Navigation

← Previous Changeset
Next Changeset →

Changeset 1282

Timestamp:

06/04/07 00:53:43 (1 year ago)

Author:

till

Message:

further cleanups

Files:

honeytrap/trunk/configure.in (modified) (19 diffs)
honeytrap/trunk/src/attack.c (modified) (2 diffs)
honeytrap/trunk/src/dynsrv.c (modified) (2 diffs)
honeytrap/trunk/src/ipqmon.c (modified) (2 diffs)
honeytrap/trunk/src/pcapmon.c (modified) (2 diffs)
honeytrap/trunk/src/plughook.c (modified) (2 diffs)
honeytrap/trunk/src/plugin.c (modified) (1 diff)
honeytrap/trunk/src/signals.c (modified) (2 diffs)
honeytrap/trunk/src/sock.c (modified) (4 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

honeytrap/trunk/configure.in

r1281	r1282
27	27	CFLAGS="$CFLAGS -DDEBUG"
28	28	fi
29		], enable_debug="no")
	29	enable_debug="X"
	30	], enable_debug=" ")
30	31
31	32	AC_ARG_ENABLE(profile,
…	…
36	37	CFLAGS="$CFLAGS -DPROFILE"
37	38	fi
38		], enable_profile="no")
	39	enable_profile="X"
	40	], enable_profile=" ")
39	41
40	42	#AC_CANONICAL_HOST
…	…
207	209	AM_CONDITIONAL(PCAP_MON, test x$with_pcap_mon = xyes)
208	210	if test "$with_pcap_mon" = "yes"; then
	211	with_pcap_mon="X"
209	212	AC_ARG_WITH(libpcap_includes,
210	213	[ --with-libpcap-includes=DIR libpcap include directory],
…	…
235	238
236	239	AC_DEFINE([USE_PCAP_MON], [], [Define if pcap connection monitor is used])
237		else with_pcap_mon="no"
	240	else with_pcap_mon=" "
238	241	fi
239	242
…	…
242	245	AM_CONDITIONAL(IPQ_MON, test x$with_ipq_mon = xyes)
243	246	if test "$with_ipq_mon" = "yes"; then
	247	with_ipq_mon="X"
244	248	AC_ARG_WITH(libipq_includes,
245	249	[ --with-libipq-includes=DIR libipq include directory],
…	…
270	274
271	275	AC_DEFINE([USE_IPQ_MON], [], [Define if ip_queue connection monitor is used])
272		else with_ipq_mon="no"
	276	else with_ipq_mon=" "
273	277	fi
274	278
…	…
277	281	AM_CONDITIONAL(NFQ_MON, test x$with_nfq_mon = xyes)
278	282	if test "$with_nfq_mon" = "yes"; then
	283	with_nfq_mon="X"
279	284	AC_ARG_WITH(libnetfilter_queue_includes,
280	285	[ --with-libnetfilter_queue-includes=DIR libnetfilter_queue include directory],
…	…
304	309	fi
305	310	AC_DEFINE([USE_NFQ_MON], [], [Define if netfilter_queue connection monitor is used])
306		else with_nfq_mon="no"
	311	else with_nfq_mon=" "
307	312	fi
308	313
…	…
311	316	AM_CONDITIONAL(IPFW_MON, test x$with_ipfw_mon = xyes)
312	317	if test "$with_ipfw_mon" = "yes"; then
	318	with_ipfw_mon="X"
313	319	echo "ipfw connection monitor is currently not supported."
314	320	exit 1
315	321	AC_DEFINE([USE_IPFW_MON], [], [Define if ipfw connection monitor is used])
316		else with_ipfw_mon="no"
	322	else with_ipfw_mon=" "
317	323	fi
318	324
…	…
324	330	AM_CONDITIONAL(BUILD_CLAMAV_PLUGIN, test x$with_clamav = xyes)
325	331	if test "$with_clamav" = "yes"; then
	332	with_clamav="X"
326	333	AC_ARG_WITH(libclamav_includes,
327	334	[ --with-libclamav-includes=DIR libclamav include directory],
…	…
337	344	AC_CHECK_HEADER(clamav.h,,[AC_ERROR(clamav.h not found.)])
338	345
339		if test "$with_lib~~emu~~_libraries" != "no"; then
	346	if test "$with_libclamav_libraries" != "no"; then
340	347	LDFLAGS="${LDFLAGS} -L${with_libclamav_libraries}"
341	348	fi
…	…
351	358	fi
352	359	else
353		with_clamav="no"
	360	with_clamav=" "
354	361	fi
355	362
…	…
359	366	AM_CONDITIONAL(BUILD_CPUEMU_PLUGIN, test x$with_cpuemu = xyes)
360	367	if test "$with_cpuemu" = "yes"; then
	368	with_cpuemu="X"
361	369	AC_ARG_WITH(libemu_includes,
362	370	[ --with-libemu-includes=DIR libemu include directory],
…	…
387	395
388	396	else
389		with_cpuemu="no"
	397	with_cpuemu=" "
390	398	fi
391	399
…	…
395	403	[ --with-spamsum Perform SpamSum similarity analysis for recorded attacks])
396	404	AM_CONDITIONAL(BUILD_SPAMSUM_PLUGIN, test x$with_spamsum = xyes)
397		if test "$with_spamsum" != "yes"; then
398		with_spamsum="no"
	405	if test "$with_spamsum" = "yes"; then
	406	with_spamsum="X"
	407	else
	408	with_spamsum=" "
399	409	fi
400	410
…	…
405	415	AM_CONDITIONAL(BUILD_POSTGRES_PLUGIN, test x$with_postgres = xyes)
406	416	if test "$with_postgres" = "yes"; then
	417	with_postgres="X"
407	418	AC_ARG_WITH(libpq_includes,
408	419	[ --with-libpq-includes=DIR libpq include directory],
…	…
433	444
434	445	AC_DEFINE([USE_POSTGRES_DB], [], [Define to store attacks in PostgreSQL database])
435		else with_postgres="no"
	446	else with_postgres=" "
436	447	fi
437	448
…	…
479	490	if test "$with_efence" = "yes"
480	491	then
	492	with_efence="X"
481	493	AC_CHECK_LIB(efence, EF_ALIGNMENT, LIBS="${LIBS} -lefence", AC_MSG_ERROR(libefence not found))
482		else with_efence="no"
	494	else with_efence=" "
483	495	fi
484	496
…	…
511	523	echo
512	524	echo "--- honeytrap configuration ---"
513		echo "Debugging options: $enable_debug"
514		echo "Profiling options: $enable_profile"
515		echo "Electric Fence: $with_efence"
	525	echo "General options"
	526	echo -e " \x5b$enable_debug] Debugging"
	527	echo -e " \x5b$enable_profiling] Profiling"
	528	echo -e " \x5b$with_efence] Electric Fence"
516	529	echo
517	530	echo "Connection monitor"
518		echo ~~" Linux ip_queue (ipq): $with_ipq_mon~~"
519		echo ~~" Linux libnetfilter_queue (nfq): $with_nfq_mon~~"
520		echo ~~" FreeBSD ipfw (ipfw): $with_ipfw_mon~~"
521		echo ~~" Libpcap (pcap): $with_pcap_mon~~"
	531	echo -e " \x5b$with_ipq_mon] Linux ip_queue (ipq)"
	532	echo -e " \x5b$with_ipfw_mon] FreeBSD ipfw (ipfw)"
	533	echo -e " \x5b$with_nfq_mon] Linux libnetfilter_queue (nfq)"
	534	echo -e " \x5b$with_pcap_mon] Libpcap (pcap)"
522	535	echo
523	536	echo "Optional plugins"
524		echo ~~" PostgeSQL: $with_postgres~~"
525		echo ~~" SpamSum: $with_spamsum~~"
526		echo ~~" cpuEmu: $with_cpuemu~~"
527		echo ~~" ClamAV: $with_clamav~~"
	537	echo -e " \x5b$with_clamav] ClamAV"
	538	echo -e " \x5b$with_cpuemu] cpuEmu"
	539	echo -e " \x5b$with_postgres] PostgeSQL"
	540	echo -e " \x5b$with_spamsum] SpamSum"

honeytrap/trunk/src/attack.c

r1281	r1282
103	103	/* call plugins */
104	104	/* do calls even if no data received, i.e. to update connection statistics */
	105	logmsg(LOG_DEBUG, 1, "Calling plugins for hook 'process_attack'.\n");
105	106	plughook_process_attack(funclist_attack_preproc, a);
106	107	plughook_process_attack(funclist_attack_analyze, a);
…	…
108	109	plughook_process_attack(funclist_attack_postproc, a);
109	110
	111	logmsg(LOG_DEBUG, 1, "Attack data processed.\n");
110	112	return(1);
111	113	}

honeytrap/trunk/src/dynsrv.c

r1281	r1282
41	41
42	42
43		u_char buffer[BUFSIZ], *attack_string;
	43	u_char buffer[BUFSIZ], *attack_string;
44	44
45	45	int drop_privileges(void) {
46	46	/* set gid first, it might not be permitted as unprivileged user */
47		if(setgid(g_id) != 0) {
	47	if (setgid(g_id) != 0) {
48	48	logmsg(LOG_WARN, 1, "Warning - unable to set group id for server to %d.\n", g_id);
49		return(1);
	49	return(0);
50	50	}
51		if(setuid(u_id) != 0) {
	51	if (setuid(u_id) != 0) {
52	52	logmsg(LOG_WARN, 1, "Warning - unable to set user id for server to %d.\n", u_id);
53		return(1);
	53	return(0);
54	54	}
55		return(0);
	55	return(1);
56	56	}
57	57
58	58
59	59	void start_dynamic_server(struct in_addr ip_r, uint16_t port_r, struct in_addr ip_l, uint16_t port_l, uint16_t proto) {
60		~~pid_t~~ pid;
61		~~int~~ listen_fd, mirror_sock_fd, proxy_sock_fd, connection_fd, disconnect,
62		total_bytes, select_return, mirror_this, proxy_this, established;
	60	pid_t pid;
	61	int listen_fd, mirror_sock_fd, proxy_sock_fd, connection_fd, disconnect,
	62	total_bytes, select_return, mirror_this, proxy_this, established;
63	63	#ifdef USE_IPQ_MON
64		~~int~~ status;
	64	int status;
65	65	#endif
66		socklen_t client_addr_len;
67		struct sockaddr_in client_addr, server_addr;
68		struct timeval c_timeout;
69		struct hostent *proxy_addr;
70		struct in_addr *p_addr;
71		proxy_dest *proxy_dst;
72		fd_set rfds;
73		char ip_l_str, ip_r_str;
74		Attack *attack;
75		u_char port_mode;
76
77		proxy_addr = NULL;
78		proxy_dst = NULL;
79		attack_string = NULL;
80		ip_l_str = NULL;
81		ip_r_str = NULL;
82		attack = NULL;
83		select_return = -1;
84		listen_fd = -1;
85		connection_fd = -1;
86		mirror_sock_fd = -1;
87		proxy_sock_fd = -1;
88		proxy_this = 0;
89		mirror_this = mirror_mode;
90		established = 0;
91		port_mode = PORTCONF_NONE;
92
93		if (!((proto == TCP) \|\| (proto == UDP))) {
94		logmsg(LOG_DEBUG, 1, "Unsupported protocol type.\n");
95		return;
96		}
97
98		/* fork server process */
99		if ((pid = fork()) == 0) {
100
101		/* use this port string as log prefix */
102		memset(portstr, 0, 16);
103		if (snprintf(portstr, 16, "%u/%s\t", ntohs(port_l), PROTO(proto)) > 15) {
104		logmsg(LOG_ERR, 1, "Error - Port string is too long.\n");
105		return;
	66	socklen_t client_addr_len;
	67	struct sockaddr_in client_addr, server_addr;
