netadm-devel Mailing List for netadm (Page 4)
Status: Beta
Brought to you by:
linuxpark
Menu
▾
▴
netadm-devel — mailling list for netadm developers
You can subscribe to this list here.
| 2006 |
Jan
(4) |
Feb
(78) |
Mar
(70) |
Apr
(32) |
May
(28) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: linuxpark <lin...@us...> - 2006-03-13 14:15:10
|
Update of /cvsroot/netadm/gwc/gwcadmd In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv10615/gwcadmd Modified Files: main.c Log Message: MOD: rearrange export symbol. Index: main.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwcadmd/main.c,v retrieving revision 1.12 retrieving revision 1.13 diff -C2 -d -r1.12 -r1.13 *** main.c 10 Mar 2006 18:13:58 -0000 1.12 --- main.c 13 Mar 2006 14:15:05 -0000 1.13 *************** *** 45,48 **** --- 45,49 ---- #include "systime.h" #include "linklist.h" + #include "confproc.h" extern int errno; *************** *** 52,63 **** bool bdebug = FALSE; pthread_attr_t attr; ! extern list runpol_list; ! ! extern sys_strmap_t map_truefalse[]; ! extern sys_strmap_t map_nettype []; ! extern sys_strmap_t map_prototype []; ! extern sys_strmap_t map_icmptype []; ! extern sys_strmap_t map_thput_unit []; ! extern sys_strmap_t map_fc_rule []; #define PR() dprintf("") --- 53,57 ---- bool bdebug = FALSE; pthread_attr_t attr; ! list runpol_list; #define PR() dprintf("") |
|
From: jeho-park <lin...@gm...> - 2006-03-12 10:09:31
|
two days ago, i implemented the internal and cli command of gwc-v0.1-pre3 and basic test was done. if you want to more detail infomation about what has been done, please refer to *gwc-v0.1-pre3-gui.ppt <http://jhpark.guideline.co.kr/data/PROJECT/netadm/gwc/v0.1-pre3/gwc-v0.1-pre3-gui.ppt> below * and i also want to know george, kwan-kyung, il-eok.. how about researching or designing IPS.. [code] : please refer to cvs server [test]: http://jhpark.guideline.co.kr/data/PROJECT/netadm/gwc/v0.1-pre3/test/ *gwc-v0.1-pre3-config <http://jhpark.guideline.co.kr/data/PROJECT/netadm/gwc/v0.1-pre3/test/gwc-v0.1-pre3-config> : basic configuration file for testing new functionalities. **gwc-v0.1-pre3-dump_ipol.txt <http://jhpark.guideline.co.kr/data/PROJECT/netadm/gwc/v0.1-pre3/test/gwc-v0.1-pre3-dump_ipol.txt> : dump of pf rule, from this pre3 version, gwc support IP range. **result.txt <http://jhpark.guideline.co.kr/data/PROJECT/netadm/gwc/v0.1-pre3/test/result.txt> : this is the result log of pf.log in /usr/local/gwc/log. i found some bugs and other todo about this version [ TODO ] - support subnet network in packet filtering . - test and modify current hash algorithm for searching any session in packet filtering. hyoseok read me here! i want you to start to develop gtk+ for this new functionalities. please refer to the document below. GUI design and framework illustration : URL: http://jhpark.guideline.co.kr/data/PROJECT/netadm/gwc/v0.1-pre3/ file: **gwc-v0.1-pre3-gui.ppt <http://jhpark.guideline.co.kr/data/PROJECT/netadm/gwc/v0.1-pre3/gwc-v0.1-pre3-gui.ppt>, **gwc-v0.1-pre3-gui.pdf <http://jhpark.guideline.co.kr/data/PROJECT/netadm/gwc/v0.1-pre3/gwc-v0.1-pre3-gui.pdf>, **gwc-v0.1-pre3-gui.sxi <http://jhpark.guideline.co.kr/data/PROJECT/netadm/gwc/v0.1-pre3/gwc-v0.1-pre3-gui.sxi> hyoseok ! please tell me how long will you spend to implement this new GUI thanks jeho park * |
|
From: linuxpark <lin...@us...> - 2006-03-10 18:14:04
|
Update of /cvsroot/netadm/gwc/gwclib In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv26809/gwclib Modified Files: confproc.c confutil.c Log Message: ADD: ADD: internal fc_apply routine through ioctl call. TEST: Basic test done. - Config: http://jhpark.guideline.co.kr/data/PROJECT/netadm/gwc/test/gwc-v0.1-pre3-config - Internal policy of pf: http://jhpark.guideline.co.kr/data/PROJECT/netadm/gwc/test/gwc-v0.1-pre3-dump_ipol.txt Index: confutil.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwclib/confutil.c,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** confutil.c 8 Mar 2006 15:29:55 -0000 1.9 --- confutil.c 10 Mar 2006 18:13:58 -0000 1.10 *************** *** 17,20 **** --- 17,21 ---- #include <arpa/inet.h> #include <sys/time.h> + #include <sys/ioctl.h> #include <strings.h> #include <string.h> *************** *** 396,402 **** void * _apply_fc_ipol ( void *arg, int len, frp_t fr) { ! /* TODO */ ! return NULL; } --- 397,443 ---- void * _apply_fc_ipol ( void *arg, int len, frp_t fr) { + static fc_umsg_t *p; + struct listnode *n; + int fd; + int idx; + int ret; ! fd = open(SZPFDEV, O_RDWR | O_NDELAY); ! if (fd < 0) { ! if (fr) { ! sprintf (fr->errmsg, "Failed to open %s\n", SZPFDEV); ! fr->ret = RET_EOPEN; ! } ! return NULL; ! } ! ! ioctl (fd, IOCTLPF_REFLESH, 0); ! LIST_LOOP(runpol_list, p, n) { ! ! if (p->msg.rule == FC_PR_CONTROL) ! idx = IOCTLPF_REGISTER_NET; ! ! else if (p->msg.rule == FC_PR_MOD_HEADER ) ! idx = IOCTLPF_REGISTER_MODSEQ; ! ! if ((ret = ioctl(fd, idx, &p->msg)) < 0) { ! ! if (errno != EBADSLT) { ! ! if (fr) { ! sprintf (fr->errmsg, "%s: Ioctl Failed to apply policy \"%s\"", ! SZPFDEV, p->polname); ! fr->ret = RET_EIOCTL; ! } ! ! close(fd); ! return NULL; ! } ! } ! } ! ! close(fd); ! /* nomeaning */ ! return runpol_list; } *************** *** 595,599 **** } - //func(argc, argv, CBFROM_MAIN, &fr); func(argc, argv, 0, &fr); return &fr; --- 636,639 ---- Index: confproc.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwclib/confproc.c,v retrieving revision 1.17 retrieving revision 1.18 diff -C2 -d -r1.17 -r1.18 *** confproc.c 8 Mar 2006 15:29:55 -0000 1.17 --- confproc.c 10 Mar 2006 18:13:58 -0000 1.18 *************** *** 3132,3140 **** if (argc == 0) { ! if ( getpid() != getpidbyname("/proc", SZADMD) && ! send_ipcmsg(_CMD_APPLY_FC_IPOL, NULL, 0, fr) != RET_OK ){ ! frerr(fr, fr->ret, "Failed to apply internal policies (%d): %s\n", ! fr->ret, fr->errmsg != NULL ? fr->errmsg : ""); ! return; } else { --- 3132,3142 ---- if (argc == 0) { ! if ( getpid() != getpidbyname("/proc", SZADMD) ) { ! if (send_ipcmsg(_CMD_APPLY_FC_IPOL, NULL, 0, fr) != RET_OK ){ ! frerr(fr, fr->ret, "Failed to apply internal policies (%d): %s\n", ! fr->ret, fr->errmsg != NULL ? fr->errmsg : ""); ! ! return; ! } } else { |
|
From: linuxpark <lin...@us...> - 2006-03-10 18:14:04
|
Update of /cvsroot/netadm/gwc/gwcadmd In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv26809/gwcadmd Modified Files: main.c Log Message: ADD: ADD: internal fc_apply routine through ioctl call. TEST: Basic test done. - Config: http://jhpark.guideline.co.kr/data/PROJECT/netadm/gwc/test/gwc-v0.1-pre3-config - Internal policy of pf: http://jhpark.guideline.co.kr/data/PROJECT/netadm/gwc/test/gwc-v0.1-pre3-dump_ipol.txt Index: main.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwcadmd/main.c,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** main.c 8 Mar 2006 15:29:52 -0000 1.11 --- main.c 10 Mar 2006 18:13:58 -0000 1.12 *************** *** 1087,1092 **** FD_SET(fd, &sock_set); ptv = NULL; ! //tv.tv_sec = APC_ADMD_TIMEOUT * 60L; ! tv.tv_sec = 10; tv.tv_usec = 0; ptv = &tv; --- 1087,1091 ---- FD_SET(fd, &sock_set); ptv = NULL; ! tv.tv_sec = APC_ADMD_TIMEOUT * 60L; tv.tv_usec = 0; ptv = &tv; *************** *** 1098,1102 **** } else if (!ret) { out("timeout continue ...\n"); - show_runpol(); continue; } else { --- 1097,1100 ---- |
|
From: linuxpark <lin...@us...> - 2006-03-10 16:52:10
|
Update of /cvsroot/netadm/gwc/include In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv18344/include Modified Files: sysdef.h sysioctl.h Log Message: MOD: modify user layer data structure for interfacing with pf. Index: sysdef.h =================================================================== RCS file: /cvsroot/netadm/gwc/include/sysdef.h,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** sysdef.h 5 Mar 2006 01:11:00 -0000 1.7 --- sysdef.h 10 Mar 2006 16:52:04 -0000 1.8 *************** *** 11,14 **** --- 11,15 ---- #ifndef __SYS_DEF_H #define __SYS_DEF_H + #include <linux/icmp.h> #define DL 32 *************** *** 46,62 **** typedef enum { ! SYS_ICMP_UNREACH = 0x0001, ! SYS_ICMP_ECHO = 0x0002, ! SYS_ICMP_ECHOREP = 0x0004, ! SYS_ICMP_SQUENCH = 0x0008, ! SYS_ICMP_REDIR = 0x0010, ! SYS_ICMP_TIMEX = 0x0020, ! SYS_ICMP_PARAMPROB = 0x0040, ! SYS_ICMP_TIMEST = 0x0080, ! SYS_ICMP_TIMESTREP = 0x0100, ! SYS_ICMP_INFOREQ = 0x0200, ! SYS_ICMP_INFOREP = 0x0400, ! SYS_ICMP_MASKREQ = 0x0800, ! SYS_ICMP_MASKREP = 0x1000, } sys_icmp_type_e; --- 47,63 ---- typedef enum { ! SYS_ICMP_UNREACH = ICMP_DEST_UNREACH, ! SYS_ICMP_ECHO = ICMP_ECHO, ! SYS_ICMP_ECHOREP = ICMP_ECHOREPLY, ! SYS_ICMP_SQUENCH = ICMP_SOURCE_QUENCH,/*Source Quench */ ! SYS_ICMP_REDIR = ICMP_REDIRECT, /*Redirect(change route)*/ ! SYS_ICMP_TIMEX = ICMP_TIME_EXCEEDED, ! SYS_ICMP_PARAMPROB = ICMP_PARAMETERPROB, ! SYS_ICMP_TIMEST = ICMP_TIMESTAMP, ! SYS_ICMP_TIMESTREP = ICMP_TIMESTAMPREPLY, ! SYS_ICMP_INFOREQ = ICMP_INFO_REQUEST, /* Information Request*/ ! SYS_ICMP_INFOREP = ICMP_INFO_REPLY, /* Information Reply*/ ! SYS_ICMP_MASKREQ = ICMP_ADDRESS, /* Address Mask Request*/ ! SYS_ICMP_MASKREP = ICMP_ADDRESSREPLY, /* Address Mask Reply */ } sys_icmp_type_e; *************** *** 250,254 **** --- 251,257 ---- * be accessed globaly. */ + #ifndef __SYS_IOCTL_H_ #include "sysioctl.h" + #endif typedef struct { char polname[OL]; /* same as policy name of fc */ Index: sysioctl.h =================================================================== RCS file: /cvsroot/netadm/gwc/include/sysioctl.h,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** sysioctl.h 5 Mar 2006 01:11:00 -0000 1.4 --- sysioctl.h 10 Mar 2006 16:52:05 -0000 1.5 *************** *** 35,41 **** } __attribute__ ((packed)) kuio_msg_t; ! #define IOCTLPF_REGISTER_SRCBLOCK _IO (IOCTLPF_MAGIC, 0) #define IOCTLPF_REGISTER_MODSEQ _IO (IOCTLPF_MAGIC, 1) ! #define IOCTLPF_UNREGISTER_HOST _IO (IOCTLPF_MAGIC, 2) #define IOCTLPF_REFLESH _IO (IOCTLPF_MAGIC, 3) #define IOCTLPF_MAXNR 4 --- 35,41 ---- } __attribute__ ((packed)) kuio_msg_t; ! #define IOCTLPF_REGISTER_NET _IO (IOCTLPF_MAGIC, 0) #define IOCTLPF_REGISTER_MODSEQ _IO (IOCTLPF_MAGIC, 1) ! #define IOCTLPF_UNREGISTER_NET _IO (IOCTLPF_MAGIC, 2) #define IOCTLPF_REFLESH _IO (IOCTLPF_MAGIC, 3) #define IOCTLPF_MAXNR 4 |
|
From: linuxpark <lin...@us...> - 2006-03-10 16:48:54
|
Update of /cvsroot/netadm/gwc/pf In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv14956 Modified Files: pf.c pf.h sysktimer.c sysktimer.h Log Message: MOD: modify pf for new version(gwc-v0.1-pre3) modify all of pf. especially. from now, it include session info. Index: sysktimer.h =================================================================== RCS file: /cvsroot/netadm/gwc/pf/sysktimer.h,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** sysktimer.h 28 Feb 2006 01:00:09 -0000 1.2 --- sysktimer.h 10 Mar 2006 16:48:49 -0000 1.3 *************** *** 12,17 **** #include <linux/interrupt.h> ! #ifndef __SYS_TIMER_H ! #define __SYS_TIMER_H struct sys_timer_t { --- 12,17 ---- #include <linux/interrupt.h> ! #ifndef __SYS_KTIMER_H ! #define __SYS_KTIMER_H struct sys_timer_t { Index: pf.h =================================================================== RCS file: /cvsroot/netadm/gwc/pf/pf.h,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** pf.h 28 Feb 2006 00:49:54 -0000 1.3 --- pf.h 10 Mar 2006 16:48:49 -0000 1.4 *************** *** 24,39 **** #endif #define KUIO_MAJOR_NUM 253 ! #define BLOCK_HOST 0x0001 ! #define MODIFY_SEQ 0x0002 struct host { ! __u32 saddr; ! __u8 type; ! __u32 pktcnt; ! __u32 max_pktrate; }; struct blk_key{ ! __u32 saddr; }; --- 24,96 ---- #endif #define KUIO_MAJOR_NUM 253 ! ! sys_strmap_t map_truefalse[] = { ! { "true", TRUE }, ! { "false", FALSE }, ! { 0 } ! }; ! ! sys_strmap_t map_nettype [] = { ! { "net", SYS_NT_NET }, ! { "host", SYS_NT_HOST }, ! { 0 } ! }; ! ! sys_strmap_t map_prototype [] = { ! { "tcp", SYS_PROTO_TCP }, ! { "udp", SYS_PROTO_UDP }, ! { "icmp", SYS_PROTO_ICMP }, ! { 0 } ! }; ! ! sys_strmap_t map_icmptype [] = { ! { "unreach", SYS_ICMP_UNREACH }, ! { "echo", SYS_ICMP_ECHO }, ! { "echorep", SYS_ICMP_ECHOREP }, ! { "squench", SYS_ICMP_SQUENCH }, ! { "redir", SYS_ICMP_REDIR }, ! { "timex", SYS_ICMP_TIMEX }, ! { "paramprob", SYS_ICMP_PARAMPROB }, ! { "timest", SYS_ICMP_TIMEST }, ! { "timestrep", SYS_ICMP_TIMESTREP }, ! { "inforeq", SYS_ICMP_INFOREQ }, ! { "inforep", SYS_ICMP_INFOREP }, ! { "maskreq", SYS_ICMP_MASKREQ }, ! { "maskrep", SYS_ICMP_MASKREP }, ! { 0 } ! }; ! ! sys_strmap_t map_thput_unit [] = { ! { "bps", SYS_FLOW_BPS }, ! { "kbps", SYS_FLOW_KBPS }, ! { "mbps", SYS_FLOW_MBPS }, ! { "byte", SYS_FLOW_BYTE }, ! { "kbyte", SYS_FLOW_KBYTE }, ! { "mbyte", SYS_FLOW_MBYTE }, ! { 0 } ! }; ! ! sys_strmap_t map_fc_rule [] = { ! { "fc", FC_PR_CONTROL }, ! { "mh", FC_PR_MOD_HEADER }, ! { 0 } ! }; ! ! char * mapidtostr(sys_strmap_t * map, int id); ! int mapstrtoid(sys_strmap_t * map, char *str); struct host { ! int ifindex; ! __u8 protocol; ! __u8 rule; ! __u32 saddr; ! __u32 daddr; ! __u32 quota; ! __u32 eat; }; struct blk_key{ ! __u16 sport; ! __u16 dport; }; *************** *** 51,64 **** unsigned blk_hash_mask; ! static __inline__ unsigned blk_hash_code (u32 saddr) { ! u32 daddr = 0x1289CD94; ! u8 tos = 0x07; ! unsigned hash = ((daddr & 0xF0F0F0F0) >> 4) | ((daddr & 0x0F0F0F0F) << 4); ! hash ^= saddr ^ tos; hash ^= (hash >> 16); return (hash ^ (hash >> 8)) & blk_hash_mask; } static __inline__ int dump_tcp(struct sk_buff *skb) --- 108,140 ---- unsigned blk_hash_mask; ! static __inline__ unsigned blk_hash_code (int ifindex, ! u32 saddr, ! u32 daddr, ! u8 protocol ! ) { unsigned hash = ((daddr & 0xF0F0F0F0) >> 4) | ((daddr & 0x0F0F0F0F) << 4); ! ifindex <<= 16; ! ifindex |= protocol; ! hash ^= saddr ^ ifindex; hash ^= (hash >> 16); return (hash ^ (hash >> 8)) & blk_hash_mask; } + static __inline__ void + print_connection (const char *str, + __u32 saddr, __u16 sport, + __u8 proto, + __u32 daddr, __u16 dport) + { + printk ("%s: %s %u.