tcpip.def
check point utm-1 r65 de expert modda fw monitor komutunun aldığı filtreler aslında
tcpip.def dosyasında tanımlı define alanlarıdır. sistem bu dosyada tanımlı değişkenlere atanan değerleri alıp akan trafiğe uygulamaktadır. bu dosyanın tüm dökümü aşağıdadır. dosyanın tam yeri
[expert@DN270]# cd /$FWDIR (<-|) komutu verilir ve sonrasında aşağıda ki yoldadır.
/opt/CPsuite-R65/fw1/lib
#ifndef __tcp_ip_def__
#define __tcp_ip_def__
//
// (c) Copyright 1993-2004 Check Point Software Technologies Ltd.
// All rights reserved.
//
// This is proprietary information of Check Point Software Technologies
// Ltd., which is provided for informational purposes only and for use
// solely in conjunction with the authorized use of Check Point Software
// Technologies Ltd. products. The viewing and use of this information is
// subject, to the extent appropriate, to the terms and conditions of the
// license agreement that authorizes the use of the relevant product.
//
// $RCSfile: tcpip.def,v $ $Revision: 1.13.4.2.16.1.4.3 $ $Date: 2004/04/28 10:17:18 $
//
/****************************************************************************
* *
* TCP/IP Protocols fields definition *
* *
****************************************************************************/
/*
* IP
*/
#define ip_tos [ 1 : 1]
#define ip_len [ 2 : 2, b]
#define ip_id [ 4 : 2, b]
#define ip_off [ 6 : 2, b]
#define ip_ttl [ 8 : 1]
#define ip_p [ 9 : 1]
#define ip_sum [ 10 : 2, b]
#define ip_src [ 12 , b]
#define ip_dst [ 16 , b]
#define PROTO_icmp 1
#ifdef IPV6_ENABLED
#define PROTO_icmp6 58
#endif
#define PROTO_tcp 6
#define PROTO_udp 17
#define PROTO_gre 47
#ifdef IPV6_ENABLED
#define IS_IPV4_KERNEL \
((not is_version_at_least(FP4_VER)) or (r_ipv6=0))
#define IPV4_VER (IS_IPV4_KERNEL),
#define IPV4_MATCH (IS_IPV4_KERNEL)
deffunc IS_IPV6_KERNEL() {
( is_version_at_least(FP4_VER), (r_ipv6=1) )
};
#define IPV6_VER (IS_IPV6_KERNEL),
#define IPV6_MATCH (IS_IPV6_KERNEL)
deffunc PACKET_HDRLEN() {
( 20 + (IS_IPV6_KERNEL * 20) )
};
#define ip_len6 [ 4 : 2 ,b]
#define ip_ttl6 [ 7 : 1]
#define ip_p6 [ 6 : 1]
#define ip_src6 sr14
#define ip_dst6 sr15
#define ip_src6p 8
#define ip_dst6p 24
#define ipv6 r_ipv6
#define srcv6_0 [ 8 , b]
#define srcv6_1 [ 12 , b]
#define srcv6_2 [ 16 , b]
#define srcv6_3 [ 20 , b]
#define dstv6_0 [ 24 , b]
#define dstv6_1 [ 28 , b]
#define dstv6_2 [ 32 , b]
#define dstv6_3 [ 36 , b]
#define srcv6 srcv6_0 , srcv6_1, srcv6_2, srcv6_3
#define dstv6 dstv6_0 , dstv6_1, dstv6_2, dstv6_3
#define _srcv6 _srcv6_0 , _srcv6_1, _srcv6_2, _srcv6_3
#define _dstv6 _dstv6_0 , _dstv6_1, _dstv6_2, _dstv6_3
#define v6_zero 0,0,0,0
#define IP_SRC6 [ip_src6p,b],[ip_src6p+4,b],[ip_src6p+8,b],[ip_src6p+12,b]
#define IP_DST6 [ip_dst6p,b],[ip_dst6p+4,b],[ip_dst6p+8,b],[ip_dst6p+12,b]
#else
#define IPV4_VER
#define IPV4_MATCH 1
#define IPV6_MATCH 0
#define IPV6_VER IPV6XXX
#define PACKET_HDRLEN IPV6XXX
#endif /* IPV6_ENABLED */
#define TCPDATA r_data_offset
#define UDPDATA 28
/*
* TCP
*/
#ifndef IPV6_ENABLED
#define th_sport [ 20 : 2, b]
#define th_dport [ 22 : 2, b]
#define th_seq [ 24 , b]
#define th_ack [ 28 , b]
#define th_flags [ 33 : 1]
#define th_win [ 34 : 2, b]
#define th_sum [ 36 : 2, b]
#define th_urp [ 38 : 2, b]
#else
#define th_sport [PACKET_HDRLEN + 0 : 2, b]
