/*! mod_yesno
\param[in] args, struct that contain the node and the datas to process
*
\param[out] set result to 1 when 'arg' is "yes", 0 otherwise
*/
mod_result_t mod_yesno(struct mod_args *args) {
printdbg("%s Module called\n", H(args->pkt->conn->id));
int *param;
if ((param = (int *) g_hash_table_lookup(args->node->config, "value"))
== NULL) {
/*! We can't decide */
printdbg("%s mandatory argument 'value' undefined!\n",
H(args->pkt->conn->id));
return DEFER;
}
if (0 == *param) {
/*! We accept this packet */
printdbg("%s PACKET MATCH RULE for yesno(%d)\n", H(args->pkt->conn->id),
*param);
return ACCEPT;
} else {
/*! We reject this packet */
printdbg("%s PACKET DOES NOT MATCH RULE for yesno(%d)\n",
H(args->pkt->conn->id), *param);
return REJECT;
}
}
void test_para(void)
{
int i,j;
for(j=1;j<8;j++){
for(i=0;i<sizeof cctest;i++)
cctest[i]=(i/3+j);
para_writeflash_bin(j,cctest,sizeof cctest);
}
for(j=1;j<8;j++){
memset(cctest,0,sizeof cctest);
para_readflash_bin(j,cctest,sizeof cctest);
for(i=0;i<sizeof cctest;i++)
if(cctest[i]!=(unsigned char)(i/3+j))
break;
if(i!=sizeof cctest)
printdbg(PRINT_NORMAL,"err\n");
}
for(j=1;j<8;j++)
para_rm(j);
for(j=1;j<8;j++){
memset(cctest,0,sizeof cctest);
para_readflash_bin(j,cctest,sizeof cctest);
for(i=0;i<sizeof cctest;i++)
if(cctest[i]!=(unsigned char)(i/3+j))
break;
if(i!=sizeof cctest)
printdbg(PRINT_NORMAL,"err\n");
}
}
void test_fre(void)
{
unsigned int i,j,k,h;
dbtime_t dbtime;
utime_t time1 = 3600*24*365*10;
utime_t time2=time1;
unsigned char cn1,cn2,testbuf[36];
cn1=cn2=0;
while(1)
{
for(j=0;j<tpoint[TN];j++){
time1+=3600;
time_to_dbtime(&dbtime,time1);
cn1 = 0;
for(k=0;k<64;k++){
cn1++;
memset(testbuf,cn1,sizeof testbuf);
db_writefalsh_bin(TN,k,testbuf,sizeof testbuf,dbtime);
delay_us(10000);
}
}
utime_t time1 = 3600*24*365*10;
for(j=0;j<tpoint[TN];j++){
time1+=3600;
time_to_dbtime(&dbtime,time1);
cn1=0;
for(k=0;k<64;k++){
cn1++;
memset(testbuf,0,sizeof testbuf);
db_readfalsh_bin(TN,k,testbuf,sizeof testbuf,dbtime);
for(h=0;h<sizeof testbuf;h++)
if(testbuf[h]!=cn1)
break;
if(h==sizeof testbuf)
printdbg(PRINT_NORMAL,"day freeze test day:%d,meter:%d ok\n",time2/24/3600,i);
else
printdbg(PRINT_NORMAL,"day freeze test day:%d,meter:%d err\n",time2/24/3600,i);
delay_us(20000);
}
}
}
}
/*! mod_source
\brief check if the source IP has already been seen in a prior connection
Parameters required:
function = hash;
backup = /etc/honeybrid/source.tb
\param[in] args, struct that contain the node and the data to process
\param[in] user_data, not used
*
\param[out] set result to 0 if attacker ip is found in search table, 1 if not
*/
mod_result_t mod_source(struct mod_args *args) {
printdbg("%s Module called\n", H(args->pkt->conn->id));
mod_result_t result = DEFER;
int expiration = 24 * 3600;
gchar *backup_file;
char *key_src;
gchar **info;
GKeyFile *backup;
GTimeVal t;
g_get_current_time(&t);
gint now = (t.tv_sec);
/*! get the IP address from the packet */
key_src = g_malloc0(snprintf(NULL, 0, "%u", args->pkt->packet.ip->saddr) + 1);
sprintf(key_src, "%u", args->pkt->packet.ip->saddr);
printdbg("%s source IP is %s\n", H(args->pkt->conn->id), key_src);
/*! get the backup file for this module */
if (NULL
== (backup = (GKeyFile *) g_hash_table_lookup(args->node->config,
"backup"))) {
/*! We can't decide */
printdbg("%s mandatory argument 'backup' undefined!\n",
H(args->pkt->conn->id));
return result;
}
/*! get the backup file path for this module */
if (NULL
== (backup_file = (gchar *) g_hash_table_lookup(args->node->config,
"backup_file"))) {
/*! We can't decide */
printdbg("%s error, backup file path missing\n",
H(args->pkt->conn->id));
return result;
}
printdbg("%s searching for this IP in the database...\n",
H(args->pkt->conn->id));
if (NULL == (info = g_key_file_get_string_list(backup, "source", /* generic group name \todo: group by port number? */
key_src, NULL, NULL))) {
/*! Unknown IP, so we accept the packet */
result = ACCEPT;
printdbg("%s IP not found... packet accepted and new entry created\n",
H(args->pkt->conn->id));
info = malloc(3 * sizeof(char *));
/*! 20 characters should be enough to hold even very large numbers */
info[0] = malloc(20 * sizeof(gchar));
info[1] = malloc(20 * sizeof(gchar));
info[2] = malloc(20 * sizeof(gchar));
g_snprintf(info[0], 20, "1"); /*! counter */