	68	struct timeval c_timeout;
	69	struct hostent *proxy_addr;
	70	struct in_addr *p_addr;
	71	proxy_dest *proxy_dst;
	72	fd_set rfds;
	73	char ip_l_str, ip_r_str;
	74	Attack *attack;
	75	u_char port_mode;
	76
	77	proxy_addr = NULL;
	78	proxy_dst = NULL;
	79	attack_string = NULL;
	80	ip_l_str = NULL;
	81	ip_r_str = NULL;
	82	attack = NULL;
	83	select_return = -1;
	84	listen_fd = -1;
	85	connection_fd = -1;
	86	mirror_sock_fd = -1;
	87	proxy_sock_fd = -1;
	88	proxy_this = 0;
	89	mirror_this = mirror_mode;
	90	established = 0;
	91	port_mode = PORTCONF_NONE;
	92
	93	if (!((proto == TCP) \|\| (proto == UDP))) {
	94	logmsg(LOG_DEBUG, 1, "Unsupported protocol type.\n");
	95	return;
106	96	}
107
108
109		if (proto == TCP) {
110		logmsg(LOG_DEBUG, 1, "Requesting tcp socket.\n");
111		if ((listen_fd = get_boundsock(&server_addr, port_l, SOCK_STREAM)) < 0) return;
112		if (port_flags_tcp[htons(port_l)]) port_mode = port_flags_tcp[htons(port_l)]->mode;
113		} else if (proto == UDP) {
114		logmsg(LOG_DEBUG, 1, "Requesting udp socket.\n");
115		if ((listen_fd = get_boundsock(&server_addr, port_l, SOCK_DGRAM)) < 0) return;
116		if (port_flags_udp[htons(port_l)]) port_mode = port_flags_udp[htons(port_l)]->mode;
117		}
118
119		ip_l_str = strdup(inet_ntoa(ip_l));
120		ip_r_str = strdup(inet_ntoa(ip_r));
	97
	98	/* fork server process */
	99	if ((pid = fork()) == 0) {
	100
	101	/* use this port string as log prefix */
	102	memset(portstr, 0, 16);
	103	if (snprintf(portstr, 16, "%u/%s\t", ntohs(port_l), PROTO(proto)) > 15) {
	104	logmsg(LOG_ERR, 1, "Error - Port string is too long.\n");
	105	exit(EXIT_FAILURE);
	106	}
	107
	108	if (proto == TCP) {
	109	logmsg(LOG_DEBUG, 1, "Requesting tcp socket.\n");
	110	if ((listen_fd = get_boundsock(&server_addr, port_l, SOCK_STREAM)) == -1)
	111	exit(EXIT_SUCCESS);
	112	if (port_flags_tcp[htons(port_l)])
	113	port_mode = port_flags_tcp[htons(port_l)]->mode;
	114	} else if (proto == UDP) {
	115	logmsg(LOG_DEBUG, 1, "Requesting udp socket.\n");
	116	if ((listen_fd = get_boundsock(&server_addr, port_l, SOCK_DGRAM)) == -1)
	117	exit(EXIT_SUCCESS);
	118	if (port_flags_udp[htons(port_l)])
	119	port_mode = port_flags_udp[htons(port_l)]->mode;
	120	}
	121
	122	ip_l_str = strdup(inet_ntoa(ip_l));
	123	ip_r_str = strdup(inet_ntoa(ip_r));
121	124
122	125	#ifndef USE_IPQ_MON
123	126	#ifndef USE_NFQ_MON
124		/* don't need root privs any more */
125		~~drop_privileges();~~
126		logmsg(LOG_DEBUG, 1, "Server is now running with user id %d and group id %d.\n", getuid(), getgid());
	127	/* don't need root privs any more */
	128	drop_privileges();
	129	logmsg(LOG_DEBUG, 1, "Server is now running with user id %d and group id %d.\n", getuid(), getgid());
127	130	#endif
128	131	#endif
129	132
130		/* create listener when handling tcp connection request */
131		/* a backlog queue size of 10 should give us enough time to fork */
