anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-20 19:44:56 +02:00
Code Issues Releases Wiki Activity

pknock: rename IPT_PKNOCK_* -> XT_PKNOCK_*

Browse Source
This commit is contained in:
Jan Engelhardt
2009-10-03 00:23:42 +02:00
parent 4a350ddd03
commit f474c7d4d4
3 changed files with 93 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
extensions/libxt_pknock.c
View File

@@ -64,7 +64,7 @@ parse_ports(const char *portstring, uint16_t *ports, const char *proto)
if (buffer == NULL) if (buffer == NULL)
xtables_error(OTHER_PROBLEM, "strdup failed"); xtables_error(OTHER_PROBLEM, "strdup failed");
for (cp=buffer, i=0; cp != NULL && i<IPT_PKNOCK_MAX_PORTS; cp=next, i++) for (cp=buffer, i=0; cp != NULL && i<XT_PKNOCK_MAX_PORTS; cp=next, i++)
{ {
next=strchr(cp, ','); next=strchr(cp, ',');
if (next != NULL) if (next != NULL)
@@ -119,7 +119,7 @@ __pknock_parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) { switch (c) {
case 'k': /* --knockports */ case 'k': /* --knockports */
if (*flags & IPT_PKNOCK_KNOCKPORT) if (*flags & XT_PKNOCK_KNOCKPORT)
xtables_error(PARAMETER_PROBLEM, PKNOCK xtables_error(PARAMETER_PROBLEM, PKNOCK
"cannot use --knockports twice.\n"); "cannot use --knockports twice.\n");
@@ -127,93 +127,93 @@ __pknock_parse(int c, char **argv, int invert, unsigned int *flags,
proto = check_proto(pnum, invflags); proto = check_proto(pnum, invflags);
info->ports_count = parse_ports(optarg, info->port, proto); info->ports_count = parse_ports(optarg, info->port, proto);
info->option |= IPT_PKNOCK_KNOCKPORT; info->option |= XT_PKNOCK_KNOCKPORT;
*flags |= IPT_PKNOCK_KNOCKPORT; *flags |= XT_PKNOCK_KNOCKPORT;
#if DEBUG #if DEBUG
printf("ports_count: %d\n", info->ports_count); printf("ports_count: %d\n", info->ports_count);
#endif #endif
break; break;
case 't': /* --time */ case 't': /* --time */
if (*flags & IPT_PKNOCK_TIME) if (*flags & XT_PKNOCK_TIME)
xtables_error(PARAMETER_PROBLEM, PKNOCK xtables_error(PARAMETER_PROBLEM, PKNOCK
"cannot use --time twice.\n"); "cannot use --time twice.\n");
xtables_check_inverse(argv[optind-1], &invert, &optind, 0); xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
info->max_time = atoi(optarg); info->max_time = atoi(optarg);
info->option |= IPT_PKNOCK_TIME; info->option |= XT_PKNOCK_TIME;
*flags |= IPT_PKNOCK_TIME; *flags |= XT_PKNOCK_TIME;
break; break;
case 'n': /* --name */ case 'n': /* --name */
if (*flags & IPT_PKNOCK_NAME) if (*flags & XT_PKNOCK_NAME)
xtables_error(PARAMETER_PROBLEM, PKNOCK xtables_error(PARAMETER_PROBLEM, PKNOCK
"cannot use --name twice.\n"); "cannot use --name twice.\n");
xtables_check_inverse(argv[optind-1], &invert, &optind, 0); xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
memset(info->rule_name, 0, IPT_PKNOCK_MAX_BUF_LEN + 1); memset(info->rule_name, 0, XT_PKNOCK_MAX_BUF_LEN + 1);
strncpy(info->rule_name, optarg, IPT_PKNOCK_MAX_BUF_LEN); strncpy(info->rule_name, optarg, XT_PKNOCK_MAX_BUF_LEN);
info->rule_name_len = strlen(info->rule_name); info->rule_name_len = strlen(info->rule_name);
info->option |= IPT_PKNOCK_NAME; info->option |= XT_PKNOCK_NAME;
*flags |= IPT_PKNOCK_NAME; *flags |= XT_PKNOCK_NAME;
#if DEBUG #if DEBUG
printf("info->rule_name: %s\n", info->rule_name); printf("info->rule_name: %s\n", info->rule_name);
