Navigation

← Previous Changeset
Next Changeset →

Changeset 1292

Timestamp:

06/21/07 17:31:57 (1 year ago)

Author:

till

Message:

- safe signal handling through per-process signal pipes
- increased verbosity of debug log messages during initialization phase
- silly pitfalls during build process removed

Files:

honeytrap/trunk/ChangeLog (modified) (1 diff)
honeytrap/trunk/src/ctrl.c (modified) (2 diffs)
honeytrap/trunk/src/dynsrv.c (modified) (16 diffs)
honeytrap/trunk/src/honeytrap.c (modified) (3 diffs)
honeytrap/trunk/src/honeytrap.h (modified) (1 diff)
honeytrap/trunk/src/ipqmon.c (modified) (3 diffs)
honeytrap/trunk/src/logging.c (modified) (1 diff)
honeytrap/trunk/src/nfqmon.c (modified) (3 diffs)
honeytrap/trunk/src/pcapmon.c (modified) (3 diffs)
honeytrap/trunk/src/plughook.c (modified) (1 diff)
honeytrap/trunk/src/plughook.h (modified) (1 diff)
honeytrap/trunk/src/plugin.c (modified) (6 diffs)
honeytrap/trunk/src/plugin.h (modified) (1 diff)
honeytrap/trunk/src/readconf.c (modified) (1 diff)
honeytrap/trunk/src/signals.c (modified) (5 diffs)
honeytrap/trunk/src/signals.h (modified) (2 diffs)
honeytrap/trunk/src/util.c (modified) (7 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

honeytrap/trunk/ChangeLog

r1286	r1292
1	1	Version 1.0.0
	2	- Safe signal delivery and handling using per-process pipes
2	3	- New configuration concept with hierarchically organized file format
3	4	- Default port configuration can be set to "ignore", "normal" or "mirror"

honeytrap/trunk/src/ctrl.c

r1270	r1292
1	1	/* ctrl.c
2		* Copyright (C) 2006 Tillmann Werner <tillmann.werner@gmx.de>
	2	* Copyright (C) 2006-2007 Tillmann Werner <tillmann.werner@gmx.de>
3	3	*
4	4	* This file is free software; as a special exception the author gives
…	…
69	69	logmsg(LOG_DEBUG, 1, "Unloading plugins.\n");
70	70	unload_plugins();
71
	71
72	72	if (pidfile_fd >= 0) {
73	73	logmsg(LOG_DEBUG, 1, "Unlocking pid file.\n");
74	74	if (lockf(pidfile_fd, F_ULOCK, 0) < 0)
75		logmsg(LOG_ERR, 1, "Error - Unable to unlock pid file: %s\n", strerror(errno));
	75	logmsg(LOG_ERR, 1, "Error - Unable to unlock pid file: %s.\n", strerror(errno));
76	76
77	77	logmsg(LOG_DEBUG, 1, "Closing pid file.\n");
78	78	if (close(pidfile_fd) == -1)
79		logmsg(LOG_ERR, 1, "Error - Unable to close pid file: %s\n", strerror(errno));
	79	logmsg(LOG_ERR, 1, "Error - Unable to close pid file: %s.\n", strerror(errno));
80	80
81	81	logmsg(LOG_DEBUG, 1, "Removing pid file.\n");
82		if (unlink(pidfile_name) ~~!= 0~~)
83		logmsg(LOG_ERR, 1, "Error - Unable to remove pid file: %s\n", strerror(errno));
	82	if (unlink(pidfile_name) == -1)
	83	logmsg(LOG_ERR, 1, "Error - Unable to remove pid file: %s.\n", strerror(errno));
84	84	} else logmsg(LOG_DEBUG, 1, "No pid file installed.\n");
85	85
86	86	logmsg(LOG_NOTICE, 1, "---- honeytrap stopped ----\n");
87	87
88		if (close(logfile_fd) == -1) logmsg(LOG_ERR, 1, "Error - Unable to close logfile: %s\n", strerror(errno));
	88	if (close(logfile_fd) == -1) logmsg(LOG_ERR, 1, "Error - Unable to close logfile: %s.\n", strerror(errno));
89	89
90	90	exit(status);

