Created
September 3, 2021 08:44
-
-
Save farukyildiz/0f451550f5ae66cd7e91ed0fda1ff61b to your computer and use it in GitHub Desktop.
ip address add to pf table
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // clang -I /usr/local/include/ -I sfutil/ -I output-plugins/ -I . -I preprocessors/ -I ../ -I detection-plugins/ -I target-based/ -I /usr/local/include -I /usr/src/sys/net/ -I /usr/src/sbin/pfctl/ -o table_pf table.c | |
| #define IF_NAMESIZE 16 | |
| #define IFNAMSIZ IF_NAMESIZE | |
| #define MAXPATHLEN 1024 | |
| #define PF_TABLE_NAME_SIZE 32 | |
| #define TH_SYN 0x02 | |
| #define TH_ACK 0x10 | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <sys/types.h> | |
| #include <sys/socket.h> | |
| #include <sys/un.h> | |
| #include <signal.h> | |
| #include <unistd.h> | |
| #include <sys/ioctl.h> | |
| #include <sys/socket.h> | |
| #include <pfvar.h> | |
| #include <fcntl.h> | |
| #include <string.h> | |
| #include <assert.h> | |
| #include <errno.h> | |
| #include <err.h> | |
| #include <syslog.h> | |
| #undef inet_ntoa | |
| char *inet_ntoa(struct in_addr in); | |
| // Bu dosya snort.conf icerisinde filename olarak output a tanimlaniyor. | |
| #define UNSOCK_FILE "/var/log/snort/snort_alert" | |
| int sockfd; | |
| struct timeval timeout = { 1, 500000 }; | |
| void | |
| sig_term (int sig) | |
| { | |
| printf ("Exiting!\n"); | |
| close (sockfd); | |
| unlink (UNSOCK_FILE); | |
| exit (1); | |
| } | |
| static int pfctl_ltoprefix(in_addr_t mask) | |
| { | |
| int i; | |
| for (i = 0; mask !=0; i++) { | |
| mask >>= 1; | |
| } | |
| return i; | |
| } | |
| int | |
| main (void) | |
| { | |
| struct in_addr address; | |
| inet_pton(AF_INET, "192.0.2.33", &(address.s_addr)); | |
| char* pf_table_name = "pf_table"; | |
| int dev = open("/dev/pf",O_RDWR); | |
| if( dev == -1) { | |
| fprintf(stderr,"Cannot open /dev/pf\n"); | |
| free(pf_table_name); | |
| return 1; | |
| } | |
| struct pfr_table table; | |
| bzero(&table,sizeof(struct pfr_table)); | |
| strncpy(table.pfrt_name,pf_table_name,strlen(pf_table_name)); | |
| struct pfr_addr addr; | |
| bzero(&addr,sizeof(struct pfr_addr)); | |
| addr.pfra_ip4addr = address; | |
| addr.pfra_af = AF_INET; | |
| addr.pfra_net = pfctl_ltoprefix(0xffffff00); | |
| struct pfioc_table io; | |
| bzero(&io,sizeof(io)); | |
| io.pfrio_table = table; | |
| io.pfrio_buffer = &addr; | |
| io.pfrio_esize = sizeof(struct pfr_addr); | |
| io.pfrio_size = 1; | |
| if(ioctl(dev,DIOCRADDADDRS,&io)) { | |
| printf("Cannot update the table"); | |
| close(dev); | |
| return -1; | |
| } | |
| printf("Finally"); | |
| close(dev); | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment