innovat Communications, Inc.
@@ -6139,7 +7420,7 @@
00:E0:F1 That Corporation
00:E0:F2 Arlotto Comnet, Inc.
00:E0:F3 Websprint Communications, Inc.
-00:E0:F4 Inside Technology A/s
+00:E0:F4 Inside Technology A/S
00:E0:F5 Teles Ag
00:E0:F6 Decision Europe
00:E0:F7 Cisco Systems, Inc.
@@ -6148,25 +7429,25 @@
00:E0:FA Trl Technology, Ltd.
00:E0:FB Leightronix, Inc.
00:E0:FC Huawei Technologies Co., Ltd.
-00:E0:FD A-trend Technology Co., Ltd.
+00:E0:FD A-Trend Technology Co., Ltd.
00:E0:FE Cisco Systems, Inc.
00:E0:FF Security Dynamics Technologies, Inc.
00:E6:D3 Nixdorf Computer Corp.
-02:07:01 Racal-datacom
+02:07:01 Racal-Datacom
02:1C:7C Perq Systems Corporation
02:60:86 Logic Replacement Tech. Ltd.
-02:60:8C 3com Corporation
-02:70:01 Racal-datacom
-02:70:B0 M/a-com Inc. Companies
+02:60:8C 3Com Corporation
+02:70:01 Racal-Datacom
+02:70:B0 M/A-Com Inc. Companies
02:70:B3 Data Recall Ltd
02:9D:8E Cardiac Recorders Inc.
-02:AA:3C Olivetti Telecomm Spa (olteco)
+02:AA:3C Olivetti Telecomm Spa (Olteco)
02:BB:01 Octothorpe Corp.
-02:C0:8C 3com Corporation
+02:C0:8C 3Com Corporation
02:CF:1C Communication Machinery Corp.
02:E6:D3 Nixdorf Computer Corporation
04:0A:E0 Xmit Ag Computer Networks
-04:E0:C4 Triumph-adler Ag
+04:E0:C4 Triumph-Adler Ag
08:00:01 Computervision Corporation
08:00:02 Bridge Communications Inc.
08:00:03 Advanced Computer Comm.
@@ -6191,36 +7472,38 @@
08:00:17 National Semiconductor
08:00:18 Pirelli Focom Networks
08:00:19 General Electric Corporation
-08:00:1A Tiara/ 10net
+08:00:1A Tiara/ 10Net
08:00:1B Data General
-08:00:1C Kdd-kokusai Debnsin Denwa Co.
+08:00:1C Kdd-Kokusai Debnsin Denwa Co.
08:00:1D Able Communications Inc.
08:00:1E Apollo Computer Inc.
08:00:1F Sharp Corporation
08:00:20 Sun Microsystems Inc.
-08:00:21 3m Company
+08:00:21 3M Company
08:00:22 Nbi Inc.
-08:00:23 Matsuhita Graphic Comm Sys Inc
-08:00:24 10net Communications/dca
+08:00:23 Panasonic Communications Co., Ltd.
+08:00:24 10Net Communications/Dca
08:00:25 Control Data
-08:00:26 Norsk Data A.s.
+08:00:26 Norsk Data A.S.
08:00:27 Cadmus Computer Systems
08:00:28 Texas Instruments
08:00:29 Megatek Corporation
08:00:2A Mosaic Technologies Inc.
08:00:2B Digital Equipment Corporation
08:00:2C Britton Lee Inc.
-08:00:2D Lan-tec Inc.
+08:00:2D Lan-Tec Inc.
08:00:2E Metaphor Computer Systems
08:00:2F Prime Computer Inc.
+08:00:30 Network Research Corporation
08:00:30 Cern
+08:00:30 Royal Melbourne Inst Of Tech
08:00:31 Little Machines Inc.
08:00:32 Tigan Incorporated
08:00:33 Bausch & Lomb
08:00:34 Filenet Corporation
08:00:35 Microfive Corporation
08:00:36 Intergraph Corporation
-08:00:37 Fuji-xerox Co. Ltd.
+08:00:37 Fuji-Xerox Co. Ltd.
08:00:38 Cii Honeywell Bull
08:00:39 Spider Systems Limited
08:00:3A Orcatech Inc.
@@ -6230,7 +7513,7 @@
08:00:3E Codex Corporation
08:00:3F Fred Koschara Enterprises
08:00:40 Ferranti Computer Sys. Limited
-08:00:41 Racal-milgo Information Sys..
+08:00:41 Racal-Milgo Information Sys..
08:00:42 Japan Macnics Corp.
08:00:43 Pixel Computer Inc.
08:00:44 David Systems Inc.
@@ -6243,7 +7526,7 @@
08:00:4B Planning Research Corp.
08:00:4C Hydra Computer Systems Inc.
08:00:4D Corvus Systems Inc.
-08:00:4E 3com Europe Ltd.
+08:00:4E 3Com Europe Ltd.
08:00:4F Cygnet Systems
08:00:50 Daisy Systems Corp.
08:00:51 Experdata
@@ -6253,7 +7536,7 @@
08:00:56 Stanford Linear Accel. Center
08:00:57 Evans & Sutherland
08:00:58 Systems Concepts
-08:00:59 A/s Mycron
+08:00:59 A/S Mycron
08:00:5A Ibm Corporation
08:00:5B Vta Technologies Inc.
08:00:5C Four Phase Systems
@@ -6275,9 +7558,9 @@
08:00:6C Suntek Technology Int'l
08:00:6D Whitechapel Computer Works
08:00:6E Masscomp
-08:00:6F Philips Apeldoorn B.v.
+08:00:6F Philips Apeldoorn B.V.
08:00:70 Mitsubishi Electric Corp.
-08:00:71 Matra (dsie)
+08:00:71 Matra (Dsie)
08:00:72 Xerox Corp Univ Grant Program
08:00:73 Tecmar Inc.
08:00:74 Casio Computer Co. Ltd.
@@ -6289,15 +7572,15 @@
08:00:7A Indata
08:00:7B Sanyo Electric Co. Ltd.
08:00:7C Vitalink Communications Corp.
-08:00:7E Amalgamated Wireless(aus) Ltd
-08:00:7F Carnegie-mellon University
+08:00:7E Amalgamated Wireless(Aus) Ltd
+08:00:7F Carnegie-Mellon University
08:00:80 Aes Data Inc.
-08:00:81 Astech Inc.
+08:00:81 ,Astech Inc.
08:00:82 Veritas Software
-08:00:83 Seiko Instrum. And Electronics
+08:00:83 Seiko Instruments Inc.
08:00:84 Tomen Electronics Corp.
08:00:85 Elxsi
-08:00:86 Imagen Corporation
+08:00:86 Konica Minolta Holdings, Inc.
08:00:87 Xyplex
08:00:88 Mcdata Corporation
08:00:89 Kinetics
@@ -6308,8 +7591,8 @@
08:00:8E Tandem Computers
08:00:8F Chipcom Corporation
08:00:90 Sonoma Systems
-08:14:43 Unibrain S.a.
-08:BB:CC Ak-nord Edv Vertriebsges. Mbh
+08:14:43 Unibrain S.A.
+08:BB:CC Ak-Nord Edv Vertriebsges. Mbh
10:00:00 Private
10:00:5A Ibm Corporation
10:00:E8 National Semiconductor
@@ -6321,3 +7604,4 @@
AA:00:02 Digital Equipment Corporation
AA:00:03 Digital Equipment Corporation
AA:00:04 Digital Equipment Corporation
+AC:DE:48 Private
pads-1.2-leak.patch:
--- NEW FILE pads-1.2-leak.patch ---
diff -urp pads-1.2.orig/src/monnet.c pads-1.2/src/monnet.c
--- pads-1.2.orig/src/monnet.c 2008-07-08 14:28:29.000000000 -0400
+++ pads-1.2/src/monnet.c 2008-07-11 14:06:36.000000000 -0400
@@ -214,3 +214,23 @@ short check_monnet (const struct in_addr
/* Asset does not fall within a monitored network. */
return 0;
}
+
+/* ----------------------------------------------------------
+ * FUNCTION : end_monnet
+ * DESCRIPTION : This function will free all the records
+ * : placed in the monnet data structure.
+ * INPUT : None!
+ * RETURN : None!
+ * ---------------------------------------------------------- */
+void end_monnet (void)
+{
+ struct mon_net *next;
+
+ /* Free records in monnet list (mn). */
+ while (mn != NULL) {
+ next = mn->next;
+ free (mn);
+ mn = next;
+ }
+}
+
diff -urp pads-1.2.orig/src/monnet.h pads-1.2/src/monnet.h
--- pads-1.2.orig/src/monnet.h 2008-07-08 14:28:29.000000000 -0400
+++ pads-1.2/src/monnet.h 2008-07-11 14:06:36.000000000 -0400
@@ -44,6 +44,6 @@ void parse_networks (char *cmdline);
void init_netmasks (unsigned int nm[33]);
void add_monnet(char *network, char *netmask);
short check_monnet (const struct in_addr ip_addr);
-
+void end_monnet (void);
/* GLOBALS ----------------------------------------- */
diff -urp pads-1.2.orig/src/output/output-prelude.c pads-1.2/src/output/output-prelude.c
--- pads-1.2.orig/src/output/output-prelude.c 2008-07-08 14:28:29.000000000 -0400
+++ pads-1.2/src/output/output-prelude.c 2008-07-11 14:06:49.000000000 -0400
@@ -117,7 +117,7 @@ static int init_prelude(void)
static int new_alert_common(idmef_message_t **idmef, idmef_alert_t **alert)
{
int ret;
- idmef_time_t *ctime;
+ idmef_time_t *dt_time, *cr_time;
ret = idmef_message_new(idmef);
PRELUDE_FAIL_CHECK;
@@ -130,10 +130,12 @@ static int new_alert_common(idmef_messag
IDMEF_LIST_PREPEND);
// Set time this was created
- ret = idmef_time_new_from_gettimeofday(&ctime);
+ ret = idmef_time_new_from_gettimeofday(&dt_time);
PRELUDE_FAIL_CHECK;
- idmef_alert_set_detect_time(*alert, ctime);
- idmef_alert_set_create_time(*alert, ctime);
+ ret = idmef_time_clone(dt_time, &cr_time);
+ PRELUDE_FAIL_CHECK;
+ idmef_alert_set_detect_time(*alert, dt_time);
+ idmef_alert_set_create_time(*alert, cr_time);
return 0;
err:
@@ -287,6 +289,7 @@ static int asset_alert(Asset *a, idmef_m
PRELUDE_FAIL_CHECK;
ret = prelude_string_set_dup(name, (char *)bdata(a->service));
PRELUDE_FAIL_CHECK;
+ idmef_service_set_name(service, name);
if (bdata(a->application) != NULL) {
ret = idmef_alert_new_additional_data(alert, &data,
IDMEF_LIST_APPEND);
@@ -508,6 +511,7 @@ end_output_prelude ()
if (client)
prelude_client_destroy(client, PRELUDE_CLIENT_EXIT_STATUS_SUCCESS);
+ prelude_deinit();
free(profile);
return 0;
diff -urp pads-1.2.orig/src/pads.c pads-1.2/src/pads.c
--- pads-1.2.orig/src/pads.c 2008-07-08 14:28:29.000000000 -0400
+++ pads-1.2/src/pads.c 2008-07-11 14:06:36.000000000 -0400
@@ -392,6 +392,7 @@ end_pads(void)
if (gc.handle) {
log_message("Closing PCAP Connection");
pcap_close(gc.handle);
