/usr/include/arpalert.h is in arpalert 2.0.11-7.1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 | /*
* Copyright (c) 2005-2010 Thierry FOURNIER
* $Id: arpalert.h 690 2008-03-31 18:36:43Z $
*
*/
char *arpalert_alert_name[] = {
"ip_change",
"unknow_address",
"black_listed",
"new",
"unauthrq",
"rqabus",
"mac_error",
"flood",
"new_mac",
"mac_change"
};
/* mod_load function
* This function may be implemented in your module.
* Is called when arpalert start
*
* char *config : string for the module set in configuration file
*/
void mod_load(char *config);
/* mod_unlod function
* This function may be implemented in your module.
* Is called when arpalert stop.
*/
void mod_unload(void);
/* mod_alert function
* This function must be implemented in your module.
* is called for each alert.
*
* int type : type of alert
* int nargs : number of arguments
* void **data : argument list
*
* -----------------------------------------
* alert args desc list
* ------------------------------------------
* 0 ip_change 4 interface, mac_sender, ip_sender, old_ip
* 1 unknow_address 3 interface, mac_sender, ip_sender
* 2 black_listed 3 interface, mac_sender, ip_sender
* 3 new 3 interface, mac_sender, ip_sender
* 4 unauthrq 4 interface, mac_sender, ip_sender, ip_requested
* 5 rqabus 3 interface, mac_sender, ip_sender
* 6 mac_error 4 interface, mac_sender, ip_sender, mac_in_arp_request
* 7 flood 3 interface, mac_sender, ip_sender
* 8 new_mac 3 interface, mac_sender, ip_sender,
* 9 mac_change 4 interface, mac_sender, ip_sender, old_mac
*
* types:
* char *interface
* struct ether_addr *mac_sender
* struct in_addr ip_sender
* struct in_addr old_ip
* struct in_addr ip_requested
* struct ether_addr *mac_in_arp_request
* struct ether_addr *old_mac
*
*/
void mod_alert(int type, int nargs, void **data);
/* logmsg function
* This function can used for send logmsg with the arpalert log system
*
* int loglevel : the warn level of the message. this level is
* defined by const LOG_EMERG ... LOG_DEBUG
* const char *fmt : format of message
* ... : arguments (see man 3 printf)
*/
#ifndef LOG_EMERG
#define LOG_EMERG 0
#define LOG_ALERT 1
#define LOG_CRIT 2
#define LOG_ERR 3
#define LOG_WARNING 4
#define LOG_NOTICE 5
#define LOG_INFO 6
#define LOG_DEBUG 7
#endif
void logmsg(int loglevel, const char *fmt, ...);
/* separe function
* The module is launched with full rights
* this function permit to take user config rights
*/
void separe(void);
/* set_option function
* set an internal arpalert option
*
* int opt : option number
* void *value : option value
*/
#define TRUE 1
#define FALSE 0
enum {
CF_MACLIST, // maclist file
CF_LOGFILE, // log file
CF_ACTION, // action on detect
CF_LOCKFILE, // lock file
CF_DAEMON, // daemon
CF_RELOAD, // reload interval
CF_LOGLEVEL, // log level
CF_TIMEOUT, // execution timeout
CF_MAXTH, // max alert
CF_BLACKLST, // maclist alert file
CF_LEASES, // maclist leases file
CF_IF, // interface
CF_ABUS, // max request
CF_MAXENTRY, // max entry
CF_DMPWL, // dump white list
CF_DMPBL, // dump black list
CF_DMPAPP, // dump new address
CF_TOOOLD, // mac timeout
CF_AUTHFILE, // auth request file
CF_IGNORE_UNKNOWN, // ignore unknown sender
CF_DUMP_PAQUET, // dump paquet
CF_DUMP_PACKET, // dump packet
CF_PROMISC, // promiscuous
CF_ANTIFLOOD_INTER, // anti flood interval
CF_ANTIFLOOD_GLOBAL, // anti flood global
CF_IGNORE_ME, // ignore me
CF_UMASK, // umask
CF_USER, // user
CF_CHROOT, // chroot dir
CF_USESYSLOG, // use syslog
CF_IGNORESELFTEST, // ignore self test
CF_UNAUTH_TO_METHOD, // unauth ignore time method
CF_ONLY_ARP, // catch only arp
CF_DUMP_INTER, // dump inter
// mac addr to vendor conversion
CF_MACCONV_FILE, // mac vendor file
CF_LOG_VENDOR, // log mac vendor
CF_ALERT_VENDOR, // alert mac vendor
CF_MOD_VENDOR, // mod mac vendor
// module path
CF_MOD_ALERT, // mod on detect
// module config string
CF_MOD_CONFIG, // mod config
// config alerts for logs
CF_LOG_FLOOD, // log flood
CF_LOG_NEWMAC, // log new mac address
CF_LOG_NEW, // log new address
CF_LOG_MACCHG, // log mac change
CF_LOG_IPCHG, // log ip change
CF_LOG_UNAUTH_RQ, // log unauth request
CF_LOG_BOGON, // log mac error
CF_LOG_ABUS, // log request abus
CF_LOG_ALLOW, // log referenced address
CF_LOG_DENY, // log deny address
// config alerts for script
CF_ALERT_FLOOD, // alert on flood
CF_ALERT_NEWMAC, // alert on new mac address
CF_ALERT_NEW, // alert on new address
CF_ALERT_MACCHG, // alert on mac change
CF_ALERT_IPCHG, // alert on ip change
CF_ALERT_UNAUTH_RQ, // alert on unauth request
CF_ALERT_BOGON, // alert on mac error
CF_ALERT_ABUS, // alert on request abus
CF_ALERT_ALLOW, // alert on referenced address
CF_ALERT_DENY, // alert on deny address
// config alerts for module
CF_MOD_FLOOD, // mod on flood
CF_MOD_NEWMAC, // mod on new mac address
CF_MOD_NEW, // mod on new address
CF_MOD_MACCHG, // mod on mac change
CF_MOD_IPCHG, // mod on ip change
CF_MOD_UNAUTH_RQ, // mod on unauth request
CF_MOD_BOGON, // mod on mac error
CF_MOD_ABUS, // mod on request abus
CF_MOD_ALLOW, // mod on referenced address
CF_MOD_DENY, // mod on deny address
// total number of arguments
NUM_PARAMS
};
void set_option(int opt, void *value);
|