Download - 12.1. Comparativa modelos paloalto networks
![Page 1: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/1.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
12. Anexos
12.1. Comparativa modelos paloalto networks
139
![Page 2: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/2.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
140
![Page 3: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/3.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
141
![Page 4: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/4.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
142
![Page 5: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/5.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
143
![Page 6: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/6.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
12.2. Configuracion de un Virtual Switch en VMware ESXi
Figura 54: Configuracion un Virtual Switch: Paso 1
Figura 55: Configuracion un Virtual Switch: Paso 2
144
![Page 7: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/7.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
Figura 56: Configuracion un Virtual Switch: Paso 3
Figura 57: Configuracion un Virtual Switch: Paso 4
145
![Page 8: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/8.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
Figura 58: Configuracion un Virtual Switch: Paso 5
Figura 59: Configuracion un Virtual Switch: Paso 6
146
![Page 9: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/9.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
12.3. install ndpi.sh
#!/bin /bash
KERNEL VERSION=$ (uname −r )
# L i b r e r i a s y a c t u a l i z a c i o n e s p r ev i a s
yum i n s t a l l vimyum i n s t a l l svnyum i n s t a l l g i tyum i n s t a l l unzipyum i n s t a l l z ipyum i n s t a l l gccyum i n s t a l l ncurses−deve lyum i n s t a l l i p t ab l e s−deve lyum i n s t a l l kerne l−deve lyum i n s t a l l l ibmnl−deve lyum i n s t a l l automakeyum i n s t a l l l i b t o o lyum i n s t a l l l i b t o o l−l t d l−deve l
# In s t a l a c i o n nDPI (manual )# Nota : se compila con http . c o r i g i n a l
cd / usr / s r c / redBorder−ndpi /nDPI. / c on f i gu r e −−with−p i c −−p r e f i x=/opt/ rb−−s b i nd i r=/opt/ rb/bin −−exec−p r e f i x=/opt/ rbmakemake i n s t a l l
# I n s t a l a c i o n de l modulo para n e t f i l t e r# Nota : se compila con http . c modi f icado s t r t o k r
cp −R . . / http . c / usr / s r c / redBorder−ndpi /nDPI/ s r c / l i b / p r o t o c o l s /cd / usr / s r c / redBorder−ndpi /nDPI/ndpi−n e t f i l t e r /ndpi−n e t f i l t e r −masterLANG=C NDPI PATH=/usr / s r c / redBorder−ndpi /nDPI make#make modu l e s i n s t a l lcp i p t / l i b x t ndp i . so / l i b / x tab l e scp i p t / l i b x t ndp i . so / l i b / xtab le s −1.4 .7cp −R sr c / xt ndpi . ko . unsigned / l i b /modules/${KERNEL VERSION}/ ext ra / xt ndpi . kodepmod −amodprobe xt ndpis e r v i c e i p t a b l e s r e s t a r t
147
![Page 10: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/10.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
12.4. redBorder-ndpi-source.sh
#!/bin /bash
######## Fi r s t o f a l l make sure to update theke rne l to the l a t e s t v e r s i on
KERNEL VERSION=$ (uname −r | sed ” s / . i 686 //”)
######## Prepare and compi le k e rne l s ou r c e s and i n s e r tredBorder−ndpi f i l e s ########
# Gathering l i b r a r i e s to bu i ld the ke rne l p roper lyyum i n s t a l l rng−t o o l s . i 686yum i n s t a l l rpm−bu i ld redhat−rpm−c on f i g un ide fyum i n s t a l l gcc p a t c hu t i l s xmlto a s c i i d o ce l f u t i l s − l i b e l f −deve l e l f u t i l s −deve l z l i b−deve lb i nu t i l s−deve l newt−deve l python−deve l audit−l i b s−deve lb i son f l e x hmaccalc per l−ExtUti l s−Embed
# Download l a s t k e rne l s ou r c e s from the o f f i c i a l webs i tecdwget http :// vau l t . centos . org /6 .5/ updates /Source /SPackages/ kerne l−${KERNEL VERSION} . s r c . rpm
# I n s t a l l rpm packet downloadedrpm −ivh kerne l−${KERNEL VERSION} . s r c . rpm
# Before we s ta r t , the re i s need to makesystem to gen gpg key by rng−t o o l srngd −r /dev/urandom
# Prepare ke rne l s ou r c e scdcd rpmbuild/SPECSrpmbuild −bp ke rne l . spec
# Moving sour c e s to / usr / s r c and compi l ing source codecp −R / root / rpmbuild/BUILD/ kerne l−${KERNEL VERSION}/ l inux−${KERNEL VERSION} . i 686 / usr / s r c /cd / usr / s r c / l inux−${KERNEL VERSION} . i 686 /make
# Replace ke rne l f i l e s and compi le i tcdcd p r o j e c t / redBorder−ndpi / l inux−${KERNEL VERSION} . i 686ln −s / usr / s r c / l inux−${KERNEL VERSION} . i 686 // usr / s r c / l inux−dp i p r o j e c tchmod u+x i n s e r t k e r n e l f i l e s . sh
148
![Page 11: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/11.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
. / i n s e r t k e r n e l f i l e s . sh
######## Prepare and compi le i p t a b l e s s ou r c e sand i n s e r t redBorder−ndpi f i l e s ########
# Gett ing the source code and a l l o c a t i n g i t proper lycdwget http :// f tp . n e t f i l t e r . org /pub/i p t a b l e s / i p t ab l e s −1 . 4 . 7 . t a r . bz2ta r xvf i p t ab l e s −1 . 4 . 7 . ta r . bz2mv ip t ab l e s −1.4.7/ / usr / s r c
# Compiling and patching i p t a b l e scdcd p r o j e c t / redBorder−ndpi / i p t ab l e s −1.4.7/chmod u+x i n s e r t i p t a b l e s f i l e s . sh. / i n s e r t i p t a b l e s f i l e s . shcd / usr / s r c / i p t ab l e s −1.4.7/. / c on f i gu r emakemake i n s t a l l. / copy new l ibxt . sh
######## Prepare and compi le redBorder−ndpi ########
# Al l o ca t i ng source code proper lymkdir / usr / s r c / redBorder−ndpicp −R nDPI/ / usr / s r c / redBorder−ndpi /cp −R http . c / usr / s r c / redBorder−ndpi
# I n s t a l l i n g patched nDPIcd / usr / s r c / redBorder−ndpi /nDPI/chmod u+x i n s t a l l n d p i . sh. / i n s t a l l n d p i . sh
149
![Page 12: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/12.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
12.5. xt l7state.c
#inc lude <l i nux /module . h>#inc lude <l i nux / skbu f f . h>#inc lude <net / n e t f i l t e r / n f connt rack . h>#inc lude <l i nux / n e t f i l t e r / x t ab l e s . h>#inc lude <l i nux / n e t f i l t e r / x t l 7 s t a t e . h>
MODULE LICENSE(”GPL” ) ;MODULEAUTHOR(” Se rg i o Mi l lan Rodriguez<sermi lrod@gmai l . com>”);MODULE DESCRIPTION(” ip [ 6 ] t a b l e s connect iont rack ing s t a t e match module f o r l a y e r 7 ” ) ;MODULE ALIAS(” i p t l 7 s t a t e ” ) ;MODULE ALIAS(” i p 6 t l 7 s t a t e ” ) ;
s t a t i c bool l 7 s t a t e c h e c k l 7 s t a t e( unsigned i n t l 7 s t a t e s , const s t r u c t nf conn ∗ ct ){
pr in tk (” statemask : %d\n” , l 7 s t a t e s ) ;switch ( l 7 s t a t e s ){
case 1 : //L7NOINITi f ( ct−>l 7 . l 7 s t a t e [ 0 ] == 1)
return true ;e l s e
re turn f a l s e ;case 2 : //L7UNKNOWN
i f ( ct−>l 7 . l 7 s t a t e [ 1 ] == 1)return true ;
e l s ere turn f a l s e ;
case 4 : //L7ACCEPTi f ( ct−>l 7 . l 7 s t a t e [ 2 ] == 1)
return true ;e l s e
re turn f a l s e ;case 6 : //L7UNKNOWN OR L7ACCEPT
i f ( ct−>l 7 . l 7 s t a t e [ 1 ] == 1| | ct−>l 7 . l 7 s t a t e [ 2 ] == 1)
return true ;e l s e
re turn f a l s e ;case 8 : //L7DROP
i f ( ct−>l 7 . l 7 s t a t e [ 3 ] == 1)return true ;
e l s ere turn f a l s e ;
150
![Page 13: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/13.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
case 16 : //L7CONTINUEi f ( ct−>l 7 . l 7 s t a t e [ 4 ] == 1)
return true ;e l s e
re turn f a l s e ;case 18 : //L7UNKNOWN OR L7CONTINUE
i f ( ct−>l 7 . l 7 s t a t e [ 1 ] == 1| | ct−>l 7 . l 7 s t a t e [ 4 ] == 1)
return true ;e l s e
re turn f a l s e ;}
r e turn f a l s e ;}
s t a t i c booll 7 s t a t e mt ( const s t r u c t s k bu f f ∗skb ,const s t r u c t xt match param ∗par ){
const s t r u c t x t l 7 s t a t e i n f o ∗ s i n f o= par−>matchinfo ;
enum ip c onn t r a c k i n f o c t i n f o ;s t r u c t nf conn ∗ ct ;bool r e t = f a l s e ;
c t = n f c t g e t ( skb , &c t i n f o ) ;i f ( c t != NULL) {
i f ( l 7 s t a t e c h e c k l 7 s t a t e ( s i n f o−>statemask , c t )== true )
r e t = true ;e l s e
r e t = f a l s e ;} e l s e
r e t = f a l s e ;r e turn r e t ;
}
s t a t i c bool l 7 s t a t e mt check ( const s t r u c t xt mtchk param ∗par ){
i f ( n f c t l 3 p r o t o t r y modu l e g e t ( par−>match−>f ami ly ) < 0) {pr in tk (KERNWARNING ”can ’ t load conntrack support f o r ”
” proto=%u\n” , par−>match−>f ami ly ) ;r e turn f a l s e ;
}r e turn t rue ;
}
151
![Page 14: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/14.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
s t a t i c void l 7 s t a t e mt de s t r oy( const s t r u c t xt mtdtor param ∗par ){
n f c t l 3p ro t o modu l e pu t ( par−>match−>f ami ly ) ;}
s t a t i c s t r u c t xt match l 7 s t a t e mt r e g [ ] r e ad mos t l y = {{
. name = ” l 7 s t a t e ” ,
. f ami ly = NFPROTO IPV4,
. checkentry = l7 s ta t e mt check ,
. match = l7s ta te mt ,
. des t roy = l7 s t a t e mt de s t r oy ,
. matchs ize = s i z e o f ( s t r u c t x t l 7 s t a t e i n f o ) ,
.me = THIS MODULE,} ,{
. name = ” l 7 s t a t e ” ,
. f ami ly = NFPROTO IPV6,
. checkentry = l7 s ta t e mt check ,
. match = l7s ta te mt ,
. des t roy = l7 s t a t e mt de s t r oy ,
. matchs ize = s i z e o f ( s t r u c t x t l 7 s t a t e i n f o ) ,
.me = THIS MODULE,} ,
} ;
s t a t i c i n t i n i t l 7 s t a t e m t i n i t ( void ){
r e turn x t r e g i s t e r ma t ch e s( l 7 s t a t e mt r eg , ARRAY SIZE( l 7 s t a t e mt r e g ) ) ;
}
s t a t i c void e x i t l 7 s t a t e m t e x i t ( void ){
x t un r eg i s t e r mat che s( l 7 s t a t e mt r eg , ARRAY SIZE( l 7 s t a t e mt r e g ) ) ;
}
modu l e in i t ( l 7 s t a t e m t i n i t ) ;module ex i t ( l 7 s t a t e m t e x i t ) ;
152
![Page 15: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/15.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
12.6. xt l7state.h
#i f n d e f XT L7STATE H#de f i n e XT L7STATE H
#de f i n e L7MAX 5#de f i n e XT L7STATE BIT( l 7 c t i n f o ) (1 << ( l 7 c t i n f o)%L7MAX )
s t r u c t x t l 7 s t a t e i n f o{
unsigned i n t statemask ;} ;
#end i f /∗ XT L7STATE H∗
12.7. copy new modules.sh
#!/bin /bash
KERNEL VERSION=$ (uname −r )
pushd / usr / s r c / l inux−dp i p r o j e c t &>/dev/ nu l lecho ” stopping i p t a b l e s . . . ”s e r v i c e i p t a b l e s stopecho ”Compiling modules . . . ”make modulesecho ”Copying new modules . . . ”f o r n in $ ( f i nd net | grep ”\ . ko \ . unsigned$ ”2>/dev/ nu l l ) ; do
m=$ ( echo $n | sed ’ s / . unsigned // ’ )m=$ ( basename $m)/bin /cp −f $n / l i b /modules/${KERNEL VERSION}/ ext ra /$m
doneecho ”Removing from memory r e s t o f modules . . . ”f o r module in ipt REJECT n f d e f r a g i p v 4n f connt rack ipv4 n f connt rack ; do
rmmod $module &>/dev/ nu l lecho ”Reso lv ing modules dependences . . . ”depmod −amodprobe n f d e f r a g i p v 4modprobe n f connt ra ck ipv4modprobe x t l 7 s t a t emodprobe x t ndp i c on t r o ldones e r v i c e i p t a b l e s r e s t a r techo ”Done ! ”
popd &>/dev/ nu l l
153
![Page 16: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/16.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
12.8. libxt l7state.c
/∗ Shared l i b r a r y add−on to i p t a b l e s to add l ay e r 7s t a t e t r a ck ing support . ∗/#inc lude <s t d i o . h>#inc lude <netdb . h>#inc lude <s t r i n g . h>#inc lude <s t d l i b . h>#inc lude <getopt . h>#inc lude <x tab l e s . h>#inc lude <l i nux / n e t f i l t e r /nf conntrack common . h>#inc lude <l i nux / n e t f i l t e r / x t l 7 s t a t e . h>
s t a t i c voidl 7 s t a t e h e l p ( void ){
p r i n t f (” s t a t e match opt ions :\n”” [ ! ] −− l 7 s t a t e [ L7NOINIT |L7UNKNOWN|L7ACCEPT |L7DROP
|L7CONTINUE ] [ , . . . ] \ n”” State ( s ) to match\n ” ) ;}
s t a t i c const s t r u c t opt ion l 7 s t a t e o p t s [ ] = {{ ” l 7 s t a t e ” , 1 , NULL, ’1 ’ } ,{ . name = NULL }
} ;
s t a t i c i n tl 7 s t a t e p a r s e s t a t e ( const char ∗ l 7 s t a t e , s i z e t len ,s t r u c t x t l 7 s t a t e i n f o ∗ s i n f o ){
i f ( strncasecmp ( l 7 s t a t e , ”L7NOINIT” , l en ) == 0)s i n f o−>statemask |= XT L7STATE BIT(IP CT L7NOINIT ) ;
e l s e i f ( strncasecmp ( l 7 s t a t e , ”L7UNKNOWN” , l en ) == 0)s i n f o−>statemask |= XT L7STATE BIT(IP CT L7UNKNOWN) ;
e l s e i f ( strncasecmp ( l 7 s t a t e , ”L7ACCEPT” , l en ) == 0)s i n f o−>statemask |= XT L7STATE BIT(IP CT L7ACCEPT ) ;
e l s e i f ( strncasecmp ( l 7 s t a t e , ”L7DROP” , l en ) == 0)s i n f o−>statemask |= XT L7STATE BIT(IP CT L7DROP ) ;
e l s e i f ( strncasecmp ( l 7 s t a t e , ”L7CONTINUE” , l en ) == 0)s i n f o−>statemask |= XT L7STATE BIT(IP CT L7CONTINUE ) ;
e l s ere turn 0 ;
r e turn 1 ;}
s t a t i c voidl 7 s t a t e p a r s e s t a t e s ( const char ∗arg ,
154
![Page 17: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/17.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
s t r u c t x t l 7 s t a t e i n f o ∗ s i n f o ){
const char ∗comma ;
whi l e ( (comma = s t r ch r ( arg , ’ , ’ ) ) != NULL) {i f (comma == arg | |
! l 7 s t a t e p a r s e s t a t e ( arg , comma−arg , s i n f o ) )x t a b l e s e r r o r (PARAMETERPROBLEM,
”Bad s t a t e \”%s \”” , arg ) ;arg = comma+1;
}i f ( ! ∗ arg )
x t a b l e s e r r o r (PARAMETERPROBLEM, ”\”−− l 7 s t a t e \”r e qu i r e s a l i s t o f ”” s t a t e s with no spaces , e . g . ””L7UNKNOWN,L7DROP\n””L7ACCEPT” ) ;
i f ( s t r l e n ( arg ) == 0 | |! l 7 s t a t e p a r s e s t a t e ( arg , s t r l e n ( arg ) , s i n f o ) )
x t a b l e s e r r o r (PARAMETERPROBLEM,”Bad s t a t e \”%s \”” , arg ) ;
}
s t a t i c i n tl 7 s t a t e p a r s e ( i n t c , char ∗∗argv , i n t inver t , unsigned i n t ∗ f l a g s ,
const void ∗ entry ,s t r u c t xt entry match ∗∗match )
{s t r u c t x t l 7 s t a t e i n f o ∗ s i n f o =( s t r u c t x t l 7 s t a t e i n f o ∗ ) (∗match)−>data ;
switch ( c ) {case ’ 1 ’ :
x t a b l e s c h e c k i n v e r s e ( optarg , &inver t , &optind ,0 , argv ) ;
l 7 s t a t e p a r s e s t a t e s ( optarg , s i n f o ) ;i f ( i n v e r t )
s i n f o−>statemask = ˜ s in f o−>statemask ;∗ f l a g s = 1 ;break ;
d e f au l t :r e turn 0 ;
}
r e turn 1 ;}
155
![Page 18: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/18.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
s t a t i c void l 7 s t a t e f i n a l c h e c k ( unsigned i n t f l a g s ){
i f ( ! f l a g s )x t a b l e s e r r o r (PARAMETERPROBLEM,”You must s p e c i f y \”−− l 7 s t a t e \”” ) ;
}
s t a t i c void l 7 s t a t e p r i n t s t a t e ( unsigned i n t statemask ){
const char ∗ sep = ”” ;
i f ( statemask & XT L7STATE BIT(IP CT L7NOINIT ) ) {p r i n t f (”%sL7NOINIT” , sep ) ;sep = ” , ” ;
}i f ( statemask & XT L7STATE BIT(IP CT L7UNKNOWN)) {
p r i n t f (”%sL7UNKNOWN” , sep ) ;sep = ” , ” ;
}i f ( statemask & XT L7STATE BIT(IP CT L7ACCEPT) ) {
p r i n t f (”%sL7ACCEPT” , sep ) ;sep = ” , ” ;
}i f ( statemask & XT L7STATE BIT(IP CT L7DROP) ) {