honeytrap/trunk/src/dynsrv.c

r1286	r1292
38	38	#include "tcpip.h"
39	39	#include "sock.h"
	40	#include "signals.h"
40	41	#include "dynsrv.h"
41	42
…	…
60	61	pid_t pid;
61	62	int listen_fd, mirror_sock_fd, proxy_sock_fd, connection_fd, disconnect,
62		total_bytes, ~~select_return,~~ established;
	63	total_bytes, established;
63	64	#ifdef USE_IPQ_MON
64	65	int status;
…	…
81	82	ip_r_str = NULL;
82	83	attack = NULL;
83		~~select_return = -1;~~
84	84	listen_fd = -1;
85	85	connection_fd = -1;
…	…
96	96	/* fork server process */
97	97	if ((pid = fork()) == 0) {
98
99	98	/* use this port string as log prefix */
100	99	memset(portstr, 0, 16);
…	…
172	171	for (;;) {
173	172	FD_ZERO(&rfds);
	173	FD_SET(sigpipe[0], &rfds);
174	174	FD_SET(listen_fd, &rfds);
175	175
…	…
177	177	c_timeout.tv_usec = 0;
178	178
179		switch (select~~_return = select(listen_fd~~ + 1, &rfds, NULL, NULL, &c_timeout)) {
	179	switch (select(MAX(sigpipe[0], listen_fd) + 1, &rfds, NULL, NULL, &c_timeout)) {
180	180	case -1:
181		if (errno == EINTR)
	181	if (errno == EINTR) {
	182	if (check_sigpipe() == -1) exit(EXIT_FAILURE);
182	183	break;
	184	}
183	185	logmsg(LOG_ERR, 1,
184	186	" %s Error - select() call failed: %s.\n", portstr, strerror(errno));
…	…
192	194	exit(EXIT_SUCCESS);
193	195	default:
	196	if (FD_ISSET(sigpipe[0], &rfds) && (check_sigpipe() == -1)) {
	197	logmsg(LOG_ERR, 1, "Error - Signal handling failed in dynamic server process.\n");
	198	exit(EXIT_FAILURE);
	199	}
194	200	if (FD_ISSET(listen_fd, &rfds)) {
195	201	logmsg(LOG_NOISY, 1,
…	…
408	414	free(attack);
409	415	port_mode = portconf_default;
410		} ~~/* connection accepted */~~
411		} ~~/* FD_ISSET - incoming connection */~~
412		} ~~/* select return for listen_fd */~~
413		} ~~/* for - incoming connections */~~
	416	} // connection accepted
	417	} // FD_ISSET - incoming connection
	418	} // select return for listen_fd
	419	} // for - incoming connections
414	420	} /* fork - server process */
415	421	else if (pid == -1) logmsg(LOG_ERR, 1, "Error - forking server process failed.\n");
…	…
422	428	fd_set rfds;
423	429	struct timeval r_timeout;
424		int disconnect, bytes_read, total_bytes~~, retval~~;
	430	int disconnect, bytes_read, total_bytes;
425	431
426	432	total_bytes = 0;
…	…
430	436	for (;;) {
431	437	FD_ZERO(&rfds);
	438	FD_SET(sigpipe[0], &rfds);
432	439	FD_SET(connection_fd, &rfds);
433	440
…	…
435	442	r_timeout.tv_usec = 0;
436	443
437		if (((retval = select(connection_fd + 1, &rfds, NULL, NULL, &r_timeout)) < 0)
438		&& (errno != EINTR)) {
	444	switch (select(MAX(connection_fd, sigpipe[0]) + 1, &rfds, NULL, NULL, &r_timeout)) {
	445	case -1:
	446	if (errno == EINTR) {
	447	if (check_sigpipe() == -1) exit(EXIT_FAILURE);
	448	break;
	449	}
439	450	logmsg(LOG_ERR, 1, " %s Error - select() failed: %s.\n", portstr, strerror(errno));
440	451	close(connection_fd);
441	452	return(process_data(attack_string, total_bytes, NULL, 0, attack->a_conn.l_port, attack));
442		~~} else if (retval == 0) {~~
	453	case 0:
443	454	/* no data available, select() timed out */
444	455	disconnect++;
…	…
459	470	}
