diff options
-rw-r--r-- | net/pfflowd/Makefile | 11 | ||||
-rw-r--r-- | net/pfflowd/files/patch-Makefile | 18 | ||||
-rw-r--r-- | net/pfflowd/files/patch-pfflowd.c | 20 | ||||
-rw-r--r-- | net/pfflowd/files/patch-pfflowd.h | 25 | ||||
-rw-r--r-- | net/pfflowd/files/pf34-Makefile | 11 | ||||
-rw-r--r-- | net/pfflowd/files/pf37-pfflowd.c | 254 |
6 files changed, 293 insertions, 46 deletions
diff --git a/net/pfflowd/Makefile b/net/pfflowd/Makefile index df00781146fe..1fe3a47b767b 100644 --- a/net/pfflowd/Makefile +++ b/net/pfflowd/Makefile @@ -21,16 +21,13 @@ PLIST_FILES= sbin/pfflowd .include <bsd.port.pre.mk> -.if ${OSVERSION} < 502106 -IGNORE= only for 5.3 and above -.endif - .if ${OSVERSION} < 502119 -EXTRA_PATCHES+= ${FILESDIR}/pf34-Makefile +IGNORE= only for 5.3 and above .endif -.if ${OSVERSION} < 700000 -BROKEN= does not compile +.if ${OSVERSION} < 700049 +MAKE_ENV+= OLD_PFSYNC=1 +EXTRA_PATCHES+= ${FILESDIR}/pf37-pfflowd.c .endif pre-build: diff --git a/net/pfflowd/files/patch-Makefile b/net/pfflowd/files/patch-Makefile index 9eb368b14f92..67a867e0e4d0 100644 --- a/net/pfflowd/files/patch-Makefile +++ b/net/pfflowd/files/patch-Makefile @@ -1,15 +1,17 @@ ---- Makefile Mon Feb 16 16:30:46 2004 -+++ Makefile Thu Aug 19 22:08:28 2004 -@@ -7,7 +7,7 @@ - LIBS=-lpcap -lutil #-lefence +--- Makefile.orig 2006-07-07 01:27:13.000000000 -0700 ++++ Makefile 2008-05-28 13:00:20.000000000 -0700 +@@ -7,14 +7,18 @@ + LIBS=-lpcap -lutil LDFLAGS=-g -CFLAGS=-g -O $(WARNFLAGS) -+CFLAGS=-g -O -I /usr/local/include/pf ++CFLAGS=-g -O ++ ++.if defined(OLD_PFSYNC) ++CFLAGS+=-DOLD_PFSYNC ++.endif - # Uncomment this if you are using pfflowd on OpenBSD <=3.4 - #CFLAGS+=-DOLD_PFSYNC -@@ -16,8 +16,8 @@ + TARGETS=pfflowd all: $(TARGETS) diff --git a/net/pfflowd/files/patch-pfflowd.c b/net/pfflowd/files/patch-pfflowd.c index 940ff354585c..f2ef857acdd7 100644 --- a/net/pfflowd/files/patch-pfflowd.c +++ b/net/pfflowd/files/patch-pfflowd.c @@ -23,23 +23,3 @@ _exit(0); } -@@ -366,7 +368,9 @@ - strlcat(dst_s, pbuf, sizeof(dst_s)); - } - -+#ifndef OLD_PFSYNC - syslog(LOG_DEBUG, "IFACE %s", st[i].ifname); -+#endif - syslog(LOG_DEBUG, "GWY %s", rt_s); - syslog(LOG_DEBUG, "FLOW proto %d direction %d", - st[i].proto, st[i].direction); -@@ -538,7 +542,9 @@ - strlcat(dst_s, pbuf, sizeof(dst_s)); - } - -+#ifndef OLD_PFSYNC - syslog(LOG_DEBUG, "IFACE %s", st[i].ifname); -+#endif - syslog(LOG_DEBUG, "GWY %s", rt_s); - syslog(LOG_DEBUG, "FLOW proto %d direction %d", - st[i].proto, st[i].direction); diff --git a/net/pfflowd/files/patch-pfflowd.h b/net/pfflowd/files/patch-pfflowd.h new file mode 100644 index 000000000000..a86f49a5ad1f --- /dev/null +++ b/net/pfflowd/files/patch-pfflowd.h @@ -0,0 +1,25 @@ +--- pfflowd.h.orig 2008-05-28 12:04:42.000000000 -0700 ++++ pfflowd.h 2008-05-28 12:07:06.000000000 -0700 +@@ -21,7 +21,7 @@ + #define PROGVER "0.7" + + #ifndef PRIVDROP_USER +-# define PRIVDROP_USER "_pfflowd" ++# define PRIVDROP_USER "nobody" + #endif + + #define PRIVDROP_CHROOT_DIR "/var/empty" +@@ -29,7 +29,12 @@ + #define DEFAULT_INTERFACE "pfsync0" + #define LIBPCAP_SNAPLEN 2020 /* Default MTU */ + +-#define _PFSYNC_VER 3 ++#ifdef OLD_PFSYNC ++# define _PFSYNC_STATE pfsync_state ++# define _PFSYNC_VER 2 ++#else ++# define _PFSYNC_VER 3 ++#endif + + /* + * This is the Cisco Netflow(tm) version 1 packet format diff --git a/net/pfflowd/files/pf34-Makefile b/net/pfflowd/files/pf34-Makefile deleted file mode 100644 index 8ff334de49d6..000000000000 --- a/net/pfflowd/files/pf34-Makefile +++ /dev/null @@ -1,11 +0,0 @@ ---- Makefile.orig Thu Aug 19 22:10:22 2004 -+++ Makefile Thu Aug 19 22:10:29 2004 -@@ -10,7 +10,7 @@ - CFLAGS=-g -O -I /usr/local/include/pf - - # Uncomment this if you are using pfflowd on OpenBSD <=3.4 --#CFLAGS+=-DOLD_PFSYNC -+CFLAGS+=-DOLD_PFSYNC - - TARGETS=pfflowd - diff --git a/net/pfflowd/files/pf37-pfflowd.c b/net/pfflowd/files/pf37-pfflowd.c new file mode 100644 index 000000000000..8678a13ebdc4 --- /dev/null +++ b/net/pfflowd/files/pf37-pfflowd.c @@ -0,0 +1,254 @@ +--- pfflowd.c.orig 2008-05-28 12:28:08.000000000 -0700 ++++ pfflowd.c 2008-05-28 12:28:29.000000000 -0700 +@@ -231,7 +231,7 @@ + } + + static int +-send_netflow_v1(const struct pfsync_state *st, u_int n, int *flows_exp) ++send_netflow_v1(const struct _PFSYNC_STATE *st, u_int n, int *flows_exp) + { + char now_s[64]; + int i, j, offset, num_packets, err; +@@ -310,13 +310,13 @@ + } + + flw = (struct NF1_FLOW *)(packet + offset); +- if (netflow_socket != -1 && st[i].packets[0][0] != 0) { ++ if (netflow_socket != -1 && st[i].packets[0] != 0) { + flw->src_ip = src.addr.v4.s_addr; + flw->dest_ip = dst.addr.v4.s_addr; + flw->src_port = src.port; + flw->dest_port = dst.port; +- flw->flow_packets = st[i].packets[0][0]; +- flw->flow_octets = st[i].bytes[0][0]; ++ flw->flow_packets = st[i].packets[0]; ++ flw->flow_octets = st[i].bytes[0]; + flw->flow_start = htonl(uptime_ms - creation); + flw->flow_finish = htonl(uptime_ms); + flw->protocol = st[i].proto; +@@ -326,13 +326,13 @@ + hdr->flows++; + } + flw = (struct NF1_FLOW *)(packet + offset); +- if (netflow_socket != -1 && st[i].packets[1][0] != 0) { ++ if (netflow_socket != -1 && st[i].packets[1] != 0) { + flw->src_ip = dst.addr.v4.s_addr; + flw->dest_ip = src.addr.v4.s_addr; + flw->src_port = dst.port; + flw->dest_port = src.port; +- flw->flow_packets = st[i].packets[1][0]; +- flw->flow_octets = st[i].bytes[1][0]; ++ flw->flow_packets = st[i].packets[1]; ++ flw->flow_octets = st[i].bytes[1]; + flw->flow_start = htonl(uptime_ms - creation); + flw->flow_finish = htonl(uptime_ms); + flw->protocol = st[i].proto; +@@ -344,10 +344,10 @@ + flw = (struct NF1_FLOW *)(packet + offset); + + if (verbose_flag) { +- packets_out = ntohl(st[i].packets[0][0]); +- packets_in = ntohl(st[i].packets[1][0]); +- bytes_out = ntohl(st[i].bytes[0][0]); +- bytes_in = ntohl(st[i].bytes[1][0]); ++ packets_out = ntohl(st[i].packets[0]); ++ packets_in = ntohl(st[i].packets[1]); ++ bytes_out = ntohl(st[i].bytes[0]); ++ bytes_in = ntohl(st[i].bytes[1]); + + creation_tt = now - (creation / 1000); + localtime_r(&creation_tt, &creation_tm); +@@ -368,7 +368,6 @@ + strlcat(dst_s, pbuf, sizeof(dst_s)); + } + +- syslog(LOG_DEBUG, "IFACE %s", st[i].ifname); + syslog(LOG_DEBUG, "GWY %s", rt_s); + syslog(LOG_DEBUG, "FLOW proto %d direction %d", + st[i].proto, st[i].direction); +@@ -401,9 +400,8 @@ + return (ntohs(hdr->flows)); + } + +- + static int +-send_netflow_v5(const struct pfsync_state *st, u_int n, int *flows_exp) ++send_netflow_v5(const struct _PFSYNC_STATE *st, u_int n, int *flows_exp) + { + char now_s[64]; + int i, j, offset, num_packets, err; +@@ -483,13 +481,13 @@ + } + + flw = (struct NF5_FLOW *)(packet + offset); +- if (netflow_socket != -1 && st[i].packets[0][0] != 0) { ++ if (netflow_socket != -1 && st[i].packets[0] != 0) { + flw->src_ip = src.addr.v4.s_addr; + flw->dest_ip = dst.addr.v4.s_addr; + flw->src_port = src.port; + flw->dest_port = dst.port; +- flw->flow_packets = st[i].packets[0][0]; +- flw->flow_octets = st[i].bytes[0][0]; ++ flw->flow_packets = st[i].packets[0]; ++ flw->flow_octets = st[i].bytes[0]; + flw->flow_start = htonl(uptime_ms - creation); + flw->flow_finish = htonl(uptime_ms); + flw->tcp_flags = 0; +@@ -499,13 +497,13 @@ + hdr->flows++; + } + flw = (struct NF5_FLOW *)(packet + offset); +- if (netflow_socket != -1 && st[i].packets[1][0] != 0) { ++ if (netflow_socket != -1 && st[i].packets[1] != 0) { + flw->src_ip = dst.addr.v4.s_addr; + flw->dest_ip = src.addr.v4.s_addr; + flw->src_port = dst.port; + flw->dest_port = src.port; +- flw->flow_packets = st[i].packets[1][0]; +- flw->flow_octets = st[i].bytes[1][0]; ++ flw->flow_packets = st[i].packets[1]; ++ flw->flow_octets = st[i].bytes[1]; + flw->flow_start = htonl(uptime_ms - creation); + flw->flow_finish = htonl(uptime_ms); + flw->tcp_flags = 0; +@@ -517,10 +515,10 @@ + flw = (struct NF5_FLOW *)(packet + offset); + + if (verbose_flag) { +- packets_out = ntohl(st[i].packets[0][0]); +- packets_in = ntohl(st[i].packets[1][0]); +- bytes_out = ntohl(st[i].bytes[0][0]); +- bytes_in = ntohl(st[i].bytes[1][0]); ++ packets_out = ntohl(st[i].packets[0]); ++ packets_in = ntohl(st[i].packets[1]); ++ bytes_out = ntohl(st[i].bytes[0]); ++ bytes_in = ntohl(st[i].bytes[1]); + + creation_tt = now - (creation / 1000); + localtime_r(&creation_tt, &creation_tm); +@@ -541,7 +539,6 @@ + strlcat(dst_s, pbuf, sizeof(dst_s)); + } + +- syslog(LOG_DEBUG, "IFACE %s", st[i].ifname); + syslog(LOG_DEBUG, "GWY %s", rt_s); + syslog(LOG_DEBUG, "FLOW proto %d direction %d", + st[i].proto, st[i].direction); +@@ -574,32 +571,6 @@ + return (ntohs(hdr->flows)); + } + +-static