+ pcap_freecode(&gc.filter);
}
/* Remove PID File */
@@ -407,10 +408,13 @@ end_pads(void)
#ifndef DISABLE_VENDOR
end_mac_resolution();
#endif
+ end_monnet();
/* Garbage Collect GC Variable */
if (gc.conf_file != NULL)
bdestroy(gc.conf_file);
+ if (gc.dev != NULL)
+ free(gc.dev);
if (gc.report_file != NULL)
bdestroy(gc.report_file);
if (gc.fifo_file != NULL)
diff -urp pads-1.2.orig/src/packet.c pads-1.2/src/packet.c
--- pads-1.2.orig/src/packet.c 2008-07-08 14:28:29.000000000 -0400
+++ pads-1.2/src/packet.c 2008-07-10 13:04:38.000000000 -0400
@@ -95,6 +95,10 @@ void process_sll (const struct pcap_pkth
/* Extract the sll header from the packet. */
sllh = (struct sll_header*) packet;
+ /* Avoid bogus packets */
+ if (pkthdr->caplen < ETH_HLEN)
+ return;
+
/* Determine what type of sll packet this is. */
switch(ntohs(sllh->sll_protocol)) {
/* IP */
pads-1.2-memleak.patch:
--- NEW FILE pads-1.2-memleak.patch ---
diff -urp pads-1.2.orig/src/identification.c pads-1.2/src/identification.c
--- pads-1.2.orig/src/identification.c 2008-06-30 13:56:52.000000000 -0400
+++ pads-1.2/src/identification.c 2008-06-30 16:12:11.000000000 -0400
@@ -96,7 +96,7 @@ int parse_raw_signature (bstring line, i
struct bstrList *raw_sig;
struct bstrList *title = NULL;
Signature *sig;
- bstring pcre_string;
+ bstring pcre_string = NULL;
const char *err; /* PCRE */
int erroffset; /* PCRE */
int ret = 0;
@@ -117,10 +117,12 @@ int parse_raw_signature (bstring line, i
} else if (raw_sig->qty > 3) {
pcre_string = bstrcpy(raw_sig->entry[2]);
for (i = 3; i < raw_sig->qty; i++) {
- if ((bconcat(pcre_string, bfromcstr(","))) == BSTR_ERR)
+ bstring tmp = bfromcstr(",");
+ if ((bconcat(pcre_string, tmp)) == BSTR_ERR)
ret = -1;
if ((bconcat(pcre_string, raw_sig->entry[i])) == BSTR_ERR)
ret = -1;
+ bdestroy(tmp);
}
} else {
pcre_string = bstrcpy(raw_sig->entry[2]);
@@ -129,8 +131,10 @@ int parse_raw_signature (bstring line, i
/* Split Title */
if (raw_sig->entry[1] != NULL && ret != -1)
title = bsplit(raw_sig->entry[1], '/');
- if (title == NULL)
+ if (title == NULL) {
+ bdestroy(pcre_string);
return -1;
+ }
if (title->qty < 3)
ret = -1;
@@ -139,6 +143,7 @@ int parse_raw_signature (bstring line, i
if (ret != -1) {
sig = (Signature*)malloc(sizeof(Signature));
sig->next = NULL;
+ sig->regex = NULL;
if (raw_sig->entry[0] != NULL)
sig->service = bstrcpy(raw_sig->entry[0]);
if (title->entry[1] != NULL)
@@ -280,6 +285,7 @@ int pcre_identify (struct in_addr ip_add
if (rc != -1) {
app = get_app_name(list, payload, ovector, rc);
update_asset(ip_addr, port, proto, list->service, app);
+ bdestroy(app);
return 1;
}
@@ -359,7 +365,7 @@ bstring get_app_name (Signature *sig,
}
sub[z] = '\0';
- retval = bstrcpy(bfromcstr(sub));
+ retval = bfromcstr(sub);
return retval;
}
@@ -388,6 +394,7 @@ void end_identification()
bdestroy(signature_list->title.ver);
if (signature_list->title.misc != NULL)
bdestroy(signature_list->title.misc);
+ pcre_free(signature_list->regex);
/* Free Record */
if (signature_list != NULL)
diff -urp pads-1.2.orig/src/output/output.c pads-1.2/src/output/output.c
--- pads-1.2.orig/src/output/output.c 2008-06-30 13:56:52.000000000 -0400
+++ pads-1.2/src/output/output.c 2008-06-30 16:12:11.000000000 -0400
@@ -31,8 +31,8 @@
#include "output-fifo.h"
#include "storage.h"
-/* Global Variables */
-OutputPluginList *output_plugin_list;
+/* Local Variables */
+static OutputPluginList *output_plugin_list = NULL;
/* ----------------------------------------------------------
* FUNCTION : init_output()
@@ -77,6 +77,7 @@ int register_output_plugin (OutputPlugin
list = (OutputPluginList*)malloc(sizeof(OutputPluginList));
list->plugin = plugin;
list->active = 0;
+ list->next = NULL;
/* Place plugin in data structure. */
if (output_plugin_list == NULL) {
diff -urp pads-1.2.orig/src/output/output-csv.c pads-1.2/src/output/output-csv.c
--- pads-1.2.orig/src/output/output-csv.c 2008-06-30 13:56:52.000000000 -0400
+++ pads-1.2/src/output/output-csv.c 2008-06-30 16:12:11.000000000 -0400
@@ -46,7 +46,7 @@ setup_output_csv (void)
/* Allocate and setup plugin data record. */
plugin = (OutputPlugin*)malloc(sizeof(OutputPlugin));
- plugin->name = bstrcpy(bfromcstr("csv"));
+ plugin->name = bfromcstr("csv");
plugin->init = init_output_csv;
plugin->print_asset = print_asset_csv;
plugin->print_arp = print_arp_asset_csv;
@@ -83,7 +83,7 @@ init_output_csv (bstring filename)
if (filename != NULL)
output_csv_conf.filename = bstrcpy(filename);
else
- output_csv_conf.filename = bstrcpy(bfromcstr("assets.csv"));
+ output_csv_conf.filename = bfromcstr("assets.csv");
/* Check to see if *filename exists. */
if ((fp = fopen((char *)bdata(output_csv_conf.filename), "r")) == NULL) {
diff -urp pads-1.2.orig/src/output/output-fifo.c pads-1.2/src/output/output-fifo.c
--- pads-1.2.orig/src/output/output-fifo.c 2008-06-30 13:56:52.000000000 -0400
+++ pads-1.2/src/output/output-fifo.c 2008-06-30 16:12:11.000000000 -0400
@@ -71,7 +71,7 @@ setup_output_fifo (void)
/* Allocate and setup plugin data record. */
plugin = (OutputPlugin*)malloc(sizeof(OutputPlugin));
- plugin->name = bstrcpy(bfromcstr("fifo"));
+ plugin->name = bfromcstr("fifo");
plugin->init = init_output_fifo;
plugin->print_asset = print_asset_fifo;
plugin->print_arp = print_arp_asset_fifo;
@@ -102,7 +102,7 @@ init_output_fifo (bstring fifo_file)
/* Make sure report_file isn't NULL. */
if (fifo_file == NULL)
- fifo_file = bstrcpy(bfromcstr("pads.fifo"));
+ fifo_file = bfromcstr("pads.fifo");
output_fifo_conf.filename = bstrcpy(fifo_file);
diff -urp pads-1.2.orig/src/output/output-screen.c pads-1.2/src/output/output-screen.c
--- pads-1.2.orig/src/output/output-screen.c 2008-06-30 13:56:52.000000000 -0400
+++ pads-1.2/src/output/output-screen.c 2008-06-30 16:12:11.000000000 -0400
@@ -43,7 +43,7 @@ setup_output_screen (void)
/* Allocate and setup plugin data record. */
plugin = (OutputPlugin*)malloc(sizeof(OutputPlugin));
- plugin->name = bstrcpy(bfromcstr("screen"));
+ plugin->name = bfromcstr("screen");
plugin->init = init_output_screen;
plugin->print_asset = print_asset_screen;
plugin->print_arp = print_arp_asset_screen;
diff -urp pads-1.2.orig/src/packet.c pads-1.2/src/packet.c
--- pads-1.2.orig/src/packet.c 2008-06-30 13:56:52.000000000 -0400
+++ pads-1.2/src/packet.c 2008-06-30 16:12:11.000000000 -0400
@@ -211,8 +211,13 @@ void process_tcp (const struct pcap_pkth
/* Check to see if this is a known asset. */
if(check_tcp_asset(ip_src, tcph->th_sport)) {
+ bstring serv, app;
+ serv = bfromcstr("unknown");
+ app = bfromcstr("unknown");
add_asset(ip_src, tcph->th_sport,
- IPPROTO_TCP, bfromcstr("unknown"), bfromcstr("unknown"), 0);
+ IPPROTO_TCP, serv, app, 0);
+ bdestroy(serv);
+ bdestroy(app);
} else {
/* Record connection for statistical purposes. */
print_stat(ip_src, tcph->th_sport, IPPROTO_TCP);
@@ -269,8 +274,13 @@ void process_icmp (const struct pcap_pkt
if (icmp->icmp_type == ICMP_ECHOREPLY) {
if(check_icmp_asset(ip_src)) {
- add_asset(ip_src, 0, IPPROTO_ICMP, bfromcstr("ICMP"), bfromcstr("ICMP"), 0);
+ bstring serv, app;
+ serv = bfromcstr("ICMP");
+ app = bfromcstr("ICMP");
+ add_asset(ip_src, 0, IPPROTO_ICMP, serv, app, 0);
print_asset(ip_src, 0, IPPROTO_ICMP);
+ bdestroy(serv);
+ bdestroy(app);
}
}
diff -urp pads-1.2.orig/src/pads.c pads-1.2/src/pads.c
--- pads-1.2.orig/src/pads.c 2008-06-30 13:56:52.000000000 -0400
+++ pads-1.2/src/pads.c 2008-06-30 16:23:31.000000000 -0400
@@ -165,9 +165,33 @@ print_version (void)
* FUNCTION : init_pads
* DESCRIPTION : This function will initialize PADS.
* ---------------------------------------------------------- */
+void init_gc(void)
+{
+ gc.handle = NULL;
+ gc.dev = NULL;
+ gc.pcap_filter = NULL;
+ gc.conf_file = NULL;
+ gc.report_file = NULL;
+ gc.fifo_file = NULL;
+ gc.pcap_file = NULL;
+ gc.dump_file = NULL;
+ gc.pid_file = NULL;
+ gc.sig_file = NULL;
+ gc.mac_file = NULL;
+ gc.priv_user = NULL;
+ gc.priv_group = NULL;
+}
+
+/* ----------------------------------------------------------
+ * FUNCTION : init_pads
+ * DESCRIPTION : This function will initialize PADS.
