changes

基于TCP-WRAP原理的系统监控的c语言实现代码

Request: after building the programs, please run the `tcpdchk' wrapper
configuration checker. See the `tcpdchk.8' manual page (`nroff -man'
format) for instructions. `tcpdchk' automatically identifies the most
common configuration problems, and will save you and me a lot of time.

Changes per release 7.6 (Mar 1997)
==================================

- Improved the anti source-routing protection. The code in version
7.5 was not as strong as it could be, because I tried to be compatible
with Linux. That was a mistake. Sorry for the inconvenience.

- The program no longer terminates case of a source-routed connection,
making the IP-spoofing code more usable for long-running daemons.

- When syslogging DNS hostname problems, always stop after a limited
number of characters.

Changes per release 7.5 (Feb 1997)
==================================

- Optionally refuse source-routed TCP connections requests altogether.
Credits to Niels Provos of Universitaet Hamburg.  File: fix_options.c.

- Support for IRIX 6 (Lael Tucker).

- Support for Amdahl UTS 2.1.5 (Richard E. Richmond).

- Support for SINIX 5.42 (Klaus Nielsen).

- SCO 5 now has vsyslog() (Bill Golden).

- Hints and tips for dealing with IRIX inetd (Niko Makila, Aaron
M Lee).

- Support for BSD/OS (Paul Borman).

- Support for Tandem (Emad Qawas).

- Support for ISC (Frederick B. Cohen).

- Workaround for UNICOS - it would choke on a setjmp() expression
(Bruce Kelly). File: hosts_access.c, tcpdchk.c.

- Increased the level of buffer overflow paranoia when printing
unwanted IP options.  File: fix_options.c.

Changes per release 7.4 (Mar 1996)
==================================

- IRIX 5.3 (and possibly, earlier releases, too) library routines call
the non-reentrant strtok() routine. The result is that hosts may slip
through allow/deny filters. Workaround is to not rely on the vendor's
strtok() routine (#ifdef LIBC_CALLS_STRTOK). Credits to Th. Eifert
(Aachen University) for spotting this one. This fix supersedes the
earlier workaround for a similar problem in FreeBSD 2.0.

Changes per release 7.3 (Feb 1996)
==================================

- More tests added to tcpdchk and tcpdmatch: make sure that the
REAL_DAEMON_DIR actually is a directory and not a regular file;
detect if tcpd recursively calls itself.

- Edwin Kremer found an amusing fencepost error in the xgets()
routine: lines longer than BUFLEN characters would be garbled.

- The access control routines now refuse to execute "dangerous" actions
such as `twist' when they are called from within a resident process.
This prevents you from shooting yourself into the foot with critical
systems programs such as, e.g., portmap or rpcbind.

- Support for Unicos 8.x (Bruce Kelly). The program now closes the
syslog client socket before running the real daemon: Cray UNICOS
refuses to checkpoint processes with open network ports.

- Support for MachTen UNIX (Albert M.C Tam).

- Support for Interactive UNIX R3.2 V4.0 (Bobby D. Wright).

- Support for SCO 3.2v5.0.0 OpenServer 5 (bob@odt.handy.com)

- Support for Unixware 1.x and Unixware 2.x.  The old Unixware Makefile
rule was broken. Sorry about that.

- Some FreeBSD 2.0 libc routines call strtok() and severely mess up the
allow/deny rule processing. This is very bad. Workaround:  call our own
strtok() clone (#ifdef USE_STRSEP).

- The programs now log a warning when they detect that a non-existent
banner directory is specified.

- The hosts_access.3 manual page used obsolete names for the RQ_*
constants.

Changes per release 7.2 (Jan 1995)
==================================

- Added a note to the README and manpages on using the IDENT service to
detect sequence number spoofing and other host impersonation attacks.

- Portability: ConvexOS puts RPC version numbers before the daemon path
name (Jukka Ukkonen).

- Portability: the AIX compiler disliked the strchr() declaration
in socket.c.  I should have removed it when I included <string.h>.

- Backwards compatibility: some people relied on the old leading dot or
trailing dot magic in daemon process names.

- Backwards compatibility: hostname lookup remains enabled when
-DPARANOID is turned off. In order to disable hostname lookups you
must turn off -DALWAYS_HOSTNAME.

- Eliminated false complaints from the tcpdmatch/tcpdchk configuration
checking programs about process names not in inetd.conf or about KNOWN
username patterns.

