1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)ip_fil.h 1.35 6/5/96
* $Id$
*/
typedef struct ipmon_msg_s {
int imm_msglen;
char *imm_msg;
int imm_dsize;
void *imm_data;
time_t imm_when;
int imm_loglevel;
} ipmon_msg_t;
typedef void (*ims_destroy_func_t)(void *);
typedef void *(*ims_dup_func_t)(void *);
typedef int (*ims_match_func_t)(void *, void *);
typedef void *(*ims_parse_func_t)(char **);
typedef void (*ims_print_func_t)(void *);
typedef int (*ims_store_func_t)(void *, ipmon_msg_t *);
typedef struct ipmon_saver_s {
char *ims_name;
ims_destroy_func_t ims_destroy;
ims_dup_func_t ims_dup;
ims_match_func_t ims_match;
ims_parse_func_t ims_parse;
ims_print_func_t ims_print;
ims_store_func_t ims_store;
} ipmon_saver_t;
typedef struct ipmon_saver_int_s {
struct ipmon_saver_int_s *imsi_next;
ipmon_saver_t *imsi_stor;
void *imsi_handle;
} ipmon_saver_int_t;
typedef struct ipmon_doing_s {
struct ipmon_doing_s *ipmd_next;
void *ipmd_token;
ipmon_saver_t *ipmd_saver;
/*
* ipmd_store is "cached" in this structure to avoid a double
* deref when doing saves....
*/
int (*ipmd_store)(void *, ipmon_msg_t *);
} ipmon_doing_t;
typedef struct ipmon_action {
struct ipmon_action *ac_next;
int ac_mflag; /* collection of things to compare */
int ac_dflag; /* flags to compliment the doing fields */
int ac_logpri;
int ac_direction;
char ac_group[FR_GROUPLEN];
char ac_nattag[16];
u_32_t ac_logtag;
int ac_type; /* nat/state/ipf */
int ac_proto;
int ac_rule;
int ac_packet;
int ac_second;
int ac_result;
u_32_t ac_sip;
u_32_t ac_smsk;
u_32_t ac_dip;
u_32_t ac_dmsk;
u_short ac_sport;
u_short ac_dport;
char *ac_iface;
/*
* used with ac_packet/ac_second
*/
struct timeval ac_last;
int ac_pktcnt;
/*
* What to do with matches
*/
ipmon_doing_t *ac_doing;
} ipmon_action_t;
#define ac_lastsec ac_last.tv_sec
#define ac_lastusec ac_last.tv_usec
/*
* Flags indicating what fields to do matching upon (ac_mflag).
*/
#define IPMAC_DIRECTION 0x0001
#define IPMAC_DSTIP 0x0002
#define IPMAC_DSTPORT 0x0004
#define IPMAC_EVERY 0x0008
#define IPMAC_GROUP 0x0010
#define IPMAC_INTERFACE 0x0020
#define IPMAC_LOGTAG 0x0040
#define IPMAC_NATTAG 0x0080
#define IPMAC_PROTOCOL 0x0100
#define IPMAC_RESULT 0x0200
#define IPMAC_RULE 0x0400
#define IPMAC_SRCIP 0x0800
#define IPMAC_SRCPORT 0x1000
#define IPMAC_TYPE 0x2000
#define IPMAC_WITH 0x4000
#define IPMR_BLOCK 1
#define IPMR_PASS 2
#define IPMR_NOMATCH 3
#define IPMR_LOG 4
#define IPMON_SYSLOG 0x001
#define IPMON_RESOLVE 0x002
#define IPMON_HEXBODY 0x004
#define IPMON_HEXHDR 0x010
#define IPMON_TAIL 0x020
#define IPMON_VERBOSE 0x040
#define IPMON_NAT 0x080
#define IPMON_STATE 0x100
#define IPMON_FILTER 0x200
#define IPMON_PORTNUM 0x400
#define IPMON_LOGALL (IPMON_NAT|IPMON_STATE|IPMON_FILTER)
#define IPMON_LOGBODY 0x800
#define HOSTNAME_V4(a,b) hostname((a), 4, (u_32_t *)&(b))
#ifndef LOGFAC
#define LOGFAC LOG_LOCAL0
#endif
extern void dump_config __P((void));
extern int load_config __P((char *));
extern void unload_config __P((void));
extern void dumphex __P((FILE *, int, char *, int));
extern int check_action __P((char *, char *, int, int));
extern char *getword __P((int));
extern void *add_doing __P((ipmon_saver_t *));
|