Changeset 1270
- Timestamp:
- 05/20/07 15:22:17 (1 year ago)
- Files:
-
- honeytrap/trunk/ChangeLog (modified) (1 diff)
- honeytrap/trunk/README (modified) (2 diffs)
- honeytrap/trunk/configure.in (modified) (1 diff)
- honeytrap/trunk/etc/honeytrap.conf.dist (modified) (1 diff)
- honeytrap/trunk/etc/ports.conf.dist (modified) (1 diff)
- honeytrap/trunk/src/Makefile.am (modified) (1 diff)
- honeytrap/trunk/src/attack.h (modified) (1 diff)
- honeytrap/trunk/src/conftree.c (modified) (11 diffs)
- honeytrap/trunk/src/conftree.h (modified) (2 diffs)
- honeytrap/trunk/src/ctrl.c (modified) (7 diffs)
- honeytrap/trunk/src/dynsrv.c (modified) (15 diffs)
- honeytrap/trunk/src/honeytrap.c (modified) (3 diffs)
- honeytrap/trunk/src/honeytrap.h (modified) (5 diffs)
- honeytrap/trunk/src/ip.h (modified) (1 diff)
- honeytrap/trunk/src/ipqmon.c (modified) (2 diffs)
- honeytrap/trunk/src/logging.c (modified) (2 diffs)
- honeytrap/trunk/src/logging.h (modified) (2 diffs)
- honeytrap/trunk/src/modules/Makefile.am (modified) (4 diffs)
- honeytrap/trunk/src/modules/htm_SaveFile.c (added)
- honeytrap/trunk/src/modules/htm_SaveFile.h (added)
- honeytrap/trunk/src/modules/htm_SavePostgres.c (added)
- honeytrap/trunk/src/modules/htm_SavePostgres.h (added)
- honeytrap/trunk/src/modules/htm_SpamSum.c (modified) (7 diffs)
- honeytrap/trunk/src/modules/htm_SpamSum.h (modified) (1 diff)
- honeytrap/trunk/src/modules/htm_aSaveFile.c (deleted)
- honeytrap/trunk/src/modules/htm_aSaveFile.h (deleted)
- honeytrap/trunk/src/modules/htm_aSavePostgres.c (deleted)
- honeytrap/trunk/src/modules/htm_aSavePostgres.h (deleted)
- honeytrap/trunk/src/modules/htm_b64Decode.c (modified) (1 diff)
- honeytrap/trunk/src/modules/htm_b64Decode.h (modified) (1 diff)
- honeytrap/trunk/src/modules/htm_ftpDownload.c (modified) (3 diffs)
- honeytrap/trunk/src/modules/htm_ftpDownload.h (modified) (1 diff)
- honeytrap/trunk/src/modules/htm_tftpDownload.c (modified) (7 diffs)
- honeytrap/trunk/src/modules/htm_tftpDownload.h (modified) (1 diff)
- honeytrap/trunk/src/modules/htm_vncDownload.c (modified) (1 diff)
- honeytrap/trunk/src/modules/htm_vncDownload.h (modified) (1 diff)
- honeytrap/trunk/src/nfqmon.c (modified) (6 diffs)
- honeytrap/trunk/src/parseconf.c (added)
- honeytrap/trunk/src/parseconf.h (added)
- honeytrap/trunk/src/pcapmon.c (modified) (7 diffs)
- honeytrap/trunk/src/plughook.c (modified) (3 diffs)
- honeytrap/trunk/src/plughook.h (modified) (1 diff)
- honeytrap/trunk/src/plugin.c (modified) (6 diffs)
- honeytrap/trunk/src/plugin.h (modified) (2 diffs)
- honeytrap/trunk/src/readconf.c (modified) (17 diffs)
- honeytrap/trunk/src/readconf.h (modified) (2 diffs)
- honeytrap/trunk/src/response.c (modified) (6 diffs)
- honeytrap/trunk/src/signals.c (modified) (7 diffs)
- honeytrap/trunk/src/tcp.c (modified) (1 diff)
- honeytrap/trunk/src/udp.c (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
honeytrap/trunk/ChangeLog
