--- trafd.orig/main.c Sun Jun 6 08:54:09 1999 +++ trafd/main.c Sun Jun 6 08:53:33 1999 @@ -53,6 +53,17 @@ int pflag; /* don't put the interface into promiscuous mode */ int rflag; /* attempt to resume data from safe file if exist */ +int Iflag = 0; /* don't destinguish packets by port/protocol -> only by IP */ +int Dflag = 1; /* do daemonize */ + +#define MAX_ACC_ADDRESSES 256 + +struct AccRecord AccAddr[MAX_ACC_ADDRESSES]; +int AccRecNum = 0; + +struct AccRecord AggAddr[MAX_ACC_ADDRESSES]; +int AggRecNum = 0; + /* Global interrupts flags */ int flag_hup; /* SIGHUP - drop collected data to tempfile */ int flag_int; /* SIGINT - append collected data to savefile */ @@ -80,7 +91,52 @@ static int if_fd = -1; -void +int getnet(char *s, struct AccRecord *ar) +{ + int rc; + char *r; + r = strchr(s, '/'); + if (r) *r++ = '\0'; + rc = inet_aton(s, (struct in_addr *)&ar->network); + if (rc != 1 || !r || !atoi(r)) { + fprintf(stderr, "Incorrect parametr '%s' must be in XXX.XXX.XXX.XXX/MASKLEN form\n", s); + exit(1); + } + ar->netmask = htonl(~(0xFFFFFFFF >> atoi(r))); + ar->network &= ar->netmask; + return(0); +} + +void AccAdd(char *s, struct AccRecord *ar, int *ap) { + if (isdigit(*s)) { /* network */ + if (*ap + 1 >= MAX_ACC_ADDRESSES) { + fprintf( stderr, "too many '-S/-A' flags, only %d allowed for each\n", MAX_ACC_ADDRESSES ); + exit(1); + } + getnet(optarg, &ar[(*ap)++]); + } else { /* file */ + char buf[256]; + FILE *f = fopen(s, "r"); + if (!f) { + perror("can't open file"); + exit(1); + } + while(fgets(buf, sizeof(buf)-1, f)) { + char *ent; + if (*ap + 1 >= MAX_ACC_ADDRESSES) { + fprintf( stderr, "too many entries in %s, only %d allowed for each\n", s, MAX_ACC_ADDRESSES ); + exit(1); + } + ent = buf; + while(*ent && isspace(*ent)) ent++; + if (!*ent || *ent == '#') continue; + getnet(buf, &ar[(*ap)++]); + } + fclose(f); + } +} + +int main(argc, argv) int argc; char **argv; @@ -100,7 +156,7 @@ program_name = stripdir(argv[0]); opterr = 0; - while ((op = getopt(argc, argv, "c:df:F:i:Opr")) != EOF) + while ((op = getopt(argc, argv, "c:df:F:i:OprIS:A:D")) != EOF) switch (op) { case 'c': cnt = atoi(optarg); @@ -126,6 +182,18 @@ case 'r': ++rflag; break; + case 'I': + Iflag = 1; + break; + case 'D': + Dflag = 0; + break; + case 'S': + AccAdd(optarg, AccAddr, &AccRecNum); + break; + case 'A': + AccAdd(optarg, AggAddr, &AggRecNum); + break; default: usage(); } @@ -185,7 +253,9 @@ device_name); /* Jump to background */ - daemon(1, 0); + if (Dflag) + daemon(1, 0); + if ((fd = fopen(file_pid, "w")) == NULL) exit(1); @@ -207,6 +277,7 @@ (void)syslog(LOG_ERR, "(%s) traffic collector aborted: %m", device_name); exit(1); + return(1); } /* make a clean exit on interrupts */ @@ -284,6 +355,22 @@ fprintf(stderr, "trafd v%s - tcp/udp data traffic collector daemon\n", version); fprintf(stderr, -"Usage: %s [-dOpr] [-c count] [-i iface] [-f ext] [-F file | expr]\n", program_name); + "Usage: %s [] [-F file | expr]\n" + "flags:\n" + "\t-d\t\tdump packet-matching code\n" + "\t-O\t\tdon't run the packet-matching code optimizer\n" + "\t-p\t\tdon't put the interface into promiscuous mode\n" + "\t-r\t\tattempt to resume data from safe file if exist\n" + "\t-I\t\tdon't destinguish ports and protocols\n" + "\t-D\t\trun in foreground\n" + "\t-c \t\taccount only packets\n" + "\t-i \tlisten interface \n" + "\t-S \tdo accounting only for this address range\n" + "\t-S \t--\"\"--, read address ranges from file\n" + "\t-A \taggregate addreses from this range to one\n" + "\t-A \t--\"\"--, read address range from file\n" + "\t-f \tuse as interface name for data files\n" + "\n", + program_name); exit(-1); } diff -u -N -r trafd.orig/trafd.h trafd/trafd.h --- trafd.orig/trafd.h Sun Jun 6 08:54:09 1999 +++ trafd/trafd.h Sun Jun 6 08:16:50 1999 @@ -32,3 +32,15 @@ extern void traf_save(); extern void traf_pipe(); extern void traf_clear(); + +struct AccRecord { + unsigned int network; + unsigned int netmask; +}; + +extern struct AccRecord AccAddr[]; +extern int AccRecNum; + +extern struct AccRecord AggAddr[]; +extern int AggRecNum; + \ No newline at end of file diff -u -N -r trafd.orig/traffic.c trafd/traffic.c --- trafd.orig/traffic.c Sun Jun 6 08:54:09 1999 +++ trafd/traffic.c Sun Jun 6 08:53:33 1999 @@ -138,6 +138,9 @@ return -2; } + +extern int Iflag; +extern struct bpf_program *Scode; /* * Insert entry. */ @@ -146,8 +149,48 @@ register p_entry e; /* return -1 if success digit if already in table or -2 if table full */ { - register int ec = findentry(e); + register int ec; register unsigned inx; + + if (Iflag) { /* don't match/store protocol&ports */ + e->ip_protocol = 0; + e->who_srv = 0; + e->p_port = 0; + } + + if (AccRecNum) { + int i; + int src = 0, dst = 0; + for(i = 0; i < AccRecNum; i++) { + if ((e->in_ip.s_addr & AccAddr[i].netmask) == + AccAddr[i].network) src = 1; + if ((e->out_ip.s_addr & AccAddr[i].netmask) == + AccAddr[i].network) dst = 1; + } + if (!src) e->in_ip.s_addr = 0xFFFFFFFF; + if (!dst) e->out_ip.s_addr = 0xFFFFFFFF; + } + + if (AggRecNum) { + int i; + int src = 0, dst = 0; + for(i = 0; i < AggRecNum; i++) { + if (!src && + (e->in_ip.s_addr & AggAddr[i].netmask) == + AggAddr[i].network) { + src = 1; + e->in_ip.s_addr = (e->in_ip.s_addr & AggAddr[i].netmask); + } + if (!dst && + (e->out_ip.s_addr & AggAddr[i].netmask) == + AggAddr[i].network) { + dst = 1; + e->out_ip.s_addr = (e->out_ip.s_addr & AggAddr[i].netmask); + } + } + } + + ec = findentry(e); if (ec != -1) return ec; inx = hash(e);