From 8c746b3a2bfb67addbfa4d3d4b7c0dbc2e8ba985 Mon Sep 17 00:00:00 2001 From: Bjørn Mork Date: Tue, 23 Jun 2015 14:17:10 +0200 Subject: ripe-atlas-fw: imported version 4680 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bjørn Mork --- eperd/eooqd.c | 20 ++++++++-- eperd/eperd.c | 7 ++-- eperd/eperd.h | 5 +++ eperd/evtdig.c | 13 ++++++- eperd/ping.c | 4 +- eperd/sslgetcert.c | 112 +++++++++++++++++++++++++++++++++++++++++++---------- eperd/tcputil.c | 6 ++- eperd/traceroute.c | 15 ++++++- 8 files changed, 152 insertions(+), 30 deletions(-) (limited to 'eperd') diff --git a/eperd/eooqd.c b/eperd/eooqd.c index 8ce460f..04bfcd6 100644 --- a/eperd/eooqd.c +++ b/eperd/eooqd.c @@ -88,17 +88,19 @@ int eooqd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; int eooqd_main(int argc, char *argv[]) { int r; - char *pid_file_name; + char *pid_file_name, *instance_id_str; + char *check; struct event *checkQueueEvent, *rePostEvent; struct timeval tv; struct rlimit limit; atlas_id= NULL; + instance_id_str= NULL; pid_file_name= NULL; queue_id= ""; - (void)getopt32(argv, "A:P:q:", &atlas_id, &pid_file_name, - &queue_id); + (void)getopt32(argv, "A:i:P:q:", &atlas_id, &instance_id_str, + &pid_file_name, &queue_id); if (argc != optind+1) { @@ -106,6 +108,18 @@ int eooqd_main(int argc, char *argv[]) return 1; } + instance_id= 0; + if (instance_id_str) + { + instance_id= strtoul(instance_id_str, &check, 0); + if (check[0] != '\0') + { + report("unable to parse instance id '%s'", + instance_id_str); + return 1; + } + } + if(pid_file_name) { write_pidfile(pid_file_name); diff --git a/eperd/eperd.c b/eperd/eperd.c index 2ccaa6a..49c5884 100644 --- a/eperd/eperd.c +++ b/eperd/eperd.c @@ -262,9 +262,10 @@ int eperd_main(int argc UNUSED_PARAM, char **argv) /* "-b after -f is ignored", and so on for every pair a-b */ opt_complementary = "f-b:b-f:S-L:L-S" USE_FEATURE_PERD_D(":d-l") - ":l+:d+"; /* -l and -d have numeric param */ - opt = getopt32(argv, "l:L:fbSc:A:DP:" USE_FEATURE_PERD_D("d:") "O:", - &LogLevel, &LogFile, &CDir, &atlas_id, &PidFileName + "i:+:l+:d+"; /* -i, -l and -d have numeric param */ + opt = getopt32(argv, "i:l:L:fbSc:A:DP:" USE_FEATURE_PERD_D("d:") "O:", + &instance_id, &LogLevel, &LogFile, &CDir, + &atlas_id, &PidFileName USE_FEATURE_PERD_D(,&LogLevel), &out_filename); /* both -d N and -l N set the same variable: LogLevel */ diff --git a/eperd/eperd.h b/eperd/eperd.h index 16cb1d7..e19c1a0 100644 --- a/eperd/eperd.h +++ b/eperd/eperd.h @@ -12,6 +12,7 @@ struct globals { const char *CDir; /* = CRONTABS; */ CronLine *LineBase; CronLine *oldLine; + unsigned instance_id; struct event_base *EventBase; struct evdns_base *DnsBase; }; @@ -22,9 +23,13 @@ extern struct globals G; #define LineBase (G.LineBase ) #define FileBase (G.FileBase ) #define oldLine (G.oldLine ) +#define instance_id (G.instance_id ) #define EventBase (G.EventBase ) #define DnsBase (G.DnsBase ) +#define TRT_ICMP4_INSTANCE_ID_SHIFT 12 +#define TRT_ICMP4_INSTANCE_ID_MASK 0xf000 + #define LVL5 "\x05" #define LVL7 "\x07" #define LVL8 "\x08" diff --git a/eperd/evtdig.c b/eperd/evtdig.c index c94e884..de71a6b 100644 --- a/eperd/evtdig.c +++ b/eperd/evtdig.c @@ -56,6 +56,7 @@ #define