460	471	}
461		}
462
463		/* handle data on server connection */
464		if (FD_ISSET(connection_fd, &rfds)) {
465		if ((bytes_read = read(connection_fd, buffer, sizeof(buffer))) > 0) {
466		logmsg(LOG_INFO, 1, " %s* %d bytes read.\n", portstr, bytes_read);
467		total_bytes += bytes_read;
468		if (!(attack_string = (u_char *) realloc(attack_string, total_bytes))) {
469		logmsg(LOG_ERR, 1,
470		" %s Error - Reallocating buffer size failed: %s.\n",
471		portstr, strerror(errno));
472		free(attack_string);
473		exit(EXIT_FAILURE);
474		}
475		memcpy(attack_string + total_bytes - bytes_read, buffer, bytes_read);
476		disconnect = 0;
477		/* check if read limit was hit */
478		if (read_limit) if (total_bytes >= read_limit) {
479		/* read limit hit, process attack string */
480		logmsg(LOG_WARN, 1,
481		" %s Warning - Read limit (%d bytes) hit. Closing connection.\n",
482		portstr, read_limit);
	472	default:
	473	if (FD_ISSET(sigpipe[0], &rfds) && (check_sigpipe() == -1))
	474	exit(EXIT_FAILURE);
	475	if (FD_ISSET(connection_fd, &rfds)) {
	476	/* handle data on server connection */
	477	if ((bytes_read = read(connection_fd, buffer, sizeof(buffer))) > 0) {
	478	logmsg(LOG_INFO, 1, " %s* %d bytes read.\n", portstr, bytes_read);
	479	total_bytes += bytes_read;
	480	if (!(attack_string = (u_char *) realloc(attack_string, total_bytes))) {
	481	logmsg(LOG_ERR, 1,
	482	" %s Error - Reallocating buffer size failed: %s.\n",
	483	portstr, strerror(errno));
	484	free(attack_string);
	485	exit(EXIT_FAILURE);
	486	}
	487	memcpy(attack_string + total_bytes - bytes_read, buffer, bytes_read);
	488	disconnect = 0;
	489	/* check if read limit was hit */
	490	if (read_limit) if (total_bytes >= read_limit) {
	491	/* read limit hit, process attack string */
	492	logmsg(LOG_WARN, 1,
	493	" %s Warning - Read limit (%d bytes) hit. Closing connection.\n",
	494	portstr, read_limit);
	495	close(connection_fd);
	496	return(process_data
	497	(attack_string, total_bytes, NULL, 0, attack->a_conn.l_port, attack));
	498	}
	499	} else if (bytes_read == 0) {
	500	logmsg(LOG_INFO, 1, " %s Connection closed by foreign host.\n", portstr);
	501
	502	/* process attack string */
	503	close(connection_fd);
	504	return(process_data
	505	(attack_string, total_bytes, NULL, 0, attack->a_conn.l_port, attack));
	506	} else {
	507	logmsg(LOG_NOISY, 1, " %s Could not read data: %s.\n", portstr, strerror(errno));
483	508	close(connection_fd);
484	509	return(process_data
485	510	(attack_string, total_bytes, NULL, 0, attack->a_conn.l_port, attack));
486	511	}
487		} else if (bytes_read == 0) {
488		logmsg(LOG_INFO, 1, " %s Connection closed by foreign host.\n", portstr);
489
490		/* process attack string */
491		close(connection_fd);
492		return(process_data
493		(attack_string, total_bytes, NULL, 0, attack->a_conn.l_port, attack));
494		} else {
495		logmsg(LOG_NOISY, 1, " %s Could not read data: %s.\n", portstr, strerror(errno));
496		close(connection_fd);
497		return(process_data
498		(attack_string, total_bytes, NULL, 0, attack->a_conn.l_port, attack));
499		}
500		} /* FD_ISSER(connection_fd) */
