- release 2

[packages/arpwatch.git] / arpwatch-debian_13opt_allsubnets.patch

Index: arpwatch/arpsnmp.c
diff -u arpwatch/arpsnmp.c:1.1.1.1.2.2 arpwatch/arpsnmp.c:1.1.1.1.2.1.6.2
--- arpwatch/arpsnmp.c:1.1.1.1.2.2      Tue Aug 10 11:14:13 2004
+++ arpwatch/arpsnmp.c  Fri Aug 13 02:17:33 2004
@@ -63,7 +63,7 @@
 /* Forwards */
 int    main(int, char **);
 int    readsnmp(char *);
-int    snmp_add(u_int32_t, u_char *, time_t, char *);
+int    snmp_add(u_int32_t, u_char *, time_t, char *, char *);
 __dead void usage(void) __attribute__((volatile));
 
 char *prog;
@@ -143,22 +143,24 @@
 static time_t now;
 
 int
-snmp_add(register u_int32_t a, register u_char *e, time_t t, register char *h)
+snmp_add(register u_int32_t a, register u_char *e, time_t t, register char *h,
+    char *interface)
 {
        /* Watch for ethernet broadcast */
        if (MEMCMP(e, zero, 6) == 0 || MEMCMP(e, allones, 6) == 0) {
-               dosyslog(LOG_INFO, "ethernet broadcast", a, e, NULL);
+               dosyslog(LOG_INFO, "ethernet broadcast", a, e, NULL,
+                        interface);
                return (1);
        }
 
        /* Watch for some ip broadcast addresses */
        if (a == 0 || a == 1) {
-               dosyslog(LOG_INFO, "ip broadcast", a, e, NULL);
+               dosyslog(LOG_INFO, "ip broadcast", a, e, NULL, interface);
                return (1);
        }
 
        /* Use current time (although it would be nice to subtract idle time) */
-       return (ent_add(a, e, now, h));
+       return (ent_add(a, e, now, h, interface));
 }
 
 /* Process an snmp file */
Index: arpwatch/arpwatch.8
diff -u arpwatch/arpwatch.8:1.1.1.1.2.2 arpwatch/arpwatch.8:1.1.1.1.8.5
--- arpwatch/arpwatch.8:1.1.1.1.2.2     Thu Aug 12 22:31:09 2004
+++ arpwatch/arpwatch.8 Fri Aug 13 01:54:24 2004
@@ -63,6 +63,13 @@
 ]
 .\" **
 .\" **
+.br
+.ti +8
+[
+.B -a
+]
+.\" **
+.\" **
 .ad
 .SH DESCRIPTION
 .B Arpwatch
@@ -127,6 +134,20 @@
 .\" **
 .\" **
 .LP
+(Debian) 
+.B -a
+By default,
+.B arpwatch
+reports bogons (unless
+.B -N
+is given) for IP addresses that are in the same subnet than the
+first IP address of the default interface.  If this option is
+specified,
+.B arpwatch
+will report bogons about every IP addresses.
+.\" **
+.\" **
+.LP
 Note that an empty
 .I arp.dat
 file must be created before the first time you run
Index: arpwatch/arpwatch.c
diff -u arpwatch/arpwatch.c:1.1.1.1.2.5 arpwatch/arpwatch.c:1.1.1.1.2.1.6.11
--- arpwatch/arpwatch.c:1.1.1.1.2.5     Sat Aug 14 02:33:07 2004
+++ arpwatch/arpwatch.c Sat Aug 14 02:34:27 2004
@@ -141,6 +141,8 @@
 int    sanity_fddi(struct fddi_header *, struct ether_arp *, int);
 __dead void usage(void) __attribute__((volatile));
 
+static char *interface;
+
 int
 main(int argc, char **argv)
 {
@@ -150,7 +152,7 @@
        register int fd;
 #endif
        register pcap_t *pd;
-       register char *interface, *rfilename;
+       register char *rfilename;
        struct bpf_program code;
        char errbuf[PCAP_ERRBUF_SIZE];
        char options[] =
@@ -172,6 +174,9 @@
                "r:"
                /**/
                /**/
+               "a"
+               /**/
+               /**/
        ;
 
        if (argv[0] == NULL)
@@ -193,6 +198,10 @@
        while ((op = getopt(argc, argv, options)) != EOF)
                switch (op) {
 
