Fix cursor update when firewall log rotate, add system signal handler…

… to quit program icleanly, performance improvement Fix : Cursor is now wrote with 0 padding to fix issue with firewall log rotation Improvements : Cursor file is opened once when the program starts and is closed only when the program stops Add a signal handler to quit the program cleanly
certego · Nov 6, 2017 · edda972 · edda972
1 parent e843a0f
commit edda972
Show file tree

Hide file tree

Showing 4 changed files with 129 additions and 55 deletions.
diff --git a/fw1-cursor.c b/fw1-cursor.c
@@ -1,50 +1,20 @@
 #include "fw1-cursor.h"
 
-int read_fw1_cursorfile (const char *LogfileName) {
-  FILE *fd;
-  char line[POSITION_MAX_SIZE];
+int read_fw1_cursorfile () {
+   rewind (cursorstream);
+   fgets (cursorline, (POSITION_MAX_SIZE + 1), cursorstream);
 
-  char *current_cursor = get_fw1_cursorname (LogfileName);
-  fd = fopen (current_cursor,"r");
-
-  if (fd == NULL)
-   {
-      fprintf (stderr, "Error while opening the file %s in read mode.\n", current_cursor);
-      fprintf (stderr, "Maybe, it doesn't exist yet.\n");
-      free(current_cursor);
-      return 0;
-   }
-   free(current_cursor);
-
-   fgets (line, POSITION_MAX_SIZE, fd);
-   fclose (fd);
-
-   return atoi (line);
+   return atoi (cursorline);
 }
 
-void write_fw1_cursorfile (const char *LogfileName, const char *message, const char separator) {
-  FILE *fd;
-
-  char *current_cursor = get_fw1_cursorname (LogfileName);
+/* Write next log position
+ * return number of characters written
+ */
+int write_fw1_cursorfile (const char *message, const char separator) {
   char position[POSITION_MAX_SIZE];
   int i, j = 0;
 
-  fd = fopen (current_cursor,"r+");
-
-  if (fd == NULL)
-   {
-      fprintf (stderr, "Error while opening the file %s in r+ mode.\n", current_cursor);
-      fprintf (stderr, "Maybe, it doesn't exist yet. Trying to open it in w mode.\n");
-
-      fd = fopen (current_cursor,"w");
-      if (fd == NULL)
-      {
-          fprintf (stderr, "Error while opening the file %s in w mode also.\n", current_cursor);
-          free(current_cursor);
-          exit (EXIT_FAILURE);
-      }
-   }
-   free(current_cursor);
+  rewind (cursorstream);
 
    // Extract cuurent position from message
    for (i=4; i<strlen (message); i++)
@@ -60,20 +30,48 @@ void write_fw1_cursorfile (const char *LogfileName, const char *message, const c
      }
    }
 
-   fprintf (fd, "%d", atoi (position)+1);
-   fclose (fd);
+   return fprintf (cursorstream, "%0" TOSTRING(POSITION_MAX_SIZE) "d\n", atoi (position)+1);
 }
 
 char* get_fw1_cursorname(const char *LogfileName) {
-  char *cursor_name =
+  char *cursorname =
     (char *) malloc (strlen (LogfileName) + 7);
-  if (cursor_name == NULL)
+  if (cursorname == NULL)
     {
       fprintf (stderr, "ERROR: Out of memory\n");
       exit(EXIT_FAILURE);
     }
-  strcpy (cursor_name, LogfileName);
-  strcat (cursor_name, ".cursor");
+  strcpy (cursorname, LogfileName);
+  strcat (cursorname, ".cursor");
+
+  return cursorname;
+}
+
+void open_fw1_cursorfile (const char *LogfileName) {
+  char *cursorname = get_fw1_cursorname (LogfileName);
+
+  // Open the file in "a" mode first to create it if it doesn't exist yet
+  cursorstream = fopen (cursorname,"a");
+  if (cursorstream == NULL)
+   {
+      fprintf (stderr, "Error while opening the file %s in a mode.\n", cursorname);
+      free (cursorname);
+      exit(EXIT_FAILURE);
+   }
+   fclose (cursorstream);
+
+  // Open the file in "a" mode first to create it if it doesn't exist yet
+  cursorstream = fopen (cursorname,"r+");
+   if (cursorstream == NULL)
+    {
+       fprintf (stderr, "Error while opening the file %s in r+ mode.\n", cursorname);
+       free (cursorname);
+       exit(EXIT_FAILURE);
+    }
+
+    free (cursorname);
+}
 
