ripe-atlas-fw: imported version 46804680

Signed-off-by: Bjørn Mork <bjorn@mork.no>
author: Bjørn Mork <bjorn@mork.no> 2015-06-23 14:17:10 +0200
committer: Bjørn Mork <bjorn@mork.no> 2015-06-23 14:17:10 +0200
commit: 8c746b3a2bfb67addbfa4d3d4b7c0dbc2e8ba985 (patch)
tree: a75585d0e66fc2b54d2fb2e38241eee7d248885b /eperd
parent: 13762fce1926efb6b553bf20df256ccf6586f518 (diff)
8 files changed, 152 insertions, 30 deletions
diff --git a/eperd/eooqd.c b/eperd/eooqd.c
index 8ce460f..04bfcd6 100644
--- a/eperd/eooqd.c
+++ b/eperd/eooqd.c
@@ -88,17 +88,19 @@ int eooqd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
 int eooqd_main(int argc, char *argv[])
 {
 	int r;
-	char *pid_file_name;
+	char *pid_file_name, *instance_id_str;
+	char *check;
 	struct event *checkQueueEvent, *rePostEvent;
 	struct timeval tv;
 	struct rlimit limit;
 
 	atlas_id= NULL;
+	instance_id_str= NULL;
 	pid_file_name= NULL;
 	queue_id= "";
 
-	(void)getopt32(argv, "A:P:q:", &atlas_id, &pid_file_name,
-		&queue_id);
+	(void)getopt32(argv, "A:i:P:q:", &atlas_id, &instance_id_str,
+		&pid_file_name, &queue_id);
 
 	if (argc != optind+1)
 	{
@@ -106,6 +108,18 @@ int eooqd_main(int argc, char *argv[])
 		return 1;
 	}
 
+	instance_id= 0;
+	if (instance_id_str)
+	{
+		instance_id= strtoul(instance_id_str, &check, 0);
+		if (check[0] != '\0')
+		{
+			report("unable to parse instance id '%s'",
+				instance_id_str);
+			return 1;
+		}
+	}
+
 	if(pid_file_name)
 	{
 		write_pidfile(pid_file_name);
diff --git a/eperd/eperd.c b/eperd/eperd.c
index 2ccaa6a..49c5884 100644
--- a/eperd/eperd.c
+++ b/eperd/eperd.c
@@ -262,9 +262,10 @@ int eperd_main(int argc UNUSED_PARAM, char **argv)
 
 	/* "-b after -f is ignored", and so on for every pair a-b */
 	opt_complementary = "f-b:b-f:S-L:L-S" USE_FEATURE_PERD_D(":d-l")
-			":l+:d+"; /* -l and -d have numeric param */
-	opt = getopt32(argv, "l:L:fbSc:A:DP:" USE_FEATURE_PERD_D("d:") "O:",
-			&LogLevel, &LogFile, &CDir, &atlas_id, &PidFileName
+			"i:+:l+:d+"; /* -i, -l and -d have numeric param */
+	opt = getopt32(argv, "i:l:L:fbSc:A:DP:" USE_FEATURE_PERD_D("d:") "O:",
+			&instance_id, &LogLevel, &LogFile, &CDir,
+			&atlas_id, &PidFileName
 			USE_FEATURE_PERD_D(,&LogLevel), &out_filename);
 	/* both -d N and -l N set the same variable: LogLevel */
 
diff --git a/eperd/eperd.h b/eperd/eperd.h
index 16cb1d7..e19c1a0 100644
--- a/eperd/eperd.h
+++ b/eperd/eperd.h
@@ -12,6 +12,7 @@ struct globals {
 	const char *CDir; /* = CRONTABS; */
 	CronLine *LineBase;
 	CronLine *oldLine;
+	unsigned instance_id;
 	struct event_base *EventBase;
 	struct evdns_base *DnsBase;
 };
@@ -22,9 +23,13 @@ extern struct globals G;
 #define LineBase           (G.LineBase               )
 #define FileBase           (G.FileBase               )
 #define oldLine            (G.oldLine                )
+#define instance_id        (G.instance_id                )
 #define EventBase          (G.EventBase              )
 #define DnsBase            (G.DnsBase                )
 