132		if ((proto == TCP) && ((listen(listen_fd, 10)) < 0)) {
133		logmsg(LOG_ERR, 1, "Error - Could not listen on socket: %s.\n", strerror(errno));
134		close(listen_fd);
135		exit(EXIT_FAILURE);
136		}
137		logmsg(LOG_DEBUG, 1, "Listening on port %u/%s.\n", ntohs(port_l), PROTO(proto));
	133	/* create listener when handling tcp connection request */
	134	/* a backlog queue size of 10 should give us enough time to fork */
	135	if ((proto == TCP) && ((listen(listen_fd, 10)) < 0)) {
	136	logmsg(LOG_ERR, 1, "Error - Could not listen on socket: %s.\n", strerror(errno));
	137	close(listen_fd);
	138	exit(EXIT_FAILURE);
	139	}
	140	logmsg(LOG_DEBUG, 1, "Listening on port %u/%s.\n", ntohs(port_l), PROTO(proto));
138	141
139	142	#ifdef USE_IPQ_MON
140		/* hand packet processing back to the kernel */
141		if ((status = ipq_set_verdict(h, packet->packet_id, NF_ACCEPT, 0, NULL)) < 0) {
142		logmsg(LOG_ERR, 1, "Error - Could not set verdict on packet.\n");
143		logmsg(LOG_ERR, 1, "IPQ Error: %s.\n", ipq_errstr());
144		ipq_destroy_handle(h);
145		exit(EXIT_FAILURE);
146		}
147		logmsg(LOG_DEBUG, 1, "IPQ - Successfully set verdict on packet.\n");
148
149		/* don't need root privs any more */
150		~~drop_privileges();~~
151		logmsg(LOG_DEBUG, 1, "Server is now running with user id %d and group id %d.\n", getuid(), getgid());
	143	/* hand packet processing back to the kernel */
	144	if ((status = ipq_set_verdict(h, packet->packet_id, NF_ACCEPT, 0, NULL)) < 0) {
	145	logmsg(LOG_ERR, 1, "Error - Could not set verdict on packet.\n");
	146	logmsg(LOG_ERR, 1, "IPQ Error: %s.\n", ipq_errstr());
	147	ipq_destroy_handle(h);
	148	exit(EXIT_FAILURE);
	149	}
	150	logmsg(LOG_DEBUG, 1, "IPQ - Successfully set verdict on packet.\n");
	151
	152	/* don't need root privs any more */
	153	drop_privileges();
	154	logmsg(LOG_DEBUG, 1, "Server is now running with user id %d and group id %d.\n", getuid(), getgid());
152	155	#endif
153	156	#ifdef USE_NFQ_MON
154		~~/* hand packet processing back to the kernel */~~
155		/* nfq_set_verdict()'s return value is undocumented,
156		* but digging the source of libnetfilter_queue and libnfnetlink reveals
157		* that it's just the passed-through value of a sendmsg() */
158		if (nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL) == -1) {
159		logmsg(LOG_ERR, 1, "Error - Could not set verdict on packet: %s.\n", strerror(errno));
160		nfq_destroy_queue(qh);
161		exit(EXIT_FAILURE);
162		}
163		logmsg(LOG_DEBUG, 1, "NFQ - Successfully set verdict on packet.\n");
164
165		/* don't need root privs any more */
166		~~drop_privileges();~~
167		logmsg(LOG_DEBUG, 1, "Server is now running with user id %d and group id %d.\n", geteuid(), getegid());
	157	/* hand packet processing back to the kernel
	158	* nfq_set_verdict()'s return value is undocumented,
