Browse Source

CNAME handling

* Improve CNAME reporting to use original (alias) names. This seems
   the most normal and intuitive.
 * CLI interface improvements (cli.*):
   - help message
   - gripe about invalid switches.
   - return exit code 1 in iptraffic for invalid configuration.
 * Expand Makefile
 * Update DPAK
master
Jon Foster 3 months ago
parent
commit
9ca68a65f5
7 changed files with 125 additions and 20 deletions
  1. +23
    -7
      Makefile
  2. +15
    -0
      cli.cpp
  3. +11
    -1
      cli.h
  4. +33
    -2
      data.cpp
  5. +2
    -0
      data.h
  6. +3
    -3
      iptraffic.cpp
  7. +38
    -7
      poorman-ids.dpak

+ 23
- 7
Makefile View File

@@ -1,16 +1,29 @@
O=-s
# cm-20220225 testing controlpanel messages with symbols left in
#O=-s


### Program Targets ###

.PHONY: all controlpanel/trafficctrl
all: iptraffic trafficmon/badtrafficrpt trafficmon/dnsblacklist trafficmon/domblacklist trafficmon/trafficmon controlpanel/trafficctrl

controlpanel/trafficctrl:
cd controlpanel && make trafficctrl

iptraffic: iptraffic.cpp strutil.o data.o config.o cli.o miniini.o
g++ $O -o $@ $@.cpp strutil.o data.o config.o cli.o miniini.o

trafficmon/trafficmon: trafficmon/trafficmon.cpp strutil.o data.o config.o cli.o miniini.o
g++ $O -o $@ $@.cpp strutil.o data.o config.o cli.o miniini.o -lcppdb
trafficmon/badtrafficrpt: trafficmon/badtrafficrpt.cpp cli.o miniini.o strutil.o trafficmon/appbase.o
g++ $O -o $@ $@.cpp strutil.o cli.o miniini.o trafficmon/appbase.o -lcppdb

trafficmon/dnsblacklist: trafficmon/dnsblacklist.cpp cli.o miniini.o strutil.o trafficmon/appbase.o
g++ $O -o $@ $@.cpp strutil.o cli.o miniini.o trafficmon/appbase.o -lcppdb

trafficmon/badtrafficrpt: trafficmon/badtrafficrpt.cpp cli.o miniini.o strutil.o
g++ $O -o $@ $@.cpp strutil.o cli.o miniini.o -lcppdb
trafficmon/domblacklist: trafficmon/domblacklist.cpp cli.o miniini.o strutil.o trafficmon/appbase.o
g++ $O -o $@ $@.cpp strutil.o cli.o miniini.o trafficmon/appbase.o -lcppdb

trafficmon/trafficmon: trafficmon/trafficmon.cpp strutil.o data.o config.o cli.o miniini.o trafficmon/appbase.o
g++ $O -o $@ $@.cpp strutil.o data.o config.o cli.o miniini.o trafficmon/appbase.o -lcppdb



@@ -31,14 +44,17 @@ miniini.o: miniini.cpp miniini.h strutil.o
strutil.o: strutil.cpp strutil.h
g++ $O -c -o $@ strutil.cpp

trafficmon/appbase.o: trafficmon/appbase.cpp trafficmon/appbase.h cli.o miniini.o
g++ $O -c -o $@ trafficmon/appbase.cpp



### Source Maintenance ###

.PHONY: clean distclean
clean:
rm *.o || true
rm *.o */*.o || true
distclean: clean
rm iptraffic trafficmon/trafficmon trafficmon/badtrafficrpt || true
rm iptraffic trafficmon/trafficmon trafficmon/badtrafficrpt trafficmon/dnsblacklist trafficmon/domblacklist || true
rm *.deb || true
cd controlpanel && make distclean

+ 15
- 0
cli.cpp View File

@@ -26,6 +26,12 @@ cBaseApp &cBaseApp::init(int argc, char **argv) {



unsigned cBaseApp::do_switch(const char *arg) {
throw CLIerror("Invalid switch '"+std::string(arg)+"'");
}



int cBaseApp::main() {
int i, ct;
char *p;
@@ -68,6 +74,15 @@ int cBaseApp::main() {



int cBaseApp::help() {
std::cerr <<
"Invalid command line arguments and the developer didn't provide any help."
<< std::endl;
return ExitCode = 1;
}



int cBaseApp::crash(const std::exception &e) {
std::cerr << "Application crashed: " << e.what() << std::endl;
return 216; // just a weird number hopefully not conflicting with anything else.


+ 11
- 1
cli.h View File

@@ -93,7 +93,7 @@ struct cBaseApp {
//

// how many args needed for val
virtual unsigned do_switch(const char *arg) { return 0; }
virtual unsigned do_switch(const char *arg);
// proccess a val for switch
virtual void do_switch_arg(const char *sw, const std::string &val) { }
// process a non-switch arg.
@@ -127,6 +127,16 @@ struct cBaseApp {

virtual int main();

/// Provide help text for CLI arg parse errors
//
// This is intended to show a command line help message on the terminal
// about what the proper CLI syntax is. The return is the desired exit
// code. The default is 1. This implementation will provide the app meta
// data, if present. This simplified method is used so an exception is
// not required to call it.

virtual int help();

/// Catch exceptions ///
//
// This is called by the boiler plate main() (see bottom) when an excpetion


+ 33
- 2
data.cpp View File

@@ -211,12 +211,40 @@ bool LogAnalyzer::line(const std::string &in) {
/// DNS query result ///

// TODO: need to get more specific on tying us + them + time to DNS
// TODO: doesn't seem that CNAMEs are getting attached to requests properly.
// the logs are cryptic on this front.
if(ln.count>8 && strncmp(ln.fields[4], "dnsmasq[", 8)==0) {
if(ln[5]=="reply" || ln[5]=="cached") {
name = ln[6];
address = ln[8];

/* NOTE: CNAME resolution seems to follow this order in logs:
1. A result line (reply/cached) with an address of <CNAME>
2. One or more consecutive result lines for the canonical name
Looking over the logs it doesn't appear that dnsmasq will log
anything between the original and CNAME resolutions. The exception
is if a CNAME record is cached and it has to resolve what it
points to. In this case there would be a "cached" and then a
"forwarded" record eventually followed by "reply ... <CNAME>".
In that case we want to operate on the reply.
*/
/* record we're handling a CNAME cycle */
if(address=="<CNAME>") {
alias = name;
cname = "";
return 0;
}
/* If in cname _mode_: */
if(alias!="") {
if(cname=="") {
cname = name; /* This is our target name */
name = alias; /* substitute the alias */
} else if(cname==name) {
name = alias; /* substitute the alias */
} else {
cname = ""; /* These are different records reset */
name = "";
}
}

// Hmm... is this reply an address?
if(pre_match(dns_ignore, address)) return 0; // nope
if(pre_match(dns_del, address)) return 0; // does not exist reply
@@ -227,6 +255,9 @@ bool LogAnalyzer::line(const std::string &in) {
rdns[address] = name;
//dlog("Added "+address+" = "+name);
return 0;
} else if(alias!="") {
alias = ""; /* we've fallen out of CNAME resolution. */
cname = "";
}
}



+ 2
- 0
data.h View File

@@ -101,6 +101,8 @@ struct LogAnalyzer {
NameVal rdns; // Reverse DNS lookup cache
Conn conn; // Last connection worked on
Splits ln; // Work buffer for line processing
std::string alias; // The name requiring CNAME resolution
std::string cname; // The cname alias was pointing to.

LogAnalyzer();
// Process a log line. Returns "true" if it were a netfilter entry.