#endif #endif
break; break;
case 'a': /* --opensecret */ case 'a': /* --opensecret */
if (*flags & IPT_PKNOCK_OPENSECRET) if (*flags & XT_PKNOCK_OPENSECRET)
xtables_error(PARAMETER_PROBLEM, PKNOCK xtables_error(PARAMETER_PROBLEM, PKNOCK
"cannot use --opensecret twice.\n"); "cannot use --opensecret twice.\n");
xtables_check_inverse(argv[optind-1], &invert, &optind, 0); xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
memset(info->open_secret, 0, IPT_PKNOCK_MAX_PASSWD_LEN + 1); memset(info->open_secret, 0, XT_PKNOCK_MAX_PASSWD_LEN + 1);
strncpy(info->open_secret, optarg, IPT_PKNOCK_MAX_PASSWD_LEN); strncpy(info->open_secret, optarg, XT_PKNOCK_MAX_PASSWD_LEN);
info->open_secret_len = strlen(info->open_secret); info->open_secret_len = strlen(info->open_secret);
info->option |= IPT_PKNOCK_OPENSECRET; info->option |= XT_PKNOCK_OPENSECRET;
*flags |= IPT_PKNOCK_OPENSECRET; *flags |= XT_PKNOCK_OPENSECRET;
break; break;
case 'z': /* --closesecret */ case 'z': /* --closesecret */
if (*flags & IPT_PKNOCK_CLOSESECRET) if (*flags & XT_PKNOCK_CLOSESECRET)
xtables_error(PARAMETER_PROBLEM, PKNOCK xtables_error(PARAMETER_PROBLEM, PKNOCK
"cannot use --closesecret twice.\n"); "cannot use --closesecret twice.\n");
xtables_check_inverse(argv[optind-1], &invert, &optind, 0); xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
memset(info->close_secret, 0, IPT_PKNOCK_MAX_PASSWD_LEN + 1); memset(info->close_secret, 0, XT_PKNOCK_MAX_PASSWD_LEN + 1);
strncpy(info->close_secret, optarg, IPT_PKNOCK_MAX_PASSWD_LEN); strncpy(info->close_secret, optarg, XT_PKNOCK_MAX_PASSWD_LEN);
info->close_secret_len = strlen(info->close_secret); info->close_secret_len = strlen(info->close_secret);
info->option |= IPT_PKNOCK_CLOSESECRET; info->option |= XT_PKNOCK_CLOSESECRET;
*flags |= IPT_PKNOCK_CLOSESECRET; *flags |= XT_PKNOCK_CLOSESECRET;
break; break;
case 'c': /* --checkip */ case 'c': /* --checkip */
if (*flags & IPT_PKNOCK_CHECKIP) if (*flags & XT_PKNOCK_CHECKIP)
xtables_error(PARAMETER_PROBLEM, PKNOCK xtables_error(PARAMETER_PROBLEM, PKNOCK
"cannot use --checkip twice.\n"); "cannot use --checkip twice.\n");
xtables_check_inverse(argv[optind-1], &invert, &optind, 0); xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
info->option |= IPT_PKNOCK_CHECKIP; info->option |= XT_PKNOCK_CHECKIP;
*flags |= IPT_PKNOCK_CHECKIP; *flags |= XT_PKNOCK_CHECKIP;
break; break;
case 'x': /* --strict */ case 'x': /* --strict */
if (*flags & IPT_PKNOCK_STRICT) if (*flags & XT_PKNOCK_STRICT)
xtables_error(PARAMETER_PROBLEM, PKNOCK xtables_error(PARAMETER_PROBLEM, PKNOCK
"cannot use --strict twice.\n"); "cannot use --strict twice.\n");
xtables_check_inverse(argv[optind-1], &invert, &optind, 0); xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
info->option |= IPT_PKNOCK_STRICT; info->option |= XT_PKNOCK_STRICT;
*flags |= IPT_PKNOCK_STRICT; *flags |= XT_PKNOCK_STRICT;
break; break;
default: default:
@@ -240,42 +240,42 @@ static void pknock_check(unsigned int flags)
if (!flags) if (!flags)
xtables_error(PARAMETER_PROBLEM, PKNOCK "expection an option.\n"); xtables_error(PARAMETER_PROBLEM, PKNOCK "expection an option.\n");
if (!(flags & IPT_PKNOCK_NAME)) if (!(flags & XT_PKNOCK_NAME))
xtables_error(PARAMETER_PROBLEM, PKNOCK xtables_error(PARAMETER_PROBLEM, PKNOCK
"--name option is required.\n"); "--name option is required.\n");
if (flags & IPT_PKNOCK_KNOCKPORT) { if (flags & XT_PKNOCK_KNOCKPORT) {
if (flags & IPT_PKNOCK_CHECKIP) { if (flags & XT_PKNOCK_CHECKIP) {
xtables_error(PARAMETER_PROBLEM, PKNOCK xtables_error(PARAMETER_PROBLEM, PKNOCK
"cannot specify --knockports with --checkip.\n"); "cannot specify --knockports with --checkip.\n");
} }
if ((flags & IPT_PKNOCK_OPENSECRET) if ((flags & XT_PKNOCK_OPENSECRET)
&& !(flags & IPT_PKNOCK_CLOSESECRET)) && !(flags & XT_PKNOCK_CLOSESECRET))
{ {
xtables_error(PARAMETER_PROBLEM, PKNOCK xtables_error(PARAMETER_PROBLEM, PKNOCK
"--opensecret must go with --closesecret.\n"); "--opensecret must go with --closesecret.\n");
} }
if ((flags & IPT_PKNOCK_CLOSESECRET) if ((flags & XT_PKNOCK_CLOSESECRET)
&& !(flags & IPT_PKNOCK_OPENSECRET)) && !(flags & XT_PKNOCK_OPENSECRET))
{ {
xtables_error(PARAMETER_PROBLEM, PKNOCK xtables_error(PARAMETER_PROBLEM, PKNOCK
"--closesecret must go with --opensecret.\n"); "--closesecret must go with --opensecret.\n");
} }
} }
if (flags & IPT_PKNOCK_CHECKIP) { if (flags & XT_PKNOCK_CHECKIP) {
if (flags & IPT_PKNOCK_KNOCKPORT) { if (flags & XT_PKNOCK_KNOCKPORT) {
xtables_error(PARAMETER_PROBLEM, PKNOCK xtables_error(PARAMETER_PROBLEM, PKNOCK
"cannot specify --checkip with --knockports.\n"); "cannot specify --checkip with --knockports.\n");
} }
if ((flags & IPT_PKNOCK_OPENSECRET) if ((flags & XT_PKNOCK_OPENSECRET)
|| (flags & IPT_PKNOCK_CLOSESECRET)) || (flags & XT_PKNOCK_CLOSESECRET))
{ {
xtables_error(PARAMETER_PROBLEM, PKNOCK xtables_error(PARAMETER_PROBLEM, PKNOCK
"cannot specify --opensecret and" "cannot specify --opensecret and"
" --closesecret with --checkip.\n"); " --closesecret with --checkip.\n");
} }
if (flags & IPT_PKNOCK_TIME) { if (flags & XT_PKNOCK_TIME) {
xtables_error(PARAMETER_PROBLEM, PKNOCK xtables_error(PARAMETER_PROBLEM, PKNOCK
"cannot specify --time with --checkip.\n"); "cannot specify --time with --checkip.\n");
} }
@@ -290,19 +290,19 @@ static void pknock_print(const void *ip,
int i; int i;
printf("pknock "); printf("pknock ");
if (info->option & IPT_PKNOCK_KNOCKPORT) { if (info->option & XT_PKNOCK_KNOCKPORT) {
printf("knockports "); printf("knockports ");
for (i=0; i<info->ports_count; i++) for (i=0; i<info->ports_count; i++)
printf("%s%d", i ? "," : "", info->port[i]); printf("%s%d", i ? "," : "", info->port[i]);
printf(" "); printf(" ");
} }
if (info->option & IPT_PKNOCK_TIME) if (info->option & XT_PKNOCK_TIME)
printf("time %ld ", (long)info->max_time); printf("time %ld ", (long)info->max_time);
if (info->option & IPT_PKNOCK_NAME) if (info->option & XT_PKNOCK_NAME)
printf("name %s ", info->rule_name); printf("name %s ", info->rule_name);
if (info->option & IPT_PKNOCK_OPENSECRET) if (info->option & XT_PKNOCK_OPENSECRET)
printf("opensecret "); printf("opensecret ");
if (info->option & IPT_PKNOCK_CLOSESECRET) if (info->option & XT_PKNOCK_CLOSESECRET)
printf("closesecret "); printf("closesecret ");
} }
@@ -312,23 +312,23 @@ static void pknock_save(const void *ip, const struct xt_entry_match *match)
int i; int i;
