Navigation

← Previous Changeset
Next Changeset →

Changeset 1286

Timestamp:

06/10/07 20:22:28 (1 year ago)

Author:

till

Message:

- Default port configuration can be set to "ignore", "normal" or "mirror"
- malloc(NULL) segfault bug in tftpDownload plugin fixed
- Try to download from the attacking host in case of failed ftp connect()s
- Reconfiguration on SIGHUP fixed

Files:

honeytrap/trunk/ChangeLog (modified) (1 diff)
honeytrap/trunk/configure.in (modified) (1 diff)
honeytrap/trunk/etc/honeytrap.conf.dist (modified) (5 diffs)
honeytrap/trunk/src/attack.c (modified) (2 diffs)
honeytrap/trunk/src/conftree.c (modified) (1 diff)
honeytrap/trunk/src/dynsrv.c (modified) (12 diffs)
honeytrap/trunk/src/honeytrap.c (modified) (3 diffs)
honeytrap/trunk/src/honeytrap.h (modified) (1 diff)
honeytrap/trunk/src/modules/htm_SavePostgres.c (modified) (7 diffs)
honeytrap/trunk/src/modules/htm_ftpDownload.c (modified) (2 diffs)
honeytrap/trunk/src/modules/htm_tftpDownload.c (modified) (1 diff)
honeytrap/trunk/src/nfqmon.c (modified) (1 diff)
honeytrap/trunk/src/plugin.c (modified) (1 diff)
honeytrap/trunk/src/readconf.c (modified) (10 diffs)
honeytrap/trunk/src/readconf.h (modified) (1 diff)
honeytrap/trunk/src/response.c (modified) (3 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

honeytrap/trunk/ChangeLog

r1281	r1286
1	1	Version 1.0.0
2	2	- New configuration concept with hierarchically organized file format
	3	- Default port configuration can be set to "ignore", "normal" or "mirror"
3	4	- New plugin: libclamav-based virus scanner module
4		~~- New plugin: PostgreSQL module for commits into mwcollect database~~
5	5	- New plugin: Saving attack data in files is performed by a module now
6		- ~~New plugin: x86 CPU emulation module for generic shellcode analysis~~
7		based on libemu by Markus and Paul
	6	- malloc(NULL) segfault bug in tftpDownload plugin fixed
	7	- Try to download from the attacking host in case of failed ftp connect()s
8	8	- Improved connection request handling in the nfq stream monitor
	9	- Reconfiguration on SIGHUP fixed
	10	Version 0.7.0
9	11	- Plugins can be prioritized
10		- SHA512 hashing support
	12	- x86 CPU emulation module for generic shellcode analysis
	13	based on libemu by Markus and Paul
	14	- PostgreSQL module for commits into mwcollect database
	15	- SHA512 hash support
	16	- Performance improvements
	17	- Improved connection request handling in the nfq stream monitor
11	18	- FTP download plugin is now source-based routing safe
12	19	- Changed autotools process to make module builts optional
13		~~- Performance improvements~~
14	20	Version 0.6.5
15	21	- Introduced an nfnetlink_queue-based connection monitor

honeytrap/trunk/configure.in

r1283 r1286

560 560 fi
561 561
562 ~~echo $with_ipq_mon, $sith_nfq_mon, $with_ipfw_mon, $with_pcap_mon~~
563
564 562
565 563 AC_PROG_INSTALL

