Merge pull request #175 from flimzy/p0f-errors
Improve error handling in p0f plugin
This commit is contained in:
commit
562fa951d0
@ -278,10 +278,10 @@ sub get_v2_query {
|
|||||||
my $local_ip = $self->{_args}{local_ip} || $self->qp->connection->local_ip;
|
my $local_ip = $self->{_args}{local_ip} || $self->qp->connection->local_ip;
|
||||||
|
|
||||||
my $src = new Net::IP($self->qp->connection->remote_ip)
|
my $src = new Net::IP($self->qp->connection->remote_ip)
|
||||||
or $self->log(LOGERROR, "skip, " . Net::IP::Error()), return;
|
or $self->log(LOGERROR, "skip p0f, " . Net::IP::Error()), return;
|
||||||
|
|
||||||
my $dst = new Net::IP($local_ip)
|
my $dst = new Net::IP($local_ip)
|
||||||
or $self->log(LOGERROR, "skip, " . NET::IP::Error()), return;
|
or $self->log(LOGERROR, "skip p0f, " . NET::IP::Error()), return;
|
||||||
|
|
||||||
return
|
return
|
||||||
pack("L L L N N S S",
|
pack("L L L N N S S",
|
||||||
@ -298,7 +298,7 @@ sub get_v3_query {
|
|||||||
my $self = shift;
|
my $self = shift;
|
||||||
|
|
||||||
my $src_ip = $self->qp->connection->remote_ip or do {
|
my $src_ip = $self->qp->connection->remote_ip or do {
|
||||||
$self->log(LOGERROR, "skip, unable to determine remote IP");
|
$self->log(LOGERROR, "skip p0f, unable to determine remote IP");
|
||||||
return;
|
return;
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -317,29 +317,26 @@ sub query_p0f_v3 {
|
|||||||
my $self = shift;
|
my $self = shift;
|
||||||
|
|
||||||
my $p0f_socket = $self->{_args}{p0f_socket} or do {
|
my $p0f_socket = $self->{_args}{p0f_socket} or do {
|
||||||
$self->log(LOGERROR, "skip, socket not defined in config.");
|
$self->log(LOGERROR, "skip p0f, socket not defined in config.");
|
||||||
return;
|
return;
|
||||||
};
|
};
|
||||||
my $query = $self->get_v3_query() or return;
|
my $query = $self->get_v3_query() or return;
|
||||||
|
|
||||||
# Open the connection to p0f
|
# Open the connection to p0f
|
||||||
my $sock;
|
my $sock = IO::Socket::UNIX->new(Peer => $p0f_socket, Type => SOCK_STREAM);
|
||||||
eval {
|
|
||||||
$sock = IO::Socket::UNIX->new(Peer => $p0f_socket, Type => SOCK_STREAM);
|
|
||||||
};
|
|
||||||
if (!$sock) {
|
if (!$sock) {
|
||||||
$self->log(LOGERROR, "skip, could not open socket: $@");
|
$self->log(LOGERROR, "skip p0f, could not open socket: $!");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
$sock->autoflush(1); # paranoid redundancy
|
$sock->autoflush(1); # paranoid redundancy
|
||||||
$sock->connected or do {
|
$sock->connected or do {
|
||||||
$self->log(LOGERROR, "skip, socket not connected: $!");
|
$self->log(LOGERROR, "skip p0f, socket not connected: $!");
|
||||||
return;
|
return;
|
||||||
};
|
};
|
||||||
|
|
||||||
my $sent = $sock->send($query, 0) or do {
|
my $sent = $sock->send($query, 0) or do {
|
||||||
$self->log(LOGERROR, "skip, send failed: $!");
|
$self->log(LOGERROR, "skip p0f, send failed: $!");
|
||||||
return;
|
return;
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -364,15 +361,15 @@ sub query_p0f_v2 {
|
|||||||
|
|
||||||
# Open the connection to p0f
|
# Open the connection to p0f
|
||||||
socket(SOCK, PF_UNIX, SOCK_STREAM, 0)
|
socket(SOCK, PF_UNIX, SOCK_STREAM, 0)
|
||||||
or $self->log(LOGERROR, "socket: $!"), return;
|
or $self->log(LOGERROR, "p0f socket error: $!"), return;
|
||||||
connect(SOCK, sockaddr_un($p0f_socket))
|
connect(SOCK, sockaddr_un($p0f_socket))
|
||||||
or $self->log(LOGERROR, "connect: $! ($p0f_socket)"), return;
|