const struct xt_pknock_mtinfo *info = (void *)match->data; const struct xt_pknock_mtinfo *info = (void *)match->data;
if (info->option & IPT_PKNOCK_KNOCKPORT) { if (info->option & XT_PKNOCK_KNOCKPORT) {
printf("--knockports "); printf("--knockports ");
for (i=0; i<info->ports_count; i++) for (i=0; i<info->ports_count; i++)
printf("%s%d", i ? "," : "", info->port[i]); printf("%s%d", i ? "," : "", info->port[i]);
printf(" "); printf(" ");
} }
if (info->option & IPT_PKNOCK_TIME) if (info->option & XT_PKNOCK_TIME)
printf("--time %ld ", (long)info->max_time); printf("--time %ld ", (long)info->max_time);
if (info->option & IPT_PKNOCK_NAME) if (info->option & XT_PKNOCK_NAME)
printf("--name %s ", info->rule_name); printf("--name %s ", info->rule_name);
if (info->option & IPT_PKNOCK_OPENSECRET) if (info->option & XT_PKNOCK_OPENSECRET)
printf("--opensecret "); printf("--opensecret ");
if (info->option & IPT_PKNOCK_CLOSESECRET) if (info->option & XT_PKNOCK_CLOSESECRET)
printf("--closesecret "); printf("--closesecret ");
if (info->option & IPT_PKNOCK_STRICT) if (info->option & XT_PKNOCK_STRICT)
printf("--strict "); printf("--strict ");
if (info->option & IPT_PKNOCK_CHECKIP) if (info->option & XT_PKNOCK_CHECKIP)
printf("--checkip "); printf("--checkip ");
} }

46
extensions/xt_pknock.c
View File

@@ -65,7 +65,7 @@ struct peer {
*/ */
struct xt_pknock_rule { struct xt_pknock_rule {
struct list_head head; struct list_head head;
char rule_name[IPT_PKNOCK_MAX_BUF_LEN + 1]; char rule_name[XT_PKNOCK_MAX_BUF_LEN+1];
int rule_name_len; int rule_name_len;
unsigned int ref_count; unsigned int ref_count;
struct timer_list timer; struct timer_list timer;
@@ -433,7 +433,7 @@ add_rule(struct xt_pknock_mtinfo *info)
if (rulecmp(info, rule)) { if (rulecmp(info, rule)) {
rule->ref_count++; rule->ref_count++;
if (info->option & IPT_PKNOCK_CHECKIP) { if (info->option & XT_PKNOCK_CHECKIP) {
pr_debug("add_rule() (AC)" pr_debug("add_rule() (AC)"
" rule found: %s - " " rule found: %s - "
"ref_count: %d\n", "ref_count: %d\n",
@@ -452,7 +452,7 @@ add_rule(struct xt_pknock_mtinfo *info)
INIT_LIST_HEAD(&rule->head); INIT_LIST_HEAD(&rule->head);
memset(rule->rule_name, 0, IPT_PKNOCK_MAX_BUF_LEN + 1); memset(rule->rule_name, 0, XT_PKNOCK_MAX_BUF_LEN + 1);
strncpy(rule->rule_name, info->rule_name, info->rule_name_len); strncpy(rule->rule_name, info->rule_name, info->rule_name_len);
rule->rule_name_len = info->rule_name_len; rule->rule_name_len = info->rule_name_len;
@@ -858,7 +858,7 @@ update_peer(struct peer *peer, const struct xt_pknock_mtinfo *info,
if (is_wrong_knock(peer, info, hdr->port)) { if (is_wrong_knock(peer, info, hdr->port)) {
pk_debug("DIDN'T MATCH", peer); pk_debug("DIDN'T MATCH", peer);
/* Peer must start the sequence from scratch. */ /* Peer must start the sequence from scratch. */
if (info->option & IPT_PKNOCK_STRICT) if (info->option & XT_PKNOCK_STRICT)
reset_knock_status(peer); reset_knock_status(peer);
return false; return false;
@@ -866,7 +866,7 @@ update_peer(struct peer *peer, const struct xt_pknock_mtinfo *info,
#ifdef PK_CRYPTO #ifdef PK_CRYPTO
/* If security is needed. */ /* If security is needed. */
if (info->option & IPT_PKNOCK_OPENSECRET ) { if (info->option & XT_PKNOCK_OPENSECRET ) {
