Added blocktime filter option and optimized code.

This commit is contained in:
Christian Deacon
2020-05-07 13:18:43 +00:00
parent f8730a511c
commit d17f5a4f54
5 changed files with 385 additions and 328 deletions

View File

@@ -22,14 +22,17 @@ Config option `filters` is an array. Each filter includes the following options:
* `enabled` => If true, this rule is enabled.
* `action` => What action to perform against the packet if matched. 0 = Block. 1 = Allow.
* `srcip` => The source IP to match (e.g. 10.50.0.3).
* `dstip` => The destination IP to match (e.g. 10.50.0.4).
* `min_ttl` => The minimum TTL (time to live) the packet has to match.
* `max_ttl` => The maximum TTL (time to live) the packet has to match.
* `max_len` => The maximum packet length the packet has to match. This includes the entire frame (ethernet header, IP header, L4 header, and data).
* `min_len` => The minimum packet length the packet has to match. This includes the entire frame (ethernet header, IP header, L4 header, and data).
* `tos` => The TOS (type of service) the packet has to match.
* `payloadmatch` => The payload (L4 data) the packet has to match. The format is in hexadecimal and each byte is separated by a space. An example includes: `FF FF FF FF 59`.
* `srcip` => The source IP the packet must have to match (e.g. 10.50.0.3).
* `dstip` => The destination IP the packet must have to match (e.g. 10.50.0.4).
* `min_ttl` => The minimum TTL (time to live) the packet must have to match.
* `max_ttl` => The maximum TTL (time to live) the packet must have to match.
* `max_len` => The maximum packet length the packet must have to match. This includes the entire frame (ethernet header, IP header, L4 header, and data).
* `min_len` => The minimum packet length the packet must have to match. This includes the entire frame (ethernet header, IP header, L4 header, and data).
* `tos` => The TOS (type of service) the packet must have to match.
* `pps` => The maximum packets per second a source IP can send before matching.
* `bps` => The maximum amount of bytes per second a source IP can send before matching.
* `blocktime` => The maximum of time in seconds to block the source IP if the rule matches and the action is block (0). Default value is `1`.
* `payloadmatch` => The payload (L4 data) the packet must have to match. The format is in hexadecimal and each byte is separated by a space. An example includes: `FF FF FF FF 59`.
#### TCP Options
The config option `tcpopts` within a filter is an array including TCP options. This should only be one array per filter. Options include: