Refactor project

p4/piglet-drop.p4

@@ -186,7 +186,11 @@ control MyProcessing(inout headers hdr,
     }
 
     action check_udp_rules() {
-
+is_safe = is_safe && !(((hdr.ipv4.src & 0x0) == 0x00000000) && ((hdr.ipv4.dst & 0xffffff00) == 0xc0a80100) && ((hdr.udp.dst_port == 22)));
+is_safe = is_safe && !(((hdr.ipv4.src & 0x0) == 0x00000000) && ((hdr.ipv4.dst & 0xffffff00) == 0xc0a80100) && ((hdr.udp.dst_port == 1433)));
+is_safe = is_safe && !(((hdr.ipv4.src & 0x0) == 0x00000000) && ((hdr.ipv4.dst & 0xffffff00) == 0xc0a80100) && ((hdr.udp.dst_port == 80)));
+is_safe = is_safe && !(((hdr.ipv4.src & 0x0) == 0x00000000) && ((hdr.ipv4.dst & 0xffffff00) == 0xc0a80100) && ((hdr.udp.dst_port == 21)));
+is_safe = is_safe && !(((hdr.ipv4.src & 0x0) == 0x00000000) && ((hdr.ipv4.dst & 0xffffff00) == 0xc0a80100) && ((hdr.udp.dst_port == 28881)));
     }
 
     action check_tcp_rules() {

p4/ruleset/droprule.rules

@@ -1,5 +1,10 @@
-drop icmp any any -> $HOME_NET any (msg:"--> Drop the ping cmd!"; dsize:>5000; gid:1000002; sid:1000002; rev:1;)
+drop icmp any any -> $HOME_NET any (msg:"--> Drop the ping cmd!"; dsize:>5000; gid:1000002; sid:1000000; rev:1;)
 drop tcp any any -> $HOME_NET 22 (msg:"SSH Brute Force Attempt"; flow:to_server,established; content:"SSH-"; depth:4; detection_filter:track by_src, count 5, seconds 60; sid:100001;)
 drop tcp any any -> $HOME_NET 1433 (msg:"SQL Injection Attempt"; flow:to_server,established; content:"'"; pcre:"/(%27)|(')|(--)|(%23)|(#)/i"; sid:100002;)
 drop tcp any any -> $HOME_NET 80 (msg:"HTTP Shell Command Execution"; flow:to_server,established; content:"|0d 0a|"; content:"User-Agent|3a|"; http_header; pcre:"/(?:cmd|shell_exec|passthru|exec|system|popen|proc_open|pcntl_exec)\s*(/i"; sid:100003;)
-drop tcp any any -> $HOME_NET 21 (msg:"FTP Brute Force Attempt"; flow:to_server,established; content:"530"; depth:3; detection_filter:track by_src, count 5, seconds 60; sid:100004;)
+drop tcp any any -> $HOME_NET 21 (msg:"FTP Brute Force Attempt"; flow:to_server,established; content:"530"; depth:3; detection_filter:track by_src, count 5, seconds 60; sid:100004;)
+drop udp any any -> $HOME_NET 22 (msg:"SSH Brute Force Attempt"; flow:to_server,established; content:"SSH-"; depth:4; detection_filter:track by_src, count 5, seconds 60; sid:100005;)
+drop udp any any -> $HOME_NET 1433 (msg:"SQL Injection Attempt"; flow:to_server,established; content:"'"; pcre:"/(%27)|(')|(--)|(%23)|(#)/i"; sid:100006;)
+drop udp any any -> $HOME_NET 80 (msg:"HTTP Shell Command Execution"; flow:to_server,established; content:"|0d 0a|"; content:"User-Agent|3a|"; http_header; pcre:"/(?:cmd|shell_exec|passthru|exec|system|popen|proc_open|pcntl_exec)\s*(/i"; sid:100007;)
+drop udp any any -> $HOME_NET 21 (msg:"FTP Brute Force Attempt"; flow:to_server,established; content:"530"; depth:3; detection_filter:track by_src, count 5, seconds 60; sid:100008;)
+drop udp any any -> $HOME_NET 28881 (msg:"Dummy Rules"; flow:to_server,established; content:"530"; depth:3; detection_filter:track by_src, count 5, seconds 60; sid:100008;)

softwares/dma-proxy/Common/dma-proxy.h

@@ -25,7 +25,7 @@
 
 #define T_BUFFER unsigned char
 
-#define BUFFER_SIZE (128 * 1024)	 	/* must match driver exactly */
+#define BUFFER_SIZE (8 * 2048)	 	/* must match driver exactly */
 #define BUFFER_SLOT_COUNT (BUFFER_SIZE / sizeof(T_BUFFER))
 #define BUFFER_COUNT 32					/* driver only */