Adding upstream version 1.7.3+dfsg.

Signed-off-by: Daniel Baumann <daniel@debian.org>
2025-02-10 05:34:23 +01:00 · 2025-02-10 05:34:23 +01:00 · 842cb2c6bd
commit 842cb2c6bd
parent c602fa6d8a
79 changed files with 31786 additions and 0 deletions
--- a/collector_sample/packetq.conf
+++ b/collector_sample/packetq.conf
@ -0,0 +1,42 @@
+## packetq pid file
+pidfile=/var/run/packetq.pid
+
+## Name of the DNS server. Parameter is used first in filename when creating
+## tcpdump files.
+server="my_server"
+
+## Directory where pcap files are stored
+# make sure path ends with trailing "/"
+destdir=/tmp/
+
+## Name of the network interface(s) to monitor
+interface=eth0,eth1
+
+## How often to rotate dump file, in seconds
+interval=300
+
+## zip compression for pcap data  
+compression_level=9
+
+## BSD libtrace promiscous interface hack
+# (uses a tcpdump session on port 100 to keep the interface in promisc mode)
+#bsdpromischack=YES
+bsdpromischack=NO
+
+## path to the tcpdump binary (only needed for promisc hack above)
+tcpdump=tcpdump
+
+## path to the tracesplit binary
+#  tracesplit is distributed in the tools folder of the libtrace library
+#  which at the time of this writing could be obtained at:
+#  http://research.wand.net.nz/software/libtrace.php
+#  make sure it's built and installed.
+tracesplit=/usr/local/bin/tracesplit
+
+### choose a packet filter:
+## collect TCP and UDP, requests and responses:
+filter="port 53 and not host 192.168.1.3 and not host 192.168.1.8"
+
+## run command after moving file
+command="echo \"path:%P filename:%F server:%S interface:%I date:%Y %M %D time:%h %m %s\""
+
--- a/collector_sample/pq_tracesplit.pl
+++ b/collector_sample/pq_tracesplit.pl
@ -0,0 +1,294 @@
+#!/usr/bin/perl
+# usage:
+# start daemon using /etc/packetq.conf:
+#       pq_tracesplit.pl 
+
+# stop daemon:
+#       pq_tracesplit.pl stop
+
+# run in foreground with conf file
+#       pq_tracesplit.pl -f  -c my.conf
+
+# stop with custom conf file
+#       pq_tracesplit.pl -c my.conf stop
+
+
+
+
+use POSIX;
+use POSIX qw(setsid);
+use Sys::Syslog qw(:DEFAULT setlogsock);  # default set, plus setlogsock()
+use File::Path; 
+use File::Copy;
+use Getopt::Std;
+use Data::Dumper;
+use strict;
+no  strict "subs";
+
+my $conffile = "/etc/packetq.conf";
+my %opts;
+getopts('fc:', \%opts);
+if (defined $opts{c})
+{
+   $conffile = $opts{c};
+}
+my $foreground = undef;
+$foreground = 1 if (defined $opts{f});
+
+openlog('pqcollector','pid,perror','LOG_USER');
+
+######### read config file
+
+my %config;
+open(CONFIG,$conffile) or die "error reading config file $conffile exiting";
+while (<CONFIG>) 
+{
+    chomp;
+    next if /^\s*\#/;
+    next unless /=/;
+    my ($key, $variable) = split(/=/,$_,2);
+    $variable =~ s/(\$(\w+))/$config{$2}/g;
+    $config{$key} = $variable;
+}
+close CONFIG;
+
+my $pidfile  = $config{'pidfile'};
+my $logfile  = "/dev/null";
+
+##### start daemon
+
+if (-e $pidfile)
+{
+    open (PFILE, $pidfile);
+    my $pidfromfile = <PFILE>;
+    close PFILE;
+
+    if (($pidfromfile =~ /[0-9]+/) && kill( 0, $pidfromfile))
+    {            
+        if ($ARGV[0] eq 'stop')
+        {
+            syslog 'info',"Stopping daemon pid: $pidfromfile\n";
+            while (kill( 0, $pidfromfile))
+            {
+                kill( - SIGQUIT, $pidfromfile);
+                sleep(1);
+            }
+            exit;
+        }
+        else
+        {
+            syslog LOG_INFO,"Pid file $pidfile exist and the program ($pidfromfile) is running ! exiting ...\n"; 
+        }
+        exit;
+    }
+    else 
+    {
+        unlink($pidfile);
+    }
+}
+
+if ($ARGV[0] eq 'stop')
+{
+    syslog 'info',"Cannot stop packetq.pl as it's not running\n";
+    exit;
+}
+&daemonize() unless defined $foreground;
+open FILE, ">$pidfile" or die "unable to open pidfile : $pidfile $!";
+print FILE $$."\n";
+close FILE;
+
+##### catch signals
+
+my $keep_going = 1;
+$SIG{HUP}  = sub { print("Caught SIGHUP:   exiting gracefully\n"); $keep_going = 0; };
+$SIG{INT}  = sub { print("Caught SIGINT:   exiting gracefully\n"); $keep_going = 0; };
+$SIG{QUIT} = sub { print("Caught SIGQUIT:  exiting gracefully\n"); $keep_going = 0; };
+$SIG{TERM} = sub { print("Caught SIGTERM:  exiting gracefully\n"); $keep_going = 0; };
+
+########## start collection
+foreach my $k (keys %config)
+{
+    print $k."=".$config{$k}."\n";
+    $config{$k}   =~ s/^\"(.*)\"$/$1/;
+}
+
+my $interval   = $config{'interval'};
+my $interface  = $config{'interface'};
+my @interfaces = split(/,/,$interface);
+my $filter     = $config{'filter'};
+my $server     = $config{'server'};
+my $destdir    = $config{'destdir'};
+
+my $stime = floor(time()/$interval) * $interval + $interval;
+
+syslog LOG_INFO,"Starting packetq collector daemon (pid:".$$.") destdir: $config{'destdir'}\n";
+
+my @tdpid;
+my @tspid;
+my $ifcnt = 0;
+foreach my $if (@interfaces)
+{
+    if ($config{'bsdpromischack'} eq "YES")
+    {
+        my $pid;
+        #my $tcpdumpcmd="$config{'tcpdump'} -i $if port 100 2>/dev/null";
+        my $tcpdumpcmd="$config{'tcpdump'} -i $if port 100";
+        $pid = spawn ($tcpdumpcmd);
+        print "tcp pid $pid";
+        if ($pid == 0)
+        {
+            syslog LOG_ERROR,"Cannot run $tcpdumpcmd exiting \n";
+            exit;
+        }
+        syslog LOG_INFO,"Keeping the interface ($if) in promisc mode by letting tcpdump ($pid) listen on port 100 \n";
+        @tdpid[$ifcnt] = $pid;
+    }
+
+    my $tracesplitcmd = $config{'tracesplit'}." pcapint:$if -s $stime -z $config{'compression_level'} -i $interval -f \"$filter\" pcapfile:$destdir/$server-$if";
+    my $tspid = spawn($tracesplitcmd);
+    print "ts pid $tspid";
+    if ($tspid == 0)
+    {
+        syslog LOG_ERROR,"Cannot run $tracesplitcmd exiting \n";
+        exit;
+    }
+    syslog LOG_INFO,"Starting tracesplit \"$tracesplitcmd\"(pid:$tspid)\n";
+    @tspid[$ifcnt] = $tspid;
+
+    $ifcnt++;
+}
+
+########## infinite loop
+reaper();
+
+while($keep_going == 1)
+{
+    foreach my $if (@interfaces)
+    {
+        opendir(DIR, $destdir) or last;
+        my @files; 
+
+        while (my $file = readdir(DIR)) 
+        {
+            # Use a regular expression to ignore files beginning with a period
+            next if ($file =~ m/^\./);
+            next unless ($file =~ m/^$server-$if.*/);
+            push(@files,$file);
+        }
+        @files= sort(@files);
+        if (@files>1)
+        {
+            pop @files;
+            #print "files: \n".join("\n",@files)."\n";