+#define TRT_ICMP4_INSTANCE_ID_SHIFT	    12
+#define TRT_ICMP4_INSTANCE_ID_MASK	0xf000
+
 #define LVL5  "\x05"
 #define LVL7  "\x07"
 #define LVL8  "\x08"
diff --git a/eperd/evtdig.c b/eperd/evtdig.c
index c94e884..de71a6b 100644
--- a/eperd/evtdig.c
+++ b/eperd/evtdig.c
@@ -56,6 +56,7 @@
 #define O_CLASS 1008
 #define O_QUERY 1009
 #define O_OUTPUT_COBINED 1101
+#define O_CD 1010
 
 #define DNS_FLAG_RD 0x0100
 
@@ -287,6 +288,7 @@ struct query_state {
 	int opt_abuf;
 	int opt_resolv_conf;
 	int opt_rd;
+	int opt_cd;
 	int opt_prepend_probe_id;
 	int opt_evdns;
 	int opt_rset;
@@ -474,6 +476,7 @@ static struct option longopts[]=
 	{ "edns0", required_argument, NULL, 'e' },
 	{ "nsid", no_argument, NULL, 'n' },
 	{ "do", no_argument, NULL, 'd' },
+	{ "cd", no_argument, NULL, 'O_CD'},
  	
 	{ "retry",  required_argument, NULL, O_RETRY },
 	{ "resolv", no_argument, NULL, O_RESOLV_CONF },
@@ -689,10 +692,13 @@ static void mk_dns_buff(struct query_state *qry,  u_char *packet)
 	dns->ns_count = 0;
 	dns->add_count = htons(0);
 
-	if (qry->opt_resolv_conf ||  qry->opt_rd ){
+	if (qry->opt_resolv_conf ||  qry->opt_rd ) {
 		dns->rd = 1;
 	}
 
+	if (qry->opt_cd)
+		dns->cd = 1;
+
 	//point to the query portion
 	qname =(u_char *)&packet[sizeof(struct DNS_HEADER)];
 
@@ -1309,6 +1315,7 @@ static void *tdig_init(int argc, char *argv[], void (*done)(void *state))
 	qry->opt_qbuf = 0; 
 	qry->opt_abuf = 1; 
 	qry->opt_rd = 0;
+	qry->opt_cd = 0;
 	qry->opt_evdns = 0;
 	qry->opt_rset = 0;
 	qry->opt_prepend_probe_id = 0;
@@ -1441,6 +1448,10 @@ static void *tdig_init(int argc, char *argv[], void (*done)(void *state))
 				}
 				break;
 
+			case 'O_CD':
+				qry->opt_cd = 1;
+				break;
+
 			case 'O_CLASS':
 				qry->qclass = strtoul(optarg, &check, 10);
 				if ((qry->qclass  >= 0 ) && 
diff --git a/eperd/ping.c b/eperd/ping.c
index 8d0866d..8f7f4e0 100644
--- a/eperd/ping.c
+++ b/eperd/ping.c
@@ -475,7 +475,9 @@ static void fmticmp4(u_char *buffer, size_t *sizep, u_int8_t seq,
 	/* The ICMP header (no checksum here until user data has been filled in) */
 	icmp->icmp_type = ICMP_ECHO;             /* type of message */
 	icmp->icmp_code = 0;                     /* type sub code */
-	icmp->icmp_id   = 0xffff & pid;          /* unique process identifier */
+
+	/* Keep the high nibble clear for traceroute */
+	icmp->icmp_id   = 0x0fff & pid;          /* unique process identifier */
 	icmp->icmp_seq  = htons(seq);            /* message identifier */
 