O_CLASS 1008 #define O_QUERY 1009 #define O_OUTPUT_COBINED 1101 +#define O_CD 1010 #define DNS_FLAG_RD 0x0100 @@ -287,6 +288,7 @@ struct query_state { int opt_abuf; int opt_resolv_conf; int opt_rd; + int opt_cd; int opt_prepend_probe_id; int opt_evdns; int opt_rset; @@ -474,6 +476,7 @@ static struct option longopts[]= { "edns0", required_argument, NULL, 'e' }, { "nsid", no_argument, NULL, 'n' }, { "do", no_argument, NULL, 'd' }, + { "cd", no_argument, NULL, 'O_CD'}, { "retry", required_argument, NULL, O_RETRY }, { "resolv", no_argument, NULL, O_RESOLV_CONF }, @@ -689,10 +692,13 @@ static void mk_dns_buff(struct query_state *qry, u_char *packet) dns->ns_count = 0; dns->add_count = htons(0); - if (qry->opt_resolv_conf || qry->opt_rd ){ + if (qry->opt_resolv_conf || qry->opt_rd ) { dns->rd = 1; } + if (qry->opt_cd) + dns->cd = 1; + //point to the query portion qname =(u_char *)&packet[sizeof(struct DNS_HEADER)]; @@ -1309,6 +1315,7 @@ static void *tdig_init(int argc, char *argv[], void (*done)(void *state)) qry->opt_qbuf = 0; qry->opt_abuf = 1; qry->opt_rd = 0; + qry->opt_cd = 0; qry->opt_evdns = 0; qry->opt_rset = 0; qry->opt_prepend_probe_id = 0; @@ -1441,6 +1448,10 @@ static void *tdig_init(int argc, char *argv[], void (*done)(void *state)) } break; + case 'O_CD': + qry->opt_cd = 1; + break; + case 'O_CLASS': qry->qclass = strtoul(optarg, &check, 10); if ((qry->qclass >= 0 ) && diff --git a/eperd/ping.c b/eperd/ping.c index 8d0866d..8f7f4e0 100644 --- a/eperd/ping.c +++ b/eperd/ping.c @@ -475,7 +475,9 @@ static void fmticmp4(u_char *buffer, size_t *sizep, u_int8_t seq, /* The ICMP header (no checksum here until user data has been filled in) */ icmp->icmp_type = ICMP_ECHO; /* type of message */ icmp->icmp_code = 0; /* type sub code */ - icmp->icmp_id = 0xffff & pid; /* unique process identifier */ + + /* Keep the high nibble clear for traceroute */ + icmp->icmp_id = 0x0fff & pid; /* unique process identifier */ icmp->icmp_seq = htons(seq); /* message identifier */ /* User data */ diff --git a/eperd/sslgetcert.c b/eperd/sslgetcert.c index d00bf7a..fa3c254 100644 --- a/eperd/sslgetcert.c +++ b/eperd/sslgetcert.c @@ -76,6 +76,8 @@ struct state char *infname; char only_v4; char only_v6; + char major_version; + char minor_version; /* State */ char busy; @@ -104,6 +106,8 @@ struct state double resptime; FILE *post_fh; char *post_buf; + char recv_major; + char recv_minor; struct buf inbuf; struct msgbuf msginbuf; @@ -351,7 +355,8 @@ static void msgbuf_add(struct msgbuf *msgbuf, void *buf, size_t size) buf_add(&msgbuf->buffer, buf, size); } -static int msgbuf_read(struct msgbuf *msgbuf, int type) +static int msgbuf_read(struct msgbuf *msgbuf, int type, + char *majorp, char *minorp) { int r; size_t len; @@ -378,13 +383,8 @@ static int msgbuf_read(struct msgbuf *msgbuf, int type) fprintf(stderr, "msgbuf_read: got type %d\n", p[0]); return -1; } - if (p[1] != 3 || p[2] != 0) - { - fprintf(stderr, - "msgbuf_read: got bad major/minor %d.