+               case 'a':
+                       ++allsubnets;
+                       break;
+
                case 'd':
                        ++debug;
 #ifndef DEBUG
@@ -401,29 +410,31 @@
 
        /* Watch for bogons */
        if (isbogon(sia)) {
-               dosyslog(LOG_INFO, "bogon", sia, sea, sha);
-               return;
+               dosyslog(LOG_INFO, "bogon", sia, sea, sha, interface);
+               if (!allsubnets) return;
        }
 
        /* Watch for ethernet broadcast */
        if (MEMCMP(sea, zero, 6) == 0 || MEMCMP(sea, allones, 6) == 0 ||
            MEMCMP(sha, zero, 6) == 0 || MEMCMP(sha, allones, 6) == 0) {
-               dosyslog(LOG_INFO, "ethernet broadcast", sia, sea, sha);
+               dosyslog(LOG_INFO, "ethernet broadcast", sia, sea, sha,
+                        interface);
                return;
        }
 
        /* Double check ethernet addresses */
        if (MEMCMP(sea, sha, 6) != 0) {
-               dosyslog(LOG_INFO, "ethernet mismatch", sia, sea, sha);
+               dosyslog(LOG_INFO, "ethernet mismatch", sia, sea, sha,
+                        interface);
                return;
        }
 
        /* Got a live one */
        t = h->ts.tv_sec;
        can_checkpoint = 0;
-       if (!ent_add(sia, sea, t, NULL))
-               syslog(LOG_ERR, "ent_add(%s, %s, %ld) failed",
-                   intoa(sia), e2str(sea), t);
+       if (!ent_add(sia, sea, t, NULL, interface))
+               syslog(LOG_ERR, "ent_add(%s, %s, %ld, %s) failed",
+                   intoa(sia), e2str(sea), t, interface);
        can_checkpoint = 1;
 }
 
@@ -550,29 +561,31 @@
 
        /* Watch for bogons */
        if (isbogon(sia)) {
-               dosyslog(LOG_INFO, "bogon", sia, sea, sha);
-               return;
+               dosyslog(LOG_INFO, "bogon", sia, sea, sha, interface);
+               if (!allsubnets) return;
        }
 
        /* Watch for ethernet broadcast */
        if (MEMCMP(sea, zero, 6) == 0 || MEMCMP(sea, allones, 6) == 0 ||
            MEMCMP(sha, zero, 6) == 0 || MEMCMP(sha, allones, 6) == 0) {
-               dosyslog(LOG_INFO, "ethernet broadcast", sia, sea, sha);
+               dosyslog(LOG_INFO, "ethernet broadcast", sia, sea, sha,
+                        interface);
                return;
        }
 
        /* Double check ethernet addresses */
        if (MEMCMP(sea, sha, 6) != 0) {
-               dosyslog(LOG_INFO, "ethernet mismatch", sia, sea, sha);
+               dosyslog(LOG_INFO, "ethernet mismatch", sia, sea, sha,
+                        interface);
                return;
        }
 
        /* Got a live one */
        t = h->ts.tv_sec;
        can_checkpoint = 0;
-       if (!ent_add(sia, sea, t, NULL))
-               syslog(LOG_ERR, "ent_add(%s, %s, %ld) failed",
-                   intoa(sia), e2str(sea), t);
+       if (!ent_add(sia, sea, t, NULL, interface))
+               syslog(LOG_ERR, "ent_add(%s, %s, %ld, %s) failed",
+                   intoa(sia), e2str(sea), t, interface);
        can_checkpoint = 1;
 }
 
@@ -785,6 +798,9 @@
                "[-r file] "
                /**/
                /**/
+               "[-a] "
+               /**/
+               /**/
                "\n"
        ;
 
Index: arpwatch/db.c
diff -u arpwatch/db.c:1.1.1.1 arpwatch/db.c:1.1.1.1.8.1
--- arpwatch/db.c:1.1.1.1       Tue Apr 17 13:31:36 2001
+++ arpwatch/db.c       Fri Aug 13 02:17:33 2004
@@ -64,6 +64,7 @@
        u_char e[6];            /* ether address */
        char h[34];             /* simple hostname */
        time_t t;               /* timestamp */
+       char i[16];             /* interface */
 };
 
