[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

lsfcc



  I've been working on a new toy, and it's almost reached the stage of 
basic usability. It's a compiler for the Linux Socket Filter. rlinetd
will work with it. Examples speak louder than words, so:

packet tcphdr
  {
    u_int16_t source;
    u_int16_t dest;
    u_int32_t seq;
    u_int32_t ack_seq;
    u_int16_t flags;
    u_int16_t window;
    u_int16_t check;
    u_int16_t urg_ptr;
};

if((tcphdr[source] == 5000) || (tcphdr[dest] == 5000))
  accept;
deny;

  The above, when run through lsfcc, produces a filter which, when
used with rlinetd's filter directive like so:

service "fish1" {
  port 4004;
  filter "/home/wheel/dichro/out5";
  exec "/usr/bin/zsh";
}

  Gives you a service which can only be accessed from a source port of 
5000.

  There are limitations on what it can do at the moment, but I'm
hoping to resolve most of them in the next few days. To wit, it
currently only handles data from the protocol header downwards (ie,
tcp for a PF_INET/PF_INET6, SOCK_STREAM socket, udp for SOCK_DGRAM),
it has no precedence for operators (forget BIMDAS, bracket everything
;), and it has no predefined headers that you can #include or
anything. Also, it will only handle types in packet declarations that
are 8, 16 or 32 bits long. There's various other things that I've no
doubt forgotten, but I've managed to do something arguably useful with 
it, so I figured I'd tell you all about it.

  Note - this is not a release of any kind, so please don't plaster it 
around web pages or anything. I'll release an 0.1 of this with 0.5 of
rlinetd in the next week or two.

  URL for the basic tarball: http://www.eris.rcpt.to/lsfcc/

m.