~ubuntu-branches/ubuntu/lucid/xtables-addons/lucid

Viewing changes to extensions/libxt_psd.c

Committer: Bazaar Package Importer
Author(s): Pierre Chifflier
Date: 2009-09-10 21:42:05 UTC
mfrom: (1.2.2 upstream)
Revision ID: james.westby@ubuntu.com-20090910214205-neqgwq7y5nctaty7

Tags: 1.18-1

http://bugs.debian.org/545542

http://bugs.debian.org/533653

* New Upstream Version
This version has support for 2.6.31 (Closes: #545542)
* Bump standards version (no changes)
* Depend on quilt (Closes: #533653)

files added:
doc/README.psd

extensions/libxt_ACCOUNT.c

extensions/libxt_ACCOUNT.man

extensions/libxt_psd.c

extensions/libxt_psd.man

extensions/xt_ACCOUNT.c

extensions/xt_ACCOUNT.h

extensions/xt_psd.Kconfig

extensions/xt_psd.c

extensions/xt_psd.h

files modified:
Makefile.in

aclocal.m4

compile

config.guess

config.sub

configure

configure.ac

debian/changelog

debian/control

doc/changelog.txt

extensions/GNUmakefile.in

extensions/Kbuild

extensions/Mbuild

extensions/compat_skbuff.h

extensions/ipset/ip_set.c

extensions/ipset/ip_set_iptree.c

extensions/ipset/ip_set_iptreemap.c

extensions/ipset/ip_set_malloc.h

extensions/ipset/ip_set_setlist.c

extensions/ipset/ipset.8

extensions/ipset/ipset.c

extensions/libxt_quota2.c

extensions/xt_DELUDE.c

extensions/xt_TARPIT.c

extensions/xt_TEE.c

extensions/xt_quota2.c

extensions/xt_quota2.h

ltmain.sh

m4/libtool.m4

mconfig

missing

xtables-addons.8.in

Show diffs side-by-side

added added

removed removed

extensions/libxt_psd.c

Shared library add-on to iptables to add PSD support

This file is distributed under the terms of the GNU General Public

License (GPL). Copies of the GPL can be obtained from:

ftp://prep.ai.mit.edu/pub/gnu/GPL

2000-05-04 Markus Hennig <hennig@astaro.de> : initial

2000-08-18 Dennis Koslowski <koslowski@astaro.de> : first release

2000-12-01 Dennis Koslowski <koslowski@astaro.de> : UDP scans detection added

2001-02-04 Jan Rekorajski <baggins@pld.org.pl> : converted from target to match

2003-03-02 Harald Welte <laforge@netfilter.org>: fix 'storage' bug

2008-04-03 Mohd Nawawi <nawawi@tracenetworkcorporation.com>: update to 2.6.24 / 1.4 code

2008-06-24 Mohd Nawawi <nawawi@tracenetworkcorporation.com>: update to 2.6.24 / 1.4.1 code

2009-08-07 Mohd Nawawi Mohamad Jamili <nawawi@tracenetworkcorporation.com> : ported to xtables-addons

#include <stdbool.h>

#include <stdint.h>

#include <stdio.h>

#include <netdb.h>

#include <string.h>

#include <stdlib.h>

#include <syslog.h>

#include <getopt.h>

#include <xtables.h>

#include <linux/netfilter/x_tables.h>

#include "xt_psd.h"

/* Function which prints out usage message. */

static void psd_mt_help(void) {

printf(

"psd match options:\n"

" --psd-weight-threshold threshhold Portscan detection weight threshold\n"

" --psd-delay-threshold delay Portscan detection delay threshold\n"

" --psd-lo-ports-weight lo Privileged ports weight\n"

" --psd-hi-ports-weight hi High ports weight\n\n");

}

static const struct option psd_mt_opts[] = {

{.name = "psd-weight-threshold", .has_arg = true, .val = '1'},

{.name = "psd-delay-threshold", .has_arg = true, .val = '2'},

{.name = "psd-lo-ports-weight", .has_arg = true, .val = '3'},

{.name = "psd-hi-ports-weight", .has_arg = true, .val = '4'},

{NULL}

};

/* Initialize the target. */

static void psd_mt_init(struct xt_entry_match *match) {

struct xt_psd_info *psdinfo = (struct xt_psd_info *)match->data;

psdinfo->weight_threshold = SCAN_WEIGHT_THRESHOLD;

psdinfo->delay_threshold = SCAN_DELAY_THRESHOLD;

psdinfo->lo_ports_weight = PORT_WEIGHT_PRIV;

psdinfo->hi_ports_weight = PORT_WEIGHT_HIGH;

