@@ -1,8 +1,29 @@ #ifndef LOCAL_PACKETBL_H # define LOCAL_PACKETBL_H +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + # ifdef HAVE_CONFIG_H # include "config.h" # endif # ifdef USE_SOCKSTAT @@ -9,6 +30,164 @@ # ifndef SOCKSTAT_PATH # define SOCKSTAT_PATH "/tmp/.packetbl.sock" # endif # endif + +#ifdef USE_SOCKSTAT +#include +#include +#include +#endif + +#ifdef HAVE_FIREDNS +#include +#endif + +#ifndef BUFFERSIZE +#define BUFFERSIZE 65536 +#endif +#ifdef USE_CACHE +# ifndef USE_CACHE_DEF_LEN +# define USE_CACHE_DEF_LEN 8192 +# endif +# ifndef USE_CACHE_DEF_TTL +# define USE_CACHE_DEF_TTL 3600 +# endif +#endif + +# define TH_FIN 0x01 +# define TH_SYN 0x02 +# define TH_RST 0x04 +# define TH_PUSH 0x08 +# define TH_ACK 0x10 +# define TH_URG 0x20 + +# define SET_VERDICT nfq_set_verdict +# define PBL_HANDLE nfq_q_handle +# define PBL_SET_MODE nfq_set_mode +# define PBL_COPY_PACKET NFQNL_COPY_PACKET +# define PBL_ID_T u_int32_t +# define PBL_ERRSTR "" + +#define DEBUG(x, y) if (conf.debug >= x) { printf(y "\n"); } +#define INVALID_OCTET(x) x < 0 || x > 255 + +struct packet_info { + + uint8_t b1; + uint8_t b2; + uint8_t b3; + uint8_t b4; + + unsigned int s_port; + unsigned int d_port; + + int flags; +}; + +struct cidr { + + uint32_t ip; + uint32_t network; + uint32_t processed; /* network, but as a bitmask */ + +}; + +struct config_entry { + + char *string; + struct config_entry *next; + struct packet_info ip; + struct cidr cidr; + +}; + +char msgbuf[BUFFERSIZE]; + +struct config { + int allow_non25; + int allow_nonsyn; + int default_accept; + int dryrun; + int log_facility; + int queueno; + int quiet; + int debug; + struct config_entry *blacklistbl; + struct config_entry *whitelistbl; + struct config_entry *blacklist; + struct config_entry *whitelist; +}; + +static struct config conf = { 0, 0, 1, 0, LOG_DAEMON, 1, 0, 0, NULL, NULL, NULL, NULL }; + +struct pbl_stat_info { + uint32_t cacheaccept; + uint32_t cachereject; + uint32_t whitelistblhits; + uint32_t blacklistblhits; + uint32_t whitelisthits; + uint32_t blacklisthits; + uint32_t fallthroughhits; + uint32_t totalpackets; +}; +static struct pbl_stat_info statistics = { 0, 0, 0, 0, 0, 0, 0 }; + +#ifdef USE_CACHE +struct packet_cache_t { + uint32_t ipaddr; + time_t expires; + int action; +}; +struct packet_cache_t *packet_cache = NULL; +uint32_t packet_cache_len = USE_CACHE_DEF_LEN; +uint16_t packet_cache_ttl = USE_CACHE_DEF_TTL; +#endif + +struct config_entry *hostlistcache = NULL; + +int get_packet_info(char *payload, struct packet_info *ip); + +int check_packet_list(const struct packet_info *ip, struct config_entry *list); +int check_packet_dnsbl(const struct packet_info *ip, struct config_entry *list); +int parse_cidr(struct config_entry *ce); +/* int validate_blacklist(char *); */ +void parse_config(void); +void parse_arguments(int argc, char **argv); +void pbl_init_sockstat(void); +static void get_ip_string(const struct packet_info *ip); +static void pbl_set_verdict(struct PBL_HANDLE *h, PBL_ID_T id, + unsigned int verdict); + +static int pbl_callback(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, + struct nfq_data *nfa, void *data); + +typedef struct facility { + char *string; + int num; +} facility; + +static struct facility facenum[] = { + {"auth", LOG_AUTH}, + {"authpriv", LOG_AUTHPRIV}, + {"cron", LOG_CRON}, + {"daemon", LOG_DAEMON}, + {"kern", LOG_KERN}, + {"lpr", LOG_LPR}, + {"mail", LOG_MAIL}, + {"news", LOG_NEWS}, + {"syslog", LOG_SYSLOG}, + {"user", LOG_USER}, + {"uucp", LOG_UUCP}, + {"local0", LOG_LOCAL0}, + {"local1", LOG_LOCAL1}, + {"local2", LOG_LOCAL2}, + {"local3", LOG_LOCAL3}, + {"local4", LOG_LOCAL4}, + {"local5", LOG_LOCAL5}, + {"local6", LOG_LOCAL6}, + {"local7", LOG_LOCAL7}, + NULL +}; + #endif