%d\n", - p[1], p[2]); - return -1; - } + *majorp= p[1]; + *minorp= p[2]; len= (p[3] << 8) + p[4]; if (msgbuf->inbuf->size - msgbuf->inbuf->offset < 5 + len) { @@ -601,15 +601,16 @@ static void timeout_callback(int __attribute((unused)) unused, static void *sslgetcert_init(int __attribute((unused)) argc, char *argv[], void (*done)(void *state)) { - int c, i, only_v4, only_v6; + int c, i, only_v4, only_v6, major, minor; size_t newsiz; - char *hostname, *str_port, *infname; + char *hostname, *str_port, *infname, *version_str; char *output_file, *A_arg; struct state *state; FILE *fh; /* Arguments */ output_file= NULL; + version_str= NULL; A_arg= NULL; infname= NULL; str_port= NULL; @@ -626,7 +627,7 @@ static void *sslgetcert_init(int __attribute((unused)) argc, char *argv[], /* Allow us to be called directly by another program in busybox */ optind= 0; - while (c= getopt_long(argc, argv, "A:O:i:p:46", longopts, NULL), c != -1) + while (c= getopt_long(argc, argv, "A:O:V:i:p:46", longopts, NULL), c != -1) { switch(c) { @@ -636,6 +637,9 @@ static void *sslgetcert_init(int __attribute((unused)) argc, char *argv[], case 'O': output_file= optarg; break; + case 'V': + version_str= optarg; + break; case 'i': infname= optarg; break; @@ -689,12 +693,40 @@ static void *sslgetcert_init(int __attribute((unused)) argc, char *argv[], } } + if (version_str == NULL || strcasecmp(version_str, "TLS1.2") == 0) + { + major= 3; /* TLS 1.2 */ + minor= 3; + } + else if (strcasecmp(version_str, "TLS1.1") == 0) + { + major= 3; + minor= 2; + } + else if (strcasecmp(version_str, "TLS1.0") == 0) + { + major= 3; + minor= 1; + } + else if (strcasecmp(version_str, "SSL3.0") == 0) + { + major= 3; + minor= 0; + } + else + { + crondlog(LVL8 "bad protocol version '%s'", version_str); + return NULL; + } + state= xzalloc(sizeof(*state)); state->base= hg_base; state->atlas= A_arg ? strdup(A_arg) : NULL; state->output_file= output_file ? strdup(output_file) : NULL; state->infname= infname ? strdup(infname) : NULL; state->hostname= strdup(hostname); + state->major_version= major; + state->minor_version= minor; if (str_port) state->portname= strdup(str_port); else @@ -879,7 +911,8 @@ static int eat_server_hello(struct state *state) { if (msgbuf->buffer.size - msgbuf->buffer.offset < 4) { - r= msgbuf_read(msgbuf, MSG_HANDSHAKE); + r= msgbuf_read(msgbuf, MSG_HANDSHAKE, + &state->recv_major, &state->recv_minor); if (r < 0) { fprintf(stderr, @@ -899,7 +932,8 @@ static int eat_server_hello(struct state *state) len= (p[1] << 16) + (p[2] << 8) + p[3]; if (msgbuf->buffer.size - msgbuf->buffer.offset < 4+len) { - r= msgbuf_read(msgbuf, MSG_HANDSHAKE); + r= msgbuf_read(msgbuf, MSG_HANDSHAKE, + &state->recv_major, &state->recv_minor); if (r < 0) { fprintf(stderr, @@ -916,8 +950,9 @@ static int eat_server_hello(struct state *state) static int eat_certificate(struct state *state) { - int i, n, r, first, slen, need_nl; + int i, n, r, first, slen, need_nl, major, minor; size_t o, len; + const char *method; uint8_t *p; struct msgbuf *msgbuf; FILE *fh; @@ -932,7 +967,8 @@ static int eat_certificate(struct state *state) { if (msgbuf->buffer.size - msgbuf->buffer.offset < 4) { - r= msgbuf_read(msgbuf, MSG_HANDSHAKE); + r= msgbuf_read(msgbuf, MSG_HANDSHAKE, + &state->recv_major, &state->recv_minor); if (r < 0) { if (errno != EAGAIN) @@ -954,7 +990,8 @@ static int eat_certificate(struct state *state) len= (p[1] << 