p r i n t f (”%sL7DROP” , sep ) ;sep = ” , ” ;
}i f ( statemask & XT L7STATE BIT(IP CT L7CONTINUE) ) {
p r i n t f (”%sL7CONTINUE” , sep ) ;sep = ” , ” ;
}p r i n t f (” ” ) ;
}
s t a t i c voidl 7 s t a t e p r i n t ( const void ∗ ip ,
const s t r u c t xt entry match ∗match ,i n t numeric )
{const s t r u c t x t l 7 s t a t e i n f o ∗ s i n f o =( const void ∗)match−>data ;
p r i n t f (” l 7 s t a t e ” ) ;l 7 s t a t e p r i n t s t a t e ( s i n f o−>statemask ) ;
}
s t a t i c void l 7 s t a t e s a v e ( const void ∗ ip ,const s t r u c t xt entry match ∗match ){
156
![Page 19: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/19.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
const s t r u c t x t l 7 s t a t e i n f o ∗ s i n f o =( const void ∗)match−>data ;
p r i n t f (”−− l 7 s t a t e ” ) ;l 7 s t a t e p r i n t s t a t e ( s i n f o−>statemask ) ;
}
s t a t i c s t r u c t xtables match l7 s ta t e match = {. f ami ly = NFPROTOUNSPEC,. name = ” l 7 s t a t e ” ,. v e r s i on = XTABLES VERSION,. s i z e = XT ALIGN( s i z e o f ( s t r u c t x t l 7 s t a t e i n f o ) ) ,. u s e r s p a c e s i z e = XT ALIGN( s i z e o f ( s t r u c t x t l 7 s t a t e i n f o ) ) ,. he lp = l 7 s t a t e h e l p ,. parse = l 7 s t a t e p a r s e ,. f i n a l c h e c k = l 7 s t a t e f i n a l c h e c k ,. p r i n t = l 7 s t a t e p r i n t ,. save = l 7 s t a t e s a v e ,. e x t r a op t s = l 7 s t a t e op t s ,
} ;
void i n i t ( void ){
x t ab l e s r e g i s t e r ma t ch (& l7 s ta t e match ) ;}
157
![Page 20: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/20.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
12.9. main.c
/∗∗ main . c∗ Copyright (C) 2010−2012 G. El ian Gidoni <geg@gnu . org>∗ 2012 Ed Wildgoose < l i s t s@w i l d g oo s e s . com>
∗∗ This f i l e i s part o f nDPI ,∗ an open source deep packet i n sp e c t i on∗ l i b r a r y based on the PACE technology by ipoque GmbH∗∗ This program i s f r e e so f tware ; you can r e d i s t r i b u t e i t and/ or∗ modify i t under the terms o f the GNU General Publ ic L i cense∗ as pub l i shed by the Free Software Foundation ; v e r s i on 2∗ o f the L icense .∗∗ This program i s d i s t r i b u t e d in the hope that i t w i l l be u se fu l ,∗ but WITHOUT ANY WARRANTY; without even the impl i ed warranty o f∗ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the∗ GNU General Publ ic L i cense f o r more d e t a i l s .∗∗ You should have r e c e i v ed a copy o f the GNU General Publ ic L i cense∗ along with t h i s program ; i f not , wr i t e to the Free Software∗ Foundation , Inc . , 51 Frankl in Street , F i f th Floor , Boston ,∗ MA 02110−1301 , USA.∗/
#inc lude <l i nux / ke rne l . h>#inc lude <l i nux / i n i t . h>#inc lude <l i nux /module . h>#inc lude <l i nux / ve r s i on . h>#inc lude <l i nux / n e t f i l t e r / x t ab l e s . h>#inc lude <l i nux / skbu f f . h>#inc lude <l i nux / ip . h>#inc lude <l i nux / tcp . h>#inc lude <l i nux /udp . h>#inc lude <l i nux / i f e t h e r . h>#inc lude <l i nux / rb t r e e . h>#inc lude <l i nux / k r e f . h>#inc lude <l i nux / time . h>
#inc lude <net / n e t f i l t e r / n f connt rack . h>#inc lude <net / n e t f i l t e r / n f connt rack ecache . h>
#inc lude ”ndpi main . h”#inc lude ” xt ndpi . h”
MODULE LICENSE(”GPL” ) ;MODULEAUTHOR(”G. El ian Gidoni <geg@gnu . org >”);
158
![Page 21: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/21.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
MODULE DESCRIPTION(”nDPI wrapper ” ) ;MODULE ALIAS(” i p t ndp i ” ) ;
#de f i n e L7MAX 5#de f i n e L7ACCEPT 2#de f i n e L7DROP 3#de f i n e L7CONTINUE 4
s t a t i c void s e t l 7 s t a t e ( s t r u c t nf conn ∗ ct , unsigned i n t s t a t e ){
unsigned i n t i ;
ct−>l 7 . l im i t op t i on = 0 ;// d e f au l t l im i t opt ion unsetct−>l 7 . ac topt i on = 0 ;// d e f au l t ac t i on opt ion unsetf o r ( i = 0 ; i < L7MAX; i++) {
ct−>l 7 . l 7 s t a t e [ i ] = 0 ;i f ( i == s t a t e )
ct−>l 7 . l 7 s t a t e [ i ] = 1 ;// s e t the s t a t e f o r packet d e c i s i o n
}}
s t a t i c bool c oun t e r l im i t ( s t r u c t nf conn ∗ ct ){
i f ( ct−>l 7 . l 7 s t a t e [ 2 ] == 1| | ct−>l 7 . l 7 s t a t e [ 3 ] == 1| | ct−>l 7 . l 7 s t a t e [ 4 ] == 1){
r e turn t rue ;// the re i s a l ay e r 7 ac t i on ac t i va t ed yetct−>l 7 . l im i t = 0 ;
}
i f ( ct−>l 7 . l im i t == 0 && ct−>l 7 . l im i t op t i on != 0){ct−>l 7 . l im i t++;re turn true ;
} e l s e i f ( ct−>l 7 . l im i t op t i on > ct−>l 7 . l im i t ) {ct−>l 7 . l im i t++;re turn true ;
} e l s e i f ( ct−>l 7 . l im i t op t i on == 0) {r e turn t rue ;
} e l s e {s e t l 7 s t a t e ( ct , L7DROP) ;ct−>l 7 . l im i t = 0 ;re turn f a l s e ;
}r e turn t rue ;
}
159
![Page 22: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/22.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
/∗ f l ow t rack ing ∗/s t r u c t o sdp i f l ow node {
s t r u c t rb node node ;s t r u c t nf conn ∗ ct ;/∗ r e s u l t only , not used f o r f low i d e n t i f i c a t i o n ∗/u32 de t e c t ed p r o t o c o l ;/∗ l a s t po in t e r a s s i gned at run time ∗/s t r u c t ndp i f l ow s t r u c t ∗ ndp i f l ow ;
} ;
/∗ id t r a ck ing ∗/s t r u c t o sdp i i d node {
s t r u c t rb node node ;s t r u c t k r e f r e f c n t ;union n f i n e t add r ip ;/∗ l a s t po in t e r a s s i gned at run time ∗/s t r u c t ndp i i d s t r u c t ∗ ndp i id ;
} ;
s t a t i c u32 s i z e i d s t r u c t = 0 ;s t a t i c u32 s i z e f l o w s t r u c t = 0 ;
s t a t i c s t r u c t rb roo t o s dp i f l ow r o o t = RBROOT;s t a t i c s t r u c t rb roo t o s dp i i d r o o t = RBROOT;
s t a t i c s t r u c t kmem cache ∗ o sdp i f l ow ca che r ead mos t l y ;s t a t i c s t r u c t kmem cache ∗ o sdp i i d c a ch e r ead mos t l y ;
s t a t i c NDPI PROTOCOL BITMASK protoco l s b i tmask ;s t a t i c atomic t p r o t o c o l s c n t [NDPI LAST IMPLEMENTED PROTOCOL ] ;
DEFINE SPINLOCK( f l ow l o c k ) ;DEFINE SPINLOCK( i d l o c k ) ;DEFINE SPINLOCK( i pq l o c k ) ;
/∗ de t e c t i on ∗/s t a t i c s t r u c t ndp i d e t e c t i on modu l e s t ru c t ∗ ndp i s t r u c t = NULL;s t a t i c u32 d e t e c t i o n t i c k r e s o l u t i o n = 1000 ;
/∗ debug func t i on s ∗/
160
![Page 23: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/23.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
s t a t i c void debug pr in t f ( u32 protoco l , void ∗ i d s t r u c t ,n d p i l o g l e v e l t l o g l e v e l ,const char ∗ format , . . . )
{/∗ do nothing ∗/
v a l i s t args ;v a s t a r t ( args , format ) ;switch ( l o g l e v e l ){
case NDPI LOG ERROR:vpr intk ( format , args ) ;break ;
case NDPI LOG TRACE:vpr intk ( format , args ) ;break ;
case NDPI LOG DEBUG:vpr intk ( format , args ) ;break ;
}va end ( args ) ;
}
s t a t i c void ∗malloc wrapper ( unsigned long s i z e ){
r e turn kmalloc ( s i z e , GFP KERNEL) ;}
s t a t i c void f r e e wrapper ( void ∗ f r e e a b l e ){
k f r e e ( f r e e a b l e ) ;}
s t a t i c s t r u c t o sdp i f l ow node ∗ndp i f l ow s ea r ch ( s t r u c t rb roo t ∗ root , s t r u c t nf conn ∗ ct ){
s t r u c t o sdp i f l ow node ∗data ;s t r u c t rb node ∗node = root−>rb node ;
whi l e ( node ) {data = rb ent ry ( node , s t r u c t osdp i f l ow node ,node ) ;
i f ( c t < data−>ct )node = node−>r b l e f t ;
e l s e i f ( c t > data−>ct )
161
![Page 24: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/24.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
node = node−>r b r i g h t ;e l s e