}

#define XT_PSD_OPT_CTRESH 0x01

#define XT_PSD_OPT_DTRESH 0x02

#define XT_PSD_OPT_LPWEIGHT 0x04

#define XT_PSD_OPT_HPWEIGHT 0x08

static int psd_mt_parse(int c, char **argv, int invert, unsigned int *flags,

const void *entry, struct xt_entry_match **match)

{

struct xt_psd_info *psdinfo = (struct xt_psd_info *)(*match)->data;

unsigned int num;

switch (c) {

/* PSD-weight-threshold */

case '1':

if (*flags & XT_PSD_OPT_CTRESH)

xtables_error(PARAMETER_PROBLEM,"Can't specify --psd-weight-threshold twice");

if (!xtables_strtoui(optarg, NULL, &num, 0, PSD_MAX_RATE))

xtables_error(PARAMETER_PROBLEM, "bad --psd-weight-threshold '%s'", optarg);

psdinfo->weight_threshold = num;

*flags |= XT_PSD_OPT_CTRESH;

return true;

/* PSD-delay-threshold */

case '2':

if (*flags & XT_PSD_OPT_DTRESH)

xtables_error(PARAMETER_PROBLEM, "Can't specify --psd-delay-threshold twice");

if (!xtables_strtoui(optarg, NULL, &num, 0, PSD_MAX_RATE))

xtables_error(PARAMETER_PROBLEM, "bad --psd-delay-threshold '%s'", optarg);

psdinfo->delay_threshold = num;

*flags |= XT_PSD_OPT_DTRESH;

return true;

/* PSD-lo-ports-weight */

case '3':

if (*flags & XT_PSD_OPT_LPWEIGHT)

xtables_error(PARAMETER_PROBLEM, "Can't specify --psd-lo-ports-weight twice");

if (!xtables_strtoui(optarg, NULL, &num, 0, PSD_MAX_RATE))

xtables_error(PARAMETER_PROBLEM, "bad --psd-lo-ports-weight '%s'", optarg);

psdinfo->lo_ports_weight = num;

*flags |= XT_PSD_OPT_LPWEIGHT;

return true;

100

101

/* PSD-hi-ports-weight */

102

case '4':

103

if (*flags & XT_PSD_OPT_HPWEIGHT)

104

xtables_error(PARAMETER_PROBLEM, "Can't specify --psd-hi-ports-weight twice");

105

if (!xtables_strtoui(optarg, NULL, &num, 0, PSD_MAX_RATE))

106

xtables_error(PARAMETER_PROBLEM, "bad --psd-hi-ports-weight '%s'", optarg);

107

psdinfo->hi_ports_weight = num;

108

*flags |= XT_PSD_OPT_HPWEIGHT;

109

return true;

110

}

111

return false;

112

}

113

114

/* Final check; nothing. */

115

static void psd_mt_final_check(unsigned int flags) {}

116

117

/* Prints out the targinfo. */

118

static void psd_mt_print(const void *ip, const struct xt_entry_match *match, int numeric)

119

{

120

const struct xt_psd_info *psdinfo = (const struct xt_psd_info *)match->data;

121

printf("psd ");

122

printf("weight-threshold: %u ", psdinfo->weight_threshold);

123

printf("delay-threshold: %u ", psdinfo->delay_threshold);

124

printf("lo-ports-weight: %u ", psdinfo->lo_ports_weight);

125

printf("hi-ports-weight: %u ", psdinfo->hi_ports_weight);

126

}

127

128

/* Saves the union ipt_targinfo in parsable form to stdout. */

129

static void psd_mt_save(const void *ip, const struct xt_entry_match *match)

130

{

131

const struct xt_psd_info *psdinfo = (const struct xt_psd_info *)match->data;

132

printf("--psd-weight-threshold %u ", psdinfo->weight_threshold);

133

printf("--psd-delay-threshold %u ", psdinfo->delay_threshold);

134

printf("--psd-lo-ports-weight %u ", psdinfo->lo_ports_weight);

135

printf("--psd-hi-ports-weight %u ", psdinfo->hi_ports_weight);

136

}

137

138

static struct xtables_match psd_mt_reg = {

139

.name = "psd",

140

.version = XTABLES_VERSION,

141

.revision = 1,

142

.family = PF_INET,

143

.size = XT_ALIGN(sizeof(struct xt_psd_info)),

144

.userspacesize = XT_ALIGN(sizeof(struct xt_psd_info)),

145

.help = psd_mt_help,

146

.init = psd_mt_init,

147

.parse = psd_mt_parse,

148

.final_check = psd_mt_final_check,

149

.print = psd_mt_print,

150

.save = psd_mt_save,

151

.extra_opts = psd_mt_opts,

152

};

153

154

static __attribute__((constructor)) void psd_mt_ldr(void)

155

{

156

xtables_register_match(&psd_mt_reg);

157

}

158

Older »