]>
jfr.im git - irc/quakenet/newserv.git/blob - proxyscan/proxyscan.c
6 #include <sys/socket.h>
8 #include "../core/error.h"
9 #include "../core/events.h"
13 #include "../nick/nick.h"
14 #include "../core/hooks.h"
15 #include "../lib/sstring.h"
16 #include "../irc/irc_config.h"
17 #include "../localuser/localuser.h"
18 #include "../core/config.h"
20 #include "../core/schedule.h"
22 #include "../irc/irc.h"
23 #include "../lib/irc_string.h"
24 #include "../lib/version.h"
25 #include "../channel/channel.h"
26 #include "../localuser/localuserchannel.h"
27 #include "../core/nsmalloc.h"
28 #include "../lib/irc_ipv6.h"
32 #define SCANTIMEOUT 60
34 #define SCANHOSTHASHSIZE 1000
35 #define SCANHASHSIZE 400
37 /* It's unlikely you'll get 100k of preamble before a connect... */
38 #define READ_SANITY_LIMIT 102400
40 scan
*scantable
[SCANHASHSIZE
];
54 int numscans
; /* number of scan types currently valid */
55 scantype thescans
[PSCAN_MAXSCANS
];
57 unsigned int hitsbyclass
[10];
58 unsigned int scansbyclass
[10];
62 unsigned short listenport
;
65 unsigned int ps_mailip
;
66 unsigned int ps_mailport
;
69 unsigned long scanspermin
;
70 unsigned long tempscanspermin
=0;
71 unsigned long lastscants
=0;
73 unsigned int ps_start_ts
=0;
80 void handlescansock(int fd
, short events
);
81 void timeoutscansock(void *arg
);
82 void proxyscan_newnick(int hooknum
, void *arg
);
83 void proxyscan_lostnick(int hooknum
, void *arg
);
84 void proxyscanuserhandler(nick
*target
, int message
, void **params
);
85 void registerproxyscannick();
86 void killsock(scan
*sp
, int outcome
);
88 void proxyscanstats(int hooknum
, void *arg
);
89 void sendlagwarning();
90 void proxyscandostatus(nick
*np
);
91 void proxyscandebug(nick
*np
);
92 void proxyscan_newip(nick
*np
, unsigned long ip
);
93 int proxyscan_addscantype(int type
, int port
);
94 int proxyscan_delscantype(int type
, int port
);
96 int proxyscan_addscantype(int type
, int port
) {
97 /* Check we have a spare scan slot */
99 if (numscans
>=PSCAN_MAXSCANS
)
102 thescans
[numscans
].type
=type
;
103 thescans
[numscans
].port
=port
;
104 thescans
[numscans
].hits
=0;
111 int proxyscan_delscantype(int type
, int port
) {
114 for (i
=0;i
<numscans
;i
++)
115 if (thescans
[i
].type
==type
&& thescans
[i
].port
==port
)
121 memmove(thescans
+i
, thescans
+(i
+1), (PSCAN_MAXSCANS
-(i
+1)) * sizeof(scantype
));
131 ps_start_ts
= time(NULL
);
133 ps_cache_ext
= registernodeext("proxyscancache");
134 if( ps_cache_ext
== -1 ) {
135 Error("proxyscan",ERR_INFO
,"failed to reg node ext");
138 ps_extscan_ext
= registernodeext("proxyscanextscan");
139 if ( ps_extscan_ext
== -1) {
140 Error("proxyscan",ERR_INFO
,"failed to reg node ext");
144 memset(scantable
,0,sizeof(scantable
));
150 ps_starttime
=time(NULL
);
154 lastscants
=time(NULL
);
157 cfgstr
=getcopyconfigitem("proxyscan","port","9999",6);
158 listenport
=strtol(cfgstr
->content
,NULL
,10);
161 /* Max concurrent scans */