r1253 r1270 1 Version 0.7.0 1 Version 1.0.0 2 - New configuration concept with hierarchically organized file format 3 - New plugin: PostgreSQL module for commits into mwcollect database 4 - New plugin: Saving attack data in files is performed by a module now 5 - New plugin: x86 CPU emulation module for generic shellcode analysis 6 based on libemu by Markus and Paul 7 - Improved connection request handling in the nfq stream monitor 2 8 - Plugins can be prioritized 3 - x86 CPU emulation module for generic shellcode analysis 4 based on libemu by Markus and Paul 5 - PostgreSQL module for commits into mwcollect database 6 - SHA512 hash support 7 - Performance improvements 8 - Improved connection request handling in the nfq stream monitor 9 - SHA512 hashing support 9 10 - FTP download plugin is now source-based routing safe 10 11 - Changed autotools process to make module builts optional 12 - Performance improvements 11 13 Version 0.6.5 12 14 - Introduced an nfnetlink_queue-based connection monitor honeytrap/trunk/README
r1081 r1270 22 22 future releases. 23 23 24 Version 0.5.0 introduces the mirror mode (option '-m'). When run-25 ning in this mode, whenever a connection request is handled, hon-26 eytrap tries to establish a so called mirror connection back to27 the remote host requesting the same port. All data received on28 one of the two connections is copied to the other one. Thus, hon-29 eytrap is acting as a tcp proxy for a connection of a remote host30 with itself. If no mirror connection can be established, honey-31 trap falls back to normal mode.32 33 A plugin interface was added in Version 0.6.0. Plugins can be34 loaded as dynamic shared objects. Also, honeytrap can now be con-35 figured via a configuration file. The file is reprocessed when a36 SIGHUP is received so changes can be made available with zero37 downtime.38 39 Version 0.6.2 comes with lots of new features. Using the new40 proxy mode, Connections can not only be mirrored back to the ini-41 tiator, but proxied to other systems and other ports. The appro-42 priate mode can optionally be configured per TCP port. A new, li-43 bipq-based connection monitor was introduced (idea stolen from44 the nepenthes honeytrap module).45 46 24 INSTALLATION 47 25 … … 65 43 early as possible. 66 44 67 THANKS68 69 Many thanks to Steve, Gary to help me debugging compile errors on70 FreeBSD and OpenBSD and to lots of others who helped me fixing71 bugs.72 73 45 CONTACT 74 46 honeytrap/trunk/configure.in
r1253 r1270 1 1 # $Id$ 2 2 AC_PREREQ(02.50) 3 AC_INIT([honeytrap], [ 0.6.5], [tillmann.werner@gmx.de])3 AC_INIT([honeytrap], [1.0.0], [tillmann.werner@gmx.de]) 4 4 AM_CONFIG_HEADER(config.h) 5 AM_INIT_AUTOMAKE(honeytrap, 0.6.5)5 AM_INIT_AUTOMAKE(honeytrap,1.0.0) 6 6 7 7 # Since we get -O2 from configure defaults, which doesn't work in 64bit honeytrap/trunk/etc/honeytrap.conf.dist
r1124 r1270 1 # /etc/honeytrap/honeytrap.conf 2 # 3 # This is a sample honeytrap configuration file. 4 # However, the default values below should work in most installations. 5 # 6 # Copyright (C) 2006 Tillmann Werner <tillmann.werner@gmx.de> 7 # 8 # 9 # allowed keywords are: 10 # 11 # keyword values description 12 # ---------------------------------------------------------------------------------- 13 # pidfile path full pid file path (defaults to /var/run/honeytrap.pid if not given) 14 # logfile path full logfile path (defaults to /var/log/honeytrap.log if not given) 15 # user username user from /etc/passwd under which honeytrap should run 16 # group groupname group from /etc/group under which honeytrap should run 17 # promisc - tells honeytrap to sniff in promiscuous mode 18 # mirror - tells honeytrap to run in mirror mode 19 # response_dir path path to directory with default responses (defaults to /etc/honeytrap/responses) 20 # plugin_dir path path to directory with honeytrap plugins (defaults to /etc/honeytrap/plugins) 21 # attacks_dir path where to save attack strings (default is /var/spool/honeytrap) 22 # dlsave_dir path where to save downloaded files (default is /var/spool/honeytrap) 23 # read_limt number max. bytes to read from a socket - prevents honeytrap from memory exhaustion 1 /* 2 * honeytrap 1.0 configuration file template -- please adjust 3 * (c) Tillmann Werner <tillmann.werner@gmx.de> 4 */ 5 6 /* log to this file */ 7 logfile = "/opt/honeytrap/honeytrap.log" 8 9 /* PID file */ 10 pidfile = "/var/run/honeytrap.pid" 11 12 /* where to look for default responses 13 these are sent for connections handled in "normal mode" */ 14 response_dir = "/opt/honeytrap/etc/honeytrap/responses" 15 16 /* where to look for plugins 17 need to be set before loading plugins */ 18 plugin_dir = "/opt/honeytrap/etc/honeytrap/plugins" 19 20 /* run in mirror mode - mirror connections back to the initiator 21 use with caution! */ 22 //mirror = "on" 23 24 /* put network interface into promiscuous mode 25 (only availabel when compiled with --with-pcap-mon) */ 26 //promisc = "on" 27 28 /* the user and group under which honeytrap should run */ 29 user = "nobody" 30 group = "nogroup" 31 32 /* include a file */ 33 //include = "ports.conf" 24 34 25 35 26 pidfile = /var/run/honeytrap.pid 27 logfile = /etc/honeytrap/honeytrap.log 36 /* ----- plugin stuff below ----- */ 28 37 29 response_dir = /etc/honeytrap/responses 30 plugin_dir = /etc/honeytrap/plugins 38 /* include a plugin via plugin-[ModuleName] = "" */ 31 39 32 attacks_dir = /var/spool/honeytrap/attacks 33 dlsave_dir = /var/spool/honeytrap/downloads 40 plugin-ftpDownload = "" 41 plugin-tftpDownload = "" 42 plugin-b64Decode = "" 43 plugin-vncDownload = "" 34 44 35 # max bytes to read from an attack connection (10MB = 10485760) 36 read_limit = 10485760 45 /* store attacks on disk */ 46 plugin-SaveFile = { 47 attacks_dir = "/opt/honeytrap/attacks" 48 downloads_dir = "/opt/honeytrap/downloads" 49 } 50 51 /* calculate locality sensitive hashes */ 52 plugin-SpamSum = { 53 md5sum_sigfile = "/opt/honeytrap/md5sum.sigs" 54 spamsum_sigfile = "/opt/honeytrap/spamsum.sigs" 55 } 56 57 /* store attacks in PostgeSQL database */ 58 /* 59 plugin-SavePostgres = { 60 db_host = "localhost" 61 db_name = "some_db" 62 db_user = "some_user" 63 db_pass = "some_pass" 64 // db_port = "some_port" // if not set, use the default (5432/tcp) 65 } 66 */ 37 67 38 68 39 40 # hash signature files for htm_SpamSum plugin 41 # you'll get errors if you define them and don't load this plugin 42 md5_sigfile 43 ss_sigfile 44 45 46 # run in mirror mode - mirror connections back to the initiator (use with caution!) 47 mirror 48 49 # put network interface into promiscuous mode - only available when using the pcap connection monitor 50 #promisc 51 52 # run as the following user and group 53 user = nobody 54 group = nogroup 55 56 # use this host (ip address) to listen for FTP data connections (you would need the htm_ftpDownload plugin version 3) 57 #ftp_host = example.com 58 59 #include explicit port configuration 60 #include = ./ports.conf 69 /* ----- explicit port modes below ----- */ 70 portconf = { 71 /* ignore these ports */ 72 ignore = { 73 protocol = "tcp" 74 port = "22" 75 } 76 } honeytrap/trunk/etc/ports.conf.dist