+ * ---------------------------------------------------------- */
void
init_pads (void)
{
+ /* Init global config to known state */
+ init_gc();
+
/* Process the command line parameters. */
process_cmdline(prog_argc, prog_argv);
@@ -179,15 +203,22 @@ init_pads (void)
init_configuration(gc.conf_file);
} else {
- /* Default Output Plugins: These plugins are activated if a configuration
- * file is not specified. */
+ bstring name, args;
+ /* Default Output Plugins: These plugins are activated if a
+ * configuration file is not specified. */
/* output: screen */
- if ((activate_output_plugin(bfromcstr("screen"), bfromcstr(""))) == -1)
+ name = bfromcstr("screen");
+ args = bfromcstr("");
+ if ((activate_output_plugin(name, args)) == -1)
log_message("warning: 'activate_output_plugin' in function 'init_pads' failed.");
+ bdestroy(name);
+ bdestroy(args);
/* output: csv */
- if ((activate_output_plugin(bfromcstr("csv"), gc.report_file)) == -1)
+ name = bfromcstr("csv");
+ if ((activate_output_plugin(name, gc.report_file)) == -1)
log_message("warning: 'activate_output_plugin' in function 'init_pads' failed.");
+ bdestroy(name);
}
/* Initialize Modules */
diff -urp pads-1.2.orig/src/storage.c pads-1.2/src/storage.c
--- pads-1.2.orig/src/storage.c 2008-06-30 13:56:52.000000000 -0400
+++ pads-1.2/src/storage.c 2008-06-30 16:12:11.000000000 -0400
@@ -29,8 +29,8 @@
#include "storage.h"
#include "mac-resolution.h"
-Asset *asset_list;
-ArpAsset *arp_asset_list;
+static Asset *asset_list = NULL;
+static ArpAsset *arp_asset_list = NULL;
/* ----------------------------------------------------------
* FUNCTION : check_tcp_asset
@@ -343,7 +343,9 @@ short update_asset (struct in_addr ip_ad
&& port == list->port
&& proto == list->proto) {
/* Found! */
+ bdestroy(list->service);
list->service = bstrcpy(service);
+ bdestroy(list->application);
list->application = bstrcpy(application);
return 0;
diff -urp pads-1.2.orig/src/util.c pads-1.2/src/util.c
--- pads-1.2.orig/src/util.c 2008-06-30 13:56:52.000000000 -0400
+++ pads-1.2/src/util.c 2008-06-30 16:26:24.000000000 -0400
@@ -120,7 +120,7 @@ init_pid_file (bstring pid_file, bstring
struct passwd *this_user;
/* Default PID File */
- if (gc.pid_file->slen >= 0)
+ if (gc.pid_file == NULL || gc.pid_file->slen == 0)
gc.pid_file = bfromcstr("/var/run/pads.pid");
/* Create PID File */
pads-1.2-misc.patch:
--- NEW FILE pads-1.2-misc.patch ---
diff -ur pads-1.2.orig/src/configuration.c pads-1.2/src/configuration.c
--- pads-1.2.orig/src/configuration.c 2008-06-30 13:56:52.000000000 -0400
+++ pads-1.2/src/configuration.c 2008-07-01 21:11:22.000000000 -0400
@@ -191,8 +191,10 @@
log_message("warning: 'ptrFunc' in function 'conf_module_processor' failed.");
} else {
/* Input processor does not contain an argument. */
- if (((*ptrFunc)(list->entry[0], bfromcstr(""))) == -1)
+ bstring empty = bfromcstr("");
+ if (((*ptrFunc)(list->entry[0], empty)) == -1)
log_message("warning: 'ptrFunc' in function 'conf_module_processor' failed.");
+ bdestroy(empty);
}
if (list != NULL)
bstrListDestroy(list);
diff -ur pads-1.2.orig/src/monnet.c pads-1.2/src/monnet.c
--- pads-1.2.orig/src/monnet.c 2008-06-30 13:56:52.000000000 -0400
+++ pads-1.2/src/monnet.c 2008-07-01 20:37:50.000000000 -0400
@@ -32,7 +32,7 @@
#include "monnet.h"
#include "util.h"
-struct mon_net *mn;
+static struct mon_net *mn = NULL;
/* ----------------------------------------------------------
* FUNCTION : parse_networks
diff -ur pads-1.2.orig/src/pads.c pads-1.2/src/pads.c
--- pads-1.2.orig/src/pads.c 2008-06-30 17:54:33.000000000 -0400
+++ pads-1.2/src/pads.c 2008-07-01 21:35:45.000000000 -0400
@@ -343,11 +343,11 @@
/* Display PCAP Statistics */
if (!pcap_stats(gc.handle, &pstat)) {
- log_message("\n");
- log_message("%d Packets Received\n", pstat.ps_recv);
- log_message("%d Packets Dropped by Software\n", pstat.ps_drop);
- log_message("%d Packets Dropped by Interface\n", pstat.ps_ifdrop);
- log_message("\n");
+ verbose_message("\n");
+ verbose_message("%d Packets Received\n", pstat.ps_recv);
+ verbose_message("%d Packets Dropped by Software\n", pstat.ps_drop);
+ verbose_message("%d Packets Dropped by Interface\n", pstat.ps_ifdrop);
+ verbose_message("\n");
}
/* Close banner dump file if specifed (-d). */
pads-1.2-overrun.patch:
--- NEW FILE pads-1.2-overrun.patch ---
diff -urp pads-1.2.orig/src/util.c pads-1.2/src/util.c
--- pads-1.2.orig/src/util.c 2008-06-30 17:54:33.000000000 -0400
+++ pads-1.2/src/util.c 2008-06-30 17:27:44.000000000 -0400
@@ -465,7 +465,7 @@ hex2mac(const char *mac)
{
static char buf[18];
- sprintf(buf, "%X:%02X:%02X:%02X:%02X:%02X",
+ snprintf(buf, sizeof(buf), "%02X:%02X:%02X:%02X:%02X:%02X",
mac[0], mac[1], mac[2],
mac[3], mac[4], mac[5]);
pads-1.2-perf.patch:
--- NEW FILE pads-1.2-perf.patch ---
diff -urp pads-1.2.orig/src/identification.c pads-1.2/src/identification.c
--- pads-1.2.orig/src/identification.c 2008-07-08 14:28:29.000000000 -0400
+++ pads-1.2/src/identification.c 2008-07-12 10:56:07.000000000 -0400
@@ -30,7 +30,10 @@
#include "storage.h"
#include "output/output.h"
-Signature *signature_list;
+static Signature *signature_list = NULL, **tail = NULL;
+
+/* Local Functions */
+static void add_signature (Signature *sig);
/* ----------------------------------------------------------
* FUNCTION : init_identification
@@ -40,7 +43,7 @@ Signature *signature_list;
* RETURN : -1 - Error
* : 0 - Normal Return
* ---------------------------------------------------------- */
-int init_identification()
+int init_identification(void)
{
FILE *fp;
bstring filename;
@@ -191,25 +194,13 @@ int parse_raw_signature (bstring line, i
* RETURN : 0 - Success
* : -1 - Error
* ---------------------------------------------------------- */
-int add_signature (Signature *sig)
+static void add_signature (Signature *sig)
{
- Signature *list;
-
- if (signature_list == NULL) {
+ if (tail == NULL)
signature_list = sig;
- } else {
- list = signature_list;
- while (list != NULL) {
- if (list->next == NULL) {
- list->next = sig;
- break;
- } else {
- list = list->next;
- }
- }
- }
-
- return 0;
+ else
+ *tail = sig;
+ tail = &sig->next;
}
/* ----------------------------------------------------------
@@ -235,12 +226,12 @@ int tcp_identify (struct in_addr ip_addr
if (i_attempts > 0) {
i_attempts--;
- update_i_attempts(ip_addr, port, IPPROTO_TCP, i_attempts);
+ update_i_attempts(i_attempts);
if (pcre_identify(ip_addr, port, IPPROTO_TCP, payload, plen) == 1) {
/* MATCH! */
i_attempts = 0;
- update_i_attempts(ip_addr, port, IPPROTO_TCP, 0);
+ update_i_attempts(0);
}
/* Print asset if this is the last time to identify it. */
diff -urp pads-1.2.orig/src/identification.h pads-1.2/src/identification.h
--- pads-1.2.orig/src/identification.h 2008-07-08 14:28:29.000000000 -0400
+++ pads-1.2/src/identification.h 2008-07-12 10:56:07.000000000 -0400
@@ -39,7 +39,6 @@
/* PROTOTYPES -------------------------------------- */
int init_identification(void);
int parse_raw_signature (bstring line, int lineno);
-int add_signature (Signature *sig);
int tcp_identify (struct in_addr ip_addr, u_int16_t port, char *payload, int plen);
int pcre_identify (struct in_addr ip_addr, u_int16_t port, unsigned short proto, const char *payload, int plen);
bstring get_app_name (Signature *sig, const char *payload, int *ovector, int rc);
diff -urp pads-1.2.orig/src/mac-resolution.c pads-1.2/src/mac-resolution.c
--- pads-1.2.orig/src/mac-resolution.c 2008-07-08 14:28:29.000000000 -0400
+++ pads-1.2/src/mac-resolution.c 2008-07-12 10:56:07.000000000 -0400
@@ -34,9 +34,14 @@
#include "mac-resolution.h"
#include "util.h"
-Vendor *vendor_list = NULL;
+static Vendor *vendor_list = NULL;
+static Vendor **vtail = NULL;
-/* ----------------------------------------------------------
+/* Local function prototype */
+static int parse_raw_mac (bstring line);
+static int add_vendor (const char *mac, const char *vendor);
+
+ /* ----------------------------------------------------------
* FUNCTION : init_mac_resolution
* DESCRIPTION : This file reads in the MAC address table.
* INPUT : None
@@ -94,7 +99,7 @@ int init_mac_resolution (void) {
* RETURN : 0 - Success
* : -1 - Error
* ---------------------------------------------------------- */
-int parse_raw_mac (bstring line)
+static int parse_raw_mac (bstring line)
{
char mac[4];
char vendor[80];
@@ -125,8 +130,8 @@ int parse_raw_mac (bstring line)
* INPUT : 0 - MAC Address (bstring)
* : 1 - Vendor (bstring)
* ---------------------------------------------------------- */
-int add_vendor (char *mac, char *vendor){
- Vendor *list;
+static int add_vendor (const char *mac, const char *vendor)
+{
Vendor *rec;
/* Assign data to temporary data structure. */
@@ -136,19 +141,11 @@ int add_vendor (char *mac, char *vendor)
rec->next = NULL;
/* Place data structure in MAC address list. */
- if(vendor_list == NULL) {
+ if(vtail == NULL)
vendor_list = rec;
- } else {
- list = vendor_list;
- while (list != NULL) {
- if (list->next == NULL) {
- list->next = rec;
- break;
- } else {
- list = list->next;
- }
- }
- }
+ else
+ *vtail = rec;
+ vtail = &rec->next;
return 0;
}
diff -urp pads-1.2.orig/src/mac-resolution.h pads-1.2/src/mac-resolution.h
--- pads-1.2.orig/src/mac-resolution.h 2008-07-08 14:28:29.000000000 -0400
+++ pads-1.2/src/mac-resolution.h 2008-07-12 10:56:07.000000000 -0400
@@ -39,8 +39,6 @@
/* PROTOTYPES -------------------------------------- */
int init_mac_resolution (void);
-int parse_raw_mac (bstring line);
-int add_vendor (char *mac, char *vendor);
bstring get_vendor (const char *m);
void end_mac_resolution (void);
diff -urp pads-1.2.orig/src/monnet.c pads-1.2/src/monnet.c
--- pads-1.2.orig/src/monnet.c 2008-07-12 08:36:10.000000000 -0400
+++ pads-1.2/src/monnet.c 2008-07-12 10:56:07.000000000 -0400
@@ -87,49 +87,41 @@ void parse_networks (char *cmdline)
}
}
-/* ----------------------------------------------------------
- * FUNCTION : init_netmasks
- * DESCRIPTION : This function will load netmasks into an
- * : array.
- * INPUT : 0 - Array
- * RETURN : None!
