* Improve CNAME reporting to use original (alias) names. This seems the most normal and intuitive. * CLI interface improvements (cli.*): - help message - gripe about invalid switches. - return exit code 1 in iptraffic for invalid configuration. * Expand Makefile * Update DPAKmaster
@@ -1,16 +1,29 @@ | |||
O=-s | |||
# cm-20220225 testing controlpanel messages with symbols left in | |||
#O=-s | |||
### Program Targets ### | |||
.PHONY: all controlpanel/trafficctrl | |||
all: iptraffic trafficmon/badtrafficrpt trafficmon/dnsblacklist trafficmon/domblacklist trafficmon/trafficmon controlpanel/trafficctrl | |||
controlpanel/trafficctrl: | |||
cd controlpanel && make trafficctrl | |||
iptraffic: iptraffic.cpp strutil.o data.o config.o cli.o miniini.o | |||
g++ $O -o $@ $@.cpp strutil.o data.o config.o cli.o miniini.o | |||
trafficmon/trafficmon: trafficmon/trafficmon.cpp strutil.o data.o config.o cli.o miniini.o | |||
g++ $O -o $@ $@.cpp strutil.o data.o config.o cli.o miniini.o -lcppdb | |||
trafficmon/badtrafficrpt: trafficmon/badtrafficrpt.cpp cli.o miniini.o strutil.o trafficmon/appbase.o | |||
g++ $O -o $@ $@.cpp strutil.o cli.o miniini.o trafficmon/appbase.o -lcppdb | |||
trafficmon/dnsblacklist: trafficmon/dnsblacklist.cpp cli.o miniini.o strutil.o trafficmon/appbase.o | |||
g++ $O -o $@ $@.cpp strutil.o cli.o miniini.o trafficmon/appbase.o -lcppdb | |||
trafficmon/badtrafficrpt: trafficmon/badtrafficrpt.cpp cli.o miniini.o strutil.o | |||
g++ $O -o $@ $@.cpp strutil.o cli.o miniini.o -lcppdb | |||
trafficmon/domblacklist: trafficmon/domblacklist.cpp cli.o miniini.o strutil.o trafficmon/appbase.o | |||
g++ $O -o $@ $@.cpp strutil.o cli.o miniini.o trafficmon/appbase.o -lcppdb | |||
trafficmon/trafficmon: trafficmon/trafficmon.cpp strutil.o data.o config.o cli.o miniini.o trafficmon/appbase.o | |||
g++ $O -o $@ $@.cpp strutil.o data.o config.o cli.o miniini.o trafficmon/appbase.o -lcppdb | |||
@@ -31,14 +44,17 @@ miniini.o: miniini.cpp miniini.h strutil.o | |||
strutil.o: strutil.cpp strutil.h | |||
g++ $O -c -o $@ strutil.cpp | |||
trafficmon/appbase.o: trafficmon/appbase.cpp trafficmon/appbase.h cli.o miniini.o | |||
g++ $O -c -o $@ trafficmon/appbase.cpp | |||
### Source Maintenance ### | |||
.PHONY: clean distclean | |||
clean: | |||
rm *.o || true | |||
rm *.o */*.o || true | |||
distclean: clean | |||
rm iptraffic trafficmon/trafficmon trafficmon/badtrafficrpt || true | |||
rm iptraffic trafficmon/trafficmon trafficmon/badtrafficrpt trafficmon/dnsblacklist trafficmon/domblacklist || true | |||
rm *.deb || true | |||
cd controlpanel && make distclean |
@@ -26,6 +26,12 @@ cBaseApp &cBaseApp::init(int argc, char **argv) { | |||
unsigned cBaseApp::do_switch(const char *arg) { | |||
throw CLIerror("Invalid switch '"+std::string(arg)+"'"); | |||
} | |||
int cBaseApp::main() { | |||
int i, ct; | |||
char *p; | |||
@@ -68,6 +74,15 @@ int cBaseApp::main() { | |||
int cBaseApp::help() { | |||
std::cerr << | |||
"Invalid command line arguments and the developer didn't provide any help." | |||
<< std::endl; | |||
return ExitCode = 1; | |||
} | |||
int cBaseApp::crash(const std::exception &e) { | |||
std::cerr << "Application crashed: " << e.what() << std::endl; | |||
return 216; // just a weird number hopefully not conflicting with anything else. | |||
@@ -93,7 +93,7 @@ struct cBaseApp { | |||
// | |||
// how many args needed for val | |||
virtual unsigned do_switch(const char *arg) { return 0; } | |||
