cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adapt pfflowd to cope with PF changes from n2k8. Patches from canacar@,

Browse Source 
thanks! Maintainer timeout; mpf@ jdixon@ ok.
This commit is contained in:
sthen 2008-09-24 13:56:00 +00:00
parent ceda9b071d
commit 7a30600280
4 changed files with 198 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
net/pfflowd/Makefile
View File

@ -1,10 +1,9 @@
# $OpenBSD: Makefile,v 1.8 2008/06/28 08:30:00 ajacoutot Exp $
BROKEN= needs to cope with recent network changes
# $OpenBSD: Makefile,v 1.9 2008/09/24 13:56:00 sthen Exp $
COMMENT= PF to NetFlow converter
DISTNAME= pfflowd-0.7
PKGNAME= ${DISTNAME}p0
CATEGORIES= net
MASTER_SITES= http://www.mindrot.org/files/pfflowd/

182
net/pfflowd/patches/patch-pfflowd_c Normal file
View File

@ -0,0 +1,182 @@
$OpenBSD: patch-pfflowd_c,v 1.1 2008/09/24 13:56:00 sthen Exp $
--- pfflowd.c.orig Fri Jun 13 02:40:21 2008
+++ pfflowd.c Fri Jun 13 02:56:30 2008
@@ -210,14 +210,14 @@ connsock(struct sockaddr *addr, socklen_t len)
}
static void
-format_pf_host(char *buf, size_t n, struct pf_state_host *h, sa_family_t af)
+format_pf_addr(char *buf, size_t n, const struct pf_addr *h, sa_family_t af)
{
const char *err = NULL;
switch (af) {
case AF_INET:
case AF_INET6:
- if (inet_ntop(af, &h->addr, buf, n) == NULL)
+ if (inet_ntop(af, h, buf, n) == NULL)
err = strerror(errno);
break;
default:
@@ -253,7 +253,8 @@ send_netflow_v1(const struct pfsync_state *st, u_int n
hdr = (struct NF1_HEADER *)packet;
for(num_packets = offset = j = i = 0; i < n; i++) {
- struct pf_state_host src, dst;
+ const struct pf_addr *src, *dst;
+ u_int16_t src_port, dst_port;
u_int32_t bytes_in, bytes_out;
u_int32_t packets_in, packets_out;
char src_s[64], dst_s[64], rt_s[64], pbuf[16], creation_s[64];
@@ -300,19 +301,23 @@ send_netflow_v1(const struct pfsync_state *st, u_int n
creation = uptime_ms; /* Avoid u_int wrap */
if (st[i].direction == PF_OUT) {
- memcpy(&src, &st[i].lan, sizeof(src));
- memcpy(&dst, &st[i].ext, sizeof(dst));
+ src = &st[i].key[PF_SK_WIRE].addr[1];
+ dst = &st[i].key[PF_SK_WIRE].addr[0];
+ src_port = st[i].key[PF_SK_WIRE].port[1];
+ dst_port = st[i].key[PF_SK_WIRE].port[0];
} else {
- memcpy(&src, &st[i].ext, sizeof(src));
- memcpy(&dst, &st[i].lan, sizeof(dst));
+ src = &st[i].key[PF_SK_STACK].addr[0];
+ dst = &st[i].key[PF_SK_STACK].addr[1];
+ src_port = st[i].key[PF_SK_STACK].port[0];
+ dst_port = st[i].key[PF_SK_STACK].port[1];
}
flw = (struct NF1_FLOW *)(packet + offset);
if (netflow_socket != -1 && st[i].packets[0][0] != 0) {
- flw->src_ip = src.addr.v4.s_addr;
- flw->dest_ip = dst.addr.v4.s_addr;
- flw->src_port = src.port;
- flw->dest_port = dst.port;
+ flw->src_ip = src->v4.s_addr;
+ flw->dest_ip = dst->v4.s_addr;
+ flw->src_port = src_port;
+ flw->dest_port = dst_port;
flw->flow_packets = st[i].packets[0][0];
flw->flow_octets = st[i].bytes[0][0];
flw->flow_start = htonl(uptime_ms - creation);
@@ -325,10 +330,10 @@ send_netflow_v1(const struct pfsync_state *st, u_int n
}
flw = (struct NF1_FLOW *)(packet + offset);
if (netflow_socket != -1 && st[i].packets[1][0] != 0) {
- flw->src_ip = dst.addr.v4.s_addr;
- flw->dest_ip = src.addr.v4.s_addr;
- flw->src_port = dst.port;
- flw->dest_port = src.port;
+ flw->src_ip = dst->v4.s_addr;
+ flw->dest_ip = src->v4.s_addr;
+ flw->src_port = dst_port;
+ flw->dest_port = src_port;
flw->flow_packets = st[i].packets[1][0];
flw->flow_octets = st[i].bytes[1][0];
flw->flow_start = htonl(uptime_ms - creation);
@@ -352,17 +357,17 @@ send_netflow_v1(const struct pfsync_state *st, u_int n
strftime(creation_s, sizeof(creation_s),
"%Y-%m-%dT%H:%M:%S", &creation_tm);
- format_pf_host(src_s, sizeof(src_s), &src, st[i].af);
- format_pf_host(dst_s, sizeof(dst_s), &dst, st[i].af);
+ format_pf_addr(src_s, sizeof(src_s), src, st[i].af);
+ format_pf_addr(dst_s, sizeof(dst_s), dst, st[i].af);
inet_ntop(st[i].af, &st[i].rt_addr, rt_s, sizeof(rt_s));
