diff options
Diffstat (limited to 'utils')
| -rw-r--r-- | utils/.gitignore | 1 | ||||
| -rw-r--r-- | utils/Makefile.am | 16 | ||||
| -rw-r--r-- | utils/nfbpf_compile.8.in | 2 | ||||
| -rw-r--r-- | utils/nfbpf_compile.c | 10 | ||||
| -rw-r--r-- | utils/nfnl_osf.8.in | 4 | ||||
| -rw-r--r-- | utils/nfnl_osf.c | 21 |
6 files changed, 38 insertions, 16 deletions
diff --git a/utils/.gitignore b/utils/.gitignore index 6300812b..e508bb32 100644 --- a/utils/.gitignore +++ b/utils/.gitignore @@ -2,3 +2,4 @@ /nfnl_osf.8 /nfbpf_compile /nfbpf_compile.8 +/nfsynproxy diff --git a/utils/Makefile.am b/utils/Makefile.am index d09a6974..34056514 100644 --- a/utils/Makefile.am +++ b/utils/Makefile.am @@ -2,29 +2,35 @@ AM_CFLAGS = ${regular_CFLAGS} AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include \ - -I${top_srcdir}/include ${libnfnetlink_CFLAGS} + -I${top_srcdir}/include ${libnfnetlink_CFLAGS} ${libpcap_CFLAGS} +AM_LDFLAGS = ${regular_LDFLAGS} sbin_PROGRAMS = -pkgdata_DATA = +dist_pkgdata_DATA = man_MANS = if HAVE_LIBNFNETLINK man_MANS += nfnl_osf.8 sbin_PROGRAMS += nfnl_osf -pkgdata_DATA += pf.os +dist_pkgdata_DATA += pf.os nfnl_osf_LDADD = ${libnfnetlink_LIBS} + +uninstall-hook: + dir=${DESTDIR}${pkgdatadir}; { \ + test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; \ + } || rmdir -p --ignore-fail-on-non-empty "$$dir" endif if ENABLE_BPFC man_MANS += nfbpf_compile.8 sbin_PROGRAMS += nfbpf_compile -nfbpf_compile_LDADD = -lpcap +nfbpf_compile_LDADD = ${libpcap_LIBS} endif if ENABLE_SYNCONF sbin_PROGRAMS += nfsynproxy -nfsynproxy_LDADD = -lpcap +nfsynproxy_LDADD = ${libpcap_LIBS} endif CLEANFILES = nfnl_osf.8 nfbpf_compile.8 diff --git a/utils/nfbpf_compile.8.in b/utils/nfbpf_compile.8.in index d02979a5..b19d4fbb 100644 --- a/utils/nfbpf_compile.8.in +++ b/utils/nfbpf_compile.8.in @@ -1,7 +1,7 @@ .TH NFBPF_COMPILE 8 "" "@PACKAGE_STRING@" "@PACKAGE_STRING@" .SH NAME -nfbpf_compile \- generate bytecode for use with xt_bpf +nfbpf_compile \(em generate bytecode for use with xt_bpf .SH SYNOPSIS .ad l diff --git a/utils/nfbpf_compile.c b/utils/nfbpf_compile.c index 2c46c7b0..c9e763dc 100644 --- a/utils/nfbpf_compile.c +++ b/utils/nfbpf_compile.c @@ -17,6 +17,7 @@ int main(int argc, char **argv) struct bpf_program program; struct bpf_insn *ins; int i, dlt = DLT_RAW; + pcap_t *pcap; if (argc < 2 || argc > 3) { fprintf(stderr, "Usage: %s [link] '<program>'\n\n" @@ -36,9 +37,15 @@ int main(int argc, char **argv) } } - if (pcap_compile_nopcap(65535, dlt, &program, argv[argc - 1], 1, + pcap = pcap_open_dead(dlt, 65535); + if (!pcap) { + fprintf(stderr, "Memory allocation failure\n"); + return 1; + } + if (pcap_compile(pcap, &program, argv[argc - 1], 1, PCAP_NETMASK_UNKNOWN)) { fprintf(stderr, "Compilation error\n"); + pcap_close(pcap); return 1; } @@ -50,6 +57,7 @@ int main(int argc, char **argv) printf("%u %u %u %u\n", ins->code, ins->jt, ins->jf, ins->k); pcap_freecode(&program); + pcap_close(pcap); return 0; } diff --git a/utils/nfnl_osf.8.in b/utils/nfnl_osf.8.in index 140b5c3f..1ef0c387 100644 --- a/utils/nfnl_osf.8.in +++ b/utils/nfnl_osf.8.in @@ -1,7 +1,7 @@ .TH NFNL_OSF 8 "" "@PACKAGE_STRING@" "@PACKAGE_STRING@" .SH NAME -nfnl_osf \- OS fingerprint loader utility +nfnl_osf \(em OS fingerprint loader utility .SH SYNOPSIS .ad l @@ -16,7 +16,7 @@ nfnl_osf \- OS fingerprint loader utility .SH DESCRIPTION The .B nfnl_osf -utility allows to load a set of operating system signatures into the kernel for +utility allows one to load a set of operating system signatures into the kernel for later matching against using iptables' .B osf match. diff --git a/utils/nfnl_osf.c b/utils/nfnl_osf.c index 15d53197..8008e83d 100644 --- a/utils/nfnl_osf.c +++ b/utils/nfnl_osf.c @@ -378,9 +378,11 @@ static int osf_load_line(char *buffer, int len, int del) memset(buf, 0, sizeof(buf)); if (del) - nfnl_fill_hdr(nfnlssh, nmh, 0, AF_UNSPEC, 0, OSF_MSG_REMOVE, NLM_F_REQUEST); + nfnl_fill_hdr(nfnlssh, nmh, 0, AF_UNSPEC, 0, OSF_MSG_REMOVE, + NLM_F_ACK | NLM_F_REQUEST); else - nfnl_fill_hdr(nfnlssh, nmh, 0, AF_UNSPEC, 0, OSF_MSG_ADD, NLM_F_REQUEST | NLM_F_CREATE); + nfnl_fill_hdr(nfnlssh, nmh, 0, AF_UNSPEC, 0, OSF_MSG_ADD, + NLM_F_ACK | NLM_F_REQUEST | NLM_F_CREATE); nfnl_addattr_l(nmh, sizeof(buf), OSF_ATTR_FINGER, &f, sizeof(struct xt_osf_user_finger)); @@ -390,7 +392,7 @@ static int osf_load_line(char *buffer, int len, int del) static int osf_load_entries(char *path, int del) { FILE *inf; - int err = 0; + int err = 0, lineno = 0; char buf[1024]; inf = fopen(path, "r"); @@ -400,7 +402,9 @@ static int osf_load_entries(char *path, int del) } while(fgets(buf, sizeof(buf), inf)) { - int len; + int len, rc; + + lineno++; if (buf[0] == '#' || buf[0] == '\n' || buf[0] == '\r') continue; @@ -412,9 +416,11 @@ static int osf_load_entries(char *path, int del) buf[len] = '\0'; - err = osf_load_line(buf, len, del); - if (err) - break; + rc = osf_load_line(buf, len, del); + if (rc && (!del || errno != ENOENT)) { + ulog_err("Failed to load line %d", lineno); + err = rc; + } memset(buf, 0, sizeof(buf)); } @@ -446,6 +452,7 @@ int main(int argc, char *argv[]) if (!fingerprints) { err = -ENOENT; + ulog("Missing fingerprints file argument.\n"); goto err_out_exit; } |