501		} /* for */
	512	} // FD_ISSET
	513	} // switch
	514	} // for
502	515	}
503	516
…	…
510	523	fd_set rfds;
511	524	struct timeval r_timeout;
512		int disconnect, bytes_read, bytes_sent, total_bytes, total_from_server, r~~etval, max_read_fd~~;
	525	int disconnect, bytes_read, bytes_sent, total_bytes, total_from_server, rv;
513	526	u_char *server_string;
514	527	char logstr, Logstr, logact, logpre;
…	…
542	555	FD_SET(server_sock_fd, &rfds);
543	556
544		~~max_read_fd = server_sock_fd > connection_fd ? server_sock_fd : connection_fd;~~
545
546	557	r_timeout.tv_sec = (u_char) timeout;
547	558	r_timeout.tv_usec = 0;
548		if ((select(max_read_fd + 1, &rfds, NULL, NULL, &r_timeout) < 0)
549		&& (errno != EINTR)) {
	559	switch (select(MAX(MAX(server_sock_fd, connection_fd), sigpipe[0]) + 1, &rfds, NULL, NULL, &r_timeout)) {
	560	case -1:
	561	if (errno == EINTR) {
	562	if (check_sigpipe() == -1) exit(EXIT_FAILURE);
	563	break;
	564	}
550	565	logmsg(LOG_INFO, 1, "%s %s Error - Select failed: %s.\n", logpre, portstr, strerror(errno));
551	566	shutdown(server_sock_fd, SHUT_RDWR);
…	…
553	568	return(process_data
554	569	(attack_string, total_bytes, server_string, total_from_server, dport, attack));
555		}
556
557		if (FD_ISSET(server_sock_fd, &rfds)) {
558		/* read data and proxy it to client connection */
559		bytes_read = 0;
560		if ((retval =
561		copy_data(connection_fd, server_sock_fd, &server_string,
562		total_from_server, &bytes_read, &bytes_sent)) > 0) {
563		logmsg(LOG_INFO, 1,
564		"%s %s* %u (of %u) bytes copied from %s connection to %s:%u.\n",
565		logpre, portstr, bytes_sent, bytes_read, logact, inet_ntoa(ipaddr), sport);
566		total_from_server += bytes_read;
567		if (read_limit) if (total_from_server >= read_limit) {
568		/* read limit hit, process attack string */
569		logmsg(LOG_WARN, 1,
570		"%s %s Warning - Read limit (%u bytes) hit. Closing %s connections.\n",
571		logpre, portstr, read_limit, logact);
572		shutdown(server_sock_fd, SHUT_RDWR);
573		shutdown(connection_fd, SHUT_RDWR);
574		return(process_data
575		(attack_string, total_bytes, server_string,
576		total_from_server, dport, attack));
577		}
578		} else if (retval == 0) {
579		/* first UDP packet was rejected, fall back to normal mode */
580		if ((proto == UDP) && (total_bytes == bytes_sent))
581		return(handle_connection_normal
582		(connection_fd, dport, proto, read_timeout, attack));
583
584		/* remote host closed server connection */
585		logmsg(LOG_INFO, 1,
586		"%s %s %s connection closed by foreign host.\n", logpre, portstr, Logstr);
587		shutdown(server_sock_fd, SHUT_RDWR);
588		shutdown(connection_fd, SHUT_RDWR);
589		return(process_data
590		(attack_string, total_bytes, server_string, total_from_server, dport, attack));
591		} else {
592		/* copy_data error */
593		logmsg(LOG_INFO, 1,
594		"%s %s Error - Unable to %s data to client connection.\n",
595		logpre, portstr, logact);
596		if (close(server_sock_fd) == -1)
597		logmsg(LOG_ERR, 1,
598		"%s %s Error - Unable to close %s sockt.\n", logpre, portstr, logstr);
599		else
