| 1 |
/* |
| 2 |
Shared library add-on to iptables to add PSD support |
| 3 |
|
| 4 |
Copyright (C) 2000,2001 astaro AG |
| 5 |
|
| 6 |
This file is distributed under the terms of the GNU General Public |
| 7 |
License (GPL). Copies of the GPL can be obtained from: |
| 8 |
ftp://prep.ai.mit.edu/pub/gnu/GPL |
| 9 |
|
| 10 |
2000-05-04 Markus Hennig <hennig@astaro.de> : initial |
| 11 |
2000-08-18 Dennis Koslowski <koslowski@astaro.de> : first release |
| 12 |
2000-12-01 Dennis Koslowski <koslowski@astaro.de> : UDP scans detection added |
| 13 |
2001-02-04 Jan Rekorajski <baggins@pld.org.pl> : converted from target to match |
| 14 |
2003-03-02 Harald Welte <laforge@netfilter.org>: fix 'storage' bug |
| 15 |
2008-06-25 Luiz Capitulino <lcapitulino@mandriva.com.br>: converted from |
| 16 |
target to match again (target interface has been added back someway) |
| 17 |
*/ |
| 18 |
|
| 19 |
#include <stdio.h> |
| 20 |
#include <netdb.h> |
| 21 |
#include <string.h> |
| 22 |
#include <stdlib.h> |
| 23 |
#include <syslog.h> |
| 24 |
#include <getopt.h> |
| 25 |
#include <iptables.h> |
| 26 |
#include <linux/netfilter_ipv4/ip_tables.h> |
| 27 |
#include <linux/netfilter_ipv4/ipt_psd.h> |
| 28 |
|
| 29 |
|
| 30 |
/* Function which prints out usage message. */ |
| 31 |
static void |
| 32 |
psd_help(void) |
| 33 |
{ |
| 34 |
printf( |
| 35 |
"psd options:\n" |
| 36 |
" --psd-weight-threshold threshhold Portscan detection weight threshold\n\n" |
| 37 |
" --psd-delay-threshold delay Portscan detection delay threshold\n\n" |
| 38 |
" --psd-lo-ports-weight lo Privileged ports weight\n\n" |
| 39 |
" --psd-hi-ports-weight hi High ports weight\n\n"); |
| 40 |
} |
| 41 |
|
| 42 |
static struct option psd_opts[] = { |
| 43 |
{ "psd-weight-threshold", 1, 0, '1' }, |
| 44 |
{ "psd-delay-threshold", 1, 0, '2' }, |
| 45 |
{ "psd-lo-ports-weight", 1, 0, '3' }, |
| 46 |
{ "psd-hi-ports-weight", 1, 0, '4' }, |
| 47 |
{ 0 } |
| 48 |
}; |
| 49 |
|
| 50 |
/* Initialize the target. */ |
| 51 |
static void |
| 52 |
psd_init(struct xt_entry_match *m) |
| 53 |
{ |
| 54 |
struct ipt_psd_info *psdinfo = (struct ipt_psd_info *)m->data; |
| 55 |
|
| 56 |
psdinfo->weight_threshold = SCAN_WEIGHT_THRESHOLD; |
| 57 |
psdinfo->delay_threshold = SCAN_DELAY_THRESHOLD; |
| 58 |
psdinfo->lo_ports_weight = PORT_WEIGHT_PRIV; |
| 59 |
psdinfo->hi_ports_weight = PORT_WEIGHT_HIGH; |
| 60 |
} |
| 61 |
|
| 62 |
|
| 63 |
typedef struct _code { |
| 64 |
char *c_name; |
| 65 |
int c_val; |
| 66 |
} CODE; |
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
#define IPT_PSD_OPT_CTRESH 0x01 |
| 71 |
#define IPT_PSD_OPT_DTRESH 0x02 |
| 72 |
#define IPT_PSD_OPT_LPWEIGHT 0x04 |
| 73 |
#define IPT_PSD_OPT_HPWEIGHT 0x08 |
| 74 |
|
| 75 |
/* Function which parses command options; returns true if it |
| 76 |
ate an option */ |
| 77 |
static int |
| 78 |
psd_parse(int c, char **argv, int invert, unsigned int *flags, |
| 79 |
const void *entry, struct xt_entry_match **match) |
| 80 |
{ |
| 81 |
struct ipt_psd_info *psdinfo = (struct ipt_psd_info *)(*match)->data; |
| 82 |
unsigned int num; |
| 83 |
|
| 84 |
switch (c) { |
| 85 |
/* PSD-weight-threshold */ |
| 86 |
case '1': |
| 87 |
if (*flags & IPT_PSD_OPT_CTRESH) |
| 88 |
xtables_error(PARAMETER_PROBLEM, |
| 89 |
"Can't specify --psd-weight-threshold " |
| 90 |
"twice"); |
| 91 |
if (xtables_strtoui(optarg, NULL, &num, 0, 10000) == -1) |
| 92 |
xtables_error(PARAMETER_PROBLEM, |
| 93 |
"bad --psd-weight-threshold `%s'", optarg); |
| 94 |
psdinfo->weight_threshold = num; |
| 95 |