g_snprintf(info[1], 20, "%d", now); /*! first seen */
g_snprintf(info[2], 20, "0"); /*! duration */
} else {
/*! We check if we need to expire this entry */
int age = atoi(info[2]);
if (age > expiration) {
/*! Known IP but entry expired, so we accept the packet */
result = ACCEPT;
printdbg(
"%s IP found but expired... packet accepted and entry renewed\n",
H(args->pkt->conn->id));
g_snprintf(info[0], 20, "1"); /*! counter */
g_snprintf(info[1], 20, "%d", now); /*! first seen */
g_snprintf(info[2], 20, "0"); /*! duration */
} else {
/*! Known IP, so we reject the packet */
result = REJECT;
printdbg("%s IP found... packet rejected and entry updated\n",
H(args->pkt->conn->id));
g_snprintf(info[0], 20, "%d", atoi(info[0]) + 1); /*! counter */
g_snprintf(info[2], 20, "%d", now - atoi(info[1])); /*! duration */
}
}
g_key_file_set_string_list(backup, "source", key_src,
(const gchar * const *) info, 3);
save_backup(backup, backup_file);
/*! clean and exit */
free(key_src);
return result;
}
/*! control
\brief calculate the number of packets sent by a same source over a given period of time. If too many packets are sent, following packets are rejected
Parameters required:
function = hash;
backup = /etc/honeybrid/control.tb
expiration = 600
max_packet = 1000
\param[in] pkts, struct that contain the packet to control
\param[out] set result to 1 if rate limit reached, 0 otherwise
*/
mod_result_t mod_control(struct mod_args *args) {
gchar *backup_file;
if (args->pkt == NULL) {
printdbg("%s Error, NULL packet\n", H(6));
return REJECT;
}
printdbg("%s Module called\n", H(args->pkt->conn->id));
mod_result_t result = DEFER;
int expiration;
int max_packet;
gchar *param;
gchar **info;
GKeyFile *backup;
GTimeVal t;
g_get_current_time(&t);
gint now = (t.tv_sec);
char src[INET_ADDRSTRLEN];
inet_ntop(AF_INET, &(args->pkt->packet.ip->saddr), src, INET_ADDRSTRLEN);
/*! get the backup file for this module */
if (NULL
== (backup = (GKeyFile *) g_hash_table_lookup(args->node->config,
"backup"))) {
/*! We can't decide */
printdbg("%s mandatory argument 'backup' undefined!\n",
H(args->pkt->conn->id));
return result;
}
/*! get the backup file path for this module */
if (NULL
== (backup_file = (gchar *) g_hash_table_lookup(args->node->config,
"backup_file"))) {
/*! We can't decide */
printdbg("%s error, backup file path missing\n",
H(args->pkt->conn->id));
return result;
}
/*! get control parameters */
if (NULL
== (param = (gchar *) g_hash_table_lookup(args->node->config,
"expiration"))) {
/*! no value set for expiration, we go with the default one */
expiration = 600;
} else {
expiration = atoi(param);
}
if (NULL
== (param = (gchar *) g_hash_table_lookup(args->node->config,
"max_packet"))) {
/*! no value set for expiration, we go with the default one */
max_packet = 1000;
} else {
max_packet = atoi(param);
}
if (NULL == (info = g_key_file_get_string_list(backup, "source", /* generic group name \todo: group by port number? */
src, NULL, NULL))) {
printdbg("%s IP not found... new entry created\n",
H(args->pkt->conn->id));
info = malloc(3 * sizeof(char *));
/*! 20 characters should be enough to hold even very large numbers */
info[0] = malloc(20 * sizeof(gchar));
info[1] = malloc(20 * sizeof(gchar));
info[2] = malloc(20 * sizeof(gchar));
g_snprintf(info[0], 20, "1"); /*! counter */
g_snprintf(info[1], 20, "%d", now); /*! first seen */
g_snprintf(info[2], 20, "0"); /*! duration */
} else {
/*! We check if we need to expire this entry */
int age = atoi(info[2]);
if (age > expiration) {
printdbg("%s IP found but expired... entry renewed\n",
H(args->pkt->conn->id));
g_snprintf(info[0], 20, "1"); /*! counter */
g_snprintf(info[1], 20, "%d", now); /*! first seen */
g_snprintf(info[2], 20, "0"); /*! duration */
} else {
printdbg("%s IP found... entry updated\n", H(args->pkt->conn->id));
g_snprintf(info[0], 20, "%d", atoi(info[0]) + 1); /*! counter */
g_snprintf(info[2], 20, "%d", now - atoi(info[1])); /*! duration */
}
}
if (atoi(info[0]) > max_packet) {
printdbg("%s Rate limit reached! Packet rejected\n",
H(args->pkt->conn->id));
result = REJECT;
} else {
printdbg("%s Rate limit not reached. Packet accepted\n",
H(args->pkt->conn->id));
result = ACCEPT;
}
g_key_file_set_string_list(backup, "source", src,
(const gchar * const *) info, 3);
save_backup(backup, backup_file);
return result;
}