	159	* but digging the source of libnetfilter_queue and libnfnetlink reveals
	160	* that it's just the passed-through value of a sendmsg() */
	161	if (nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL) == -1) {
	162	logmsg(LOG_ERR, 1, "Error - Could not set verdict on packet: %s.\n", strerror(errno));
	163	nfq_destroy_queue(qh);
	164	exit(EXIT_FAILURE);
	165	}
	166	logmsg(LOG_DEBUG, 1, "NFQ - Successfully set verdict on packet.\n");
	167
	168	/* don't need root privs any more */
	169	drop_privileges();
	170	logmsg(LOG_DEBUG, 1, "Server is now running with user id %d and group id %d.\n", geteuid(), getegid());
168	171	#endif
169
170		/* wait for incoming connections */
	172
	173	/* wait for incoming connections */
	174	for (;;) {
	175	FD_ZERO(&rfds);
	176	FD_SET(listen_fd, &rfds);
	177
	178	c_timeout.tv_sec = conn_timeout;
	179	c_timeout.tv_usec = 0;
	180
	181	switch (select_return = select(listen_fd + 1, &rfds, NULL, NULL, &c_timeout)) {
	182	case -1:
	183	if (errno == EINTR)
	184	break;
	185	logmsg(LOG_ERR, 1,
	186	" %s Error - select() call failed: %s.\n", portstr, strerror(errno));
	187	exit(EXIT_FAILURE);
	188	case 0:
	189	/* timeout */
	190	close(listen_fd);
	191	logmsg(LOG_NOISY, 1,
	192	"-> %s No incoming connection for %u seconds - server terminated.\n",
	193	portstr, conn_timeout);
	194	exit(EXIT_SUCCESS);
	195	default:
	196	if (FD_ISSET(listen_fd, &rfds)) {
	197	logmsg(LOG_NOISY, 1,
	198	" %s Connection request from %s.\n", portstr, inet_ntoa(ip_r));
	199
	200	/* initialize attack record */
	201	if ((attack = new_attack(ip_l, ip_r, ntohs(port_l), 0, proto)) == NULL) {
	202	logmsg(LOG_ERR, 1, "Error - Could not initialize attack record.\n");
	203	free(attack);
	204	exit(EXIT_FAILURE);
	205	}
	206	if (port_mode & PORTCONF_NORMAL) {
	207	/* handle connection in normal mode if this port configured to be handled 'normal' */
	208	logmsg(LOG_DEBUG, 1,
	209	" %s Handling connection in normal mode.\n", portstr);
	210	mirror_this = 0;
	211	proxy_this = 0;
	212	} else if (port_mode & PORTCONF_PROXY) {
	213	/* get proxy server address for port */
	214	logmsg(LOG_DEBUG, 1,
	215	" %s Handling connection in proxy mode.\n", portstr);
	216
	217	if (proto == TCP) {
	218	if (port_flags_tcp[htons(port_l)])
	219	proxy_dst = port_flags_tcp[htons(port_l)]->target;
	220	} else if (proto == UDP) {
	221	if (port_flags_udp[htons(port_l)])
	222	proxy_dst = port_flags_udp[htons(port_l)]->target;
	223	}
	224
	225	/* try to establish proxy connection to server */
	226	if ((proxy_addr = gethostbyname(proxy_dst->host)) == NULL) {
	227	logmsg(LOG_ERR, 1,
	228	" %s Error - Unable to resolve proxy host %s.\n",
	229	portstr, proxy_dst->host);
	230	free(attack);
	231	exit(EXIT_FAILURE);
	232	}
	233	logmsg(LOG_DEBUG, 1,
	234	"== %s Proxy hostname %s resolved to %s.\n",
	235	portstr, proxy_dst->host,
	236	inet_ntoa((struct in_addr ) proxy_addr->h_addr_list[0]));