162 cfgstr
=getcopyconfigitem("proxyscan","maxscans","200",5);
163 maxscans
=strtol(cfgstr
->content
,NULL
,10);
166 /* Clean host timeout */
167 cfgstr
=getcopyconfigitem("proxyscan","rescaninterval","3600",7);
168 rescaninterval
=strtol(cfgstr
->content
,NULL
,10);
169 cachehostinit(rescaninterval
);
172 /* this default will NOT work well */
173 myipstr
=getcopyconfigitem("proxyscan","ip","127.0.0.1",16);
175 sscanf(myipstr
->content
,"%d.%d.%d.%d",&ipbits
[0],&ipbits
[1],&ipbits
[2],&ipbits
[3]);
177 myip
=((ipbits
[0]&0xFF)<<24)+((ipbits
[1]&0xFF)<<16)+
178 ((ipbits
[2]&0xFF)<<8)+(ipbits
[3]&0xFF);
180 #if defined(PROXYSCAN_MAIL)
182 cfgstr
=getcopyconfigitem("proxyscan","mailerip","",16);
186 sscanf(cfgstr
->content
,"%d.%d.%d.%d",&ipbits
[0],&ipbits
[1],&ipbits
[2],&ipbits
[3]);
187 ps_mailip
= ((ipbits
[0]&0xFF)<<24)+((ipbits
[1]&0xFF)<<16)+
188 ((ipbits
[2]&0xFF)<<8)+(ipbits
[3]&0xFF);
192 ps_mailname
=getcopyconfigitem("proxyscan","mailname","some.mail.server",HOSTLEN
);
193 Error("proxyscan",ERR_INFO
,"Proxyscan mailer enabled; mailing to %s as %s.",IPlongtostr(ps_mailip
),ps_mailname
->content
);
201 /* Set up our nick on the network */
202 scheduleoneshot(time(NULL
),®isterproxyscannick
,NULL
);
204 registerhook(HOOK_NICK_NEWNICK
,&proxyscan_newnick
);
206 registerhook(HOOK_CORE_STATSREQUEST
,&proxyscanstats
);
208 /* Read in the clean hosts */
211 /* Read in any custom ports to scan */
214 /* Set up the database */
215 if ((proxyscandbinit())!=0) {
221 /* Default scan types */
222 proxyscan_addscantype(STYPE_HTTP
, 8080);
223 proxyscan_addscantype(STYPE_HTTP
, 80);
224 proxyscan_addscantype(STYPE_HTTP
, 6588);
225 proxyscan_addscantype(STYPE_HTTP
, 8000);
226 proxyscan_addscantype(STYPE_HTTP
, 3128);
227 proxyscan_addscantype(STYPE_HTTP
, 3802);
228 proxyscan_addscantype(STYPE_HTTP
, 5490);
229 proxyscan_addscantype(STYPE_HTTP
, 7441);
230 proxyscan_addscantype(STYPE_HTTP
, 808);
231 proxyscan_addscantype(STYPE_HTTP
, 3332);
232 proxyscan_addscantype(STYPE_HTTP
, 2282);
233 proxyscan_addscantype(STYPE_SOCKS4
, 559);
234 proxyscan_addscantype(STYPE_SOCKS4
, 1080);
235 proxyscan_addscantype(STYPE_SOCKS5
, 1080);
236 proxyscan_addscantype(STYPE_SOCKS4
, 1075);
237 proxyscan_addscantype(STYPE_SOCKS5
, 1075);
238 proxyscan_addscantype(STYPE_SOCKS4
, 2280);
239 proxyscan_addscantype(STYPE_SOCKS5
, 2280);
240 proxyscan_addscantype(STYPE_SOCKS4
, 1180);
241 proxyscan_addscantype(STYPE_SOCKS5
, 1180);
242 proxyscan_addscantype(STYPE_SOCKS4
, 9999);
243 proxyscan_addscantype(STYPE_SOCKS5
, 9999);
244 proxyscan_addscantype(STYPE_WINGATE
, 23);
245 proxyscan_addscantype(STYPE_CISCO
, 23);
246 proxyscan_addscantype(STYPE_WINGATE
, 1181);
247 proxyscan_addscantype(STYPE_SOCKS5
, 1978);
248 proxyscan_addscantype(STYPE_SOCKS5
, 1029);
249 proxyscan_addscantype(STYPE_SOCKS5
, 3801);
250 proxyscan_addscantype(STYPE_SOCKS5
, 3331);
251 proxyscan_addscantype(STYPE_HTTP
, 65506);