virtual unsigned do_switch(const char *arg); | |||
// proccess a val for switch | |||
virtual void do_switch_arg(const char *sw, const std::string &val) { } | |||
// process a non-switch arg. | |||
@@ -127,6 +127,16 @@ struct cBaseApp { | |||
virtual int main(); | |||
/// Provide help text for CLI arg parse errors | |||
// | |||
// This is intended to show a command line help message on the terminal | |||
// about what the proper CLI syntax is. The return is the desired exit | |||
// code. The default is 1. This implementation will provide the app meta | |||
// data, if present. This simplified method is used so an exception is | |||
// not required to call it. | |||
virtual int help(); | |||
/// Catch exceptions /// | |||
// | |||
// This is called by the boiler plate main() (see bottom) when an excpetion | |||
@@ -211,12 +211,40 @@ bool LogAnalyzer::line(const std::string &in) { | |||
/// DNS query result /// | |||
// TODO: need to get more specific on tying us + them + time to DNS | |||
// TODO: doesn't seem that CNAMEs are getting attached to requests properly. | |||
// the logs are cryptic on this front. | |||
if(ln.count>8 && strncmp(ln.fields[4], "dnsmasq[", 8)==0) { | |||
if(ln[5]=="reply" || ln[5]=="cached") { | |||
name = ln[6]; | |||
address = ln[8]; | |||
/* NOTE: CNAME resolution seems to follow this order in logs: | |||
1. A result line (reply/cached) with an address of <CNAME> | |||
2. One or more consecutive result lines for the canonical name | |||
Looking over the logs it doesn't appear that dnsmasq will log | |||
anything between the original and CNAME resolutions. The exception | |||
is if a CNAME record is cached and it has to resolve what it | |||
points to. In this case there would be a "cached" and then a | |||
"forwarded" record eventually followed by "reply ... <CNAME>". | |||
In that case we want to operate on the reply. | |||
*/ | |||
/* record we're handling a CNAME cycle */ | |||
if(address=="<CNAME>") { | |||
alias = name; | |||
cname = ""; | |||
return 0; | |||
} | |||
/* If in cname _mode_: */ | |||
if(alias!="") { | |||
if(cname=="") { | |||
cname = name; /* This is our target name */ | |||
name = alias; /* substitute the alias */ | |||
} else if(cname==name) { | |||
name = alias; /* substitute the alias */ | |||
} else { | |||
cname = ""; /* These are different records reset */ | |||
name = ""; | |||
} | |||
} | |||
// Hmm... is this reply an address? | |||
if(pre_match(dns_ignore, address)) return 0; // nope | |||
if(pre_match(dns_del, address)) return 0; // does not exist reply | |||
@@ -227,6 +255,9 @@ bool LogAnalyzer::line(const std::string &in) { | |||
rdns[address] = name; | |||
//dlog("Added "+address+" = "+name); | |||
return 0; | |||
} else if(alias!="") { | |||
alias = ""; /* we've fallen out of CNAME resolution. */ | |||
cname = ""; | |||
} | |||
} | |||
@@ -101,6 +101,8 @@ struct LogAnalyzer { | |||
NameVal rdns; // Reverse DNS lookup cache | |||
Conn conn; // Last connection worked on | |||
Splits ln; // Work buffer for line processing | |||
std::string alias; // The name requiring CNAME resolution | |||
std::string cname; // The cname alias was pointing to. | |||
LogAnalyzer(); | |||
// Process a log line. Returns "true" if it were a netfilter entry. | |||
@@ -78,11 +78,11 @@ struct IPtraffic: public cBaseApp { | |||
// TODO: elaborate | |||
void help() { | |||
int help() { | |||
cerr << | |||
"\n" | |||
