Changed log table in the update page to chart format (opengatemup).
Added status='P' to represent "Pause" (opengatemup).
</DD>
+ <DT>Ver.0.9.1 at 2014.4.23
+ </DT><DD>
+ Added watch function to report specific addresses (opengatemd).
+ </DD>
</DL>
</BODY>
LIBS = -lezxml -lpcap -L../ezxml -L/usr/local/lib ${LIBSQLITE} ${LIBMYSQL} ${LIBCCMALLOC}
-OBJS = util.o error.o getparam.o managementdb.o workdb.c ipfw.o pcap.o packetcache.o macdbcache.o session.o ttlcheck.o udpserv.o
+OBJS = util.o error.o getparam.o managementdb.o workdb.c ipfw.o pcap.o packetcache.o macdbcache.o session.o ttlcheck.o udpserv.o watchlistcache.o
HDRS = opengatemd.h
MDMAINPROGO = opengatemd.o
udpserv.o: ${HDRS}
+watchlistcache.o: ${HDRS}
+
}
/*************************************************/
+/* Nonfatal error unrelated to a system call.
+ * Print a message and return.
+ * Write with WARNING property */
+/*************************************************/
+void
+err_msg_warn(const char *fmt, ...)
+{
+ va_list ap;
+
+ va_start(ap, fmt);
+ err_doit(0, LOG_WARNING, fmt, ap);
+ va_end(ap);
+ return;
+}
+
+/*************************************************/
/* Fatal error unrelated to a system call.
* Print a message and terminate. */
/*************************************************/
return TRUE;
}
+/*******************************************
+ get next mac address from watchlist table in management db
+ if end of list, return false
+*******************************************/
+int getNextRecordFromWatchlistTableInMngDb(char* macAddress){
+
+ static MYSQL_RES *res=NULL;
+ MYSQL_ROW row;
+ char queryStr[BUFFMAXLN];
+
+ /* set default values */
+ macAddress[0]='\0';
+
+ /* if do not get result yet */
+ if(res==NULL){
+
+ /* prepare query string */
+ snprintf(queryStr, BUFFMAXLN,
+ "select macAddress from watchlist where reporting='Y'" );
+
+ /* send SQL query */
+ if (mysql_query(&mysql, queryStr)){
+ err_msg("ERR at %s#%d: mysql query: %s",__FILE__,__LINE__,
+ mysql_error(&mysql));
+ return FALSE;
+ }
+
+ /* store result */
+ res = mysql_store_result(&mysql);
+ }
+
+ /* output table name */
+ row = mysql_fetch_row(res);
+
+ /* if found, return values */
+ if(row!=NULL){
+ strncpy(macAddress, row[0],ADDRMAXLN);
+ return TRUE;
+ }
+ /* if not found, free memory area */
+ else{
+ mysql_free_result(res);
+ return FALSE;
+ }
+}
+
+/***************************************
+If the watchlist table includes a record matched to ALL, return TRUE.
+***************************************/
+int isAllFoundInWatchlistTable(void){
+ MYSQL_RES *res;
+ MYSQL_ROW row;
+ char queryStr[BUFFMAXLN];
+ int found=FALSE;
+
+ /**** search "ALL" ****/
+ /* prepare query string */
+ snprintf(queryStr, BUFFMAXLN,
+ "select macAddress from watchlist "
+ "where macAddress='ALL'");
+
+ /* send SQL query */
+ if (mysql_query(&mysql, queryStr)){
+
+ /* lost of 'watchlist table' is ignored */
+ if(strcmp(mysql_error(&mysql),
+ "Table 'opengatem.watchlist' doesn't exist")!=0){
+ err_msg("ERR at %s#%d: mysql query: %s",__FILE__,__LINE__,
+ mysql_error(&mysql));
+ }
+ return ERROR;
+ }
+
+
+ res = mysql_use_result(&mysql);
+
+ /* output table name */
+ row = mysql_fetch_row(res);
+
+ /* if not found, row is NULL */
+ if(row==NULL) found=FALSE;
+ else found=TRUE;
+
+ mysql_free_result(res);
+