252 proxyscan_addscantype(STYPE_HTTP
, 63809);
253 proxyscan_addscantype(STYPE_HTTP
, 63000);
254 proxyscan_addscantype(STYPE_SOCKS4
, 29992);
257 schedulerecurring(time(NULL
)+3600,0,3600,&dumpcachehosts
,NULL
);
259 ps_logfile
=fopen("proxyscan.log","a");
262 void registerproxyscannick(void *arg
) {
263 sstring
*psnick
,*psuser
,*pshost
,*psrealname
;
264 /* Set up our nick on the network */
267 psnick
=getcopyconfigitem("proxyscan","nick","P",NICKLEN
);
268 psuser
=getcopyconfigitem("proxyscan","user","proxyscan",USERLEN
);
269 pshost
=getcopyconfigitem("proxyscan","host","some.host",HOSTLEN
);
270 psrealname
=getcopyconfigitem("proxyscan","realname","Proxyscan",REALLEN
);
272 proxyscannick
=registerlocaluser(psnick
->content
,psuser
->content
,pshost
->content
,
274 NULL
,UMODE_OPER
|UMODE_SERVICE
|UMODE_DEAF
,
275 &proxyscanuserhandler
);
280 freesstring(psrealname
);
282 cp
=findchannel("#twilightzone");
284 localcreatechannel(proxyscannick
,"#twilightzone");
286 localjoinchannel(proxyscannick
,cp
);
287 localgetops(proxyscannick
,cp
);
293 deregisterlocaluser(proxyscannick
,NULL
);
295 releasenodeext(ps_cache_ext
);
296 releasenodeext(ps_extscan_ext
);
298 deregisterhook(HOOK_NICK_NEWNICK
,&proxyscan_newnick
);
300 deregisterhook(HOOK_CORE_STATSREQUEST
,&proxyscanstats
);
302 deleteschedule(NULL
,&dumpcachehosts
,NULL
);
304 /* Kill any scans in progress */
307 /* Dump the database - AFTER killallscans() which prunes it */
308 dumpcachehosts(NULL
);
310 /* free() all our structures */
311 nsfreeall(POOL_PROXYSCAN
);
313 freesstring(myipstr
);
314 freesstring(ps_mailname
);
315 #if defined(PROXYSCAN_MAIL)
316 if (psm_mailerfd
!=-1)
317 deregisterhandler(psm_mailerfd
,1);
324 void proxyscanuserhandler(nick
*target
, int message
, void **params
) {
328 struct irc_in_addr sin
;
330 patricia_node_t
*node
;
334 scheduleoneshot(time(NULL
)+1,®isterproxyscannick
,NULL
);
340 sender
=(nick
*)params
[0];
341 msg
=(char *)params
[1];
343 if (IsOper(sender
)) {
344 if (!ircd_strncmp(msg
,"listopen",8)) {
345 proxyscandolistopen(proxyscannick
,sender
,time(NULL
)-rescaninterval
);
348 if (!ircd_strncmp(msg
,"status",6)) {
349 proxyscandostatus(sender
);
352 if (!ircd_strncmp(msg
,"save",4)) {
353 dumpcachehosts(NULL
);
354 sendnoticetouser(proxyscannick
,sender
,"Done.");
357 if (!ircd_strncmp(msg
,"debug",5)) {
358 proxyscandebug(sender
);
361 if (!ircd_strncmp(msg
,"spew ",5)) {
362 /* check our database for the ip supplied */
363 unsigned long a
,b
,c
,d
;
364 if (4 != sscanf(&msg
[5],"%lu.%lu.%lu.%lu",&a
,&b
,&c
,&d
)) {
365 sendnoticetouser(proxyscannick
,sender
,"Usage: spew x.x.x.x");
368 proxyscanspewip(proxyscannick
,sender
,a
,b
,c
,d
);
372 if (!ircd_strncmp(msg
,"showkill ",9)) {
373 /* check our database for the id supplied */
375 if (1 != sscanf(&msg
[9],"%lu",&a
)) {
376 sendnoticetouser(proxyscannick
,sender
,"Usage: showkill <id>");
379 proxyscanshowkill(proxyscannick
,sender
,a
);
