# Uwe Ellermann, Ellermann@cert.dfn.de, Tel.:+49-40-54715-262, Fax: -241 # DFN-CERT, University of Hamburg, Vogt-Koelln-Strasse 30, D-22527 Hamburg # PGP-key available via finger Ellermann@concert.cert.dfn.de or Keyserver diff -rc argus-1.5.ORIG/clients/ra.c argus-1.5/clients/ra.c *** argus-1.5.ORIG/clients/ra.c Mon May 8 23:12:58 1995 - --- argus-1.5/clients/ra.c Thu Mar 28 11:37:34 1996 *************** *** 320,328 **** if (Iflag) if (icmp->dstaddr.s_addr) { u_long addr = icmp->dstaddr.s_addr; ! sprintf (&icmptype[strlen(icmptype)], " %s", ! getnetname (getnetnumber (addr & ! ipaddrtonetmask (addr)))); } break; case ICMP_UNREACH_HOST: - --- 320,326 ---- if (Iflag) if (icmp->dstaddr.s_addr) { u_long addr = icmp->dstaddr.s_addr; ! sprintf (&icmptype[strlen(icmptype)], " Buggy"); } break; case ICMP_UNREACH_HOST: diff -rc argus-1.5.ORIG/clients/services.c argus-1.5/clients/services.c *** argus-1.5.ORIG/clients/services.c Mon May 8 23:12:58 1995 - --- argus-1.5/clients/services.c Thu Mar 28 11:37:39 1996 *************** *** 184,190 **** struct writeStruct *ptr; double seconds; { - - if (!(ptr->status & DETAIL)) do_stats (ptr, NULL, 0, seconds); } - --- 184,189 ---- *************** *** 199,205 **** { double seconds; ! if ((ptr->status & CON_ESTABLISHED) && (ptr->status & (SAW_SYN_SENT | SAW_SYN ))) { seconds = (double)(((double)(ptr->lasttime.tv_sec-ptr->startime.tv_sec)) + ((ptr->lasttime.tv_usec - ptr->startime.tv_usec)/1000000.0)); - --- 198,205 ---- { double seconds; ! if ((!(ptr->status & DETAIL)) && (ptr->status & CON_ESTABLISHED) ! && (ptr->status & (SAW_SYN_SENT | SAW_SYN ))) { seconds = (double)(((double)(ptr->lasttime.tv_sec-ptr->startime.tv_sec)) + ((ptr->lasttime.tv_usec - ptr->startime.tv_usec)/1000000.0)); *************** *** 248,254 **** } else stats = &total_stats; ! if (ptr->src_bytes > 0) { do_particular_stats (ptr, stats, seconds); if ((index == DST) || !(net_obj)) - --- 248,254 ---- } else stats = &total_stats; ! if (ptr->src_bytes || ptr->dst_bytes) { do_particular_stats (ptr, stats, seconds); if ((index == DST) || !(net_obj)) *************** *** 549,566 **** if (start = port) { do { ! if (port->stats.src.bytes != 0) { ! switch (port->proto) { ! case TCP: servstr = tcpport_string(port->port); ! protostr = "tcp"; break; ! case UDP: servstr = udpport_string(port->port); ! protostr = "udp"; break; ! default: servstr = " "; ! protostr = "unk"; break; ! } ! sprintf (str, "\n%s %s %6.6s ", string, protostr, servstr); ! print_stats_data (str, &port->stats); } port = port->nxt; } while (port != start); } - --- 549,564 ---- if (start = port) { do { ! switch (port->proto) { ! case TCP: servstr = tcpport_string(port->port); ! protostr = "tcp"; break; ! case UDP: servstr = udpport_string(port->port); ! protostr = "udp"; break; ! default: servstr = " "; ! protostr = "unk"; break; } + sprintf (str, "\n%s %s %6.6s ", string, protostr, servstr); + print_stats_data (str, &port->stats); port = port->nxt; } while (port != start); } diff -rc argus-1.5.ORIG/common/argus_parse.c argus-1.5/common/argus_parse.c *** argus-1.5.ORIG/common/argus_parse.c Mon May 8 23:13:04 1995 - --- argus-1.5/common/argus_parse.c Thu Mar 28 11:37:59 1996 *************** *** 632,643 **** if (tmp->status & IPPROTOMASK) { tmp->status |= IPPROTO; - - if ((dport > sport) && (sport != 0)) { - - tmp->status |= REVERSE; - - sport = ((unsigned short *) &tmp->addr.port)[1]; - - dport = ((unsigned short *) &tmp->addr.port)[0]; - - } switch (tmp->status & IPPROTOMASK) { case TCPPROTO: if (dport == 20) - --- 632,655 ---- if (tmp->status & IPPROTOMASK) { tmp->status |= IPPROTO; + /* Folgenden 3 Zeilen als Patch eingefuegt nach Mail vom 2.8.95 + * Problem: Anzeige der Richtung von TCP-Verbindungen war falsch */ + + if (!((tmp->status & TCPPROTO) && + ((tmp->status & SAW_SYN) || + (tmp->status & SAW_SYN_SENT)))) + + if ((dport > sport) && (sport != 0)) { + tmp->status |= REVERSE; + sport = ((unsigned short *) &tmp->addr.port)[1]; + dport = ((unsigned short *) &tmp->addr.port)[0]; + } + + + + + switch (tmp->status & IPPROTOMASK) { case TCPPROTO: if (dport == 20) diff -rc argus-1.5.ORIG/server/tcp_wrapper.c argus-1.5/server/tcp_wrapper.c *** argus-1.5.ORIG/server/tcp_wrapper.c Mon May 8 23:13:06 1995 - --- argus-1.5/server/tcp_wrapper.c Thu Mar 28 11:38:14 1996 *************** *** 38,44 **** #include #endif ! #define FACILITY LOG_MAIL #define SEVERITY LOG_INFO int allow_severity = SEVERITY; /* run-time adjustable */ - --- 38,44 ---- #include #endif ! #define FACILITY LOG_DAEMON #define SEVERITY LOG_INFO int allow_severity = SEVERITY; /* run-time adjustable */ -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMVpzJuTyai8iNKttAQFTxQQAi+C9CqMayUR+YwXgPunq2STYpbRBW1+h nf735Kf3v8VVJuyvkLj6XxJPWGrJxNqutQZs6PUaBlLmw8qwmsoRurE6c7KIjOX4 oiJrNNo4mC6mes6CFEoXcj5s7bUXfpmVAwYk/zBIOVPBwXWbmE/Ib/1WoQoyZudA aIiGoyXkZ/8= =t71u -----END PGP SIGNATURE-----