- * ---------------------------------------------------------- */
-void init_netmasks (unsigned int nm[33])
-{
- nm[0] = 0x0;
- nm[1] = 0x80000000;
- nm[2] = 0xC0000000;
- nm[3] = 0xE0000000;
- nm[4] = 0xF0000000;
- nm[5] = 0xF8000000;
- nm[6] = 0xFC000000;
- nm[7] = 0xFE000000;
- nm[8] = 0xFF000000;
- nm[9] = 0xFF800000;
- nm[10] = 0xFFC00000;
- nm[11] = 0xFFE00000;
- nm[12] = 0xFFF00000;
- nm[13] = 0xFFF80000;
- nm[14] = 0xFFFC0000;
- nm[15] = 0xFFFE0000;
- nm[16] = 0xFFFF0000;
- nm[17] = 0xFFFF8000;
- nm[18] = 0xFFFFC000;
- nm[19] = 0xFFFFE000;
- nm[20] = 0xFFFFF000;
- nm[21] = 0xFFFFF800;
- nm[22] = 0xFFFFFC00;
- nm[23] = 0xFFFFFE00;
- nm[24] = 0xFFFFFF00;
- nm[25] = 0xFFFFFF80;
- nm[26] = 0xFFFFFFC0;
- nm[27] = 0xFFFFFFE0;
- nm[28] = 0xFFFFFFF0;
- nm[29] = 0xFFFFFFF8;
- nm[30] = 0xFFFFFFFC;
- nm[31] = 0xFFFFFFFE;
- nm[32] = 0xFFFFFFFF;
-}
+static unsigned int netmasks[33] = {
+ 0x0,
+ 0x80000000,
+ 0xC0000000,
+ 0xE0000000,
+ 0xF0000000,
+ 0xF8000000,
+ 0xFC000000,
+ 0xFE000000,
+ 0xFF000000,
+ 0xFF800000,
+ 0xFFC00000,
+ 0xFFE00000,
+ 0xFFF00000,
+ 0xFFF80000,
+ 0xFFFC0000,
+ 0xFFFE0000,
+ 0xFFFF0000,
+ 0xFFFF8000,
+ 0xFFFFC000,
+ 0xFFFFE000,
+ 0xFFFFF000,
+ 0xFFFFF800,
+ 0xFFFFFC00,
+ 0xFFFFFE00,
+ 0xFFFFFF00,
+ 0xFFFFFF80,
+ 0xFFFFFFC0,
+ 0xFFFFFFE0,
+ 0xFFFFFFF0,
+ 0xFFFFFFF8,
+ 0xFFFFFFFC,
+ 0xFFFFFFFE,
+ 0xFFFFFFFF,
+};
/* ----------------------------------------------------------
* FUNCTION : add_monnet
@@ -143,12 +135,8 @@ void add_monnet(char *network, char *net
{
struct mon_net *rec, *data;
struct in_addr net_addr;
- unsigned int netmasks[33];
int nmask;
- /* Fill netmasks variable. See init_netmasks in util.c. */
- init_netmasks(netmasks);
-
nmask = atoi(netmask);
/* Ensure that the netmask is correct. */
diff -urp pads-1.2.orig/src/monnet.h pads-1.2/src/monnet.h
--- pads-1.2.orig/src/monnet.h 2008-07-12 08:36:10.000000000 -0400
+++ pads-1.2/src/monnet.h 2008-07-12 10:56:07.000000000 -0400
@@ -41,7 +41,6 @@ struct mon_net {
/* PROTOTYPES -------------------------------------- */
void parse_networks (char *cmdline);
-void init_netmasks (unsigned int nm[33]);
void add_monnet(char *network, char *netmask);
short check_monnet (const struct in_addr ip_addr);
void end_monnet (void);
diff -urp pads-1.2.orig/src/output/output-csv.c pads-1.2/src/output/output-csv.c
--- pads-1.2.orig/src/output/output-csv.c 2008-07-08 14:28:29.000000000 -0400
+++ pads-1.2/src/output/output-csv.c 2008-07-12 10:59:31.000000000 -0400
@@ -231,10 +231,6 @@ parse_raw_report (bstring line)
// Clean Up
if (list != NULL)
bstrListDestroy(list);
- if (service != NULL)
- bdestroy(service);
- if (application != NULL)
- bdestroy(application);
return ret;
}
diff -urp pads-1.2.orig/src/packet.c pads-1.2/src/packet.c
--- pads-1.2.orig/src/packet.c 2008-07-12 08:36:10.000000000 -0400
+++ pads-1.2/src/packet.c 2008-07-12 10:56:07.000000000 -0400
@@ -232,8 +232,6 @@ void process_tcp (const struct pcap_pkth
app = bfromcstr("unknown");
add_asset(ip_src, tcph->th_sport,
IPPROTO_TCP, serv, app, 0);
- bdestroy(serv);
- bdestroy(app);
} else {
/* Record connection for statistical purposes. */
print_stat(ip_src, tcph->th_sport, IPPROTO_TCP);
@@ -295,8 +293,6 @@ void process_icmp (const struct pcap_pkt
app = bfromcstr("ICMP");
add_asset(ip_src, 0, IPPROTO_ICMP, serv, app, 0);
print_asset(ip_src, 0, IPPROTO_ICMP);
- bdestroy(serv);
- bdestroy(app);
}
}
diff -urp pads-1.2.orig/src/storage.c pads-1.2/src/storage.c
--- pads-1.2.orig/src/storage.c 2008-07-08 14:28:29.000000000 -0400
+++ pads-1.2/src/storage.c 2008-07-12 10:56:07.000000000 -0400
@@ -29,8 +29,8 @@
#include "storage.h"
#include "mac-resolution.h"
-static Asset *asset_list = NULL;
-static ArpAsset *arp_asset_list = NULL;
+static Asset *asset_list = NULL, *current = NULL, **tail = NULL;
+static ArpAsset *arp_asset_list = NULL, **arp_tail = NULL;
/* ----------------------------------------------------------
* FUNCTION : check_tcp_asset
@@ -127,8 +127,8 @@ int check_arp_asset (struct in_addr ip_a
* INPUT : 0 - IP Address
* : 1 - Port
* : 2 - Protocol
- * : 3 - Service
- * : 4 - Application
+ * : 3 - Service - takes custody of this memory
+ * : 4 - Application - takes custody of this memory
* : 5 - Discovered
* RETURN : None!
* ---------------------------------------------------------- */
@@ -140,15 +140,14 @@ void add_asset (struct in_addr ip_addr,
time_t discovered)
{
Asset *rec;
- Asset *list;
/* Assign list to temp structure. */
rec = (Asset*)malloc(sizeof(Asset));
rec->ip_addr.s_addr = ip_addr.s_addr;
rec->port = port;
rec->proto = proto;
- rec->service = bstrcpy(service);
- rec->application = bstrcpy(application);
+ rec->service = service;
+ rec->application = application;
rec->next = NULL;
/*
@@ -174,19 +173,11 @@ void add_asset (struct in_addr ip_addr,
}
/* Find this record's location within linked list. */
- if (asset_list == NULL) {
+ if (tail == NULL)
asset_list = rec;
- } else {
- list = asset_list;
- while (list != NULL) {
- if (list->next == NULL) {
- list->next = rec;
- break;
- } else {
- list = list->next;
- }
- }
- }
+ else
+ *tail = rec;
+ tail = &rec->next;
return;
}
@@ -203,7 +194,6 @@ void add_asset (struct in_addr ip_addr,
void add_arp_asset (struct in_addr ip_addr, const char *mac_addr,
time_t discovered)
{
- ArpAsset *list;
ArpAsset *rec;
bstring mac_resolved;
@@ -233,20 +223,11 @@ void add_arp_asset (struct in_addr ip_ad
}
/* Find this record's location within linked list. */
- if (arp_asset_list == NULL) {
+ if (arp_tail == NULL)
arp_asset_list = rec;
- } else {
- list = arp_asset_list;
-
- while (list != NULL) {
- if (list->next == NULL) {
- list->next = rec;
- break;
- } else {
- list = list->next;
- }
- }
- }
+ else
+ *arp_tail = arp_asset_list;
+ arp_tail = &arp_asset_list->next;
}
/* ----------------------------------------------------------
@@ -270,6 +251,7 @@ unsigned short get_i_attempts (struct in
&& port == rec->port
&& proto == rec->proto) {
/* Found! */
+ current = rec;
return rec->i_attempts;
} else {
@@ -277,13 +259,14 @@ unsigned short get_i_attempts (struct in
}
}
+ current = NULL;
return 0;
}
/* ----------------------------------------------------------
* FUNCTION : update_i_attempts
- * DESCRIPTION : Updates the i_attempts field for a
- * : specified asset.
+ * DESCRIPTION : Updates the i_attempts field of the current
+ * : asset from previous call to get_i_attempts.
* INPUT : 0 - IP Address
* : 1 - Port
* : 2 - Proto
@@ -291,26 +274,11 @@ unsigned short get_i_attempts (struct in
* RETURN : 0 - Success
* : 1 - Failure
* ---------------------------------------------------------- */
-short update_i_attempts (struct in_addr ip_addr,
- u_int16_t port,
- unsigned short proto,
- unsigned short i_attempts)
+short update_i_attempts (unsigned short i_attempts)
{
- Asset *rec;
-
- /* Find asset within linked list. */
- rec = asset_list;
- while (rec != NULL) {
- if (ip_addr.s_addr == rec->ip_addr.s_addr
- && port == rec->port
- && proto == rec->proto) {
- /* Found! */
- rec->i_attempts = i_attempts;
- return 0;
-
- } else {
- rec = rec->next;
- }
+ if (current) {
+ current->i_attempts = i_attempts;
+ return 0;
}
return 1;
diff -urp pads-1.2.orig/src/storage.h pads-1.2/src/storage.h
--- pads-1.2.orig/src/storage.h 2008-07-08 14:28:29.000000000 -0400
+++ pads-1.2/src/storage.h 2008-07-12 10:56:07.000000000 -0400
@@ -54,7 +54,7 @@ int check_arp_asset (struct in_addr ip_a
void add_asset (struct in_addr ip_addr, u_int16_t port, unsigned short proto, bstring service, bstring application, time_t discovered);
void add_arp_asset (struct in_addr ip_addr, const char *mac_addr, time_t discovered);
unsigned short get_i_attempts (struct in_addr ip_addr, u_int16_t port, unsigned short proto);
-short update_i_attempts (struct in_addr ip_addr, u_int16_t port, unsigned short proto, unsigned short i_attempts);
+short update_i_attempts (unsigned short i_attempts);
short update_asset (struct in_addr ip_addr, u_int16_t port, unsigned short proto, bstring service, bstring application);
inline Asset *find_asset (struct in_addr ip_addr, u_int16_t port, unsigned short proto);
Asset *get_asset_pointer (void);
pads-1.2-prelude-cleanup.patch:
--- NEW FILE pads-1.2-prelude-cleanup.patch ---
diff -urp pads-1.2.orig/src/output/output.c pads-1.2/src/output/output.c
--- pads-1.2.orig/src/output/output.c 2008-07-08 10:53:14.000000000 -0400
+++ pads-1.2/src/output/output.c 2008-07-08 10:41:13.000000000 -0400
@@ -129,7 +129,8 @@ int activate_output_plugin (bstring name
/* MATCH! Set record to active and run 'init' function. */
list->active = 1;
if (plugin != NULL && plugin->init != NULL)
- (*plugin->init)(args);
+ if ((*plugin->init)(args) < 0)
+ return -1;
break;
}
diff -urp pads-1.2.orig/src/output/output-csv.c pads-1.2/src/output/output-csv.c
--- pads-1.2.orig/src/output/output-csv.c 2008-07-07 13:56:10.000000000 -0400
+++ pads-1.2/src/output/output-csv.c 2008-07-08 10:44:48.000000000 -0400
@@ -58,6 +58,7 @@ setup_output_csv (void)
if (plugin != NULL)
free(plugin);
log_message("warning: 'register_output_plugin' in function 'setup_output_csv' failed.");
+ return -1;
}
return 0;
diff -urp pads-1.2.orig/src/output/output-fifo.c pads-1.2/src/output/output-fifo.c
--- pads-1.2.orig/src/output/output-fifo.c 2008-06-30 17:54:33.000000000 -0400
+++ pads-1.2/src/output/output-fifo.c 2008-07-08 10:46:32.000000000 -0400
@@ -83,6 +83,7 @@ setup_output_fifo (void)
if (plugin != NULL)
free(plugin);
log_message("warning: 'register_output_plugin' in function 'setup_output_fifo' failed.");
+ return -1;
}
return 0;
@@ -109,8 +110,10 @@ init_output_fifo (bstring fifo_file)
mkfifo ((char *)bdata(fifo_file), 0755);
verbose_message("Open FIFO File\n");
- if ((output_fifo_conf.file = fopen((char*)bdata(fifo_file), "w+")) == NULL)
+ if ((output_fifo_conf.file = fopen((char*)bdata(fifo_file), "w+")) == NULL){
err_message("Unable to open FIFO file (%s)!\n", bdata(fifo_file));
+ return -1;
+ }
return 0;
}
diff -urp pads-1.2.orig/src/output/output-prelude.c pads-1.2/src/output/output-prelude.c
--- pads-1.2.orig/src/output/output-prelude.c 2008-07-08 10:53:14.000000000 -0400
+++ pads-1.2/src/output/output-prelude.c 2008-07-08 10:44:25.000000000 -0400
@@ -407,9 +407,6 @@ setup_output_prelude (void)
OutputPlugin *plugin;
- if (init_prelude() < 0)
- return -1;
-
/* Allocate and setup plugin data record. */
plugin = (OutputPlugin*)malloc(sizeof(OutputPlugin));
plugin->name = bfromcstr("prelude");
@@ -424,6 +421,7 @@ setup_output_prelude (void)
if (plugin != NULL)
free(plugin);
log_message("warning: 'register_output_plugin' in function 'setup_output_prelude' failed.");
+ return -1;
}
return 0;
@@ -442,6 +440,10 @@ init_output_prelude (bstring args)
{
verbose_message("Initializing PRELUDE output processor.");
profile = strdup((char *)bdata(args));
+
+ if (init_prelude() < 0)
+ return -1;
+
return 0;
}
diff -urp pads-1.2.orig/src/output/output-screen.c pads-1.2/src/output/output-screen.c
--- pads-1.2.orig/src/output/output-screen.c 2008-06-30 17:54:33.000000000 -0400
+++ pads-1.2/src/output/output-screen.c 2008-07-08 10:45:03.000000000 -0400
@@ -55,6 +55,7 @@ setup_output_screen (void)
if (plugin != NULL)
free(plugin);
log_message("warning: 'register_output_plugin' in function 'setup_output_screen' failed.");
+ return -1;
}
return 0;
diff -urp pads-1.2.orig/src/pads.c pads-1.2/src/pads.c
--- pads-1.2.orig/src/pads.c 2008-07-08 10:53:14.000000000 -0400
+++ pads-1.2/src/pads.c 2008-07-08 10:42:58.000000000 -0400
@@ -228,13 +228,13 @@ init_pads (void)
name = bfromcstr("screen");
args = bfromcstr("");
if ((activate_output_plugin(name, args)) == -1)
- log_message("warning: 'activate_output_plugin' in function 'init_pads' failed.");
+ err_message("Error: 'activate_output_plugin' in function 'init_pads' failed.");
bdestroy(name);
bdestroy(args);
/* output: csv */
name = bfromcstr("csv");
if ((activate_output_plugin(name, gc.report_file)) == -1)
- log_message("warning: 'activate_output_plugin' in function 'init_pads' failed.");
+ err_message("Error: 'activate_output_plugin' in function 'init_pads' failed.");
bdestroy(name);
}
pads-1.2-prelude.patch:
--- NEW FILE pads-1.2-prelude.patch ---
diff -urpN pads-1.2.orig/config.h.in pads-1.2/config.h.in
--- pads-1.2.orig/config.h.in 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/config.h.in 2008-07-07 15:41:50.000000000 -0400
@@ -24,6 +24,9 @@
/* Define to 1 if you have the <pcre.h> header file. */
#undef HAVE_PCRE_H
+/* PRELUDE */
+#undef HAVE_PRELUDE
+
/* Define to 1 if you have the <signal.h> header file. */
#undef HAVE_SIGNAL_H
diff -urpN pads-1.2.orig/configure.in pads-1.2/configure.in
--- pads-1.2.orig/configure.in 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/configure.in 2008-07-07 15:42:55.000000000 -0400
@@ -97,6 +97,26 @@ AC_CHECK_LIB(pcap, pcap_open_live,
AC_MSG_ERROR([Cannot find PCAP libraries!!]))
