Description: implement [no]portresolve
Author: RISKO Gergely <risko@debian.org>
Bug: #197143
Forwarded: no
Last-Update: 2021-12-23
--- a/Docs/ippl.conf.man
+++ b/Docs/ippl.conf.man
@@ -92,6 +92,13 @@ is the same as before.
 .PP
 By default, IP address resolution is disabled for all the protocols.
 
+Ippl by default resolves tcp/udp port numbers to their respective
+service names. If you pass a protocol to the noportresolve option,
+ippl logs the port number instead. This is a Debian specific extension.
+
+By default service resolving is enabled, since this is the behaviour
+of the upstream program.
+
 .SH LOGGING FORMAT
 
 .BR ippl
@@ -198,6 +205,12 @@ enable IP address resolution.
 .I noresolve
 disable IP address resolution.
 .PP
+.I portresolve
+enable IP service resolution.
+.PP
+.I noportresolve
+disable IP service resolution.
+.PP
 .I ident
 use ident logging (only for TCP).
 .PP
--- a/Source/configuration.c
+++ b/Source/configuration.c
@@ -60,6 +60,7 @@ void set_default_values() {
   extern unsigned int dns_expire;
   extern unsigned short log_protocols;
   extern unsigned short resolve_protocols;
+  extern unsigned short portresolve_protocols;
   extern unsigned short icmp_format;
   extern unsigned short tcp_format;
   extern unsigned short udp_format;
@@ -71,6 +72,7 @@ void set_default_values() {
   dns_expire = DNS_EXPIRE;
   log_protocols = NONE;
   resolve_protocols = 0; /* Do not resolve by default */
+  portresolve_protocols = RUN_TCP | RUN_UDP | RUN_ICMP; /* Resolve by default */
   icmp_format = LOGFORMAT_NORMAL;
   tcp_format = LOGFORMAT_NORMAL;
   udp_format = LOGFORMAT_NORMAL;
--- a/Source/filter.c
+++ b/Source/filter.c
@@ -46,6 +46,7 @@ extern struct loginfo log;
 
 extern unsigned short use_ident;
 extern unsigned short resolve_protocols;
+extern unsigned short portresolve_protocols;
 extern unsigned short icmp_format;
 extern unsigned short tcp_format;
 extern unsigned short udp_format;
@@ -66,7 +67,7 @@ int readers = 0;
 #ifdef FILTER_DEBUG
 void display_info(struct log_info *info, int entries) {
 
-  log.log(log.level_or_fd, "DBG: (e:%d) log:%d ident:%d resolve:%d closing:%d format:%d", entries, info->log, info->ident, info->resolve, info->logclosing, info->logformat);
+  log.log(log.level_or_fd, "DBG: (e:%d) log:%d ident:%d resolve:%d portresolve: %d, closing:%d format:%d", entries, info->log, info->ident, info->resolve, info->portresolve, info->logclosing, info->logformat);
 }
 #endif
 
@@ -200,6 +201,19 @@ void set_defaults(int protocol, struct l
       break;
     }
   }
+  if (info->portresolve == -1) {
+    switch (protocol) {
+    case IPPROTO_ICMP:
+      info->portresolve = portresolve_protocols & RUN_ICMP;
+      break;
+    case IPPROTO_TCP:
+      info->portresolve = portresolve_protocols & RUN_TCP;
+      break;
+    case IPPROTO_UDP:
+      info->portresolve = portresolve_protocols & RUN_UDP;
+      break;
+    }
+  }
 }
 
 struct log_info do_log(const __u32 from, const __u32 to, const __u16 type, const __u16 srctype, const short protocol) {
@@ -244,6 +258,7 @@ struct log_info do_log(const __u32 from,
         info.log = p->log;
         info.ident = p->ident;
         info.resolve = p->resolve;
+        info.portresolve = p->portresolve;
         info.logformat = p->logformat;
         info.logclosing = p->logclosing;
         set_defaults(protocol, &info);
@@ -265,6 +280,7 @@ struct log_info do_log(const __u32 from,
         info.log = p->log;
         info.ident = p->ident;
         info.resolve = p->resolve;
+        info.portresolve = p->portresolve;
         info.logformat = p->logformat;
         set_defaults(protocol, &info);
 #ifdef FILTER_DEBUG
@@ -280,7 +296,7 @@ struct log_info do_log(const __u32 from,
   info.log = TRUE;
   info.ident = use_ident;
   info.logclosing = log_closing;
-  info.logformat = info.resolve = -1;
+  info.logformat = info.resolve = info.portresolve = -1;
   set_defaults(protocol, &info);
 
 #ifdef FILTER_DEBUG
--- a/Source/filter.h
+++ b/Source/filter.h
@@ -53,6 +53,7 @@ union loginfo_union {
 struct filter_entry {
   short log;		/* TRUE for "log", FALSE for "ignore" */
   short ident;          /* TRUE if we should use ident */
+  short portresolve;    /* TRUE if we should resolve TCP/UDP services */
   short resolve;        /* TRUE if we should resolve IP addresses */
   short logformat;      /* format used to log */
   short logclosing;     /* TRUE to log closing TCP connections */
@@ -72,6 +73,7 @@ struct log_info {
   short log;
   short ident;
   short resolve;
+  short portresolve;
   short logclosing;
   short logformat;
 };
--- a/Source/ippl.l
+++ b/Source/ippl.l
@@ -75,6 +75,9 @@ file      ("/"{letfile}+)("/"{letfile}+)
 [lL][oO][gG][cC][lL][oO][sS][iI][nN][gG] return LOGCLOSING;
 [nN][oO][lL][oO][gG][cC][lL][oO][sS][iI][nN][gG] return NOLOGCLOSING;
 
+[nN][oO][pP][oO][rR][tT][rR][eE][sS][oO][lL][vV][eE] return NOPORTRESOLVE;
+[pP][oO][rR][tT][rR][eE][sS][oO][lL][vV][eE] return PORTRESOLVE;
+
 [nN][oO][rR][eE][sS][oO][lL][vV][eE] return NORESOLVE;
 [rR][eE][sS][oO][lL][vV][eE] return RESOLVE;
 
--- a/Source/ippl.y
+++ b/Source/ippl.y
@@ -61,6 +61,7 @@ unsigned short log_protocols;
 
 /* Should name resolving be done? */
 unsigned short resolve_protocols;
+unsigned short portresolve_protocols;
 
 /* Logging format for each protocol */
 unsigned short icmp_format;
@@ -100,7 +101,7 @@ struct log_info switches;
 %token<stringval> IP HOSTMASK IDENTIFIER FILENAME
 %token<longval> NUMBER
 
-%token LOGFORMAT DETAILED SHORT NORMAL RESOLVE NORESOLVE IDENT NOIDENT LOGCLOSING NOLOGCLOSING
+%token LOGFORMAT DETAILED SHORT NORMAL RESOLVE NORESOLVE IDENT NOIDENT LOGCLOSING NOLOGCLOSING PORTRESOLVE NOPORTRESOLVE
 %token RUN RUNAS EXPIRE LOG_IN LOG IGNORE FROM TO TYPE PORT SRCPORT OPTION COMMA
 %token ICMP TCP UDP ALL
 
@@ -138,6 +139,11 @@ Line:
         | NORESOLVE ProtoList EOL
           { resolve_protocols &= ~$2; }
 
+        | PORTRESOLVE ProtoList EOL
+          { portresolve_protocols |= $2; }
+        | NOPORTRESOLVE ProtoList EOL
+          { portresolve_protocols &= ~$2; }
+
         | LOGCLOSING EOL
           { log_closing = TRUE; }
         | NOLOGCLOSING EOL
@@ -249,6 +255,7 @@ Rule:
             switches.log = -1;
             switches.ident = use_ident;
             switches.resolve = -1;
+	    switches.portresolve = -1;
             switches.logformat = -1;
             switches.logclosing = log_closing;
           } 
@@ -259,6 +266,7 @@ Rule:
             $$->ident = switches.ident;
             $$->logclosing = switches.logclosing;
             $$->resolve = switches.resolve;
+            $$->portresolve = switches.portresolve;
             $$->logformat = switches.logformat;
             $$->protocol = $4.protocol;
             $$->loginfo = $4.loginfoval;
@@ -287,6 +295,8 @@ Switch:
         | NOIDENT    { switches.ident = FALSE; }
         | RESOLVE    { switches.resolve = RUN_ICMP | RUN_TCP | RUN_UDP; }
         | NORESOLVE  { switches.resolve = 0; }
+        | PORTRESOLVE    { switches.portresolve = RUN_ICMP | RUN_TCP | RUN_UDP; }
+        | NOPORTRESOLVE  { switches.portresolve = 0; }
         | SHORT      { switches.logformat = LOGFORMAT_SHORT; }
         | NORMAL     { switches.logformat = LOGFORMAT_NORMAL; }
         | DETAILED   { switches.logformat = LOGFORMAT_DETAILED; }
--- a/Source/main.c
+++ b/Source/main.c
@@ -48,6 +48,10 @@
 #include "filter.h"
 #include "pidfile.h"
 