honeytrap/trunk/etc/honeytrap.conf.dist

r1270	r1286
2	2	* honeytrap 1.0 configuration file template -- please adjust
3	3	* (c) Tillmann Werner <tillmann.werner@gmx.de>
4		*/
	4	*/
5	5
6	6	/* log to this file */
…	…
11	11
12	12	/* where to look for default responses
13		these are sent for connections handled in "normal mode" */
	13	* these are sent for connections handled in "normal mode" */
14	14	response_dir = "/opt/honeytrap/etc/honeytrap/responses"
15	15
16		~~/* where to look for plugins~~
17		~~need to be set before loading plugins */~~
18		~~plugin_dir = "/opt/honeytrap/etc/honeytrap/plugins"~~
19
20	16	/* run in mirror mode - mirror connections back to the initiator
21		use with caution! */
	17	* use with caution! */
22	18	//mirror = "on"
23	19
24	20	/* put network interface into promiscuous mode
25		(only availabel when compiled with --with-pcap-mon) */
	21	* (only availabel when compiled with --with-pcap-mon) */
26	22	//promisc = "on"
27	23
28		/* the user and group under which honeytrap should run */
	24	/* the user and group under which honeytrap should run
	25	* should be set to non-root */
29	26	user = "nobody"
30	27	group = "nogroup"
	28
	29	// do not read more than 20 MB - used to prevent DoS attacks
	30	read_limit = "20971520"
31	31
32	32	/* include a file */
…	…
35	35
36	36	/* ----- plugin stuff below ----- */
	37
	38	/* where to look for plugins
	39	need to be set before loading plugins */
	40	plugin_dir = "/opt/honeytrap/etc/honeytrap/plugins"
	41
37	42
38	43	/* include a plugin via plugin-[ModuleName] = "" */
…	…
47	52	attacks_dir = "/opt/honeytrap/attacks"
48	53	downloads_dir = "/opt/honeytrap/downloads"
	54	}
	55
	56	/* scan downloaded samples with ClamAV engine */
	57	plugin-ClamAV = {
	58	temp_dir = "/tmp"
	59	clamdb_path = "/var/lib/clamav"
49	60	}
50	61
…	…
62	73	db_user = "some_user"
63	74	db_pass = "some_pass"
64		// db_port = "some_port" // ~~if not set, use the default (5432/tcp)~~
	75	// db_port = "some_port" // defaults to 5432/tcp if not set
65	76	}
66	77	*/
67	78
68	79
69		/* ----- explicit port modes below ----- */
	80	/* ----- port mode configuration below ----- */
	81
	82	// default port configuration (ignore, normal or mirror)
	83	// ignore: just ignore connection attempts
	84	// normal: send a default response
	85	// mirror: mirror connections back to the initiator (use with caution!)
	86	portconf_default = "normal"
	87
	88	// explicit port configuration
70	89	portconf = {
71	90	/* ignore these ports */

honeytrap/trunk/src/attack.c

r1282	r1286
1		/* ~~dynsrv~~.c
2		* Copyright (C) 2005-2006 Tillmann Werner <tillmann.werner@gmx.de>
	1	/* attack.c
	2	* Copyright (C) 2005-2007 Tillmann Werner <tillmann.werner@gmx.de>
3	3	*
4	4	* This file is free software; as a special exception the author gives
…	…
127	127	}
128	128
129		if ((~~(a->download[a->dl_count].dl_type = strdup(dl_type)) == NULL~~) \|\|
130		(~~(a->download[a->dl_count].user = strdup(user)) == NULL~~) \|\|
131		(~~(a->download[a->dl_count].pass = strdup(pass)) == NULL~~) \|\|
132		(~~(a->download[a->dl_count].filename = strdup(filename)) == NULL~~) \|\|
	129	if ((dl_type && ((a->download[a->dl_count].dl_type = strdup(dl_type)) == NULL)) \|\|
	130	(filename && ((a->download[a->dl_count].filename = strdup(filename)) == NULL)) \|\|
	131	(user && ((a->download[a->dl_count].user = strdup(user)) == NULL)) \|\|
	132	(pass && ((a->download[a->dl_count].pass = strdup(pass)) == NULL)) \|\|
133	133	((a->download[a->dl_count].dl_payload.data = (u_char *) malloc(size)) == NULL)) {
134	134	logmsg(LOG_ERR, 1, "Error - Unable to allocate memory: %s.\n", strerror(errno));

honeytrap/trunk/src/conftree.c

r1279	r1286
154	154	while (cur_node) {
155	155	/* compare current node's keyword with prefix */
156		if (str~~ncmp(cur_node->keyword, subkey, strlen(subkey)~~) == 0) {
	156	if (strcmp(cur_node->keyword, subkey) == 0) {
157	157	if ((subkey = strsep(key, ".")) == NULL) return(cur_node);
158	158	cur_node = cur_node->first_leaf;

