1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
|
/* ipband.h
*
* ipband - network bandwidth watchdog
* By Andrew Nevynniy <anevynni@russelmetals.com>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef IPBAND_H__
#define IPBAND_H__
/*
------------------------------------------------------------------------
Include Files
------------------------------------------------------------------------
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <signal.h>
#include <unistd.h>
#include <time.h>
#include <netinet/in.h>
#include <netdb.h>
#ifndef AF_INET
#include <sys/socket.h> /* BSD AF_INET */
#endif
#include <pcap.h>
#include "hash.h"
/*
------------------------------------------------------------------------
Defines
------------------------------------------------------------------------
*/
#define VERSION_STR "ipband 0.8.1"
#define DUMP
#undef DUMP
/* Defaults */
#define CONFIG_DEF "/etc/ipband.conf"
#define MTASTR_DEF "/usr/sbin/sendmail -t -oi"
#define REPFILE_DEF "ipband.txt"
#define HTMLFILE_DEF "ipband.html"
#define HTMLTITLE_DEF "My bandwidth"
#define TRUE 1
#define FALSE 0
#define MAXLINE 4096
/* Length of saved packets */
#define PLEN 68
/* Length of packet headers */
#define POFF_ETH 14
#define POFF_PPP 4
#define POFF_RAW 0
#define U_CHAR unsigned char
/* Used for setting defaults */
#define FREE(P) if ((P)!=NULL) { free(P); (P)=NULL; }
/*
------------------------------------------------------------------------
Type Definitions
------------------------------------------------------------------------
*/
/* Packet structure used by pcap library */
typedef struct {
U_CHAR src[6];
U_CHAR dst[6];
U_CHAR ptype[2]; /* ==0x800 if ip */
} eth_struct_t;
typedef struct {
U_CHAR version[1];
U_CHAR service[1];
U_CHAR length[2];
U_CHAR id[2];
U_CHAR flag[2];
U_CHAR ttl[1];
U_CHAR prot[1];
U_CHAR chksum[2];
U_CHAR srcip[4];
U_CHAR dstip[4];
U_CHAR srcpt[2];
U_CHAR dstpt[2];
} ip_struct_t;
/* Subnet detail data */
typedef struct {
double nbyte;
/* These 2 are keys for deleting detail data for a given subnet */
int subnet_src;
int subnet_dst;
} data_t;
/* Per subnet aggregate data */
typedef struct {
double nbyte;
/*
* Non-zero value in logtime means: a) we started detailed
* logging for this subnet; b) we keep logging on next cycle
* and don't spin off another logging; c) we only zero byte
* counters for this subnet and don't delete this subnet from
* hash table; d) we check if bandwidth goes _below_ limit to
* stop logging and create a report.
*/
time_t logtime;
/*
* Number of seconds threshold was exceeded since we started
* detailed logging
*/
int exc_time;
/*
* For pre-loaded subnets we store their bandwidth
* threshold value
*/
float band;
/*
* Accumulated threshold exceed time in seconds since
* ipband started. Only makes sense for preloaded subnets
* as otherwise subnet data is deleted when usage drops.
*/
unsigned int exc_accum;
} aggr_data_t;
/* Linked list for tcp and udp services cache */
typedef struct ll_srvc_s {
struct ll_srvc_s *next;
int port;
char *sname;
}
ll_srvc_t;
/*
------------------------------------------------------------------------
Global variables
------------------------------------------------------------------------
*/
/* Externals */
extern char pcap_version[];
/* Internal use */
int isig_m; /* Interupt flag for capture loop */
int preload_m; /* Subnets are preloaded flag */
char *pcapdev_m; /* Device to listen to */
pcap_t *pcapfile_m; /* Pcap input file descriptor */
int pcapoffset_m; /* IP header offset */
time_t started_m; /* Time when we started */
ll_srvc_t *ll_tcp_cache; /* Resolved tcp services cache */
ll_srvc_t *ll_udp_cache; /* Resolved udp services cache */
/* Variables holding option values */
int debug_m; /* Debug option */
int do_html; /* Generate HTML output */
char *filtercmd_m; /* Pcap filter string */
char *repfname_m; /* Subnet report output file */
char *htmlfname_m; /* HTML report output file */
char *htmltitle_m; /* HTML Title */
int mask_m; /* Network aggregation mask bits */
int cycle_m; /* Number of sec to average data */
int rcycle_m; /* How long in sec bandwidth
threshold may be exceeded */
float thresh_m; /* Bandwidth threshold in kBps */
int fork_m; /* Fork flag */
int top_m; /* No of top connections in report */
char *config_m; /* Config file name */
char *mailto_m; /* E-mail address for reporting */
char *mailfoot_m; /* Footer file for e-mail report */
char *mtastring_m; /* MTA command string */
int report_aggr_m; /* Flag to report aggr exceed time */
int promisc_m; /* Use promiscious mode? */
int *iplist_m; /* List of local networks */
int niplist_m; /* Number of local networks */
int lenadj_m; /* IP packet length adjustment in bytes */
/*
------------------------------------------------------------------------
Local Function Prototypes
------------------------------------------------------------------------
*/
/* error.c */
void err_msg(const char *, ...);
void err_quit(const char *, ...);
void err_ret(const char *, ...);
void err_sys(const char *, ...);
/* init.c */
void print_usage ();
void read_options (int argc, char *argv[]);
void dump_options();
void ihandler (int);
int read_config (char *);
void check_invalues();
int parse_subnets (char *, hlist_t **);
void preload_subnets(char *, hlist_t **);
void set_defaults();
void parse_ip_range (char *, int **, int *);
int in_iprange (int, int *, int);
/* packets.c */
void storepkt (struct pcap_pkthdr *, ip_struct_t *, hlist_t **, hlist_t **);
void proc_aggr (hlist_t **, hlist_t **);
void detail_cleanup(hlist_t **, U_CHAR *);
/* pcapfunc.c */
void open_interface (int);
void print_datalink ();
int get_packetoffset (int);
/* popen.c */
FILE *sec_popen(const char *, const char *);
int sec_pclose(FILE *);
int open_max(void);
/* reports.c */
void subnet_report (hlist_t **, U_CHAR *,float, int, unsigned int);
void va_report(char *,...);
void html_report(char *,...);
char *get_service(int, int);
/* utils.c */
int delete_next(hlist_t **, int, int);
char *hex2dot (char *);
void get_two_tok(char *, char **, char **);
int is_space(char);
char *find_nonspace (char *);
char *find_space (char *);
int strcmpi (char *, char *);
int is_true_str (char *);
int compare_bytes (const void *, const void *);
void str2ip (char *, int *, int *);
#ifdef strtok_r
#undef strtok_r
#endif
char *strtok_r(char *, const char *, char **);
#endif /* IPBAND_H__ */
|