#define th_dport [PACKET_HDRLEN + 2 : 2, b]
#define th_seq [PACKET_HDRLEN + 4 , b]
#define th_ack [PACKET_HDRLEN + 8 , b]
#define th_flags [PACKET_HDRLEN + 13 : 1]
#define th_win [PACKET_HDRLEN + 14 : 2, b]
#define th_sum [PACKET_HDRLEN + 16 : 2, b]
#define th_urp [PACKET_HDRLEN + 18 : 2, b]
#endif /* IPV6_ENABLED */
#define TH_FIN 0x1
#define TH_SYN 0x2
#define TH_RST 0x4
#define TH_PUSH 0x8
#define TH_ACK 0x10
#define TH_URG 0x20
/*
* UDP
*/
#ifndef IPV6_ENABLED
#define uh_sport [ 20 : 2, b]
#define uh_dport [ 22 : 2, b]
#define uh_ulen [ 24 : 2, b]
#define uh_sum [ 26 : 2, b]
#else
#define uh_sport [PACKET_HDRLEN + 0 : 2, b]
#define uh_dport [PACKET_HDRLEN + 2 : 2, b]
#define uh_ulen [PACKET_HDRLEN + 4 : 2, b]
#define uh_sum [PACKET_HDRLEN + 6 : 2, b]
#endif /* IPV6_ENABLED */
/*
* ICMP
*/
#define icmp_type [ 20 : 1]
#define icmp_code [ 21 : 1]
#define icmp_cksum [ 22 : 2, b]
#define icmp_id [ 24 : 2, b]
#define icmp_seq [ 26 : 2, b]
#define icmp_idseq [ 24 , b]
#define icmp_ip_tos [ 29 : 1]
#define icmp_ip_len [ 30 : 2, b]
#define icmp_ip_id [ 32 : 2, b]
#define icmp_ip_off [ 34 : 2, b]
#define icmp_ip_ttl [ 36 : 1]
#define icmp_ip_p [ 37 : 1]
#define icmp_ip_sum [ 38 : 2, b]
#define icmp_ip_src [ 40 , b]
#define icmp_ip_dst [ 44 , b]
#define icmp_th_sport [ 48 : 2, b]
#define icmp_th_dport [ 50 : 2, b]
#define icmp_uh_sport [ 48 : 2, b]
#define icmp_uh_dport [ 50 : 2, b]
#define icmp_icmp_id [ 52 : 2, b]
#define icmp_icmp_seq [ 54 : 2, b]
/*
* Definition of type and code field values.
*/
#define ICMP_ECHOREPLY 0 /* echo reply */
#define ICMP_UNREACH 3 /* dest unreachable, codes: */
#define ICMP_UNREACH_NET 0 /* bad net */
#define ICMP_UNREACH_HOST 1 /* bad host */
#define ICMP_UNREACH_PROTOCOL 2 /* bad protocol */
#define ICMP_UNREACH_PORT 3 /* bad port */
#define ICMP_UNREACH_NEEDFRAG 4 /* IP_DF caused drop */
#define ICMP_UNREACH_SRCFAIL 5 /* src route failed */
#define ICMP_SOURCEQUENCH 4 /* packet lost, slow down */
#define ICMP_REDIRECT 5 /* shorter route, codes: */
#define ICMP_REDIRECT_NET 0 /* for network */
#define ICMP_REDIRECT_HOST 1 /* for host */
#define ICMP_REDIRECT_TOSNET 2 /* for tos and net */
#define ICMP_REDIRECT_TOSHOST 3 /* for tos and host */
#define ICMP_ECHO 8 /* echo service */
#define ICMP_ROUTERADVERT 9 /* router advertisement */
#define ICMP_ROUTERSOLICIT 10 /* router solicitation */
#define ICMP_TIMXCEED 11 /* time exceeded, code: */
#define ICMP_TIMXCEED_INTRANS 0 /* ttl==0 in transit */
#define ICMP_TIMXCEED_REASS 1 /* ttl==0 in reass */
#define ICMP_PARAMPROB 12 /* ip header bad */
#define ICMP_TSTAMP 13 /* timestamp request */
#define ICMP_TSTAMPREPLY 14 /* timestamp reply */
#define ICMP_IREQ 15 /* information request */
#define ICMP_IREQREPLY 16 /* information reply */
#define ICMP_MASKREQ 17 /* address mask request */
#define ICMP_MASKREPLY 18 /* address mask reply */
#ifdef IPV6_ENABLED
/*
* ICMPv6
*/
#define icmp6_type [ 40 : 1]
#define icmp6_code [ 41 : 1]
#define icmp6_cksum [ 42 : 2, b]
/* ICMPv6 error types */
#define ICMP6_DST_UNREACH 1
#define ICMP6_PACKET_TOO_BIG 2
#define ICMP6_TIME_EXCEEDED 3
#define ICMP6_PARAM_PROB 4
/* ICMPv6 query types */
#define ICMP6_ECHO_REQUEST 128
#define ICMP6_ECHO_REPLY 129
/* ICMPv6 group membership types */