honeytrap/trunk/src/dynsrv.c

r1282	r1286
60	60	pid_t pid;
61	61	int listen_fd, mirror_sock_fd, proxy_sock_fd, connection_fd, disconnect,
62		total_bytes, select_return, ~~mirror_this, proxy_this,~~ established;
	62	total_bytes, select_return, established;
63	63	#ifdef USE_IPQ_MON
64	64	int status;
…	…
86	86	mirror_sock_fd = -1;
87	87	proxy_sock_fd = -1;
88		~~proxy_this = 0;~~
89		~~mirror_this = mirror_mode;~~
90	88	established = 0;
91		port_mode = ~~PORTCONF_NONE~~;
	89	port_mode = portconf_default;
92	90
93	91	if (!((proto == TCP) \|\| (proto == UDP))) {
…	…
208	206	logmsg(LOG_DEBUG, 1,
209	207	" %s Handling connection in normal mode.\n", portstr);
210		~~mirror_this = 0;~~
211		~~proxy_this = 0;~~
212	208	} else if (port_mode & PORTCONF_PROXY) {
213	209	/* get proxy server address for port */
…	…
249	245	"== %s Proxy connection rejected, falling back to normal mode.\n",
250	246	portstr);
251		~~proxy_this = 0~~;
	247	port_mode = PORTCONF_NORMAL;
252	248	} else
253	249	logmsg(LOG_NOTICE, 1,
…	…
256	252	inet_ntoa((struct in_addr ) proxy_addr->
257	253	h_addr_list[0]), proxy_dst->port);
258		} else if (~~(mirror_this) \|\| (port_mode & PORTCONF_MIRROR)~~) {
	254	} else if (port_mode & PORTCONF_MIRROR) {
259	255	/* try to establish mirror connection back to the client */
260	256	logmsg(LOG_DEBUG, 1,
…	…
272	268	"<> %s Mirror connection rejected, falling back to normal mode.\n",
273	269	portstr);
274		~~mirror_this = 0~~;
	270	port_mode = PORTCONF_NORMAL;
275	271	} else
276	272	logmsg(LOG_NOTICE, 1,
…	…
363	359	total_bytes = 0;
364	360
365		if (~~(proxy_this) \|\| (port_mode & PORTCONF_PROXY)~~) {
	361	if (port_mode & PORTCONF_PROXY) {
366	362	logmsg(LOG_DEBUG, 1,
367	363	" %s Handling connection from %s:%u in proxy mode.\n",
…	…
378	374	m_read_timeout,
379	375	read_timeout, attack);
380		} else if ((mirror_this)
381		\|\| (port_mode & PORTCONF_MIRROR)) {
	376	} else if (port_mode & PORTCONF_MIRROR) {
382	377	logmsg(LOG_DEBUG, 1,
383	378	" %s Handling connection from %s:%u in mirror mode.\n",
…	…
408	403
409	404	} else if (pid == -1)
410		logmsg(LOG_ERR, 1,
411		"Error - forking connection handler failed.\n");
	405	logmsg(LOG_ERR, 1, "Error - forking connection handler failed.\n");
412	406	close(mirror_sock_fd);
413	407	close(connection_fd);
414	408	free(attack);
	409	port_mode = portconf_default;
415	410	} /* connection accepted */
416	411	} /* FD_ISSET - incoming connection */
…	…
481	476	disconnect = 0;
482	477	/* check if read limit was hit */
483		if (~~bytes_read~~ >= read_limit) {
	478	if (read_limit) if (total_bytes >= read_limit) {
484	479	/* read limit hit, process attack string */
485	480	logmsg(LOG_WARN, 1,
486		" %s Warning - ~~Byte limit (%d~~) hit. Closing connection.\n",
	481	" %s Warning - Read limit (%d bytes) hit. Closing connection.\n",
487	482	portstr, read_limit);
488	483	close(connection_fd);
…	…
570	565	logpre, portstr, bytes_sent, bytes_read, logact, inet_ntoa(ipaddr), sport);
571	566	total_from_server += bytes_read;
572		if (total_from_server >= read_limit) {
	567	if (read_limit) if (total_from_server >= read_limit) {
573	568	/* read limit hit, process attack string */
574	569	logmsg(LOG_WARN, 1,
575		"%s %s Warning - ~~Byte limit (%d~~) hit. Closing %s connections.\n",
	570	"%s %s Warning - Read limit (%u bytes) hit. Closing %s connections.\n",
576	571	logpre, portstr, read_limit, logact);
577	572	shutdown(server_sock_fd, SHUT_RDWR);
…	…
618	613	logpre, portstr, bytes_sent, bytes_read, inet_ntoa(ipaddr), dport);
619	614	total_bytes += bytes_read;
620		if (total_from_server >= read_limit) {
	615	if (read_limit) if (total_from_server >= read_limit) {
621	616	/* read limit hit, process attack string */
622	617	logmsg(LOG_WARN, 1,
623		"%s %s Warning - ~~Byte limit (%d~~) hit. Closing %s connections.\n",
	618	"%s %s Warning - Read limit (%u bytes) hit. Closing %s connections.\n",
624	619	logpre, portstr, read_limit, logact);
625	620	shutdown(server_sock_fd, SHUT_RDWR);

honeytrap/trunk/src/honeytrap.c

r1270	r1286
48	48	/* the following are default values - change them in your configuration file */
49	49
50		~~mirror_mode = 0; /* mirror mode is not on by default */~~
51	50	daemonize = 1; /* default is to daemonize */
52	51
…	…
65	64	read_timeout = 1; /* 1 second read timeout */
66	65	m_read_timeout = 60; /* 1 minute read timeout for mirror connections */
67		read_limit = ~~10485760; /* read max. 10MB from attack connections~~ */
	66	read_limit = 0; /* 0 means no read limit */
68	67
69	68	conffile_name = strdup("/etc/honeytrap/honeytrap.conf");
…	…
77	76	packet_sniffer = NULL; /* pcap device pointer */
78	77	#endif
	78
	79	portconf_default = PORTCONF_NONE;
79	80
80	81

honeytrap/trunk/src/honeytrap.h

r1270	r1286
39	39	// global variables regarding configuration
40	40
41		char *pidfile_name;
42		char *logfile_name;
43		char *dev;
44		char *response_dir;
45		char *plugin_dir;
46		int daemonize;
47		int mirror_mode;
48		int promisc_mode;
49		uid_t u_id;
50		gid_t g_id;
51		uint32_t conn_timeout;
52		uint32_t read_timeout;
53		uint32_t m_read_timeout;
54		uint32_t read_limit;
55
	41	char *pidfile_name;
	42	char *logfile_name;
	43	char *dev;
	44	char *response_dir;
	45	char *plugin_dir;
	46	int daemonize;
	47	int promisc_mode;
	48	uid_t u_id;
	49	gid_t g_id;
	50	int32_t conn_timeout;
	51	int32_t read_timeout;
	52	int32_t m_read_timeout;
	53	int32_t read_limit;
56	54
57	55	/* explicit port configurations */
	56	u_char portconf_default;
	57
58	58	typedef struct sport_flag {
59	59	u_int8_t tcp;

