summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/Makefile3
-rw-r--r--src/mandi_daemon.c2
-rw-r--r--src/plugins/ifw_listen/ifw_listen.h18
-rw-r--r--src/plugins/ifw_listen/ifw_listen_dbus.c21
-rw-r--r--src/plugins/ifw_listen/ifw_listen_dbus.h9
-rw-r--r--src/plugins/ifw_listen/libnl_ifw.c62
-rw-r--r--src/plugins/ifw_listen/libnl_ifw.h35
-rw-r--r--src/plugins/ifw_listen/list.h155
-rw-r--r--src/plugins/ifw_listen/plugin.c110
-rw-r--r--src/plugins/ifw_listen/report_list.c87
-rw-r--r--src/plugins/ifw_listen/report_list.h24
11 files changed, 526 insertions, 0 deletions
diff --git a/src/Makefile b/src/Makefile
index ba8b1c8..322c502 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -11,8 +11,11 @@ DAEMON_TARGET = mandi
DAEMON_OBJS += $(addprefix plugins/wireless/,plugin.o wpa_ctrl.o)
#CFLAGS += -DIFW_FAKE
+#CFLAGS += -DIFW_LISTEN_FAKE
DAEMON_OBJS += $(addprefix plugins/ifw/,plugin.o ifw_dbus.o ipset.o white_list.o black_list.o report_list.o libnl_ifw.o)
+DAEMON_OBJS += $(addprefix plugins/ifw_listen/,plugin.o ifw_listen_dbus.o)
+
all: $(DAEMON_TARGET)
.c.o:
diff --git a/src/mandi_daemon.c b/src/mandi_daemon.c
index 222025e..4b82c2f 100644
--- a/src/mandi_daemon.c
+++ b/src/mandi_daemon.c
@@ -25,9 +25,11 @@ typedef struct {
extern plugin_t wpa_supplicant_plugin;
extern plugin_t ifw_plugin;
+extern plugin_t ifw_listen_plugin;
plugin_t *plugins[] = {
&wpa_supplicant_plugin,
&ifw_plugin,
+ &ifw_listen_plugin,
NULL,
};
diff --git a/src/plugins/ifw_listen/ifw_listen.h b/src/plugins/ifw_listen/ifw_listen.h
new file mode 100644
index 0000000..89c75fb
--- /dev/null
+++ b/src/plugins/ifw_listen/ifw_listen.h
@@ -0,0 +1,18 @@
+#ifndef IFW_LISTEN_H
+#define IFW_LISTEN_H
+
+#include <sys/types.h>
+#include "plugin.h"
+
+#define IFW_LISTEN_DBUS_PATH PLUGIN_ROOT_PATH "/ifw2"
+#define IFW_LISTEN_DBUS_INTERFACE PLUGIN_ROOT_INTF ".ifw2"
+
+typedef struct {
+ char program[32];
+ u_int16_t port;
+} msg_listen_t;
+
+typedef struct {
+} ifw_listen_t;
+
+#endif /* IFW_LISTEN_H */
diff --git a/src/plugins/ifw_listen/ifw_listen_dbus.c b/src/plugins/ifw_listen/ifw_listen_dbus.c
new file mode 100644
index 0000000..d98d6f7
--- /dev/null
+++ b/src/plugins/ifw_listen/ifw_listen_dbus.c
@@ -0,0 +1,21 @@
+#include <stdio.h>
+
+#include "ifw_listen_dbus.h"
+
+void ifw_listen_dbus_notify_listen(DBusConnection *bus, msg_listen_t *listen) {
+ DBusMessage *message;
+
+ message = dbus_message_new_signal(IFW_LISTEN_DBUS_PATH,
+ IFW_LISTEN_DBUS_INTERFACE,
+ "Listen");
+ char *program = listen->program;
+ dbus_message_append_args(message,
+ DBUS_TYPE_STRING,
+ &program,
+ DBUS_TYPE_UINT32,
+ &listen->port,
+ DBUS_TYPE_INVALID);
+ dbus_connection_send(bus, message, NULL);
+ dbus_connection_flush(bus);
+ dbus_message_unref(message);
+}
diff --git a/src/plugins/ifw_listen/ifw_listen_dbus.h b/src/plugins/ifw_listen/ifw_listen_dbus.h
new file mode 100644
index 0000000..a5f817d
--- /dev/null
+++ b/src/plugins/ifw_listen/ifw_listen_dbus.h
@@ -0,0 +1,9 @@
+#ifndef IFW_LISTEN_DBUS_H
+#define IFW_LISTEN_DBUS_H
+
+#include <dbus/dbus.h>