 /* Address info */
@@ -80,13 +81,14 @@
 
 static void alist_alloc(struct ainfo *);
 int cmpeinfo(const void *, const void *);
-static struct einfo *elist_alloc(u_int32_t, u_char *, time_t, char *);
+static struct einfo *elist_alloc(u_int32_t, u_char *, time_t, char *, char *);
 static struct ainfo *ainfo_find(u_int32_t);
 static void check_hname(struct ainfo *);
 struct ainfo *newainfo(void);
 
 int
-ent_add(register u_int32_t a, register u_char *e, time_t t, register char *h)
+ent_add(register u_int32_t a, register u_char *e, time_t t, register char *h,
+       char *interface)
 {
        register struct ainfo *ap;
        register struct einfo *ep;
@@ -103,7 +105,8 @@
                ep = ap->elist[0];
                if (MEMCMP(e, ep->e, 6) == 0) {
                        if (t - ep->t > NEWACTIVITY_DELTA) {
-                               report("new activity", a, e, NULL, &t, &ep->t);
+                               report("new activity", a, e, NULL, &t, &ep->t,
+                                      interface);
                                check_hname(ap);
                        }
                        ep->t = t;
@@ -114,8 +117,8 @@
        /* Check for a virgin ainfo record */
        if (ap->ecount == 0) {
                ap->ecount = 1;
-               ap->elist[0] = elist_alloc(a, e, t, h);
-               report("new station", a, e, NULL, &t, NULL);
+               ap->elist[0] = elist_alloc(a, e, t, h, interface);
+               report("new station", a, e, NULL, &t, NULL, interface);
                return (1);
        }
 
@@ -133,9 +136,11 @@
                        if (t - t2 < FLIPFLIP_DELTA &&
                            (isdecnet(e) || isdecnet(e2)))
                                dosyslog(LOG_INFO,
-                                   "suppressed DECnet flip flop", a, e, e2);
+                                   "suppressed DECnet flip flop", a, e, e2,
+                                   interface);
                        else
-                               report("flip flop", a, e, e2, &t, &t2);
+                               report("flip flop", a, e, e2, &t, &t2,
+                                      interface);
                        ap->elist[1] = ap->elist[0];
                        ap->elist[0] = ep;
                        ep->t = t;
@@ -151,7 +156,7 @@
                        e2 = ap->elist[0]->e;
                        t2 = ap->elist[0]->t;
                        dosyslog(LOG_NOTICE, "reused old ethernet address",
-                           a, e, e2);
+                           a, e, e2, interface);
                        /* Shift entries down */
                        len = i * sizeof(ap->elist[0]);
                        BCOPY(&ap->elist[0], &ap->elist[1], len);
@@ -165,12 +170,12 @@
        /* New ether address */
        e2 = ap->elist[0]->e;
        t2 = ap->elist[0]->t;
-       report("changed ethernet address", a, e, e2, &t, &t2);
+       report("changed ethernet address", a, e, e2, &t, &t2, interface);
        /* Make room at head of list */
        alist_alloc(ap);
        len = ap->ecount * sizeof(ap->elist[0]);
        BCOPY(&ap->elist[0], &ap->elist[1], len);
-       ap->elist[0] = elist_alloc(a, e, t, h);
+       ap->elist[0] = elist_alloc(a, e, t, h, interface);
        ++ap->ecount;
        return (1);
 }
@@ -227,7 +232,7 @@
                for (ap = &ainfo_table[i]; ap != NULL; ap = ap->next)
                        for (j = 0; j < ap->ecount; ++j) {
                                ep = ap->elist[j];
-                               (*fn)(ap->a, ep->e, ep->t, ep->h);
+                               (*fn)(ap->a, ep->e, ep->t, ep->h, ep->i);
                                ++n;
                        }
        return (n);
@@ -259,7 +264,7 @@
 /* Allocate and initialize a elist struct */
 static struct einfo *
 elist_alloc(register u_int32_t a, register u_char *e, register time_t t,
-    register char *h)
+    register char *h, char *interface)
 {
        register struct einfo *ep;
        register u_int size;
@@ -286,6 +291,8 @@
        if (h != NULL && !isdigit((int)*h))
                strcpy(ep->h, h);
        ep->t = t;
+       if (interface != NULL)
+               strncpy(ep->i, interface, 16);
        return (ep);
 }
 
