1 /* Copyright (C) 2009 Trend Micro Inc.
4 * This program is a free software; you can redistribute it
5 * and/or modify it under the terms of the GNU General Public
6 * License (version 2) as published by the FSF - Free Software
11 * Listen to remote packets and forward them to the analysis system
15 #include "os_net/os_net.h"
18 /* Global variables */
23 /* Handle remote connections */
24 void HandleRemote(int position, int uid)
26 /* If syslog connection and allowips is not defined, exit */
27 if (logr.conn[position] == SYSLOG_CONN) {
28 if (logr.allowips == NULL) {
29 ErrorExit(NO_SYSLOG, ARGV0);
33 tmp_ips = logr.allowips;
35 verbose("%s: Remote syslog allowed from: '%s'",
36 ARGV0, (*tmp_ips)->ip);
43 if (logr.proto[position] == IPPROTO_TCP) {
45 logr.netinfo = OS_Bindporttcp(logr.port[position], logr.lip[position]);
46 if (logr.netinfo->status < 0) {
47 ErrorExit(BIND_ERROR, ARGV0, logr.port[position]);
50 /* Using UDP. Fast, unreliable... perfect */
52 logr.netinfo = OS_Bindportudp(logr.port[position], logr.lip[position]);
53 if (logr.netinfo->status < 0) {
54 ErrorExit(BIND_ERROR, ARGV0, logr.port[position]);
58 /* Revoke privileges */
59 if (Privsep_SetUser(uid) < 0) {
60 ErrorExit(SETUID_ERROR, ARGV0, REMUSER, errno, strerror(errno));
64 if (CreatePID(ARGV0, getpid()) < 0) {
65 ErrorExit(PID_ERROR, ARGV0);
68 /* Start up message */
69 verbose(STARTUP_MSG, ARGV0, (int)getpid());
71 /* If secure connection, deal with it */
72 if (logr.conn[position] == SECURE_CONN) {
76 else if (logr.proto[position] == IPPROTO_TCP)
81 /* If not, deal with syslog */