honeytrap/trunk/src/modules/htm_SavePostgres.c

r1279	r1286
36	36	#include <md5.h>
37	37	#include <sha512.h>
38		#include <ip.h>
	38	#include <tcpip.h>
39	39
40	40	#include "htm_SavePostgres.h"
…	…
203	203	return(NULL);
204	204	}
205		logmsg(LOG_DEBUG, 1, "Postgres client - Adding Type to URI: %s\n",download->dl_type);
206		snprintf(uri + strlen(uri), strlen(download->dl_type) + 4, "%s://", download->dl_type);
207
208		if(strlen(download->user)) {
209		logmsg(LOG_NOISY, 1, "Postgres client - Adding user and pass to URI: %s:%s\n", download->user, download->pass);
210		snprintf(uri + strlen(uri), strlen(download->user) + strlen(download->pass) + 3, "%s:%s@", download->user, download->pass);
	205	logmsg(LOG_DEBUG, 1, "SavePostges - Adding Type to URI: %s\n",download->dl_type);
	206	if (snprintf(uri + strlen(uri), strlen(download->dl_type) + 4, "%s://", download->dl_type)
	207	>= MAX_URI_SIZE - strlen(uri)) {
	208	logmsg(LOG_ERR, 1, " SavePostgres error - Unable to build URI: Type string too large.\n");
	209	return(NULL);
	210	}
	211
	212	if (download->user) {
	213	logmsg(LOG_NOISY, 1, "SavePostgres - Adding user to URI: %s\n", download->user);
	214	if (snprintf(uri + strlen(uri), strlen(download->user), "%s", download->user)
	215	>= MAX_URI_SIZE - strlen(uri)) {
	216	logmsg(LOG_ERR, 1, " SavePostgres error - Unable to build URI: User string too large.\n");
	217	return(NULL);
	218	}
	219	if (download->pass) {
	220	logmsg(LOG_NOISY, 1, "SavePostgres - Adding user and pass to URI: %s\n", download->pass);
	221	if (snprintf(uri + strlen(uri), strlen(download->pass) + 1, ":%s", download->pass)
	222	>= MAX_URI_SIZE - strlen(uri)) {
	223	logmsg(LOG_ERR, 1, " SavePostgres error - Unable to build URI: Password string too large.\n");
	224	return(NULL);
	225	}
	226	}
	227	if (strlen(uri) < MAX_URI_SIZE) strncat(uri, "@", 1);
211	228	}
212	229
…	…
214	231	strncat(uri, inet_ntoa((struct in_addr)&download->r_addr), strlen(inet_ntoa((struct in_addr)&download->r_addr)));
215	232
	233	if (download->r_port) {
	234	logmsg(LOG_NOISY, 1, "SavePostgre - Adding port to URI: %d\n", download->r_port);
	235	if (snprintf(uri + strlen(uri), 7, ":%d/", download->r_port)
	236	>= MAX_URI_SIZE - strlen(uri)) {
	237	logmsg(LOG_ERR, 1, " SavePostgres error - Unable to build URI: Port string too large.\n");
	238	return(NULL);
	239	}
	240	if (MAX_URI_SIZE - strlen(uri) < strlen(PROTO(download->protocol))) {
	241	logmsg(LOG_ERR, 1, " SavePostgres error - Unable to build URI: Protocol string too large.\n");
	242	return(NULL);
	243	}
	244	strcat(uri + strlen(uri), PROTO(download->protocol));
	245	}
	246
216	247	if (download->filename) {
217	248	logmsg(LOG_NOISY, 1, "SavePostgres - Adding filename to URI: %s\n", download->filename);
218		snprintf(uri + strlen(uri), strlen(download->filename) + 2, "/%s", download->filename);
219		}
220
221		if (download->r_port) {
222		logmsg(LOG_NOISY, 1, "SavePostgre - Adding port to URI: %d\n", download->r_port);
223		snprintf(uri + strlen(uri), 7, ":%d/", download->r_port);
224		strcat(uri + strlen(uri), PROTO(download->protocol));
	249	if (snprintf(uri + strlen(uri), strlen(download->filename) + 2, ":%s", download->filename)
	250	>= MAX_URI_SIZE - strlen(uri)) {
	251	logmsg(LOG_ERR, 1, " SavePostgres error - Unable to build URI: Filename too large.\n");
	252	return(NULL);
	253	}
225	254	}
226	255
…	…
259	288	/* upload malware */
260	289	if (attack->dl_count) {
	290	logmsg(LOG_DEBUG, 1, "SavePostgres - Processing %d. sample.\n", attack->dl_count+1);
261	291	if ((query = malloc(MAX_SQL_BUFFER + 1)) == NULL) {
262	292	logmsg(LOG_ERR, 1, "SavePostgres error - Unable to allocate memory: %s.\n", strerror(errno));
…	…
283	313	logmsg(LOG_NOISY, 1, "SavePostgres - Malware sample exists in database, increasing counter.\n");
284	314	} else {
	315	logmsg(LOG_NOISY, 1, "SavePostgres - Malware sample does not exist in database, submitting it.\n");
285	316	/* escape byte data to prevent sql injection */
286	317	if ((esc_bytea = PQescapeByteaConn(db_connection, attack->download->dl_payload.data,
…	…
293	324	}
294	325
295		if ((uri = build_uri(attack->download)) == NULL) {
296		logmsg(LOG_WARN, 1, "SavePostgres warning - Unable to build generic malware URI.\n");
297		free(uri);
298		} else logmsg(LOG_NOISY, 1, "SavePostgres - Generic malware URI assembled: %s\n", uri);
	326	if ((uri = build_uri(attack->download)) == NULL) free(uri);
	327	else logmsg(LOG_NOISY, 1, "SavePostgres - Generic malware URI assembled: %s\n", uri);
299	328
300	329	if (((l_ip = strdup(inet_ntoa((struct in_addr)&(attack->a_conn.l_addr)))) == NULL) \|\|
…	…
312	341	// "honeytrap-default",
313	342	// "dynamic-generic",
314		~~inet_ntoa((struct in_addr)&(attack->a_conn.l_addr))~~,
315		~~inet_ntoa((struct in_addr)&(attack->a_conn.r_addr))~~,
	343	l_ip,
	344	r_ip,
316	345	uri
317	346	// attack->a_conn.l_port,