re turn data ;}
r e turn NULL;}
s t a t i c i n tn dp i f l ow i n s e r t ( s t r u c t rb roo t ∗ root ,s t r u c t o sdp i f l ow node ∗data ){
s t r u c t o sdp i f l ow node ∗ t h i s ;s t r u c t rb node ∗∗new =&(root−>rb node ) , ∗parent = NULL;
whi l e (∗new) {t h i s = rb ent ry (∗new ,s t r u c t osdp i f l ow node , node ) ;
parent = ∗new ;i f ( data−>ct < th i s−>ct )
new = &((∗new)−> r b l e f t ) ;e l s e i f ( data−>ct > th i s−>ct )
new = &((∗new)−> r b r i g h t ) ;e l s e
re turn 0 ;}rb l i nk node (&data−>node , parent , new ) ;r b i n s e r t c o l o r (&data−>node , root ) ;
r e turn 1 ;}
s t a t i c s t r u c t o sdp i i d node ∗ndp i i d s e a r ch ( s t r u c t rb roo t ∗ root , union n f i n e t add r ∗ ip ){
i n t r e s ;s t r u c t o sdp i i d node ∗data ;s t r u c t rb node ∗node = root−>rb node ;
whi l e ( node ) {data = rb ent ry ( node ,s t r u c t osdp i id node , node ) ;r e s = memcmp( ip , &data−>ip ,s i z e o f ( union n f i n e t add r ) ) ;
162
![Page 25: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/25.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
i f ( r e s < 0)node = node−>r b l e f t ;
e l s e i f ( r e s > 0)node = node−>r b r i g h t ;
e l s ere turn data ;
}
r e turn NULL;}
s t a t i c i n tn d p i i d i n s e r t ( s t r u c t rb roo t ∗ root , s t r u c t o sdp i i d node ∗data ){
i n t r e s ;s t r u c t o sdp i i d node ∗ t h i s ;s t r u c t rb node ∗∗new = &(root−>rb node ), ∗parent = NULL;
whi l e (∗new) {t h i s = rb ent ry (∗new ,s t r u c t osdp i id node , node ) ;r e s = memcmp(&data−>ip , &th i s−>ip ,s i z e o f ( union n f i n e t add r ) ) ;
parent = ∗new ;i f ( r e s < 0)
new = &((∗new)−> r b l e f t ) ;e l s e i f ( r e s > 0)
new = &((∗new)−> r b r i g h t ) ;e l s e
re turn 0 ;}rb l i nk node (&data−>node , parent , new ) ;r b i n s e r t c o l o r (&data−>node , root ) ;
r e turn 1 ;}
s t a t i c voidn d p i i d r e l e a s e ( s t r u c t k r e f ∗ k r e f ){
163
![Page 26: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/26.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
s t r u c t o sdp i i d node ∗ id ;
id = con t a i n e r o f ( kre f , s t r u c t osdp i id node ,r e f c n t ) ;r b e r a s e (&id−>node , &o s dp i i d r o o t ) ;kmem cache free ( o sdp i i d cache , id ) ;
}
s t a t i c s t r u c t o sdp i f l ow node ∗ndp i a l l o c f l ow ( s t r u c t nf conn ∗ ct ){
s t r u c t o sdp i f l ow node ∗ f l ow ;
sp i n l o ck bh (& f l ow l o c k ) ;f low = ndp i f l ow s ea r ch (&osdp i f l ow roo t , c t ) ;i f ( f low != NULL){
sp in un lock bh (& f l ow l o c k ) ;r e turn f low ;
}f l ow = kmem cache zal loc ( o sdp i f l ow cache ,GFP ATOMIC) ;i f ( f low == NULL){
p r e r r (” xt ndpi : couldn ’ t a l l o c a t e new f low .\n ” ) ;sp in un lock bh (& f l ow l o c k ) ;r e turn NULL;
}f low−>ct = ct ;f low−>ndp i f l ow = ( s t r u c t ndp i f l ow s t r u c t ∗)
( ( char∗)& flow−>ndp i f l ow+s i z e o f ( f low−>ndp i f l ow ) ) ;n dp i f l ow i n s e r t (&o sdp i f l ow roo t , f low ) ;sp in un lock bh (& f l ow l o c k ) ;
r e turn f low ;}
s t a t i c voidndp i f r e e f l ow ( s t r u c t nf conn ∗ ct ){
s t r u c t o sdp i f l ow node ∗ f l ow ;
sp i n l o ck bh (& f l ow l o c k ) ;f low = ndp i f l ow s ea r ch (&osdp i f l ow roo t , c t ) ;i f ( f low != NULL){
r b e r a s e (&flow−>node , &o sdp i f l ow r o o t ) ;kmem cache free ( o sdp i f l ow cache , f low ) ;
}sp in un lock bh (& f l ow l o c k ) ;
164
![Page 27: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/27.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
}
s t a t i c s t r u c t o sdp i i d node ∗ndp i a l l o c i d ( union n f i n e t add r ∗ ip ){
s t r u c t o sdp i i d node ∗ id ;
s p i n l o ck bh (& i d l o c k ) ;id = ndp i i d s e a r ch (&o sdp i i d r o o t , ip ) ;i f ( id != NULL){
k r e f g e t (&id−>r e f c n t ) ;} e l s e {
id = kmem cache zal loc ( o sdp i i d cache ,GFP ATOMIC) ;
i f ( id == NULL){p r e r r (” xt ndpi : couldn ’ t a l l o c a t enew id .\n ” ) ;sp in un lock bh (& i d l o c k ) ;r e turn NULL;
}memcpy(&id−>ip , ip , s i z e o f ( union n f i n e t add r ) ) ;id−>ndp i id = ( s t r u c t ndp i i d s t r u c t ∗)
( ( char∗)&id−>ndp i id+s i z e o f ( id−>ndp i id ) ) ;k r e f i n i t (&id−>r e f c n t ) ;n d p i i d i n s e r t (&o sdp i i d r o o t , id ) ;
}sp in un lock bh (& i d l o c k ) ;
r e turn id ;}
s t a t i c voidn dp i f r e e i d ( union n f i n e t add r ∗ ip ){
s t r u c t o sdp i i d node ∗ id ;
s p i n l o ck bh (& i d l o c k ) ;id = ndp i i d s e a r ch (&o sdp i i d r o o t , ip ) ;i f ( id != NULL)
k r e f pu t (&id−>r e f cn t , n d p i i d r e l e a s e ) ;sp in un lock bh (& i d l o c k ) ;
}
s t a t i c voidndp i enab l e p r o t o c o l s ( const s t r u c t x t ndp i mt in fo ∗ i n f o )
165
![Page 28: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/28.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
{i n t i ;
f o r ( i = 1 ; i <= NDPI LAST IMPLEMENTED PROTOCOL; i++){i f (NDPI COMPARE PROTOCOL TO BITMASK( in fo−>f l a g s , i ) != 0){
sp i n l o ck bh (& ipq l o c k ) ;a tomic inc (&p r o t o c o l s c n t [ i −1 ] ) ;NDPI ADD PROTOCOL TO BITMASK( protoco l s b i tmask , i ) ;ndp i s e t p r o t o c o l d e t e c t i o n b i tma sk2
( ndp i s t ruc t ,& pro toco l s b i tmask ) ;sp in un lock bh (& ipq l o c k ) ;
}}
}
s t a t i c voidndp i d i s a b l e p r o t o c o l s ( const s t r u c t x t ndp i mt in fo ∗ i n f o ){
i n t i ;
f o r ( i = 1 ; i <= NDPI LAST IMPLEMENTED PROTOCOL; i++){i f (NDPI COMPARE PROTOCOL TO BITMASK( in fo−>f l a g s , i ) != 0){
sp i n l o ck bh (& ipq l o c k ) ;i f ( a tomi c dec and te s t(&p r o t o c o l s c n t [ i −1])){
NDPI DEL PROTOCOL FROM BITMASK( protoco l s b i tmask , i ) ;ndp i s e t p r o t o c o l d e t e c t i o n b i tma sk2
( ndp i s t ruc t ,&pro toco l s b i tmask ) ;
}sp in un lock bh (& ipq l o c k ) ;
}}
}
#i f LINUX VERSION CODE < KERNEL VERSION(2 ,6 , 28 )
166
![Page 29: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/29.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
s t a t i c i n tndp i connt rack event ( s t r u c t n o t i f i e r b l o c k ∗ th i s , unsigned long ev ,
void ∗ data ){
s t r u c t nf conn ∗ ct = ( s t r u c t nf conn ∗) data ;union n f i n e t add r ∗ src , ∗dst ;
i f ( c t == &nf connt rack unt racked )re turn NOTIFY DONE;
i f ( ev & IPCT DESTROY){s r c = &ct−>tup lehash [ IP CT DIR ORIGINAL ] . tup l e . s r c . u3 ;dst = &ct−>tup lehash [ IP CT DIR ORIGINAL ] . tup l e . dst . u3 ;
n d p i f r e e i d ( s r c ) ;n d p i f r e e i d ( dst ) ;n dp i f r e e f l ow ( ct ) ;
}
r e turn NOTIFY DONE;}
s t a t i c s t r u c t n o t i f i e r b l o c ko s d p i n o t i f i e r = {
. n o t i f i e r c a l l = ndpi conntrack event ,} ;
#e l s es t a t i c i n tndp i connt rack event ( unsigned i n t events , s t r u c t n f c t e v e n t ∗ item ){
s t r u c t nf conn ∗ ct = item−>ct ;union n f i n e t add r ∗ src , ∗dst ;
i f ( c t == &nf connt rack unt racked )re turn 0 ;
i f ( events & (1 << IPCT DESTROY)){s r c = &ct−>tup lehash [ IP CT DIR ORIGINAL ] . tup l e . s r c . u3 ;dst = &ct−>tup lehash [ IP CT DIR ORIGINAL ] . tup l e . dst . u3 ;
n d p i f r e e i d ( s r c ) ;n d p i f r e e i d ( dst ) ;n dp i f r e e f l ow ( ct ) ;
}
r e turn 0 ;}
167
![Page 30: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/30.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
s t a t i c s t r u c t n f c t e v e n t n o t i f i e ro s d p i n o t i f i e r = {
. f cn = ndpi conntrack event ,} ;
#end i f
