* Simplified Makefile. * Rebased trafficmon's app class config on iptraffic's config so all the trafficmon bits have access to the same data+MySQL login. * Added ignore logic to badtrafficrpt * Changed trafficctrl's Makefile to force C++11, since C++CMS needs it. * Version bump in DPAKmaster
@@ -1,5 +1,6 @@ | |||||
# cm-20220225 testing controlpanel messages with symbols left in | # cm-20220225 testing controlpanel messages with symbols left in | ||||
#O=-s | |||||
CXXFLAGS=-s | |||||
LDFLAGS=-lcppdb | |||||
### Program Targets ### | ### Program Targets ### | ||||
@@ -10,50 +11,28 @@ all: iptraffic trafficmon/badtrafficrpt trafficmon/dnsblacklist trafficmon/dombl | |||||
controlpanel/trafficctrl: | controlpanel/trafficctrl: | ||||
cd controlpanel && make trafficctrl | cd controlpanel && make trafficctrl | ||||
iptraffic: iptraffic.cpp strutil.o data.o config.o cli.o miniini.o | |||||
g++ $O -o $@ $@.cpp strutil.o data.o config.o cli.o miniini.o | |||||
trafficmon/badtrafficrpt: trafficmon/badtrafficrpt.cpp cli.o miniini.o strutil.o trafficmon/appbase.o | |||||
g++ $O -o $@ $@.cpp strutil.o cli.o miniini.o trafficmon/appbase.o -lcppdb | |||||
trafficmon/dnsblacklist: trafficmon/dnsblacklist.cpp cli.o miniini.o strutil.o trafficmon/appbase.o | |||||
g++ $O -o $@ $@.cpp strutil.o cli.o miniini.o trafficmon/appbase.o -lcppdb | |||||
trafficmon/domblacklist: trafficmon/domblacklist.cpp cli.o miniini.o strutil.o trafficmon/appbase.o | |||||
g++ $O -o $@ $@.cpp strutil.o cli.o miniini.o trafficmon/appbase.o -lcppdb | |||||
trafficmon/impblack: trafficmon/impblack.cpp strutil.o cli.o miniini.o trafficmon/appbase.o | |||||
g++ $O -o $@ $@.cpp strutil.o cli.o miniini.o trafficmon/appbase.o -lcppdb | |||||
trafficmon/trafficmon: trafficmon/trafficmon.cpp strutil.o data.o config.o cli.o miniini.o trafficmon/appbase.o | |||||
g++ $O -o $@ $@.cpp strutil.o data.o config.o cli.o miniini.o trafficmon/appbase.o -lcppdb | |||||
iptraffic: iptraffic.cpp strutil.o data.o config.o cli.o miniini.o | |||||
trafficmon/badtrafficrpt: trafficmon/badtrafficrpt.cpp config.o cli.o data.o miniini.o strutil.o trafficmon/appbase.o | |||||
trafficmon/dnsblacklist: trafficmon/dnsblacklist.cpp config.o cli.o data.o miniini.o strutil.o trafficmon/appbase.o | |||||
trafficmon/domblacklist: trafficmon/domblacklist.cpp config.o cli.o data.o miniini.o strutil.o trafficmon/appbase.o | |||||
trafficmon/impblack: trafficmon/impblack.cpp strutil.o config.o cli.o data.o miniini.o trafficmon/appbase.o | |||||
trafficmon/trafficmon: trafficmon/trafficmon.cpp strutil.o data.o config.o cli.o miniini.o trafficmon/appbase.o | |||||
### Libs ### | ### Libs ### | ||||
cli.o: cli.cpp cli.h | |||||
g++ $O -c -o $@ cli.cpp | |||||
config.o: config.cpp config.h strutil.o data.o miniini.o | |||||
g++ $O -c -o $@ config.cpp | |||||
data.o: data.cpp data.h strutil.o | |||||
g++ $O -c -o $@ data.cpp | |||||
miniini.o: miniini.cpp miniini.h strutil.o | |||||
g++ $O -c -o $@ miniini.cpp | |||||
strutil.o: strutil.cpp strutil.h | |||||
g++ $O -c -o $@ strutil.cpp | |||||
trafficmon/appbase.o: trafficmon/appbase.cpp trafficmon/appbase.h cli.o miniini.o | |||||
g++ $O -c -o $@ trafficmon/appbase.cpp | |||||
cli.o: cli.cpp cli.h | |||||
config.o: config.cpp config.h strutil.h data.h miniini.h | |||||
data.o: data.cpp data.h strutil.h | |||||
miniini.o: miniini.cpp miniini.h strutil.h | |||||
strutil.o: strutil.cpp strutil.h | |||||
trafficmon/appbase.o: trafficmon/appbase.cpp trafficmon/appbase.h config.h cli.h data.h miniini.h strutil.h | |||||
### Source Maintenance ### | ### Source Maintenance ### | ||||
.PHONY: clean distclean | |||||
.PHONY: clean distclean docs | |||||
clean: | clean: | ||||
rm *.o */*.o || true | rm *.o */*.o || true | ||||
distclean: clean | distclean: clean | ||||