16) + (p[2] << 8) + p[3]; if (msgbuf->buffer.size - msgbuf->buffer.offset < 4+len) { - r= msgbuf_read(msgbuf, MSG_HANDSHAKE); + r= msgbuf_read(msgbuf, MSG_HANDSHAKE, + &state->recv_major, &state->recv_minor); if (r < 0) { fprintf(stderr, @@ -996,8 +1033,39 @@ static int eat_certificate(struct state *state) DBQ(dst_port) ":" DBQ(%s), state->hostname, state->portname); - fprintf(fh, ", " DBQ(method) ":" DBQ(SSL) ", " - DBQ(ver) ":" DBQ(3.0)); + if (state->recv_major == 3 && state->recv_minor == 3) + { + method= "TLS"; + major= 1; + minor= 2; + } + else if (state->recv_major == 3 && state->recv_minor == 2) + { + method= "TLS"; + major= 1; + minor= 1; + } + else if (state->recv_major == 3 && state->recv_minor == 1) + { + method= "TLS"; + major= 1; + minor= 0; + } + else if (state->recv_major == 3 && state->recv_minor == 0) + { + method= "SSL"; + major= 3; + minor= 0; + } + else + { + method= "(unknown)"; + major= state->recv_major; + minor= state->recv_minor; + } + + fprintf(fh, ", " DBQ(method) ":" DBQ(%s) ", " + DBQ(ver) ":" DBQ(%d.%d), method, major, minor); getnameinfo((struct sockaddr *)&state->sin6, state->socklen, hostbuf, sizeof(hostbuf), NULL, 0, NI_NUMERICHOST); @@ -1077,6 +1145,7 @@ static int eat_certificate(struct state *state) static void writecb(struct bufferevent *bev, void *ptr) { + char c; struct state *state; struct buf outbuf; struct msgbuf msgoutbuf; @@ -1096,8 +1165,11 @@ static void writecb(struct bufferevent *bev, void *ptr) hsbuf_init(&hsbuf); /* Major/minor */ - hsbuf_add(&hsbuf, "\3", 1); - hsbuf_add(&hsbuf, "\0", 1); + c= state->major_version; + hsbuf_add(&hsbuf, &c, 1); + + c= state->minor_version; + hsbuf_add(&hsbuf, &c, 1); add_random(&hsbuf); add_sessionid(&hsbuf); add_ciphers(&hsbuf); diff --git a/eperd/tcputil.c b/eperd/tcputil.c index 201f1eb..e1d4505 100644 --- a/eperd/tcputil.c +++ b/eperd/tcputil.c @@ -90,7 +90,11 @@ void tu_restart_connect(struct tu_env *env) } /* Immediate error? */ - printf("connect error\n"); + if (!env->dns_curr) + { + /* Callback cleaned up */ + return; + } env->dns_curr= env->dns_curr->ai_next; } diff --git a/eperd/traceroute.c b/eperd/traceroute.c index 06f6ac1..fbeb025 100644 --- a/eperd/traceroute.c +++ b/eperd/traceroute.c @@ -1021,7 +1021,8 @@ static void send_pkt(struct trtstate *state) icmp_hdr->icmp_type= ICMP_ECHO; icmp_hdr->icmp_code= 0; icmp_hdr->icmp_cksum= 0; - icmp_hdr->icmp_id= htons(state->index); + icmp_hdr->icmp_id= htons(state->index | + (instance_id << TRT_ICMP4_INSTANCE_ID_SHIFT)); icmp_hdr->icmp_seq= htons(state->seq); icmp_hdr->icmp_data[0]= '\0'; icmp_hdr->icmp_data[1]= '\0'; @@ -1857,6 +1858,12 @@ printf("curpacksize: %d\n", state->curpacksize); } ind= ntohs(eicmp->icmp_id); + if ((ind >> TRT_ICMP4_INSTANCE_ID_SHIFT) != instance_id) + { + printf("wrong instance id\n"); + return; + } + ind &= ~TRT_ICMP4_INSTANCE_ID_MASK; if (ind >= base->tabsiz) { @@ -2134,6 +2141,12 @@ printf("%s, %d: sin6_family = %d\n", __FILE__, __LINE__, state->sin6.sin6_family } ind= ntohs(icmp->icmp_id); + if ((ind >> TRT_ICMP4_INSTANCE_ID_SHIFT) != instance_id) + { + printf("wrong instance id\n"); + return; + } + ind &= ~TRT_ICMP4_INSTANCE_ID_MASK; if (ind >= base->tabsiz) { -- cgit v1.2.3