383 if (!ircd_strncmp(msg
,"scan ",5)) {
384 if (0 == ipmask_parse(&msg
[5],&sin
, &bits
)) {
385 sendnoticetouser(proxyscannick
,sender
,"Usage: scan <ip>");
387 sendnoticetouser(proxyscannick
,sender
,"Forcing scan of %s",IPtostr(sin
));
388 // * Just queue the scans directly here.. plonk them on the priority queue * /
389 node
= refnode(iptree
, &sin
, bits
); /* node leaks node here - should only allow to scan a nick? */
390 for(i
=0;i
<numscans
;i
++) {
391 queuescan(node
,thescans
[i
].type
,thescans
[i
].port
,SCLASS_NORMAL
,time(NULL
));
396 if (!ircd_strncmp(msg
,"addscan ",8)) {
398 if (sscanf(msg
+8,"%u %u",&a
,&b
) != 2) {
399 sendnoticetouser(proxyscannick
,sender
,"Usage: addscan <type> <port>");
401 sendnoticetouser(proxyscannick
,sender
,"Added scan type %u port %u",a
,b
);
402 proxyscan_addscantype(a
,b
);
407 if (!ircd_strncmp(msg
,"delscan ",8)) {
409 if (sscanf(msg
+8,"%u %u",&a
,&b
) != 2) {
410 sendnoticetouser(proxyscannick
,sender
,"Usage: delscan <type> <port>");
412 sendnoticetouser(proxyscannick
,sender
,"Delete scan type %u port %u",a
,b
);
413 proxyscan_delscantype(a
,b
);
417 if ((!ircd_strncmp(msg
,"help",4)) || (!ircd_strncmp(msg
,"showcommands",12))) {
418 sendnoticetouser(proxyscannick
,sender
,"Proxyscan commands:");
419 sendnoticetouser(proxyscannick
,sender
,"----------------------------------------------------------------------");
420 sendnoticetouser(proxyscannick
,sender
,"help Shows this help");
421 sendnoticetouser(proxyscannick
,sender
,"status Prints status information");
422 sendnoticetouser(proxyscannick
,sender
,"listopen Shows open proxies found recently");
423 sendnoticetouser(proxyscannick
,sender
,"save Saves the clean host database");
424 sendnoticetouser(proxyscannick
,sender
,"scan <ip> Force scan of the supplied IP");
425 sendnoticetouser(proxyscannick
,sender
,"spew <ip> Find <ip> in our list of open proxies");
426 sendnoticetouser(proxyscannick
,sender
,"showkill <id> Shows details of a kill or gline made by the service");
435 void addscantohash(scan
*sp
) {
437 hash
=(sp
->fd
)%SCANHASHSIZE
;
439 sp
->next
=scantable
[hash
];
445 void delscanfromhash(scan
*sp
) {
449 hash
=(sp
->fd
)%SCANHASHSIZE
;
451 for (sh
=&(scantable
[hash
]);*sh
;sh
=&((*sh
)->next
)) {
461 scan
*findscan(int fd
) {
465 hash
=fd%SCANHASHSIZE
;
467 for (sp
=scantable
[hash
];sp
;sp
=sp
->next
)
474 void startscan(patricia_node_t
*node
, int type
, int port
, int class) {
478 if (scansdone
>maxscans
)
480 /* ignore the first maxscans as this will skew our scans per second! */
482 if ((lastscants
+60) <= time(NULL
))
484 /* ok, at least 60 seconds has passed, calculate the scans per minute figure */
485 scantmp
= time(NULL
) - lastscants
;
486 scantmp
= tempscanspermin
/ scantmp
;
487 scantmp
= (scantmp
* 60);
488 scanspermin
= scantmp
;
489 lastscants
= time(NULL
);
496 sp
->outcome
=SOUTCOME_INPROGRESS
;
502 sp
->totalbytesread
=0;
503 memset(sp
->readbuf