void +-send_flow(const struct pfsync_state *st, u_int n, int *flows_exp) +-{ +- int r = 0; +- +- switch (export_version) { +- case 1: +- r = send_netflow_v1(st, n, flows_exp); +- break; +- case 5: +- r = send_netflow_v5(st, n, flows_exp); +- break; +- default: +- /* should never reach this point */ +- syslog(LOG_DEBUG, "Invalid netflow version, exiting"); +- exit(1); +- } +- +- if (r > 0) { +- flows_exported += r; +- if (verbose_flag) +- syslog(LOG_DEBUG, "flows_exported = %d", *flows_exp); +- } +- +-} +- + /* + * Per-packet callback function from libpcap. + */ +@@ -608,8 +579,8 @@ + const u_char *pkt) + { + const struct pfsync_header *ph = (const struct pfsync_header *)pkt; +- const struct pfsync_state *st; +- u_int64_t bytes[2], packets[2]; ++ const struct _PFSYNC_STATE *st; ++ int r = 0; + + if (phdr->caplen < PFSYNC_HDRLEN) { + syslog(LOG_WARNING, "Runt pfsync packet header"); +@@ -632,56 +603,25 @@ + return; + } + +- st = (const struct pfsync_state *)((const u_int8_t *)ph + sizeof(*ph)); ++ st = (const struct _PFSYNC_STATE *)((const u_int8_t *)ph + sizeof(*ph)); + +- /* +- * Check if any members of st->packets or st->bytes overflow +- * the 32 bit netflow counters, if so, create as many flow records +- * that are needed to clear the counter. +- */ +- +- pf_state_counter_ntoh(st->packets[0],packets[0]); +- pf_state_counter_ntoh(st->packets[1],packets[1]); +- pf_state_counter_ntoh(st->bytes[0],bytes[0]); +- pf_state_counter_ntoh(st->bytes[1],bytes[1]); +- +- while (bytes[0] > 0 || bytes[1] > 0 || +- packets[0] > 0 || packets[1] > 0) { +- +- struct pfsync_state st1; +- +- memcpy(&st1, st, sizeof(st1)); +- +- if (bytes[0] > UINT_MAX) { +- st1.bytes[0][0] = 0xffffffff; +- bytes[0] -= MIN(bytes[0], 0xffffffff); +- } else { +- st1.bytes[0][0] = htonl(bytes[0]); +- bytes[0] = 0; +- } +- if (bytes[1] > UINT_MAX) { +- st1.bytes[1][0] = 0xffffffff; +- bytes[1] -= MIN(bytes[1], 0xffffffff); +- } else { +- st1.bytes[1][0] = htonl(bytes[1]); +- bytes[1] = 0; +- } +- if (packets[0] > UINT_MAX) { +- st1.packets[0][0] = 0xffffffff; +- packets[0] -= MIN(packets[0], 0xffffffff); +- } else { +- st1.packets[0][0] = htonl(packets[0]); +- packets[0] = 0; +- } +- if (packets[1] > UINT_MAX) { +- st1.packets[1][0] = 0xffffffff; +- packets[1] -= MIN(packets[1], 0xffffffff); +- } else { +- st1.packets[1][0] = htonl(packets[1]); +- packets[1] = 0; +- } ++ switch (export_version) { ++ case 1: ++ r = send_netflow_v1(st, ph->count, &flows_exported); ++ break; ++ case 5: ++ r = send_netflow_v5(st, ph->count, &flows_exported); ++ break; ++ default: ++ /* should never reach this point */ ++ syslog(LOG_DEBUG, "Invalid netflow version, exiting"); ++ exit(1); ++ } + +- send_flow(&st1, ph->count, &flows_exported); ++ if (r > 0) { ++ flows_exported += r; ++ if (verbose_flag) ++ syslog(LOG_DEBUG, "flows_exported = %d", flows_exported); + } + } + |