%u.%u.%u/%d -- %s --> %u.%u.%u.%u/%d\n", + DEVICE_NAME, + str, + NIPQUAD(saddr), + sport, + mapidtostr (map_prototype, proto), + NIPQUAD(daddr), + dport); + } + static __inline__ int dump_tcp(struct sk_buff *skb) Index: pf.c =================================================================== RCS file: /cvsroot/netadm/gwc/pf/pf.c,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** pf.c 5 Mar 2006 01:11:00 -0000 1.5 --- pf.c 10 Mar 2006 16:48:49 -0000 1.6 *************** *** 2,6 **** Title : pf.c ! Author : Jeho-Park <ne...@ke...> Created date : 2006. 01. 31. (thu) 01:39:30 KST Description : pf module --- 2,6 ---- Title : pf.c ! Author : Jeho-Park <lin...@gm...> Created date : 2006. 01. 31. (thu) 01:39:30 KST Description : pf module *************** *** 26,29 **** --- 26,30 ---- #include <linux/in.h> #include <linux/tcp.h> + #include <linux/udp.h> #include <linux/stddef.h> #include <linux/fs.h> *************** *** 39,54 **** #include <linux/if_arp.h> #endif #include <linux/fcntl.h> #include <linux/errno.h> #include "pf.h" - #include "sysioctl.h" #include "sysktimer.h" - #include "../include/global.h" - #define DRIVER_AUTHOR "jeho park <lin...@gm...>" #define DRIVER_VERSION "gwc-pf-" SZSYSVERSION #define DRIVER_DESC "pf of gwc in netadm project " DRIVER_VERSION ! static pid_t tid; /* timer thread id */ static int debug __initdata = 0; static int kuio_rdopen = 0; --- 40,56 ---- #include <linux/if_arp.h> #endif + #include <linux/icmp.h> #include <linux/fcntl.h> #include <linux/errno.h> + #include <linux/string.h> + #include "../include/global.h" + #include "../include/sysdef.h" #include "pf.h" #include "sysktimer.h" #define DRIVER_AUTHOR "jeho park <lin...@gm...>" #define DRIVER_VERSION "gwc-pf-" SZSYSVERSION #define DRIVER_DESC "pf of gwc in netadm project " DRIVER_VERSION ! static pid_t tid; /* timer thread id */ static int debug __initdata = 0; static int kuio_rdopen = 0; *************** *** 56,59 **** --- 58,91 ---- static struct nf_hook_ops iphook_tab; + char * mapidtostr(sys_strmap_t * map, int id) + { + + while (map->str) { + if (map->id == id) + return map->str; + + map++; + } + + return NULL; + } + EXPORT_SYMBOL_GPL (mapidtostr); + + int mapstrtoid(sys_strmap_t * map, char *str) + { + + while (map->str) { + if (!strcmp(map->str, str)) { + return map->id; + } + + map++; + } + + return -1; + } + EXPORT_SYMBOL_GPL (mapstrtoid); + + /* block list hash table */ static struct blk_hash_bucket *blk_hash_table; *************** *** 70,81 **** while( (blkh = *blkhp) != NULL){ ! if( blkh->key.saddr == blk->key.saddr ){ *blkhp = blkh->next; blkh->next = blk_hash_table[hash].chain; blk_hash_table[hash].chain = blkh; - /* need jiffies ?*/ spin_unlock(&blk_hash_table[hash].lock); *blkhp = blkh; ! printk("%s:%s: We meet any collision\n", DEVICE_NAME, __FUNCTION__); return -1; } --- 102,113 ---- while( (blkh = *blkhp) != NULL){ ! /* Bad Case: Meet Collision & absoletely same */ ! if((blkh->key.sport & blk->key.sport)&&(blkh->key.dport&blk->key.dport)){ *blkhp = blkh->next; blkh->next = blk_hash_table[hash].chain; blk_hash_table[hash].chain = blkh; spin_unlock(&blk_hash_table[hash].lock); *blkhp = blkh; ! printk("%s: We meet any collision\n", DEVICE_NAME); return -1; } *************** *** 102,113 **** memset (blknode, 0, sizeof (struct blk)); return blknode; - #if 0 - new->host = (struct host *) kmalloc(sizeof (struct host), - in_interrupt()? GFP_ATOMIC : GFP_KERNEL); - if (!new->host) { - printk("%s: Failed to alloc host\n", DEVICE_NAME); - return NULL; - } - #endif } --- 134,137 ---- *************** *** 122,128 **** while( (blkh = *blkhp) != NULL){ blkhp = &blkh->next; - #if 0 - kfree (blkh->host); /* FIXME */ - #endif printk("kmem_cache_free\n"); kmem_cache_free(kmem_cachep, blkh); --- 146,149 ---- *************** *** 140,144 **** } ! static int update_pktcnt( void *arg ){ struct blk *blkh, **blkhp; int i; --- 161,165 ---- } ! static int update_eat ( void *arg ){ struct blk *blkh, **blkhp; int i; *************** *** 147,154 **** spin_lock(&blk_hash_table[i].lock); - blkhp = &blk_hash_table[i].chain; while( (blkh = *blkhp) != NULL){ ! blkh->host.pktcnt = 0; blkhp = &blkh->next; } --- 168,174 ---- spin_lock(&blk_hash_table[i].lock); blkhp = &blk_hash_table[i].chain; while( (blkh = *blkhp) != NULL){ ! blkh->host.eat = 0; blkhp = &blkh->next; } *************** *** 159,163 **** } ! static int register_host( u32 saddr, u8 type, u32 max_pktrate){ struct blk *key_hp; int ret; --- 179,183 ---- } ! static int register_host(int ifindex, kuio_msg_t *p) { struct blk *key_hp; int ret; *************** *** 166,220 **** key_hp = blk_alloc(); if(!key_hp) { ! printk("%s : %s Failed to blk_alloc\n",DEVICE_NAME, __FUNCTION__ ); return -1; } ! key_hp->key.saddr = key_hp->host.saddr = saddr; ! key_hp->host.type = type; ! key_hp->host.pktcnt = 0; ! key_hp->host.max_pktrate = max_pktrate; ! hash = blk_hash_code(key_hp->key.saddr); return ret = blk_intern_hash (hash, key_hp); } ! static int unregister_host (u32 saddr) { ! struct blk *blkh, *pre_blkh; unsigned hash; ! hash = blk_hash_code(saddr); ! spin_lock(&blk_hash_table[hash].lock); ! pre_blkh = blk_hash_table[hash].chain; ! blkh = pre_blkh->next; ! while ( (saddr != blkh->key.saddr) && blkh != NULL) { ! pre_blkh = pre_blkh->next; ! blkh = pre_blkh->next; } ! if (blkh == NULL) { spin_unlock(&blk_hash_table[hash].lock); ! printk ("%s: There is no such host %u.%u.%u.%u\n", DEVICE_NAME, NIPQUAD(saddr)); return -1; } pre_blkh->next = blkh->next; ! kmem_cache_free( kmem_cachep, blkh); spin_unlock(&blk_hash_table[hash].lock); ! printk ("%s: Successfully unregistered host %u.%u.%u.%u\n", DEVICE_NAME, NIPQUAD(saddr)); return 1; } ! static int find_host (u32 saddr) { struct blk *blkh; unsigned hash; ! hash = blk_hash_code(saddr); spin_lock(&blk_hash_table[hash].lock); for( blkh = blk_hash_table[hash].chain; blkh; blkh = blkh->next){ ! ! if ( blkh->key.saddr == saddr ) { spin_unlock(&blk_hash_table[hash].lock); return 1; --- 186,253 ---- key_hp = blk_alloc(); if(!key_hp) { ! printk("%s : %s Failed to blk_alloc\n", DEVICE_NAME, __FUNCTION__ ); return -1; } ! key_hp->key.sport = p->sport; ! key_hp->key.dport = p->dport; ! key_hp->host.ifindex = ifindex; ! key_hp->host.protocol = p->protocol; ! key_hp->host.rule = p->rule; ! key_hp->host.saddr = p->saddr; ! key_hp->host.daddr = p->daddr; ! key_hp->host.quota = p->quota; ! key_hp->host.eat = 0; ! hash = blk_hash_code(key_hp->host.ifindex, ! key_hp->host.saddr, ! key_hp->host.daddr, ! key_hp->host.protocol ! ); return ret = blk_intern_hash (hash, key_hp); } ! static int unregister_host(int ifindex, kuio_msg_t *p) { ! struct blk *blkh; ! struct blk *pre_blkh; unsigned hash; ! hash = blk_hash_code(ifindex, p->saddr, p->daddr, p->protocol); ! spin_lock(&blk_hash_table[hash].lock); ! for( pre_blkh = blk_hash_table[hash].chain, blkh = pre_blkh->next; ! blkh; ! pre_blkh = pre_blkh->next, blkh = pre_blkh->next){ ! if ( blkh->key.sport == p->sport && blkh->key.dport == p->dport ) { ! break; ! } } ! if (!blkh) { spin_unlock(&blk_hash_table[hash].lock); ! print_connection ("There is no such info", ! p->saddr, p->sport, ! p->protocol, ! p->daddr, p->dport); return -1; } pre_blkh->next = blkh->next; ! kmem_cache_free(kmem_cachep, blkh); spin_unlock(&blk_hash_table[hash].lock); ! return 1; } ! static int find_host (int ifindex, kuio_msg_t *p) { struct blk *blkh; unsigned hash; ! hash = blk_hash_code(ifindex, p->saddr, p->daddr, p->protocol); spin_lock(&blk_hash_table[hash].lock); for( blkh = blk_hash_table[hash].chain; blkh; blkh = blkh->next){ ! if ( blkh->key.sport == p->sport && blkh->key.dport == p->dport ) { spin_unlock(&blk_hash_table[hash].lock); return 1; *************** *** 228,232 **** int goal, order, i; ! kmem_cachep = kmem_cache_create("cherokee-pf", sizeof(struct blk), 0, SLAB_HWCACHE_ALIGN, NULL, NULL); if(!kmem_cachep){ printk("%s: Failed to allocate block_host_cache\n", DEVICE_NAME); --- 261,266 ---- int goal, order, i; ! kmem_cachep = kmem_cache_create(DRIVER_VERSION, sizeof(struct blk), ! 0, SLAB_HWCACHE_ALIGN, NULL, NULL); if(!kmem_cachep){ printk("%s: Failed to allocate block_host_cache\n", DEVICE_NAME); *************** *** 274,278 **** static void init_systimer (struct sys_timer_t * t) { ! t->func = update_pktcnt; /* handler */ t->data = NULL; /* param of handler */ t->t_time = 0; /* total time endless */ --- 308,312 ---- static void init_systimer (struct sys_timer_t * t) { ! t->func = update_eat; /* handler */ t->data = NULL; /* param of handler */ t->t_time = 0; /* total time endless */ *************** *** 281,284 **** --- 315,390 ---- } + /* process_packet + * : This is called with lock state of spinlock in a bucket + */ + static inline int process_packet (struct blk_hash_bucket *bucket, + struct sk_buff *skb, + struct blk *n) + { + const struct iphdr *ip = skb->nh.iph; + struct udphdr *udph; + struct tcphdr *tcph; + struct icmphdr _icmph, *icmph; + + switch (ip->protocol) { + + case IPPROTO_UDP: + udph = (struct udphdr *) ((char *) ip + ip->ihl * 4); + + if (udph->source != n->key.sport || udph->dest != n->key.dport) + goto EXIT_ACCEPT; + + break; + + case IPPROTO_TCP: + tcph = (struct tcphdr *) ((__u32 *) ip + ip->ihl); + + if (tcph->source != n->key.sport || tcph->dest != n->key.dport) + goto EXIT_ACCEPT; + + break; + + case IPPROTO_ICMP: + icmph = skb_header_pointer(skb, ip->ihl * 4, sizeof (_icmph), &_icmph); + if (icmph->type != n->key.dport) + goto EXIT_ACCEPT; + + break; + + default: + /* This will not happen */ + goto EXIT_ACCEPT; + } + + n->host.eat += skb->len; + if (n->host.rule & FC_PR_CONTROL) { + if (!n->host.quota || n->host.eat > n->host.quota ) { + print_connection ("Maximum quota reached", + n->host.saddr, n->key.sport, + n->host.protocol, + n->host.daddr, n->key.dport); + goto EXIT_SCHEDULE; + } + } + else if (n->host.rule & FC_PR_MOD_HEADER ) { + /* TODO: */ + print_connection ("Modify packet", + n->host.saddr, n->key.sport, + n->host.protocol, + n->host.daddr, n->key.dport); + } + /* TODO: NAT */ + + + EXIT_ACCEPT: + spin_unlock (&bucket->lock); + return NF_ACCEPT; + + EXIT_SCHEDULE: + spin_unlock (&bucket->lock); + /* TODO: NF_DROP -> insert_pending (skb, ...) */ + return NF_DROP; + } + static unsigned int ip_hook_func (unsigned int hooknum, *************** *** 289,341 **** struct sk_buff *sb = *skb; const struct iphdr *ip = sb->nh.iph; - struct tcphdr *tcph; struct blk *blkh; - struct host *hp; unsigned hash; - static int i = 0; - struct net_device * indev; ! if (!