s t a t i c u32ndp i p ro c e s s packe t ( s t r u c t nf conn ∗ ct , const u i n t 64 t time ,
const s t r u c t iphdr ∗ iph , u i n t 16 t i p s i z e ){
u32 proto = NDPIPROTOCOLUNKNOWN;union n f i n e t add r ∗ i p s r c , ∗ i pd s t ;s t r u c t o sdp i i d node ∗ src , ∗dst ;s t r u c t o sdp i f l ow node ∗ f l ow ;
sp i n l o ck bh (& f l ow l o c k ) ;f low = ndp i f l ow s ea r ch (&osdp i f l ow roo t , c t ) ;sp in un lock bh (& f l ow l o c k ) ;i f ( f low == NULL){
f l ow = ndp i a l l o c f l ow ( ct ) ;i f ( f low == NULL)
return proto ;}
i p s r c = &ct−>tup lehash [ IP CT DIR ORIGINAL ] . tup l e . s r c . u3 ;
s p i n l o ck bh (& i d l o c k ) ;s r c = ndp i i d s e a r ch (&o sdp i i d r o o t , i p s r c ) ;sp in un lock bh (& i d l o c k ) ;i f ( s r c == NULL) {
s r c = ndp i a l l o c i d ( i p s r c ) ;i f ( s r c == NULL)
return proto ;}
i pd s t = &ct−>tup lehash [ IP CT DIR ORIGINAL ] . tup l e . dst . u3 ;
s p i n l o ck bh (& i d l o c k ) ;dst = ndp i i d s e a r ch (&o sdp i i d r o o t , i pd s t ) ;sp in un lock bh (& i d l o c k ) ;i f ( dst == NULL) {
dst = ndp i a l l o c i d ( i pd s t ) ;i f ( dst == NULL)
return proto ;}
168
![Page 31: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/31.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
/∗ here the ac tua l d e t e c t i on i s performed ∗/sp i n l o ck bh (& ipq l o c k ) ;proto = ndp i d e t e c t i o n p r o c e s s pa ck e t ( ndp i s t ruc t ,f low−>ndpi f low , ( u i n t 8 t ∗) iph , i p s i z e ,time , src−>ndpi id , dst−>ndp i id ) ;f low−>de t e c t ed p r o t o c o l = proto ;sp in un lock bh (& ipq l o c k ) ;
r e turn proto ;}
#i f LINUX VERSION CODE < KERNEL VERSION(2 ,6 , 28 )s t a t i c boolndpi mt ( const s t r u c t s k bu f f ∗skb ,
const s t r u c t n e t d ev i c e ∗ in ,const s t r u c t n e t d ev i c e ∗out ,const s t r u c t xt match ∗match ,const void ∗matchinfo ,i n t o f f s e t ,unsigned i n t p ro t o f f ,bool ∗hotdrop )
#e l i f LINUX VERSION CODE < KERNEL VERSION(2 ,6 , 35 )s t a t i c boolndpi mt ( const s t r u c t s k bu f f ∗skb , const s t r u c t xt match param ∗par )#e l s es t a t i c boolndpi mt ( const s t r u c t s k bu f f ∗skb , s t r u c t xt act ion param ∗par )#end i f{
u32 proto ;u64 time ;
#i f LINUX VERSION CODE < KERNEL VERSION(2 ,6 , 28 )const s t r u c t x t ndp i mt in fo ∗ i n f o = matchinfo ;
#e l s econst s t r u c t x t ndp i mt in fo ∗ i n f o = par−>matchinfo ;
#end i f
enum ip c onn t r a c k i n f o c t i n f o ;s t r u c t nf conn ∗ ct ;s t r u c t t imeval tv ;s t r u c t s k bu f f ∗ l i n e a r i z e d s k b = NULL;const s t r u c t s k bu f f ∗ skb use = NULL;
i f ( s k b i s n o n l i n e a r ( skb ) ){l i n e a r i z e d s k b = skb copy ( skb , GFP ATOMIC) ;
169
![Page 32: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/32.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
i f ( l i n e a r i z e d s k b == NULL) {p r i n f o (” xt ndpi : l i n e a r i z a t i o n f a i l e d .\n ” ) ;r e turn f a l s e ;
}skb use = l i n e a r i z e d s k b ;
} e l s e {skb use = skb ;
}
ct = n f c t g e t ( skb use , &c t i n f o ) ;i f ( c t == NULL){
i f ( l i n e a r i z e d s k b != NULL){k f r e e s kb ( l i n e a r i z e d s k b ) ;
}
r e turn f a l s e ;#i f LINUX VERSION CODE < KERNEL VERSION(3 , 0 , 0 )
} e l s e i f ( n f c t i s u n t r a c k e d ( skb ) ){#e l s e
} e l s e i f ( n f c t i s u n t r a c k e d ( ct ) ){#end i f
p r i n f o (” xt ndpi : i gno r i ng untracked s k bu f f .\n ” ) ;r e turn f a l s e ;
}do gett imeofday(&tv ) ;
time = ( ( u i n t 64 t ) tv . t v s e c ) ∗ d e t e c t i o n t i c k r e s o l u t i o n +tv . tv u s e c / (1000000 / d e t e c t i o n t i c k r e s o l u t i o n ) ;
// f i r s t time we load ndpi module , we change l ay e r 7 s t a t e and e x i ti f ( ct−>l 7 . l 7 s t a t e [ 0 ] == 1){
ct−>l 7 . l 7 s t a t e [ 0 ] = 0 ; // L7NOINIT f a l s ect−>l 7 . l 7 s t a t e [ 1 ] = 1 ; // L7UNKNOWN truere turn true ;
} e l s e {
i f ( c oun t e r l im i t ( c t ) == true ) {
/∗ proce s s the packet ∗/proto = ndp i p roc e s s packe t ( ct , time ,ip hdr ( skb use ) , skb use−>l en ) ;
i f ( l i n e a r i z e d s k b != NULL){k f r e e s kb ( l i n e a r i z e d s k b ) ;
}
i f (NDPI COMPARE PROTOCOL TO BITMASK( in fo−>f l a g s , proto ) != 0){ // match
170
![Page 33: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/33.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
// a po l i c y ac t i on has been r equ i r ed// f o r a l ay e r 7 packetswitch ( ct−>l 7 . ac topt i on ) {
case 1 : // L7ACCEPTi f ( ct−>l 7 . a c t i o n f l a g != 0)
s e t l 7 s t a t e ( ct , L7ACCEPT) ;// s e t ac t i on
break ;case 2 : // L7DROP
i f ( ct−>l 7 . a c t i o n f l a g != 0)s e t l 7 s t a t e ( ct , L7DROP) ;// s e t ac t i on
break ;case 3 : // L7CONTINUE
i f ( ct−>l 7 . a c t i o n f l a g != 0)s e t l 7 s t a t e ( ct , L7CONTINUE) ;// s e t ac t i on
break ;d e f au l t :// no ac t i on r equ i r ed yet// or ac t i on i s s e t
break ;}
r e turn t rue ;} e l s e// no match , keep L7 UNKNOWN l 7 s t a t e
re turn true ;} e l s e
re turn f a l s e ; // window lenght exp i red}
r e turn f a l s e ;}
#i f LINUX VERSION CODE < KERNEL VERSION(2 ,6 , 28 )s t a t i c boolndpi mt check ( const char ∗ tablename ,
const void ∗ ip ,const s t r u c t xt match ∗match ,void ∗matchinfo ,unsigned i n t hook mask )
{
const s t r u c t x t ndp i mt in fo ∗ i n f o = matchinfo ;
171
![Page 34: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/34.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
i f (NDPI BITMASK IS ZERO( in fo−>f l a g s ) ){p r i n f o (”None s e l e c t e d p ro to co l .\n ” ) ;r e turn f a l s e ;
}
ndp i enab l e p r o t o c o l s ( i n f o ) ;
r e turn n f c t l 3 p r o t o t r y modu l e g e t (match−>f ami ly ) == 0 ;}
#e l i f LINUX VERSION CODE < KERNEL VERSION(2 ,6 , 35 )s t a t i c boolndpi mt check ( const s t r u c t xt mtchk param ∗par ){
const s t r u c t x t ndp i mt in fo ∗ i n f o = par−>matchinfo ;
i f (NDPI BITMASK IS ZERO( in fo−>f l a g s ) ){p r i n f o (”None s e l e c t e d p ro to co l .\n ” ) ;r e turn f a l s e ;
}
ndp i enab l e p r o t o c o l s ( i n f o ) ;
r e turn n f c t l 3 p r o t o t r y modu l e g e t ( par−>f ami ly ) == 0 ;}#e l s es t a t i c i n tndpi mt check ( const s t r u c t xt mtchk param ∗par ){
const s t r u c t x t ndp i mt in fo ∗ i n f o = par−>matchinfo ;
i f (NDPI BITMASK IS ZERO( in fo−>f l a g s ) ){p r i n f o (”None s e l e c t e d p ro to co l .\n ” ) ;r e turn −EINVAL;
}
ndp i enab l e p r o t o c o l s ( i n f o ) ;
r e turn n f c t l 3 p r o t o t r y modu l e g e t ( par−>f ami ly ) ;}#end i f
#i f LINUX VERSION CODE < KERNEL VERSION(2 ,6 , 28 )
172
![Page 35: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/35.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
s t a t i c voidndpi mt dest roy ( const s t r u c t xt match ∗match , void ∗matchinfo ){
const s t r u c t x t ndp i mt in fo ∗ i n f o = matchinfo ;
n dp i d i s a b l e p r o t o c o l s ( i n f o ) ;n f c t l 3p ro t o modu l e pu t (match−>f ami ly ) ;
}
#e l s es t a t i c voidndpi mt dest roy ( const s t r u c t xt mtdtor param ∗par ){
const s t r u c t x t ndp i mt in fo ∗ i n f o = par−>matchinfo ;
n dp i d i s a b l e p r o t o c o l s ( i n f o ) ;n f c t l 3p ro t o modu l e pu t ( par−>f ami ly ) ;
}
#end i f
s t a t i c void ndpi c l eanup ( void ){
s t r u c t rb node ∗ next ;s t r u c t o sdp i i d node ∗ id ;s t r u c t o sdp i f l ow node ∗ f l ow ;
ndp i ex i t d e t e c t i on modu l e ( ndp i s t ruc t , f r e e wrapper ) ;
