2 * (C)opyright 1995-1998 Darren Reed.
4 * See the IPFILTER.LICENCE file for details on licencing.
6 * The author of this software makes no garuntee about the
7 * performance of this package or its suitability to fulfill any purpose.
17 #include <sys/types.h>
19 #include <sys/socket.h>
20 #include <netinet/in.h>
21 #include <netinet/in_systm.h>
22 #include <netinet/ip.h>
23 #include <netinet/tcp.h>
24 #include <netinet/udp.h>
25 #include <netinet/ip_icmp.h>
27 #include <netinet/ip_var.h>
28 #include <netinet/tcpip.h>
30 #include "ip_compat.h"
32 #include <linux/sockios.h>
38 static const char sccsid[] = "@(#)ipsdr.c 1.3 12/3/95 (C)1995 Darren Reed";
39 static const char rcsid[] = "@(#)$Id: ipsdr.c,v 2.1.4.1 2001/06/26 10:43:21 darrenr Exp $";
47 u_short defports[NPORTS] = {
48 7, 9, 20, 21, 23, 25, 53, 69, 79, 111,
49 123, 161, 162, 512, 513, 513, 515, 520, 540, 6000, 0
51 u_short pweights[NPORTS] = {
52 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
53 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1
56 ipsd_t *iphits[NPORTS];
63 return sh1->sh_ip.s_addr - sh2->sh_ip.s_addr;
70 return sh1->ss_ip.s_addr - sh2->ss_ip.s_addr;
79 for (i = 1, j = 0; i; i <<= 1)
87 * Check to see if we've already received a packet from this host for this
90 int findhit(ihp, src, dport)
100 if (ihp->sd_sz == 4) {
101 for (i = 0, sh = ihp->sd_hit; i < ihp->sd_cnt; i++, sh++)
102 if (src.s_addr == sh->sh_ip.s_addr)
105 for (i = ihp->sd_cnt / 2, j = (i / 2) - 1; j >= 0; j--) {
106 k = ihp->sd_hit[i].sh_ip.s_addr - src.s_addr;
120 * Search for port number amongst the sorted array of targets we're
123 int detect(srcip, dport, date)
124 struct in_addr srcip;
132 for (i = 10, j = 4; j >= 0; j--) {
133 k = dport - defports[i];
136 if (findhit(ihp, srcip, dport))
138 sh = ihp->sd_hit + ihp->sd_cnt;
141 if (++ihp->sd_cnt == ihp->sd_sz)
144 sh = realloc(sh, ihp->sd_sz * sizeof(*sh));
147 qsort(sh, ihp->sd_cnt, sizeof(*sh), ipcmp);
160 * Allocate initial storage for hosts
166 for (i = 0; i < NPORTS; i++) {
168 if (iphits[i]->sd_hit)
169 free(iphits[i]->sd_hit);
172 iphits[i] = (ipsd_t *)malloc(sizeof(ipsd_t));
173 iphits[i]->sd_port = defports[i];
174 iphits[i]->sd_cnt = 0;
175 iphits[i]->sd_sz = 4;
176 iphits[i]->sd_hit = (sdhit_t *)malloc(sizeof(sdhit_t) * 4);
182 * Write statistics out to a file
187 ipsd_t ipsd, *ips = &ipsd;
192 if ((fd = open(file, O_RDONLY)) == -1) {
197 printf("opened %s\n", file);
199 if (read(fd, ips, sizeof(*ips)) != sizeof(*ips))
201 sz = ips->sd_sz * sizeof(*hp);
202 hp = (sdhit_t *)malloc(sz);
203 if (read(fd, hp, sz) != sz)
205 for (i = 0; i < ips->sd_cnt; i++)
206 detect(hp[i].sh_ip, ips->sd_port, hp[i].sh_date);
219 i = scandir(dir, &d, NULL, NULL);
221 for (j = 0; j < i; j++) {
222 if (strncmp(d[j]->d_name, "ipsd-hits.", 10))
224 addfile(d[j]->d_name);
229 void printreport(ss, num)
238 printf("Hosts detected: %d\n", num);
241 for (i = 0; i < num; i++)
242 printf("%s %d %d\n", inet_ntoa(ss[i].ss_ip), ss[i].ss_hits,
243 countpbits(ss[i].ss_ports));
245 printf("--------------------------\n");
246 for (mask = 0xfffffffe, j = 32; j; j--, mask <<= 1) {
247 ip.s_addr = ss[0].ss_ip.s_addr & mask;
248 ports = ss[0].ss_ports;
249 for (i = 1; i < num; i++) {
251 if (ip.s_addr != (sp->ss_ip.s_addr & mask)) {
252 printf("Netmask: 0x%08x\n", mask);
253 printf("%s %d\n", inet_ntoa(ip),
255 ip.s_addr = sp->ss_ip.s_addr & mask;
258 ports |= sp->ss_ports;
261 printf("Netmask: 0x%08x\n", mask);
262 printf("%s %d\n", inet_ntoa(ip), countpbits(ports));
272 int i, num, nip, in, j, k;
274 for (i = 0; i < NPORTS; i++)
275 nip += iphits[i]->sd_cnt;
277 ss = (ipss_t *)malloc(sizeof(ipss_t) * nip);
279 for (in = 0, i = 0, num = 0; i < NPORTS; i++) {
281 for (j = 0; j < ips->sd_cnt; j++) {
282 for (k = 0; k < num; k++)
283 if (!bcmp(&ss[k].ss_ip, &ips->sd_hit[j].sh_ip,
284 sizeof(struct in_addr))) {
285 ss[k].ss_hits += pweights[i];
286 ss[k].ss_ports |= (1 << i);
290 ss[num].ss_ip = ips->sd_hit[j].sh_ip;
291 ss[num].ss_hits = pweights[i];
292 ss[k].ss_ports |= (1 << i);
298 qsort(ss, num, sizeof(*ss), ssipcmp);
300 printreport(ss, num);
308 char c, *name = argv[0], *dir = NULL;
312 dir = dir ? dir : ".";