 	/* User data */
diff --git a/eperd/sslgetcert.c b/eperd/sslgetcert.c
index d00bf7a..fa3c254 100644
--- a/eperd/sslgetcert.c
+++ b/eperd/sslgetcert.c
@@ -76,6 +76,8 @@ struct state
 	char *infname;
 	char only_v4;
 	char only_v6;
+	char major_version;
+	char minor_version;
 
 	/* State */
 	char busy;
@@ -104,6 +106,8 @@ struct state
 	double resptime;
 	FILE *post_fh;
 	char *post_buf;
+	char recv_major;
+	char recv_minor;
 
 	struct buf inbuf;
 	struct msgbuf msginbuf;
@@ -351,7 +355,8 @@ static void msgbuf_add(struct msgbuf *msgbuf, void *buf, size_t size)
 	buf_add(&msgbuf->buffer, buf, size);
 }
 
-static int msgbuf_read(struct msgbuf *msgbuf, int type)
+static int msgbuf_read(struct msgbuf *msgbuf, int type,
+	char *majorp, char *minorp)
 {
 	int r;
 	size_t len;
@@ -378,13 +383,8 @@ static int msgbuf_read(struct msgbuf *msgbuf, int type)
 			fprintf(stderr, "msgbuf_read: got type %d\n", p[0]);
 			return -1;
 		}
-		if (p[1] != 3 || p[2] != 0)
-		{
-			fprintf(stderr,
-				"msgbuf_read: got bad major/minor %d.%d\n",
-				p[1], p[2]);
-			return -1;
-		}
+		*majorp= p[1];
+		*minorp= p[2];
 		len= (p[3] << 8) + p[4];
 		if (msgbuf->inbuf->size - msgbuf->inbuf->offset < 5 + len)
 		{
@@ -601,15 +601,16 @@ static void timeout_callback(int __attribute((unused)) unused,
 static void *sslgetcert_init(int __attribute((unused)) argc, char *argv[],
 	void (*done)(void *state))
 {
-	int c, i, only_v4, only_v6;
+	int c, i, only_v4, only_v6, major, minor;
 	size_t newsiz;
-	char *hostname, *str_port, *infname;
+	char *hostname, *str_port, *infname, *version_str;
 	char *output_file, *A_arg;
 	struct state *state;
 	FILE *fh;
 
 	/* Arguments */
 	output_file= NULL;
+	version_str= NULL;
 	A_arg= NULL;
 	infname= NULL;
 	str_port= NULL;
@@ -626,7 +627,7 @@ static void *sslgetcert_init(int __attribute((unused)) argc, char *argv[],
 
 	/* Allow us to be called directly by another program in busybox */
 	optind= 0;
-	while (c= getopt_long(argc, argv, "A:O:i:p:46", longopts, NULL), c != -1)
+	while (c= getopt_long(argc, argv, "A:O:V:i:p:46", longopts, NULL), c != -1)
 	{
 		switch(c)
 		{
@@ -636,6 +637,9 @@ static void *sslgetcert_init(int __attribute((unused)) argc, char *argv[],
 		case 'O':
 			output_file= optarg;
 			break;
+		case 'V':
+			version_str= optarg;
+			break;
 		case 'i':
 			infname= optarg;
 			break;
@@ -689,12 +693,40 @@ static void *sslgetcert_init(int __attribute((unused)) argc, char *argv[],
 		}
 	}
 