+            foreach my $f (@files)
+            {
+                if($f =~ /^$server-$if-(.*)\.gz/)
+                {
+                    ##my ($sec, $min, $hour, $day,$month,$year) = (localtime($1))[0,1,2,3,4,5,6]; 
+                    my ($sec, $min, $hour, $day,$month,$year) = (gmtime($1))[0,1,2,3,4,5,6]; 
+                    $year+=1900;
+                    $month++;
+                    $sec    = "0".$sec   if $sec  <10;
+                    $min    = "0".$min   if $min  <10;
+                    $hour   = "0".$hour  if $hour <10;
+                    $day    = "0".$day   if $day  <10;
+                    $month  = "0".$month if $month<10;
+
+                    my $file = "$server-$year$month$day-$hour$min$sec-$if.pcap.gz";
+                    my $dir  = "$year/$month/$day/$hour";
+                    my $cmd  = $config{command};
+                    $cmd     =~ s/%F/$file/g; 
+                    $cmd     =~ s/%S/$server/g; 
+                    $cmd     =~ s/%I/$if/g; 
+                    $cmd     =~ s/%P/$dir/g; 
+                    $cmd     =~ s/%Y/$year/g; 
+                    $cmd     =~ s/%M/$month/g; 
+                    $cmd     =~ s/%D/$day/g; 
+                    $cmd     =~ s/%h/$hour/g; 
+                    $cmd     =~ s/%m/$min/g; 
+                    $cmd     =~ s/%s/$sec/g; 
+                    
+                    #print "$cmd\n";
+
+                    mkpath "$destdir/$dir";
+                    move ("$destdir/$f","$destdir/$dir/$file");
+                    spawn($cmd);
+                    #print "hello $hour, $min, $sec,-- $day,$month,$year\n";
+                    #print "mkdir $dir\n";
+					#print "mv $destdir/$f $destdir/$dir/$file\n";
+                }
+            }
+        }
+        closedir(DIR);
+    } 
+    #printf("blipp\n");
+    sleep(5);
+}
+
+########## exit cleanup
+
+syslog 'info',"Shutting down collector ...\n";
+foreach my $pid (@tspid)
+{
+	if ($pid ne 0)
+	{
+        print "Stopping tracesplit ($pid)\n";
+	    syslog LOG_INFO,"Stopping tracesplit ($pid)\n";
+	    kill( - SIGABRT, $pid);
+	}
+}
+
+foreach my $pid (@tdpid)
+{
+	if ($pid ne 0)
+	{
+	    syslog LOG_INFO,"Stopping tcpdump ($pid)\n";
+	    kill( - SIGABRT, $pid);
+	}
+}
+
+syslog LOG_INFO,"removing pidfile\n";
+unlink($pidfile);
+
+syslog LOG_INFO,"bye bye\n";
+closelog;
+exit;
+
+##########  functions
+
+sub spawn 
+{
+    my $cmd = shift;
+    defined(my $pid = fork)   or die "Can't fork: $!";
+    if ($pid == 0)
+    {
+        exec $cmd;
+	    syslog LOG_ERROR,"Couldn't run $cmd\n";
+        die "Couldn't run $cmd";
+    }
+    return $pid;
+}
+
+sub daemonize 
+{
+    chdir '/'                 or die "Can't chdir to /: $!";
+    defined(my $pid = fork)   or die "Can't fork: $!";
+    exit if $pid;
+    setsid                    or die "Can't start a new session: $!";
+    umask 0;
+
+    open STDIN, '/dev/null'   or die "Can't read /dev/null: $!";
+    open STDOUT, ">>$logfile" or die "Can't write to $logfile: $!";
+    open STDERR, ">>$logfile" or die "Can't write to $logfile: $!";
+}
+
+sub reaper {
+    my $stiff;
+    while ( ($stiff = waitpid(-1, &WNOHANG) ) > 0 ) 
+    {
+        #print "child $stiff terminated -- status $?";
+    }
+    $SIG{CHLD} = \&reaper;
+}   
+
+