+ /* if any one found, return TRUE, */
+ return found;
+}
+
/********************************************
routines for debugging output
********************************************/
if(debug>1) err_msg("DEBUG:(%d)<=putMacIpPairToMngDb()",ret);
return ret;
}
+
+int GetNextRecordFromWatchlistTableInMngDb(char* macAddress){
+ int ret;
+ if(debug>1) err_msg("DEBUG:=>getNextRecordFromWatchlisttableInMngDb()");
+ ret = getNextRecordFromWatchlistTableInMngDb(macAddress);
+ if(debug>1) err_msg("DEBUG:(%d)<=getNextRecordFromWatchlistTableInMngDb(%s)",
+ ret,macAddress);
+ return ret;
+}
+
+int IsAllFoundInWatchlistTable(void){
+ int ret;
+ if(debug>1) err_msg("DEBUG:=>isAllFoundInWatchlistTable()");
+ ret = isAllFoundInWatchlistTable();
+ if(debug>1) err_msg("DEBUG:(%d)<=isAllFoundInWatchlistTable()", ret);
+ return ret;
+}
+
InitWorkDb();
if(!InitMngDb()) terminateProg(0);
InitTtlCheck();
+ InitWatchlistCache();
PrepareUdpPort(sigIoHandler); /* UDP port runs as asynchronous */
/* if endService is indicated, close all sessions, and exit */
ConvertIpFromRawToDisplay(macAndIpAddressRaw+MACADDRLN,
addrLen-MACADDRLN, ipAddress);
+ /* if the address is included in watchlist, report the detection */
+ if(IsFoundInWatchlistCache(macAddress)==TRUE){
+ err_msg_warn("WARN: find mac=%s ip=%s", macAddress, ipAddress);
+ }
+
/* check nat/router and save info to db */
isNatOrRouter=IsSentViaNatOrRouter(ipAddress, macAddress, ttl);
if(isNatOrRouter) PutLogAtNatOrRouter(isNatOrRouter,ipAddress,macAddress,ttl);
/* clear data structures (can't reach here, but coded for debugging) */
FreeCache();
FreeMacCache();
+ FreeWatchlistCache();
ClosePcap();
CloseConfFile();
CloseMngDb();
printf(" see detail in Opengate Homepage\n");
printf("\n");
printf(" format: %s [arg] \n", procName);
- printf(" arg : -c = run on console (default is daemon)\n");
+ printf(" arg : -c = run on console (run as daemon in default)\n");
printf(" : -e = close all sessions and end service\n");
- printf(" : -r = reload deamon\n");
+ printf(" : -r = reload deamon(not close sessions)\n");
printf(" : -s = stop deamon (not close sessions)\n");
printf(" : -v = show make dir to check version\n");
}
void err_sys(const char *fmt, ...);
void err_dump(const char *fmt, ...);
void err_msg(const char *fmt, ...);
+void err_msg_warn(const char *fmt, ...);
void err_quit(const char *fmt, ...);
void errToSyslog(int i);
int PutCloseToMngDb(char* macAddress);
int PutOpenToMngDb(char* macAddress);
int PutMacIpPairToMngDb(char* macAddress, char* ipAddress);
+int GetNextRecordFromWatchlistTableInMngDb(char* macAddress);
+int IsAllFoundInWatchlistTable(void);
/* workdb.c */
int SetupSqliteBusyTimeoutValue(void);
int DelMacCacheItem(char* macAddress);
int AddMacCacheItem(char* macAddress, char* userId, char* extraId, int found);
+/* watchlistcache.c */
+void InitWatchlistCache(void);
+int AddWatchlistCacheItem(char* macAddress);
+int IsFoundInWatchlistCache(char* macAddress);
+void FreeWatchlistCache(void);
--- /dev/null
+/**************************************************
+OpengateM - a MAC address authentication system
+ module to control cache for watchlist
+
+ the cache holds the temporary copy of watchlist table existing in MngDb.
+ the cache is prepared at reloading the daemon.
+ Implemented with HashTable.
+ HashTable:
+ Key= MAC Address
+ Val= none
+ The watchlist table has the data for specific syslog reporting
+
+Copyright (C) 2014 Opengate Project Team
+Written by Yoshiaki Watanabe
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+Email: watanaby@is.saga-u.ac.jp
+**************************************************/
+#include "opengatemd.h"
+
+/* HashTable to store MacAddress->none */
+static DB* watchlistHash;
+
+/* specific record is included in the watchlist table */
+static int foundAll=FALSE;
+static int cacheItemCount=0;
+
+/****************************************
+initialize watchlist Cache and load from MySQL
+****************************************/
+void initWatchlistCache(void) {
+ char macAddress[ADDRMAXLN];
+
+ /* prepare hash table */
+ if((watchlistHash = dbopen(NULL, O_CREAT | O_RDWR, 0644, DB_HASH, NULL)) == NULL) {
+ err_msg("ERR at %s#%d: fail to open watchlist hash table",__FILE__,__LINE__);
+ terminateProg(0);
+ }
+
+ /* if "ALL" record is included in the table, skip address loading */
+ foundAll=IsAllFoundInWatchlistTable();
+ if(foundAll) return;
+
+ /* read MySQL and insert to hash */
+ while(GetNextRecordFromWatchlistTableInMngDb(macAddress)){
+ AddWatchlistCacheItem(macAddress);
+ cacheItemCount++;
+ }
+}
+
+/****************************************
+add an item to watchlist cache
+****************************************/
+int addWatchlistCacheItem(char* macAddress) {
+
+ DBT hashKey;
+ DBT hashVal;
+ char hashValueStr[]="";
+
+ /* check address format */
+ if(isNull(macAddress)) return FALSE;
+ if(!ReFormatMacAddr(macAddress)) return FALSE;
+
+ /** setup hash key **/
+ /* hash key : string of mac address */
+ hashKey.data = macAddress;
+ hashKey.size = strlen(macAddress) + 1;
+
+ /** setup hash value **/
+ /* hash value : "" */
+ hashVal.data = hashValueStr;
+ hashVal.size = 1;
+ if(watchlistHash->put(watchlistHash, &hashKey, &hashVal, 0) == -1) {
+ err_msg("ERR at %s#%d: fail to put into hash table",__FILE__,__LINE__);
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/****************************************
+if address is found in cache return true,
+else return error.
+****************************************/
+int isFoundInWatchlistCache(char* macAddress){
+
+ DBT hashKey;
+ DBT hashVal;
+ int ret;
+
+ /* if cache is empty, return false */
+ if(cacheItemCount==0) return FALSE;
+
+ /* if watchlist table includes 'ALL' record, return true */
+ /* if searching the 'ALL' record is failed, return error */
+ if(foundAll==TRUE) return TRUE;
+ if(foundAll==ERROR) return ERROR;
+
+ /* if null or illegal form, return */
+ if(isNull(macAddress)) return ERROR;
+ if(!ReFormatMacAddr(macAddress)) return ERROR;
+
+ /***** get hashed item matched to the indicated mac */
+ hashKey.data = macAddress;
+ hashKey.size = strlen(macAddress) + 1;
+ memset(&hashVal, 0, sizeof(DBT));
+ ret=watchlistHash->get(watchlistHash, &hashKey, &hashVal, 0);
+
+ /* get is failed, return false */
+ if(ret!=0) return FALSE;
+
+ /* get is successed */
+ return TRUE;
+}
+
+/****************************************
+Memory free for watchlist Cache
+****************************************/
+void freeWatchlistCache(void) {
+
+ watchlistHash->close(watchlistHash);
+}
+
+
+/****************************************************
+ routines for debugging putput
+ ***************************************************/
+void InitWatchlistCache(void) {
+ if(debug>1) err_msg("DEBUG:=>initWatchlistCache( )");
+ initWatchlistCache();
+ if(debug>1) err_msg("DEBUG:<=initWatchlistCache( )");
+}
+
+int AddWatchlistCacheItem(char* macAddress) {
+ int ret;
+ if(debug>1) err_msg("DEBUG:=>addWatchlistCacheItem(%s)",
+ macAddress);
+ ret = addWatchlistCacheItem(macAddress);
+ if(debug>1) err_msg("DEBUG:(%d)<=addWatchlistCacheItem( )",ret);
+ return ret;
+}
+
+int IsFoundInWatchlistCache(char* macAddress){
+ int ret;
+ if(debug>1) err_msg("DEBUG:=>isFoundInWatchlistCache(%s)", macAddress);
+ ret = isFoundInWatchlistCache(macAddress);
+ if(debug>1) err_msg("DEBUG:(%d)<=isFoundInWatchlistCache()",ret);
+ return ret;
+}
+
+void FreeWatchlistCache(void) {
+ if(debug>1) err_msg("DEBUG:=>freeWatchlistCache()");
+ freeWatchlistCache();
+ if(debug>1) err_msg("DEBUG:<=freeWatchlistCache()");
+}
oui CHAR(8),
org TINYTEXT);
+create table if not exists watchlist(
+ macAddress CHAR(18),
+ reporting CHAR(1),
+ memo TINYTEXT);
+
create or replace view sessionview as select
userId,
extraId,