+ 3
- 3
iptraffic.cpp View File

@@ -78,11 +78,11 @@ struct IPtraffic: public cBaseApp {


// TODO: elaborate
void help() {
int help() {
cerr <<
"\n"
"iptraffic -c {config file} [-o {output file}] [{input file} [...]]\n";
ExitCode = 1;
return ExitCode = 1;
}


@@ -149,7 +149,7 @@ struct IPtraffic: public cBaseApp {
}
}
*out << flush; // make sure all data gets written.
cerr << "\nLines: " << line_no
cerr << "Lines: " << line_no
<< "\nIgnored: " << ict
<< "\nTotal rDNS: " << analyze.rdns.size() << endl;
return 0;


+ 38
- 7
poorman-ids.dpak View File

@@ -13,6 +13,36 @@ Copyright: .
Origin: JFP
Packaged-For: JF Possibilities, Inc.
changelog:
(0.6-1j) unstable; urgency=low
.
** This is an alpha release **
.
* Change handling of CNAMEs to report the originally requested name.
.
-- Jon Foster <jon@jfpossibilities.com> Mon, 21 Mar 2022 14:56:19 -0700
.
(0.5-2j) unstable; urgency=low
.
** This is an alpha release **
.
This is primarily a bug fix and testing release.
.
* Leave symbols in bins to see how C++CMS reports errors.
* Don't allow "*." or "*" in the wild card entry field. It breaks
stuff!
.
-- Jon Foster <jon@jfpossibilities.com> Mon, 03 Jan 2022 14:22:30 -0800
.
(0.5-1j) unstable; urgency=low
.
** This is an alpha release **
.
* Minor internal restructuring of CLI apps.
* *NEW* domblacklist tool to make DNSmasq whole domain blocks.
* Also added the iptraffic log CLI log analyzer
.
-- Jon Foster <jon@jfpossibilities.com> Mon, 03 Jan 2022 14:22:30 -0800
.
(0.4-3j) unstable; urgency=low
.
** This is an alpha release **
@@ -52,8 +82,6 @@ changelog:
-- Jon Foster <jon@jfpossibilities.com> Thu, 02 Sep 2021 10:58:43 -0700
.
Build: sh
make trafficmon/trafficmon trafficmon/badtrafficrpt
cd controlpanel
make
Clean: sh
make distclean
@@ -61,12 +89,13 @@ Clean: sh
Package: poorman-ids
Architecture: any
# I think libssl is required by cppcms. libmysqlclient18 is probably cppdb
Depends: libc6, libstdc++6, cppdb (>= 0.3.1-4), cppcms, libssl1.0.0,
libmysqlclient18
Depends: libc6, libstdc++6, cppdb (>= 0.3.1-4), cppcms, libssl1.0.0
#Depends: []
Recommends: libmysqlclient18
Description: .
Install: sh
dpak install -sbin trafficmon/trafficmon trafficmon/badtrafficrpt
dpak install -sbin iptraffic trafficmon/trafficmon trafficmon/badtrafficrpt
dpak install -sbin trafficmon/dnsblacklist trafficmon/domblacklist
dpak install -sbin controlpanel/trafficctrl
dpak strip
dpak install -conf -subdir poorman-ids sample.conf controlpanel/sample.js
@@ -83,13 +112,15 @@ Finalize: sh
chmod -R g-s "$DPAK_ROOT"
chmod 700 "$DPAK_ROOT/etc/poorman-ids"
chmod 600 "$DPAK_ROOT/etc/poorman-ids/"*
chmod 644 "$DPAK_ROOT/etc/default/"*
chmod 644 "$DPAK_ROOT/etc/default/"*
chmod 755 "$DPAK_ROOT/etc/init.d/"*
PostInst: sh
update-rc.d trafficmon defaults
update-rc.d trafficctrl defaults
service trafficmon start || true
service trafficctrl start || true
PreRm: sh
# Shut off services so they are RAM resident after install
# Shut off services so they aren't RAM resident after install
service trafficmon stop || true
service trafficctrl stop || true
PostRm: sh


Loading…
Cancel
Save