+	if (version_str == NULL || strcasecmp(version_str, "TLS1.2") == 0)
+	{
+		major= 3;	/* TLS 1.2 */
+		minor= 3;	
+	}
+	else if (strcasecmp(version_str, "TLS1.1") == 0)
+	{
+		major= 3;
+		minor= 2;	
+	}
+	else if (strcasecmp(version_str, "TLS1.0") == 0)
+	{
+		major= 3;
+		minor= 1;	
+	}
+	else if (strcasecmp(version_str, "SSL3.0") == 0)
+	{
+		major= 3;
+		minor= 0;	
+	}
+	else 
+	{
+		crondlog(LVL8 "bad protocol version '%s'", version_str);
+		return NULL;
+	}
+
 	state= xzalloc(sizeof(*state));
 	state->base= hg_base;
 	state->atlas= A_arg ? strdup(A_arg) : NULL;
 	state->output_file= output_file ? strdup(output_file) : NULL;
 	state->infname= infname ? strdup(infname) : NULL;
 	state->hostname= strdup(hostname);
+	state->major_version= major;
+	state->minor_version= minor;
 	if (str_port)
 		state->portname= strdup(str_port);
 	else
@@ -879,7 +911,8 @@ static int eat_server_hello(struct state *state)
 	{
 		if (msgbuf->buffer.size - msgbuf->buffer.offset < 4)
 		{
-			r= msgbuf_read(msgbuf, MSG_HANDSHAKE);
+			r= msgbuf_read(msgbuf, MSG_HANDSHAKE,
+				&state->recv_major, &state->recv_minor);
 			if (r < 0)
 			{
 				fprintf(stderr,
@@ -899,7 +932,8 @@ static int eat_server_hello(struct state *state)
 		len= (p[1] << 16) + (p[2] << 8) + p[3];
 		if (msgbuf->buffer.size - msgbuf->buffer.offset < 4+len)
 		{
-			r= msgbuf_read(msgbuf, MSG_HANDSHAKE);
+			r= msgbuf_read(msgbuf, MSG_HANDSHAKE,
+				&state->recv_major, &state->recv_minor);
 			if (r < 0)
 			{
 				fprintf(stderr,
@@ -916,8 +950,9 @@ static int eat_server_hello(struct state *state)
 
 static int eat_certificate(struct state *state)
 {
-	int i, n, r, first, slen, need_nl;
+	int i, n, r, first, slen, need_nl, major, minor;
 	size_t o, len;
+	const char *method;
 	uint8_t *p;
 	struct msgbuf *msgbuf;
 	FILE *fh;
@@ -932,7 +967,8 @@ static int eat_certificate(struct state *state)
 	{
 		if (msgbuf->buffer.size - msgbuf->buffer.offset < 4)
 		{
-			r= msgbuf_read(msgbuf, MSG_HANDSHAKE);
+			r= msgbuf_read(msgbuf, MSG_HANDSHAKE,
+				&state->recv_major, &state->recv_minor);
 			if (r < 0)
 			{
 				if (errno != EAGAIN)
@@ -954,7 +990,8 @@ static int eat_certificate(struct state *state)
 		len= (p[1] << 16) + (p[2] << 8) + p[3];
 		if (msgbuf->buffer.size - msgbuf->buffer.offset < 4+len)
 		{
-			r= msgbuf_read(msgbuf, MSG_HANDSHAKE);
+			r= msgbuf_read(msgbuf, MSG_HANDSHAKE,
+				&state->recv_major, &state->recv_minor);
 			if (r < 0)
 			{
 				fprintf(stderr,
@@ -996,8 +1033,39 @@ static int eat_certificate(struct state *state)
 			DBQ(dst_port) ":" DBQ(%s),
 			state->hostname, state->portname);
 
-		fprintf(fh, ", " DBQ(method) ":" DBQ(SSL) ", "
-			DBQ(ver) ":" DBQ(3.0));
+		if (state->recv_major == 3 && state->recv_minor == 3)
+		{
+			method= "TLS";
+			major= 1;
+			minor= 2;
+		}
+		else if (state->recv_major == 3 && state->recv_minor == 2)
+		{
+			method= "TLS";
+			major= 1;
+			minor= 1;
+		}
+		else if (state->recv_major == 3 && state->recv_minor == 1)
+		{
+			method= "TLS";
+			major= 1;
+			minor= 0;
+		}
+		else if (state->recv_major == 3 && state->recv_minor == 0)
+		{
+			method= "SSL";
+			major= 3;
+			minor= 0;
+		}
+		else
+		{
+			method= "(unknown)";
+			major= state->recv_major;
+			minor= state->recv_minor;
+		}
+
+		fprintf(fh, ", " DBQ(method) ":" DBQ(%s) ", "
+			DBQ(ver) ":" DBQ(%d.%d), method, major, minor);
 		getnameinfo((struct sockaddr *)&state->sin6, state->socklen,
 			hostbuf, sizeof(hostbuf), NULL, 0,
 			NI_NUMERICHOST);
@@ -1077,6 +1145,7 @@ static int eat_certificate(struct state *state)
 