if (hdr->proto != IPPROTO_UDP) if (hdr->proto != IPPROTO_UDP)
return false; return false;
@@ -894,7 +894,7 @@ update_peer(struct peer *peer, const struct xt_pknock_mtinfo *info,
} }
/* Controls the max matching time between ports. */ /* Controls the max matching time between ports. */
if (info->option & IPT_PKNOCK_TIME) { if (info->option & XT_PKNOCK_TIME) {
time = jiffies/HZ; time = jiffies/HZ;
if (is_time_exceeded(peer, info->max_time)) { if (is_time_exceeded(peer, info->max_time)) {
@@ -997,7 +997,7 @@ static bool pknock_mt(const struct sk_buff *skb,
/* Gives the peer matching status added to rule depending on ip src. */ /* Gives the peer matching status added to rule depending on ip src. */
peer = get_peer(rule, iph->saddr); peer = get_peer(rule, iph->saddr);
if (info->option & IPT_PKNOCK_CHECKIP) { if (info->option & XT_PKNOCK_CHECKIP) {
ret = is_allowed(peer); ret = is_allowed(peer);
goto out; goto out;
} }
@@ -1008,10 +1008,10 @@ static bool pknock_mt(const struct sk_buff *skb,
} }
/* Sets, updates, removes or checks the peer matching status. */ /* Sets, updates, removes or checks the peer matching status. */
if (info->option & IPT_PKNOCK_KNOCKPORT) { if (info->option & XT_PKNOCK_KNOCKPORT) {
if ((ret = is_allowed(peer))) { if ((ret = is_allowed(peer))) {
#ifdef PK_CRYPTO #ifdef PK_CRYPTO
if (info->option & IPT_PKNOCK_CLOSESECRET && if (info->option & XT_PKNOCK_CLOSESECRET &&
iph->protocol == IPPROTO_UDP) iph->protocol == IPPROTO_UDP)
{ {
if (is_close_knock(peer, info, hdr.payload, hdr.payload_len)) if (is_close_knock(peer, info, hdr.payload, hdr.payload_len))
@@ -1059,51 +1059,51 @@ static bool pknock_mt_check(const struct xt_mtchk_param *par)
if (!add_rule(info)) if (!add_rule(info))
RETURN_ERR("add_rule() error in checkentry() function.\n"); RETURN_ERR("add_rule() error in checkentry() function.\n");
if (!(info->option & IPT_PKNOCK_NAME)) if (!(info->option & XT_PKNOCK_NAME))
RETURN_ERR("You must specify --name option.\n"); RETURN_ERR("You must specify --name option.\n");
#ifdef PK_CRYPTO #ifdef PK_CRYPTO
if ((info->option & IPT_PKNOCK_OPENSECRET) && (info->ports_count != 1)) if ((info->option & XT_PKNOCK_OPENSECRET) && (info->ports_count != 1))
RETURN_ERR("--opensecret must have just one knock port\n"); RETURN_ERR("--opensecret must have just one knock port\n");
#endif #endif
if (info->option & IPT_PKNOCK_KNOCKPORT) { if (info->option & XT_PKNOCK_KNOCKPORT) {
if (info->option & IPT_PKNOCK_CHECKIP) { if (info->option & XT_PKNOCK_CHECKIP) {
RETURN_ERR("Can't specify --knockports with --checkip.\n"); RETURN_ERR("Can't specify --knockports with --checkip.\n");
} }
#ifdef PK_CRYPTO #ifdef PK_CRYPTO
if ((info->option & IPT_PKNOCK_OPENSECRET) && if ((info->option & XT_PKNOCK_OPENSECRET) &&
!(info->option & IPT_PKNOCK_CLOSESECRET)) !(info->option & XT_PKNOCK_CLOSESECRET))
{ {
RETURN_ERR("--opensecret must go with --closesecret.\n"); RETURN_ERR("--opensecret must go with --closesecret.\n");
} }
if ((info->option & IPT_PKNOCK_CLOSESECRET) && if ((info->option & XT_PKNOCK_CLOSESECRET) &&
!(info->option & IPT_PKNOCK_OPENSECRET)) !(info->option & XT_PKNOCK_OPENSECRET))
{ {
RETURN_ERR("--closesecret must go with --opensecret.\n"); RETURN_ERR("--closesecret must go with --opensecret.\n");
