Re: [snips-users] portmon with ssl support.

[Date Prev] [Date Next]

[Thread Prev] [Thread Next]

[Date Index] [Thread Index]

Re: [snips-users] portmon with ssl support.

To: Ean Kingston <ean at hedron org>
Subject: Re: [snips-users] portmon with ssl support.
From: "Allan P. Magmanlac" <allan magmanlac at nrns.ca>
Date: Wed, 07 Jul 2004 13:34:53 -0400
References: <001d01c4435a$b6697a20$d864a8c0@ho.kanetix.com> <40E2EDF6.2000009@nrns.ca> <4765.216.220.59.169.1088627520.squirrel@www.hedron.org>

I was able to produce the portmon executable by making adjustments on the gcc flags, however I'm now getting the following errors.

myserver# /usr/local/snips/bin/portmon.test
portmon.test- Reading global config file /usr/local/snips/etc/snips.conf
(portmon.test).. locked pid-file, started new process (pid=71346)
select(): Bad file descriptor
fatal error, checkports returned -1, exiting
portmon.test: removing data, pid file.... Done

Ean Kingston wrote:

Allan P. Magmanlac said:

Hi, I applied these patch to snips and run the following command and getting errors. I know these errors apparently cannot find the specifiec functions?
I belive those subroutines are in libssl.o. You would need to add -lssl to
your gcc line.
Any ideas? I'm just planning to rebuild portmon without rebuilding snips. How did you do the manual compilation. I'm using openssl OpenSSL 0.9.7d.
I built it with OpenSSL 0.9.7c so I can't imagine there would be much of a
difference.
My manual compiliation was done by first building snips in the normal way.
Then I applied my patches and ran make from the portmon directory.
I didn't include changes to the Makefile because I manually edited the one
in the portmon directory (which gets generated by the Configure script.
The changes I made are:
25c25 < OS_LIBS=-lsocket -lnsl -lresolv ---

OS_LIBS=-lsocket -lnsl -lresolv -L/usr/local/ssl/lib -lssl -lcrypto

79c79 < CFLAGS = -O $(SNIPSDEFS) $(OS_CFLAGS) -I$(SRCDIR)/include ---

CFLAGS = -O $(SNIPSDEFS) $(OS_CFLAGS) -I$(SRCDIR)/include

-I/usr/local/ssl/include

Your location for ssl library may vary.
Thanks.
myserver# pwd;ls
/usr/local/src/snips-1.1/portmon
Makefile        main.c          portmon-confg   portmon.h
Makefile.am     main.c.orig     portmon.c       portmon.h.orig
Makefile.bak    main.c.patch    portmon.c.orig  portmon.h.patch
Makefile.mid    main.o          portmon.c.patch portmon.o
myserver# gcc -O -DSNIPS -DFREEBSD4 -I/usr/local/src/snips-1.1/include main.o portmon.o -L/usr/local/src/snips-1.1/lib -L/usr/local/ssl/lib -lcrypt -lsnips -o portmon main.o: In function `main': main.o(.text+0x16): undefined reference to `SSL_load_error_strings' main.o(.text+0x1b): undefined reference to `SSL_library_init' main.o(.text+0x23): undefined reference to `SSLv23_client_method' main.o(.text+0x2b): undefined reference to `SSL_CTX_new' portmon.o: In function `checkports': portmon.o(.text+0x1aa): undefined reference to `SSL_new' portmon.o(.text+0x530): undefined reference to `SSL_set_fd' portmon.o(.text+0x567): undefined reference to `SSL_set_connect_state' portmon.o(.text+0x120b): undefined reference to `SSL_free' portmon.o: In function `send_hoststring': portmon.o(.text+0x12c8): undefined reference to `SSL_write' portmon.o: In function `process_host': portmon.o(.text+0x14ac): undefined reference to `SSL_write' portmon.o(.text+0x14f7): undefined reference to `SSL_read' portmon.o(.text+0x17ae): undefined reference to `SSL_write'
All these errors indicate that you need to link in the ssl library with
-lssl added to your gcc line.
Ean Kingston wrote:
Folks,
I needed to add https monitoring to our monitoring system at work so I
adapted portmon to work through ssl. It (obviously) needs the openssl
libraries to compile with and it doesn't allow non-ssl connections
anymore.
I didn't have a lot of time so I wasn't able to make it an option to the
existing portmon, though I'm hoping to do so in my spare time.
Attached (I hope) are diffs for the three files I modified. These are
differenced from the 1.2beta2 package of Snips.
The files to patch (from the extracted to directory) are:
include/portmon.h
portmon/main.c
portmon/portmon.c
There are no additional variables for ssl handshake timing or validating
server certificates. This just does what portmon did but through ssl.
Hopefully I will have a cleaner implementation that allows for
portmon/portmon+ssl support in one tool at some time in the future. Until
then, these patches might be useful to someone.
I don't have updates to the makefile because I did the compile of my ssl portmon by hand.

References:
- [snips-users] portmon with ssl support.
  - From: Ean Kingston

Prev by Date: Re: [snips-users] snipsweb/genweb problem
Next by Date: [snips-users] nsmon core dumps
Previous by thread: [snips-users] portmon with ssl support.
Next by thread: RE: [snips-users] portmon with ssl support.
Index(es):
- Date
- Thread

Zyrion Traverse Network Monitoring & Network Management Software