600		logmsg(LOG_NOISY, 1, "%s %s %s connection closed.\n", logpre, portstr, Logstr);
601		shutdown(connection_fd, SHUT_RDWR);
602		return(process_data
603		(attack_string, total_bytes, server_string, total_from_server, dport, attack));
604		}
605		} else if (FD_ISSET(connection_fd, &rfds)) {
606		/* read data and proxy it to server connection */
607		bytes_read = 0;
608		if ((retval =
609		copy_data(server_sock_fd, connection_fd, &attack_string,
610		total_bytes, &bytes_read, &bytes_sent)) > 0) {
611		logmsg(LOG_INFO, 1,
612		"%s %s* %u (of %u) bytes copied from client connection to %s:%u.\n",
613		logpre, portstr, bytes_sent, bytes_read, inet_ntoa(ipaddr), dport);
614		total_bytes += bytes_read;
615		if (read_limit) if (total_from_server >= read_limit) {
616		/* read limit hit, process attack string */
617		logmsg(LOG_WARN, 1,
618		"%s %s Warning - Read limit (%u bytes) hit. Closing %s connections.\n",
619		logpre, portstr, read_limit, logact);
620		shutdown(server_sock_fd, SHUT_RDWR);
621		shutdown(connection_fd, SHUT_RDWR);
622		return(process_data
623		(attack_string, total_bytes, server_string,
624		total_from_server, dport, attack));
625		}
626		} else if (retval == 0) {
627		/* remote host closed client connection */
628		shutdown(server_sock_fd, SHUT_RDWR);
629		logmsg(LOG_INFO, 1, "%s %s Connection closed by foreign host.\n", logpre, portstr);
630		shutdown(server_sock_fd, SHUT_RDWR);
631		logmsg(LOG_NOISY, 1, "%s %s %s connection closed.\n", logpre, portstr, Logstr);
632		return(process_data
633		(attack_string, total_bytes, server_string, total_from_server, dport, attack));
634		} else {
635		/* copy_data error */
636		logmsg(LOG_INFO, 1,
637		"%s %s Error - Unable to %s data to %s connection.\n",
638		logpre, portstr, logact, logstr);
639		shutdown(server_sock_fd, SHUT_RDWR);
640		shutdown(connection_fd, SHUT_RDWR);
641		return(process_data
642		(attack_string, total_bytes, server_string, total_from_server, dport, attack));
643		}
644		} else {
	570	case 0:
645	571	/* select() timed out, close connections */
646	572	logmsg(LOG_INFO, 1,
…	…
650	576	return(process_data
651	577	(attack_string, total_bytes, server_string, total_from_server, dport, attack));
652		}
	578	default:
	579	if (FD_ISSET(sigpipe[0], &rfds) && (check_sigpipe() == -1))
	580	exit(EXIT_FAILURE);
	581	if (FD_ISSET(server_sock_fd, &rfds)) {
	582	/* read data and proxy it to client connection */
	583	bytes_read = 0;
	584	if ((rv = copy_data(connection_fd, server_sock_fd, &server_string,
	585	total_from_server, &bytes_read, &bytes_sent)) > 0) {
	586	logmsg(LOG_INFO, 1,
	587	"%s %s* %u (of %u) bytes copied from %s connection to %s:%u.\n",
	588	logpre, portstr, bytes_sent, bytes_read, logact, inet_ntoa(ipaddr), sport);
	589	total_from_server += bytes_read;
	590	if (read_limit) if (total_from_server >= read_limit) {
	591	/* read limit hit, process attack string */
	592	logmsg(LOG_WARN, 1,
	593	"%s %s Warning - Read limit (%u bytes) hit. Closing %s connections.\n",
	594	logpre, portstr, read_limit, logact);
	595	shutdown(server_sock_fd, SHUT_RDWR);