} }
#endif #endif
} }
if (info->option & IPT_PKNOCK_CHECKIP) { if (info->option & XT_PKNOCK_CHECKIP) {
if (info->option & IPT_PKNOCK_KNOCKPORT) if (info->option & XT_PKNOCK_KNOCKPORT)
{ {
RETURN_ERR("Can't specify --checkip with --knockports.\n"); RETURN_ERR("Can't specify --checkip with --knockports.\n");
} }
#ifdef PK_CRYPTO #ifdef PK_CRYPTO
if ((info->option & IPT_PKNOCK_OPENSECRET) || if ((info->option & XT_PKNOCK_OPENSECRET) ||
(info->option & IPT_PKNOCK_CLOSESECRET)) (info->option & XT_PKNOCK_CLOSESECRET))
{ {
RETURN_ERR("Can't specify --opensecret and --closesecret" RETURN_ERR("Can't specify --opensecret and --closesecret"
" with --checkip.\n"); " with --checkip.\n");
} }
#endif #endif
if (info->option & IPT_PKNOCK_TIME) if (info->option & XT_PKNOCK_TIME)
RETURN_ERR("Can't specify --time with --checkip.\n"); RETURN_ERR("Can't specify --time with --checkip.\n");
} }
#ifdef PK_CRYPTO #ifdef PK_CRYPTO
if (info->option & IPT_PKNOCK_OPENSECRET) { if (info->option & XT_PKNOCK_OPENSECRET) {
if (info->open_secret_len == info->close_secret_len) { if (info->open_secret_len == info->close_secret_len) {
if (memcmp(info->open_secret, info->close_secret, if (memcmp(info->open_secret, info->close_secret,
info->open_secret_len) == 0) info->open_secret_len) == 0)

33
extensions/xt_pknock.h
View File

@@ -13,35 +13,38 @@
#define PKNOCK "xt_pknock: " #define PKNOCK "xt_pknock: "
#define IPT_PKNOCK_KNOCKPORT 0x01 enum {
#define IPT_PKNOCK_TIME 0x02 XT_PKNOCK_KNOCKPORT = 1 << 0,
#define IPT_PKNOCK_NAME 0x04 XT_PKNOCK_TIME = 1 << 1,
#define IPT_PKNOCK_STRICT 0x08 XT_PKNOCK_NAME = 1 << 2,
#define IPT_PKNOCK_CHECKIP 0x10 XT_PKNOCK_STRICT = 1 << 3,
#define IPT_PKNOCK_OPENSECRET 0x20 XT_PKNOCK_CHECKIP = 1 << 4,
#define IPT_PKNOCK_CLOSESECRET 0x40 XT_PKNOCK_OPENSECRET = 1 << 5,
XT_PKNOCK_CLOSESECRET = 1 << 6,
#define IPT_PKNOCK_MAX_PORTS 15 /* Can never change these, as they are make up the user protocol. */
#define IPT_PKNOCK_MAX_BUF_LEN 31 XT_PKNOCK_MAX_PORTS = 15,
#define IPT_PKNOCK_MAX_PASSWD_LEN 31 XT_PKNOCK_MAX_BUF_LEN = 31,
XT_PKNOCK_MAX_PASSWD_LEN = 31,
};
#define DEBUG 1 #define DEBUG 1
struct xt_pknock_mtinfo { struct xt_pknock_mtinfo {
char rule_name[IPT_PKNOCK_MAX_BUF_LEN + 1]; char rule_name[XT_PKNOCK_MAX_BUF_LEN+1];
uint32_t rule_name_len; uint32_t rule_name_len;
char open_secret[IPT_PKNOCK_MAX_PASSWD_LEN + 1]; char open_secret[XT_PKNOCK_MAX_PASSWD_LEN+1];
uint32_t open_secret_len; uint32_t open_secret_len;
char close_secret[IPT_PKNOCK_MAX_PASSWD_LEN + 1]; char close_secret[XT_PKNOCK_MAX_PASSWD_LEN+1];
uint32_t close_secret_len; uint32_t close_secret_len;
uint8_t option; /* --time, --knock-port, ... */ uint8_t option; /* --time, --knock-port, ... */
uint8_t ports_count; /* number of ports */ uint8_t ports_count; /* number of ports */
uint16_t port[IPT_PKNOCK_MAX_PORTS]; /* port[,port,port,...] */ uint16_t port[XT_PKNOCK_MAX_PORTS]; /* port[,port,port,...] */
uint32_t max_time; /* max matching time between ports */ uint32_t max_time; /* max matching time between ports */
}; };
struct xt_pknock_nl_msg { struct xt_pknock_nl_msg {
char rule_name[IPT_PKNOCK_MAX_BUF_LEN + 1]; char rule_name[XT_PKNOCK_MAX_BUF_LEN+1];
uint32_t peer_ip; uint32_t peer_ip;
}; };