#i f LINUX VERSION CODE < KERNEL VERSION(3 , 2 , 0 )n f c o n n t r a c k u n r e g i s t e r n o t i f i e r (& o s d p i n o t i f i e r ) ;
#e l s en f c o n n t r a c k u n r e g i s t e r n o t i f i e r (& i n i t n e t ,& o s d p i n o t i f i e r ) ;
#end i f
/∗ f r e e a l l o b j e c t s be f o r e de s t roy ing caches ∗/next = r b f i r s t (& o sdp i f l ow r o o t ) ;whi l e ( next ){
f l ow = rb ent ry ( next , s t r u c t osdp i f l ow node , node ) ;next = rb next (&flow−>node ) ;r b e r a s e (&flow−>node , &o sdp i f l ow r o o t ) ;kmem cache free ( o sdp i f l ow cache , f low ) ;
}kmem cache destroy ( o sdp i f l ow ca che ) ;
next = r b f i r s t (& o s dp i i d r o o t ) ;whi l e ( next ){
173
![Page 36: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/36.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
id = rb ent ry ( next , s t r u c t osdp i id node , node ) ;next = rb next (&id−>node ) ;r b e r a s e (&id−>node , &o s dp i i d r o o t ) ;kmem cache free ( o sdp i i d cache , id ) ;
}kmem cache destroy ( o sdp i i d c a ch e ) ;
}
s t a t i c s t r u c t xt matchndpi mt reg r ead mos t l y = {
. name = ”ndpi ” ,
. r e v i s i o n = 0 ,#i f LINUX VERSION CODE < KERNEL VERSION(2 ,6 , 28 )
. f ami ly = AF INET ,#e l s e
. f ami ly = NFPROTO IPV4,#end i f
. match = ndpi mt ,
. checkentry = ndpi mt check ,
. des t roy = ndpi mt destroy ,
. matchs ize = s i z e o f ( s t r u c t x t ndp i mt in fo ) ,
.me = THIS MODULE,} ;
s t a t i c i n t i n i t ndp i mt in i t ( void ){
i n t ret , i ;
p r i n f o (” xt ndpi 0 . 1 (nDPI wrapper module ) . \ n ” ) ;/∗ i n i t g l oba l d e t e c t i on s t r u c tu r e ∗/ndp i s t r u c t = ndp i i n i t d e t e c t i on modu l e (d e t e c t i o n t i c k r e s o l u t i o n , malloc wrapper , f r ee wrapper ,( void ∗) debug pr in t f ) ;
i f ( ndp i s t r u c t == NULL) {p r e r r (” xt ndpi : g l oba l s t r u c tu r ei n i t i a l i z a t i o n f a i l e d .\n ” ) ;r e t = −ENOMEM;goto e r r ou t ;
}
f o r ( i = 0 ; i < NDPI LAST IMPLEMENTED PROTOCOL; i++){atomic s e t (&p r o t o c o l s c n t [ i ] , 0 ) ;
}
/∗ d i s ab l e a l l p r o t o c o l s ∗/NDPI BITMASK RESET( pro toco l s b i tmask ) ;
174
![Page 37: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/37.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
ndp i s e t p r o t o c o l d e t e c t i o n b i tma sk2 ( ndp i s t ruc t ,&pro toco l s b i tmask ) ;
/∗ a l l o c a t e memory f o r id and f low t rack ing ∗/s i z e i d s t r u c t = ndp i d e t e c t i o n g e t s i z e o f n d p i i d s t r u c t ( ) ;s i z e f l o w s t r u c t = ndp i d e t e c t i o n g e t s i z e o f n d p i f l ow s t r u c t ( ) ;
o sdp i f l ow ca che = kmem cache create (” x t ndp i f l ow s ” ,s i z e o f ( s t r u c t o sdp i f l ow node ) +s i z e f l ow s t r u c t ,0 , 0 , NULL) ;
i f ( ! o sdp i f l ow ca che ){p r e r r (” xt ndpi : e r r o r c r e a t i n g f low cache .\n ” ) ;r e t = −ENOMEM;goto e r r i p q ;
}
o sdp i i d c a ch e = kmem cache create (” x t ndp i i d s ” ,s i z e o f ( s t r u c t o sdp i i d node ) +s i z e i d s t r u c t ,0 , 0 , NULL) ;
i f ( ! o s dp i i d c a ch e ){p r e r r (” xt ndpi : e r r o r c r e a t i n g i d s cache .\n ” ) ;r e t = −ENOMEM;goto e r r f l ow ;
}
#i f LINUX VERSION CODE < KERNEL VERSION(3 , 2 , 0 )r e t = n f c o n n t r a c k r e g i s t e r n o t i f i e r (& o s d p i n o t i f i e r ) ;
#e l s er e t = n f c o n n t r a c k r e g i s t e r n o t i f i e r (& i n i t n e t ,& o s d p i n o t i f i e r ) ;
#end i fi f ( r e t < 0){
p r e r r (” xt ndpi : e r r o r r e g i s t e r i n g n o t i f i e r .\n ” ) ;goto e r r i d ;
}
r e t = x t r e g i s t e r ma t ch (&ndpi mt reg ) ;i f ( r e t != 0){
p r e r r (” xt ndpi : e r r o r r e g i s t e r i n g ndpi match .\n ” ) ;ndpi c l eanup ( ) ;
}
r e turn r e t ;
e r r i d :kmem cache destroy ( o sdp i i d c a ch e ) ;
e r r f l ow :kmem cache destroy ( o sdp i f l ow ca che ) ;
175
![Page 38: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/38.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
e r r i p q :ndp i ex i t d e t e c t i on modu l e ( ndp i s t ruc t , f r e e wrapper ) ;
e r r ou t :r e turn r e t ;
}
s t a t i c void e x i t ndp i mt ex i t ( void ){
p r i n f o (” xt ndpi 1 . 2 unload .\n ” ) ;
x t unreg i s t e r match (&ndpi mt reg ) ;
ndpi c l eanup ( ) ;}
modu l e in i t ( ndp i mt in i t ) ;module ex i t ( ndp i mt ex i t ) ;
176
![Page 39: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/39.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
12.10. xt ndpicontrol.c
#inc lude <l i nux /module . h>#inc lude <l i nux / skbu f f . h>#inc lude <net / n e t f i l t e r / n f connt rack . h>#inc lude <l i nux / n e t f i l t e r / x t ab l e s . h>#inc lude <l i nux / n e t f i l t e r / x t ndp i c on t r o l . h>
MODULE LICENSE(”GPL” ) ;MODULEAUTHOR(” Se rg i o Mi l lan Rodriguez<sermi lrod@gmai l . com>”);
MODULE DESCRIPTION(” ip [ 6 ] t a b l e s a u x i l i a r ymodule f o r redBorder ndpi ” ) ;MODULE ALIAS(” i p t ndp i c on t r o l ” ) ;MODULE ALIAS(” i p 6 t ndp i c on t r o l ” ) ;
s t a t i c boolndpicontro l mt ( const s t r u c t s k bu f f ∗skb ,const s t r u c t xt match param ∗par ){
const s t r u c t x t ndp i c o n t r o l i n f o ∗ i n f o = par−>matchinfo ;enum ip c onn t r a c k i n f o c t i n f o ;s t r u c t nf conn ∗ ct ;bool ret1 , r e t 2 ;
r e t 1 = f a l s e ;r e t 2 = f a l s e ;c t = n f c t g e t ( skb , &c t i n f o ) ;i f ( c t != NULL) {
i f ( in fo−>ac t i on == 1) {// L7ACCEPTct−>l 7 . ac topt i on = in fo−>ac t i on ;ct−>l 7 . a c t i o n f l a g = 1 ;r e t1 = true ;
}e l s e i f ( in fo−>ac t i on == 2) {// L7DROP
ct−>l 7 . ac topt i on = in fo−>ac t i on ;ct−>l 7 . a c t i o n f l a g = 1 ;r e t1 = true ;
}e l s e i f ( in fo−>ac t i on == 3) {// L7CONTINUE
ct−>l 7 . ac topt i on = in fo−>ac t i on ;ct−>l 7 . a c t i o n f l a g = 1 ;r e t1 = true ;
}
177
![Page 40: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/40.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
i f ( in fo−>l im i t == 3) {ct−>l 7 . l im i t op t i on = in fo−>l im i t ;ct−>l 7 . l i m i t f l a g = 1 ;r e t2 = true ;
}e l s e i f ( in fo−>l im i t == 4) {
ct−>l 7 . l im i t op t i on = in fo−>l im i t ;ct−>l 7 . l i m i t f l a g = 1 ;r e t2 = true ;
}e l s e i f ( in fo−>l im i t == 5) {
ct−>l 7 . l im i t op t i on = in fo−>l im i t ;ct−>l 7 . l i m i t f l a g = 1 ;r e t2 = true ;
}e l s e i f ( in fo−>l im i t == 6) {
ct−>l 7 . l im i t op t i on = in fo−>l im i t ;ct−>l 7 . l i m i t f l a g = 1 ;r e t2 = true ;
}e l s e i f ( in fo−>l im i t == 7) {
ct−>l 7 . l im i t op t i on = in fo−>l im i t ;ct−>l 7 . l i m i t f l a g = 1 ;r e t2 = true ;
}e l s e i f ( in fo−>l im i t == 8) {
ct−>l 7 . l im i t op t i on = in fo−>l im i t ;ct−>l 7 . l i m i t f l a g = 1 ;r e t2 = true ;
}e l s e i f ( in fo−>l im i t == 9) {
ct−>l 7 . l im i t op t i on = in fo−>l im i t ;ct−>l 7 . l i m i t f l a g = 1 ;r e t2 = true ;
}e l s e i f ( in fo−>l im i t == 10) {
ct−>l 7 . l im i t op t i on = in fo−>l im i t ;ct−>l 7 . l i m i t f l a g = 1 ;r e t2 = true ;
}} e l s e
r e t 1 = f a l s e ;
r e turn ( r e t1 ∗ r e t 2 ) ;}
178
![Page 41: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/41.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
s t a t i c bool ndp icont ro l mt check ( const s t r u c t xt mtchk param ∗par ){
i f ( n f c t l 3 p r o t o t r y modu l e g e t ( par−>match−>f ami ly ) < 0) {pr in tk (KERNWARNING ”can ’ t load conntrack support f o r ”