, '\0', PSCAN_READBUFSIZE
);
505 sp
->fd
=createconnectsocket(irc_in_addr_v4_to_int(&((patricia_node_t
*)sp
->node
)->prefix
->sin
),sp
->port
);
506 sp
->state
=SSTATE_CONNECTING
;
508 /* Couldn't set up the socket? */
512 /* Wait until it is writeable */
513 registerhandler(sp
->fd
,POLLERR
|POLLHUP
|POLLOUT
,&handlescansock
);
514 /* And set a timeout */
515 sp
->sch
=scheduleoneshot(time(NULL
)+SCANTIMEOUT
,&timeoutscansock
,(void *)sp
);
519 void timeoutscansock(void *arg
) {
520 scan
*sp
=(scan
*)arg
;
522 killsock(sp
, SOUTCOME_CLOSED
);
525 void killsock(scan
*sp
, int outcome
) {
531 scansbyclass
[sp
->class]++;
533 /* Remove the socket from the schedule/event lists */
534 deregisterhandler(sp
->fd
,1); /* this will close the fd for us */
535 deleteschedule(sp
->sch
,&timeoutscansock
,(void *)sp
);
540 /* See if we need to queue another scan.. */
541 if (sp
->outcome
==SOUTCOME_CLOSED
&&
542 ((sp
->class==SCLASS_CHECK
) ||
543 (sp
->class==SCLASS_NORMAL
&& (sp
->state
==SSTATE_SENTREQUEST
|| sp
->state
==SSTATE_GOTRESPONSE
))))
544 queuescan(sp
->node
, sp
->type
, sp
->port
, SCLASS_PASS2
, time(NULL
)+300);
546 if (sp
->outcome
==SOUTCOME_CLOSED
&& sp
->class==SCLASS_PASS2
)
547 queuescan(sp
->node
, sp
->type
, sp
->port
, SCLASS_PASS3
, time(NULL
)+300);
549 if (sp
->outcome
==SOUTCOME_CLOSED
&& sp
->class==SCLASS_PASS3
)
550 queuescan(sp
->node
, sp
->type
, sp
->port
, SCLASS_PASS4
, time(NULL
)+300);
552 if (sp
->outcome
==SOUTCOME_OPEN
) {
553 hitsbyclass
[sp
->class]++;
555 /* Lets try and get the cache record. If there isn't one, make a new one. */
556 if (!(chp
=findcachehost(sp
->node
))) {
557 chp
=addcleanhost(time(NULL
));
558 patricia_ref_prefix(sp
->node
->prefix
);
559 sp
->node
->exts
[ps_cache_ext
] = chp
;
561 /* Stick it on the cache's list of proxies, if necessary */
562 for (fpp
=chp
->proxies
;fpp
;fpp
=fpp
->next
)
563 if (fpp
->type
==sp
->type
&& fpp
->port
==sp
->port
)
570 fpp
->next
=chp
->proxies
;
576 loggline(chp
, sp
->node
);
577 irc_send("%s GL * +*@%s 1800 :Open Proxy, see http://www.quakenet.org/openproxies.html - ID: %d",
578 mynumeric
->content
,IPtostr(((patricia_node_t
*)sp
->node
)->prefix
->sin
),chp
->glineid
);
579 Error("proxyscan",ERR_DEBUG
,"Found open proxy on host %s",IPtostr(((patricia_node_t
*)sp
->node
)->prefix
->sin
));
581 loggline(chp
, sp
->node
); /* Update log only */
585 for(i
=0;i
<numscans
;i
++) {
586 if (thescans
[i
].type
==sp
->type
&& thescans
[i
].port
==sp
->port
) {
595 /* kick the queue.. */
599 void handlescansock(int fd
, short events
) {
605 unsigned short netport
;
607 if ((sp
=findscan(fd
))==NULL
) {
608 /* Not found; return and hope it goes away */
609 Error("proxyscan",ERR_ERROR
,"Unexpected message from fd %d",fd
);
613 /* It woke up, delete the alarm call.. */
614 deleteschedule(sp
->sch
,&timeoutscansock
,(void *)sp
);
616 if (events
& (POLLERR
|POLLHUP
)) {
617 /* Some kind of error; give up on this socket */