+#include "ifw_listen.h"
+
+void ifw_listen_dbus_notify_listen(DBusConnection *bus, msg_listen_t *listen);
+
+#endif /* IFW_LISTEN_DBUS_H */
diff --git a/src/plugins/ifw_listen/libnl_ifw.c b/src/plugins/ifw_listen/libnl_ifw.c
new file mode 100644
index 0000000..bb41363
--- /dev/null
+++ b/src/plugins/ifw_listen/libnl_ifw.c
@@ -0,0 +1,62 @@
+/* nl_create_socket(), nl_bind_socket() and nl_read_msg()
+ * for Interactive Firewall
+ * sbellabes@mandriva.com
+ */
+
+
+#include <asm/types.h>
+#include <sys/socket.h>
+#include <string.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <stdio.h>
+
+#include "libnl_ifw.h"
+
+int nl_ifw_bind_socket(int s) {
+ struct sockaddr_nl saddr_nl;
+ int res;
+
+ memset(&saddr_nl, 0, sizeof(struct sockaddr_nl));
+ saddr_nl.nl_family = AF_NETLINK;
+ saddr_nl.nl_pid = getpid();
+ saddr_nl.nl_groups = 10;
+
+ res = bind(s, (struct sockaddr *)&saddr_nl, sizeof(saddr_nl));
+ if (res == -1) {
+ perror("nl_bind_socket");
+ return -1;
+ }
+ return 1;
+}
+
+int nl_ifw_create_socket(void) {
+ int s;
+
+ s = socket(PF_NETLINK, SOCK_RAW, NETLINK_IFWLOG);
+ if (s < 0) {
+ perror("nl_create_socket");
+ return -1;
+ }
+
+ if (nl_ifw_bind_socket(s) < 0) {
+ close(s);
+ fprintf(stderr, "bind failed\n");
+ return -1;
+ }
+
+ return s;
+}
+
+int nl_ifw_read_msg(int s, struct nlmsghdr *nlh, struct nl_msg *msg) {
+ char buf[sizeof(struct nlmsghdr) + sizeof(struct nl_msg)];
+ int ret;
+
+ ret = recv(s, &buf, sizeof(buf), 0);
+ if (ret > 0) {
+ if (nlh) memcpy(nlh, buf, sizeof(struct nlmsghdr));
+ if (msg) memcpy(msg, NLMSG_DATA(buf), sizeof(struct nl_msg));
+ }
+
+ return ret;
+}
diff --git a/src/plugins/ifw_listen/libnl_ifw.h b/src/plugins/ifw_listen/libnl_ifw.h
new file mode 100644
index 0000000..896d05c
--- /dev/null
+++ b/src/plugins/ifw_listen/libnl_ifw.h
@@ -0,0 +1,35 @@
+/*
+ * libnl_ifw.h
+ */
+
+#ifndef _LIBNL_IFW_H
+#define _LIBNL_IFW_H
+
+#include <netinet/in.h>
+#include <netinet/ip.h>
+#include <netinet/tcp.h>
+#include <netinet/udp.h>
+#include <linux/if.h>
+#include <linux/netlink.h>
+
+#define NETLINK_IFWLOG 19
+
+#define PREFSIZ 32
+
+struct nl_msg { /* Netlink kernel to user message */
+ long timestamp_sec; /* time packet */
+ char indev_name[IFNAMSIZ]; /* name of the ingoing interface */
+ char outdev_name[IFNAMSIZ]; /* name of the outgoing interface */
+ unsigned char prefix[PREFSIZ]; /* logging informations */
+ struct iphdr ip;
+ union {
+ struct tcphdr th;
+ struct udphdr uh;
+ } h;
+};
+
+int nl_ifw_bind_socket(int s);
+int nl_ifw_create_socket(void);
+int nl_ifw_read_msg(int s, struct nlmsghdr *nlh, struct nl_msg *msg);
+
+#endif /* !_LIBNL_IFW_H */
diff --git a/src/plugins/ifw_listen/list.h b/src/plugins/ifw_listen/list.h
new file mode 100644
index 0000000..1b55f95
--- /dev/null
+++ b/src/plugins/ifw_listen/list.h
@@ -0,0 +1,155 @@
+#ifndef LIST_H
+#define LIST_H
+
+/* borrowed from kernel header linux/list.h */
+
+#define LIST_POISON1 ((void *) 0x00100100)
+#define LIST_POISON2 ((void *) 0x00200200)
+
+/*
+ * Simple doubly linked list implementation.
