1 #ifndef SANCP_H
2 #include "sancp.h"
3 #endif
4 /**************************************************************************
5  * *SA Network Connection Profiler [sancp] - A TCP/IP statistical/collection tool
6  * ************************************************************************
7  * * Copyright (C) 2003 John Curry <john.curry@metre.net>
8  * *
9  * * This program is distributed under the terms of version 1.0 of the
10  * * Q Public License.  See LICENSE.QPL for further details.
11  * *
12  * * This program is distributed in the hope that it will be useful,
13  * * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
15  * *
16  * ***********************************************************************/
17 
18 
19 /******************/
20 /*    retroactive */
21 //
22 //  traverses all active connections modifying
23 //  acl settings as applicable
24 //
25 /****************/
26 
retroactive(struct acl * myacl)27 void retroactive( struct acl *myacl) {
28         extern struct gvars gVars;
29  	struct cnx *tc;
30 	int t;
31 	char *ftmp=0;
32 	for( t = 0; t < HASH_KEYS; t++) {
33 		tc = gVars.cnx_head[t];
34 		while(tc) {
35 			if ( ( tc->h_proto<=myacl->h_proto_h) && ( tc->h_proto>=myacl->h_proto_l )
36 			&& ( ( tc->proto<=myacl->proto_h) && ( tc->proto>=myacl->proto_l )
37 			&& ( ( ( ntohs(tc->s_port)<=myacl->s_port_h ) && ( ntohs(tc->s_port)>=myacl->s_port_l )
38 			&& ( ( tc->s_ip & (myacl->s_ip&myacl->s_mask) ) ^ (myacl->s_ip&myacl->s_mask) )==0 ) )
39 		    	&& ( ( ntohs(tc->d_port)<=myacl->d_port_h ) && ( ntohs(tc->d_port)>=myacl->d_port_l )
40 		 	&& ( ( ( tc->d_ip & (myacl->d_ip&myacl->d_mask) ) ^ (myacl->d_ip&myacl->d_mask) )==0 )) ) ){
41 				tc->cmode=myacl->cmode;
42 				tc->pcap=myacl->pcap;
43 				tc->realtime=myacl->realtime;
44 				tc->stats=myacl->stats;
45 				tc->limit=myacl->limit;
46 				tc->timeout=myacl->timeout;
47 				tc->tcplag=myacl->tcplag;
48 				tc->status=myacl->status;
49 				tc->rid=myacl->rid;
50 
51 				if(myacl->pmode==OMODE_UNIQ)
52 				{
53 					if(tc->fH){ tc->fH->destroy(); tc->fH=0; }
54 
55 					ftmp=createPcapFileName(tc);
56 					tc->fH= new pcapFileHandle(ftmp);
57 					free(ftmp);
58 				}else{
59 					if(myacl->fH){
60 						if(tc->fH){ tc->fH->destroy(); tc->fH=0; }
61 						tc->fH=myacl->fH->attach();
62 					}
63 				}
64 #ifdef DEBUG
65 				if(tc->fH){ fprintf(stderr,"retro cnx logging to %s\n",tc->fH->getFileName()); }
66 #endif
67 				tc->retro=true;
68 				myacl->ctr++;
69 				if(tc->realtime) {
70                                 	record(tc,gVars.rfH);
71 	                        }
72 			}
73 tc=tc->next;
74 		}
75 	}
76 }
77 
78 /****************/
79 /*  apply_rule  */
80 /****************/
apply_rule(struct cnx * nc)81 void apply_rule(struct cnx *nc) {
82 	extern struct gvars gVars;
83 	struct acl* myacl;
84 	myacl=gVars.acl_head;
85 	while(myacl!=NULL){
86 		if( ( nc->h_proto<=myacl->h_proto_h) && ( nc->h_proto>=myacl->h_proto_l) &&
87 		( (nc->proto<=myacl->proto_h) && ( nc->proto>=myacl->proto_l )
88 		&& ( ( ( nc->s_ip & (myacl->s_ip&myacl->s_mask) ) ^ (myacl->s_ip&myacl->s_mask) )==0 )
89 	    	&& ( ( ntohs(nc->s_port)<=myacl->s_port_h ) && ( ntohs(nc->s_port)>=myacl->s_port_l ) )
90 	 	&& ( ( ( nc->d_ip & (myacl->d_ip&myacl->d_mask) ) ^ (myacl->d_ip&myacl->d_mask) )==0 )
91 	    	&& ( ( ntohs(nc->d_port)<=myacl->d_port_h ) && ( ntohs(nc->d_port)>=myacl->d_port_l )))){
92 			if(myacl->pmode==OMODE_UNIQ)
93 			{
94 				if(nc->fH){ nc->fH->destroy(); nc->fH=0; }
95 				nc->fH = new pcapFileHandle(createPcapFileName(nc));
96 			}else{
97 				if(myacl->fH)
98 				{
99 					if(nc->fH){ nc->fH->destroy(); nc->fH=0; }
100 					nc->fH = myacl->fH->attach();
101 				}
102 			}
103 			nc->cmode=myacl->cmode;
104 			nc->pcap=myacl->pcap;
105 			nc->realtime=myacl->realtime;
106 			nc->stats=myacl->stats;
107 			nc->limit=myacl->limit;
108 			nc->timeout=myacl->timeout;
109 			nc->tcplag=myacl->tcplag;
110 			nc->status=myacl->status;
111 			nc->rid=myacl->rid;
112 			nc->rgid=myacl->rgid;
113 			nc->zone=myacl->zone;
114 			nc->node=myacl->node;
115 			myacl->ctr++;
116 			return;
117 		}
118 		myacl=myacl->next;
119 	}
120 	// Perform default collect any non-matches
121 	if(gVars.pfH){
122 		if(nc->fH){ nc->fH->destroy(); nc->fH=0; }
123 		nc->fH=gVars.pfH->attach();
124 	}
125 	nc->stats=gVars.smode?1:0;
126 	nc->pcap=gVars.pmode?1:0;
127 	nc->realtime=gVars.rmode?1:0;
128 	nc->limit=gVars.default_limit;
129 	nc->status=gVars.default_status;
130 	nc->timeout=gVars.default_timeout;
131 	nc->tcplag=gVars.default_tcplag;
132 	nc->node=gVars.default_node;
133 	gVars.default_ctr++;
134 #ifdef DEBUG
135 	printf("Setting stats: %d  pcap: %d realtime: %d limit: %d timeout: %d tcplag: %d\n", nc->stats, nc->pcap, nc->realtime, nc->limit, nc->timeout, nc->tcplag);
136 #endif
137 	return;
138 }
139