” proto=%u\n” , par−>match−>f ami ly ) ;r e turn f a l s e ;
}r e turn t rue ;
}
s t a t i c void ndp i cont ro l mt de s t roy ( const s t r u c t xt mtdtor param ∗par ){
n f c t l 3p ro t o modu l e pu t ( par−>match−>f ami ly ) ;}
s t a t i c s t r u c t xt match ndp i cont ro l mt r eg [ ] r e ad mos t l y = {{
. name = ” ndp i cont ro l ” ,
. f ami ly = NFPROTO IPV4,
. checkentry = ndpicontro l mt check ,
. match = ndpicontro l mt ,
. des t roy = ndp icont ro l mt des t roy ,
. matchs ize = s i z e o f ( s t r u c t x t ndp i c o n t r o l i n f o ) ,
.me = THIS MODULE,} ,{
. name = ” ndp i cont ro l ” ,
. f ami ly = NFPROTO IPV6,
. checkentry = ndpicontro l mt check ,
. match = ndpicontro l mt ,
. des t roy = ndp icont ro l mt des t roy ,
. matchs ize = s i z e o f ( s t r u c t x t ndp i c o n t r o l i n f o ) ,
.me = THIS MODULE,} ,
} ;s t a t i c i n t i n i t ndp i c on t r o l mt i n i t ( void ){
r e turn x t r e g i s t e r ma t ch e s ( ndp icont ro l mt reg ,ARRAY SIZE( ndp i cont ro l mt r eg ) ) ;
}s t a t i c void e x i t ndp i c on t r o l mt ex i t ( void ){
x t un r eg i s t e r mat che s ( ndp icont ro l mt reg ,ARRAY SIZE( ndp i cont ro l mt r eg ) ) ;
}modu l e in i t ( ndp i c on t r o l mt i n i t ) ;module ex i t ( ndp i c on t r o l mt ex i t ) ;
179
![Page 42: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/42.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
12.11. libxt ndpicontrol.c
/∗ aux i l i a r y he lpe r f o r redBorder ndpi ∗/#inc lude <s t d i o . h>#inc lude <netdb . h>#inc lude <s t r i n g . h>#inc lude <s t d l i b . h>#inc lude <getopt . h>#inc lude <x tab l e s . h>#inc lude <l i nux / n e t f i l t e r / x t ndp i c on t r o l . h>
s t a t i c voidndp i c on t r o l h e l p ( void ){
p r i n t f (” This module a l l ows you to extend ndpif u c t i o n s by s e t t i n g the l ay e r 7”
” s t a t e to packet p r o c c e s s i ng and e s t a b l i s h i n gthe acceptance window c r e d i t .\n”” ndp i cont ro l match opt ions :\n”” [ ! ] −−ac t i on [L7ACCEPT |L7DROP |L7CONTINUE\n”” [ ! ] −− l im i t [ 3 | 4 | 5 | 6 | 7 | 8 | 9 | 1 0 ] \ n ” ) ;
}
s t a t i c const s t r u c t opt ion ndp i c on t r o l op t s [ ] = {{ . name = ” ac t i on ” , . has arg = true , . va l = ’1 ’ } ,{ . name = ” l im i t ” , . has arg = true , . va l = ’2 ’ }
} ;
s t a t i c i n tndp i c on t r o l p a r s e a c t i o n ( const char ∗ option ,s t r u c t x t ndp i c o n t r o l i n f o ∗ i n f o ){
i f ( strcmp ( option , ”L7ACCEPT”) == 0)in fo−>ac t i on = 1 ;
e l s e i f ( strcmp ( option , ”L7DROP”) == 0)in fo−>ac t i on = 2 ;
e l s e i f ( strcmp ( option , ”L7CONTINUE”) == 0)in fo−>ac t i on = 3 ;
e l s ere turn 0 ;
r e turn 1 ;}
180
![Page 43: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/43.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
s t a t i c i n tn dp i c o n t r o l p a r s e l im i t ( const char ∗ option ,s t r u c t x t ndp i c o n t r o l i n f o ∗ i n f o ){
i f ( strcmp ( option , ”3”) == 0)in fo−>l im i t = 3 ;
e l s e i f ( strcmp ( option , ”4”) == 0)in fo−>l im i t = 4 ;
e l s e i f ( strcmp ( option , ”5”) == 0)in fo−>l im i t = 5 ;
e l s e i f ( strcmp ( option , ”6”) == 0)in fo−>l im i t = 6 ;
e l s e i f ( strcmp ( option , ”7”) == 0)in fo−>l im i t = 7 ;
e l s e i f ( strcmp ( option , ”8”) == 0)in fo−>l im i t = 8 ;
e l s e i f ( strcmp ( option , ”9”) == 0)in fo−>l im i t = 9 ;
e l s e i f ( strcmp ( option , ”10”) == 0)in fo−>l im i t = 10 ;
e l s ere turn 0 ;
r e turn 1 ;}
s t a t i c i n tndp i c on t r o l pa r s e ( i n t c , char ∗∗argv , i n t inver t ,
unsigned i n t ∗ f l a g s ,const void ∗ entry ,s t r u c t xt entry match ∗∗match )
{s t r u c t x t ndp i c o n t r o l i n f o ∗ i n f o =( void ∗ ) (∗match)−>data ;
switch ( c ) {case ’ 1 ’ :
∗ f l a g s = 1 ;i f ( ndp i c on t r o l p a r s e a c t i o n ( optarg , i n f o ) == 0)
x t a b l e s e r r o r (PARAMETERPROBLEM,”Bad opt ion provided . ””You must s p e c i f y−−ac t i on [L7ACCEPT |L7DROP |L7CONTINUE]\n ” ) ;
break ;case ’ 2 ’ :
∗ f l a g s = 1 ;i f ( n dp i c o n t r o l p a r s e l im i t ( optarg , i n f o ) == 0)
181
![Page 44: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/44.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
x t a b l e s e r r o r (PARAMETERPROBLEM,”Bad opt ion provided . ””You must s p e c i f y−− l im i t [ 3 | 4 | 5 | 6 | 7 | 8 | 9 | 1 0 ] \ n ” ) ;
break ;d e f au l t :
r e turn 0 ;}
r e turn 1 ;}
s t a t i c void ndp i c o n t r o l f i n a l c h e c k ( unsigned i n t f l a g s ){
i f ( ! f l a g s )x t a b l e s e r r o r (PARAMETERPROBLEM,”You must s p e c i f y :−−ac t i on [L7ACCEPT |L7DROP |L7CONTINUE]−− l im i t [ 3 | 4 | 5 | 6 | 7 | 8 | 9 | 1 0 ] \ n ” ) ;
}
s t a t i c voidndp i c on t r o l p r i n t ( const void ∗ ip ,
const s t r u c t xt entry match ∗match ,i n t numeric )
{const s t r u c t x t ndp i c o n t r o l i n f o ∗ i n f o =( const void ∗)match−>data ;
i f ( in fo−>ac t i on == 1)p r i n t f (” ndp i cont ro l :−−ac t i on L7ACCEPT−− l im i t %d” , in fo−>l im i t ) ;
e l s e i f ( in fo−>ac t i on == 2)p r i n t f (” ndp i cont ro l :−−ac t i on L7DROP−− l im i t %d” , in fo−>l im i t ) ;
e l s e i f ( in fo−>ac t i on == 3)p r i n t f (” ndp i cont ro l :−−ac t i on L7CONTINUE−− l im i t %d” , in fo−>l im i t ) ;
e l s ex t a b l e s e r r o r (PARAMETERPROBLEM,”An e r r o r occurred when par s ing arguments\n ” ) ;
}
182
![Page 45: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/45.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
s t a t i c void ndp i c on t r o l s av e ( const void ∗ ip ,const s t r u c t xt entry match ∗match ){
const s t r u c t x t ndp i c o n t r o l i n f o ∗ i n f o =( const void ∗)match−>data ;
}
s t a t i c s t r u c t xtables match ndpicontro l match = {. f ami ly = NFPROTOUNSPEC,. name = ” ndp i cont ro l ” ,. v e r s i on = XTABLES VERSION,. s i z e =XT ALIGN( s i z e o f ( s t r u c t x t ndp i c o n t r o l i n f o ) ) ,. u s e r s p a c e s i z e =XT ALIGN( s i z e o f ( s t r u c t x t ndp i c o n t r o l i n f o ) ) ,. he lp = ndp i cont ro l he lp ,. parse = ndp i cont ro l pa r s e ,. f i n a l c h e c k = ndp i c on t r o l f i n a l c h e c k ,. p r i n t = ndp i c on t r o l p r i n t ,. save = ndp i cont ro l s ave ,. e x t r a op t s = ndp i cont ro l op t s ,
} ;
void i n i t ( void ){
x t ab l e s r e g i s t e r ma t ch (&ndpicontro l match ) ;}
183
![Page 46: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/46.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
12.12. copy new libxt.sh
#!/bin /bash
echo ”Compiling l i b r a r i e s . . . ”makeecho ”Copying the shared l i b r a r y l i b x t l 7 s t a t e . so . . . ”cp −R ext en s i on s / l i b x t l 7 s t a t e . so / l i b / xtab le s −1.4.7/echo ”Copying the shared l i b r a r y l i b x t ndp i c o n t r o l . so . . . ”cp −R ext en s i on s / l i b x t ndp i c o n t r o l . so / l i b / xtab le s −1.4.7/depmodecho ”Checking module x t l 7 s t a t e . . . ”modprobe x t l 7 s t a t eecho ”Checking module x t ndp i c on t r o l . . . ”modprobe x t ndp i c on t r o lecho ”Done ! ”
12.13. insert iptables files.sh
#!/bin /bash
cp −R l i b x t ndp i c o n t r o l . c / usr / s r c / i p t ab l e s −1.4.7/ ex t en s i on s /cp −R l i b x t l 7 s t a t e . c / usr / s r c / i p t ab l e s −1.4.7/ ex t en s i on s /
cp −R x t l 7 s t a t e . h / usr / s r c / i p t ab l e s −1.4.7/ in c lude / l i nux / n e t f i l t e r /cp −R xt ndp i c on t r o l . h / usr / s r c / i p t ab l e s −1.4.7/ in c lude / l i nux / n e t f i l t e rcp −R nf conntrack common . h / usr / s r c / i p t ab l e s −1.4.7/in c lude / l i nux / n e t f i l t e r