	596	shutdown(connection_fd, SHUT_RDWR);
	597	return(process_data
	598	(attack_string, total_bytes, server_string,
	599	total_from_server, dport, attack));
	600	}
	601	} else if (rv == 0) {
	602	/* first UDP packet was rejected, fall back to normal mode */
	603	if ((proto == UDP) && (total_bytes == bytes_sent))
	604	return(handle_connection_normal
	605	(connection_fd, dport, proto, read_timeout, attack));
	606
	607	/* remote host closed server connection */
	608	logmsg(LOG_INFO, 1,
	609	"%s %s %s connection closed by foreign host.\n", logpre, portstr, Logstr);
	610	shutdown(server_sock_fd, SHUT_RDWR);
	611	shutdown(connection_fd, SHUT_RDWR);
	612	return(process_data
	613	(attack_string, total_bytes, server_string, total_from_server, dport, attack));
	614	} else {
	615	/* copy_data error */
	616	logmsg(LOG_INFO, 1,
	617	"%s %s Error - Unable to %s data to client connection.\n",
	618	logpre, portstr, logact);
	619	if (close(server_sock_fd) == -1)
	620	logmsg(LOG_ERR, 1,
	621	"%s %s Error - Unable to close %s sockt.\n", logpre, portstr, logstr);
	622	else
	623	logmsg(LOG_NOISY, 1, "%s %s %s connection closed.\n", logpre, portstr, Logstr);
	624	shutdown(connection_fd, SHUT_RDWR);
	625	return(process_data
	626	(attack_string, total_bytes, server_string, total_from_server, dport, attack));
	627	}
	628	}
	629	if (FD_ISSET(connection_fd, &rfds)) {
	630	/* read data and proxy it to server connection */
	631	bytes_read = 0;
	632	if ((rv = copy_data(server_sock_fd, connection_fd, &attack_string,
	633	total_bytes, &bytes_read, &bytes_sent)) > 0) {
	634	logmsg(LOG_INFO, 1,
	635	"%s %s* %u (of %u) bytes copied from client connection to %s:%u.\n",
	636	logpre, portstr, bytes_sent, bytes_read, inet_ntoa(ipaddr), dport);
	637	total_bytes += bytes_read;
	638	if (read_limit) if (total_from_server >= read_limit) {
	639	/* read limit hit, process attack string */
	640	logmsg(LOG_WARN, 1,
	641	"%s %s Warning - Read limit (%u bytes) hit. Closing %s connections.\n",
	642	logpre, portstr, read_limit, logact);
	643	shutdown(server_sock_fd, SHUT_RDWR);
	644	shutdown(connection_fd, SHUT_RDWR);
	645	return(process_data
	646	(attack_string, total_bytes, server_string,
	647	total_from_server, dport, attack));
	648	}
	649	} else if (rv == 0) {
	650	/* remote host closed client connection */
	651	shutdown(server_sock_fd, SHUT_RDWR);
	652	logmsg(LOG_INFO, 1, "%s %s Connection closed by foreign host.\n", logpre, portstr);
	653	shutdown(server_sock_fd, SHUT_RDWR);
	654	logmsg(LOG_NOISY, 1, "%s %s %s connection closed.\n", logpre, portstr, Logstr);
	655	return(process_data
	656	(attack_string, total_bytes, server_string, total_from_server, dport, attack));
	657	} else {
	658	/* copy_data error */
	659	logmsg(LOG_INFO, 1,
	660	"%s %s Error - Unable to %s data to %s connection.\n",
	661	logpre, portstr, logact, logstr);
	662	shutdown(server_sock_fd, SHUT_RDWR);
	663	shutdown(connection_fd, SHUT_RDWR);
	664	return(process_data
	665	(attack_string, total_bytes, server_string, total_from_server, dport, attack));
	666	}
	667	}
	668	} // switch
653	669	}
654	670	return(0); // never reached

