1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
#! /bin/sh /usr/share/dpatch/dpatch-run
## promisc.dpatch by lantz moore <lmoore@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: fixes a number of issues related to promiscuous mode
## DP: see Debian bugs #333068, #214990 and #202198
@DPATCH@
--- chkrootkit-0.48.orig/ifpromisc.c
+++ chkrootkit-0.48/ifpromisc.c
@@ -51,6 +51,8 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <dirent.h>
+#include <sys/stat.h>
struct interface
{
@@ -74,8 +76,9 @@
int index;
int type;
int proto;
- int inode;
+ ino_t inode;
char *cmd;
+ char *pid;
struct packet_info *next;
};
@@ -110,9 +113,9 @@
int type = 0;
unsigned int proto = 0;
int index = 0;
- unsigned int inode = 0;
+ unsigned long inode = 0;
- if (sscanf(buf, "%*p %*d %d %x %d %*d %*u %*u %u",
+ if (sscanf(buf, "%*p %*d %d %x %d %*d %*u %*u %lu",
&type, &proto, &index, &inode) == 4)
{
struct packet_info *pi;
@@ -137,7 +140,7 @@
}
/* look up an entry from /proc/net/packet by inode */
-static struct packet_info *find_packet_info(int inode)
+static struct packet_info *find_packet_info(ino_t inode)
{
struct packet_info *p;
for (p = proc_net_packet; p; p = p->next)
@@ -187,7 +190,10 @@
if (stat(path, &statbuf) == -1)
{
- perror(path);
+ if (errno != ENOENT)
+ {
+ perror(path);
+ }
continue;
}
@@ -202,6 +208,7 @@
snprintf(path, sizeof(path), "/proc/%s/exe", process);
readlink(path, link, sizeof(link) - 1);
info->cmd = strdup(link);
+ info->pid = strdup(process);
}
}
@@ -235,46 +242,42 @@
}
/* return 1 if index is a member of pcap_session_list, 0 otherwise. */
-static int has_packet_socket(int index)
+static struct packet_info *has_packet_socket(int index)
{
struct packet_info *p;
for (p = proc_net_packet; p; p = p->next)
{
if (p->index == index)
{
- return 1;
+ return p;
}
}
- return 0;
+ return NULL;
}
#endif /* __linux__ */
static void ife_print(struct interface *ptr)
{
#ifdef __linux__
- int promisc = ptr->flags & IFF_PROMISC;
- int has_packet = has_packet_socket(ptr->index);
+ int promisc = ptr->flags & IFF_PROMISC;
+ struct packet_info *sniffer = has_packet_socket(ptr->index);
+ struct packet_info *p;
- if (promisc || has_packet)
+ if (promisc || sniffer)
{
printf("%s:", ptr->name);
if (promisc)
printf(" PROMISC");
- if (has_packet)
+
+ if (sniffer)
{
- struct packet_info *p;
- printf(" PF_PACKET(");
- p = proc_net_packet;
- if (p)
+ printf(" PACKET SNIFFER(");
+ printf("%s[%s]", sniffer->cmd, sniffer->pid);
+ for (p = sniffer->next; p; p = p->next)
{
- printf("%s", p->cmd);
-
- for (p = p->next; p; p = p->next)
+ if (p->index == ptr->index)
{
- if (p->index == ptr->index)
- {
- printf(", %s", p->cmd);
- }
+ printf(", %s[%s]", p->cmd, p->pid);
}
}
printf(")");
@@ -284,7 +287,7 @@
else
{
if (!q)
- printf("%s: not promisc and no PF_PACKET sockets\n",
+ printf("%s: not promisc and no packet sniffer sockets\n",
ptr->name);
}
#else
@@ -348,8 +351,6 @@
#endif
continue;
}
- if (!memcmp(ifr->ifr_name, "lo", 2))
- continue;
ife_print(&ife);
}
}
|