(i++ %10) && ip->protocol == IPPROTO_ICMP) { ! indev = __dev_get_by_name (in->name); ! printk("%d: dev:%s, ifindex: %d iflink: %d/ from kernel:%s(%d)\n", ! i, ! in->name, ! in->ifindex, ! in->iflink, ! indev->name, ! indev->ifindex ! ); ! } ! hash = blk_hash_code(ip->saddr); spin_lock (&blk_hash_table[hash].lock); ! for( blkh = blk_hash_table[hash].chain; blkh; blkh = blkh->next){ ! ! if ( blkh->key.saddr == ip->saddr ) { ! hp = &blkh->host; ! ! if (hp->type == BLOCK_HOST) { ! ! /* Block host or Flow control */ ! if (!hp->max_pktrate || hp->pktcnt > hp->max_pktrate) { ! ! ++hp->pktcnt; ! printk("Drop | SFlow Control %u.%u.%u.%u [%d/%d] \n", ! NIPQUAD(hp->saddr), hp->pktcnt, hp->max_pktrate); ! spin_unlock (&blk_hash_table[hash].lock); ! return NF_DROP; ! } ! ++hp->pktcnt; ! } else { ! /* modify TCP seq */ ! if (ip->protocol == IPPROTO_TCP) { ! tcph =(void *) (sb)->data +sb->nh.iph->ihl * 4; ! tcph->seq += 3; ! printk("[Modify TCP seq] %u.%u.%u.%u old seq : 0x%x, new seq 0x%x\n", ! NIPQUAD(hp->saddr),tcph->seq - 3, tcph->seq); ! } ! } } } spin_unlock (&blk_hash_table[hash].lock); --- 395,412 ---- struct sk_buff *sb = *skb; const struct iphdr *ip = sb->nh.iph; struct blk *blkh; unsigned hash; ! hash = blk_hash_code(in->ifindex, ip->saddr, ip->daddr, ip->protocol); spin_lock (&blk_hash_table[hash].lock); ! for( blkh = blk_hash_table[hash].chain; blkh; blkh = blkh->next) { ! if ( blkh->host.protocol != ip->protocol ) { ! spin_unlock (&blk_hash_table[hash].lock); ! return NF_ACCEPT; } + + return process_packet (&blk_hash_table[hash], sb, blkh); } spin_unlock (&blk_hash_table[hash].lock); *************** *** 347,373 **** { ! printk("%s: Device open (%d, %d)\n", ! KUIO_DEVICE_NAME, MAJOR(inode->i_rdev), MINOR(inode->i_rdev)); ! ! if ((filp->f_flags & O_ACCMODE) & (O_WRONLY | O_RDWR)) { ! if (kuio_wdopen) { ! printk("%s: Device already open for writing\n", ! KUIO_DEVICE_NAME); ! return -EBUSY; ! } else ! ++kuio_wdopen; ! } ! ! else { ! if (kuio_rdopen) { ! printk("%s: Device already open for reading\n", ! KUIO_DEVICE_NAME); ! return -EBUSY; ! } else ! ++kuio_rdopen; ! } ! try_module_get(THIS_MODULE); ! return 0; } --- 418,441 ---- { ! printk("%s: Device open (%d, %d)\n", ! KUIO_DEVICE_NAME, MAJOR(inode->i_rdev), MINOR(inode->i_rdev)); ! ! if ((filp->f_flags & O_ACCMODE) & (O_WRONLY | O_RDWR)) { ! if (kuio_wdopen) { ! printk("%s: Device already open for writing\n", KUIO_DEVICE_NAME); ! return -EBUSY; ! } else ! ++kuio_wdopen; ! } ! else { ! if (kuio_rdopen) { ! printk("%s: Device already open for reading\n", KUIO_DEVICE_NAME); ! return -EBUSY; ! } else ! ++kuio_rdopen; ! } ! try_module_get(THIS_MODULE); ! return 0; } *************** *** 375,388 **** device_release(struct inode *inode, struct file *filp) { - printk("%s: Device release (%d, %d)\n", - KUIO_DEVICE_NAME, MAJOR(inode->i_rdev), MINOR(inode->i_rdev)); ! if ((filp->f_flags & O_ACCMODE) & (O_WRONLY | O_RDWR)) ! --kuio_wdopen; ! else ! --kuio_rdopen; ! module_put(THIS_MODULE); ! return 0; } --- 443,457 ---- device_release(struct inode *inode, struct file *filp) { ! printk("%s: Device release (%d, %d)\n", ! KUIO_DEVICE_NAME, MAJOR(inode->i_rdev), MINOR(inode->i_rdev)); ! ! if ((filp->f_flags & O_ACCMODE) & (O_WRONLY | O_RDWR)) ! --kuio_wdopen; ! else ! --kuio_rdopen; ! module_put(THIS_MODULE); ! return 0; } *************** *** 391,402 **** unsigned int cmd, unsigned long arg) { ! kuio_msg_t kuio_msg, *pmsg = &kuio_msg; ! #if 0 ! int err; ! #endif ! int size; ! int ret; ! __u32 src; ! __u32 max_pktrate; if (_IOC_TYPE(cmd) != IOCTLPF_MAGIC) --- 460,467 ---- unsigned int cmd, unsigned long arg) { ! kuio_msg_t kuio_msg, *p = &kuio_msg; ! int size; ! int ret; ! int ifindex; if (_IOC_TYPE(cmd) != IOCTLPF_MAGIC) *************** *** 408,476 **** size = sizeof (kuio_msg_t); - #if 0/* get rid of verify_area it may be obsolete from 2.6.x */ - - if (size) { - err = 0; - - if (_IOC_DIR(cmd) & _IOC_WRITE) - err = verify_area(VERIFY_READ, (void *) arg, size); - - if (err) - return err; - } - #endif - switch (cmd) { ! case IOCTLPF_REGISTER_SRCBLOCK: ! ret = copy_from_user((void *) pmsg, (const void *) arg, size); ! src = (pmsg->ip); ! max_pktrate = (pmsg->max_pktrate); /* register host and seq flag */ ! if ( find_host (src) > 0 ) { ! printk ("%s: %u.%u.%u.%u was already registered\n", DEVICE_NAME, NIPQUAD(src)); return -EBADSLT; ! } else { ! if ( register_host (src, BLOCK_HOST, max_pktrate) < 0 ) { return -EFAULT; } else ! printk ("%s: Success to register %u.%u.%u.%u\n", DEVICE_NAME, NIPQUAD(src)); } break; ! ! case IOCTLPF_REGISTER_MODSEQ: ! ! ret = copy_from_user((void *) pmsg, (const void *) arg, size); ! src = (pmsg->ip); ! ! /* register host and seq flag */ ! if ( find_host (src) > 0 ) { ! printk ("%s: %u.%u.%u.%u was already registered\n", DEVICE_NAME, NIPQUAD(src)); ! return -EBADSLT; ! ! } else { ! ! if ( register_host (src, MODIFY_SEQ, 0) < 0 ) { ! return -EFAULT; ! } ! else ! printk ("%s: Success to register %u.%u.%u.%u\n", DEVICE_NAME, NIPQUAD(src)); ! } ! ! break; ! ! case IOCTLPF_UNREGISTER_HOST: ! ret = copy_from_user((void *) pmsg, (const void *) arg, size); ! src = (pmsg->ip); ! ret = unregister_host (src); ! if ( ret < 0 ) return -EFAULT; break; --- 473,528 ---- size = sizeof (kuio_msg_t); switch (cmd) { ! case IOCTLPF_REGISTER_MODSEQ: ! ! case IOCTLPF_REGISTER_NET: ! ret = copy_from_user((void *) p, (const void *) arg, size); ! ifindex = (__dev_get_by_name ((char *)p->indev))->ifindex; /* register host and seq flag */ ! if (find_host (ifindex, p) > 0 ) { ! print_connection ("Already exist", ! p->saddr, p->sport, ! p->protocol, ! p->daddr, p->dport); return -EBADSLT; ! } else { ! if ( register_host (ifindex, p) < 0 ) { ! print_connection ("Failed to register", ! p->saddr, p->sport, ! p->protocol, ! p->daddr, p->dport); return -EFAULT; } else ! print_connection ("Success to register", ! p->saddr, p->sport, ! p->protocol, ! p->daddr, p->dport); } break; ! ! case IOCTLPF_UNREGISTER_NET: ! ret = copy_from_user((void *) p, (const void *) arg, size); ! ifindex = (__dev_get_by_name ((char *)p->indev))->ifindex; ! if ( unregister_host (ifindex, p) < 0 ) { ! print_connection ("Failed to delete", ! p->saddr, p->sport, ! p->protocol, ! p->daddr, p->dport); return -EFAULT; + } + else { + print_connection ("Success to delete", + p->saddr, p->sport, + p->protocol, + p->daddr, p->dport); + } break; *************** *** 518,522 **** } ! printk("%s: Registered with major Number = %d\n", KUIO_DEVICE_NAME,KUIO_MAJOR_NUM); return 0; } --- 570,574 ---- } ! printk("%s: Registered with major Number = %d\n", KUIO_DEVICE_NAME, KUIO_MAJOR_NUM); return 0; } *************** *** 527,533 **** int ret; ! printk("%s: Unloading kernel vs user I/O module\n", DEVICE_NAME); if ((ret = unregister_chrdev(KUIO_MAJOR_NUM, DEVICE_NAME)) < 0) ! printk("%s: Device unregistration failed (%d)\n", DEVICE_NAME, ret); } --- 579,585 ---- int ret; ! printk("%s: Unloading kernel vs user I/O module ...\n", KUIO_DEVICE_NAME); if ((ret = unregister_chrdev(KUIO_MAJOR_NUM, DEVICE_NAME)) < 0) ! printk("%s: Device unregistration failed (%d)\n", KUIO_DEVICE_NAME, ret); } *************** *** 601,603 **** MODULE_LICENSE("GPL"); MODULE_VERSION(DRIVER_VERSION); - --- 653,654 ---- Index: sysktimer.c =================================================================== RCS file: /cvsroot/netadm/gwc/pf/sysktimer.c,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** sysktimer.c 28 Feb 2006 01:00:09 -0000 1.2 --- sysktimer.c 10 Mar 2006 16:48:49 -0000 1.3 *************** *** 40,44 **** return ret; ! printk("%s start, total time: %d\n", __FUNCTION__, p->t_time); expire = timespec_to_jiffies(&p->t) + (p->t.tv_sec || p->t.tv_nsec); --- 40,44 ---- return ret; ! printk("%s thread start, total time: %d\n", DRIVER_VERSION, p->t_time); expire = timespec_to_jiffies(&p->t) + (p->t.tv_sec || p->t.tv_nsec); *************** *** 59,63 **** * i definitly assumed it was stemed from mine */ ! printk("%s exit\n", __FUNCTION__); return 1; } --- 59,63 ---- * i definitly assumed it was stemed from mine */ ! printk("%s thread exit\n", DRIVER_VERSION); return 1; } |
|
From: linuxpark <lin...@us...> - 2006-03-10 16:46:35
|
Update of /cvsroot/netadm/gwc/pf In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv13819 Removed Files: sysioctl.h Log Message: DEL: remove pf/sysioctl.h for overlapped include/sysioctl.h --- sysioctl.h DELETED --- |
|
From: il-eok h. <ie...@gm...> - 2006-03-09 05:21:24
|
hi jeho-park
Did you have a lunch?? yesterday i did work for LAC all the night through.
so i am fatigue.
anyway..
jeho-park wrote:
i can't sure what is the best solution, but i think it may be
dependent on network
environment (gateway.. or sensor mode) and system performances. i
suggest that before starting
design, we should talk about this.because it is not easy to remake
the frame,
sure, i think so. thanks for your concern.
maybe you have some misunderstanding for my mail. currenty i use zebra for
dynamic routing in my company's project. as i think, gwc's cli is better
than zebra's cli. ^.^*~~
once more, thanks for your concern.
haver a nice day~~
2006/3/9, jeho-park <lin...@gm...>:
>
> hi il-eok
>
> can you please cc net...@li... address whenever you send
> email ^-^
>
> il-eok hwang wrote:
>
> Hi, jeho park and everyone~~
>
> Sorry, My work's results are not mine but my company. and I did leave my
> company one month ago.
> So i will give you any doc currently.
>
>
> yes i understand, and i hope you to share some doc without breaking the
> license with your past company.
>
> As you know, Snort Inline use netfilter target called IP_QUEUE.
> and IP_QUEUE used netlink. i think these are not good solution.
> How about you??
>
>
> last year, i heard that snort supports netfilter target. but i didn't
> check it or know more than that.
> from reading your letter, i realized the target is IP_QUEUE.
>
> i can't sure what is the best solution, but i think it may be dependent o=
n
> network environment(gateway.. or sensor mode) and system performances. =
i
> suggest that before starting design, we should talk about this.
> because it is not easy to remake the frame,
>
> you said to me as below.
> i can imagine that there might be so many changes was needed to port
> snort to kernel layer.
> but i wonder all of snort code was really needed to port to the kerne=
l
> layer?
> if so, what is the main motive of this porting ?
> is it for more better performance of checking network packet ? ( i
> assume you might throw away
> current libpcap(premiscuous) concerned code of snort then you must
> have replaced that with
> netfilter hook )
>
> it's a good solution. but as i think, mbuf is better than libpcap. some
> IDS were developed with
> zero copy tech in Linux.
>
> TODO.
> - intrusion detection point in kernel : preprocessor & pattern matching
> engine
> - packet drop by rule
> - use conf file and rule file in user land.
> - ....
>
> recently, i works for developing L2TP - LAC, LNS. there are some bugs in
> rp-l2tp & zebra,
> so i will catch the bugs. after fixing-maybe 4days, i will check the
> current our project's source
> codes.
>
>
>
> i recommand this document.
> http://netadm.sourceforge.net/devel_netadm_ko.txt especially chapter 3,4=
,
> 5
>
> i think you dont have to understand all of our code but the interface
> which let you make your cli command
>
> i know zebra interface is not bad.. and used globaly.. but our cli
> interface more simple, and easy to build
>
> and make your cli command exported GUI interface. check
> "include/confproc.h" and gwclib/conftab.c
>
> gwclib/confproc.c
>
> bye ~
>
> see you later~~
>
> 2006/3/8, jeho-park <lin...@gm...>:
> >
> > hi il-eok
> >
> >
> > il-eok hwang wrote:
> >
> > Hi, jeho park and everyone~~
> >
> > first, sorry for my poor english.
> >
> > as i think, i quite agree with you and i hope to help our project about
> > the field of IPS( DPI ).
> > if my opinion will be established, i wll make a document about DPI.
> >
> > there are some problems in porting SNORT to kernel. see below.
