anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-08 05:34:58 +02:00
Code Issues Releases Wiki Activity

TARPIT: move XTTARPIT_HONEYPOT mode into its own function

Browse Source 
Moves XTTARPIT_HONEYPOT into its own function.

Signed-off-by: Josh Hunt <johunt@akamai.com>
This commit is contained in:
Josh Hunt
2012-07-08 11:11:21 -07:00
committed by Jan Engelhardt
parent cbe58f55d0
commit a9f383daf8
1 changed files with 55 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
extensions/xt_TARPIT.c
View File

@@ -78,6 +78,60 @@ static bool xttarpit_tarpit(struct tcphdr *tcph, const struct tcphdr *oth)
return true; return true;
} }
static bool xttarpit_honeypot(struct tcphdr *tcph, const struct tcphdr *oth,
uint16_t payload)
{
/* Do not answer any resets regardless of combination */
if (oth->rst || oth->seq == 0xDEADBEEF)
return false;
/* Send a reset to scanners. They like that. */
if (oth->syn && oth->ack) {
tcph->window = 0;
tcph->ack = false;
tcph->psh = true;
tcph->ack_seq = 0xdeadbeef; /* see if they ack it */
tcph->seq = oth->ack_seq;
tcph->rst = true;
}
/* SYN > SYN-ACK */
if (oth->syn && !oth->ack) {
tcph->syn = true;
tcph->ack = true;
tcph->window = oth->window &
((net_random() & 0x1f) - 0xf);
tcph->seq = htonl(net_random() & ~oth->seq);
tcph->ack_seq = htonl(ntohl(oth->seq) + oth->syn);
}
/* ACK > ACK */
if (oth->ack && (!(oth->fin || oth->syn))) {
tcph->syn = false;
tcph->ack = true;
tcph->window = oth->window &
((net_random() & 0x1f) - 0xf);
tcph->ack_seq = payload > 100 ?
htonl(ntohl(oth->seq) + payload) :
oth->seq;
tcph->seq = oth->ack_seq;
}
/*
* FIN > RST.
* We cannot terminate gracefully so just be abrupt.
*/
if (oth->fin) {
tcph->window = 0;
tcph->seq = oth->ack_seq;
tcph->ack_seq = oth->ack_seq;
tcph->fin = false;
tcph->ack = false;
tcph->rst = true;
}
return true;
}
static void tarpit_tcp(struct sk_buff *oldskb, unsigned int hook, static void tarpit_tcp(struct sk_buff *oldskb, unsigned int hook,
unsigned int mode) unsigned int mode)
{ {
@@ -148,53 +202,8 @@ static void tarpit_tcp(struct sk_buff *oldskb, unsigned int hook,
if (!xttarpit_tarpit(tcph, oth)) if (!xttarpit_tarpit(tcph, oth))
return; return;
} else if (mode == XTTARPIT_HONEYPOT) { } else if (mode == XTTARPIT_HONEYPOT) {
/* Do not answer any resets regardless of combination */ if (!xttarpit_honeypot(tcph, oth, payload))
if (oth->rst || oth->seq == 0xDEADBEEF)
return; return;
/* Send a reset to scanners. They like that. */
if (oth->syn && oth->ack) {
tcph->window = 0;
tcph->ack = false;
tcph->psh = true;
tcph->ack_seq = 0xdeadbeef; /* see if they ack it */
tcph->seq = oth->ack_seq;
tcph->rst = true;
}
/* SYN > SYN-ACK */
if (oth->syn && !oth->ack) {
tcph->syn = true;
tcph->ack = true;
tcph->window = oth->window &
((net_random() & 0x1f) - 0xf);
tcph->seq = htonl(net_random() & ~oth->seq);
tcph->ack_seq = htonl(ntohl(oth->seq) + oth->syn);
}
/* ACK > ACK */
if (oth->ack && (!(oth->fin || oth->syn))) {
tcph->syn = false;
tcph->ack = true;
tcph->window = oth->window &
((net_random() & 0x1f) - 0xf);
tcph->ack_seq = payload > 100 ?
htonl(ntohl(oth->seq) + payload) :
oth->seq;
tcph->seq = oth->ack_seq;
}
/*
* FIN > RST.
* We cannot terminate gracefully so just be abrupt.
*/
if (oth->fin) {
tcph->window = 0;
tcph->seq = oth->ack_seq;
tcph->ack_seq = oth->ack_seq;
tcph->fin = false;
tcph->ack = false;
tcph->rst = true;
}
} else if (mode == XTTARPIT_RESET) { } else if (mode == XTTARPIT_RESET) {
tcph->window = 0; tcph->window = 0;
tcph->ack = false; tcph->ack = false;