618 if (sp
->state
==SSTATE_GOTRESPONSE
) {
619 /* If the error occured while we were waiting for a response, we might have
620 * received the "OPEN PROXY!" message and the EOF at the same time, so continue
622 /* Error("proxyscan",ERR_DEBUG,"Got error in GOTRESPONSE state for %s, continuing.",IPtostr(sp->host->IP)); */
624 killsock(sp
, SOUTCOME_CLOSED
);
629 /* Otherwise, we got what we wanted.. */
632 case SSTATE_CONNECTING
:
633 /* OK, we got activity while connecting, so we're going to send some
634 * request depending on scan type. However, we can reregister everything
635 * here to save duplicate code: This code is common for all handlers */
637 /* Delete the old handler */
638 deregisterhandler(fd
,0);
639 /* Set the new one */
640 registerhandler(fd
,POLLERR
|POLLHUP
|POLLIN
,&handlescansock
);
641 sp
->sch
=scheduleoneshot(time(NULL
)+SCANTIMEOUT
,&timeoutscansock
,(void *)sp
);
643 sp
->state
=SSTATE_SENTREQUEST
;
647 sprintf(buf
,"CONNECT %s:%d HTTP/1.0\r\n\r\n",myipstr
->content
,listenport
);
648 if ((write(fd
,buf
,strlen(buf
)))<strlen(buf
)) {
649 /* We didn't write the full amount, DIE */
650 killsock(sp
,SOUTCOME_CLOSED
);
656 /* set up the buffer */
658 netport
=htons(listenport
);
659 memcpy(&buf
[4],&netip
,4);
660 memcpy(&buf
[2],&netport
,2);
664 if ((write(fd
,buf
,9))<9) {
665 /* Didn't write enough, give up */
666 killsock(sp
,SOUTCOME_CLOSED
);
672 /* Set up initial request buffer */
676 if ((write(fd
,buf
,3))>3) {
677 /* Didn't write enough, give up */
678 killsock(sp
,SOUTCOME_CLOSED
);
682 /* Now the actual connect request */
688 netport
=htons(listenport
);
689 memcpy(&buf
[4],&netip
,4);
690 memcpy(&buf
[8],&netport
,2);
691 res
=write(fd
,buf
,10);
693 killsock(sp
,SOUTCOME_CLOSED
);
699 /* Send wingate request */
700 sprintf(buf
,"%s:%d\r\n",myipstr
->content
,listenport
);
701 if((write(fd
,buf
,strlen(buf
)))<strlen(buf
)) {
702 killsock(sp
,SOUTCOME_CLOSED
);
708 /* Send cisco request */
709 sprintf(buf
,"cisco\r\n");
710 if ((write(fd
,buf
,strlen(buf
)))<strlen(buf
)) {
711 killsock(sp
, SOUTCOME_CLOSED
);
715 sprintf(buf
,"telnet %s %d\r\n",myipstr
->content
,listenport
);
716 if ((write(fd
,buf
,strlen(buf
)))<strlen(buf
)) {
717 killsock(sp
, SOUTCOME_CLOSED
);
729 case SSTATE_SENTREQUEST
:
730 res
=read(fd
, sp
->readbuf
+sp
->bytesread
, PSCAN_READBUFSIZE
-sp
->bytesread
);
733 if ((errno
!=EINTR
&& errno
!=EWOULDBLOCK
) || res
==0) {
735 killsock(sp
, SOUTCOME_CLOSED
);
741 sp
->totalbytesread
+=res
;
742 for (i
=0;i
<sp
->bytesread
- MAGICSTRINGLENGTH
;i
++) {
743 if (!strncmp(sp
->readbuf
+i
, MAGICSTRING
, MAGICSTRINGLENGTH
)) {
744 /* Found the magic string */
745 /* If the offset is 0, this means it was the first thing we got from the socket,
746 * so it's an actual IRCD (sheesh). Note that when the buffer is full and moved,
747 * the thing moved to offset 0 would previously have been tested as offset
748 * PSCAN_READBUFSIZE/2.