r1117 r1270 1 # honeytrap configuration file 2 # Explicit configuration for some tcp ports 3 # 4 # the syntax is 'port = portnum/protocol: mode[,host,port]' 5 # e.g. 'port = 80/tcp: mirror' 6 # 7 # protocol must either be tcp or udp 8 # 9 # possible values for mode are: 10 # ignore: ignore connection requests on this port 11 # normal: always handle connections on this port in normal mode 12 # mirror: always handle connections on this port in mirror mode 13 # proxy: always handle connections on this port in proxy mod 14 # 15 # 'proxy' takes the arguments 'host,port' where port is optional 16 # e.g. 'port = 80/tcp: proxy,example.com:8000 17 # if no port argument is given, the attacked port is used. 18 # the proxy destination port does not support protocol changes 19 # 1 /* 2 * honeytrap 1.0 port configuration file template 3 * should be included in main configuration file 4 * (c) Tillmann Werner <tillmann.werner@gmx.de> 5 */ 20 6 21 #port = 21/tcp: normal 22 #port = 22/tcp: ignore 23 #port = 25/tcp: mirror 24 #port = 53/udp: ignore 25 #port = 80/tcp: proxy,example.com:8000 7 portconf = { 8 /* ignore these ports */ 9 ignore = { 10 protocol = "tcp" 11 port = ["25", "1433"] 12 } 13 /* process ports in normal mode */ 14 normal = { 15 protocol = ["tcp", "udp"] 16 port = ["53"] 17 } 18 /* mirror ports back to the initiator */ 19 mirror = { 20 protocol = ["tcp"] 21 port = ["23"] 22 } 23 /* proxy ports to a target */ 24 proxy = { 25 /* names for proxy maps can be chosen from [a-zA-Z0-9-_] */ 26 proxy-http = { 27 protocol = ["tcp"] 28 port = ["80", "8080"] 29 30 target_host = "127.0.0.1" 31 target_protocol = "tcp" 32 target_port = "8080" 33 } 34 proxy-tftp = { 35 protocol = ["udp"] 36 port = ["69"] 37 38 target_host = "tftp.localhost" 39 target_protocol = "udp" 40 target_port = "69" 41 } 42 } 43 } honeytrap/trunk/src/Makefile.am
r1201 r1270 9 9 signals.c signals.h \ 10 10 readconf.c readconf.h \ 11 parseconf.c parseconf.h \ 12 conftree.c conftree.h \ 11 13 plugin.c plugin.h \ 12 14 plughook.c plughook.h \ honeytrap/trunk/src/attack.h
r1226 r1270 50 50 u_char op_mode; /* mode of operation (none, ignore, normal, proxy, mirror) */ 51 51 uint16_t dl_count; /* number of downloads */ 52 // struct s_download download[]; /* array of download structs */53 52 struct s_download *download; /* array of download structs */ 54 53 } Attack; honeytrap/trunk/src/conftree.c
r1268 r1270 31 31 32 32 33 void conftree_children_free(conf_node *tree) { 34 conf_node *cur_node, *old_node; 35 list_entry *val, *old_val; 36 37 if (!tree) return; 38 39 cur_node = tree->first_leaf; 40 while (cur_node) { 41 if (cur_node->first_leaf) conftree_children_free(cur_node->first_leaf); 42 free(cur_node->keyword); 43 val = cur_node->val; 44 while (val) { 45 free(val->data); 46 old_val = val; 47 val = val->next; 48 free(old_val); 49 } 50 old_node = cur_node; 51 cur_node = cur_node->next; 52 free(old_node); 53 } 54 return; 55 } 56 57 33 58 void print_conftree(conf_node *tree, int depth) { 34 59 int i; 35 conf_node *cur_node; 60 char c; 61 conf_node *cur_node; 62 list_entry *val; 36 63 37 64 cur_node = tree; … … 39 66 if (cur_node->keyword) { 40 67 for (i=0; i<depth*2; i++) printf(" "); 41 printf("%s\n", cur_node->keyword); 68 printf("%s", cur_node->keyword); 69 val = cur_node->val; 70 while (val) { 71 if (val->data) { 72 printf("\n\t\t\""); 73 for( i = 0; i < val->size; i++ ) 74 printf("%c", isprint(c = *((const char *)(val->data+i))) ? c : '.'); 75 printf("\""); 76 } 77 val = val->next; 78 } 79 printf("\n"); 42 80 } 43 81 print_conftree(cur_node->first_leaf, depth+1); … … 45 83 } 46 84 return; 85 } 86 87 88 list_entry *add_list_item(conf_node *node, const void *data, ssize_t size) { 89 list_entry *new_entry; 90 91 if (!node) return(NULL); 92 93 /* find last list element */ 94 if (node->val) while (node->val->next) node->val = node->val->next; 95 96 /* create new element */ 97 if ((new_entry = malloc(sizeof(list_entry))) == NULL) { 98 logmsg(LOG_ERR, 1, "Error - Unable to allocate memory: %s.