snoop_rport.c revision d04ccbb3f3163ae5962a8b7465d9796bff6ca434
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI" /* SunOS */
#include <stdio.h>
#include <stdlib.h>
#include <ctype.h>
#include <strings.h>
#include <sys/sysmacros.h>
#include <setjmp.h>
#include <netinet/in_systm.h>
#include <netinet/if_ether.h>
#include "snoop.h"
struct porttable {
int pt_num;
char *pt_short;
};
{ IPPORT_ECHO, "ECHO" },
{ IPPORT_DISCARD, "DISCARD" },
{ IPPORT_DAYTIME, "DAYTIME" },
{ IPPORT_CHARGEN, "CHARGEN" },
{ IPPORT_TIMESERVER, "TIME" },
{ IPPORT_NAMESERVER, "NAME" },
{ IPPORT_DOMAIN, "DNS" },
{ IPPORT_BOOTPS, "BOOTPS" },
{ IPPORT_BOOTPC, "BOOTPC" },
{ IPPORT_TFTP, "TFTP" },
{ IPPORT_FINGER, "FINGER" },
/* { 111, "PORTMAP" }, Just Sun RPC */
{ IPPORT_NTP, "NTP" },
{ IPPORT_NETBIOS_NS, "NBNS" },
{ IPPORT_NETBIOS_DGM, "NBDG" },
{ IPPORT_LDAP, "LDAP" },
{ IPPORT_SLP, "SLP" },
/* Mobile IP defines a set of new control messages sent over UDP port 434 */
{ IPPORT_MIP, "Mobile IP" },
{ IPPORT_BIFFUDP, "BIFF" },
{ IPPORT_WHOSERVER, "WHO" },
{ IPPORT_SYSLOG, "SYSLOG" },
{ IPPORT_TALK, "TALK" },
{ IPPORT_ROUTESERVER, "RIP" },
{ IPPORT_RIPNG, "RIPng" },
{ IPPORT_DHCPV6C, "DHCPv6C" },
{ IPPORT_DHCPV6S, "DHCPv6S" },
{ 550, "NEW-RWHO" },
{ 560, "RMONITOR" },
{ 561, "MONITOR" },
{ IPPORT_SOCKS, "SOCKS" },
{ 0, NULL }
};
{ 1, "TCPMUX" },
{ IPPORT_ECHO, "ECHO" },
{ IPPORT_DISCARD, "DISCARD" },
{ IPPORT_SYSTAT, "SYSTAT" },
{ IPPORT_DAYTIME, "DAYTIME" },
{ IPPORT_NETSTAT, "NETSTAT" },
{ IPPORT_CHARGEN, "CHARGEN" },
{ 20, "FTP-DATA" },
{ IPPORT_FTP, "FTP" },
{ IPPORT_TELNET, "TELNET" },
{ IPPORT_SMTP, "SMTP" },
{ IPPORT_TIMESERVER, "TIME" },
{ 39, "RLP" },
{ IPPORT_NAMESERVER, "NAMESERVER" },
{ IPPORT_WHOIS, "NICNAME" },
{ IPPORT_DOMAIN, "DNS" },
{ 70, "GOPHER" },
{ IPPORT_RJE, "RJE" },
{ IPPORT_FINGER, "FINGER" },
{ IPPORT_HTTP, "HTTP" },
{ IPPORT_TTYLINK, "LINK" },
{ IPPORT_SUPDUP, "SUPDUP" },
{ 101, "HOSTNAME" },
{ 102, "ISO-TSAP" },
{ 103, "X400" },
{ 104, "X400-SND" },
{ 105, "CSNET-NS" },
{ 109, "POP-2" },
/* { 111, "PORTMAP" }, Just Sun RPC */
{ 113, "AUTH" },
{ 117, "UUCP-PATH" },
{ 119, "NNTP" },
{ IPPORT_NTP, "NTP" },
{ IPPORT_NETBIOS_SSN, "NBT" },
{ 143, "IMAP" },
{ 144, "NeWS" },
{ IPPORT_LDAP, "LDAP" },
{ IPPORT_SLP, "SLP" },
{ 443, "HTTPS" },
{ 445, "SMB" },
{ IPPORT_EXECSERVER, "EXEC" },
{ IPPORT_LOGINSERVER, "RLOGIN" },
{ IPPORT_CMDSERVER, "RSHELL" },
{ IPPORT_PRINTER, "PRINTER" },
{ 530, "COURIER" },
{ 540, "UUCP" },
{ 600, "PCSERVER" },
{ IPPORT_SOCKS, "SOCKS" },
{ 1524, "INGRESLOCK" },
{ 2904, "M2UA" },
{ 2905, "M3UA" },
{ 6000, "XWIN" },
{ IPPORT_HTTP_ALT, "HTTP (proxy)" },
{ 9900, "IUA" },
{ 0, NULL },
};
char *
{
switch (proto) {
case IPPROTO_SCTP: /* fallthru */
default: return (NULL);
}
return (p->pt_short);
}
return (NULL);
}
int
{
switch (proto) {
default: return (NULL);
}
return (1);
}
return (0);
}
/*
* Need to be able to register an
* interpreter for transient ports.