##
+# Configure prelude
+##
+AC_ARG_WITH(prelude,
+AS_HELP_STRING([--with-prelude],[enable prelude IDS support]),
+use_prelude=$withval,
+use_prelude=no)
+if test x$use_prelude = xno ; then
+ have_prelude=no;
+else
+ AC_CHECK_LIB(prelude, prelude_init, have_prelude=yes, have_prelude=no)
+ if test x$have_prelude = xno ; then
+ AC_MSG_ERROR([Prelude explicitly required and prelude library not found])
+ else
+ AC_DEFINE(HAVE_PRELUDE,1,[Have Prelude Libraries])
+ LIBS="$LIBS -lprelude"
+ fi
+fi
+AM_CONDITIONAL(HAVE_PRELUDE, test x$have_prelude = xyes)
+
+##
# Checks for header files.
##
AC_CHECK_HEADERS([stdio.h stdarg.h signal.h time.h unistd.h])
diff -urpN pads-1.2.orig/doc/pads.conf.8 pads-1.2/doc/pads.conf.8
--- pads-1.2.orig/doc/pads.conf.8 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/doc/pads.conf.8 2008-07-07 15:41:50.000000000 -0400
@@ -77,6 +77,9 @@ can be specified as an argument.
This output plugin writes PADS data to a FIFO file. Optionally, a FIFO
filename can be specified as an argument.
+.IP "output prelude: <profilename>"
+This output plugin writes PADS data as IDMEF alerts via prelude. Optionally you can add a profile name if you want something different than the default of pads.
+
.SH SEE ALSO
pads(8)
diff -urpN pads-1.2.orig/etc/pads.conf pads-1.2/etc/pads.conf
--- pads-1.2.orig/etc/pads.conf 2008-07-02 09:24:19.000000000 -0400
+++ pads-1.2/etc/pads.conf 2008-07-07 15:41:50.000000000 -0400
@@ -75,3 +75,11 @@ output csv: /etc/pads-assets.csv
# This output plugin writes PADS data to a FIFO file. Optionally, a FIFO
# filename can be specified as an argument.
#output fifo: pads.fifo
+
+# output: prelude
+# -------------------------
+# This output plugin writes PADS data as IDMEF alerts via prelude. Optionally
+# you can add a profile name if you want something different than the default
+# of pads.
+#
+#output prelude: pads
diff -urpN pads-1.2.orig/src/configuration.h pads-1.2/src/configuration.h
--- pads-1.2.orig/src/configuration.h 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/src/configuration.h 2008-07-07 15:41:50.000000000 -0400
@@ -26,6 +26,8 @@
* $Id: configuration.h,v 1.2 2005/02/18 05:50:19 mattshelton Exp $
*
**************************************************************************/
+#ifndef CONFIGURATION_HEADER
+#define CONFIGURATION_HEADER
/* DEFINES ----------------------------------------- */
#ifdef LINUX
@@ -40,8 +42,7 @@
/* INCLUDES ---------------------------------------- */
#include "global.h"
-
-#include <stdio.h>
+#include "configuration.h"
#include "bstring/bstrlib.h"
/* PROTOTYPES -------------------------------------- */
@@ -51,3 +52,6 @@ int conf_module_plugin (bstring value, i
/* External Prototypes */
int activate_output_plugin (bstring name, bstring args);
+
+#endif
+
diff -urpN pads-1.2.orig/src/output/Makefile.am pads-1.2/src/output/Makefile.am
--- pads-1.2.orig/src/output/Makefile.am 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/src/output/Makefile.am 2008-07-07 15:41:50.000000000 -0400
@@ -6,4 +6,8 @@ liboutput_a_SOURCES = output.c output.h
output-csv.c output-csv.h \
output-fifo.c output-fifo.h
+if HAVE_PRELUDE
+liboutput_a_SOURCES += output-prelude.c output-prelude.h
+endif
+
INCLUDES = -I$(top_srcdir) -I$(top_srcdir)/src -I$(top_srcdir)/lib
diff -urpN pads-1.2.orig/src/output/output.c pads-1.2/src/output/output.c
--- pads-1.2.orig/src/output/output.c 2008-06-30 17:54:33.000000000 -0400
+++ pads-1.2/src/output/output.c 2008-07-07 15:41:50.000000000 -0400
@@ -29,6 +29,7 @@
#include "output-screen.h"
#include "output-csv.h"
#include "output-fifo.h"
+#include "output-prelude.h"
#include "storage.h"
/* Local Variables */
@@ -43,7 +44,7 @@ static OutputPluginList *output_plugin_l
* INPUT : None!
* RETURN : None!
* ---------------------------------------------------------- */
-void init_output()
+int init_output(void)
{
/* Load Screen Plug-in */
@@ -55,6 +56,11 @@ void init_output()
/* Load FIFO Plug-in */
setup_output_fifo();
+ /* Load Prelude Plug-in */
+ if (setup_output_prelude() < 0)
+ return -1;
+
+ return 0;
}
/* ----------------------------------------------------------
diff -urpN pads-1.2.orig/src/output/output.h pads-1.2/src/output/output.h
--- pads-1.2.orig/src/output/output.h 2008-06-30 13:56:52.000000000 -0400
+++ pads-1.2/src/output/output.h 2008-07-07 15:41:50.000000000 -0400
@@ -71,7 +71,7 @@ typedef struct _OutputPluginList
} OutputPluginList;
/* PROTOTYPES -------------------------------------- */
-void init_output();
+int init_output(void);
int register_output_plugin (OutputPlugin *plugin);
int activate_output_plugin (bstring name, bstring args);
int print_asset (struct in_addr ip_addr, u_int16_t port, unsigned short proto);
diff -urpN pads-1.2.orig/src/output/output-prelude.c pads-1.2/src/output/output-prelude.c
--- pads-1.2.orig/src/output/output-prelude.c 1969-12-31 19:00:00.000000000 -0500
+++ pads-1.2/src/output/output-prelude.c 2008-07-07 15:41:50.000000000 -0400
@@ -0,0 +1,513 @@
+/*************************************************************************
+ * output-prelude.c
+ *
+ * This module contains the output mechanism for PADS to send IDMEF alerts
+ * via the prelude library
+ *
+ * Copyright (C) 2008 Steve Grubb <sgrubb at redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ **************************************************************************/
+#include "output-prelude.h"
+#include "util.h"
+#include "pads.h" // For argc/v and gc
+#include <arpa/inet.h>
+#include <libprelude/prelude.h>
+
+#define ANALYZER_MODEL "pads"
+#define ANALYZER_CLASS "PVS"
+#define ANALYZER_MANUFACTURER "http://passive.sourceforge.net"
+#define PRELUDE_FAIL_CHECK if (ret < 0) goto err;
+static prelude_client_t *client = NULL;
+static char *profile = NULL;
+
+static int setup_analyzer(idmef_analyzer_t *analyzer)
+{
+ int ret;
+ prelude_string_t *string;
+
+ ret = idmef_analyzer_new_model(analyzer, &string);
+ PRELUDE_FAIL_CHECK;
+ prelude_string_set_dup(string, ANALYZER_MODEL);
+
+ ret = idmef_analyzer_new_class(analyzer, &string);
+ PRELUDE_FAIL_CHECK;
+ prelude_string_set_dup(string, ANALYZER_CLASS);
+
+ ret = idmef_analyzer_new_manufacturer(analyzer, &string);
+ PRELUDE_FAIL_CHECK;
+ prelude_string_set_dup(string, ANALYZER_MANUFACTURER);
+
+ ret = idmef_analyzer_new_version(analyzer, &string);
+ PRELUDE_FAIL_CHECK;
+ prelude_string_set_dup(string, PACKAGE_VERSION);
+
+ return 0;
+
+ err:
+ log_message("%s: IDMEF error: %s.\n",
+ prelude_strsource(ret), prelude_strerror(ret));
+
+ return -1;
+}
+
+static int init_prelude(void)
+{
+ int ret;
+ prelude_client_flags_t flags;
+
+ ret = prelude_thread_init(NULL);
+ ret = prelude_init(&prog_argc, prog_argv);
+ if (ret < 0) {
+ log_message("Unable to initialize the Prelude library: %s.\n",
+ prelude_strerror(ret));
+ return -1;
+ }
+ ret = prelude_client_new(&client, profile ? profile : ANALYZER_MODEL);
+ if (!client) {
+ log_message("Unable to create a prelude client object: %s.\n",
+ prelude_strerror(ret));
+ return -1;
+ }
+ ret = setup_analyzer(prelude_client_get_analyzer(client));
+ if (ret < 0) {
+ log_message("Unable to setup analyzer: %s\n",
+ prelude_strerror(ret));
+
+ prelude_client_destroy(client,
+ PRELUDE_CLIENT_EXIT_STATUS_FAILURE);
+ return -1;
+ }
+ flags = prelude_client_get_flags(client);
+ flags |= PRELUDE_CLIENT_FLAGS_ASYNC_TIMER;
+ ret = prelude_client_set_flags(client, flags);
+ if (ret < 0) {
+ log_message("Unable to set prelude client flags: %s\n",
+ prelude_strerror(ret));
+
+ prelude_client_destroy(client,
+ PRELUDE_CLIENT_EXIT_STATUS_FAILURE);
+ return -1;
+ }
+ ret = prelude_client_start(client);
+ if (ret < 0) {
+ log_message("Unable to start prelude client: %s\n",
+ prelude_strerror(ret));
+
+ prelude_client_destroy(client,
+ PRELUDE_CLIENT_EXIT_STATUS_FAILURE);
+ return -1;
+ }
+ return 0;
+}
+
+static int new_alert_common(idmef_message_t **idmef, idmef_alert_t **alert)
+{
+ int ret;
+ idmef_time_t *ctime;
+
+ ret = idmef_message_new(idmef);
+ PRELUDE_FAIL_CHECK;
+
+ ret = idmef_message_new_alert(*idmef, alert);
+ PRELUDE_FAIL_CHECK;
+
+ idmef_alert_set_analyzer(*alert,
+ idmef_analyzer_ref(prelude_client_get_analyzer(client)),
+ IDMEF_LIST_PREPEND);
+
+ // Set time this was created
+ ret = idmef_time_new_from_gettimeofday(&ctime);
+ PRELUDE_FAIL_CHECK;
+ idmef_alert_set_detect_time(*alert, ctime);
+ idmef_alert_set_create_time(*alert, ctime);
+
+ return 0;
+ err:
+ syslog(LOG_ERR, "%s: IDMEF error: %s.\n",