cp −R copy new l ibxt . sh / usr / s r c / i p t ab l e s −1.4.7/
184
![Page 47: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/47.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
12.14. insert kernel files.sh
#!/bin /bash
KERNEL VERSION=$ (uname −r )
cp −R xt ndp i c on t r o l . c / usr / s r c / l inux−${KERNEL VERSION}/net / n e t f i l t e r /cp −R x t l 7 s t a t e . c / usr / s r c / l inux−${KERNEL VERSION}/net / n e t f i l t e r /cp −R nf conn t r a ck p ro t o t cp . c / usr / s r c / l inux−${KERNEL VERSION}/net / n e t f i l t e r /cp −R nf connt rack proto udp . c / usr / s r c / l inux−${KERNEL VERSION}/net / n e t f i l t e r /cp −R n f c onn t r a c k p r o t o udp l i t e . c / usr / s r c / l inux−${KERNEL VERSION}/net / n e t f i l t e r /
cp −R nf connt rack . h / usr / s r c / l inux−${KERNEL VERSION}/ inc lude/net / n e t f i l t e r /cp −R nf conntrack common . h / usr / s r c / l inux−${KERNEL VERSION}/ inc lude / l i nux / n e t f i l t e r /cp −R x t l 7 s t a t e . h / usr / s r c / l inux−${KERNEL VERSION}/ inc lude/ l i nux / n e t f i l t e r /cp −R xt ndp i c on t r o l . h / usr / s r c / l inux−${KERNEL VERSION}/ inc lude / l i nux / n e t f i l t e r /
cp −R Kconfig / usr / s r c / l inux−${KERNEL VERSION}/ net / n e t f i l t e r /cp −R Makef i l e / usr / s r c / l inux−${KERNEL VERSION}/ net / n e t f i l t e r /
cp −R copy new modules . sh / usr / s r c / l inux−${KERNEL VERSION}/
cd / usr / s r c / l inux−${KERNEL VERSION}chmod u+x copy new modules . sh. / copy new modules . shcd / root / p r o j e c t / redBorder−ndpi
185
![Page 48: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/48.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
12.15. install-redBorder-Stronghold.sh
#!/bin /bash
######## Fi r s t o f a l l make sure to update theke rne l to the l a t e s t v e r s i on
KERNEL VERSION=$ (uname −r | sed ” s / . i 686 //”)
######## Prepare and compi le k e rne l s ou r c e s and i n s e r tredBorder−ndpi f i l e s ########
# Gathering l i b r a r i e s to bu i ld the ke rne l p roper lyyum i n s t a l l rng−t o o l s . i 686yum i n s t a l l rpm−bu i ld redhat−rpm−c on f i g un ide fyum i n s t a l l gcc p a t c hu t i l s xmlto a s c i i d o c e l f u t i l s − l i b e l f −deve le l f u t i l s −deve l z l i b−deve l b i nu t i l s−deve l newt−deve l python−deve laudit−l i b s−deve l b i son f l e x hmaccalc per l−ExtUti l s−Embed
# Download l a s t k e rne l s ou r c e s from the o f f i c i a l webs i tecdwget http :// vau l t . centos . org /6 .5/ updates /Source /SPackages/ kerne l−${KERNEL VERSION} . s r c . rpm
# I n s t a l l rpm packet downloadedrpm −ivh kerne l−${KERNEL VERSION} . s r c . rpm
# Before we s ta r t , the re i s need to make systemto gen gpg key by rng−t o o l srngd −r /dev/urandom
# Prepare ke rne l s ou r c e scdcd rpmbuild/SPECSrpmbuild −bp ke rne l . spec
# Moving sour c e s to / usr / s r ccp −R / root / rpmbuild/BUILD/ kerne l−${KERNEL VERSION}/ l inux−${KERNEL VERSION} . i 686 / usr / s r c /
# Patching ke rne l and a c t i v a t e new f e a t u r e s inthe ke rne l c on f i gu r a t i on
cdcd p r o j e c t / redBorder−ndpi /patchcp ndpi −2 .6 . 32 . patch / usr / s r c /cd / usr / s r c /patch −p0 < ndpi −2 .6 . 32 . patchcd l inux−${KERNEL VERSION} . i 686 /
186
![Page 49: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/49.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
#we need to remove inc lude /asm tobe ab le to compi le k e rne l a f t e r the patch
rm −r f i n c lude /asmmake menuconfigmakecdcd p r o j e c t / redBirder−ndpi /patch. / inser t new modules . sh
###### Prepare and compi le redBorder−ndpi ########
# Al l o ca t i ng source code proper lycd / usr / s r c /mkdir redBorder−ndpiln −s l inux−${KERNEL VERSION} . i 686 / l inux−dp i p r o j e c tcdcd p r o j e c t / redBorder−ndpi /cp −R nDPI/ / usr / s r c / redBorder−ndpi /cp −R http . c / usr / s r c / redBorder−ndpi
# I n s t a l l i n g patched nDPIcd / usr / s r c / redBorder−ndpi /nDPI/chmod u+x i n s t a l l n d p i . sh. / i n s t a l l n d p i . sh
187
![Page 50: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/50.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
12.16. insert new modules.sh
#!/bin /bash
KERNEL VERSION=$ (uname −r )
s e r v i c e i p t a b l e s stops e r v i c e i p 6 t ab l e s stopcp −R modules /∗ / l i b /modules/$KERNEL VERSION/ extrarmmod n f deg rag ipv4rmmod ipt REJECTrmmod ip6t REJECTdepmod −amodprobe n f d e f r a g i p v 4modprobe n f connt ra ck ipv4modprobe n f connt rackmodprobe x t l 7 s t a t emodprobe x t ndp i c on t r o ls e r v i c e i p t a b l e s r e s t a r t
188
![Page 51: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/51.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
12.17. install-trafficgen.sh
#− I n s t a l a r herramientas de d e s a r r o l l o :LANG=C yum g r oup i n s t a l l ”Development t o o l s ”” Server Platform Development”yum i n s t a l l wi resharkpushd / usr / s r c
#− Descargar l a ult ima ve r s i on de l ibpcapwget http ://www. tcpdump . org / r e l e a s e / l ibpcap −1 . 3 . 0 . ta r . gz &&tar xz f l ibpcap −1 . 3 . 0 . t a r . gz &&pushd l ibpcap −1.5 .3 && ./ con f i gu r e &&make &&make i n s t a l l &&popd
#− Descargar l i bdne t l ibpcapnav tcpdump :wget −O l ibdnet −1.11. ta r . gz ”http :// downloads . s ou r c e f o r g e . net /p r o j e c t / l i bdne t / l i bdne t / l ibdnet −1.11/ l ibdnet −1.11. ta r . gz ?r=http %3A%2F%2Fl ibdnet . s ou r c e f o r g e . net %2F&ts =1349957140&use mi r ro r=f r e e f r ”ta r xz f l ibdnet −1.11. ta r . gz &&pushd l ibdnet −1.11 &&./ con f i gu r e &&make &&make i n s t a l l &&popdwget ”http :// downloads . s ou r c e f o r g e . net /netdude/ l ibpcapnav −0.8 . ta r . gz” &&tar xz f l ibpcapnav −0.8 . ta r . gz && pushd l ibpcapnav −0.8 && ./ con f i gu r e &&make &&make i n s t a l l &&popdwget http ://www. tcpdump . org / r e l e a s e /tcpdump−4 . 3 . 0 . ta r . gz &&tar xz f tcpdump−4 . 5 . 1 . t a r . gz &&pushd tcpdump−4.5 .1 &&./ con f i gu r e &&make &&make i n s t a l l &&popd
#− Descargar f u en t e s de t cprep lay :wget −O tcprep lay −3 . 4 . 4 . t a r . gz ”http :// downloads . s ou r c e f o r g e . net / p r o j e c t/ t cprep lay / t cprep lay /3 . 4 . 4 / tcprep lay −3 . 4 . 4 . t a r . gz ? r=http %3A%2F%2Fsource fo rge . net %2Fpro j e c t s %2Ftcpreplay %2F&ts =1349955503&use mi r ro r=f r e e f r ” &&tar xz f tcprep lay −4 . 0 . 3 . t a r . gz &&pushd tcprep lay −4.0 .3 &&./ con f i gu r e &&make &&
189
![Page 52: 12.1. Comparativa modelos paloalto networks](https://reader036.vdocuments.pub/reader036/viewer/2022073101/62e4b02eeb004812dd4cb347/html5/thumbnails/52.jpg)
Proyecto Fin de Carrera Departamento de Ingenierıa Telematica
make i n s t a l l &&popd
#PROCEDIMIENTO para i n s t a l a c i o n de fprobe :
#− Descargar l a ult ima ve r s i on de fprobewget −O fprobe −1.1 . ta r . bz2 ”http :// downloads . s ou r c e f o r g e . net /p r o j e c t / fprobe / fprobe /1 .1/ fprobe −1.1 . ta r . bz2? r=http %3A%2F%2Fsource fo rge . net %2Fpro j e c t s %2Ffprobe %2F&ts =1389265446&use mi r ro r=czn i c ” &&tar x j f fprobe −1.1 . ta r . bz2 &&pushd fprobe −1.1 &&./ con f i gu r e &&make &&make i n s t a l l &&popdpopd
#− I n s t a l a r f low−t o o l srpm −ivh http :// d l . f e d o r ap r o j e c t . org /pub/ epe l /6/x86 64 / epe l−r e l e a s e −6−8.noarch . rpmyum i n s t a l l f low−t o o l s
190