* See TFTP interpreter.
*/
#define MAXTRANS 64
static struct ttable {
int t_port;
int (*t_proc)(int, char *, int);
} transients [MAXTRANS];
int
{
next = transients;
return (1);
}
static struct ttable *
is_transient(int port)
{
struct ttable *p;
return (p);
}
return (NULL);
}
void
del_transient(int port)
{
struct ttable *p;
p->t_port = -1;
}
}
static void
int dlen)
{
static const char *pris[] = {
"emerg", "alert", "crit", "error", "warn", "notice", "info", "debug"
};
static const char *facs[] = {
"kern", "user", "mail", "daemon", "auth", "syslog", "lpr", "news",
"local1", "local2", "local3", "local4", "local5", "local6", "local7"
};
int composit;
int pri = -1;
int facil = -1;
int priostrlen = 0;
const char *facilstr = "BAD";
const char *pristr = "FMT";
/*
* Is there enough data to interpret (left bracket + at least 3 chars
* which could be digits, right bracket, or space)?
*/
if (*data == '<') {
char buffer[4];
char *end;
data++;
datalen--;
if (*data == '>') {
data++;
"%d", facil);
} else {
}
} else {
}
}
}
"SYSLOG %c port=%d %s.%s: %s",
}
static char syslog[] = "SYSLOG: ";
show_space();
"\"%s\"",
show_trailer();
}
}
int
{
const char *pn;
curr_proto = proto;
dir = 'R';
} else {
if (ttabp) {
return (1);
}
if (ttabp) {
return (1);
}
return (0);
}
dir = 'C';
}
proto != IPPROTO_TCP) {
return (1);
}
/*
* TCP port 514 is rshell. UDP port 514 is syslog.
*/
return (1);
}
if (dlen > 0) {
switch (which) {
case IPPORT_BOOTPS:
case IPPORT_BOOTPC:
dlen);
return (1);
case IPPORT_DHCPV6S:
case IPPORT_DHCPV6C:
return (1);
case IPPORT_TFTP:
dlen);
return (1);
case IPPORT_HTTP:
case IPPORT_HTTP_ALT:
return (1);
case IPPORT_NTP:
dlen);
return (1);
case IPPORT_NETBIOS_NS:
return (1);
case IPPORT_NETBIOS_DGM:
dlen);
return (1);
case IPPORT_NETBIOS_SSN:
case 445:
/*
* SMB on port 445 is a subset of NetBIOS SMB
* on port 139. The same interpreter can be used
* for both.
*/
return (1);
case IPPORT_LDAP:
return (1);
case IPPORT_SLP:
return (1);
case IPPORT_MIP:
return (1);
case IPPORT_ROUTESERVER:
return (1);
case IPPORT_RIPNG:
dlen);
return (1);
case IPPORT_SOCKS:
if (dir == 'C')
else
dlen);
return (1);
}
}
"%s %c port=%d %s",
}
show_space();
"\"%s\"",
show_trailer();
}
return (1);
}
char *
/*
* Prints len bytes from str enclosed in quotes.
* If len is negative, length is taken from strlen(str).
* No more than maxlen bytes will be printed. Longer
* strings are flagged with ".." after the closing quote.
* Non-printing characters are converted to C-style escape
* codes or octal digits.
*/
{
#define TBSIZE 256
const char *p;
char *pp;
int printable = 0;
int c, len;
switch (c = *p & 0xFF) {
default:
*pp++ = c;
printable++;
} else {
isdigit(*(p + 1)) ?
"\\%03o" : "\\%o", c);
}
break;
}
*pp = '\0';
/*
* Check for overflow of temporary buffer. Allow for
* the next character to be a \nnn followed by a trailing
* null. If not, then just bail with what we have.
*/
break;
}
}
}