honeytrap/trunk/src/modules/htm_ftpDownload.c

r1281	r1286
16	16	*/
17	17
	18	#include <arpa/inet.h>
	19	#include <ctype.h>
	20	#include <errno.h>
	21	#include <netdb.h>
18	22	#include <stdio.h>
19	23	#include <stdlib.h>
20	24	#include <string.h>
	25	#include <sys/stat.h>
	26	#include <sys/socket.h>
21	27	#include <unistd.h>
22		~~#include <arpa/inet.h>~~
23		~~#include <errno.h>~~
24		~~#include <sys/stat.h>~~
25		~~#include <netdb.h>~~
26		~~#include <sys/socket.h>~~
27		~~#include <ctype.h>~~
28	28
29	29	#include <honeytrap.h>
…	…
347	347	control_socket.sin_port = htons(port);
348	348	if (connect(control_sock_fd, (struct sockaddr *) &control_socket, sizeof(control_socket)) != 0) {
349		logmsg(LOG_ERR, 1, "FTP download error - Unable to connect to %s:%d: %s\n",
350		inet_ntoa(*rhost), port, strerror(errno));
351		close(control_sock_fd);
352		return(-1);
	349	/* if network or host is unreachable try attacking address instead */
	350	switch(errno) {
	351	case ECONNREFUSED:
	352	case ENETUNREACH:
	353	case ETIMEDOUT:
	354	rhost = (struct in_addr *) &attack->a_conn.r_addr;
	355	control_socket.sin_addr.s_addr = inet_addr(inet_ntoa(*rhost));
	356	logmsg(LOG_NOISY, 1, "FTP download - FTP server could not be reached, trying the attacking address (%s) instead.\n",
	357	inet_ntoa(*rhost));
	358	if (connect(control_sock_fd, (struct sockaddr *) &control_socket, sizeof(control_socket)) != 0) {
	359	logmsg(LOG_ERR, 1, "FTP download error - Unable to connect to %s:%d: %s\n",
	360	inet_ntoa(*rhost), port, strerror(errno));
	361	close(control_sock_fd);
	362	return(-1);
	363	}
	364	break;
	365	default:
	366	logmsg(LOG_ERR, 1, "FTP download error - Unable to connect to %s:%d: %s\n",
	367	inet_ntoa(*rhost), port, strerror(errno));
	368	close(control_sock_fd);
	369	return(-1);
	370	}
353	371	}
354	372	logmsg(LOG_DEBUG, 1, "FTP download - Ftp control connection to %s:%d established.\n",

honeytrap/trunk/src/modules/htm_tftpDownload.c

r1281	r1286
180	180	logmsg(LOG_ERR, 1, "TFTP download error - Filename too long.\n");
181	181	return(-1);
	182	}
	183
	184	/* 0.0.0.0 is an invalid ip address - set it to the attacker's address */
	185	if (0 == (u_int32_t )host) {
	186	logmsg(LOG_DEBUG, 1, " TFTP download - TFTP server IP addres corrected to %s.\n", inet_ntoa(*host));
	187	host = (struct in_addr *) &attack->a_conn.r_addr;
182	188	}
183	189