+ prelude_strsource(ret), prelude_strerror(ret));
+ idmef_message_destroy(*idmef);
+ return -1;
+}
+
+static int set_classification(idmef_alert_t *alert, const char *text)
+{
+ int ret;
+ idmef_classification_t *classification;
+ prelude_string_t *str;
+
+ ret = idmef_alert_new_classification(alert, &classification);
+ PRELUDE_FAIL_CHECK;
+ ret = prelude_string_new(&str);
+ PRELUDE_FAIL_CHECK;
+ ret = prelude_string_set_ref(str, text);
+ PRELUDE_FAIL_CHECK;
+ idmef_classification_set_text(classification, str);
+
+ return 0;
+ err:
+ return -1;
+}
+
+static int do_assessment(idmef_alert_t *alert,
+ idmef_impact_severity_t severity,
+ idmef_impact_type_t type, const char *descr)
+{
+ int ret;
+ idmef_assessment_t *assessment;
+ idmef_impact_t *impact;
+
+ ret = idmef_alert_new_assessment(alert, &assessment);
+ PRELUDE_FAIL_CHECK;
+ ret = idmef_assessment_new_impact(assessment, &impact);
+ PRELUDE_FAIL_CHECK;
+ idmef_impact_set_severity(impact, severity);
+ idmef_impact_set_type(impact, type);
+ if (descr) {
+ prelude_string_t *str;
+ ret = idmef_impact_new_description(impact, &str);
+ prelude_string_set_ref(str, descr);
+ }
+ idmef_impact_set_completion(impact, IDMEF_IMPACT_COMPLETION_SUCCEEDED);
+ return 0;
+ err:
+ return -1;
+}
+
+// FIXME: handle ipv6 addresses
+static int fill_in_node_addr(idmef_node_t *node, struct in_addr *addr)
+{
+ int ret;
+ prelude_string_t *str;
+ char buf[INET6_ADDRSTRLEN+1];
+
+ inet_ntop(AF_INET, addr, buf, sizeof(buf));
+
+ /* Setup the address string */
+ ret = prelude_string_new(&str);
+ PRELUDE_FAIL_CHECK;
+ ret = prelude_string_set_dup(str, buf);
+ PRELUDE_FAIL_CHECK;
+
+ /* Now record IP address */
+ idmef_address_t *my_addr;
+ ret = idmef_address_new(&my_addr);
+ PRELUDE_FAIL_CHECK;
+ idmef_address_set_category(my_addr, IDMEF_ADDRESS_CATEGORY_IPV4_ADDR);
+ idmef_address_set_address(my_addr, str);
+ idmef_node_set_address(node, my_addr, 0);
+
+ return 0;
+ err:
+ return -1;
+}
+
+// FIXME: handle ipv6 addresses
+static int fill_in_node_mac(idmef_node_t *node, ArpAsset *a)
+{
+ int ret;
+ prelude_string_t *str, *mac_str;
+ char buf[INET6_ADDRSTRLEN+1];
+
+ inet_ntop(AF_INET, &a->ip_addr, buf, sizeof(buf));
+
+ /* Setup the address string */
+ ret = prelude_string_new(&str);
+ PRELUDE_FAIL_CHECK;
+ ret = prelude_string_set_dup(str, buf);
+ PRELUDE_FAIL_CHECK;
+
+ /* Now record IP address */
+ idmef_address_t *my_addr;
+ ret = idmef_address_new(&my_addr);
+ PRELUDE_FAIL_CHECK;
+ idmef_address_set_category(my_addr, IDMEF_ADDRESS_CATEGORY_IPV4_ADDR);
+ idmef_address_set_address(my_addr, str);
+ idmef_node_set_address(node, my_addr, 0);
+
+ /* Now record MAC address */
+ idmef_address_t *mac_addr;
+ ret = idmef_address_new(&mac_addr);
+ PRELUDE_FAIL_CHECK;
+ ret = prelude_string_new(&mac_str);
+ PRELUDE_FAIL_CHECK;
+ idmef_address_set_category(mac_addr, IDMEF_ADDRESS_CATEGORY_MAC);
+ ret = prelude_string_set_dup(mac_str, hex2mac(a->mac_addr));
+ PRELUDE_FAIL_CHECK;
+ idmef_address_set_address(mac_addr, mac_str);
+ idmef_node_set_address(node, mac_addr, 0);
+ return 0;
+ err:
+ return -1;
+}
+
+
+static int asset_alert(Asset *a, idmef_message_t *idmef,
+ idmef_alert_t *alert, const char *msg,
+ idmef_impact_severity_t severity, char *descr)
+{
+ int ret;
+ idmef_source_t *source;
+ idmef_target_t *target;
+ idmef_node_t *node, *node2;
+ idmef_service_t *service;
+ idmef_impact_type_t impact;
+ prelude_string_t *name, *str;
+ idmef_additional_data_t *data;
+
+ /* Fill in information about the event's source */
+ ret = idmef_alert_new_source(alert, &source, -1);
+ PRELUDE_FAIL_CHECK;
+ ret = idmef_source_new_node(source, &node);
+ PRELUDE_FAIL_CHECK;
+ idmef_node_set_category(node, IDMEF_NODE_CATEGORY_UNKNOWN);
+ ret = fill_in_node_addr(node, &a->ip_addr);
+ PRELUDE_FAIL_CHECK;
+
+ // Describe the service
+ ret = idmef_source_new_service(source, &service);
+ PRELUDE_FAIL_CHECK;
+ idmef_service_set_iana_protocol_number(service, a->proto);
+ idmef_service_set_ip_version(service, 4);
+ idmef_service_set_port(service, ntohs(a->port));
+ ret = prelude_string_new(&name);
+ PRELUDE_FAIL_CHECK;
+ ret = prelude_string_set_dup(name, (char *)bdata(a->service));
+ PRELUDE_FAIL_CHECK;
+ if (bdata(a->application) != NULL) {
+ ret = idmef_alert_new_additional_data(alert, &data,
+ IDMEF_LIST_APPEND);
+ PRELUDE_FAIL_CHECK;
+ ret = idmef_additional_data_new_meaning(data, &str);
+ PRELUDE_FAIL_CHECK;
+ prelude_string_set_ref(str, "Application");
+ idmef_additional_data_set_type(data,
+ IDMEF_ADDITIONAL_DATA_TYPE_STRING);
+ idmef_additional_data_set_string_dup(data,
+ (char *)bdata(a->application));
+ }
+
+ /* Fill in information about the target of the event */
+ ret = idmef_alert_new_target(alert, &target, -1);
+ PRELUDE_FAIL_CHECK;
+
+ /* FIXME: I assume that the target is the whole network */
+ ret = idmef_target_new_node(target, &node2);
+ PRELUDE_FAIL_CHECK;
+ idmef_node_set_category(node, IDMEF_NODE_CATEGORY_UNKNOWN);
+
+ /* Describe event */
+ ret = set_classification(alert, msg);
+ PRELUDE_FAIL_CHECK;
+
+ /* Assess impact */
+ impact = IDMEF_IMPACT_TYPE_OTHER;
+ ret = do_assessment(alert, severity, impact, descr);
+ PRELUDE_FAIL_CHECK;
+
+ prelude_client_send_idmef(client, idmef);
+ idmef_message_destroy(idmef);
+
+ return 0;
+ err:
+ syslog(LOG_ERR, "asset_alert: IDMEF error: %s.\n",
+ prelude_strerror(ret));
+ idmef_message_destroy(idmef);
+ return -1;
+}
+
+
+static int arp_alert(ArpAsset *a, idmef_message_t *idmef,
+ idmef_alert_t *alert, const char *msg,
+ idmef_impact_severity_t severity, char *descr)
+{
+ int ret;
+ idmef_source_t *source;
+ idmef_target_t *target;
+ idmef_node_t *node, *node2;
+ idmef_impact_type_t impact;
+ prelude_string_t *str;
+ idmef_additional_data_t *data;
+
+ /* Fill in information about the event's source */
+ ret = idmef_alert_new_source(alert, &source, -1);
+ PRELUDE_FAIL_CHECK;
+ ret = idmef_source_new_node(source, &node);
+ PRELUDE_FAIL_CHECK;
+ idmef_node_set_category(node, IDMEF_NODE_CATEGORY_UNKNOWN);
+ ret = fill_in_node_mac(node, a);
+ PRELUDE_FAIL_CHECK;
+
+ if (bdata(a->mac_resolved) != NULL) {
+ ret = idmef_alert_new_additional_data(alert, &data,
+ IDMEF_LIST_APPEND);
+ PRELUDE_FAIL_CHECK;
+ ret = idmef_additional_data_new_meaning(data, &str);
+ PRELUDE_FAIL_CHECK;
+ prelude_string_set_ref(str, "Vendor");
+ idmef_additional_data_set_type(data,
+ IDMEF_ADDITIONAL_DATA_TYPE_STRING);
+ idmef_additional_data_set_string_dup(data,
+ (char *)bdata(a->mac_resolved));
+ }
+
+ /* Fill in information about the target of the event */
+ ret = idmef_alert_new_target(alert, &target, -1);
+ PRELUDE_FAIL_CHECK;
+
+ /* FIXME: I assume that the target is the whole network */
+ ret = idmef_target_new_node(target, &node2);
+ PRELUDE_FAIL_CHECK;
+ idmef_node_set_category(node, IDMEF_NODE_CATEGORY_UNKNOWN);
+
+ /* Describe event */
+ ret = set_classification(alert, msg);
+ PRELUDE_FAIL_CHECK;
+
+ /* Assess impact */
+ impact = IDMEF_IMPACT_TYPE_OTHER;
+ ret = do_assessment(alert, severity, impact, descr);
+ PRELUDE_FAIL_CHECK;
+
+ prelude_client_send_idmef(client, idmef);
+ idmef_message_destroy(idmef);
+
+ return 0;
+ err:
+ syslog(LOG_ERR, "arp_alert: IDMEF error: %s.\n",
+ prelude_strerror(ret));
+ idmef_message_destroy(idmef);
+ return -1;
+}
+
+/* ----------------------------------------------------------
+ * FUNCTION : setup_output_screen
+ * DESCRIPTION : This function will register the output
+ * : plugin.
+ * INPUT : None!
+ * RETURN : 0 - Success
+ * : -1 - Error
+ * ---------------------------------------------------------- */
+int
+setup_output_prelude (void)
+{
+ OutputPlugin *plugin;
+
+
+ if (init_prelude() < 0)
+ return -1;
+
+ /* Allocate and setup plugin data record. */
+ plugin = (OutputPlugin*)malloc(sizeof(OutputPlugin));
+ plugin->name = bfromcstr("prelude");
+ plugin->init = init_output_prelude;
+ plugin->print_asset = print_asset_prelude;
+ plugin->print_arp = print_arp_asset_prelude;
+ plugin->print_stat = NULL;
+ plugin->end = end_output_prelude;
+
+ /* Register plugin with input module. */
+ if ((register_output_plugin(plugin)) == -1) {
+ if (plugin != NULL)
+ free(plugin);
+ log_message("warning: 'register_output_plugin' in function 'setup_output_prelude' failed.");
+ }
+
+ return 0;
+}
+
+/* ----------------------------------------------------------
+ * FUNCTION : init_output_prelude
+ * DESCRIPTION : This output module will initialize the prelude
+ * : subsystem.
