This file is indexed.

/usr/src/xtables-addons-2.3/libxt_psd.c is in xtables-addons-dkms 2.3-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
/*
  Shared library add-on to iptables to add PSD support

  Copyright (C) 2000,2001 astaro AG

  This file is distributed under the terms of the GNU General Public
  License (GPL). Copies of the GPL can be obtained from:
     ftp://prep.ai.mit.edu/pub/gnu/GPL

  2000-05-04 Markus Hennig <hennig@astaro.de> : initial
  2000-08-18 Dennis Koslowski <koslowski@astaro.de> : first release
  2000-12-01 Dennis Koslowski <koslowski@astaro.de> : UDP scans detection added
  2001-02-04 Jan Rekorajski <baggins@pld.org.pl> : converted from target to match
  2003-03-02 Harald Welte <laforge@netfilter.org>: fix 'storage' bug
  2008-04-03 Mohd Nawawi <nawawi@tracenetworkcorporation.com>: update to 2.6.24 / 1.4 code
  2008-06-24 Mohd Nawawi <nawawi@tracenetworkcorporation.com>: update to 2.6.24 / 1.4.1 code
  2009-08-07 Mohd Nawawi Mohamad Jamili <nawawi@tracenetworkcorporation.com> : ported to xtables-addons
*/

#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <netdb.h>
#include <string.h>
#include <stdlib.h>
#include <syslog.h>
#include <getopt.h>
#include <xtables.h>
#include <linux/netfilter/x_tables.h>
#include "xt_psd.h"
#include "compat_user.h"

#define SCAN_DELAY_THRESHOLD		300

/* Function which prints out usage message. */
static void psd_mt_help(void) {
	printf(
		"psd match options:\n"
		" --psd-weight-threshold threshhold  Portscan detection weight threshold\n"
		" --psd-delay-threshold  delay       Portscan detection delay threshold\n"
		" --psd-lo-ports-weight  lo          Privileged ports weight\n"
		" --psd-hi-ports-weight  hi          High ports weight\n\n");
}

static const struct option psd_mt_opts[] = {
	{.name = "psd-weight-threshold", .has_arg = true, .val = '1'},
	{.name = "psd-delay-threshold", .has_arg = true, .val = '2'},
	{.name = "psd-lo-ports-weight", .has_arg = true, .val = '3'},
	{.name = "psd-hi-ports-weight", .has_arg = true, .val = '4'},
	{NULL}
};

/* Initialize the target. */
static void psd_mt_init(struct xt_entry_match *match) {
	struct xt_psd_info *psdinfo = (struct xt_psd_info *)match->data;
	psdinfo->weight_threshold = SCAN_WEIGHT_THRESHOLD;
	psdinfo->delay_threshold = SCAN_DELAY_THRESHOLD;
	psdinfo->lo_ports_weight = PORT_WEIGHT_PRIV;
	psdinfo->hi_ports_weight = PORT_WEIGHT_HIGH;
}

#define XT_PSD_OPT_CTRESH 0x01
#define XT_PSD_OPT_DTRESH 0x02
#define XT_PSD_OPT_LPWEIGHT 0x04
#define XT_PSD_OPT_HPWEIGHT 0x08

static int psd_mt_parse(int c, char **argv, int invert, unsigned int *flags,
                     const void *entry, struct xt_entry_match **match)
{
	struct xt_psd_info *psdinfo = (struct xt_psd_info *)(*match)->data;
	unsigned int num;

	switch (c) {
		/* PSD-weight-threshold */
		case '1':
			if (*flags & XT_PSD_OPT_CTRESH)
				xtables_error(PARAMETER_PROBLEM,"Can't specify --psd-weight-threshold twice");
			if (!xtables_strtoui(optarg, NULL, &num, 0, PSD_MAX_RATE))
				xtables_error(PARAMETER_PROBLEM, "bad --psd-weight-threshold '%s'", optarg);
			psdinfo->weight_threshold = num;
			*flags |= XT_PSD_OPT_CTRESH;
			return true;

		/* PSD-delay-threshold */
		case '2':
			if (*flags & XT_PSD_OPT_DTRESH)
				xtables_error(PARAMETER_PROBLEM, "Can't specify --psd-delay-threshold twice");
			if (!xtables_strtoui(optarg, NULL, &num, 0, PSD_MAX_RATE))
				xtables_error(PARAMETER_PROBLEM, "bad --psd-delay-threshold '%s'", optarg);
			psdinfo->delay_threshold = num;
			*flags |= XT_PSD_OPT_DTRESH;
			return true;

		/* PSD-lo-ports-weight */
		case '3':
			if (*flags & XT_PSD_OPT_LPWEIGHT)
				xtables_error(PARAMETER_PROBLEM, "Can't specify --psd-lo-ports-weight twice");
			if (!xtables_strtoui(optarg, NULL, &num, 0, PSD_MAX_RATE))
				xtables_error(PARAMETER_PROBLEM, "bad --psd-lo-ports-weight '%s'", optarg);
			psdinfo->lo_ports_weight = num;
			*flags |= XT_PSD_OPT_LPWEIGHT;
			return true;

		/* PSD-hi-ports-weight */
		case '4':
			if (*flags & XT_PSD_OPT_HPWEIGHT)
				xtables_error(PARAMETER_PROBLEM, "Can't specify --psd-hi-ports-weight twice");
			if (!xtables_strtoui(optarg, NULL, &num, 0, PSD_MAX_RATE))
				xtables_error(PARAMETER_PROBLEM, "bad --psd-hi-ports-weight '%s'", optarg);
			psdinfo->hi_ports_weight = num;
			*flags |= XT_PSD_OPT_HPWEIGHT;
			return true;
	}
	return false;
}

/* Final check; nothing. */
static void psd_mt_final_check(unsigned int flags) {}

static void psd_mt_save(const void *ip, const struct xt_entry_match *match)
{
	const struct xt_psd_info *psdinfo = (const struct xt_psd_info *)match->data;
	printf(" --psd-weight-threshold %u ", psdinfo->weight_threshold);
	printf("--psd-delay-threshold %u ", psdinfo->delay_threshold);
	printf("--psd-lo-ports-weight %u ", psdinfo->lo_ports_weight);
	printf("--psd-hi-ports-weight %u ", psdinfo->hi_ports_weight);
}

static void psd_mt_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
	printf(" -m psd");
	psd_mt_save(ip, match);
}

static struct xtables_match psd_mt_reg = {
	.name           = "psd",
	.version        = XTABLES_VERSION,
	.revision       = 1,
	.family         = NFPROTO_UNSPEC,
	.size           = XT_ALIGN(sizeof(struct xt_psd_info)),
	.userspacesize	= XT_ALIGN(sizeof(struct xt_psd_info)),
	.help           = psd_mt_help,
	.init           = psd_mt_init,
	.parse          = psd_mt_parse,
	.final_check    = psd_mt_final_check,
	.print          = psd_mt_print,
	.save           = psd_mt_save,
	.extra_opts     = psd_mt_opts,
};

static __attribute__((constructor)) void psd_mt_ldr(void)
{
	xtables_register_match(&psd_mt_reg);
}