+#ifndef PATH_MAX
+#define PATH_MAX 4096
+#endif
+
 /* Logging mechanism */
 struct loginfo log;
 
--- a/Source/netutils.c
+++ b/Source/netutils.c
@@ -237,15 +237,21 @@ void get_details(char *details,
  * Get a service name for a specified protocol
  */
 
-void service_lookup(char *proto, char *service, __u16 port) {
+void service_lookup(char *proto, char *service, __u16 port, int portresolve) {
   struct servent *se;
 
   pthread_mutex_lock(&service_mutex);
-  se = getservbyport(port, proto);
-  if (se == NULL)
-    snprintf(service, SERVICE_LENGTH, "port %d", ntohs(port));
+  if (portresolve)
+  {
+    se = getservbyport(port, proto);
+    if (se == NULL)
+      snprintf(service, SERVICE_LENGTH, "port %d", ntohs(port));
+    else {
+      snprintf(service, SERVICE_LENGTH, "%s", se->s_name);
+    }
+  }
   else {
-    snprintf(service, SERVICE_LENGTH, "%s", se->s_name);
+    snprintf(service, SERVICE_LENGTH, "port %d", ntohs(port));
   }
   pthread_mutex_unlock(&service_mutex);
 }
--- a/Source/netutils.h
+++ b/Source/netutils.h
@@ -53,6 +53,6 @@ void get_details(char *details,
                  const __u32 src_addr, const __u16 src_port,
                  const __u32 dst_addr, const __u16 dst_port);
 
-void service_lookup(char *proto, char *service, __u16 port);
+void service_lookup(char *proto, char *service, __u16 port, int portresolve);
 
 #endif
--- a/Source/tcp.c
+++ b/Source/tcp.c
@@ -51,6 +51,7 @@ int tcp_socket;
 struct loginfo tcp_log;
 extern struct loginfo log;
 extern unsigned short resolve_protocols;
+extern unsigned short portresolve_protocols;
 
 /*
  * Structure of a TCP packet
@@ -88,7 +89,7 @@ void *log_tcp_open(__u8 *pkt, __u8 *tcpp
     *details ='\0';
     host_print(remote_host, IPHDR.saddr,
                info.resolve);
-    service_lookup("tcp", service, TCPHDR.dest);
+    service_lookup("tcp", service, TCPHDR.dest, info.portresolve);
     if (info.logformat == LOGFORMAT_DETAILED) {
       get_details(details,
                   IPHDR.saddr,
@@ -186,7 +187,7 @@ void *log_tcp_close(__u8 *pkt, __u8 *tcp
     *details ='\0';
     host_print(remote_host, IPHDR.saddr,
                info.resolve);
-    service_lookup("tcp", service, TCPHDR.dest);
+    service_lookup("tcp", service, TCPHDR.dest, info.portresolve);
     if (info.logformat == LOGFORMAT_DETAILED) {
       get_details(details,
                   IPHDR.saddr,
--- a/Source/udp.c
+++ b/Source/udp.c
@@ -81,7 +81,7 @@ void *log_udppacket(__u8 *pkt) {
     *details ='\0';
     host_print(remote_host, IPHDR.saddr,
                info.resolve);
-    service_lookup("udp", service, UDPHDR.dest);
+    service_lookup("udp", service, UDPHDR.dest, info.portresolve);
     if (info.logformat == LOGFORMAT_DETAILED) {
       get_details(details,
                   IPHDR.saddr,