\n", strerror(errno)); 99 return(NULL); 100 } 101 memset(new_entry, 0, sizeof(list_entry)); 102 103 /* copy data */ 104 if ((new_entry->data = malloc(size+1)) == NULL) { 105 logmsg(LOG_ERR, 1, "Error - Unable to allocate memory: %s.\n", strerror(errno)); 106 return(NULL); 107 } 108 memset(new_entry->data, 0, size+1); 109 new_entry->size = size; 110 memcpy(new_entry->data, data, size); 111 112 /* attach new element to the list and return */ 113 if (node->val) node->val->next = new_entry; 114 else node->val = new_entry; 115 116 return(new_entry); 117 } 118 119 120 /* return first leaf node of subtree for given keyword */ 121 conf_node *conf_subtree(conf_node *tree, const char *keyword) { 122 conf_node *subtree; 123 124 if ((subtree = check_keyword(tree, keyword)) == NULL) return(NULL); 125 return(subtree->first_leaf); 47 126 } 48 127 … … 52 131 conf_node *check_keyword(conf_node *tree, const char *keyword) { 53 132 conf_node *cur_node; 54 char *key, *subkey; 133 char **key, *subkey; 134 135 cur_node = tree; 136 subkey = NULL; 55 137 56 138 if (!tree) return(NULL); 57 139 if (!keyword) { 58 logmsg(LOG_WARN, 1, "Error - Unable to search tree: No keyword given.\n"); 59 return(NULL); 60 } 61 62 cur_node = tree; 63 64 if ((key = strdup(keyword)) == NULL) { 65 logmsg(LOG_ERR, 1, "Error - Unable to allocate memory: %s.\n", strerror(errno)); 66 return(NULL); 67 } 68 69 if ((subkey = strchr(key, '.')) != NULL) { 70 subkey[0] = 0; 71 subkey++; 72 } 73 74 /* depth first search in config tree */ 75 while(cur_node) { 76 if (strncmp(cur_node->keyword, keyword, strlen(keyword)) == 0) { 77 free(key); 78 return(cur_node); 79 } 80 if (subkey) { 81 if (strncmp(cur_node->keyword, key, strlen(key)) == 0) { 82 tree = cur_node->first_leaf; 83 while (tree) { 84 cur_node = check_keyword(tree, subkey); 85 if (cur_node) return(cur_node); 86 tree = tree->next; 87 } 88 break; 89 } 90 } 91 cur_node = cur_node->next; 140 fprintf(stderr, " Error - Unable to search tree: No keyword given.\n"); 141 return(NULL); 142 } 143 144 145 if (((key = (char **) malloc(sizeof(char *))) == NULL) || ((*key = strdup(keyword)) == NULL)) { 146 fprintf(stderr, " Error - Unable to allocate memory: %s.\n", strerror(errno)); 147 return(NULL); 148 } 149 150 /* search in config tree */ 151 if ((subkey = strsep(key, ".")) == NULL) { 152 free(key); 153 return(NULL); 154 } 155 while (cur_node) { 156 /* compare current node's keyword with prefix */ 157 if (strncmp(cur_node->keyword, subkey, strlen(subkey)) == 0) { 158 if ((subkey = strsep(key, ".")) == NULL) return(cur_node); 159 cur_node = cur_node->first_leaf; 160 } else cur_node = cur_node->next; 92 161 } 93 162 … … 99 168 /* insert new node into config tree and return a pointer to it 100 169 * if *tree is NULL, it will be set to point to the root node */ 101 conf_node *add_keyword(conf_node **tree, const char *keyword ) {170 conf_node *add_keyword(conf_node **tree, const char *keyword, const void *data, ssize_t size) { 102 171 conf_node *new_node, *cur_node; 103 char *key, *subkey ;172 char *key, *subkey, *list_item; 104 173 105 174 cur_node = *tree; … … 107 176 key = NULL; 108 177 subkey = NULL; 178 list_item = NULL; 179 109 180 110 181 if (!keyword) { … … 113 184 } 114 185 115 /* check whether the keyword or a prefix of it does already exist */ 116 if ((cur_node = check_keyword(*tree, keyword)) == NULL) { 117 if ((key = strdup(keyword)) == NULL) { 118 logmsg(LOG_ERR, 1, "Error - Unable to allocate memory: %s.