1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120
|
#ifndef backend_h
#define backend_h
#include "config.h" // HAVE_LIBIPQ*
#include <linux/netfilter.h>
#include <netinet/in.h>
#include <syslog.h>
#include <openssl/ssl.h>
#include <net/if.h>
extern "C" {
//#include <libipq/libipq/libipq.h>
#ifdef HAVE_LIBIPQ_H
#include <libipq.h>
#elif HAVE_LIBIPQ_LIBIPQ_H
#include <libipq/libipq.h>
#endif
}
#include <stdio.h>
#include <iostream>
#include <time.h>
#include <signal.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <linux/icmp.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <libxml/parser.h>
//#include <unistd.h>
#include <errno.h>
#include <string>
#include <stdlib.h>
#include <pthread.h>
#include "../include/fireflier.h" // do NOT include AFTER rules.h
#include "queue.h" // a simple queue which supports iterator, maximum queue length
#include "rules.h" // manage iptables rules
#include "ports.h" // resolve localip/localport to programname
#include "pam.h" // authentication
using namespace std;
class packet {
public:
unsigned long packet_id; // unique packet id, needed for accepting or dropping a packet (libipq)
unsigned long arrived; // time the packet arrived (in seconds)
unsigned char interface_in[IFNAMSIZ]; // name of incoming interface
unsigned char interface_out[IFNAMSIZ]; // name of outgoing interface
unsigned short int len; // length of packet data
unsigned long ip_src; // source ip
unsigned long ip_dst; // destination ip
unsigned int protocol:8; // protocol id (see rules.h)
unsigned short int port_src; // source port
unsigned short int port_dst; // destination port
unsigned short int tcp_flags; // tcp flags: ACK, FIN, RST, SYN, ...
unsigned int icmp_type:8; // type of icmp packet
unsigned int mac_addrlen:8; // real length of mac address
unsigned char mac_addr[8]; // mac is maximum 8 bytes
unsigned int hook; // chain (INPUT=1, FORWARD=2, OUTPUT=3)
char *data; // packet data
char *programname; // program using this packets localport/localip
~packet();
};
class tentry {
public:
char *buf; // which elements are considered important by rule (1= important, 0=not important)
unsigned long timeout; // timeout if a rule entry
int action; // action to be taken
packet *pack; // copy of corresponding packet
tentry(char *buf, packet *ptr, int act);
~tentry();
};
// queue containing rules which have timeout
class queue *timeoutqueue;
// queue of userspace rules
class queue *userspacequeue;
// queue of "pending packets"
class queue *packetqueue;
// currently active packet
packet *currentPacket;
// socket of the client
//int clientSocket=-1;
// if 1 then when have to remove iptables rules on abort.
int rules_active;
struct ipq_handle *h;
// mutual exclusion for queues
pthread_mutex_t lock_mutex;
SSL *ssl;
SSL_CTX *ssl_ctx;
SSL *ssl_auth; // ssl object of the connected client
bool daemonize=false; // needed in finalize
extern int errno;
// handler for SIGINT, SIGTERM
void finalize(int sig);
void saveuserspacerules();
int saveUserspaceRulesXml(string filename);
// default values for configs
char *Config_ssl_file="/etc/fireflier/fireflier.pem";
char *Config_save_file="/var/lib/fireflier/usrules.xml";
int Config_port=1133;
int Config_create_queue_rules=1;
char *Config_ssl_password="password";
char *Config_client_ip="127.0.0.1";
char *Config_pid_file="/var/run/fireflier.pid";
#endif
|