or $self->log(LOGERROR, "p0f connection error: $! ($p0f_socket)"), return;
|
||||||
defined syswrite SOCK, $query
|
defined syswrite SOCK, $query
|
||||||
or $self->log(LOGERROR, "write: $!"), close SOCK, return;
|
or $self->log(LOGERROR, "p0f write error: $!"), close SOCK, return;
|
||||||
|
|
||||||
my $response;
|
my $response;
|
||||||
defined sysread SOCK, $response, 1024
|
defined sysread SOCK, $response, 1024
|
||||||
or $self->log(LOGERROR, "read: $!"), close SOCK, return;
|
or $self->log(LOGERROR, "p0f read error: $!"), close SOCK, return;
|
||||||
close SOCK;
|
close SOCK;
|
||||||
return $response;
|
return $response;
|
||||||
}
|
}
|
||||||
@ -383,18 +380,17 @@ sub test_v2_response {
|
|||||||
# Extract part of the p0f response
|
# Extract part of the p0f response
|
||||||
my ($magic, $id, $type) = unpack("L L C", $response);
|
my ($magic, $id, $type) = unpack("L L C", $response);
|
||||||
|
|
||||||
# $self->log(LOGERROR, $response);
|
|
||||||
if ($magic != $QUERY_MAGIC_V2) {
|
if ($magic != $QUERY_MAGIC_V2) {
|
||||||
$self->log(LOGERROR, "skip, Bad response magic.");
|
$self->log(LOGERROR, "skip p0f, Bad response magic.");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($type == 1) {
|
if ($type == 1) {
|
||||||
$self->log(LOGERROR, "skip, p0f did not honor our query");
|
$self->log(LOGERROR, "skip p0f, p0f did not honor our query");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
elsif ($type == 2) {
|
elsif ($type == 2) {
|
||||||
$self->log(LOGWARN, "skip, connection not in the cache");
|
$self->log(LOGWARN, "skip p0f, connection not in the cache");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
@ -407,17 +403,17 @@ sub test_v3_response {
|
|||||||
|
|
||||||
# check the magic response value (a p0f constant)
|
# check the magic response value (a p0f constant)
|
||||||
if ($magic != $RESP_MAGIC_V3) {
|
if ($magic != $RESP_MAGIC_V3) {
|
||||||
$self->log(LOGERROR, "skip, Bad response magic.");
|
$self->log(LOGERROR, "skip p0f, Bad response magic.");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
# check the response status
|
# check the response status
|
||||||
if ($status == $P0F_STATUS_BADQUERY) {
|
if ($status == $P0F_STATUS_BADQUERY) {
|
||||||
$self->log(LOGERROR, "skip, bad query");
|
$self->log(LOGERROR, "skip p0f, bad query");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
elsif ($status == $P0F_STATUS_NOMATCH) {
|
elsif ($status == $P0F_STATUS_NOMATCH) {
|
||||||
$self->log(LOGINFO, "skip, no match");
|
$self->log(LOGINFO, "skip p0f, no match");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if ($status == $P0F_STATUS_OK) {
|
if ($status == $P0F_STATUS_OK) {
|
||||||
@ -446,7 +442,6 @@ sub store_v2_results {
|
|||||||
|
|
||||||
$self->connection->notes('p0f', $p0f);
|
$self->connection->notes('p0f', $p0f);
|
||||||
$self->log(LOGINFO, $genre . " (" . $detail . ")");
|
$self->log(LOGINFO, $genre . " (" . $detail . ")");
|
||||||
$self->log(LOGERROR, "error: $@") if $@;
|
|
||||||
return $p0f;
|
return $p0f;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -478,7 +473,5 @@ sub store_v3_results {
|
|||||||
$self->connection->notes('p0f', \%r);
|
$self->connection->notes('p0f', \%r);
|
||||||
$self->log(LOGINFO, "$r{os_name} $r{os_flavor}");
|
$self->log(LOGINFO, "$r{os_name} $r{os_flavor}");
|
||||||
$self->log(LOGDEBUG, join(' ', @values));
|
$self->log(LOGDEBUG, join(' ', @values));
|
||||||
$self->log(LOGERROR, "error: $@") if $@;
|
|
||||||
return \%r;
|
return \%r;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user