+ *
+ * Some of the internal functions ("__xxx") are useful when
+ * manipulating whole lists rather than single entries, as
+ * sometimes we already know the next/prev entries and we can
+ * generate better code by using them directly rather than
+ * using the generic single-entry routines.
+ */
+
+struct list_head {
+ struct list_head *next, *prev;
+};
+
+#define LIST_HEAD_INIT(name) { &(name), &(name) }
+
+#define LIST_HEAD(name) \
+ struct list_head name = LIST_HEAD_INIT(name)
+
+#define INIT_LIST_HEAD(ptr) do { \
+ (ptr)->next = (ptr); (ptr)->prev = (ptr); \
+} while (0)
+
+/*
+ * Insert a new entry between two known consecutive entries.
+ *
+ * This is only for internal list manipulation where we know
+ * the prev/next entries already!
+ */
+static inline void __list_add(struct list_head *new,
+ struct list_head *prev,
+ struct list_head *next)
+{
+ next->prev = new;
+ new->next = next;
+ new->prev = prev;
+ prev->next = new;
+}
+
+/**
+ * list_add - add a new entry
+ * @new: new entry to be added
+ * @head: list head to add it after
+ *
+ * Insert a new entry after the specified head.
+ * This is good for implementing stacks.
+ */
+static inline void list_add(struct list_head *new, struct list_head *head)
+{
+ __list_add(new, head, head->next);
+}
+
+/**
+ * list_add_tail - add a new entry
+ * @new: new entry to be added
+ * @head: list head to add it before
+ *
+ * Insert a new entry before the specified head.
+ * This is useful for implementing queues.
+ */
+static inline void list_add_tail(struct list_head *new, struct list_head *head)
+{
+ __list_add(new, head->prev, head);
+}
+
+/*
+ * Delete a list entry by making the prev/next entries
+ * point to each other.
+ *
+ * This is only for internal list manipulation where we know
+ * the prev/next entries already!
+ */
+static inline void __list_del(struct list_head * prev, struct list_head * next)
+{
+ next->prev = prev;
+ prev->next = next;
+}
+
+/**
+ * list_del - deletes entry from list.
+ * @entry: the element to delete from the list.
+ * Note: list_empty on entry does not return true after this, the entry is
+ * in an undefined state.
+ */
+static inline void list_del(struct list_head *entry)
+{
+ __list_del(entry->prev, entry->next);
+ entry->next = LIST_POISON1;
+ entry->prev = LIST_POISON2;
+}
+
+/**
+ * list_entry - get the struct for this entry
+ * @ptr: the &struct list_head pointer.
+ * @type: the type of the struct this is embedded in.
+ * @member: the name of the list_struct within the struct.
+ */
+#define list_entry(ptr, type, member) \
+ container_of(ptr, type, member)
+
+/**
+ * __list_for_each - iterate over a list
+ * @pos: the &struct list_head to use as a loop counter.
+ * @head: the head for your list.
+ *
+ * This variant differs from list_for_each() in that it's the
+ * simplest possible list iteration code, no prefetching is done.
+ * Use this for code that knows the list to be very short (empty
+ * or 1 entry) most of the time.
+ */
+#define __list_for_each(pos, head) \
+ for (pos = (head)->next; pos != (head); pos = pos->next)
+
+/**
+ * list_for_each_entry_safe - iterate over list of given type safe against removal of list entry
+ * @pos: the type * to use as a loop counter.
+ * @n: another type * to use as temporary storage
+ * @head: the head for your list.
+ * @member: the name of the list_struct within the struct.
