Changeset 572
- Timestamp:
- 06/22/06 19:55:04 (3 years ago)
- Files:
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
nepenthes/trunk/modules/module-honeytrap/module-honeytrap.cpp
r569 r572 61 61 62 62 63 /* 64 * This module is derived from honeytrap (honeytrap.sf.net) by Werner Tillmann 65 * 66 * The idea is really good, and it as it was easy to make a nepenthes module of it, we stole it 67 * 68 */ 69 70 71 72 63 73 /** 64 74 * as we may need a global pointer to our Nepenthes in our modules, … … 71 81 /** 72 82 * The Constructor 73 * creates a new X2 Module, 74 * X2 is an example for binding a socket & setting up the Dialogue & DialogueFactory 75 * 76 * 77 * it can be used as a shell emu to allow trigger commands 78 * 79 * 80 * sets the following values: 81 * - m_DialogueFactoryName 82 * - m_DialogueFactoryDescription 83 * creates a new ModuleHoneyTrap Module, 83 84 * 84 85 * @param nepenthes the pointer to our Nepenthes 85 86 */ 86 X2::X2(Nepenthes *nepenthes)87 { 88 m_ModuleName = " x-2";89 m_ModuleDescription = " eXample Module 2 -binding sockets & setting up a dialogue example-";87 ModuleHoneyTrap::ModuleHoneyTrap(Nepenthes *nepenthes) 88 { 89 m_ModuleName = "module-honeytrap"; 90 m_ModuleDescription = "open closed ports to accept connections - idea from http://honeytrap.sf.net "; 90 91 m_ModuleRevision = "$Rev$"; 91 92 m_Nepenthes = nepenthes; 92 93 93 94 g_Nepenthes = nepenthes; 95 96 #ifdef HAVE_PCAP 94 97 m_RawListener = NULL; 95 98 #endif 99 100 #ifdef HAVE_IPQ 96 101 m_IPQHandle = NULL; 102 #endif 97 103 98 104 m_HTType = HT_IPQ; 99 105 } 100 106 101 X2::~X2()107 ModuleHoneyTrap::~ModuleHoneyTrap() 102 108 { 103 109 … … 108 114 * Module::Init() 109 115 * 110 * binds the port, adds the DialogueFactory to the Socket111 116 * 112 117 * @return returns true if everything was fine, else false 113 118 * false indicates a fatal error 114 119 */ 115 bool X2::Init() 116 { 117 120 bool ModuleHoneyTrap::Init() 121 { 122 string isupport = ""; 123 124 #ifdef HAVE_PCAP 125 isupport += "pcap,"; 126 #endif 127 128 #ifdef HAVE_IPQ 129 isupport += "ipq"; 130 #endif 131 132 logInfo("ModuleHoneyTrap compiled with support for %s\n",isupport.c_str()); 118 133 119 134 if ( m_Config == NULL ) … … 137 152 { 138 153 m_HTType = HT_PCAP; 154 139 155 }else 140 156 if (mode == "ipq") … … 143 159 }else 144 160 { 145 logCrit("Invlaid mode %s for module-honeytrap\n",mode.c_str()); 146 return false; 147 } 161 logCrit("Invalid mode %s for module-honeytrap\n",mode.c_str()); 162 return false; 163 } 164 165 logInfo("ModuleHoneyTrap mode %s\n",mode.c_str()); 148 166 149 167 bool retval = false; … … 172 190 } 173 191 174 bool X2::Init_IPQ()192 bool ModuleHoneyTrap::Init_IPQ() 175 193 { 176 194 #ifdef HAVE_IPQ … … 192 210 } 193 211 194 bool X2::Init_PCAP()212 bool ModuleHoneyTrap::Init_PCAP() 195 213 { 196 214 … … 248 266 } 249 267 250 bool X2::Exit()268 bool ModuleHoneyTrap::Exit() 251 269 { 252 270 bool retval = false; … … 264 282 } 265 283 266 bool X2::Exit_PCAP()284 bool ModuleHoneyTrap::Exit_PCAP() 267 285 { 268 286 #ifdef HAVE_PCAP … … 292 310 } 293 311 294 bool X2::Exit_IPQ()312 bool