honeytrap/trunk/src/honeytrap.c

r1286	r1292
27	27	#include "response.h"
28	28	#include "connectmon.h"
	29	#include "plughook.h"
	30	#include "signals.h"
29	31	#ifdef USE_PCAP_MON
30	32	#include "pcapmon.h"
…	…
72	74	plugin_dir = strdup("/etc/honeytrap/plugins");
73	75
	76	current_plugfunc = NULL;
	77
74	78	#ifdef USE_PCAP_MON
75	79	dev = NULL; /* network device pointer */
…	…
79	83	portconf_default = PORTCONF_NONE;
80	84
	85
	86	/* install signal handlers */
	87	install_signal_handlers();
	88
81	89
82	90	/* configure honeytrap */

honeytrap/trunk/src/honeytrap.h

r1286	r1292
24	24	#endif
25	25
	26	#define MAX(a, b) (a > b ? a : b)
	27	#define MIN(a, b) (a < b ? a : b)
26	28
27	29	#define EXCL_FILE_RW O_CREAT \| O_NOCTTY \| O_APPEND \| O_WRONLY

honeytrap/trunk/src/ipqmon.c

r1283	r1292
25	25	#include "ctrl.h"
26	26	#include "readconf.h"
	27	#include "signals.h"
27	28	#include "ipqmon.h"
28	29
…	…
36	37
37	38	int start_ipq_mon(void) {
38		int status, process;
39		u_int8_t port_mode;
40		uint16_t sport, dport;
41		unsigned char buf[BUFSIZE];
42		struct ip_header *ip;
43		struct tcp_header *tcp;
44		struct udp_header *udp;
	39	int status, process;
	40	u_int8_t port_mode;
	41	uint16_t sport, dport;
	42	fd_set rfds;
	43	struct timeval mainloop_timeout;
	44	unsigned char buf[BUFSIZE];
	45	struct ip_header *ip;
	46	struct tcp_header *tcp;
	47	struct udp_header *udp;
45	48
46	49	sport = 0;
…	…
67	70
68	71	for (;;) {
69		process = 1;
70		if ((status = ipq_read(h, buf, BUFSIZE, 0)) < 0) {
71		logmsg(LOG_ERR, 1, "Error - Could not read queued packet: %s.\n", ipq_errstr());
72		ipq_destroy_handle(h);
73		clean_exit(EXIT_FAILURE);
74		}
75		switch (ipq_message_type(buf)) {
76		case NLMSG_ERROR:
77		logmsg(LOG_WARN, 1, "IPQ Warning - ipq_read() returned status NLMSG_ERROR: %s\n", strerror(ipq_get_msgerr(buf)));
	72	FD_ZERO(&rfds);
	73	FD_SET(sigpipe[0], &rfds);
	74	FD_SET(h->fd, &rfds);
	75
	76	mainloop_timeout.tv_sec = 360;
	77	mainloop_timeout.tv_usec = 0;
	78
	79	switch (select(MAX(h->fd, sigpipe[0]) + 1, &rfds, NULL, NULL, &mainloop_timeout)) {
	80	case -1:
	81	if (errno == EINTR) {
	82	if (check_sigpipe() == -1) exit(EXIT_FAILURE);
78	83	break;
79		case IPQM_PACKET:
80		packet = ipq_get_packet(buf);
81		ip = (struct ip_header*) packet->payload;
82		if (ip->ip_p == TCP) {
83		tcp = (struct tcp_header) (packet->payload + (4 ip->ip_hlen));
84		sport = ntohs(tcp->th_sport);
85		dport = ntohs(tcp->th_dport);
86		port_mode = port_flags_tcp[dport] ? port_flags_tcp[dport]->mode : 0;