honeytrap/trunk/src/nfqmon.c

r1283	r1286
151	151	if (nfq_unbind_pf(h, AF_INET) < 0) {
152	152	logmsg(LOG_ERR, 1, "Error - Could not unbind existing NFQ handle: %s\n", strerror(errno));
	153	logmsg(LOG_ERR, 1, "Do you have root privileges?\n");
153	154	clean_exit(EXIT_FAILURE);
154	155	}

honeytrap/trunk/src/plugin.c

r1282	r1286
38	38
39	39	if (strlen(plugname) > 265) {
40		logmsg(LOG_ERR, 1, " Error - Plugin name exceeds maximum length of 256 charakters: %s\n", plugname);
41		return(-1);
	40	fprintf(stderr, " Error - Plugin name exceeds maximum length of 256 charakters: %s\n", plugname);
	41	return(-1);
	42	}
	43
	44	/* plugin directory must be configured */
	45	if (!dir) {
	46	fprintf(stderr, " Error - Plugin directory not set while trying to load plugin %s.\n", plugname);
	47	exit(EXIT_FAILURE);
42	48	}
43	49
44	50	if ((plugindir = opendir(dir)) == NULL) {
45	51	fprintf(stderr, " Error - Unable to open plugin directory: %s.\n", strerror(errno));
46		~~return(-1~~);
	52	exit(EXIT_FAILURE);
47	53	}
48	54