Index: arpwatch/db.h
diff -u arpwatch/db.h:1.1.1.1 arpwatch/db.h:1.1.1.1.8.1
--- arpwatch/db.h:1.1.1.1       Tue Apr 17 13:31:36 2001
+++ arpwatch/db.h       Fri Aug 13 02:17:33 2004
@@ -1,10 +1,10 @@
 /* @(#) $Header$ (LBL) */
 
-typedef void (*ent_process)(u_int32_t, u_char *, time_t, char *);
+typedef void (*ent_process)(u_int32_t, u_char *, time_t, char *, char *);
 
 #ifdef DEBUG
 void   debugdump(void);
 #endif
-int    ent_add(u_int32_t, u_char *, time_t, char *);
+int    ent_add(u_int32_t, u_char *, time_t, char *, char *);
 int    ent_loop(ent_process);
 void   sorteinfo(void);
Index: arpwatch/file.c
diff -u arpwatch/file.c:1.1.1.1 arpwatch/file.c:1.1.1.1.8.1
--- arpwatch/file.c:1.1.1.1     Tue Apr 17 13:31:37 2001
+++ arpwatch/file.c     Fri Aug 13 02:17:33 2004
@@ -69,6 +69,7 @@
        u_int32_t a;
        register time_t t;
        register struct hostent *hp;
+       char *interface;
        char line[1024];
        u_char e[6];
 
@@ -117,6 +118,7 @@
                if (cp2 == NULL) {
                        t = 0;
                        h = NULL;
+                       interface = NULL;
                } else {
                        t = atoi(cp2);
                        h = strchr(cp2, '\t');
@@ -126,11 +128,18 @@
                                while (*cp2 != '\n' && *cp2 != '\t' &&
                                    *cp2 != '\0')
                                        ++cp2;
+                               if (*cp2 == '\t') {
+                                   *cp2++ = '\0';
+                                   while (*cp2 != '\n' && *cp2 != '\t' &&
+                                          *cp2 != '\0') ++cp2;
+                               } else {
+                                   interface = NULL;
+                               }
                                *cp2 = '\0';
                        }
                }
 
-               if (!(*fn)(a, e, t, h))
+               if (!(*fn)(a, e, t, h, interface))
                        return(0);
        }
 
Index: arpwatch/file.h
diff -u arpwatch/file.h:1.1.1.1 arpwatch/file.h:1.1.1.1.8.1
--- arpwatch/file.h:1.1.1.1     Tue Apr 17 13:31:37 2001
+++ arpwatch/file.h     Fri Aug 13 02:17:33 2004
@@ -1,5 +1,5 @@
 /* @(#) $Header$ (LBL) */
 
-typedef int (*file_process)(u_int32_t, u_char *, time_t, char *);
+typedef int (*file_process)(u_int32_t, u_char *, time_t, char *, char *);
 
 int file_loop(FILE *, file_process, const char *);
Index: arpwatch/report.c
diff -u arpwatch/report.c:1.1.1.1 arpwatch/report.c:1.1.1.1.8.1
--- arpwatch/report.c:1.1.1.1   Tue Apr 17 13:31:37 2001
+++ arpwatch/report.c   Fri Aug 13 02:17:33 2004
@@ -233,7 +233,8 @@
 
 void
 report(register char *title, register u_int32_t a, register u_char *e1,
-    register u_char *e2, register time_t *t1p, register time_t *t2p)
+    register u_char *e2, register time_t *t1p, register time_t *t2p,
+    char *interface)
 {
        register char *cp, *hn;
        register int fd, pid;
@@ -253,7 +254,7 @@
 
        if (debug) {
                if (debug > 1) {
-                       dosyslog(LOG_NOTICE, title, a, e1, e2);
+                       dosyslog(LOG_NOTICE, title, a, e1, e2, interface);
                        return;
                }
                f = stdout;
@@ -270,7 +271,7 @@
                }
 
                /* Syslog this event too */
-               dosyslog(LOG_NOTICE, title, a, e1, e2);
+               dosyslog(LOG_NOTICE, title, a, e1, e2, interface);
 