"iptraffic -c {config file} [-o {output file}] [{input file} [...]]\n"; | |||
ExitCode = 1; | |||
return ExitCode = 1; | |||
} | |||
@@ -149,7 +149,7 @@ struct IPtraffic: public cBaseApp { | |||
} | |||
} | |||
*out << flush; // make sure all data gets written. | |||
cerr << "\nLines: " << line_no | |||
cerr << "Lines: " << line_no | |||
<< "\nIgnored: " << ict | |||
<< "\nTotal rDNS: " << analyze.rdns.size() << endl; | |||
return 0; | |||
@@ -13,6 +13,36 @@ Copyright: . | |||
Origin: JFP | |||
Packaged-For: JF Possibilities, Inc. | |||
changelog: | |||
(0.6-1j) unstable; urgency=low | |||
. | |||
** This is an alpha release ** | |||
. | |||
* Change handling of CNAMEs to report the originally requested name. | |||
. | |||
-- Jon Foster <jon@jfpossibilities.com> Mon, 21 Mar 2022 14:56:19 -0700 | |||
. | |||
(0.5-2j) unstable; urgency=low | |||
. | |||
** This is an alpha release ** | |||
. | |||
This is primarily a bug fix and testing release. | |||
. | |||
* Leave symbols in bins to see how C++CMS reports errors. | |||
* Don't allow "*." or "*" in the wild card entry field. It breaks | |||
stuff! | |||
. | |||
-- Jon Foster <jon@jfpossibilities.com> Mon, 03 Jan 2022 14:22:30 -0800 | |||
. | |||
(0.5-1j) unstable; urgency=low | |||
. | |||
** This is an alpha release ** | |||
. | |||
* Minor internal restructuring of CLI apps. | |||
* *NEW* domblacklist tool to make DNSmasq whole domain blocks. | |||
* Also added the iptraffic log CLI log analyzer | |||
. | |||
-- Jon Foster <jon@jfpossibilities.com> Mon, 03 Jan 2022 14:22:30 -0800 | |||
. | |||
(0.4-3j) unstable; urgency=low | |||
. | |||
** This is an alpha release ** | |||
@@ -52,8 +82,6 @@ changelog: | |||
-- Jon Foster <jon@jfpossibilities.com> Thu, 02 Sep 2021 10:58:43 -0700 | |||
. | |||
Build: sh | |||
make trafficmon/trafficmon trafficmon/badtrafficrpt | |||
cd controlpanel | |||
make | |||
Clean: sh | |||
make distclean | |||
@@ -61,12 +89,13 @@ Clean: sh | |||
Package: poorman-ids | |||
Architecture: any | |||
# I think libssl is required by cppcms. libmysqlclient18 is probably cppdb | |||
Depends: libc6, libstdc++6, cppdb (>= 0.3.1-4), cppcms, libssl1.0.0, | |||
libmysqlclient18 | |||
Depends: libc6, libstdc++6, cppdb (>= 0.3.1-4), cppcms, libssl1.0.0 | |||
#Depends: [] | |||
Recommends: libmysqlclient18 | |||
Description: . | |||
Install: sh | |||
dpak install -sbin trafficmon/trafficmon trafficmon/badtrafficrpt | |||
dpak install -sbin iptraffic trafficmon/trafficmon trafficmon/badtrafficrpt | |||
dpak install -sbin trafficmon/dnsblacklist trafficmon/domblacklist | |||
dpak install -sbin controlpanel/trafficctrl | |||
dpak strip | |||
dpak install -conf -subdir poorman-ids sample.conf controlpanel/sample.js | |||
@@ -83,13 +112,15 @@ Finalize: sh | |||
chmod -R g-s "$DPAK_ROOT" | |||
chmod 700 "$DPAK_ROOT/etc/poorman-ids" | |||
chmod 600 "$DPAK_ROOT/etc/poorman-ids/"* | |||
chmod 644 "$DPAK_ROOT/etc/default/"* | |||
chmod 644 "$DPAK_ROOT/etc/default/"* | |||
chmod 755 "$DPAK_ROOT/etc/init.d/"* | |||
PostInst: sh | |||
update-rc.d trafficmon defaults | |||
update-rc.d trafficctrl defaults | |||
service trafficmon start || true | |||
service trafficctrl start || true | |||
PreRm: sh | |||
# Shut off services so they are RAM resident after install | |||
# Shut off services so they aren't RAM resident after install | |||
service trafficmon stop || true | |||
service trafficctrl stop || true | |||
PostRm: sh | |||