87		} else if (ip->ip_p == UDP) {
88		udp = (struct udp_header) (packet->payload + (4 ip->ip_hlen));
89		sport = ntohs(udp->uh_sport);
90		dport = ntohs(udp->uh_dport);
91		port_mode = port_flags_udp[dport] ? port_flags_udp[dport]->mode : 0;
92		} else {
93		logmsg(LOG_ERR, 1, "Error - Protocol %u is not supported.\n", ip->ip_p);
94		if ((status = ipq_set_verdict(h, packet->packet_id, NF_ACCEPT, 0, NULL)) < 0) {
95		logmsg(LOG_ERR, 1, "Error - Could not set verdict on packet: %s.\n", ipq_errstr());
96		ipq_destroy_handle(h);
97		clean_exit(EXIT_FAILURE);
	84	}
	85	/* error */
	86	logmsg(LOG_ERR, 1, "Error - select() call failed in main loop: %s.\n", strerror(errno));
	87	exit(EXIT_FAILURE);
	88	case 0:
	89	break;
	90	default:
	91	if (FD_ISSET(sigpipe[0], &rfds) && (check_sigpipe() == -1))
	92	exit(EXIT_FAILURE);
	93	if (FD_ISSET(h->fd, &rfds)) {
	94	/* incoming connection request */
	95	process = 1;
	96	if ((status = ipq_read(h, buf, BUFSIZE, 0)) < 0) {
	97	logmsg(LOG_ERR, 1, "Error - Could not read queued packet: %s.\n", ipq_errstr());
	98	ipq_destroy_handle(h);
	99	clean_exit(EXIT_FAILURE);
	100	}
	101	switch (ipq_message_type(buf)) {
	102	case NLMSG_ERROR:
	103	logmsg(LOG_WARN, 1, "IPQ Warning - ipq_read() returned status NLMSG_ERROR: %s\n",
	104	strerror(ipq_get_msgerr(buf)));
	105	break;
	106	case IPQM_PACKET:
	107	packet = ipq_get_packet(buf);
	108	ip = (struct ip_header*) packet->payload;
	109	if (ip->ip_p == TCP) {
	110	tcp = (struct tcp_header) (packet->payload + (4 ip->ip_hlen));
	111	sport = ntohs(tcp->th_sport);
	112	dport = ntohs(tcp->th_dport);
	113	port_mode = port_flags_tcp[dport] ? port_flags_tcp[dport]->mode : 0;
	114	} else if (ip->ip_p == UDP) {
	115	udp = (struct udp_header) (packet->payload + (4 ip->ip_hlen));
	116	sport = ntohs(udp->uh_sport);
	117	dport = ntohs(udp->uh_dport);
	118	port_mode = port_flags_udp[dport] ? port_flags_udp[dport]->mode : 0;
	119	} else {
	120	logmsg(LOG_ERR, 1, "Error - Protocol %u is not supported.\n", ip->ip_p);
	121	if ((status = ipq_set_verdict(h, packet->packet_id, NF_ACCEPT, 0, NULL)) < 0) {
	122	logmsg(LOG_ERR, 1, "Error - Could not set verdict on packet: %s.\n", ipq_errstr());
	123	ipq_destroy_handle(h);
	124	clean_exit(EXIT_FAILURE);
	125	}
	126	break;
98	127	}
	128
	129	/* Got a connection request, start dynamic server and pass packet processing back to the kernel */
	130	switch (port_mode) {
	131	case PORTCONF_NONE:
	132	logmsg(LOG_DEBUG, 1, "Port %u/%s has no explicit configuration.\n",
	133	dport, PROTO(ip->ip_p));
	134	break;
	135	&nb