ModuleHoneyTrap::Exit_IPQ() 295 313 { 296 314 #ifdef HAVE_IPQ … … 306 324 307 325 308 bool X2::wantSend()326 bool ModuleHoneyTrap::wantSend() 309 327 { 310 328 … … 312 330 } 313 331 314 int32_t X2::doSend()332 int32_t ModuleHoneyTrap::doSend() 315 333 { 316 334 … … 318 336 } 319 337 320 int32_t X2::doRecv()338 int32_t ModuleHoneyTrap::doRecv() 321 339 { 322 340 … … 335 353 } 336 354 337 int32_t X2::doRecv_PCAP()355 int32_t ModuleHoneyTrap::doRecv_PCAP() 338 356 { 339 357 … … 358 376 logInfo("Got RST packet from localhost:%i %i\n",ntohs(tcp->th_sport),tcp->th_sport); 359 377 360 Socket *sock = g_Nepenthes->getSocketMgr()->bindTCPSocket(INADDR_ANY,ntohs(tcp->th_sport), 0,60);378 Socket *sock = g_Nepenthes->getSocketMgr()->bindTCPSocket(INADDR_ANY,ntohs(tcp->th_sport),600,60); 361 379 if ( sock != NULL ) 362 380 { … … 381 399 } 382 400 383 int32_t X2::doRecv_IPQ()401 int32_t ModuleHoneyTrap::doRecv_IPQ() 384 402 { 385 403 logPF(); … … 472 490 logInfo("Connection to unbound port %i requested, binding port\n",ntohs(tcp->th_dport)); 473 491 474 Socket *sock = g_Nepenthes->getSocketMgr()->bindTCPSocket(INADDR_ANY,ntohs(tcp->th_dport), 0,60);492 Socket *sock = g_Nepenthes->getSocketMgr()->bindTCPSocket(INADDR_ANY,ntohs(tcp->th_dport),60,60); 475 493 if ( sock != NULL ) 476 494 { … … 504 522 } 505 523 506 int32_t X2::getSocket()524 int32_t ModuleHoneyTrap::getSocket() 507 525 { 508 526 switch ( m_HTType ) … … 523 541 } 524 542 525 int32_t X2::getsockOpt(int32_t level, int32_t optname,void *optval,socklen_t *optlen)543 int32_t ModuleHoneyTrap::getsockOpt(int32_t level, int32_t optname,void *optval,socklen_t *optlen) 526 544 { 527 545 return getsockopt(getSocket(), level, optname, optval, optlen); … … 529 547 530 548 531 bool X2::isPortListening(uint16_t localport, uint32_t localhost)549 bool ModuleHoneyTrap::isPortListening(uint16_t localport, uint32_t localhost) 532 550 { 533 551 logSpam("looking for %s:%i\n",inet_ntoa(*(struct in_addr *)&localhost),localport); … … 537 555 char line[512]; 538 556 struct sockaddr_in localaddr; //, remaddr; 557 558 /* 559 * parsing logic basically taken from netstat.c tcp_do_one() in net-tools 560 * 561 */ 539 562 540 563 FILE *fp; … … 590 613 if ( version == MODULE_IFACE_VERSION ) 591 614 { 592 *module = new X2(nepenthes);615 *module = new ModuleHoneyTrap(nepenthes); 593 616 return 1; 594 617 } … … 598 621 } 599 622 } 623 nepenthes/trunk/modules/module-honeytrap/module-honeytrap.hpp
r569 r572 142 142 } honeytrap_type; 143 143 144 class X2: public Module, public POLLSocket //, public DialogueFactory144 class ModuleHoneyTrap : public Module, public POLLSocket //, public DialogueFactory 145 145 { 146 146 public: 147 X2(Nepenthes *);148 ~ X2();147 ModuleHoneyTrap(Nepenthes *); 148 ~ModuleHoneyTrap(); 149 149 // Dialogue *createDialogue(Socket *socket); 150 150 bool Init(); … … 170 170 171 171 protected: 172 #ifdef HAVE_PCAP 172 173 pcap_t *m_RawListener; 174 #endif 175 176 #ifdef HAVE_IPQ 177 struct ipq_handle *m_IPQHandle; 178 #endif 179 173 180 Nepenthes *m_Nepenthes; 174 struct ipq_handle *m_IPQHandle;175 176 181 honeytrap_type m_HTType; 177 178 182 }; 179 183