+ * INPUT : None
+ * RETURN : 0 - Success
+ * : -1 - Error
+ * --------------------------------------------------------- */
+int
+init_output_prelude (bstring args)
+{
+ verbose_message("Initializing PRELUDE output processor.");
+ profile = strdup((char *)bdata(args));
+ return 0;
+}
+
+/* ----------------------------------------------------------
+ * FUNCTION : print_asset_prelude
+ * DESCRIPTION : This function will send asset events to prelude
+ * INPUT : 0 - Port
+ * : 1 - IP Address
+ * : 2 - Service
+ * : 3 - Application
+ * RETURN : 0 - Success
+ * : -1 - Error
+ * ---------------------------------------------------------- */
+int
+print_asset_prelude (Asset *rec)
+{
+ idmef_message_t *idmef;
+ idmef_alert_t *alert;
+
+ if (new_alert_common(&idmef, &alert) >= 0){
+ asset_alert(rec, idmef, alert,
+ "New Network Asset Detected", IDMEF_IMPACT_SEVERITY_LOW,
+ "A service that was not previously known has been used.");
+ }
+ return 0;
+}
+
+
+/* ----------------------------------------------------------
+ * FUNCTION : print_arp_asset_prelude
+ * DESCRIPTION : This function will send ARP asset events to prelude
+ * INPUT : 0 - IP Address
+ * : 1 - MAC Address
+ * RETURN : 0 - Success
+ * : -1 - Error
+ * ---------------------------------------------------------- */
+int
+print_arp_asset_prelude (ArpAsset *rec)
+{
+ idmef_message_t *idmef;
+ idmef_alert_t *alert;
+
+ if (new_alert_common(&idmef, &alert) >= 0){
+ arp_alert(rec, idmef, alert,
+ "New MAC Address Detected", IDMEF_IMPACT_SEVERITY_INFO,
+ "A network card that was not previously known has been used.");
+ }
+ return 0;
+}
+
+/* ----------------------------------------------------------
+ * FUNCTION : end_output_prelude
+ * DESCRIPTION : This function will free the resources used
+ * : by the prelude output module.
+ * INPUT : None!
+ * RETURN : None!
+ * ---------------------------------------------------------- */
+int
+end_output_prelude ()
+{
+ verbose_message("Ending PRELUDE Output Processor.");
+
+ if (client)
+ prelude_client_destroy(client, PRELUDE_CLIENT_EXIT_STATUS_SUCCESS);
+ free(profile);
+
+ return 0;
+}
+
diff -urpN pads-1.2.orig/src/output/output-prelude.h pads-1.2/src/output/output-prelude.h
--- pads-1.2.orig/src/output/output-prelude.h 1969-12-31 19:00:00.000000000 -0500
+++ pads-1.2/src/output/output-prelude.h 2008-07-07 15:41:50.000000000 -0400
@@ -0,0 +1,54 @@
+/*************************************************************************
+ * output-prelude.h
+ *
+ * This module contains the output mechanism for PADS to send IDMEF alerts
+ * via the prelude library.
+ *
+ * Copyright (C) 2008 Steve Grubb <sgrubb at redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ **************************************************************************/
+#ifndef OUTPUT_PRELUDE_HEADER
+#define OUTPUT_PRELUDE_HEADER
+
+/* DEFINES ----------------------------------------- */
+#ifdef LINUX
+#ifndef __FAVOR_BSD
+#define __FAVOR_BSD
+#endif
+#ifndef _BSD_SOURCE
+#define _BSD_SOURCE
+#endif
+#endif /* ifdef LINUX */
+
+
+/* INCLUDES ---------------------------------------- */
+#include "output.h"
+
+
+/* PROTOTYPES -------------------------------------- */
+#ifdef HAVE_PRELUDE
+int setup_output_prelude (void);
+#else
+#define setup_output_prelude() 0
+#endif
+int init_output_prelude (bstring args);
+int print_asset_prelude (Asset *rec);
+int print_arp_asset_prelude (ArpAsset *rec);
+int end_output_prelude (void);
+
+#endif
+
diff -urpN pads-1.2.orig/src/pads.c pads-1.2/src/pads.c
--- pads-1.2.orig/src/pads.c 2008-07-02 09:24:53.000000000 -0400
+++ pads-1.2/src/pads.c 2008-07-07 15:41:50.000000000 -0400
@@ -43,6 +43,18 @@ int prog_argc;
/* Function Declarations */
static int process_cmdline (int argc, char *argv[]);
+static void set_processor (pcap_t *this_handle);
+static void print_header(void);
+static void print_usage(void);
+static void print_version(void);
+static int init_pads(void);
+static int main_pads(void);
+
+static void sig_term_handler(int signal);
+static void sig_int_handler(int signal);
+static void sig_quit_handler(int signal);
+static void sig_hup_handler(int signal);
+
/* ----------------------------------------------------------
* FUNCTION : process_pkt
@@ -68,7 +80,7 @@ process_pkt (u_char *args, const struct
* INPUT : PCAP Handle
* RETURN : None!
* ---------------------------------------------------------- */
-void
+static void
set_processor (pcap_t *this_handle)
{
int datalink;
@@ -100,7 +112,7 @@ set_processor (pcap_t *this_handle)
* FUNCTION : print_header
* DESCRIPTION : Prints initial header.
* ---------------------------------------------------------- */
-void
+static void
print_header ()
{
printf("pads - Passive Asset Detection System\n");
@@ -113,7 +125,7 @@ print_header ()
* FUNCTION : print_usage
* DESCRIPTION : Prints the Program Usage
* ---------------------------------------------------------- */
-void
+static void
print_usage()
{
printf("Usage:\n"
@@ -148,7 +160,7 @@ print_usage()
* DESCRIPTION : This function will print version
* : version information.
* ---------------------------------------------------------- */
-void
+static void
print_version (void)
{
printf("Build:\n");
@@ -162,7 +174,7 @@ print_version (void)
}
/* ----------------------------------------------------------
- * FUNCTION : init_pads
+ * FUNCTION : init_gc
* DESCRIPTION : This function will initialize PADS.
* ---------------------------------------------------------- */
void init_gc(void)
@@ -185,8 +197,9 @@ void init_gc(void)
/* ----------------------------------------------------------
* FUNCTION : init_pads
* DESCRIPTION : This function will initialize PADS.
+ * RETURN : 0 success, -1 failure
* ---------------------------------------------------------- */
-void
+static int
init_pads (void)
{
/* Init global config to known state */
@@ -199,7 +212,8 @@ init_pads (void)
print_header();
/* Initialize Output Module */
- init_output();
+ if (init_output() < 0)
+ return -1;
/* Process the configuration file. */
if (gc.conf_file) {
@@ -230,7 +244,10 @@ init_pads (void)
/* Daemon Mode: fork child process */
if (gc.daemon_mode) {
- daemonize();
+ verbose_message("[-] Daemonizing...\n");
+ if (daemon(0, 0) < 0) {
+ err_message("Daemonize failed");
+ }
init_pid_file(gc.pid_file, gc.priv_user, gc.priv_group);
}
@@ -239,17 +256,21 @@ init_pads (void)
(void) signal(SIGINT, sig_int_handler);
(void) signal(SIGQUIT, sig_quit_handler);
(void) signal(SIGHUP, sig_hup_handler);
+
+ return 0;
}
/* ----------------------------------------------------------
* FUNCTION : main_pads
* DESCRIPTION : This is the main function for PADS.
+ * RETURN : 0 success, -1 failure
* ---------------------------------------------------------- */
-void
+static int
main_pads (void)
{
/* Initialize */
- init_pads();
+ if (init_pads() < 0)
+ return -1;
if (gc.pcap_file) {
/* Read from PCAP file specified by '-r' switch. */
@@ -324,6 +345,7 @@ main_pads (void)
/* End */
end_pads();
+ return 0;
}
/* ----------------------------------------------------------
@@ -490,25 +512,25 @@ process_cmdline (int argc, char *argv[])
* initialized in 'init_pads' and will perform a function
* based on the signal.
* ---------------------------------------------------------- */
-void
+static void
sig_term_handler(int signal)
{
end_pads();
}
-void
+static void
sig_int_handler(int signal)
{
end_pads();
}
-void
+static void
sig_quit_handler(int signal)
{
end_pads();
}
-void
+static void
sig_hup_handler(int signal)
{
/* The HUP signal has not been implemented yet. */
@@ -526,9 +548,7 @@ main(int argc, char *argv[])
prog_argv = argv;
/* Main Program */
- main_pads();
-
- return(0);
+ return main_pads();
}
/* vim:expandtab:cindent:smartindent:ts=4:tw=0:sw=4:
diff -urpN pads-1.2.orig/src/pads.h pads-1.2/src/pads.h
--- pads-1.2.orig/src/pads.h 2008-06-29 20:16:30.000000000 -0400
+++ pads-1.2/src/pads.h 2008-07-07 15:41:50.000000000 -0400
@@ -25,6 +25,8 @@
* $Id: pads.h,v 1.4 2005/03/11 01:04:12 mattshelton Exp $
*
**************************************************************************/
+#ifndef PADS_HEADER
+#define PADS_HEADER
/* DEFINES ----------------------------------------- */
#ifdef LINUX
@@ -51,25 +53,19 @@
/* TYPEDEFS ---------------------------------------- */
typedef void (*proc_t)(const struct pcap_pkthdr *, const u_char *);
+extern char **prog_argv;
+extern int prog_argc;
+extern GC gc;
+
/* PROTOTYPES -------------------------------------- */
void process_pkt(u_char *args, const struct pcap_pkthdr* pkthdr, const u_char* packet);
-void set_processor (pcap_t *this_handle);
-void print_header(void);
-void print_usage(void);
-void print_version(void);
-void init_pads(void);
-void main_pads(void);
void end_pads(void);
-void sig_term_handler(int signal);
-void sig_int_handler(int signal);
-void sig_quit_handler(int signal);
-void sig_hup_handler(int signal);
-
/* packet.h LLC prototypes */
void process_eth (const struct pcap_pkthdr* pkthdr, const u_char* packet);
void process_sll (const struct pcap_pkthdr* pkthdr, const u_char* packet);
/* vim:expandtab:cindent:smartindent:ts=4:tw=0:sw=4:
*/
+#endif
diff -urpN pads-1.2.orig/src/util.c pads-1.2/src/util.c
--- pads-1.2.orig/src/util.c 2008-07-07 13:56:10.000000000 -0400
+++ pads-1.2/src/util.c 2008-07-07 15:41:50.000000000 -0400
@@ -75,38 +75,6 @@ chomp (char *string, int size)
}
/* ----------------------------------------------------------
- * FUNCTION : daemonize
- * DESCRIPTION : This function will place the application in
- * : the background.
- * INPUT : None!
- * RETURN : None!
- * ---------------------------------------------------------- */
-void
-daemonize ()
-{
- pid_t pid;
-
- if (!gc.daemon_mode)
- printf("[-] Daemonizing...\n");
-
- pid = fork();
- if (pid > 0) {
- /* Parent */
- exit(0);
- } else if (pid < 0) {
- /* Error */
- err_message("fork");
- exit(0);
- } else {
- /* Child */
- setsid();
- close(0);
- close(1);
- close(2);
- }
-}
-
-/* ----------------------------------------------------------
* FUNCTION : init_pid_file
* DESCRIPTION : This function will generate a file
* : containing the application's PID.
diff -urpN pads-1.2.orig/src/util.h pads-1.2/src/util.h
--- pads-1.2.orig/src/util.h 2008-07-07 13:56:10.000000000 -0400
+++ pads-1.2/src/util.h 2008-07-07 15:41:50.000000000 -0400
@@ -39,12 +39,27 @@
/* PROTOTYPES -------------------------------------- */
void strip_comment (char *string);
int chomp (char *string, int size);
-void daemonize (void);
void init_pid_file (bstring pid_file, bstring user, bstring group);
char *copy_argv(register char **argv);
-void log_message (const char *msg, ...);
-void err_message (const char *msg, ...);
-void verbose_message (const char *msg, ...);
+void log_message (const char *msg, ...)
+#ifdef __GNUC__
+ __attribute__ ((format (printf, 1, 2)));
+#else
+ ;
+#endif
+void err_message (const char *msg, ...)
+#ifdef __GNUC__
+ __attribute__ ((format (printf, 1, 2)));
+#else
+ ;
+#endif
+void verbose_message (const char *msg, ...)