> > - memory
> > - rule
> > - log
> > - etc
> >
> >
> > that's great ! if you make it with korean, i will help to translate
> > this document into english.
> >
> > through reading your letter, i become excited ^--^ and have so many
> > question.
> >
> > i can imagine that there might be so many changes was needed to port
> > snort to kernel layer.
> > but i wonder all of snort code was really needed to port to the kernel
> > layer?
> > if so, what is the main motive of this porting ?
> > is it for more better performance of checking network packet ? ( i
> > assume you might throw away
> > current libpcap(premiscuous) concerned code of snort then you must have
> > replaced that with netfilter hook )
> >
> > i think as you replaced libpcap with netfilter hook, you could check
> > all network packet without packet loss.
> > but i wonder as a result of that, how did you lost system performance o=
r
> > network throughput
> > i want to know about this point because you already have done this test=
.
> >
> >
> > 6 months ago, i did port to kernel with netfilter.
> > recently, i make a new kernel hook, so i will port SNORT with a my
> > hook instead of netfilter.
> >
> > have a nice day ^.^*~~
> >
> >
> >
> > from my knowledge, current netfilter hook is ranged from ethernet layer
> > to IP layer..
> > did you mean your hook covers TCP. UDP layer ?
> > i will wait your reply.
> >
> > if it is possible, please let us show the framework as a form of figure
> > which you had done 6 month ago,
> > and current design. they must be very interesting. and i am sure
> > everyone want to know about that ^---^
> >
> >
> > p.s:
> > since i start this project,
> > i have thought that current pf.c will receive the last alarm from snort
> > or other IDS sensor,
> > so pf , as a result of receving alarm, will drop a specifed source host
> > or control traffic of suspicious host.
> > but during reading your letter, i think you already have done it. isn't
> > it ?
> > if so, i don't mind throwing away my design. then i can more concentrat=
e
> > my energy only to "flow control" ^--^
> >
> > regards
> > jeh park
> >
> >
> >
> > 2006/3/8, jeho-park <lin...@gm...>:
> > >
> > >
> > > hi il-eok
> > > glad to meet you through this mailling list.
> > >
> > > i read your mail, so i thought you have good career about security
> > > i expect you to help our project about the field of QoS or IPS.
> > >
> > > most of all, i wonder how did you ported snort to the network stack o=
f
> > > linux.
> > >
> > > todays, george and kwan-kyung is also researching about that. so i
> > > hope
> > > you to share your knowledge with them.
> > >
> > > regards
> > > jeho park
> > >
> > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by xPML, a groundbreaking scripting
> > > language
> > > that extends applications into web and mobile media. Attend the live
> > > webcast
> > > and join the prime developer group breaking into this new coding
> > > territory!
> > >
> > > http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D110944&bid=3D241720&d=
at=3D121642
> > > _______________________________________________
> > > Netadm-devel mailing list
> > > Net...@li...
> > > https://lists.sourceforge.net/lists/listinfo/netadm-devel
> > >
> >
> >
> >
>
>
|
|
From: jeho-park <lin...@gm...> - 2006-03-09 04:35:06
|
hi il-eok can you please cc net...@li... address whenever you send email ^-^ il-eok hwang wrote: > Hi, jeho park and everyone~~ > > Sorry, My work's results are not mine but my company. and I did leave > my company one month ago. > So i will give you any doc currently. > yes i understand, and i hope you to share some doc without breaking the license with your past company. > As you know, Snort Inline use netfilter target called IP_QUEUE. > and IP_QUEUE used netlink. i think these are not good solution. > How about you?? > last year, i heard that snort supports netfilter target. but i didn't check it or know more than that. from reading your letter, i realized the target is IP_QUEUE. i can't sure what is the best solution, but i think it may be dependent on network environment(gateway.. or sensor mode) and system performances. i suggest that before starting design, we should talk about this. because it is not easy to remake the frame, > you said to me as below. > i can imagine that there might be so many changes was needed to > port snort to kernel layer. > but i wonder all of snort code was really needed to port to the > kernel layer? > if so, what is the main motive of this porting ? > is it for more better performance of checking network packet ? ( i > assume you might throw away > current libpcap(premiscuous) concerned code of snort then you must > have replaced that with > netfilter hook ) > > it's a good solution. but as i think, mbuf is better than libpcap. > some IDS were developed with > zero copy tech in Linux. > > TODO. > - intrusion detection point in kernel : preprocessor & pattern > matching engine > - packet drop by rule > - use conf file and rule file in user land. > - .... > > recently, i works for developing L2TP - LAC, LNS. there are some bugs > in rp-l2tp & zebra, > so i will catch the bugs. after fixing-maybe 4days, i will check the > current our project's source > codes. > i recommand this document. http://netadm.sourceforge.net/devel_netadm_ko.txt especially chapter 3,4, 5 i think you dont have to understand all of our code but the interface which let you make your cli command i know zebra interface is not bad.. and used globaly.. but our cli interface more simple, and easy to build and make your cli command exported GUI interface. check "include/confproc.h" and gwclib/conftab.c gwclib/confproc.c bye ~ > see you later~~ > > 2006/3/8, jeho-park <lin...@gm... > <mailto:lin...@gm...>>: > > hi il-eok > > > il-eok hwang wrote: > >> Hi, jeho park and everyone~~ >> >> first, sorry for my poor english. >> >> as i think, i quite agree with you and i hope to help our project >> about the field of IPS( DPI ). >> if my opinion will be established, i wll make a document about DPI. >> >> there are some problems in porting SNORT to kernel. see below. >> - memory >> - rule >> - log >> - etc >> > > that's great ! if you make it with korean, i will help to > translate this document into english. > > through reading your letter, i become excited ^--^ and have so > many question. > > i can imagine that there might be so many changes was needed to > port snort to kernel layer. > but i wonder all of snort code was really needed to port to the > kernel layer? > if so, what is the main motive of this porting ? > is it for more better performance of checking network packet ? ( i > assume you might throw away > current libpcap(premiscuous) concerned code of snort then you must > have replaced that with netfilter hook ) > > i think as you replaced libpcap with netfilter hook, you could > check all network packet without packet loss. > but i wonder as a result of that, how did you lost system > performance or network throughput > i want to know about this point because you already have done this > test. > >> >> 6 months ago, i did port to kernel with netfilter. >> recently, i make a new kernel hook, so i will port SNORT with a my >> hook instead of netfilter. >> >> have a nice day ^.^*~~ >> >> > > from my knowledge, current netfilter hook is ranged from ethernet > layer to IP layer.. > did you mean your hook covers TCP. UDP layer ? > i will wait your reply. > > if it is possible, please let us show the framework as a form of > figure which you had done 6 month ago, > and current design. they must be very interesting. and i am sure > everyone want to know about that ^---^ > > > p.s: > since i start this project, > i have thought that current pf.c will receive the last alarm from > snort or other IDS sensor, > so pf , as a result of receving alarm, will drop a specifed source > host or control traffic of suspicious host. > but during reading your letter, i think you already have done it. > isn't it ? > if so, i don't mind throwing away my design. then i can more > concentrate my energy only to "flow control" ^--^ > > regards > jeh park > > >> >> 2006/3/8, jeho-park <lin...@gm... >> <mailto:lin...@gm...>>: >> >> >> hi il-eok >> glad to meet you through this mailling list. >> >> i read your mail, so i thought you have good career about >> security >> i expect you to help our project about the field of QoS or IPS. >> >> most of all, i wonder how did you ported snort to the network >> stack of >> linux. >> >> todays, george and kwan-kyung is also researching about that. >> so i hope >> you to share your knowledge with them. >> >> regards >> jeho park >> >> >> >> >> >> ------------------------------------------------------- >> This SF.Net email is sponsored by xPML, a groundbreaking >> scripting language >> that extends applications into web and mobile media. Attend >> the live webcast >> and join the prime developer group breaking into this new >> coding territory! >> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >> <http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642> >> _______________________________________________ >> Netadm-devel mailing list >> Net...@li... >> <mailto:Net...@li...> >> https://lists.sourceforge.net/lists/listinfo/netadm-devel >> <https://lists.sourceforge.net/lists/listinfo/netadm-devel> >> >> > > |
|
From: linuxpark <lin...@us...> - 2006-03-08 15:30:09
|
Update of /cvsroot/netadm/gwc/gwclib In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12429/gwclib Modified Files: confio.c confproc.c conftab.c confutil.c Log Message: MOD: FIX: inet_ntoa can't print u32 data in in_addr.s_addr so replaced it with NIPQUAD() DEL: remove redundant two list in _add_fc_ipol. DEL: auto_test() in confproc.h confproc.c message.h sysipc.h script/install.sh Index: confio.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwclib/confio.c,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** confio.c 5 Mar 2006 01:11:00 -0000 1.5 --- confio.c 8 Mar 2006 15:29:55 -0000 1.6 *************** *** 218,223 **** } else if (!strcmp(cmd, "[fc_pol]")) { add_fc_pol(argc, argv, 0, &fr); - } else if (!strcmp(cmd, "[auto_test]")) { - set_auto(argc, argv, 0, &fr); }else { out("Unknown section \"%s\"\n", tmp); --- 218,221 ---- *************** *** 412,434 **** mapidtostr (map_fc_rule, csm->fc_pol[i].rule)); } ! #if 0 ! /* host policy */ ! for (i = 0; i < csm->hpolcnt; i++) { ! struct in_addr s; ! s.s_addr = csm->hostpol[i].ip; ! prenc(fp, "[%s]\t%s\t%s\t%d\t%d\n", STR_HOST_POLICY, ! csm->hostpol[i].name, ! inet_ntoa(s), ! csm->hostpol[i].flag, csm->hostpol[i].max_pktrate); ! } ! #endif ! /* auto test */ ! prenc(fp, "[%s]\t%d\t%d\t%d\t%d\t%d\t%d\n", STR_AUTO_TEST, ! csm->auto_test.sint_1, ! csm->auto_test.sint_2, ! csm->auto_test.mint_1, ! csm->auto_test.mint_2, ! csm->auto_test.ilevel, csm->auto_test.cnum); ! fsync(fileno(fp)); fclose(fp); --- 410,414 ---- mapidtostr (map_fc_rule, csm->fc_pol[i].rule)); } ! fsync(fileno(fp)); fclose(fp); Index: confproc.