Remove references to payload matching.
This commit is contained in:
Christian Deacon
@@ -32,7 +32,6 @@ Config option `filters` is an array. Each filter includes the following options:
|
||||
* `pps` => The maximum packets per second a source IP can send before matching.
|
||||
* `bps` => The maximum amount of bytes per second a source IP can send before matching.
|
||||
* `blocktime` => The time in seconds to block the source IP if the rule matches and the action is block (0). Default value is `1`.
|
||||
* `payloadmatch` => The payload (L4 data) the packet must have to match. The format is in hexadecimal and each byte is separated by a space. An example includes: `FF FF FF FF 59`.
|
||||
|
||||
#### TCP Options
|
||||
The config option `tcpopts` within a filter is an array including TCP options. This should only be one array per filter. Options include:
|
||||
@@ -65,8 +64,6 @@ The config option `icmpopts` within a filter is an array including ICMP options.
|
||||
|
||||
**Note** - Everything besides the main `enabled` and `action` options within a filter are **not** required. This means you do not have to define them within your config.
|
||||
|
||||
**Note** - As of right now, the `payloadmatch` option does not work. I am planning to implement functionality for this soon. Unfortunately, BPF hasn't liked the matching methods I've used so far.
|
||||
|
||||
## Configuration Example
|
||||
Here's an example of a config:
|
||||
|
||||
|
||||
30
src/config.c
30
src/config.c
@@ -64,13 +64,6 @@ void SetConfigDefaults(struct config_map *cfg)
|
||||
cfg->filters[i].icmpopts.enabled = 0;
|
||||
cfg->filters[i].icmpopts.do_code = 0;
|
||||
cfg->filters[i].icmpopts.do_type = 0;
|
||||
|
||||
for (uint16_t j = 0; j < MAX_PAYLOAD_LENGTH - 1; j++)
|
||||
{
|
||||
cfg->filters[i].payloadMatch[j] = 0;
|
||||
}
|
||||
|
||||
cfg->filters[i].payloadLen = 0;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -292,29 +285,6 @@ int ReadConfig(struct config_map *cfg)
|
||||
cfg->filters[i].blockTime = 1;
|
||||
}
|
||||
|
||||
// Payload match.
|
||||
const char *payload;
|
||||
|
||||
if (config_setting_lookup_string(filter, "payloadmatch", &payload))
|
||||
{
|
||||
// We need to split the string and scan everything into the uint8_t payload.
|
||||
char *split;
|
||||
|
||||
char *str = malloc((strlen(payload) + 1) * sizeof(char));
|
||||
strcpy(str, payload);
|
||||
|
||||
split = strtok(str, " ");
|
||||
|
||||
while (split != NULL)
|
||||
{
|
||||
sscanf(split, "%2hhx", &cfg->filters[i].payloadMatch[cfg->filters[i].payloadLen]);
|
||||
|
||||
cfg->filters[i].payloadLen++;
|
||||
|
||||
split = strtok(NULL, " ");
|
||||
}
|
||||
}
|
||||
|
||||
// Check for TCP options.
|
||||
config_setting_t* tcpopts = config_setting_lookup(filter, "tcpopts");
|
||||
|
||||
|
||||
@@ -6,7 +6,6 @@
|
||||
#define MAX_PCKT_LENGTH 65535
|
||||
#define MAX_FILTERS 50
|
||||
#define MAX_TRACK_IPS 100000
|
||||
#define MAX_PAYLOAD_LENGTH 1500
|
||||
|
||||
struct tcpopts
|
||||
{
|
||||
@@ -94,9 +93,6 @@ struct filter
|
||||
|
||||
uint64_t blockTime;
|
||||
|
||||
uint8_t payloadMatch[MAX_PAYLOAD_LENGTH];
|
||||
uint16_t payloadLen;
|
||||
|
||||
struct tcpopts tcpopts;
|
||||
struct udpopts udpopts;
|
||||
struct icmpopts icmpopts;
|
||||
|
||||
@@ -333,54 +333,6 @@ int xdp_prog_main(struct xdp_md *ctx)
|
||||
continue;
|
||||
}
|
||||
|
||||
// Payload matching.
|
||||
/*
|
||||
if (filter[i]->payloadLen > 0)
|
||||
{
|
||||
unsigned int offset = sizeof(struct ethhdr) + (iph->ihl * 4) + l4headerLen;
|
||||
void *pos;
|
||||
unsigned int j;
|
||||
uint8_t *ptr;
|
||||
|
||||
pos = data;
|
||||
|
||||
int cont = 1;
|
||||
|
||||
for (j = 0; j < MAX_PAYLOAD_LENGTH; j++)
|
||||
{
|
||||
if ((j + 1) > filter[i]->payloadLen)
|
||||
{
|
||||
goto out;
|
||||
}
|
||||
|
||||
if ((pos + offset) + 1 > data_end)
|
||||
{
|
||||
goto out;
|
||||
}
|
||||
|
||||
ptr = pos + offset;
|
||||
|
||||
if (*ptr == filter[i]->payloadMatch[j])
|
||||
{
|
||||
offset++;
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
cont = 0;
|
||||
goto exitloop;
|
||||
}
|
||||
|
||||
exitloop:
|
||||
if (!cont)
|
||||
{
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
out:
|
||||
*/
|
||||
|
||||
// Do TCP options.
|
||||
if (iph->protocol == IPPROTO_TCP && filter[i]->tcpopts.enabled)
|
||||
{
|
||||
|
||||
@@ -296,7 +296,7 @@ int main(int argc, char *argv[])
|
||||
|
||||
// Initialize config.
|
||||
struct config_map *conf = malloc(sizeof(struct config_map));
|
||||
|
||||
|
||||
SetConfigDefaults(conf);
|
||||
|
||||
// Create last updated variable.
|
||||
@@ -367,19 +367,6 @@ int main(int argc, char *argv[])
|
||||
fprintf(stdout, "ICMP Code => %" PRIu8 "\n", conf->filters[i].icmpopts.code);
|
||||
fprintf(stdout, "ICMP Type => %" PRIu8 "\n", conf->filters[i].icmpopts.type);
|
||||
|
||||
// Payload.
|
||||
if (conf->filters[i].payloadLen > 0)
|
||||
{
|
||||
fprintf(stdout, "\nPayload (%d) => ", conf->filters[i].payloadLen);
|
||||
|
||||
for(uint16_t j = 0; j < conf->filters[i].payloadLen; j++)
|
||||
{
|
||||
fprintf(stdout, "%2hhx ", conf->filters[i].payloadMatch[j]);
|
||||
}
|
||||
|
||||
fprintf(stdout, "\n");
|
||||
}
|
||||
|
||||
fprintf(stdout, "\n\n");
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user