-  return cursor_name;
+void  close_fw1_cursorfile() {
+  fclose (cursorstream);
 }
diff --git a/fw1-cursor.h b/fw1-cursor.h
@@ -5,10 +5,17 @@
 #include <stdlib.h>
 #include <string.h>
 
-#define POSITION_MAX_SIZE 20
+#define STRINGIFY(x) #x
+#define TOSTRING(x) STRINGIFY(x)
+#define POSITION_MAX_SIZE 32
 
-int   read_fw1_cursorfile(const char *LogfileName); // Return next log position from cursor file
-void  write_fw1_cursorfile(const char *LogfileName, const char *message, const char separator); // Deduce next log position from current message
-char* get_fw1_cursorname(const char *LogfileName); // Give cursor name associated with log file
+FILE *cursorstream;
+char cursorline[POSITION_MAX_SIZE + 1];
+
+int read_fw1_cursorfile (); // Return next log position from cursor file
+int write_fw1_cursorfile (const char *message, const char separator); // Deduce next log position from current message
+char* get_fw1_cursorname (const char *LogfileName); // Give cursor name associated with log file
+void open_fw1_cursorfile (const char *LogfileName); // Initialize cursorstream file handler
+void close_fw1_cursorfile (); // Close cursorstream file handler
 
 #endif
diff --git a/fw1-loggrabber.c b/fw1-loggrabber.c
@@ -368,6 +368,17 @@ main (int argc, char *argv[])
         }
     }
 
+  /*
+   * add signal handler to stop the program properly
+   */
+  struct sigaction sa;
+  memset(&sa, 0, sizeof(sa));
+  sa.sa_handler=&signal_handler;
+  sigemptyset(&sa.sa_mask);
+  sigaction(SIGINT,&sa,0);
+  sigaction(SIGQUIT,&sa,0);
+  sigaction(SIGTERM,&sa,0);
+
 /* A mutex object to provide safe manipulation of Check Point FW-1 event queue across multiple threads.  */
   pthread_mutex_init(&mutex, NULL);
 
@@ -377,6 +388,7 @@ main (int argc, char *argv[])
   logging_init_env (cfgvalues.log_mode);
 
   open_log ();
+  open_fw1_cursorfile (cfgvalues.fw1_logfile);
 
   createThread(&threadid, leaRecordProcessor, NULL);
 
@@ -434,6 +446,7 @@ main (int argc, char *argv[])
                    "ERROR: Option --showfiles is not supported for Checkpoint FW-1 2000 or in online modes.\n");
         }
       close_log ();
+      close_fw1_cursorfile ();
       exit_loggrabber (0);
     }
 
@@ -490,6 +503,7 @@ main (int argc, char *argv[])
     }
 
   close_log ();
+  close_fw1_cursorfile ();
 
