1 /* $Id: ssp_ipchains.h,v 2.5 2008/04/26 19:53:21 fknobbe Exp $
2  *
3  * Copyright (c) 2002-2008 Hector Paterno <apaterno@dsnsecurity.com>
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25  * SUCH DAMAGE.
26  *
27  *
28  * ssp_ipchains.h
29  *
30  * Purpose:
31  *
32  * This SnortSam plugin is for a ipchains (Linux) firewall,
33  * SnortSam will expire the blocks itself since the ipchains does not
34  * have automatic time-out functionality.
35  *
36  *
37  */
38 
39 
40 #ifdef Linux
41 
42 #ifndef		__SSP_IPCHAINS_H__
43 #define		__SSP_IPCHAINS_H__
44 
45 #include <net/if.h>
46 
47 typedef struct _ipchdata				/* List of ipchains firewalls */
48 {	char iface[10];
49 	u_int8_t logopt;
50 }	IPCHDATA;
51 
52 
53 
54 #define IP_FW_LABEL_INPUT       "input"
55 #define IP_FW_LABEL_OUTPUT      "output"
56 #define IP_FW_LABEL_BLOCK       "DENY"
57 #define IP_FW_LABEL_REJECT      "REJECT"
58 
59 #define IP_FW_MAX_LABEL_LENGTH 8
60 typedef char ip_chainlabel[IP_FW_MAX_LABEL_LENGTH+1];
61 
62 #define IP_FW_BASE_CTL          64
63 #define IP_FW_APPEND            (IP_FW_BASE_CTL)
64 #define IP_FW_DELETE            (IP_FW_BASE_CTL+3)
65 
66 struct ip_fw
67 {
68            struct in_addr fw_src, fw_dst;
69            struct in_addr fw_smsk, fw_dmsk;
70            u_int32_t fw_mark;
71            u_int16_t fw_proto;
72            u_int16_t fw_flg;
73            u_int16_t fw_invflg;
74            u_int16_t fw_spts[2];
75            u_int16_t fw_dpts[2];
76            u_int16_t fw_redirpt;
77            u_int16_t fw_outputsize;
78            char      fw_vianame[IFNAMSIZ];
79            u_int8_t  fw_tosand, fw_tosxor;
80 }
81 ;
82 
83 struct ip_fwuser
84 {
85            struct ip_fw ipfw;
86            ip_chainlabel label;
87 }
88 ;
89 
90 struct ip_fwchange
91 {
92            struct ip_fwuser fwc_rule;
93            ip_chainlabel fwc_label;
94 }
95 ;
96 
97 
98 
99 void IPCHParse(char *,char *,unsigned long,DATALIST *);
100 void IPCHBlock(BLOCKINFO *, void *,unsigned long qp);
101 
102 #endif /* __SSP_IPCHAINS_H__ */
103 #endif /* LINUX */
104 
105