@@ -61,3 +40,5 @@ distclean: clean | |||||
rm trafficmon/dnsblacklist trafficmon/domblacklist trafficmon/impblack || true | rm trafficmon/dnsblacklist trafficmon/domblacklist trafficmon/impblack || true | ||||
rm *.deb || true | rm *.deb || true | ||||
cd controlpanel && make distclean | cd controlpanel && make distclean | ||||
docs: | |||||
doxygen Doxyfile |
@@ -1,3 +1,11 @@ | |||||
TODO | |||||
==== | |||||
- trafficctl: wild-card whitelisting. Either just remember "accepts" or use the "*" notation. | |||||
- trafficctl: "whole domain" should only change those entries in the group being reported. What about "*". | |||||
- should probably convert to use static-linked MySQL client. C++DB has trouble with longterm connections. | |||||
- trafficctl: comment field? | |||||
BUGS | BUGS | ||||
==== | ==== | ||||
@@ -1,12 +1,8 @@ | |||||
# Optional compiler flags | |||||
#O=-std=c++11 | |||||
# Optional compiler flags - C++CMS templates need C++11 | |||||
O=-std=c++11 | |||||
trafficctrl: trafficctrl.cpp data.h ../strutil.o mainskin.o | trafficctrl: trafficctrl.cpp data.h ../strutil.o mainskin.o | ||||
g++ $O -o $@ $@.cpp mainskin.o ../strutil.o -lcppcms -lcppdb -lbooster | g++ $O -o $@ $@.cpp mainskin.o ../strutil.o -lcppcms -lcppdb -lbooster | ||||
../strutil.o: ../strutil.cpp ../strutil.h | |||||
cd .. && make strutil.o | |||||
mainskin.cxx: mainskin.tmpl | mainskin.cxx: mainskin.tmpl | ||||
cppcms_tmpl_cc -o $@ mainskin.tmpl | cppcms_tmpl_cc -o $@ mainskin.tmpl | ||||
mainskin.o: mainskin.cxx data.h | mainskin.o: mainskin.cxx data.h | ||||
@@ -13,6 +13,14 @@ Copyright: . | |||||
Origin: JFP | Origin: JFP | ||||
Packaged-For: JF Possibilities, Inc. | Packaged-For: JF Possibilities, Inc. | ||||
changelog: | changelog: | ||||
(0.8-1j) unstable; urgency=low | |||||
. | |||||
** This is an alpha release ** | |||||
. | |||||
* Add [ignores] handling to badtrafficfrpt | |||||
. | |||||
-- Jon Foster <jon@jfpossibilities.com> Tue, 19 Mar 2024 12:34:33 -0700 | |||||
. | |||||
(0.7-1j) unstable; urgency=low | (0.7-1j) unstable; urgency=low | ||||
. | . | ||||
** This is an alpha release ** | ** This is an alpha release ** | ||||
@@ -12,7 +12,7 @@ | |||||
#define __IDS_MONITOR_BASE_APP_H__ | #define __IDS_MONITOR_BASE_APP_H__ | ||||
#include <cppdb/frontend.h> | #include <cppdb/frontend.h> | ||||
#include "../cli.h" | #include "../cli.h" | ||||
#include "../miniini.h" | |||||
#include "../config.h" | |||||
@@ -23,7 +23,7 @@ | |||||
// ignore the parts they aren't interested in. | // ignore the parts they aren't interested in. | ||||
////////////////////////////////////////////////////////////////////// | ////////////////////////////////////////////////////////////////////// | ||||
struct MonitorBaseConf: public MiniINI { | |||||
struct MonitorBaseConf: public Config { | |||||
MiniINIvars traffic_mon; // This app's config variables | MiniINIvars traffic_mon; // This app's config variables | ||||
MonitorBaseConf() { groups["Traffic Mon"] = &traffic_mon; } | MonitorBaseConf() { groups["Traffic Mon"] = &traffic_mon; } | ||||
@@ -14,6 +14,15 @@ | |||||
// 1. domain name or address if a domain is not known. | // 1. domain name or address if a domain is not known. | ||||
// 2. list of ports that were connected to. | // 2. list of ports that were connected to. | ||||
// 3. count of total connections | // 3. count of total connections | ||||
// | |||||
// 20240319 <jon@jfpossibilities.com> | |||||
// Implemented "ignores" in the report. These use the ignore section | |||||
// used by trafficrpt. But there are some oddities (so far). All | |||||
// report entries are considered to be TCP connections originating | |||||
// from 0.0.0.0 and outbound. This is a cheat to prevent | |||||
// complication in the query process. Its tempting to implement this | |||||