	237
	238
	239	logmsg(LOG_DEBUG, 1,
	240	"== %s Requesting proxy connection to %s:%u.\n",
	241	portstr, inet_ntoa((struct in_addr ) proxy_addr->h_addr_list[0]),
	242	proxy_dst->port);
	243	p_addr = (struct in_addr *) proxy_addr->h_addr_list[0];
	244	if ((proxy_sock_fd =
	245	proxy_connect(PORTCONF_PROXY, *p_addr,
	246	ntohs(port_l), proxy_dst->port,
	247	proto, attack)) == -1) {
	248	logmsg(LOG_INFO, 1,
	249	"== %s Proxy connection rejected, falling back to normal mode.\n",
	250	portstr);
	251	proxy_this = 0;
	252	} else
	253	logmsg(LOG_NOTICE, 1,
	254	"== %s Proxy connection to %s:%u established.\n",
	255	portstr,
	256	inet_ntoa((struct in_addr ) proxy_addr->
	257	h_addr_list[0]), proxy_dst->port);
	258	} else if ((mirror_this) \|\| (port_mode & PORTCONF_MIRROR)) {
	259	/* try to establish mirror connection back to the client */
	260	logmsg(LOG_DEBUG, 1,
	261	" %s Handling connection in mirror mode.\n", portstr);
	262
	263	logmsg(LOG_DEBUG, 1,
	264	"<> %s Requesting mirror connection to %s:%u.\n",
	265	portstr, inet_ntoa(ip_r), ntohs(port_l));
	266	if ((mirror_sock_fd =
	267	proxy_connect(PORTCONF_MIRROR,
	268	(struct in_addr) ip_r,
	269	ntohs(port_l), ntohs(port_l),
	270	proto, attack)) == -1) {
	271	logmsg(LOG_INFO, 1,
	272	"<> %s Mirror connection rejected, falling back to normal mode.\n",
	273	portstr);
	274	mirror_this = 0;
	275	} else
	276	logmsg(LOG_NOTICE, 1,
	277	"<> %s Mirror connection to %s:%u established.\n",
	278	portstr, inet_ntoa(ip_r), (uint16_t) ntohs(port_l));
	279	}
	280
	281	bzero(&client_addr, sizeof(client_addr));
	282	client_addr_len = sizeof(client_addr);
	283	established = 0;
	284
	285
	286	/* accept connection depending on protocol */
	287	switch ((uint16_t) proto) {
	288	case TCP:
	289	/* accept tcp connection request */
	290	if ((connection_fd = accept(listen_fd, (struct sockaddr *)
	291	&client_addr, &client_addr_len)) < 0) {
	292	if (errno == EINTR)
	293	break;
	294	else {
	295	logmsg(LOG_ERR, 1,
	296	" %s Error - Could not accept tcp connection: %s\n",
	297	portstr, strerror(errno));
	298	close(mirror_sock_fd);
	299	free(attack);
	300	exit(EXIT_FAILURE);
	301	}
	302	}
	303	established = 1;
	304	break;
	305	case UDP:
	306	connection_fd = dup(listen_fd);
	307	client_addr.sin_family = AF_INET;
	308	client_addr.sin_addr = ip_r;
	309	client_addr.sin_port = port_r;
	310
	311	/* connecting our udp socket enables us to use read() and write() */
	312	if (connect
	313	(connection_fd, (struct sockaddr *) &client_addr,
	314	client_addr_len) < 0) {
	315	if (errno == EINTR)
	316	break;
	317	else {
	318	logmsg(LOG_ERR, 1,
	319	" %s Error - Could not connect udp socket: %s\n",
	320	portstr, strerror(errno));
	321	close(mirror_sock_fd);
	322	free(attack);
	323	exit(EXIT_FAILURE);
	324	}
	325	}
	326
	327	/* update remote endpoint information for attack structure */