\n", strerror(errno)); 119 return(NULL); 120 } 186 // check whether a prefix does already exist and if not, add it recursively 187 if ((key = strdup(keyword)) == NULL) { 188 logmsg(LOG_ERR, 1, "Error - Unable to allocate memory: %s.\n", strerror(errno)); 189 return(NULL); 190 } 191 192 /* add recursively */ 193 if ((cur_node = check_keyword(*tree, key)) == NULL) { 121 194 if ((subkey = strrchr(key, '.')) != NULL) { 122 195 subkey[0] = 0; // zero-terminate first half 123 196 subkey++; // pointer to second half 124 cur_node = add_keyword(tree, key); 125 } else subkey = key; 126 } else return(cur_node); // node already exists 127 128 129 /* create new node and insert it into tree */ 197 if (isdigit(subkey[0])) { 198 if ((cur_node = check_keyword(*tree, key)) == NULL) 199 if ((cur_node = add_keyword(tree, key, NULL, 0)) == NULL) return(NULL); 200 //printf(" -- got a list entry: %s:%s = %s\n", key, subkey, (char *) data); 201 if (add_list_item(cur_node, data, size) == NULL) { 202 fprintf(stderr, " Error - Unable to add list item for %s.\n", key); 203 return(NULL); 204 } 205 return(cur_node); 206 } 207 if ((cur_node = add_keyword(tree, key, NULL, 0)) == NULL) return(NULL); 208 } 209 } else return(cur_node); 210 211 // create new node and insert it into tree 130 212 if ((new_node = malloc(sizeof(conf_node))) == NULL) { 131 213 logmsg(LOG_ERR, 1, "Error - Unable to allocate memory: %s.\n", strerror(errno)); … … 134 216 } 135 217 memset(new_node, 0, sizeof(conf_node)); 136 if ((new_node->keyword = strdup(subkey)) == NULL) { 218 // if keyword is a toplevel key, add it, else add subkey 219 if ((new_node->keyword = strdup(subkey ? subkey : key)) == NULL) { 137 220 logmsg(LOG_ERR, 1, "Error - Unable to allocate memory: %s.\n", strerror(errno)); 138 221 free(key); … … 140 223 } 141 224 free(key); 225 226 if (size) { 227 //printf(" -- got single list entry: %s = %s\n", keyword, (char *) data); 228 if (add_list_item(new_node, data, size) == NULL) { 229 fprintf(stderr, " Error - Unable to add list item for %s.\n", keyword); 230 return(NULL); 231 } 232 } 142 233 143 234 /* insert new node into tree */ … … 150 241 } else cur_node->first_leaf = new_node; 151 242 } else { 152 /* it's the rootnode */243 /* it's a top level node */ 153 244 if (!(*tree)) (*tree) = new_node; 154 245 /* it's a root's neighbor */ … … 159 250 } 160 251 } 252 if (*tree == NULL) *tree = cur_node; 161 253 162 254 return(new_node); honeytrap/trunk/src/conftree.h
r1268 r1270 18 18 19 19 20 typedef struct list_entry { 21 ssize_t size; 22 void *data; 23 struct list_entry *next; 24 } list_entry; 25 26 20 27 typedef struct conf_node { 21 28 char *keyword; 29 list_entry *val; 22 30 struct conf_node *first_leaf; 23 31 struct conf_node *next; … … 25 33 26 34 27 conf_node *config_keywords_tree; 35 conf_node *config_keywords_tree; // tree for allowed keywords, initialized by core, extended by plugins 36 conf_node *config_tree; // tree for actual configuration organized in a hierarchical manner 28 37 29 38 39 void conftree_children_free(conf_node *tree); 30 40 void print_conftree(conf_node *tree, int depth); 41 conf_node *conf_subtree(conf_node *tree, const char *keyword); 31 42 conf_node *check_keyword(conf_node *tree, const char *keyword); 32 conf_node *add_keyword(conf_node **tree, const char *keyword );43 conf_node *add_keyword(conf_node **tree, const char *keyword, const void *data, ssize_t size); 33 44 34 45 #endif honeytrap/trunk/src/ctrl.c