if (st[i].proto == IPPROTO_TCP ||
st[i].proto == IPPROTO_UDP) {
snprintf(pbuf, sizeof(pbuf), ":%d",
- ntohs(src.port));
+ ntohs(src_port));
strlcat(src_s, pbuf, sizeof(src_s));
snprintf(pbuf, sizeof(pbuf), ":%d",
- ntohs(dst.port));
+ ntohs(dst_port));
strlcat(dst_s, pbuf, sizeof(dst_s));
}
@@ -425,9 +430,10 @@ send_netflow_v5(const struct pfsync_state *st, u_int n
hdr = (struct NF5_HEADER *)packet;
for(num_packets = offset = j = i = 0; i < n; i++) {
- struct pf_state_host src, dst;
+ const struct pf_addr *src, *dst;
u_int32_t bytes_in, bytes_out, packets_in, packets_out;
u_int32_t creation;
+ u_int16_t src_port, dst_port;
char src_s[64], dst_s[64], rt_s[64], pbuf[16], creation_s[64];
time_t creation_tt;
struct tm creation_tm;
@@ -472,20 +478,25 @@ send_netflow_v5(const struct pfsync_state *st, u_int n
if (creation > uptime_ms)
creation = uptime_ms; /* Avoid u_int wrap */
+
if (st[i].direction == PF_OUT) {
- memcpy(&src, &st[i].lan, sizeof(src));
- memcpy(&dst, &st[i].ext, sizeof(dst));
+ src = &st[i].key[PF_SK_WIRE].addr[1];
+ dst = &st[i].key[PF_SK_WIRE].addr[0];
+ src_port = st[i].key[PF_SK_WIRE].port[1];
+ dst_port = st[i].key[PF_SK_WIRE].port[0];
} else {
- memcpy(&src, &st[i].ext, sizeof(src));
- memcpy(&dst, &st[i].lan, sizeof(dst));
+ src = &st[i].key[PF_SK_STACK].addr[0];
+ dst = &st[i].key[PF_SK_STACK].addr[1];
+ src_port = st[i].key[PF_SK_STACK].port[0];
+ dst_port = st[i].key[PF_SK_STACK].port[1];
}
flw = (struct NF5_FLOW *)(packet + offset);
if (netflow_socket != -1 && st[i].packets[0][0] != 0) {
- flw->src_ip = src.addr.v4.s_addr;
- flw->dest_ip = dst.addr.v4.s_addr;
- flw->src_port = src.port;
- flw->dest_port = dst.port;
+ flw->src_ip = src->v4.s_addr;
+ flw->dest_ip = dst->v4.s_addr;
+ flw->src_port = src_port;
+ flw->dest_port = dst_port;
flw->flow_packets = st[i].packets[0][0];
flw->flow_octets = st[i].bytes[0][0];
flw->flow_start = htonl(uptime_ms - creation);
@@ -498,10 +509,10 @@ send_netflow_v5(const struct pfsync_state *st, u_int n
}
flw = (struct NF5_FLOW *)(packet + offset);
if (netflow_socket != -1 && st[i].packets[1][0] != 0) {
- flw->src_ip = dst.addr.v4.s_addr;
- flw->dest_ip = src.addr.v4.s_addr;
- flw->src_port = dst.port;
- flw->dest_port = src.port;
+ flw->src_ip = dst->v4.s_addr;
+ flw->dest_ip = src->v4.s_addr;
+ flw->src_port = dst_port;
+ flw->dest_port = src_port;
flw->flow_packets = st[i].packets[1][0];
flw->flow_octets = st[i].bytes[1][0];
flw->flow_start = htonl(uptime_ms - creation);
@@ -525,17 +536,17 @@ send_netflow_v5(const struct pfsync_state *st, u_int n
strftime(creation_s, sizeof(creation_s),
"%Y-%m-%dT%H:%M:%S", &creation_tm);
- format_pf_host(src_s, sizeof(src_s), &src, st[i].af);
- format_pf_host(dst_s, sizeof(dst_s), &dst, st[i].af);
+ format_pf_addr(src_s, sizeof(src_s), src, st[i].af);
+ format_pf_addr(dst_s, sizeof(dst_s), dst, st[i].af);
inet_ntop(st[i].af, &st[i].rt_addr, rt_s, sizeof(rt_s));
if (st[i].proto == IPPROTO_TCP ||
st[i].proto == IPPROTO_UDP) {
snprintf(pbuf, sizeof(pbuf), ":%d",
- ntohs(src.port));
+ ntohs(src_port));
strlcat(src_s, pbuf, sizeof(src_s));
snprintf(pbuf, sizeof(pbuf), ":%d",
- ntohs(dst.port));
+ ntohs(dst_port));
strlcat(dst_s, pbuf, sizeof(dst_s));
}

12
net/pfflowd/patches/patch-pfflowd_h Normal file
View File

@ -0,0 +1,12 @@
$OpenBSD: patch-pfflowd_h,v 1.1 2008/09/24 13:56:00 sthen Exp $
--- pfflowd.h.orig Wed Jul 16 13:48:31 2008
+++ pfflowd.h Wed Jul 16 13:48:40 2008
@@ -29,7 +29,7 @@
#define DEFAULT_INTERFACE "pfsync0"
#define LIBPCAP_SNAPLEN 2020 /* Default MTU */
-#define _PFSYNC_VER 3
+#define _PFSYNC_VER 4
/*
* This is the Cisco Netflow(tm) version 1 packet format

4
net/pfflowd/pkg/PLIST
View File

@ -1,5 +1,5 @@
@comment $OpenBSD: PLIST,v 1.3 2006/07/07 09:05:36 djm Exp $
@comment $OpenBSD: PLIST,v 1.4 2008/09/24 13:56:00 sthen Exp $
@newgroup _pfflowd:565
@newuser _pfflowd:565:565:daemon:pfflowd:/nonexistent:/sbin/nologin
@man man/man8/pfflowd.8
sbin/pfflowd
@bin sbin/pfflowd