Changes per release 7.1 (Jan 1995)
==================================

- Portability: HP-UX permits you to break inetd.conf entries with
backslash-newline.

- Portability: EP/IX has no putenv() and some inetd.conf entries are
spread out over two lines.

- Portability: SCO with NIS support has no *netgrent() routines.

Changes per release 7.0 (Jan 1995) 
==================================

- Added a last-minute workaround for a Solaris 2.4 gethostbyname()
foulup with multi-homed hosts in DNS through NIS mode.

- Added a last-minute defense against TLI weirdness: address lookups
apparently succeed but the result netbuf is empty (ticlts transport).

- Dropped several new solutions that were in need of a problem. Beta
testers may recognize what new features were kicked out during the last
weeks before release 7.0 came out. Such is life.

- Got rid of out the environment replacement routines, at least for
most architectures. One should not have to replace working system
software when all that is needed is a 4.4BSD setenv() emulator.

- By popular request I have added an option to send banner messages to
clients. There is a Banners.Makefile that gives some aid for sites that
are going to use this feature. John C. Wingenbach did some pioneering
work here. I used to think that banners are frivolous. Now that I had
a personal need for them I know that banners can be useful.

- At last: an extensible functional interface to the pattern matching
engine. request_init() and request_set() accept a variable-length
name-value argument list.  The result can be passed to hosts_access().

- When PARANOID mode is disabled (compile time), the wrapper does no
hostname lookup or hostname double checks unless required by %letter
expansions, or by access control rules that match host names.  This is
useful for sites that don't care about internet hostnames anyway.
Inspired by the authors of the firewalls and internet security book.

- When PARANOID mode is disabled (compile time), hosts with a name/name
or name/address conflict can be matched with the PARANOID host wildcard
pattern, so that you can take some intelligent action instead of just
dropping clients. Like showing a banner that explains the problem.

- New percent escapes: %A expands to the server address; %H expands to
the corresponding hostname (or address if no name is available); %n and
%N expand to the client and server hostname (or "unknown"); %s expands
to everything we know about the server endpoint (the opposite of the %c
sequence for client information).

- Symmetry: server and client host information is now treated on equal
footing, so that we can reuse a lot of code.

- Lazy evaluation of host names, host addresses, usernames, and so on,
to avoid doing unnecessary work.

- Dropping #ifdefs for some archaic systems made the code simpler.

- Dropping the FAIL pattern made the pattern matcher much simpler.  Run
the "tcpdchk" program to scan your access control files for any uses of
this obscure language feature.

- Moving host-specific pattern matching from string_match() to the
host_match() routine made the code more accurate.  Run the "tcpdchk"
program to scan your access control files for any dependencies on
undocumented or obscure language features that are gone.

- daemon@host patterns trigger on clients that connect to a specific
internet address.  This can be useful for service providers that offer
multiple ftp or www archives on different internet addresses, all
belonging to one and the same host (www.foo.com, ftp.bar.com, you get
the idea).  Inspired by a discussion with Rop Gonggrijp, Cor Bosman,
and Casper Dik, and earlier discussions with Adrian van Bloois.

- The new "tcpdchk" program critcizes all your access control rules and
inetd.conf entries. Great for spotting obscure bugs in my own hosts.xxx
files. This program also detects hosts with name/address conflicts and
with other DNS-related problems. See the "tcpdchk.8" manual page.

- The "tcpdmatch" program replaces the poor old "try" command. The new
program looks in your inetd.conf file and therefore produces much more
accurate predictions. In addition, it detects hosts with name/address
conflicts and with other DNS-related problems. See the "tcpdmatch.8"
manual page.  The inetd.conf lookup was suggested by Everett F Batey.

- In the access control tables, the `=' between option name and value
is no longer required.

- Added 60-second timeout to the safe_finger command, to cover another
potential problem. Suggested by Peter Wemm.

- Andrew Maffei provided code that works with WIN-TCP on NCR System V.4
UNIX. It reportedly works with versions 02.02.01 and 02.03.00. The code
pops off all streams modules above the device driver, pushes the timod
module to get at the peer address, and then restores the streams stack
to the initial state.

Changes per release 6.3 (Mar 1994)
==================================

- Keepalives option, to get rid of stuck daemons when people turn off
their PC while still connected. Files: options.c, hosts_options.5.