+ */
+#define list_for_each_entry_safe(pos, n, head, member) \
+ for (pos = list_entry((head)->next, typeof(*pos), member), \
+ n = list_entry(pos->member.next, typeof(*pos), member); \
+ &pos->member != (head); \
+ pos = n, n = list_entry(n->member.next, typeof(*n), member))
+
+
+/* borrowed from kernel header linux/kernel.h */
+
+/**
+ * container_of - cast a member of a structure out to the containing structure
+ *
+ * @ptr: the pointer to the member.
+ * @type: the type of the container struct this is embedded in.
+ * @member: the name of the member within the struct.
+ *
+ */
+#define container_of(ptr, type, member) ({ \
+ const typeof( ((type *)0)->member ) *__mptr = (ptr); \
+ (type *)( (char *)__mptr - linux_offsetof(type,member) );})
+
+
+/* borrowed from linux/stdddef.h */
+
+#define linux_offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER)
+
+#endif /* LIST_H */
diff --git a/src/plugins/ifw_listen/plugin.c b/src/plugins/ifw_listen/plugin.c
new file mode 100644
index 0000000..9dded4a
--- /dev/null
+++ b/src/plugins/ifw_listen/plugin.c
@@ -0,0 +1,110 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <sys/socket.h>
+
+#include "ifw_listen_dbus.h"
+
+static int init(plugin_t *plugin, DBusConnection *connection);
+static void deinit(plugin_t *plugin, DBusConnection *connection);
+static void process_listen_message(plugin_t *plugin, DBusConnection *connection, int seq, msg_listen_t *listen);
+static DBusHandlerResult handle_message(DBusConnection *connection, DBusMessage *message, plugin_t *plugin);
+#ifdef IFW_LISTEN_FAKE
+static void generate_fake_listen(msg_listen_t *listen);
+static void handle_fake(plugin_t *plugin, DBusConnection *connection);
+#else
+static void handle_incoming(plugin_t *plugin, DBusConnection *connection);
+#endif
+
+static int init(plugin_t *plugin, DBusConnection *connection) {
+ ifw_listen_t *ifw_listen;
+
+ ifw_listen = malloc(sizeof(ifw_listen_t));
+ if (!ifw_listen) {
+ fprintf(stderr, "unable to malloc ifw\n");
+ return -1;
+ }
+
+#ifdef IFW_LISTEN_FAKE
+ plugin->fd = 0;
+#else
+ plugin->fd = nl_ifw_create_socket();
+ if (plugin->fd < 0) {
+ fprintf(stderr, "unable to init netlink\n");
+ return -1;
+ }
+#endif
+ plugin->priv = (void *) ifw_listen;
+
+ return 0;
+}
+
+static void deinit(plugin_t *plugin, DBusConnection *connection) {
+ ifw_listen_t *ifw_listen = (ifw_listen_t *) plugin->priv;
+ close(plugin->fd);
+}
+
+#ifdef IFW_LISTEN_FAKE
+#include <time.h>
+
+static void generate_fake_listen(msg_listen_t *listen) {
+ static int port = 22;
+ strcpy(listen->program, "sshd");
+ listen->port = port++;
+}
+
+static void handle_fake(plugin_t *plugin, DBusConnection *connection) {
+ static int seq = 0;
+ msg_listen_t fake_listen;
+
+ read(0, NULL, 1);
+
+ generate_fake_listen(&fake_listen);
+ printf("seq : %d\n", seq);
+
+ process_listen_message(plugin, connection, seq++, &fake_listen);
+}
+
+#else
+
+static void handle_incoming(plugin_t *plugin, DBusConnection *connection) {
+ struct nl_msg msg;
+ static int seq = 0;
+ msg_listen_t listen;
+
+ if (nl_ifw_read_msg(plugin->fd, NULL, &msg) <= 0) {
+ fprintf(stderr, "unable to read packet from netlink\n");
+ return;
+ }
+
+ process_listen_message(plugin, connection, seq++, &listen);
+}
+
+#endif
+
+static void process_listen_message(plugin_t *plugin, DBusConnection *connection, int seq, msg_listen_t *listen) {
+ ifw_listen_t *ifw_listen = (ifw_listen_t *) plugin->priv;
+ ifw_listen_dbus_notify_listen(connection, listen);
+}
+
