Main Page | Modules | Class List | Directories | File List | Class Members | File Members | Related Pages
src / preprocessors

portscan.h

Go to the documentation of this file.
00001 #ifndef __PORTSCAN_H__
00002 #define __PORTSCAN_H__
00003 
00004 #ifdef HAVE_CONFIG_H
00005 #include "config.h"
00006 #endif
00007 
00008 #include <time.h>
00009 #ifndef WIN32
00010     #include <sys/time.h>
00011 #endif /* !WIN32 */
00012 
00013 #include "ipobj.h"
00014 
00015 #ifndef WIN32
00016 #ifndef INLINE
00017 #define INLINE inline
00018 #endif
00019 #else
00020 #ifndef INLINE
00021 #define INLINE __inline
00022 #endif
00023 #endif
00024 
00025 #define PS_OPEN_PORTS 8
00026 
00027 typedef struct s_PS_PROTO
00028 {
00029     short          connection_count;
00030     short          priority_count;
00031     short          u_ip_count;
00032     short          u_port_count;
00033 
00034     unsigned short high_p;
00035     unsigned short low_p;
00036     unsigned short u_ports;
00037 
00038     unsigned long  high_ip;
00039     unsigned long  low_ip;
00040     unsigned long  u_ips;
00041 
00042     unsigned short open_ports[PS_OPEN_PORTS];
00043     unsigned char  open_ports_cnt;
00044 
00045     struct timeval event_time;
00046     unsigned int   event_ref;
00047 
00048     unsigned char  alerts;
00049 
00050     time_t         window;
00051 
00052 } PS_PROTO;    
00053 
00054 typedef struct s_PS_TRACKER
00055 {
00056     char     priority_node;
00057     PS_PROTO proto[1];
00058 
00059 } PS_TRACKER;
00060 
00061 typedef struct s_PS_PKT
00062 {
00063     void            *pkt;
00064 
00065     PS_TRACKER      *scanner;
00066     PS_TRACKER      *scanned;
00067 
00068     int              proto;
00069     int              proto_idx;
00070 
00071     int              reverse_pkt;
00072 } PS_PKT;
00073 
00074 #define PS_PROTO_TCP         0x01
00075 #define PS_PROTO_UDP         0x02
00076 #define PS_PROTO_ICMP        0x04
00077 #define PS_PROTO_IP          0x08
00078 #define PS_PROTO_ALL         0x0f
00079 
00080 #define PS_PROTO_OPEN_PORT   0x80
00081 
00082 #define PS_TYPE_PORTSCAN     0x01
00083 #define PS_TYPE_PORTSWEEP    0x02
00084 #define PS_TYPE_DECOYSCAN    0x04
00085 #define PS_TYPE_DISTPORTSCAN 0x08
00086 #define PS_TYPE_ALL          0x0f
00087 
00088 #define PS_SENSE_HIGH        1
00089 #define PS_SENSE_MEDIUM      2
00090 #define PS_SENSE_LOW         3
00091 
00092 #define PS_ALERT_ONE_TO_ONE                1
00093 #define PS_ALERT_ONE_TO_ONE_DECOY          2
00094 #define PS_ALERT_PORTSWEEP                 3
00095 #define PS_ALERT_DISTRIBUTED               4
00096 #define PS_ALERT_ONE_TO_ONE_FILTERED       5
00097 #define PS_ALERT_ONE_TO_ONE_DECOY_FILTERED 6
00098 #define PS_ALERT_DISTRIBUTED_FILTERED      7
00099 #define PS_ALERT_PORTSWEEP_FILTERED        8
00100 #define PS_ALERT_OPEN_PORT                 9
00101 
00102 #define PS_ALERT_GENERATED                 255
00103 
00104 int  ps_init(int detect_scans, int detect_scan_type, int sense_level,
00105         IPSET *ignore_scanners, IPSET *ignore_scanned, IPSET *watch_ip,
00106         int memcap);
00107         
00108 int  ps_detect(PS_PKT *p);
00109 void ps_tracker_print(PS_TRACKER *tracker);
00110 
00111 #endif
00112
Generated on Sun May 14 14:51:15 2006 by  doxygen 1.4.2