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwclib/confproc.c,v retrieving revision 1.16 retrieving revision 1.17 diff -C2 -d -r1.16 -r1.17 *** confproc.c 7 Mar 2006 17:04:51 -0000 1.16 --- confproc.c 8 Mar 2006 15:29:55 -0000 1.17 *************** *** 2956,2966 **** "[FC/destination service protocol name] \"%s\" does not exists\n",argv[5]); - if ( ssvc->proto != dsvc->proto ) - frerr(fr, RET_EINTERNAL, - "both source service proto and destination service proto must be same but" - " source service proto \"%s\" and destination service proto \"%s\"\n", - mapidtostr (map_prototype, ssvc->proto), - mapidtostr(map_prototype, dsvc->proto)); - /* fw */ if (!str_nospace(argv[6])) --- 2956,2959 ---- *************** *** 3016,3022 **** pol->name, csm->fc_pol[i].name); } ! if (fr->ret != RET_OK) return; for (slot = 0, i = 0; i < csm->fc_pol_cnt; i++) { --- 3009,3024 ---- pol->name, csm->fc_pol[i].name); } ! if (fr->ret != RET_OK) return; + + if ( ssvc->proto != dsvc->proto ) { + frerr(fr, RET_EINTERNAL, + "both source service proto and destination service proto must be same but" + " source service proto \"%s\" and destination service proto \"%s\"\n", + mapidtostr (map_prototype, ssvc->proto), + mapidtostr(map_prototype, dsvc->proto)); + return; + } for (slot = 0, i = 0; i < csm->fc_pol_cnt; i++) { *************** *** 3172,3376 **** } } - - void - list_auto(int argc, char *argv[], int modify, frp_t fr) - { - int len; - int n = 0; - - fr->islist = 1; - - if (argc != 0) { - frerr(fr, RET_EUSAGE, "Usage: \n"); - fr->rows = -1; - return; - } - - len = (OL / 2 + OL / 2 + OL / 2 + OL / 2 + OL / 4 + OL); - fr->p = (char *) malloc(len); - if (!fr->p) { - frerr(fr, RET_EMALLOC, "Cannot allocate memory for %d bytes\n", - len); - fr->rows = -1; - return; - } - - if (csm->auto_test.sint_1 < MIN_AUTO_SINT || - csm->auto_test.sint_1 > MAX_AUTO_SINT) - goto NOVALID; - - if (csm->auto_test.sint_2 < MIN_AUTO_SINT || - csm->auto_test.sint_2 > MAX_AUTO_SINT) - goto NOVALID; - - if (csm->auto_test.mint_1 < MIN_AUTO_MINT || - csm->auto_test.mint_1 > MAX_AUTO_MINT) - goto NOVALID; - - if (csm->auto_test.mint_2 < MIN_AUTO_MINT || - csm->auto_test.mint_2 > MAX_AUTO_MINT) - goto NOVALID; - - if (csm->auto_test.ilevel != AUTO_FROMMIN && - csm->auto_test.ilevel != AUTO_FROMMAX) - goto NOVALID; - - if (csm->auto_test.cnum < MIN_AUTO_CNUM || - csm->auto_test.cnum > MAX_AUTO_CNUM) - goto NOVALID; - - n += 1 + sprintf(&fr->p[n], "%d", csm->auto_test.sint_1); - n += 1 + sprintf(&fr->p[n], "%d", csm->auto_test.sint_2); - n += 1 + sprintf(&fr->p[n], "%d", csm->auto_test.mint_1); - n += 1 + sprintf(&fr->p[n], "%d", csm->auto_test.mint_2); - n += 1 + sprintf(&fr->p[n], "%d", csm->auto_test.ilevel); - n += 1 + sprintf(&fr->p[n], "%d", csm->auto_test.cnum); - - fr->cols = 6; - fr->rows = 1; - fr->len = n; - return; - - NOVALID: - fr->rows = 0; - } - - void - set_auto(int argc, char *argv[], int modify, frp_t fr) - { - sys_autoconf_t autoconfig, *pac = &autoconfig; - - if (argc == 6) { - - if (!str_isdigit(argv[0])) { - frerr(fr, RET_EUSAGE, - "[stop interval 1(sec)] you must enter a valid decimal number (%s)\n", - argv[0]); - } - - if (atoi(argv[0]) < MIN_AUTO_SINT - || atoi(argv[0]) > MAX_AUTO_SINT) { - frerr(fr, RET_EUSAGE, - "[stop interval 1(sec)] the value you enter(%s) is over or below than limit" - "(min(%d), max(%d))\n", argv[0], MIN_AUTO_SINT, - MAX_AUTO_SINT); - } else - pac->sint_1 = atoi(argv[0]); - - if (!str_isdigit(argv[1])) { - frerr(fr, RET_EUSAGE, - "[stop interval 2(sec)] you must enter a valid decimal number (%s)\n", - argv[1]); - } - - if (atoi(argv[1]) < MIN_AUTO_SINT - || atoi(argv[1]) > MAX_AUTO_SINT) { - frerr(fr, RET_EUSAGE, - "[stop interval 2(sec)] the value you enter(%s) is over or below than limit" - "(min(%d), max(%d))\n", argv[1], MIN_AUTO_SINT, - MAX_AUTO_SINT); - } else - pac->sint_2 = atoi(argv[1]); - - if (!str_isdigit(argv[2])) { - frerr(fr, RET_EUSAGE, - "[moving interval 1(sec)] you must enter a valid decimal number (%s)\n", - argv[2]); - } - - if (atoi(argv[2]) < MIN_AUTO_SINT - || atoi(argv[2]) > MAX_AUTO_SINT) { - frerr(fr, RET_EUSAGE, - "[moving interval 1(sec)] the value you enter(%s) is over or below than limit" - "(min(%d), max(%d))\n", argv[2], MIN_AUTO_MINT, - MAX_AUTO_MINT); - } else - pac->mint_1 = atoi(argv[2]); - - if (!str_isdigit(argv[3])) { - frerr(fr, RET_EUSAGE, - "[moving interval 2(sec)] you must enter a valid decimal number (%s)\n", - argv[3]); - } - - if (atoi(argv[3]) < MIN_AUTO_SINT - || atoi(argv[3]) > MAX_AUTO_SINT) { - frerr(fr, RET_EUSAGE, - "[moving interval 2(sec)] the value you enter(%s) is over or below than limit" - "(min(%d), max(%d))\n", argv[3], MIN_AUTO_MINT, - MAX_AUTO_MINT); - } else - pac->mint_2 = atoi(argv[3]); - - if (!str_isdigit(argv[4])) { - frerr(fr, RET_EUSAGE, - "[init state (0: from min, 1: from max)] you must enter a valid decimal number (%s)\n", - argv[4]); - } - - if (atoi(argv[4]) != AUTO_FROMMIN - && atoi(argv[4]) != AUTO_FROMMAX) { - frerr(fr, RET_EUSAGE, - "[init state (0: from min, 1: from max)] you must enter a valid decimal number (%s)\n", - argv[4]); - } else - pac->ilevel = atoi(argv[4]); - - if (!str_isdigit(argv[5])) { - frerr(fr, RET_EUSAGE, - "[number of cycle] you must enter a valid decimal number (%s)\n", - argv[5]); - } - - if (atoi(argv[5]) < MIN_AUTO_CNUM - || atoi(argv[5]) > MAX_AUTO_CNUM) { - frerr(fr, RET_EUSAGE, - "[number of cycle] the value you enter(%s) is over or below than limit" - "(min(%d), max(%d))\n", argv[5], MIN_AUTO_CNUM, - MAX_AUTO_CNUM); - } else - pac->cnum = atoi(argv[5]); - - if (fr->ret != RET_OK) { - return; - } - - memcpy(&csm->auto_test, pac, sizeof (sys_autoconf_t)); - if ((fr->ret = saveconf(csm) != RET_OK)) { - frerr(fr, fr->ret, "Cannot save configuration (%d)\n", - fr->ret); - return; - } - - } else { - frerr(fr, RET_EUSAGE, - "Usage: [stop interval 1 (sec)] [stop interval 2 (sec)] " - "[moving interval 1 (sec)] [moving interval 2 (sec)]" - "[init state ( 0 : from minimum signal, 1 : from maxinum signal )]" - "[number of cycle]\n"); - } - } - - void - auto_apply(int argc, char *argv[], int modify, frp_t fr) - { - int fd; - char cmd[MINBUF]; - - /* Consider apply_pkg as list because it will return with the result */ - if ((fd = sys_ipcconn()) < 0) { - frerr(fr, RET_EWRITE, "Cannot connect to apcadmd: %s", - strerror(errno)); - return; - } - - strcpy(cmd, "auto_apply"); - if (write(fd, &cmd, sizeof (cmd)) < 0) { - frerr(fr, RET_EWRITE, "Cannot write to apcadmd: %s", - strerror(errno)); - return; - } - - close(fd); - return; - } --- 3174,3175 ---- Index: conftab.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwclib/conftab.c,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** conftab.c 7 Mar 2006 04:45:09 -0000 1.7 --- conftab.c 8 Mar 2006 15:29:55 -0000 1.8 *************** *** 91,97 **** {CMD_FC_APPLY, "fc_apply", PR(fc_apply), INFO_CLI_FC_APPLY}, {CMD_DUMP_FC_IPOL, "dump_fc_ipol", PR(dump_fc_ipol), INFO_CLI_DUMP_FC_IPOL}, - {CMD_LIST_AUTO, "list_auto", PR(list_auto), INFO_CLI_LIST_AUTO}, - {CMD_SET_AUTO, "set_auto", PR(set_auto), INFO_CLI_SET_AUTO}, - {CMD_AUTO_APPLY, "auto_apply", PR(auto_apply), INFO_CLI_AUTO_APPLY}, {0} , --- 91,94 ---- Index: confutil.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwclib/confutil.c,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** confutil.c 7 Mar 2006 17:04:51 -0000 1.8 --- confutil.c 8 Mar 2006 15:29:55 -0000 1.9 *************** *** 228,234 **** - static void destroy_resource (void *p) { - free (p); - } /* __add_fc_ipol() * : this function add internal policy not for GUI user process but for pf module. --- 228,231 ---- *************** *** 243,422 **** */ void * _add_fc_ipol ( void *arg, int len, frp_t fr) { ! fc_umsg_t *p; /* node which include new vals */ ! fc_pol_t *pol; ! fc_net_t *snet; ! fc_net_t *dnet; ! fc_svc_t *ssvc; ! fc_svc_t *dsvc; ! fc_fw_t *fw; ! unsigned char saddr[8]; ! unsigned char daddr[8]; ! list saddr_list; ! list daddr_list; ! struct listnode *SAN; ! struct listnode *DAN; ! int addr; ! int i; ! int j; ! int k; ! int l; ! tmp_addr_t *sa; ! tmp_addr_t *da; ! char *polname = (char *)arg; ! ! if (!(pol = sys_ucmd_msg (_CMD_GET_FC_POL, ! polname, ! strlen(polname), ! fr))) ! return NULL; ! if (!(snet = sys_ucmd_msg (_CMD_GET_FC_NET, ! pol->snet, ! strlen(pol->snet), ! fr))) ! return NULL; ! ! if (!(dnet = sys_ucmd_msg (_CMD_GET_FC_NET, ! pol->dnet, ! strlen(pol->dnet), ! fr))) ! return NULL; ! ! if (!(ssvc = sys_ucmd_msg (_CMD_GET_FC_SVC, ! pol->ssvc, ! strlen(pol->ssvc), ! fr))) ! return NULL; ! ! if (!(dsvc = sys_ucmd_msg (_CMD_GET_FC_SVC, ! pol->dsvc, ! strlen(pol->dsvc), ! fr))) ! return NULL; ! ! if (!(fw = sys_ucmd_msg (_CMD_GET_FC_FW, ! pol->fw, ! strlen(pol->fw), ! fr))) ! return NULL; ! if ( parse_iprange (snet->addr, saddr, fr) != TRUE) { ! return NULL; ! } ! ! saddr_list = list_new (); ! if (!saddr_list) { ! strcpy(fr->errmsg, "failed to alloc saddr_list"); ! ! if (fr) ! fr->ret = RET_EMALLOC; ! return NULL; ! } ! saddr_list->del = destroy_resource; ! for ( i = saddr[0]; i <= saddr[1]; i++) ! for ( j = saddr[2]; j <= saddr[3]; j++) ! for ( k = saddr[4]; k <= saddr[5]; k++) ! for ( l = saddr[6]; l <= saddr[7]; l++) { ! /* LITTLE ENDIAN */ ! addr = 0; ! addr = l; ! addr <<= 8; ! ! addr |= k; ! addr <<= 8; ! addr |= j; ! addr <<= 8; ! addr |= i; ! sa = (tmp_addr_t*)malloc (sizeof(tmp_addr_t)); ! if (!sa) { ! strcpy(fr->errmsg, ! "failed to alloc tmp saddr node"); ! if (fr) ! fr->ret = RET_EMALLOC; ! return NULL; ! } ! sa->addr = addr; ! listnode_add (saddr_list, sa); ! } ! ! if ( parse_iprange (dnet->addr, daddr, fr) != TRUE) { ! return NULL; ! } ! ! daddr_list = list_new (); ! if (!daddr_list) { ! strcpy(fr->errmsg, "failed to alloc daddr_list"); ! if (fr) ! fr->ret = RET_EMALLOC; ! ! return NULL; ! } ! ! daddr_list->del = destroy_resource; ! for ( i = daddr[0]; i <= daddr[1]; i++) ! for ( j = daddr[2]; j <= daddr[3]; j++) ! for ( k = daddr[4]; k <= daddr[5]; k++) ! for ( l = daddr[6]; l <= daddr[7]; l++) { ! /* LITTLE ENDIAN */ ! addr = 0; ! addr = l; ! addr <<= 8; ! ! addr |= k; ! addr <<= 8; ! ! addr |= j; ! addr <<= 8; ! ! addr |= i; ! ! da = (tmp_addr_t*)malloc (sizeof(tmp_addr_t)); ! if (!da) { ! strcpy(fr->errmsg, ! "failed to alloc tmp daddr node"); ! if (fr) ! fr->ret = RET_EMALLOC; ! return NULL; ! } ! da->addr = addr; ! listnode_add (daddr_list, da); ! } ! LIST_LOOP (saddr_list, sa, SAN) { ! LIST_LOOP (daddr_list, da, DAN) { ! p = (fc_umsg_t*)malloc (sizeof (fc_umsg_t)); ! if (!p) { ! ! if (fr) { ! strcpy(fr->errmsg, "failed to alloc ipol node"); ! fr->ret = RET_EMALLOC; ! } ! list_delete_all_node (saddr_list); ! list_delete_all_node (daddr_list); ! return NULL; ! } ! update_ipol (p, pol, snet, dnet, ssvc, dsvc, fw); ! p->msg.saddr = sa->addr; ! p->msg.daddr = da->addr; ! LIST_LOCK (runpol_list); ! listnode_add (runpol_list, p); ! LIST_UNLOCK (runpol_list); } } ! if (fr) ! fr->ret = RET_OK; ! ! list_delete_all_node (saddr_list); ! list_delete_all_node (daddr_list); ! return polname; } --- 240,358 ---- */ void * _add_fc_ipol ( void *arg, int len, frp_t fr) { ! fc_umsg_t *p; /* node which include new vals */ ! fc_pol_t *pol; ! fc_net_t *snet; ! fc_net_t *dnet; ! fc_svc_t *ssvc; ! fc_svc_t *dsvc; ! fc_fw_t *fw; ! unsigned char saddr[8]; ! unsigned char daddr[8]; ! #ifdef DEBUG ! struct listnode *snode; ! #endif ! int t_saddr; ! int t_daddr; ! int si; ! int sj; ! int sk; ! int sl; ! int di; ! int dj; ! int dk; ! int dl; ! char *polname = (char *)arg; ! struct in_addr saddr2; ! struct in_addr daddr2; ! if (!(pol = sys_ucmd_msg (_CMD_GET_FC_POL, polname, strlen(polname), fr))) ! return NULL; ! if (!(snet = sys_ucmd_msg (_CMD_GET_FC_NET, pol->snet, strlen(pol->snet), fr))) ! return NULL; ! if (!(dnet = sys_ucmd_msg (_CMD_GET_FC_NET, pol->dnet, strlen(pol->dnet), fr))) ! return NULL; ! if (!(ssvc = sys_ucmd_msg (_CMD_GET_FC_SVC, pol->ssvc, strlen(pol->ssvc), fr))) ! return NULL; ! if (!(dsvc = sys_ucmd_msg (_CMD_GET_FC_SVC, pol->dsvc, strlen(pol->dsvc), fr))) ! return NULL; ! if (!(fw = sys_ucmd_msg (_CMD_GET_FC_FW, pol->fw, strlen(pol->fw), fr))) ! return NULL; ! if ( parse_iprange (snet->addr, saddr, fr) != TRUE) ! return NULL; ! if ( parse_iprange (dnet->addr, daddr, fr) != TRUE) ! return NULL; ! /* LITTLE ENDIAN */ ! LIST_LOCK (runpol_list); ! for ( si = saddr[0]; si <= saddr[1]; si++) ! for ( sj = saddr[2]; sj <= saddr[3]; sj++) ! for ( sk = saddr[4]; sk <= saddr[5]; sk++) ! for ( sl = saddr[6]; sl <= saddr[7]; sl++) { ! t_saddr = 0; ! t_saddr = sl; ! t_saddr <<= 8; ! t_saddr |= sk; ! t_saddr <<= 8; ! t_saddr |= sj; ! t_saddr <<= 8; ! t_saddr |= si; ! saddr2.s_addr = t_saddr; ! #ifdef DEBUG ! out ("snet: %s\n", inet_ntoa(saddr2)); ! #endif ! for ( di = daddr[0]; di <= daddr[1]; di++) ! for ( dj = daddr[2]; dj <= daddr[3]; dj++) ! for ( dk = daddr[4]; dk <= daddr[5]; dk++) ! for ( dl = daddr[6]; dl <= daddr[7]; dl++) { ! t_daddr = 0; ! t_daddr = dl; ! t_daddr <<= 8; ! t_daddr |= dk; ! t_daddr <<= 8; ! t_daddr |= dj; ! t_daddr <<= 8; ! t_daddr |= di; ! daddr2.s_addr = t_daddr; ! #ifdef DEBUG ! out ("dnet: %s\n", inet_ntoa(daddr2)); ! #endif ! p = (fc_umsg_t*)malloc (sizeof (fc_umsg_t)); ! if (!p) { ! if (fr) { ! strcpy(fr->errmsg, "failed to alloc ipol node"); ! fr->ret = RET_EMALLOC; ! } ! return NULL; ! } ! p->msg.saddr = t_saddr; ! p->msg.daddr = t_daddr; ! update_ipol (p, pol, snet, dnet, ssvc, dsvc, fw); ! listnode_add (runpol_list, p); ! } + } + LIST_UNLOCK (runpol_list); ! #ifdef DEBUG ! LIST_LOOP (runpol_list, p, snode) { ! out ("ok-snet: %u.%u.%u.%u, ok-dnet: %u.%u.%u.%u\n", ! NIPQUAD(p->msg.saddr), NIPQUAD(p->msg.daddr)); ! } ! #endif ! ! if (fr) ! fr->ret = RET_OK; ! ! return polname; } *************** *** 460,465 **** void * _apply_fc_ipol ( void *arg, int len, frp_t fr) { ! ! return NULL; } --- 396,402 ---- void * _apply_fc_ipol ( void *arg, int len, frp_t fr) { ! ! /* TODO */ ! return NULL; } *************** *** 469,474 **** int i = 0; FILE *fp; - struct in_addr saddr; - struct in_addr daddr; fp = fopen (SZIPOLDUMP, "w+"); --- 406,409 ---- *************** *** 482,489 **** LIST_LOCK (runpol_list); LIST_LOOP(runpol_list, p, n) { - saddr.s_addr = p->msg.saddr; - daddr.s_addr = p->msg.daddr; ! fprintf(fp, "%d'th %s: indev:%s, proto:%s, rule:%s, %s:%d/%d--->%s:%d/%d, quota:%d\n", ++i, p->polname, --- 417,423 ---- LIST_LOCK (runpol_list); LIST_LOOP(runpol_list, p, n) { ! fprintf(fp, "%d'th %s: indev:%s proto:%s rule:%s" ! " %u.%u.%u.%u:%d/%d --> %u.%u.%u.%u:%d/%d quota:%d\n", ++i, p->polname, *************** *** 491,498 **** mapidtostr(map_prototype, p->msg.protocol), mapidtostr(map_fc_rule, p->msg.rule), ! inet_ntoa (saddr), p->msg.smask, p->msg.sport, ! inet_ntoa (daddr), p->msg.dmask, p->msg.dport, --- 425,432 ---- mapidtostr(map_prototype, p->msg.protocol), mapidtostr(map_fc_rule, p->msg.rule), ! NIPQUAD (p->msg.saddr), p->msg.smask, p->msg.sport, ! NIPQUAD (p->msg.daddr), p->msg.dmask, p->msg.dport, |
|
From: linuxpark <lin...@us...> - 2006-03-08 15:30:02
|
Update of /cvsroot/netadm/gwc/scripts In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12429/scripts Modified Files: install.sh Log Message: MOD: FIX: inet_ntoa can't print u32 data in in_addr.s_addr so replaced it with NIPQUAD() DEL: remove redundant two list in _add_fc_ipol. DEL: auto_test() in confproc.h confproc.c message.h sysipc.h script/install.sh Index: install.sh =================================================================== RCS file: /cvsroot/netadm/gwc/scripts/install.sh,v retrieving revision 1.13 retrieving revision 1.14 diff -C2 -d -r1.13 -r1.14 *** install.sh 28 Feb 2006 23:41:50 -0000 1.13 --- install.sh 8 Mar 2006 15:29:57 -0000 1.14 *************** *** 178,182 **** echo -e "[snmp]\t${SUPPORT_SNMP}" >> ${TMP_CONFIG} echo -e "[snmp_community]\t${SNMP_COMMUNITY_NAME}" >> ${TMP_CONFIG} - echo -e "[auto_test]\t1\t1\t1\t1\t1\t1">> ${TMP_CONFIG} return --- 178,181 ---- |
|
From: linuxpark <lin...@us...> - 2006-03-08 15:30:00
|
Update of /cvsroot/netadm/gwc/include In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12429/include Modified Files: confproc.h message.h Log Message: MOD: FIX: inet_ntoa can't print u32 data in in_addr.s_addr so replaced it with NIPQUAD() DEL: remove redundant two list in _add_fc_ipol. DEL: auto_test() in confproc.h confproc.c message.h sysipc.h script/install.sh Index: message.h =================================================================== RCS file: /cvsroot/netadm/gwc/include/message.h,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** message.h 7 Mar 2006 04:45:09 -0000 1.6 --- message.h 8 Mar 2006 15:29:55 -0000 1.7 *************** *** 67,74 **** #define INFO_CLI_DUMP_FC_IPOL "dump internal policies of flow control to dump_ipol" - #define INFO_CLI_LIST_AUTO "List the setup config of auto test" - #define INFO_CLI_SET_AUTO "Set the setup config of auto test " - #define INFO_CLI_AUTO_APPLY "Apply the Auto test config" - /* STR_ : normal STRing */ #define STR_STATE "qry_state" --- 67,70 ---- Index: confproc.h =================================================================== RCS file: /cvsroot/netadm/gwc/include/confproc.h,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** confproc.h 7 Mar 2006 04:45:09 -0000 1.5 --- confproc.h 8 Mar 2006 15:29:55 -0000 1.6 *************** *** 68,75 **** void fc_apply(int argc, char *argv[], int modify, frp_t fr); void dump_fc_ipol(int argc, char *argv[], int modify, frp_t fr); - /* A P A U T O */ - void list_auto(int argc, char *argv[], int modify, frp_t fr); - void set_auto(int argc, char *argv[], int modify, frp_t fr); - void auto_apply(int argc, char *argv[], int modify, frp_t fr); #endif /* __SYS_PROC_H */ --- 68,71 ---- |
|
From: linuxpark <lin...@us...> - 2006-03-08 15:29:59
|
Update of /cvsroot/netadm/gwc/gwcadmd In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12429/gwcadmd Modified Files: main.c Log Message: MOD: FIX: inet_ntoa can't print u32 data in in_addr.s_addr so replaced it with NIPQUAD() DEL: remove redundant two list in _add_fc_ipol. DEL: auto_test() in confproc.h confproc.c message.h sysipc.h script/install.sh Index: main.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwcadmd/main.c,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** main.c 7 Mar 2006 17:04:51 -0000 1.10 --- main.c 8 Mar 2006 15:29:52 -0000 1.11 *************** *** 1087,1091 **** FD_SET(fd, &sock_set); ptv = NULL; ! tv.tv_sec = APC_ADMD_TIMEOUT * 60L; tv.tv_usec = 0; ptv = &tv; --- 1087,1092 ---- FD_SET(fd, &sock_set); ptv = NULL; ! //tv.tv_sec = APC_ADMD_TIMEOUT * 60L; ! tv.tv_sec = 10; tv.tv_usec = 0; ptv = &tv; *************** *** 1097,1100 **** --- 1098,1102 ---- } else if (!ret) { out("timeout continue ...\n"); + show_runpol(); continue; } else { |
|
From: jeho-park <lin...@gm...> - 2006-03-08 12:22:47
|
hi il-eok il-eok hwang wrote: > Hi, jeho park and everyone~~ > > first, sorry for my poor english. > > as i think, i quite agree with you and i hope to help our project > about the field of IPS( DPI ). > if my opinion will be established, i wll make a document about DPI. > > there are some problems in porting SNORT to kernel. see below. > - memory > - rule > - log > - etc that's great ! if you make it with korean, i will help to translate this document into english. through reading your letter, i become excited ^--^ and have so many question. i can imagine that there might be so many changes was needed to port snort to kernel layer. but i wonder all of snort code was really needed to port to the kernel layer? if so, what is the main motive of this porting ? is it for more better performance of checking network packet ? ( i assume you might throw away current libpcap(premiscuous) concerned code of snort then you must have replaced that with netfilter hook ) i think as you replaced libpcap with netfilter hook, you could check all network packet without packet loss. but i wonder as a result of that, how did you lost system performance or network throughput i want to know about this point because you already have done this test. > > 6 months ago, i did port to kernel with netfilter. > recently, i make a new kernel hook, so i will port SNORT with a my > hook instead of netfilter. > > have a nice day ^.^*~~ > from my knowledge, current netfilter hook is ranged from ethernet layer to IP layer.. did you mean your hook covers TCP. UDP layer ? i will wait your reply. if it is possible, please let us show the framework as a form of figure which you had done 6 month ago, and current design. they must be very interesting. and i am sure everyone want to know about that ^---^ p.s: since i start this project, i have thought that current pf.c will receive the last alarm from snort or other IDS sensor, so pf , as a result of receving alarm, will drop a specifed source host or control traffic of suspicious host. but during reading your letter, i think you already have done it. isn't it ? if so, i don't mind throwing away my design. then i can more concentrate my energy only to "flow control" ^--^ regards jeh park > > 2006/3/8, jeho-park <lin...@gm... > <mailto:lin...@gm...>>: > > > hi il-eok > glad to meet you through this mailling list. > > i read your mail, so i thought you have good career about security > i expect you to help our project about the field of QoS or IPS. > > most of all, i wonder how did you ported snort to the network stack of > linux. > > todays, george and kwan-kyung is also researching about that. so i > hope > you to share your knowledge with them. > > regards > jeho park > > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking scripting > language > that extends applications into web and mobile media. Attend the > live webcast > and join the prime developer group breaking into this new coding > territory! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 > <http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642> > _______________________________________________ > Netadm-devel mailing list > Net...@li... > <mailto:Net...@li...> > https://lists.sourceforge.net/lists/listinfo/netadm-devel > > |
|
From: linuxpark <lin...@us...> - 2006-03-07 17:04:57
|
Update of /cvsroot/netadm/gwc/gwclib In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15510/gwclib Modified Files: confproc.c confutil.c sysipc.c Log Message: FIX: FIX: index mapping : ugly index stemed from _CMD_SND_FC_RET=0 sys_ucmd_e must be matched with ucmdtab [] FIX: ugly condition: process except gwcadmd must communicate with gwcadmd using IPC. REMAIN: user layer ( apply_fc ), kernel layer (pf) Index: confutil.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwclib/confutil.c,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** confutil.c 7 Mar 2006 04:45:09 -0000 1.7 --- confutil.c 7 Mar 2006 17:04:51 -0000 1.8 *************** *** 465,469 **** void * _dump_fc_ipol ( void *arg, int len, frp_t fr) { ! fc_umsg_t *p; struct listnode *n; int i = 0; --- 465,469 ---- void * _dump_fc_ipol ( void *arg, int len, frp_t fr) { ! static fc_umsg_t *p; struct listnode *n; int i = 0; *************** *** 484,488 **** saddr.s_addr = p->msg.saddr; daddr.s_addr = p->msg.daddr; ! fprintf(fp, "%d'th %s: indev:%s, proto:%s, rule:%s, %s:%d/%d--->%s:%d/%d, quota:%d\n", ++i, --- 484,488 ---- saddr.s_addr = p->msg.saddr; daddr.s_addr = p->msg.daddr; ! fprintf(fp, "%d'th %s: indev:%s, proto:%s, rule:%s, %s:%d/%d--->%s:%d/%d, quota:%d\n", ++i, *************** *** 504,508 **** /* nomeaning */ ! return &saddr; } --- 504,508 ---- /* nomeaning */ ! return runpol_list; } Index: sysipc.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwclib/sysipc.c,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** sysipc.c 7 Mar 2006 04:45:09 -0000 1.2 --- sysipc.c 7 Mar 2006 17:04:51 -0000 1.3 *************** *** 188,191 **** --- 188,198 ---- break; + + case _CMD_DUMP_FC_IPOL: + + ipcmsg->len = 0; + + break; + default: Index: confproc.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwclib/confproc.c,v retrieving revision 1.15 retrieving revision 1.16 diff -C2 -d -r1.15 -r1.16 *** confproc.c 7 Mar 2006 04:45:09 -0000 1.15 --- confproc.c 7 Mar 2006 17:04:51 -0000 1.16 *************** *** 3044,3053 **** } else { ! if ( getpid() != getpidbyname("/proc", SZADMD) && ! send_ipcmsg(_CMD_ADD_FC_IPOL, argv[0], ! strlen(argv[0]), fr) != RET_OK ) ! { frerr(fr, fr->ret, "%s\n", fr->errmsg); return; }else { --- 3044,3054 ---- } else { ! if ( getpid() != getpidbyname("/proc", SZADMD)) { ! if (send_ipcmsg(_CMD_ADD_FC_IPOL, argv[0], ! strlen(argv[0]), fr) != RET_OK ) ! { frerr(fr, fr->ret, "%s\n", fr->errmsg); return; + } }else { *************** *** 3152,3160 **** { if (argc == 0) { ! if ( getpid() != getpidbyname("/proc", SZADMD) && ! send_ipcmsg(_CMD_DUMP_FC_IPOL, NULL, 0, fr) != RET_OK ){ ! frerr(fr, fr->ret, "Failed to dump internal policies (%d): %s\n", ! fr->ret, fr->errmsg != NULL ? fr->errmsg : ""); ! return; } else { --- 3153,3162 ---- { if (argc == 0) { ! if ( getpid() != getpidbyname("/proc", SZADMD)) { ! if (send_ipcmsg(_CMD_DUMP_FC_IPOL, NULL, 0, fr) != RET_OK ){ ! frerr(fr, fr->ret, "Failed to dump internal policies (%d): %s\n", ! fr->ret, fr->errmsg != NULL ? fr->errmsg : ""); ! return; ! } } else { |
|
From: linuxpark <lin...@us...> - 2006-03-07 17:04:55
|
Update of /cvsroot/netadm/gwc/gwcadmd In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15510/gwcadmd Modified Files: main.c Log Message: FIX: FIX: index mapping : ugly index stemed from _CMD_SND_FC_RET=0 sys_ucmd_e must be matched with ucmdtab [] FIX: ugly condition: process except gwcadmd must communicate with gwcadmd using IPC. REMAIN: user layer ( apply_fc ), kernel layer (pf) Index: main.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwcadmd/main.c,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** main.c 7 Mar 2006 04:45:08 -0000 1.9 --- main.c 7 Mar 2006 17:04:51 -0000 1.10 *************** *** 1119,1122 **** --- 1119,1123 ---- } + out ("%d message received\n", ipcmsg->type); switch ( ipcmsg->type ) { |
|
From: linuxpark <lin...@us...> - 2006-03-07 17:04:54
|
Update of /cvsroot/netadm/gwc/include In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15510/include Modified Files: confutil.h Log Message: FIX: FIX: index mapping : ugly index stemed from _CMD_SND_FC_RET=0 sys_ucmd_e must be matched with ucmdtab [] FIX: ugly condition: process except gwcadmd must communicate with gwcadmd using IPC. REMAIN: user layer ( apply_fc ), kernel layer (pf) Index: confutil.h =================================================================== RCS file: /cvsroot/netadm/gwc/include/confutil.h,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** confutil.h 7 Mar 2006 04:45:09 -0000 1.5 --- confutil.h 7 Mar 2006 17:04:51 -0000 1.6 *************** *** 14,19 **** /* U T I L F U N C I D X */ typedef enum { ! _CMD_SND_FC_RET = 0x00000001, ! _CMD_GET_FC_NET, /* get fc net pointer in the shared memory by name*/ _CMD_GET_FC_SVC, /* get fc svc pointer in the shared memory by name*/ _CMD_GET_FC_FW, /* get fc fw pointer in the shared memory by name*/ --- 14,18 ---- /* U T I L F U N C I D X */ typedef enum { ! _CMD_GET_FC_NET = 0, /* get fc net pointer in the shared memory by name*/ _CMD_GET_FC_SVC, /* get fc svc pointer in the shared memory by name*/ _CMD_GET_FC_FW, /* get fc fw pointer in the shared memory by name*/ *************** *** 24,27 **** --- 23,27 ---- _CMD_APPLY_FC_IPOL, /* apply all internal fc policies through ioctl */ _CMD_DUMP_FC_IPOL, /* dump all internal fc policies to stout */ + _CMD_SND_FC_RET, } sys_ucmd_e; |