// in trafficmon... but that is a permanent loss of data... still | |||||
// debating. | |||||
////////////////////////////////////////////////////////////////////// | ////////////////////////////////////////////////////////////////////// | ||||
#include <string> | #include <string> | ||||
#include <map> | #include <map> | ||||
@@ -119,14 +128,9 @@ struct ReportData: map<string,ReportLine> { | |||||
inline ostream &operator<<(ostream &out, const ReportData &r){ | inline ostream &operator<<(ostream &out, const ReportData &r){ | ||||
return out << r.ascii(); | return out << r.ascii(); | ||||
} | } | ||||
// NOTE: implementation at bottom. | |||||
namespace cppdb { | namespace cppdb { | ||||
result &operator>>(result &qry, ::ReportData &rpt) { | |||||
string name, addr, port; | |||||
int ct; | |||||
qry >> name >> addr >> port >> ct; | |||||
if(name=="") name=addr; | |||||
rpt.add(name, port, ct); | |||||
} | |||||
result &operator>>(result &qry, ::ReportData &rpt); | |||||
} | } | ||||
@@ -207,3 +211,22 @@ struct appConnectionReport: TrafficMonBaseApp { | |||||
////////////////////////////////////////////////////////////////////// | ////////////////////////////////////////////////////////////////////// | ||||
MAIN(appConnectionReport) | MAIN(appConnectionReport) | ||||
// NOTE: This needs to be down here so it knows of "app", defined by MAIN. | |||||
namespace cppdb { | |||||
result &operator>>(result &qry, ::ReportData &rpt) { | |||||
Conn rec; | |||||
int ct; | |||||
rec.us="0.0.0.0"; | |||||
rec.protocol="TCP"; | |||||
rec.in=0; | |||||
qry >> rec.name >> rec.them >> rec.them_port >> ct; | |||||
// NOTE: ignores can only work from remote addresses. | |||||
if(app.config->ignores.vals.find(rec)<0) { | |||||
if(rec.name=="") rec.name=rec.them; | |||||
rpt.add(rec.name, str(rec.them_port), ct); | |||||
} | |||||
else cerr << "ignored" << endl; | |||||
} | |||||
} |
@@ -23,27 +23,12 @@ | |||||
#include <vector> | #include <vector> | ||||
#include <map> | #include <map> | ||||
#include "../cli.h" | |||||
#include "../data.h" | |||||
#include "../config.h" | |||||
#include "appbase.h" | #include "appbase.h" | ||||
using namespace std; | using namespace std; | ||||
////////////////////////////////////////////////////////////////////// | ////////////////////////////////////////////////////////////////////// | ||||
// Monitor Config | |||||
////////////////////////////////////////////////////////////////////// | |||||
struct MonitorConf: public MonitorBaseConf { | |||||
INIusList us; | |||||
MonitorConf() { groups["us"] = &us; } | |||||
}; | |||||
////////////////////////////////////////////////////////////////////// | |||||
// Application class to store data passed in through a pipe or | // Application class to store data passed in through a pipe or | ||||
// file(s). | // file(s). | ||||
////////////////////////////////////////////////////////////////////// | ////////////////////////////////////////////////////////////////////// | ||||
@@ -72,8 +57,8 @@ struct TrafficMon: public TrafficMonBaseApp { | |||||
running( false), | running( false), | ||||
line_no( 0) | line_no( 0) | ||||
{ | { | ||||
config = new MonitorConf; | |||||
analyze.us = &(((MonitorConf *)config)->us.vals); | |||||
config = new MonitorBaseConf; | |||||
analyze.us = &config->us.vals; | |||||
} | } | ||||
@@ -265,7 +250,7 @@ restart: | |||||
int x; | int x; | ||||
try { | try { | ||||
if(x=TrafficMonBaseApp::main()) return x; | if(x=TrafficMonBaseApp::main()) return x; | ||||
if(!((MonitorConf*)config)->us.vals.size()) throw CLIerror( | |||||
if(!config->us.vals.size()) throw CLIerror( | |||||
"The configuration files MUST contain an [us] section with " | "The configuration files MUST contain an [us] section with " | ||||
"appropriate values" | "appropriate values" | ||||
); | ); | ||||