 static void writecb(struct bufferevent *bev, void *ptr)
 {
+	char c;
 	struct state *state;
 	struct buf outbuf;
 	struct msgbuf msgoutbuf;
@@ -1096,8 +1165,11 @@ static void writecb(struct bufferevent *bev, void *ptr)
 			hsbuf_init(&hsbuf);
 
 			/* Major/minor */
-			hsbuf_add(&hsbuf, "\3", 1);
-			hsbuf_add(&hsbuf, "\0", 1);
+			c= state->major_version;
+			hsbuf_add(&hsbuf, &c, 1);
+
+			c= state->minor_version;
+			hsbuf_add(&hsbuf, &c, 1);
 			add_random(&hsbuf);
 			add_sessionid(&hsbuf);
 			add_ciphers(&hsbuf);
diff --git a/eperd/tcputil.c b/eperd/tcputil.c
index 201f1eb..e1d4505 100644
--- a/eperd/tcputil.c
+++ b/eperd/tcputil.c
@@ -90,7 +90,11 @@ void tu_restart_connect(struct tu_env *env)
 		}
 
 		/* Immediate error? */
-		printf("connect error\n");
+		if (!env->dns_curr)
+		{
+			/* Callback cleaned up */
+			return;
+		}
 		env->dns_curr= env->dns_curr->ai_next;
 	}
 
diff --git a/eperd/traceroute.c b/eperd/traceroute.c
index 06f6ac1..fbeb025 100644
--- a/eperd/traceroute.c
+++ b/eperd/traceroute.c
@@ -1021,7 +1021,8 @@ static void send_pkt(struct trtstate *state)
 			icmp_hdr->icmp_type= ICMP_ECHO;
 			icmp_hdr->icmp_code= 0;
 			icmp_hdr->icmp_cksum= 0;
-			icmp_hdr->icmp_id= htons(state->index);
+			icmp_hdr->icmp_id= htons(state->index | 
+				(instance_id << TRT_ICMP4_INSTANCE_ID_SHIFT));
 			icmp_hdr->icmp_seq= htons(state->seq);
 			icmp_hdr->icmp_data[0]= '\0';
 			icmp_hdr->icmp_data[1]= '\0';
@@ -1857,6 +1858,12 @@ printf("curpacksize: %d\n", state->curpacksize);
 			}
 
 			ind= ntohs(eicmp->icmp_id);
+			if ((ind >> TRT_ICMP4_INSTANCE_ID_SHIFT) != instance_id)
+			{
+				printf("wrong instance id\n");
+				return;
+			}
+			ind &= ~TRT_ICMP4_INSTANCE_ID_MASK;
 
 			if (ind >= base->tabsiz)
 			{
@@ -2134,6 +2141,12 @@ printf("%s, %d: sin6_family = %d\n", __FILE__, __LINE__, state->sin6.sin6_family
 		}
 
 		ind= ntohs(icmp->icmp_id);
+		if ((ind >> TRT_ICMP4_INSTANCE_ID_SHIFT) != instance_id)
+		{
+			printf("wrong instance id\n");
+			return;
+		}
+		ind &= ~TRT_ICMP4_INSTANCE_ID_MASK;
 
 		if (ind >= base->tabsiz)
 		{
author	Bjørn Mork <bjorn@mork.no>	2015-06-23 14:17:10 +0200
committer	Bjørn Mork <bjorn@mork.no>	2015-06-23 14:17:10 +0200
commit	8c746b3a2bfb67addbfa4d3d4b7c0dbc2e8ba985 (patch)
tree	a75585d0e66fc2b54d2fb2e38241eee7d248885b /eperd
parent	13762fce1926efb6b553bf20df256ccf6586f518 (diff)