|
From: jeho-park <lin...@gm...> - 2006-03-07 16:25:14
|
hi il-eok glad to meet you through this mailling list. i read your mail, so i thought you have good career about security i expect you to help our project about the field of QoS or IPS. most of all, i wonder how did you ported snort to the network stack of linux. todays, george and kwan-kyung is also researching about that. so i hope you to share your knowledge with them. regards jeho park |
|
From: park j. <par...@ho...> - 2006-03-07 16:17:10
|
hi hyoseok ~ i address hyoseok to everyone he made initial gui version of gwc with gtk+ and he is firmware developer. (8051, arm..) he sometime help me to develop GUI program. and will continue to have responsibility about GUI and other part he want >From: Ȳ È¿¼® <o2...@ho...> >To: Net...@li... >Subject: [Netadm-devel] Hello everyone >Date: Tue, 07 Mar 2006 16:00:51 +0000 > >hello everyone in Netadm >My name is Hyoseok Hwang > >I am just a trivial programmer yet. >I have interests in gtk+ but hope to know about other parts of project. > >I wish to be more closer with you guys. >bye > > > > >------------------------------------------------------- >This SF.Net email is sponsored by xPML, a groundbreaking scripting language >that extends applications into web and mobile media. Attend the live >webcast >and join the prime developer group breaking into this new coding territory! >http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >_______________________________________________ >Netadm-devel mailing list >Net...@li... >https://lists.sourceforge.net/lists/listinfo/netadm-devel |
|
From: <o2...@ho...> - 2006-03-07 16:00:56
|
hello everyone in Netadm My name is Hyoseok Hwang I am just a trivial programmer yet. I have interests in gtk+ but hope to know about other parts of project. I wish to be more closer with you guys. bye |
|
From: linuxpark <lin...@us...> - 2006-03-07 04:45:13
|
Update of /cvsroot/netadm/gwc/gwclib In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12643/gwclib Modified Files: confproc.c conftab.c confutil.c sysipc.c Log Message: ADD: ADD: cli command ( dump_fc_ipol : dump flow control internal policy) + confutil.c (dump_fc_ipol ()) MOD: integrage sys_ipc_e -> sys_ucmd_e MOD: vi tab modified (in .vimrc, ts=8, sw=2, sts=2) MOD: make 2 function as ipc library function ipc request function: send_ipcmsg () used by other process except gwcadmd ipc response function: send_rmsg : used by gwcadmd daemon Index: confproc.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwclib/confproc.c,v retrieving revision 1.14 retrieving revision 1.15 diff -C2 -d -r1.14 -r1.15 *** confproc.c 6 Mar 2006 14:16:05 -0000 1.14 --- confproc.c 7 Mar 2006 04:45:09 -0000 1.15 *************** *** 2852,2903 **** } - static int send_ipcmsg ( int type, char *arg, int len, frp_t fr) { - sys_ipc_msg_t ipc_msg, *ipcmsg = &ipc_msg; - sys_ipc_ret_t ipc_ret, *ipcret = &ipc_ret; - int ret; - int fd; - - ipcmsg->type = type; - switch (type) { - case IPCMTYPE_FC_ADD_IPOL: - - case IPCMTYPE_FC_DEL_IPOL: - - ipcmsg->len = len; - strcpy ((char *)ipcmsg->data, arg); - - break; - - case IPCMTYPE_FC_APPLY_IPOL: - - ipcmsg->len = 0; - - break; - - default: - sprintf(fr->errmsg, "unknown message type \"%d\"", type); - fr->ret = RET_EUNKNOWN; - return fr->ret; - } - - if ((fd = sys_ipcconn()) < 0) { - sprintf(fr->errmsg, "Failed to connect to %s\n", SZADMD); - return fr->ret = SYS_ECONN; - } - - if ((ret = write(fd, ipcmsg, sizeof(sys_ipc_msg_t) + len)) < 0) { - sprintf(fr->errmsg, "Failed to write to %s\n", SZADMD); - return fr->ret = ret; - } - - if ((ret = read(fd, ipcret, sizeof(sys_ipc_ret_t))) < 0) { - sprintf(fr->errmsg, "Failed to write to %s: %s\n", - SZADMD, strerror(errno)); - return fr->ret = ret; - } - - return RET_OK; - } - void add_fc_pol(int argc, char *argv[], int modify, frp_t fr) --- 2852,2855 ---- *************** *** 3093,3097 **** else { if ( getpid() != getpidbyname("/proc", SZADMD) && ! send_ipcmsg(IPCMTYPE_FC_ADD_IPOL, argv[0], strlen(argv[0]), fr) != RET_OK ) { --- 3045,3049 ---- else { if ( getpid() != getpidbyname("/proc", SZADMD) && ! send_ipcmsg(_CMD_ADD_FC_IPOL, argv[0], strlen(argv[0]), fr) != RET_OK ) { *************** *** 3132,3136 **** { fc_pol_t *pol = NULL; - int i; int slot; --- 3084,3087 ---- *************** *** 3138,3142 **** if (!(pol = sys_ucmd_msg (_CMD_GET_FC_POL, argv[0], strlen(argv[0]),fr))) { ! frerr(fr, RET_ENOTFOUND,"[FC/policy name] \"%s\" does not exist\n", argv[0]); } --- 3089,3094 ---- if (!(pol = sys_ucmd_msg (_CMD_GET_FC_POL, argv[0], strlen(argv[0]),fr))) { ! frerr(fr, RET_ENOTFOUND, ! "[FC/policy name] \"%s\" does not exist\n", argv[0]); } *************** *** 3153,3161 **** if (modify != CBFROM_SYSTEM) { if ((fr->ret = saveconf(csm)) != RET_OK) { ! frerr(fr, fr->ret, "Cannot save configuration (%d)\n", fr->ret); return; } else { ! if ( send_ipcmsg(IPCMTYPE_FC_DEL_IPOL, argv[0], strlen(argv[0]), fr) != RET_OK ) { --- 3105,3114 ---- if (modify != CBFROM_SYSTEM) { if ((fr->ret = saveconf(csm)) != RET_OK) { ! frerr(fr, fr->ret, "Cannot save configuration (%d)\n", ! fr->ret); return; } else { ! if ( send_ipcmsg(_CMD_DEL_FC_IPOL, argv[0], strlen(argv[0]), fr) != RET_OK ) { *************** *** 3174,3234 **** fc_apply(int argc, char *argv[], int modify, frp_t fr) { - kuio_msg_t msg; - int fd; - int idx; - int i; - int ret; - - /* snet/ssvc ----> dnet/dsvc (fw) - * IP, dev_idx / proto, port ----> IP, dev_idx / proto, port [fw(byte)] - * - * - IP (u32) - * - proto - * - port - * ip->protocol (struct iphdr *ip = (*pkt)->nh.iph ), pkt == sk_buff** - * - */ - if (argc == 0) { - fd = open(SZPFDEV, O_RDWR | O_NDELAY); - if (fd < 0) { - frerr(fr, RET_EOPEN, "Failed to open %s\n", SZPFDEV); - return; - } - - ioctl (fd, IOCTLPF_REFLESH, 0); - #if 0 - for (i = 0; i < csm->hpolcnt; i++) { - switch (csm->hostpol[i].flag) { - case BLOCK_HOST: - idx = IOCTLPF_REGISTER_SRCBLOCK; - break; - case MODIFY_SEQ: - idx = IOCTLPF_REGISTER_MODSEQ; - break; - } ! msg.ip = csm->hostpol[i].ip; ! msg.max_pktrate = csm->hostpol[i].max_pktrate; ! if ((ret = ioctl(fd, idx, &msg)) < 0) { ! if (errno != EBADSLT) { ! /* EBADSLT , slot error example no instance in module */ ! frerr(fr, RET_EIOCTL, ! "%s: Ioctl Failed [name:%s] [IP:%u.%u.%u.%u] " ! "[flag:%d] [rate:%d]\n", ! SZPFDEV, csm->hostpol[i].name, ! NIPQUAD(csm->hostpol[i].ip), ! csm->hostpol[i].flag, ! csm->hostpol[i].max_pktrate); ! close(fd); ! return; ! } ! } ! } ! #endif ! close(fd); ! } else { ! frerr(fr, RET_EUSAGE, "Usage:\n"); ! } } --- 3127,3172 ---- fc_apply(int argc, char *argv[], int modify, frp_t fr) { ! if (argc == 0) { ! if ( getpid() != getpidbyname("/proc", SZADMD) && ! send_ipcmsg(_CMD_APPLY_FC_IPOL, NULL, 0, fr) != RET_OK ){ ! frerr(fr, fr->ret, "Failed to apply internal policies (%d): %s\n", ! fr->ret, fr->errmsg != NULL ? fr->errmsg : ""); ! return; ! } ! else { ! if (!sys_ucmd_msg ( _CMD_APPLY_FC_IPOL, NULL, 0, fr)) { ! out ("Failed to apply internal policies (%d): %s\n", ! fr->ret, fr->errmsg != NULL ? fr->errmsg : ""); ! } else { ! out ("Success to apply internal policies\n"); ! } ! } ! } else { ! frerr(fr, RET_EUSAGE, "Usage:\n"); ! } ! } ! void ! dump_fc_ipol(int argc, char *argv[], int modify, frp_t fr) ! { ! if (argc == 0) { ! if ( getpid() != getpidbyname("/proc", SZADMD) && ! send_ipcmsg(_CMD_DUMP_FC_IPOL, NULL, 0, fr) != RET_OK ){ ! frerr(fr, fr->ret, "Failed to dump internal policies (%d): %s\n", ! fr->ret, fr->errmsg != NULL ? fr->errmsg : ""); ! return; ! } ! else { ! if (!sys_ucmd_msg (_CMD_DUMP_FC_IPOL, NULL, 0, fr)) { ! out ("Failed to dump internal policies (%d): %s\n", ! fr->ret, fr->errmsg != NULL ? fr->errmsg : ""); ! } else { ! out ("Success to dump internal policies (%s)\n", SZIPOLDUMP); ! } ! } ! } else { ! frerr(fr, RET_EUSAGE, "Usage:\n"); ! } } Index: confutil.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwclib/confutil.c,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** confutil.c 6 Mar 2006 14:16:05 -0000 1.6 --- confutil.c 7 Mar 2006 04:45:09 -0000 1.7 *************** *** 45,55 **** extern list runpol_list; extern sm_t *csm; - #if 0 - #define FC_CNT(X) csm->fc_##X ##_cnt - #define FC_OBJ(X, I) csm->fc_##X[I] - #define FC_OBJ_NAME(X, I) csm->fc_##X[I].name - #endif extern sys_cmd_t cmdtab[]; extern sys_ucmd_t ucmdtab[]; void * sys_ucmd_msg (sys_ucmd_e cmd, void *arg, int len, frp_t fr) { --- 45,56 ---- extern list runpol_list; extern sm_t *csm; extern sys_cmd_t cmdtab[]; extern sys_ucmd_t ucmdtab[]; + extern sys_strmap_t map_truefalse[]; + extern sys_strmap_t map_nettype []; + extern sys_strmap_t map_prototype []; + extern sys_strmap_t map_icmptype []; + extern sys_strmap_t map_thput_unit []; + extern sys_strmap_t map_fc_rule []; void * sys_ucmd_msg (sys_ucmd_e cmd, void *arg, int len, frp_t fr) { *************** *** 458,466 **** } - void * _dmp_fc_ipol ( void *arg, int len, frp_t fr) { - - return NULL; - } - void * _apply_fc_ipol ( void *arg, int len, frp_t fr) { --- 459,462 ---- *************** *** 468,471 **** --- 464,510 ---- } + void * _dump_fc_ipol ( void *arg, int len, frp_t fr) { + fc_umsg_t *p; + struct listnode *n; + int i = 0; + FILE *fp; + struct in_addr saddr; + struct in_addr daddr; + + fp = fopen (SZIPOLDUMP, "w+"); + if (!fp) { + fr->ret = RET_EOPEN; + out ("Failed to open file (%s)\n", SZIPOLDUMP); + return NULL; + } + + /* TODO : more info */ + LIST_LOCK (runpol_list); + LIST_LOOP(runpol_list, p, n) { + saddr.s_addr = p->msg.saddr; + daddr.s_addr = p->msg.daddr; + + fprintf(fp, "%d'th %s: indev:%s, proto:%s, rule:%s, %s:%d/%d--->%s:%d/%d, quota:%d\n", + ++i, + p->polname, + p->msg.indev, + mapidtostr(map_prototype, p->msg.protocol), + mapidtostr(map_fc_rule, p->msg.rule), + inet_ntoa (saddr), + p->msg.smask, + p->msg.sport, + inet_ntoa (daddr), + p->msg.dmask, + p->msg.dport, + p->msg.quota + ); + } + LIST_UNLOCK (runpol_list); + fclose (fp); + + /* nomeaning */ + return &saddr; + } + char * mapidtostr(sys_strmap_t * map, int id) Index: sysipc.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwclib/sysipc.c,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -C2 -d -r1.1.1.1 -r1.2 *** sysipc.c 30 Jan 2006 17:41:28 -0000 1.1.1.1 --- sysipc.c 7 Mar 2006 04:45:09 -0000 1.2 *************** *** 32,35 **** --- 32,37 ---- #include "sysshm.h" #include "confutil.h" + #include "slog.h" + #include "sysutil.h" extern int errno; *************** *** 162,163 **** --- 164,229 ---- } } + + + int send_ipcmsg ( int type, char *arg, int len, frp_t fr) { + sys_ipc_msg_t ipc_msg, *ipcmsg = &ipc_msg; + sys_ipc_ret_t ipc_ret, *ipcret = &ipc_ret; + int ret; + int fd; + + ipcmsg->type = type; + switch (type) { + case _CMD_ADD_FC_IPOL: + + case _CMD_DEL_FC_IPOL: + + ipcmsg->len = len; + strcpy ((char *)ipcmsg->data, arg); + + break; + + case _CMD_APPLY_FC_IPOL: + + ipcmsg->len = 0; + + break; + + default: + sprintf(fr->errmsg, "unknown message type \"%d\"", type); + fr->ret = RET_EUNKNOWN; + return fr->ret; + } + + if ((fd = sys_ipcconn()) < 0) { + sprintf(fr->errmsg, "Failed to connect to %s\n", SZADMD); + } + + if ((ret = write(fd, ipcmsg, sizeof(sys_ipc_msg_t) + len)) < 0) { + sprintf(fr->errmsg, "Failed to write to %s\n", SZADMD); + return fr->ret = ret; + } + + if ((ret = read(fd, ipcret, sizeof(sys_ipc_ret_t))) < 0) { + sprintf(fr->errmsg, "Failed to write to %s: %s\n", + SZADMD, strerror(errno)); + return fr->ret = ret; + } + + return RET_OK; + } + + + int send_rmsg (int fd, int ret, char *emsg ) { + sys_ipc_ret_t ipc_ret, *ipcret = &ipc_ret; + int iret; + + ipcret->ret = ret; + if (emsg != NULL && strlen (emsg)) + strcpy (ipcret->errmsg, emsg); + + if ((iret = write (fd, (void *)ipcret, sizeof (sys_ipc_ret_t))) < 0 ) { + out("write error:%s\n", strerror(errno)); + return iret; + } + return RET_OK; + } Index: conftab.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwclib/conftab.c,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** conftab.c 6 Mar 2006 04:23:56 -0000 1.6 --- conftab.c 7 Mar 2006 04:45:09 -0000 1.7 *************** *** 90,93 **** --- 90,94 ---- {CMD_DEL_FC_POL, "del_fc_pol", PR(del_fc_pol), INFO_CLI_DEL_FC_POL}, {CMD_FC_APPLY, "fc_apply", PR(fc_apply), INFO_CLI_FC_APPLY}, + {CMD_DUMP_FC_IPOL, "dump_fc_ipol", PR(dump_fc_ipol), INFO_CLI_DUMP_FC_IPOL}, {CMD_LIST_AUTO, "list_auto", PR(list_auto), INFO_CLI_LIST_AUTO}, {CMD_SET_AUTO, "set_auto", PR(set_auto), INFO_CLI_SET_AUTO}, *************** *** 105,110 **** { _CMD_ADD_FC_IPOL, _add_fc_ipol }, { _CMD_DEL_FC_IPOL, _del_fc_ipol }, - { _CMD_DMP_FC_IPOL, _dmp_fc_ipol }, { _CMD_APPLY_FC_IPOL, _apply_fc_ipol }, {0}, }; --- 106,111 ---- { _CMD_ADD_FC_IPOL, _add_fc_ipol }, { _CMD_DEL_FC_IPOL, _del_fc_ipol }, { _CMD_APPLY_FC_IPOL, _apply_fc_ipol }, + { _CMD_DUMP_FC_IPOL, _dump_fc_ipol }, {0}, }; |
