1 /* $Id: ssp_ipchains.h,v 2.5 2008/04/26 19:53:21 fknobbe Exp $ 2 * 3 * Copyright (c) 2002-2008 Hector Paterno <apaterno@dsnsecurity.com> 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 * 27 * 28 * ssp_ipchains.h 29 * 30 * Purpose: 31 * 32 * This SnortSam plugin is for a ipchains (Linux) firewall, 33 * SnortSam will expire the blocks itself since the ipchains does not 34 * have automatic time-out functionality. 35 * 36 * 37 */ 38 39 40 #ifdef Linux 41 42 #ifndef __SSP_IPCHAINS_H__ 43 #define __SSP_IPCHAINS_H__ 44 45 #include <net/if.h> 46 47 typedef struct _ipchdata /* List of ipchains firewalls */ 48 { char iface[10]; 49 u_int8_t logopt; 50 } IPCHDATA; 51 52 53 54 #define IP_FW_LABEL_INPUT "input" 55 #define IP_FW_LABEL_OUTPUT "output" 56 #define IP_FW_LABEL_BLOCK "DENY" 57 #define IP_FW_LABEL_REJECT "REJECT" 58 59 #define IP_FW_MAX_LABEL_LENGTH 8 60 typedef char ip_chainlabel[IP_FW_MAX_LABEL_LENGTH+1]; 61 62 #define IP_FW_BASE_CTL 64 63 #define IP_FW_APPEND (IP_FW_BASE_CTL) 64 #define IP_FW_DELETE (IP_FW_BASE_CTL+3) 65 66 struct ip_fw 67 { 68 struct in_addr fw_src, fw_dst; 69 struct in_addr fw_smsk, fw_dmsk; 70 u_int32_t fw_mark; 71 u_int16_t fw_proto; 72 u_int16_t fw_flg; 73 u_int16_t fw_invflg; 74 u_int16_t fw_spts[2]; 75 u_int16_t fw_dpts[2]; 76 u_int16_t fw_redirpt; 77 u_int16_t fw_outputsize; 78 char fw_vianame[IFNAMSIZ]; 79 u_int8_t fw_tosand, fw_tosxor; 80 } 81 ; 82 83 struct ip_fwuser 84 { 85 struct ip_fw ipfw; 86 ip_chainlabel label; 87 } 88 ; 89 90 struct ip_fwchange 91 { 92 struct ip_fwuser fwc_rule; 93 ip_chainlabel fwc_label; 94 } 95 ; 96 97 98 99 void IPCHParse(char *,char *,unsigned long,DATALIST *); 100 void IPCHBlock(BLOCKINFO *, void *,unsigned long qp); 101 102 #endif /* __SSP_IPCHAINS_H__ */ 103 #endif /* LINUX */ 104 105