#define ICMP6_MEMBERSHIP_QUERY 130
#define ICMP6_MEMBERSHIP_REPORT 131
#define ICMP6_MEMBERSHIP_REDUCTION 132
/* types for neighbor discovery */
#define ND_ROUTER_SOLICIT 133
#define ND_ROUTER_ADVERT 134
#define ND_NEIGHBOR_SOLICIT 135
#define ND_NEIGHBOR_ADVERT 136
#define ND_REDIRECT 137
#endif /* IPV6_ENABLED */
#ifdef IPV6_ENABLED
#define ICMPv6_ANY_CODE 999
#define ICMPv6_MATCH(type,code) \
(IPV6_MATCH, icmp6_type=type, \
(code=ICMPv6_ANY_CODE or icmp6_code=code))
#else
#define ICMPv6_MATCH(type,code) IPV6_NOT_ENABLED
#endif
/*
* Sun RPC
*/
#define rm_xid [ 28 , b]
#define rm_direction [ 32 , b]
#define rm_ansport [ 52 , b]
#define cb_rpcvers [ 36 , b]
#define cb_prog [ 40 , b]
#define cb_vers [ 44 , b]
#define cb_proc [ 48 , b]
#define cb_cred_oa_flavor [ 52 , b]
#define cb_cred_oa_base [ 56 , b]
#define cb_cred_oa_length [ 60 , b]
#define cb_verf_oa_flavor [ 64 , b]
#define cb_verf_oa_base [ 68 , b]
#define cb_verf_oa_length [ 72 , b]
#define rpc_cred_len [(UDPDATA+28),b]
#define rpc_ver_len [(UDPDATA+36+rpc_cred_len),b]
#define pm_prog [(UDPDATA+40+rpc_cred_len+rpc_ver_len),b]
#define pm_prot [(UDPDATA+48+rpc_cred_len+rpc_ver_len),b]
#define pm_vers [(UDPDATA+52+rpc_cred_len+rpc_ver_len),b]
#define pm_port [(UDPDATA+60+rpc_cred_len+rpc_ver_len),b]
#define PMAPPROC_GETPORT 3
#define PMAPPROC_CALLIT 5
#define rdp_magic [ 28 , b]
#define rdp_cmd [ 32 , b]
#define cr_src [ 44 , b]
#define cr_dst [ 48 , b]
#define cr_sport [ 52 : 2, b]
#define cr_dport [ 54 : 2, b]
#define cr_p [ 56 : 1]
#define sr_cr_src [ 36 , b]
#define sr_cr_dst [ 40 , b]
/*
* RIP
*/
#define rip_cmd [ 28 : 1]
#define rip_vers [ 29 : 1]
#define RIP_PORT 0x208
#ifdef IPV6_ENABLED
#define RIPV6_PORT 0x209
#endif
#define RIPCMD_REQUEST 0x1
#define RIPCMD_RESPONSE 0x2
// OSPF was never tested. Use with caution.
#define OSPF_IPPROTO 0x59
#define ospf_version [ 20 : 1]
#define ospf_type [ 21 : 1]
#define ospf_length [ 22 : 2, b]
#define ospf_rtr_id [ 24 , b]
#define ospf_area_id [ 28 , b]
#define OSPF_MON 0x0
#define OSPF_HELLO 0x1
#define OSPF_DB_DESCRIPT 0x2
#define OSPF_LSR 0x3
#define OSPF_LSU 0x4
#define OSPF_ACK 0x5
// BGP was never tested. Use with caution.
#define BGP_PORT 0xb3
#define bgp_marker [ 40 : 16]
#define bgp_length [ 56 : 2, b]
#define bgp_type [ 58 : 1]
#define BGP_OPEN 0x1
#define BGP_UPDATE 0x2
#define BGP_NOTIFICATION 0x3
#define BGP_KEEPALIVE 0x4
// EGP was never tested. Use with caution.
#define EGP_IPPROTO 0x8
#define egp_ver [ 20 : 1]
#define egp_type [ 21 : 1]
#define egp_code [ 22 : 1]
#define egp_status [ 23 : 1]
#define egp_chksum [ 24 : 2, b]
#define egp_system [ 26 : 2, b]
#define egp_seqnum [ 28 : 2, b]
#define EGP_PKT_NR 0x1
#define EGP_PKT_POLL 0x2
#define EGP_PKT_ACQUIRE 0x3
#define EGP_PKT_HELLO 0x5
#define EGP_PKT_ERROR 0x8
#define udp_header_sz 28
// tcp states
define syn { th_flags & TH_SYN };
define fin { th_flags & TH_FIN };
define rst { th_flags & TH_RST };
define ack { th_flags & TH_ACK };
define first { th_flags & TH_SYN, not (th_flags & TH_ACK) };
define established { (th_flags & TH_ACK) or ((th_flags & TH_SYN) = 0) };
define not_first { not ( th_flags & TH_SYN ) };
define last { th_flags & TH_FIN, th_flags & TH_ACK };
define tcpdone { fin or rst };
#endif /* __tcp_ip_def__ */
Son Yorumlar