750 * Skip this checking for STYPE_DIRECT scans, which are used to detect trojans setting
751 * up portforwards (which will therefore show up as ircds, we rely on the port being
752 * strange enough to avoid false positives */
753 if (i
==0 && (sp
->type
!= STYPE_DIRECT
)) {
754 killsock(sp
, SOUTCOME_CLOSED
);
758 killsock(sp
, SOUTCOME_OPEN
);
763 /* If the buffer is full, move half of it along to make room */
764 if (sp
->bytesread
== PSCAN_READBUFSIZE
) {
765 memcpy(sp
->readbuf
, sp
->readbuf
+ (PSCAN_READBUFSIZE
)/2, PSCAN_READBUFSIZE
/2);
766 sp
->bytesread
= PSCAN_READBUFSIZE
/2;
769 /* Don't read data forever.. */
770 if (sp
->totalbytesread
> READ_SANITY_LIMIT
) {
771 killsock(sp
, SOUTCOME_CLOSED
);
775 /* No magic string yet, we schedule another timeout in case it comes later. */
776 sp
->sch
=scheduleoneshot(time(NULL
)+SCANTIMEOUT
,&timeoutscansock
,(void *)sp
);
781 void killallscans() {
786 for(i
=0;i
<SCANHASHSIZE
;i
++) {
787 for(sp
=scantable
[i
];sp
;sp
=sp
->next
) {
788 /* If there is a pending scan, delete it's clean host record.. */
789 if ((chp
=findcachehost(sp
->node
)) && !chp
->proxies
) {
790 sp
->node
->exts
[ps_cache_ext
] = NULL
;
791 derefnode(iptree
,sp
->node
);
796 deregisterhandler(sp
->fd
,1);
797 deleteschedule(sp
->sch
,&timeoutscansock
,(void *)(sp
));
803 void proxyscanstats(int hooknum
, void *arg
) {
806 sprintf(buf
, "Proxyscn: %6d/%4d scans complete/in progress. %d hosts queued.",
807 scansdone
,activescans
,queuedhosts
);
808 triggerhook(HOOK_CORE_STATSREPLY
,buf
);
809 sprintf(buf
, "Proxyscn: %6u known clean hosts",cleancount());
810 triggerhook(HOOK_CORE_STATSREPLY
,buf
);
813 void sendlagwarning() {
817 for (i
=0;i
<MAXSERVERS
;i
++) {
818 if (serverlist
[i
].maxusernum
>0) {
819 for(j
=0;j
<serverlist
[i
].maxusernum
;j
++) {
820 np
=servernicks
[i
][j
];
821 if (np
!=NULL
&& IsOper(np
)) {
822 sendnoticetouser(proxyscannick
,np
,"Warning: More than 20,000 hosts to scan - I'm lagging behind badly!");
829 int pscansort(const void *a
, const void *b
) {
830 int ra
= *((const int *)a
);
831 int rb
= *((const int *)b
);
833 return thescans
[ra
].hits
- thescans
[rb
].hits
;
836 void proxyscandostatus(nick
*np
) {
839 int ord
[PSCAN_MAXSCANS
];
841 sendnoticetouser(proxyscannick
,np
,"Service uptime: %s",longtoduration(time(NULL
)-ps_starttime
, 1));
842 sendnoticetouser(proxyscannick
,np
,"Total scans completed: %d",scansdone
);
843 sendnoticetouser(proxyscannick
,np
,"Total hosts glined: %d",glinedhosts
);
845 sendnoticetouser(proxyscannick
,np
,"pendingscan structures: %lu x %lu bytes = %lu bytes total",countpendingscan
,
846 sizeof(pendingscan
), (countpendingscan
* sizeof(pendingscan
)));
848 sendnoticetouser(proxyscannick
,np
,"Currently active scans: %d/%d",activescans
,maxscans
);
849 sendnoticetouser(proxyscannick
,np
,"Processing speed: %lu scans per minute",scanspermin
);
850 sendnoticetouser(proxyscannick
,np
,"Normal queued scans: %d",normalqueuedscans
);
851 sendnoticetouser(proxyscannick
,np
,"Timed queued scans: %d",prioqueuedscans
);
852 sendnoticetouser(proxyscannick
,np
,"'Clean' cached hosts: %d",cleancount());
853 sendnoticetouser(proxyscannick
,np
,"'Dirty' cached hosts: %d",dirtycount());
855 sendnoticetouser(proxyscannick
,np
,"Extra scans: %d", extrascancount());
857 sendnoticetouser(proxyscannick
,np
,"Open proxies, class %1d: %d/%d (%.2f%%)",i
,hitsbyclass
[i
],scansbyclass
[i
],((float)hitsbyclass
[i
]*100)/scansbyclass
[i
]);
859 for (i
=0;i
<numscans
;i
++)
860 totaldetects
+=thescans
[i
].hits
;
862 for (i
=0;i
<numscans
;i
++)
865 qsort(ord
,numscans
,sizeof(int),pscansort
);
867 sendnoticetouser(proxyscannick
,np
,"Scan type Port Detections");
868 for (i
=0;i
<numscans
;i
++)
869 sendnoticetouser(proxyscannick
,np
,"%-9s %-5d %d (%.2f%%)",
870 scantostr(thescans
[ord
[i
]].type
), thescans
[ord
[i
]].port
, thescans
[ord
[i
]].hits
, ((float)thescans
[ord
[i
]].hits
*100)/totaldetects
);
872 sendnoticetouser(proxyscannick
,np
,"End of list.");
875 void proxyscandebug(nick
*np
) {
876 /* Dump all scans.. */
878 int activescansfound
=0;
879 int totalscansfound
=0;
881 patricia_node_t
*node
;
884 sendnoticetouser(proxyscannick
,np
,"Active scans : %d",activescans
);
886 for (i
=0;i
<SCANHASHSIZE
;i
++) {
887 for (sp
=scantable
[i
];sp
;sp
=sp
->next
) {
888 if (sp
->outcome
==SOUTCOME_INPROGRESS
) {
892 sendnoticetouser(proxyscannick
,np
,"fd: %d type: %d port: %d state: %d outcome: %d IP: %s",
893 sp
->fd
,sp
->type
,sp
->port
,sp
->state
,sp
->outcome
,IPtostr(((patricia_node_t
*)sp
->node
)->prefix
->sin
));
897 PATRICIA_WALK (iptree
->head
, node
) {
898 if ( node
->exts
[ps_cache_ext
] ) {
899 chp
= (cachehost
*) node
->exts
[ps_cache_ext
];
901 sendnoticetouser(proxyscannick
,np
,"node: %s , chp: %p", IPtostr(((patricia_node_t
*)node
)->prefix
->sin
), chp
);
905 sendnoticetouser(proxyscannick
,np
,"Total %d scans actually found (%d active)",totalscansfound
,activescansfound
);