                /* Update child depth */
                ++cdepth;
@@ -302,16 +303,19 @@
 
        (void)fprintf(f, "From: %s\n", watchee);
        (void)fprintf(f, "To: %s\n", watcher);
+       if (interface == NULL) interface = ""; /* shouldn't happen */
        hn = gethname(a);
        if (!isdigit(*hn))
-               (void)fprintf(f, "Subject: %s (%s)\n", title, hn);
+               (void)fprintf(f, "Subject: %s (%s) %s\n", title, hn,
+                             interface);
        else {
-               (void)fprintf(f, "Subject: %s\n", title);
+               (void)fprintf(f, "Subject: %s %s\n", title, interface);
                hn = unknown;
        }
        (void)putc('\n', f);
        (void)fprintf(f, fmt, "hostname", hn);
        (void)fprintf(f, fmt, "ip address", intoa(a));
+       (void)fprintf(f, fmt, "interface", interface);
        (void)fprintf(f, fmt, "ethernet address", e2str(e1));
        if ((cp = ec_find(e1)) == NULL)
                cp = unknown;
Index: arpwatch/report.h
diff -u arpwatch/report.h:1.1.1.1 arpwatch/report.h:1.1.1.1.8.1
--- arpwatch/report.h:1.1.1.1   Tue Apr 17 13:31:37 2001
+++ arpwatch/report.h   Fri Aug 13 02:17:33 2004
@@ -1,3 +1,3 @@
 /* @(#) $Header$ (LBL) */
 
-void report(char *, u_int32_t, u_char *, u_char *, time_t *, time_t *);
+void report(char *, u_int32_t, u_char *, u_char *, time_t *, time_t *, char *);
Index: arpwatch/util.c
diff -u arpwatch/util.c:1.1.1.1.2.2 arpwatch/util.c:1.1.1.1.8.5
--- arpwatch/util.c:1.1.1.1.2.2 Fri Aug 13 00:06:49 2004
+++ arpwatch/util.c     Fri Aug 13 02:17:33 2004
@@ -63,11 +63,14 @@
 int initializing = 1;                  /* true if initializing */
 /**/
 /**/
+int allsubnets = 0;                    /* watch all attached subnets */
+/**/
+/**/
 
 /* syslog() helper routine */
 void
 dosyslog(register int p, register char *s, register u_int32_t a,
-    register u_char *ea, register u_char *ha)
+    register u_char *ea, register u_char *ha, char *interface)
 {
        char xbuf[64];
 
@@ -84,23 +87,21 @@
        }
 
        if (debug)
-               fprintf(stderr, "%s: %s %s %s\n", prog, s, intoa(a), xbuf);
+               fprintf(stderr, "%s: %s %s %s %s\n", prog, s, intoa(a),
+                       xbuf, interface);
        else
-               syslog(p, "%s %s %s", s, intoa(a), xbuf);
+               syslog(p, "%s %s %s %s", s, intoa(a), xbuf, interface);
 }
 
 static FILE *dumpf;
 
 void
 dumpone(register u_int32_t a, register u_char *e, register time_t t,
-    register char *h)
+    register char *h, char *interface)
 {
-       (void)fprintf(dumpf, "%s\t%s", e2str(e), intoa(a));
-       if (t != 0 || h != NULL)
-               (void)fprintf(dumpf, "\t%u", (u_int32_t)t);
-       if (h != NULL && *h != '\0')
-               (void)fprintf(dumpf, "\t%s", h);
-       (void)putc('\n', dumpf);
+       (void)fprintf(dumpf, "%s\t%s\t%u\t%s\t%s\n", e2str(e), intoa(a),
+                     (u_int32_t)t, ((h != NULL)?h:""),
+                     ((interface != NULL)?interface:""));
 }
 
 int
Index: arpwatch/util.h
diff -u arpwatch/util.h:1.1.1.1.2.1 arpwatch/util.h:1.1.1.1.8.4
--- arpwatch/util.h:1.1.1.1.2.1 Fri Aug 13 00:06:49 2004
+++ arpwatch/util.h     Fri Aug 13 02:17:33 2004
@@ -1,8 +1,8 @@
 /* @(#) $Header$ (LBL) */
 
-void   dosyslog(int, char *, u_int32_t, u_char *, u_char *);
+void   dosyslog(int, char *, u_int32_t, u_char *, u_char *, char *);
 int    dump(void);
-void   dumpone(u_int32_t, u_char *, time_t, char *);
+void   dumpone(u_int32_t, u_char *, time_t, char *, char *);
 int    readdata(void);
 char   *savestr(const char *);
 
@@ -19,3 +19,6 @@
 extern int initializing;
 /**/
 /**/
+extern int allsubnets;
+/**/
+/**/