   exit_loggrabber (0);
   return (0);
@@ -718,7 +732,7 @@ read_fw1_logfile (char **LogfileName)
             {
               pSession =
                 lea_new_session (pClient, pServer, LEA_ONLINE, LEA_FILENAME,
-                                 *LogfileName, LEA_AT_POS, read_fw1_cursorfile (*LogfileName));
+                                 *LogfileName, LEA_AT_POS, read_fw1_cursorfile ());
             }
           else
             {
@@ -751,7 +765,7 @@ read_fw1_logfile (char **LogfileName)
               pSession =
                 lea_new_suspended_session (pClient, pServer, LEA_ONLINE,
                                            LEA_UNIFIED_SINGLE, *LogfileName,
-                                           LEA_AT_POS, read_fw1_cursorfile (*LogfileName));
+                                           LEA_AT_POS, read_fw1_cursorfile ());
             }
           else
             {
@@ -4969,7 +4983,16 @@ submit_syslog (char *message)
       fprintf (stderr, "DEBUG: Submit message to Syslog.\n");
     }
   syslog (LOG_NOTICE, "%s", message);
-  write_fw1_cursorfile ((lea_get_logfile_desc (pSession))->filename, message, cfgvalues.record_separator); // update cursor
+
+  // update cursor
+  int nbchar = write_fw1_cursorfile (message, cfgvalues.record_separator);
+  if (nbchar != (POSITION_MAX_SIZE + 1))
+    {
+      fprintf (stderr, "ERROR: Error when updating cursor.\n");
+      fprintf (stderr, "ERROR: %d characters written instead of %d.\n", nbchar, (POSITION_MAX_SIZE + 1));
+      exit_loggrabber (1);
+    }
+
   return;
 }
 
@@ -5022,7 +5045,16 @@ submit_screen (char *message)
     }
   fprintf (stdout, "%s\n", message);
   fflush (NULL);
-  write_fw1_cursorfile ((lea_get_logfile_desc (pSession))->filename, message, cfgvalues.record_separator); // update cursor
+
+  // update cursor
+  int nbchar = write_fw1_cursorfile (message, cfgvalues.record_separator);
+  if (nbchar != (POSITION_MAX_SIZE + 1))
+    {
+      fprintf (stderr, "ERROR: Error when updating cursor.\n");
+      fprintf (stderr, "ERROR: %d characters written instead of %d.\n", nbchar, (POSITION_MAX_SIZE + 1));
+      exit_loggrabber (1);
+    }
+
   return;
 }
 
@@ -5110,7 +5142,15 @@ submit_logfile (char *message)
     }
 
   fprintf (logstream, "%s\n", message);
-  write_fw1_cursorfile ((lea_get_logfile_desc (pSession))->filename, message, cfgvalues.record_separator); // update cursor
+
+  // update cursor
+  int nbchar = write_fw1_cursorfile (message, cfgvalues.record_separator);
+  if (nbchar != (POSITION_MAX_SIZE + 1))
+    {
+      fprintf (stderr, "ERROR: Error when updating cursor.\n");
+      fprintf (stderr, "ERROR: %d characters written instead of %d.\n", nbchar, (POSITION_MAX_SIZE + 1));
+      exit_loggrabber (1);
+    }
 
   //Check and see if it reaches the log file limitation
   fseek (logstream, 0, SEEK_CUR);
@@ -5610,3 +5650,28 @@ ThreadFuncReturnType leaRecordProcessor( void *data ){
 
         return 0;
 }
+
+/* Function to quit the program properly */
+void signal_handler(int signal)
+{
+  fprintf (stderr, "Signal %d received. The program will stop properly\n", signal);
+
+  if (cfgvalues.debug_mode)
+    {
+      fprintf (stderr, "DEBUG: Stopping the main loop\n");
+    }
+  keepAlive = FALSE;
+
+  if (cfgvalues.debug_mode)
+    {
+      fprintf (stderr, "DEBUG: Stopping the thread reading message from queue\n");
+    }
+  alive = FALSE;
+  SLEEP (1); // Sleep to permit the thread stopping properly before ending OPSEC session
+
+  if (cfgvalues.debug_mode)
+    {
+      fprintf (stderr, "DEBUG: Ending the OPSEC session\n");
+    }
+  opsec_raise_event (pEnv, shutdownent, (void *) 0);
+}
diff --git a/fw1-loggrabber.h b/fw1-loggrabber.h
@@ -35,6 +35,7 @@
 #include <stdlib.h>
 #include <ctype.h>
 #include <time.h>
+#include <signal.h>
 
 #define  SLEEP(sec) sleep(sec)
 #include <netinet/in.h>
@@ -321,6 +322,9 @@ void (*submit_log) (char *message);
 //pointer to function close log pipe
 void (*close_log) ();
 
+//handle signal termination properly 
+void signal_handler(int signal);
+
 /*
  * Global definitions
  */