r1221 r1270 53 53 fprintf(stdout, "\t-L:\tlogfile\n"); 54 54 fprintf(stdout, "\t-P:\tpid file\n"); 55 exit( 0);55 exit(EXIT_SUCCESS); 56 56 } 57 57 … … 100 100 if (logfile_fd == STDOUT_FILENO) { 101 101 fprintf(stderr, " Error - Logging to stdout is not possible while running in daemon mode.\n"); 102 clean_exit( 0);102 clean_exit(EXIT_SUCCESS); 103 103 } 104 104 … … 109 109 if (getrlimit(RLIMIT_NOFILE, &rl) < 0) { 110 110 fprintf(stderr, " Error - Unable to daemonize: %s\n", strerror(errno)); 111 exit( 1);111 exit(EXIT_FAILURE); 112 112 } 113 113 … … 115 115 if ((pid = fork()) < 0) { 116 116 fprintf(stderr, " Error - Unable to daemonize: %s\n", strerror(errno)); 117 exit( 1);118 } else if (pid != 0) exit( 0);117 exit(EXIT_FAILURE); 118 } else if (pid != 0) exit(EXIT_SUCCESS); 119 119 120 120 setsid(); … … 123 123 if ((pid = fork()) < 0) { 124 124 fprintf(stderr, " Error - Unable to daemonize: %s\n", strerror(errno)); 125 exit( 1);125 exit(EXIT_FAILURE); 126 126 } else if (pid != 0) { 127 127 DEBUG_FPRINTF(stdout, " Successfully changed into daemon environment.\n"); 128 128 fprintf(stdout, "\nhoneytrap v%s Copyright (C) 2005-2007 Tillmann Werner <tillmann.werner@gmx.de>\n", VERSION); 129 129 fflush(stdout); 130 exit( 0);130 exit(EXIT_SUCCESS); 131 131 } 132 132 … … 137 137 if (chdir("/") < 0) { 138 138 fprintf(stderr, " Error - Cannot change working directory: %s\n", strerror(errno)); 139 exit( 1);139 exit(EXIT_FAILURE); 140 140 } 141 141 … … 161 161 if ((pidfile_fd = open(pidfile_name, O_EXCL | O_CREAT | O_NOCTTY | O_RDWR, 0640)) == -1) { 162 162 logmsg(LOG_ERR, 1, "Error - Unable to open pid file: %s\n", strerror(errno)); 163 exit( 0);163 exit(EXIT_SUCCESS); 164 164 } 165 165 if (lockf(pidfile_fd, F_TLOCK, 0) < 0) { 166 166 logmsg(LOG_ERR, 1, "Error - Unable to lock pid file: %s\n", strerror(errno)); 167 clean_exit( 0);167 clean_exit(EXIT_SUCCESS); 168 168 } 169 169 honeytrap/trunk/src/dynsrv.c
r1221 r1270 26 26 #include <string.h> 27 27 28 #include "readconf.h" 28 29 #include "ctrl.h" 29 30 #include "honeytrap.h" … … 65 66 #endif 66 67 socklen_t client_addr_len; 67 struct sockaddr_in 68 struct timeval 69 struct s_proxy_dest *proxy_dst;70 struct hostent *proxy_addr;71 struct in_addr *p_addr;72 fd_set 73 char 74 Attack 75 u_int8_t 68 struct sockaddr_in client_addr, server_addr; 69 struct timeval c_timeout; 70 struct hostent *proxy_addr; 71 struct in_addr *p_addr; 72 proxy_dest *proxy_dst; 73 fd_set rfds; 74 char *ip_l_str, *ip_r_str; 75 Attack *attack; 76 u_int8_t port_mode; 76 77 77 78 proxy_addr = NULL; … … 93 94 if (!((proto == TCP) || (proto == UDP))) { 94 95 logmsg(LOG_DEBUG, 1, "Unsupported protocol type.\n"); 95 exit(0);96 return; 96 97 } 97 98 … … 106 107 if (proto == TCP) { 107 108 logmsg(LOG_DEBUG, 1, "Requesting tcp socket.