	328	if (getpeername
	329	(connection_fd, (struct sockaddr *) &client_addr,
	330	&client_addr_len) < 0) {
	331	if (errno == EINTR)
	332	break;
	333	else {
	334	logmsg(LOG_ERR, 1,
	335	" %s Error - Could not get remote host information: %s\n",
	336	portstr, strerror(errno));
	337	close(mirror_sock_fd);
	338	free(attack);
	339	exit(EXIT_FAILURE);
	340	}
	341	}
	342	established = 1;
	343	break;
	344	default:
	345	logmsg(LOG_ERR, 1, "Error - Protocol %d not supported.\n", proto);
	346	exit(EXIT_FAILURE);
	347	}
	348
	349
	350	if (established) {
	351	/* connection successful established, fork handler process */
	352
	353	logmsg(LOG_NOTICE, 1,
	354	" %s Connection from %s:%u accepted.\n",
	355	portstr, inet_ntoa(client_addr.sin_addr),
	356	ntohs(client_addr.sin_port));
	357	attack->a_conn.r_port = ntohs(client_addr.sin_port);
	358
	359	if ((pid = fork()) == 0) {
	360	/* close listening socket in child */
	361	close(listen_fd);
	362	disconnect = 0;
	363	total_bytes = 0;
	364
	365	if ((proxy_this) \|\| (port_mode & PORTCONF_PROXY)) {
	366	logmsg(LOG_DEBUG, 1,
	367	" %s Handling connection from %s:%u in proxy mode.\n",
	368	portstr,
	369	inet_ntoa(client_addr.sin_addr),
	370	ntohs(client_addr.sin_port));
	371	handle_connection_proxied(connection_fd,
	372	PORTCONF_PROXY,
	373	proxy_sock_fd, (uint16_t)
	374	ntohs(port_l),
	375	client_addr.sin_port,
	376	client_addr.sin_addr,
	377	proto,
	378	m_read_timeout,
	379	read_timeout, attack);
	380	} else if ((mirror_this)
	381	\|\| (port_mode & PORTCONF_MIRROR)) {
	382	logmsg(LOG_DEBUG, 1,
	383	" %s Handling connection from %s:%u in mirror mode.\n",
	384	portstr,
	385	inet_ntoa(client_addr.sin_addr),
	386	ntohs(client_addr.sin_port));
	387	handle_connection_proxied(connection_fd,
	388	PORTCONF_MIRROR,
	389	mirror_sock_fd, (uint16_t)
	390	ntohs(port_l),
	391	client_addr.sin_port,
	392	client_addr.sin_addr,
	393	proto,
	394	m_read_timeout,
	395	read_timeout, attack);
	396	} else {
	397	logmsg(LOG_DEBUG, 1,
	398	" %s Handling connection from %s:%u in normal mode.\n",
	399	portstr,
	400	inet_ntoa(client_addr.sin_addr),
	401	ntohs(client_addr.sin_port));
	402	handle_connection_normal(connection_fd, (uint16_t)
	403	ntohs(port_l), proto,
	404	read_timeout, attack);
	405	}
	406	free(attack);
	407	exit(EXIT_SUCCESS);
	408
	409	} else if (pid == -1)
	410	logmsg(LOG_ERR, 1,
	411	"Error - forking connection handler failed.\n");
	412	close(mirror_sock_fd);
	413	close(connection_fd);
	414	free(attack);
	415	} /* connection accepted */
	416	} /* FD_ISSET - incoming connection */
	417	} /* select return for listen_fd */
	418	} /* for - incoming connections */
	419	} /* fork - server process */
	420	else if (pid == -1) logmsg(LOG_ERR, 1, "Error - forking server process failed.\n");
	421	return;
	422	}
	423
	424
	425	/* handle connection in normal mode - respond with default answers */