+static DBusHandlerResult handle_message(DBusConnection *connection, DBusMessage *message, plugin_t *plugin) {
+ ifw_listen_t *ifw_listen = (ifw_listen_t *) plugin->priv;
+ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
+}
+
+plugin_t ifw_listen_plugin = {
+ .name = "Interactive Firewall",
+ .path = IFW_LISTEN_DBUS_PATH,
+ .init = init,
+#ifdef IFW_LISTEN_FAKE
+ .handle_incoming = handle_fake,
+#else
+ .handle_incoming = handle_incoming,
+#endif
+ .handle_message = handle_message,
+ .deinit = deinit,
+};
diff --git a/src/plugins/ifw_listen/report_list.c b/src/plugins/ifw_listen/report_list.c
new file mode 100644
index 0000000..ed2f3c2
--- /dev/null
+++ b/src/plugins/ifw_listen/report_list.c
@@ -0,0 +1,87 @@
+#include "report_list.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+void report_list_init(report_list_t *list) {
+ INIT_LIST_HEAD(list);
+}
+
+report_list_cell_t *report_list_add(report_list_t *list, int seq, msg_usr_t *attack) {
+ report_list_cell_t *cell;
+
+ cell = malloc(sizeof(report_list_cell_t));
+ if (!cell) {
+ fprintf(stderr, "unable to alloc enough memory for report list cell, skipping\n");
+ return NULL;
+ }
+ cell->seq = seq;
+ cell->info = *attack;
+ cell->processed = 0;
+ INIT_LIST_HEAD(&cell->list);
+ list_add_tail(&cell->list, list);
+
+ return cell;
+}
+
+report_list_cell_t *report_list_find(report_list_t *list, u_int32_t addr, int include_processed) {
+ struct list_head *entry;
+
+ __list_for_each(entry, list) {
+ report_list_cell_t *cell;
+ cell = list_entry(entry, report_list_cell_t, list);
+ if (cell->info.s_addr == addr && (include_processed || !cell->processed)) {
+ return cell;
+ }
+ }
+
+ return NULL;
+}
+
+report_list_cell_t *report_list_find_seq(report_list_t *list, int seq) {
+ struct list_head *entry;
+
+ __list_for_each(entry, list) {
+ report_list_cell_t *cell;
+ cell = list_entry(entry, report_list_cell_t, list);
+ if (cell->seq == seq) {
+ return cell;
+ }
+ }
+
+ return NULL;
+}
+
+void report_list_remove(report_list_cell_t *cell) {
+ list_del(&cell->list);
+ free(cell);
+}
+
+void report_list_clear_processed(report_list_t *list) {
+ report_list_cell_t *cell, *n;
+
+ list_for_each_entry_safe(cell, n, list, list) {
+ if (cell->processed) {
+ report_list_remove(cell);
+ }
+ }
+}
+
+void report_list_print(report_list_t *list) {
+ struct list_head *entry;
+
+ printf("* report list {\n");
+ __list_for_each(entry, list) {
+ report_list_cell_t *cell;
+ struct in_addr addr;
+ cell = list_entry(entry, report_list_cell_t, list);
+ addr.s_addr = cell->info.s_addr;
+ printf("%s (%d),\n", inet_ntoa(addr), cell->seq);
+ }
+ printf("} report list *\n");
+}
+
diff --git a/src/plugins/ifw_listen/report_list.h b/src/plugins/ifw_listen/report_list.h
new file mode 100644
index 0000000..626afed
--- /dev/null
+++ b/src/plugins/ifw_listen/report_list.h
@@ -0,0 +1,24 @@
+#ifndef REPORT_LIST_H
+#define REPORT_LIST_H
+
+#include "list.h"
+typedef struct list_head report_list_t;
+
+#include "ifw.h"
+
+typedef struct {
+ struct list_head list;
+ int seq;
+ msg_usr_t info;
+ char processed;
+} report_list_cell_t;
+
+void report_list_init(report_list_t *list);
+report_list_cell_t *report_list_add(report_list_t *list, int seq, msg_usr_t *attack);
+report_list_cell_t *report_list_find(report_list_t *list, u_int32_t addr, int include_processed);
+report_list_cell_t *report_list_find_seq(report_list_t *list, int seq);
+void report_list_remove(report_list_cell_t *cell);
+void report_list_clear_processed(report_list_t *list);
+void report_list_print(report_list_t *list);
+
+#endif /* REPORT_LIST_H */