\n"); 108 if ((listen_fd = tcpsock(&server_addr, port_l)) < 0) exit( 1);109 port_mode = port_flags [htons(port_l)].tcp;109 if ((listen_fd = tcpsock(&server_addr, port_l)) < 0) exit(EXIT_FAILURE); 110 port_mode = port_flags_tcp[htons(port_l)] ? port_flags_tcp[htons(port_l)]->mode : 0; 110 111 } else if (proto == UDP) { 111 112 logmsg(LOG_DEBUG, 1, "Requesting udp socket.\n"); 112 if ((listen_fd = udpsock(&server_addr, port_l)) < 0) exit( 1);113 port_mode = port_flags [htons(port_l)].udp;113 if ((listen_fd = udpsock(&server_addr, port_l)) < 0) exit(EXIT_FAILURE); 114 port_mode = port_flags_udp[htons(port_l)] ? port_flags_udp[htons(port_l)]->mode : 0; 114 115 } else { 115 116 logmsg(LOG_DEBUG, 1, "Unsupported protocol type.\n"); 116 exit(0);117 return; 117 118 } 118 119 … … 130 131 logmsg(LOG_ERR, 1, "Error - Could not listen on socket: %s.\n", strerror(errno)); 131 132 close(listen_fd); 132 exit( 1);133 exit(EXIT_FAILURE); 133 134 } 134 135 logmsg(LOG_DEBUG, 1, "Listening on port %u/%s.\n", ntohs(port_l), PROTO(proto)); … … 140 141 logmsg(LOG_ERR, 1, "IPQ Error: %s.\n", ipq_errstr()); 141 142 ipq_destroy_handle(h); 142 exit( 1);143 exit(EXIT_FAILURE); 143 144 } 144 145 … … 173 174 logmsg(LOG_ERR, 1, " %u\t Error - select() call failed: %s.\n", 174 175 (uint16_t) ntohs(port_l), strerror(errno)); 175 exit( 1);176 exit(EXIT_FAILURE); 176 177 case 0: 177 178 /* timeout */ 178 179 logmsg(LOG_NOISY, 1, "-> %u\t No incoming connection for %u seconds - server terminated.\n", 179 180 (uint16_t) ntohs(port_l), conn_timeout); 180 exit(0);181 return; 181 182 default: 182 183 if (FD_ISSET(listen_fd, &rfds)) { … … 188 189 logmsg(LOG_ERR, 1, "Error - Could not initialize attack record.\n"); 189 190 free(attack); 190 exit( 1);191 exit(EXIT_FAILURE); 191 192 } 192 193 if (port_mode & PORTCONF_NORMAL) { … … 198 199 /* get proxy server address for port */ 199 200 logmsg(LOG_DEBUG, 1, " %u\t Handling connection in proxy mode.\n", (uint16_t) ntohs(port_l)); 200 proxy_dst = proxy_dest; 201 while (proxy_dst) { 202 if (proxy_dst->attack_port == ntohs(port_l)) break; 203 proxy_dst = proxy_dst->next; 201 202 if (proto == TCP) { 203 if (port_flags_tcp[htons(port_l)]) proxy_dst = port_flags_tcp[htons(port_l)]->target; 204 } else if (proto == UDP) { 205 if (port_flags_udp[htons(port_l)]) proxy_dst = port_flags_udp[htons(port_l)]->target; 204 206 } 205 if (proxy_dst->attack_port == ntohs(port_l)) { 206 207 if ((proxy_addr = gethostbyname(proxy_dst->d_addr)) == NULL) {208 209 (uint16_t) ntohs(port_l), proxy_dst->d_addr);210 211 exit(0);212 213 214 (uint16_t) ntohs(port_l), proxy_dst->d_addr,215 216 217 218 219 220 inet_ntoa(*(struct in_addr*)proxy_addr->h_addr_list[0]), proxy_dst->d_port);207 208 /* try to establish proxy connection to server */ 209 if ((proxy_addr = gethostbyname(proxy_dst->host)) == NULL) { 210 logmsg(LOG_ERR, 1, " %u\t Error - Unable to resolve proxy host %s.\n", 211 (uint16_t) ntohs(port_l), proxy_dst->host); 212 free(attack); 213 exit(EXIT_FAILURE); 214 } 215 logmsg(LOG_DEBUG, 1, "== %u\t Proxy hostname %s resolved to %s.\n", 216 (uint16_t) ntohs(port_l), proxy_dst->host, 217 inet_ntoa(*(struct in_addr*)proxy_addr->h_addr_list[0])); 218 219 220 logmsg(LOG_DEBUG, 1, "== %u\t Requesting proxy connection to %s:%u.\n", 221 (uint16_t) ntohs(port_l), 222 inet_ntoa(*(struct in_addr*)proxy_addr->h_addr_list[0]), proxy_dst->port); 221 223 p_addr = (struct in_addr *) proxy_addr->h_addr_list[0]; 222 if ((proxy_sock_fd = proxy_connect(PORTCONF_PROXY, *p_addr, 223 ntohs(port_l), proxy_dst->d_port, proto, attack)) == -1) { 224