*flags |= IPT_PSD_OPT_CTRESH; |
| 96 |
break; |
| 97 |
|
| 98 |
/* PSD-delay-threshold */ |
| 99 |
case '2': |
| 100 |
if (*flags & IPT_PSD_OPT_DTRESH) |
| 101 |
xtables_error(PARAMETER_PROBLEM, |
| 102 |
"Can't specify --psd-delay-threshold twice"); |
| 103 |
if (xtables_strtoui(optarg, NULL, &num, 0, 10000) == -1) |
| 104 |
xtables_error(PARAMETER_PROBLEM, |
| 105 |
"bad --psd-delay-threshold `%s'", optarg); |
| 106 |
psdinfo->delay_threshold = num; |
| 107 |
*flags |= IPT_PSD_OPT_DTRESH; |
| 108 |
break; |
| 109 |
|
| 110 |
/* PSD-lo-ports-weight */ |
| 111 |
case '3': |
| 112 |
if (*flags & IPT_PSD_OPT_LPWEIGHT) |
| 113 |
xtables_error(PARAMETER_PROBLEM, |
| 114 |
"Can't specify --psd-lo-ports-weight twice"); |
| 115 |
if (xtables_strtoui(optarg, NULL, &num, 0, 10000) == -1) |
| 116 |
xtables_error(PARAMETER_PROBLEM, |
| 117 |
"bad --psd-lo-ports-weight `%s'", optarg); |
| 118 |
psdinfo->lo_ports_weight = num; |
| 119 |
*flags |= IPT_PSD_OPT_LPWEIGHT; |
| 120 |
break; |
| 121 |
|
| 122 |
/* PSD-hi-ports-weight */ |
| 123 |
case '4': |
| 124 |
if (*flags & IPT_PSD_OPT_HPWEIGHT) |
| 125 |
xtables_error(PARAMETER_PROBLEM, |
| 126 |
"Can't specify --psd-hi-ports-weight twice"); |
| 127 |
if (xtables_strtoui(optarg, NULL, &num, 0, 10000) == -1) |
| 128 |
xtables_error(PARAMETER_PROBLEM, |
| 129 |
"bad --psd-hi-ports-weight `%s'", optarg); |
| 130 |
psdinfo->hi_ports_weight = num; |
| 131 |
*flags |= IPT_PSD_OPT_HPWEIGHT; |
| 132 |
break; |
| 133 |
|
| 134 |
default: |
| 135 |
return 0; |
| 136 |
} |
| 137 |
|
| 138 |
return 1; |
| 139 |
} |
| 140 |
|
| 141 |
/* Final check; nothing. */ |
| 142 |
static void psd_check(unsigned int flags) |
| 143 |
{ |
| 144 |
return; |
| 145 |
} |
| 146 |
|
| 147 |
/* Prints out the targinfo. */ |
| 148 |
static void |
| 149 |
psd_print(const void *ip, const struct xt_entry_match *match, |
| 150 |
int numeric) |
| 151 |
{ |
| 152 |
const struct ipt_psd_info *psdinfo |
| 153 |
= (const struct ipt_psd_info *)match->data; |
| 154 |
|
| 155 |
printf("psd "); |
| 156 |
printf("weight-threshold: %u ", psdinfo->weight_threshold); |
| 157 |
printf("delay-threshold: %u ", psdinfo->delay_threshold); |
| 158 |
printf("lo-ports-weight: %u ", psdinfo->lo_ports_weight); |
| 159 |
printf("hi-ports-weight: %u ", psdinfo->hi_ports_weight); |
| 160 |
} |
| 161 |
|
| 162 |
/* Saves the union ipt_targinfo in parsable form to stdout. */ |
| 163 |
static void |
| 164 |
psd_save(const void *ip, const struct xt_entry_match *match) |
| 165 |
{ |
| 166 |
const struct ipt_psd_info *psdinfo |
| 167 |
= (const struct ipt_psd_info *)match->data; |
| 168 |
|
| 169 |
printf("--psd-weight-threshold %u ", psdinfo->weight_threshold); |
| 170 |
printf("--psd-delay-threshold %u ", psdinfo->delay_threshold); |
| 171 |
printf("--psd-lo-ports-weight %u ", psdinfo->lo_ports_weight); |
| 172 |
printf("--psd-hi-ports-weight %u ", psdinfo->hi_ports_weight); |
| 173 |
} |
| 174 |
|
| 175 |
static struct xtables_match psd_tg_reg = { |
| 176 |
.name = "psd", |
| 177 |
.version = XTABLES_VERSION, |
| 178 |
.size = XT_ALIGN(sizeof(struct ipt_psd_info)), |
| 179 |
.userspacesize = XT_ALIGN(sizeof(struct ipt_psd_info)), |
| 180 |
.help = psd_help, |
| 181 |
.init = psd_init, |
| 182 |
.parse = psd_parse, |
| 183 |
.final_check = psd_check, |
| 184 |
.print = psd_print, |
| 185 |
.save = psd_save, |
| 186 |
.extra_opts = psd_opts, |
| 187 |
}; |
| 188 |
|
| 189 |
void _init(void) |
| 190 |
{ |
| 191 |
xtables_register_match(&psd_tg_reg); |
| 192 |
} |
Parent Directory
| 
Revision Log