|
From: linuxpark <lin...@us...> - 2006-03-07 04:45:12
|
Update of /cvsroot/netadm/gwc/include In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12643/include Modified Files: confproc.h confutil.h global.h message.h sysipc.h Log Message: ADD: ADD: cli command ( dump_fc_ipol : dump flow control internal policy) + confutil.c (dump_fc_ipol ()) MOD: integrage sys_ipc_e -> sys_ucmd_e MOD: vi tab modified (in .vimrc, ts=8, sw=2, sts=2) MOD: make 2 function as ipc library function ipc request function: send_ipcmsg () used by other process except gwcadmd ipc response function: send_rmsg : used by gwcadmd daemon Index: confproc.h =================================================================== RCS file: /cvsroot/netadm/gwc/include/confproc.h,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** confproc.h 1 Mar 2006 04:06:33 -0000 1.4 --- confproc.h 7 Mar 2006 04:45:09 -0000 1.5 *************** *** 67,70 **** --- 67,71 ---- void del_fc_pol(int argc, char *argv[], int modify, frp_t fr); void fc_apply(int argc, char *argv[], int modify, frp_t fr); + void dump_fc_ipol(int argc, char *argv[], int modify, frp_t fr); /* A P A U T O */ void list_auto(int argc, char *argv[], int modify, frp_t fr); Index: message.h =================================================================== RCS file: /cvsroot/netadm/gwc/include/message.h,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** message.h 1 Mar 2006 04:06:33 -0000 1.5 --- message.h 7 Mar 2006 04:45:09 -0000 1.6 *************** *** 65,68 **** --- 65,70 ---- #define INFO_CLI_DEL_FC_POL "Delete a policy in flow control" #define INFO_CLI_FC_APPLY "Apply the Policies of Flow control" + #define INFO_CLI_DUMP_FC_IPOL "dump internal policies of flow control to dump_ipol" + #define INFO_CLI_LIST_AUTO "List the setup config of auto test" #define INFO_CLI_SET_AUTO "Set the setup config of auto test " Index: global.h =================================================================== RCS file: /cvsroot/netadm/gwc/include/global.h,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** global.h 6 Mar 2006 04:23:56 -0000 1.4 --- global.h 7 Mar 2006 04:45:09 -0000 1.5 *************** *** 36,39 **** --- 36,40 ---- #define SZMAINPATH "/usr/local/gwc" #define SZMASTCONF "/usr/local/gwc/etc/config" + #define SZIPOLDUMP "/usr/local/gwc/dump_ipol.txt" #define SYSMASTEXP "bin" #define SZHTMLPATH "html" Index: sysipc.h =================================================================== RCS file: /cvsroot/netadm/gwc/include/sysipc.h,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** sysipc.h 6 Mar 2006 04:23:56 -0000 1.5 --- sysipc.h 7 Mar 2006 04:45:09 -0000 1.6 *************** *** 104,107 **** --- 104,108 ---- CMD_DEL_FC_POL, CMD_FC_APPLY, + CMD_DUMP_FC_IPOL, CMD_LIST_AUTO, CMD_SET_AUTO, *************** *** 127,137 **** unsigned char data[1024]; /* start point of data */ } sys_ipc_msg_t; ! ! typedef enum { ! IPCMTYPE_FC_RET = 0x00000001, ! IPCMTYPE_FC_ADD_IPOL, ! IPCMTYPE_FC_DEL_IPOL, ! IPCMTYPE_FC_APPLY_IPOL, ! } sys_ipc_e; typedef void (*cmdcallback_t) (int argc, char *argv[], int modify, frp_t fr); --- 128,134 ---- unsigned char data[1024]; /* start point of data */ } sys_ipc_msg_t; ! ! int send_ipcmsg ( int type, char *arg, int len, frp_t fr); /* request through IPC */ ! int send_rmsg (int fd, int ret, char *emsg ); /* response through IPC */ typedef void (*cmdcallback_t) (int argc, char *argv[], int modify, frp_t fr); Index: confutil.h =================================================================== RCS file: /cvsroot/netadm/gwc/include/confutil.h,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** confutil.h 6 Mar 2006 04:23:56 -0000 1.4 --- confutil.h 7 Mar 2006 04:45:09 -0000 1.5 *************** *** 14,18 **** /* U T I L F U N C I D X */ typedef enum { ! _CMD_GET_FC_NET = 0, /* get fc net pointer in the shared memory by name*/ _CMD_GET_FC_SVC, /* get fc svc pointer in the shared memory by name*/ _CMD_GET_FC_FW, /* get fc fw pointer in the shared memory by name*/ --- 14,19 ---- /* U T I L F U N C I D X */ typedef enum { ! _CMD_SND_FC_RET = 0x00000001, ! _CMD_GET_FC_NET, /* get fc net pointer in the shared memory by name*/ _CMD_GET_FC_SVC, /* get fc svc pointer in the shared memory by name*/ _CMD_GET_FC_FW, /* get fc fw pointer in the shared memory by name*/ *************** *** 21,26 **** _CMD_ADD_FC_IPOL, /* insert one internal fc policy (runpol_list) */ _CMD_DEL_FC_IPOL, /* delete one internal fc policy */ - _CMD_DMP_FC_IPOL, /* dump all internal fc policies to stout */ _CMD_APPLY_FC_IPOL, /* apply all internal fc policies through ioctl */ } sys_ucmd_e; --- 22,27 ---- _CMD_ADD_FC_IPOL, /* insert one internal fc policy (runpol_list) */ _CMD_DEL_FC_IPOL, /* delete one internal fc policy */ _CMD_APPLY_FC_IPOL, /* apply all internal fc policies through ioctl */ + _CMD_DUMP_FC_IPOL, /* dump all internal fc policies to stout */ } sys_ucmd_e; *************** *** 42,47 **** void * _add_fc_ipol (void *arg, int len, frp_t fr); void * _del_fc_ipol (void *arg, int len, frp_t fr); - void * _dmp_fc_ipol (void *arg, int len, frp_t fr); void * _apply_fc_ipol (void *arg, int len, frp_t fr); /* sys_ucmd_msg --- 43,48 ---- void * _add_fc_ipol (void *arg, int len, frp_t fr); void * _del_fc_ipol (void *arg, int len, frp_t fr); void * _apply_fc_ipol (void *arg, int len, frp_t fr); + void * _dump_fc_ipol (void *arg, int len, frp_t fr); /* sys_ucmd_msg |
|
From: linuxpark <lin...@us...> - 2006-03-07 04:45:12
|
Update of /cvsroot/netadm/gwc/gwcadmd In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12643/gwcadmd Modified Files: main.c Log Message: ADD: ADD: cli command ( dump_fc_ipol : dump flow control internal policy) + confutil.c (dump_fc_ipol ()) MOD: integrage sys_ipc_e -> sys_ucmd_e MOD: vi tab modified (in .vimrc, ts=8, sw=2, sts=2) MOD: make 2 function as ipc library function ipc request function: send_ipcmsg () used by other process except gwcadmd ipc response function: send_rmsg : used by gwcadmd daemon Index: main.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwcadmd/main.c,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** main.c 6 Mar 2006 14:16:05 -0000 1.8 --- main.c 7 Mar 2006 04:45:08 -0000 1.9 *************** *** 909,927 **** } - int send_rmsg (int fd, int ret, char *emsg ) { - sys_ipc_ret_t ipc_ret, *ipcret = &ipc_ret; - int iret; - - ipcret->ret = ret; - if (emsg != NULL && strlen (emsg)) - strcpy (ipcret->errmsg, emsg); - - if ((iret = write (fd, (void *)ipcret, sizeof (sys_ipc_ret_t))) < 0 ) { - out("write error:%s\n", strerror(errno)); - return iret; - } - return RET_OK; - } - void destory_runpol ( void *p ) { --- 909,912 ---- *************** *** 1136,1142 **** switch ( ipcmsg->type ) { ! case IPCMTYPE_FC_ADD_IPOL: ! if (!sys_ucmd_msg ( _CMD_ADD_FC_IPOL, ipcmsg->data, ipcmsg->len, fr)) { sprintf (minbuf, "Failed to add ipol \"%s\" (%d); %s", (char *)ipcmsg->data, fr->ret, fr->errmsg != NULL? fr->errmsg:""); --- 1121,1127 ---- switch ( ipcmsg->type ) { ! case _CMD_ADD_FC_IPOL: ! if (!sys_ucmd_msg ( ipcmsg->type, ipcmsg->data, ipcmsg->len, fr)) { sprintf (minbuf, "Failed to add ipol \"%s\" (%d); %s", (char *)ipcmsg->data, fr->ret, fr->errmsg != NULL? fr->errmsg:""); *************** *** 1155,1161 **** break; ! case IPCMTYPE_FC_DEL_IPOL: ! if (!sys_ucmd_msg ( _CMD_DEL_FC_IPOL, ipcmsg->data,ipcmsg->len, fr)) { sprintf (minbuf, "Failed to del ipol \"%s\" (%d); %s", (char *)ipcmsg->data, fr->ret, fr->errmsg != NULL? fr->errmsg:""); --- 1140,1146 ---- break; ! case _CMD_DEL_FC_IPOL: ! if (!sys_ucmd_msg ( ipcmsg->type, ipcmsg->data, ipcmsg->len, fr)) { sprintf (minbuf, "Failed to del ipol \"%s\" (%d); %s", (char *)ipcmsg->data, fr->ret, fr->errmsg != NULL? fr->errmsg:""); *************** *** 1175,1183 **** break; ! case IPCMTYPE_FC_APPLY_IPOL: ! if (!sys_ucmd_msg ( _CMD_DEL_FC_IPOL, ipcmsg->data, ipcmsg->len, fr)) { sprintf (minbuf, "Failed to apply ipol (%d); %s", ! fr->ret, fr->errmsg != NULL? fr->errmsg:""); out ("%s\n", minbuf); --- 1160,1168 ---- break; ! case _CMD_APPLY_FC_IPOL: ! if (!sys_ucmd_msg ( ipcmsg->type, ipcmsg->data, ipcmsg->len, fr)) { sprintf (minbuf, "Failed to apply ipol (%d); %s", ! fr->ret, fr->errmsg != NULL? fr->errmsg : ""); out ("%s\n", minbuf); *************** *** 1194,1197 **** --- 1179,1202 ---- } break; + + case _CMD_DUMP_FC_IPOL: + + if (!sys_ucmd_msg ( ipcmsg->type, ipcmsg->data, ipcmsg->len, fr)) { + sprintf (minbuf, "Failed to dump ipol (%d); %s", + fr->ret, fr->errmsg != NULL? fr->errmsg : ""); + + out ("%s\n", minbuf); + if (send_rmsg (cli, fr->ret, minbuf)!= RET_OK) + out ("Failed to send_rmesg\n"); + + } else { + sprintf (minbuf, "Success to dump ipol (%s)", SZIPOLDUMP); + out ("%s\n", minbuf); + + if (send_rmsg (cli, fr->ret, minbuf)!= RET_OK) + out ("Failed to send_rmesg\n"); + + } + break; default: |
|
From: linuxpark <lin...@us...> - 2006-03-07 04:45:12
|
Update of /cvsroot/netadm/gwc/pf In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12643/pf Modified Files: sysioctl.h Log Message: ADD: ADD: cli command ( dump_fc_ipol : dump flow control internal policy) + confutil.c (dump_fc_ipol ()) MOD: integrage sys_ipc_e -> sys_ucmd_e MOD: vi tab modified (in .vimrc, ts=8, sw=2, sts=2) MOD: make 2 function as ipc library function ipc request function: send_ipcmsg () used by other process except gwcadmd ipc response function: send_rmsg : used by gwcadmd daemon Index: sysioctl.h =================================================================== RCS file: /cvsroot/netadm/gwc/pf/sysioctl.h,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** sysioctl.h 5 Mar 2006 01:11:00 -0000 1.4 --- sysioctl.h 7 Mar 2006 04:45:09 -0000 1.5 *************** *** 26,55 **** typedef enum { ! SYS_ICMP_UNREACH = 0x0001, ! SYS_ICMP_ECHO = 0x0002, ! SYS_ICMP_ECHOREP = 0x0004, ! SYS_ICMP_SQUENCH = 0x0008, ! SYS_ICMP_REDIR = 0x0010, ! SYS_ICMP_TIMEX = 0x0020, ! SYS_ICMP_PARAMPROB = 0x0040, ! SYS_ICMP_TIMEST = 0x0080, ! SYS_ICMP_TIMESTREP = 0x0100, ! SYS_ICMP_INFOREQ = 0x0200, ! SYS_ICMP_INFOREP = 0x0400, ! SYS_ICMP_MASKREQ = 0x0800, ! SYS_ICMP_MASKREP = 0x1000, } sys_icmp_type_e; typedef enum { ! SYS_PROTO_TCP = IPPROTO_TCP, ! SYS_PROTO_UDP = IPPROTO_UDP, ! SYS_PROTO_ICMP = IPPROTO_ICMP, } sys_proto_type_e; typedef enum { ! FC_PR_CONTROL = 0x01, /* flow control */ ! FC_PR_MOD_HEADER = 0x02, /* modify packet header */ } fc_pol_rule_e; --- 26,55 ---- typedef enum { ! SYS_ICMP_UNREACH = 0x0001, ! SYS_ICMP_ECHO = 0x0002, ! SYS_ICMP_ECHOREP = 0x0004, ! SYS_ICMP_SQUENCH = 0x0008, ! SYS_ICMP_REDIR = 0x0010, ! SYS_ICMP_TIMEX = 0x0020, ! SYS_ICMP_PARAMPROB = 0x0040, ! SYS_ICMP_TIMEST = 0x0080, ! SYS_ICMP_TIMESTREP = 0x0100, ! SYS_ICMP_INFOREQ = 0x0200, ! SYS_ICMP_INFOREP = 0x0400, ! SYS_ICMP_MASKREQ = 0x0800, ! SYS_ICMP_MASKREP = 0x1000, } sys_icmp_type_e; typedef enum { ! SYS_PROTO_TCP = IPPROTO_TCP, ! SYS_PROTO_UDP = IPPROTO_UDP, ! SYS_PROTO_ICMP = IPPROTO_ICMP, } sys_proto_type_e; typedef enum { ! FC_PR_CONTROL = 0x01, /* flow control */ ! FC_PR_MOD_HEADER = 0x02, /* modify packet header */ } fc_pol_rule_e; |
|
From: linuxpark <lin...@us...> - 2006-03-06 14:16:12
|
Update of /cvsroot/netadm/gwc/gwcguid In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12384/gwcguid Modified Files: interface.c main.c Log Message: ADD: Almost all is being finished in user layer for supporting more detailed pf rule. Except packet filter layer ("apply" function & ioctl & pf.c) FIX: policy cache concerned problem was fixed. ADD: cache lock FIX: socket error (it was stemed from wrong fd) Index: main.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwcguid/main.c,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** main.c 31 Jan 2006 16:03:44 -0000 1.3 --- main.c 6 Mar 2006 14:16:05 -0000 1.4 *************** *** 31,38 **** #include "confutil.h" #include "qos.h" - #ifdef USE_SYSLOG #include "slog.h" #include "sysutil.h" - #endif #define TIMEOUT 1000 // 1 second --- 31,36 ---- Index: interface.c =================================================================== RCS file: /cvsroot/netadm/gwc/gwcguid/interface.c,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** interface.c 17 Feb 2006 08:09:18 -0000 1.8 --- interface.c 6 Mar 2006 14:16:05 -0000 1.9 *************** *** 34,42 **** #include "fwc.h" #include "apc.h" - #ifdef USE_SYSLOG #include "slog.h" #include "sysipc.h" #include "sysutil.h" - #endif #include "global.h" #include "sysshm.h" --- 34,40 ---- |
1 message has been excluded from this view by a project administrator.