honeytrap/trunk/src/readconf.c

r1281	r1286
47	47	#endif
48	48
49		/* global config tree */
50		struct lcfg *confkeys_tree;
51
52
53		conf_node process_conftree(conf_node conftree, conf_node tree, process_confopt_fn proc_opt, void opt_data) {
54		conf_node *cur_node = NULL;
55
56		if (!tree) return(NULL);
57
58		cur_node = tree;
59		while (cur_node) {
60		if (proc_opt(tree, cur_node, opt_data) == NULL) return(NULL);
61		if (cur_node->first_leaf) {
62		// descend to subtree
63		if ((cur_node = process_conftree(tree, cur_node->first_leaf, proc_opt, NULL)) == NULL) {
64		fprintf(stderr, " Error - Subtree processing failed.\n");
65		return(NULL);
66		} else return(cur_node);
67
68		if (cur_node->next) cur_node = cur_node->next;
69		else return(cur_node);
70		}
71		if (cur_node->next) cur_node = cur_node->next;
72		else return(cur_node);
73		}
74
75		return(cur_node);
76		}
77
78
79		enum lcfg_status check_conffile(const char key, void data, size_t len, void *tree) {
80		conf_node *new_node;
81		char *list_item;
82
83
84		new_node = NULL;
85		list_item = NULL;
86
87		if ((new_node = add_keyword(&config_tree, key, data, len)) == NULL) {
88		fprintf(stderr, "Error - Unable to add configuration option to tree.\n");
89		return(lcfg_status_error);
90		}
91
92		return(lcfg_status_ok);
93		}
94
95
	49	/* allowed configuration keywords
	50	* use dots separate hierarchy levels */
96	51	static const char *config_keywords[] = {
97	52	"logfile",
…	…
99	54	"response_dir",
100	55	"plugin_dir",
101		"~~mirror~~",
	56	"read_limit",
102	57	#ifdef USE_PCAP_MON
103	58	"promisc",
…	…
106	61	"group",
107	62	"include",
	63	"portconf_default",
108	64	"portconf",
109	65	"portconf.ignore.protocol",
…	…
121	77	};
122	78
	79	/* global config tree */
	80	struct lcfg *confkeys_tree;
	81
	82
	83	conf_node process_conftree(conf_node conftree, conf_node tree, process_confopt_fn proc_opt, void opt_data) {
	84	conf_node *cur_node = NULL;
	85
	86	if (!tree) return(NULL);
	87
	88	cur_node = tree;
	89	while (cur_node) {
	90	if (proc_opt(tree, cur_node, opt_data) == NULL) return(NULL);
	91	if (cur_node->first_leaf) {
	92	// descend to subtree
	93	if ((cur_node = process_conftree(tree, cur_node->first_leaf, proc_opt, NULL)) == NULL) {
	94	fprintf(stderr, " Error - Subtree processing failed.\n");
	95	return(NULL);
	96	} else return(cur_node);
	97
	98	if (cur_node->next) cur_node = cur_node->next;
	99	else return(cur_node);
	100	}
	101	if (cur_node->next) cur_node = cur_node->next;
	102	else return(cur_node);
	103	}
	104
	105	return(cur_node);
	106	}
	107
	108
	109	enum lcfg_status check_conffile(const char key, void data, size_t len, void *tree) {
	110	conf_node *new_node;
	111	char *list_item;
	112
	113
	114	new_node = NULL;
	115	list_item = NULL;
	116
	117	if ((new_node = add_keyword(&config_tree, key, data, len)) == NULL) {
	118	fprintf(stderr, "Error - Unable to add configuration option to tree.\n");
	119	return(lcfg_status_error);
	120	}
	121
	122	return(lcfg_status_ok);
	123	}
	124
123	125
124	126	int configure(int my_argc, char *my_argv[]) {
…	…
157	159	/* initialization of plugin hooks */
158	160	init_plugin_hooks();
159
160
161	161	/* scan command line options to determine logging level or print version number or usage */
162	162	while((option = getopt(my_argc, my_argv, OPTSTRING)) > 0) {
…	…
223	223
224	224
225		if (first_init) {
226		/* scan command line options to get logfile name */
227		optind = 1;
228		while((option = getopt(my_argc, my_argv, OPTSTRING)) > 0) {
229		switch(option) {
230		case 'L':
231		logfile_name = strdup(optarg);
232		DEBUG_FPRINTF(stdout, " Logfile is %s.\n", logfile_name);
233		break;
234		default:
235		break;
236		}
237		}
238
239
240		/* process remaining options now */
241		optind = 1;
242		while((option = getopt(my_argc, my_argv, OPTSTRING)) > 0) {
243		switch(option) {
	225	/* scan command line options to get logfile name */
	226	optind = 1;
	227	while((option = getopt(my_argc, my_argv, OPTSTRING)) > 0) {
	228	switch(option) {
	229	case 'L':
	230	logfile_name = strdup(optarg);
	231	DEBUG_FPRINTF(stdout, " Logfile is %s.\n", logfile_name);
	232	break;
	233	default:
	234	break;
	235	}
	236	}
	237
	238
	239	/* process remaining options now */
	240	optind = 1;
	241	while((option = getopt(my_argc, my_argv, OPTSTRING)) > 0) {
	242	switch(option) {
244	243	#ifdef USE_PCAP_MON
245		case 'i':
246		dev = strdup(optarg);
247		break;
248		case 'a':
249		if ((ip_cmd_opt = gethostbyname(optarg)) == NULL) {
250		perror(" Error - Invalid hostname or ip address\n");
251		exit(EXIT_FAILURE);
252		}
253		break;
254		case 'p':
255		promisc_mode = 1;
256		break;
	244	case 'i':
	245	dev = strdup(optarg);
	246	break;
	247	case 'a':
	248	if ((ip_cmd_opt = gethostbyname(optarg)) == NULL) {
	249	perror(" Error - Invalid hostname or ip address\n");
	250	exit(EXIT_FAILURE);
	251	}
	252	break;
	253	case 'p':
	254	promisc_mode = 1;
	255	break;
257	256	#endif
258		case 'm':
259		mirror_mode = 1;
260		break;
261		case 'l':
262		conn_timeout = strtoul(optarg, NULL, 0);
263		if((conn_timeout < 0) \|\| (conn_timeout > 255)) {
264		fprintf(stderr,
265		" Error - Listen timeout must be a value between 0 and 255.\n");
266		exit(EXIT_FAILURE);
267		}
268		break;
269		case 'r':
270		read_timeout = strtoul(optarg, NULL, 0);
271		if((read_timeout < 0) \|\| (read_timeout > 255)) {
272		fprintf(stderr,
273		" Error - Read timeout must be a value between 0 and 255.\n");
274		exit(EXIT_FAILURE);
275		}
276		&nbs

r1283	r1286
560	560	fi
561	561
562		~~echo $with_ipq_mon, $sith_nfq_mon, $with_ipfw_mon, $with_pcap_mon~~
563
564	562
565	563	AC_PROG_INSTALL