+#ifdef __GNUC__
+ __attribute__ ((format (printf, 1, 2)));
+#else
+ ;
+#endif
+
#ifndef HAVE_STRLCPY
size_t strlcpy(char *dst, const char *src, size_t size);
#endif
pads-1.2-readonly.patch:
--- NEW FILE pads-1.2-readonly.patch ---
diff -urp pads-1.2.orig/doc/pads.conf.8 pads-1.2/doc/pads.conf.8
--- pads-1.2.orig/doc/pads.conf.8 2008-07-08 14:28:29.000000000 -0400
+++ pads-1.2/doc/pads.conf.8 2008-07-08 17:36:41.000000000 -0400
@@ -69,9 +69,12 @@ assets found in these networks will be r
This output plugin displays PADS data to the screen. When using the
configuration file, it defaults to off.
-.IP "output csv: <filename>"
+.IP "output csv: <filename> [readonly]"
This output plugin writes PADS data to a CSV file. Optionally, a CSV filename
-can be specified as an argument.
+can be specified as an argument. If you want the file used only to populate
+the internal known assets list but never be updated, then use the readonly
+option. This would be handy when you have a baseline and want to use it for
+intrusion detection.
.IP "output fifo: <filename>"
This output plugin writes PADS data to a FIFO file. Optionally, a FIFO
diff -urp pads-1.2.orig/etc/pads.conf pads-1.2/etc/pads.conf
--- pads-1.2.orig/etc/pads.conf 2008-07-08 14:28:29.000000000 -0400
+++ pads-1.2/etc/pads.conf 2008-07-08 17:36:51.000000000 -0400
@@ -67,7 +67,9 @@ pid_file /var/run/pads.pid
# output: csv
# -------------------------
# This output plugin writes PADS data to a CSV file. Optionally, a CSV filename
-# can be specified as an argument.
+# can be specified as an argument. If you want the file used only to populate
+# the internal known assets list but never be updated, then add the readonly
+# option.
output csv: /etc/pads-assets.csv
# output: fifo
@@ -81,5 +83,4 @@ output csv: /etc/pads-assets.csv
# This output plugin writes PADS data as IDMEF alerts via prelude. Optionally
# you can add a profile name if you want something different than the default
# of pads.
-#
#output prelude: pads
diff -urp pads-1.2.orig/src/output/output-csv.c pads-1.2/src/output/output-csv.c
--- pads-1.2.orig/src/output/output-csv.c 2008-07-08 14:28:29.000000000 -0400
+++ pads-1.2/src/output/output-csv.c 2008-07-08 17:36:41.000000000 -0400
@@ -60,6 +60,9 @@ setup_output_csv (void)
log_message("warning: 'register_output_plugin' in function 'setup_output_csv' failed.");
return -1;
}
+ output_csv_conf.filename = NULL;
+ output_csv_conf.file = NULL;
+ output_csv_conf.readonly = 0;
return 0;
}
@@ -81,22 +84,39 @@ init_output_csv (bstring filename)
verbose_message("Initializing CSV output plugin.");
/* Make sure filename isn't NULL. */
- if (filename != NULL)
- output_csv_conf.filename = bstrcpy(filename);
- else
+ if (filename != NULL) {
+ /* Parse the args looking for readonly and file name */
+ int i;
+ struct bstrList *list = bsplit(filename, ' ');
+ if (list->qty > 2) {
+ err_message("Too many args for output csv");
+ return -1;
+ }
+ for (i=0; i< list->qty; i++) {
+ if (biseqcstr(list->entry[i], "readonly") == 1) {
+ output_csv_conf.readonly = 1;
+ verbose_message("Using csv file in read only mode.");
+ } else if (output_csv_conf.filename == NULL)
+ output_csv_conf.filename = bstrcpy(filename);
+ else
+ err_message("Unrecognized output csv option");
+ }
+ bstrListDestroy(list);
+ } else
output_csv_conf.filename = bfromcstr("assets.csv");
/* Check to see if *filename exists. */
if ((fp = fopen((char *)bdata(output_csv_conf.filename), "r")) == NULL) {
- /* File does not exist, create new.. */
- if ((output_csv_conf.file = fopen((char *)bdata(output_csv_conf.filename), "w")) != NULL) {
- fprintf(output_csv_conf.file, "asset,port,proto,service,application,discovered\n");
- fflush(output_csv_conf.file);
-
- } else {
- err_message("Cannot open file %s!", bdata(output_csv_conf.filename));
- return -1;
+ if (output_csv_conf.readonly == 0) {
+ /* File does not exist, create new.. */
+ if ((output_csv_conf.file = fopen((char *)bdata(output_csv_conf.filename), "w")) != NULL) {
+ fprintf(output_csv_conf.file, "asset,port,proto,service,application,discovered\n");
+ fflush(output_csv_conf.file);
+ } else {
+ err_message("Cannot open file %s!", bdata(output_csv_conf.filename));
+ return -1;
+ }
}
} else {
@@ -105,11 +125,14 @@ init_output_csv (bstring filename)
fclose(fp);
read_report_file();
- /* Open file and assign it to the global FILE pointer. */
- if ((output_csv_conf.file = fopen((char *)bdata(output_csv_conf.filename), "a")) == NULL) {
- err_message("Cannot open file %s!", bdata(output_csv_conf.filename));
- return -1;
- }
+ if (output_csv_conf.readonly == 0) {
+ /* Open file and assign it to the global FILE pointer. */
+ if ((output_csv_conf.file = fopen((char *)bdata(output_csv_conf.filename), "a")) == NULL) {
+ err_message("Cannot open file %s!",
+ bdata(output_csv_conf.filename));
+ return -1;
+ }
+ }
}
return 0;
@@ -255,6 +278,9 @@ parse_raw_report (bstring line)
int
print_asset_csv (Asset *rec)
{
+ if (output_csv_conf.readonly)
+ return 0;
+
if (output_csv_conf.file != NULL) {
if (gc.hide_unknowns == 0 || ((biseqcstr(rec->service, "unknown") != 0) &&
(biseqcstr(rec->application, "unknown") != 0))) {
@@ -285,6 +311,9 @@ print_asset_csv (Asset *rec)
int
print_arp_asset_csv (ArpAsset *rec)
{
+ if (output_csv_conf.readonly)
+ return 0;
+
/* Print to File */
if (output_csv_conf.file != NULL) {
if (rec->mac_resolved != NULL) {
diff -urp pads-1.2.orig/src/output/output-csv.h pads-1.2/src/output/output-csv.h
--- pads-1.2.orig/src/output/output-csv.h 2008-07-08 14:28:29.000000000 -0400
+++ pads-1.2/src/output/output-csv.h 2008-07-08 17:36:41.000000000 -0400
@@ -50,6 +50,7 @@ typedef struct _OutputCSVConf
{
FILE *file;
bstring filename;
+ int readonly;
} OutputCSVConf;
--- NEW FILE pads.init ---
#!/bin/sh
# Startup script for pads
#
# chkconfig: - 40 60
# description: Run pads
# config /etc/pads/pads.conf
PATH=/sbin:/bin:/usr/bin:/usr/sbin
prog="pads"
# Source function library.
. /etc/rc.d/init.d/functions
# Allow anyone to run status
if [ "$1" = "status" ] ; then
status $prog
RETVAL=$?
exit $RETVAL
fi
# Check that we are root ... so non-root users stop here
test $EUID = 0 || exit 4
# Check config
test -f /etc/sysconfig/pads && . /etc/sysconfig/pads
RETVAL=0
start() {
test -x /usr/bin/$prog || exit 5
test -f $CONFIG_FILE || exit 6
if test "x`pidof $prog`" != x; then
echo "$prog already started"
action $"Starting $prog: " /bin/false
RETVAL=1
return $RETVAL
else
echo -n $"Starting $prog: "
unset HOME MAIL USER USERNAME
daemon $prog -D -c $CONFIG_FILE $EXTRA_OPTIONS
RETVAL=$?
if test $RETVAL = 0 ; then
touch /var/lock/subsys/$prog
fi
echo
return $RETVAL
fi
}
stop() {
if test "x`pidof $prog`" != x; then
echo -n $"Stopping $prog: "
killproc $prog
RETVAL=$?
echo
fi
rm -f /var/lock/subsys/$prog
return $RETVAL
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload)
stop
sleep 3
start
;;
condrestart)
if test "x`pidof prog`" != x; then
stop
start
fi
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|status}"
RETVAL=3
esac
exit $RETVAL
--- NEW FILE pads.spec ---
Name: pads
Version: 1.2
Release: 1%{?dist}
Summary: Passive Asset Detection System
Group: Applications/System
License: GPLv2+
URL: http://passive.sourceforge.net/
Source0: http://prdownloads.sourceforge.net/passive/%{name}-%{version}.tar.gz
Source1: pads.init
Source2: pads.sysconfig
Patch1: pads-1.2-cleanup.patch
Patch2: pads-1.2-memleak.patch
Patch3: pads-1.2-overrun.patch
Patch4: pads-1.2-disable-debug.patch
Patch5: pads-1.2-daemonize.patch
Patch6: pads-1.2-ether-codes-update.patch
Patch7: pads-1.2-misc.patch
Patch8: pads-1.2-arp.patch
Patch9: pads-1.2-prelude.patch
Patch10: pads+vlan.patch
Patch11: pads-1.2-prelude-cleanup.patch
Patch12: pads-1.2-readonly.patch
Patch13: pads-1.2-bstring.patch
Patch14: pads-1.2-leak.patch
Patch15: pads-1.2-perf.patch
Patch16: pads-1.2-daemon.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: automake autoconf
BuildRequires: pcre-devel libpcap-devel
BuildRequires: libprelude-devel
Requires(post) : /sbin/chkconfig
Requires(preun) : /sbin/chkconfig
Requires(preun) : /sbin/service
Requires(postun): /sbin/service
%description
PADS is a libpcap based detection engine used to passively
detect network assets. It is designed to complement IDS
technology by providing context to IDS alerts. When new assets
are found, it can send IDMEF alerts via prelude.
%prep
%setup -q
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%build
autoreconf -fv --install
%configure --with-prelude
make %{?_smp_mflags}
%install
rm -rf %{buildroot}
mkdir -p %{buildroot}%{_initrddir}
mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
make install DESTDIR=%{buildroot}
install -m 755 %SOURCE1 %{buildroot}%{_initrddir}/%{name}
install -m 640 %SOURCE2 %{buildroot}%{_sysconfdir}/sysconfig/%{name}
# Remove installed docs since we pick this up another way
rm -rf $RPM_BUILD_ROOT/usr/share/pads/
%clean
rm -rf %{buildroot}
%post
/sbin/chkconfig --add %{name}
%preun
if [ $1 = 0 ]; then
/sbin/service %{name} stop > /dev/null 2>&1 || :
/sbin/chkconfig --del %{name}
fi
%postun
if [ "$1" -ge "1" ]; then
/sbin/service %{name} condrestart >/dev/null 2>&1 || :
fi
%files
%defattr(-,root,root,-)
%doc doc/AUTHORS doc/COPYING doc/README doc/ChangeLog
%{_sysconfdir}/pads-ether-codes
%{_sysconfdir}/pads-signature-list
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/pads.conf
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/sysconfig/%{name}
%attr(0755,root,root) %{_initrddir}/%{name}
%{_bindir}/pads
%{_bindir}/pads-report
%{_mandir}/*/*
%changelog
* Tue Aug 12 2008 Steve Grubb <sgrubb at redhat.com> 1.2-1
Initial rpm build with many bug fixes
--- NEW FILE pads.sysconfig ---
# Config file location
CONFIG_FILE="/etc/pads.conf"
# Add extra options here
EXTRA_OPTIONS=""
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/pads/devel/.cvsignore,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- .cvsignore 13 Aug 2008 17:23:26 -0000 1.1
+++ .cvsignore 13 Aug 2008 17:35:11 -0000 1.2
@@ -0,0 +1 @@
+pads-1.2.tar.gz
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/pads/devel/sources,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sources 13 Aug 2008 17:23:26 -0000 1.1
+++ sources 13 Aug 2008 17:35:11 -0000 1.2
@@ -0,0 +1 @@
+2a366195c55ad6b6859c4c84ce877ee8 pads-1.2.tar.gz
More information about the fedora-extras-commits
mailing list