fltedit.c

一个网络流量分析的完整的程序

/***

fltedit.c	- TCP/UDP Filter Editing Facility

Copyright (c) Gerard Paul Java 1999, 2001

This software is open-source; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed WITHOUT ANY WARRANTY; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License in the included COPYING file for
details.

***/

#include <curses.h>
#include <panel.h>
#include <string.h>
#include <ctype.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <time.h>  
#include <menurt.h>
#include <winops.h>
#include <labels.h>
#include <msgboxes.h>
#include "fltdefs.h"
#include "fltmgr.h"
#include "othipflt.h"
#include "utfilter.h"
#include "dirs.h"
#include "getpath.h"
#include "attrs.h"
#include "deskman.h"
#include "error.h"

extern int daemonized;

/*
 * Union to hold both TCP/UDP and other IP filter parameters
 */
 
union hp_un {
    struct hostparams ut_hp;
    struct othipfltdata othip_data;
};

void init_filter_table(struct filterlist *fl)
{
    fl->head = fl->tail = NULL;
}

void definefilter(int protocol, int *aborted)
{
    struct filterfileent ffile;
    struct filterent fe;
    char fntemp[14];

    int pfd;
    int bw;
    int resp;

    /*
     * Lock facility
     */

    if (!mark_filter_change(protocol))
	return;

    get_filter_description(ffile.desc, aborted, "");

    if (*aborted) {
	clear_flt_tag(protocol);
	return;
    }
    genname(time((time_t *) NULL), fntemp);

    pfd =
	open(get_path(T_WORKDIR, fntemp), O_CREAT | O_WRONLY | O_TRUNC,
	     S_IRUSR | S_IWUSR);
    if (pfd < 0) {
	tx_errbox("Cannot create filter data file", ANYKEY_MSG,
	       &resp);
	*aborted = 1;
	clear_flt_tag(protocol);
	return;
    }
    do {
        if (protocol != F_OTHERIP)
	    gethostparams(&(fe.un.hp), aborted, "", "", "", "0.0.0.0", "0.0.0.0", "0",
		          "I");
	else {
	    bzero(&(fe.un.othipdata), sizeof(struct othipfltdata));
	    get_othip_hostparams(&(fe.un.othipdata), "", "", "0.0.0.0", "0.0.0.0", aborted);
        }
        
	if (!(*aborted)) {
	    if (protocol != F_OTHERIP)
	        bw = write(pfd, &(fe.un.hp), sizeof(struct hostparams));
	    else
	        bw = write(pfd, &(fe.un.othipdata), sizeof(struct othipfltdata));

	    if (bw < 0) {
		tx_errbox("Unable to write filter data", ANYKEY_MSG,
		       &resp);
		close(pfd);
		clear_flt_tag(protocol);
		return;
	    }
	}
    } while (!(*aborted));

    close(pfd);

    if (protocol == F_TCP)
	pfd =
	    open(TCPFLNAME, O_CREAT | O_WRONLY | O_APPEND,
		 S_IRUSR | S_IWUSR);
    else if (protocol == F_UDP)
	pfd =
	    open(UDPFLNAME, O_CREAT | O_WRONLY | O_APPEND,
		 S_IRUSR | S_IWUSR);
    else if (protocol == F_OTHERIP)
        pfd = 
            open(OTHIPFLNAME, O_CREAT | O_WRONLY | O_APPEND,
                 S_IRUSR | S_IWUSR);
                 
    if (pfd < 0) {
	listfileerr(1);
	clear_flt_tag(protocol);
	return;
    }
    strcpy(ffile.filename, fntemp);
    bw = write(pfd, &ffile, sizeof(struct filterfileent));
    if (bw < 0)
	listfileerr(2);

    close(pfd);

    clear_flt_tag(protocol);
}

/* 
 * Loads the filter from the filter file
 */

int loadfilter(int protocol, char *filename, struct filterlist *fl, int resolve)
{
    struct filterent *fe;
    int pfd;
    unsigned int idx = 0;
    int br;
    int resolv_err = 0;
    char protocol_str[10];
    char err_msg[80];
    
    init_filter_table(fl);

    pfd = open(filename, O_RDONLY);

    if (pfd < 0) {
        bzero(err_msg, 80);
        if (protocol == F_TCP)
            strcpy(protocol_str, "TCP");
        else if (protocol == F_UDP)
            strcpy(protocol_str, "UDP");
        else
            strcpy(protocol_str, "misc IP");
        
        snprintf(err_msg, 80, "Error opening %s filter data file", protocol_str);     
	write_error(err_msg, daemonized);
	fl->head = NULL;
	return 1;
    }
    do {
	fe = malloc(sizeof(struct filterent));
	if (protocol != F_OTHERIP)
	    br = read(pfd, &(fe->un.hp), sizeof(struct hostparams));
        else
            br = read(pfd, &(fe->un.othipdata), sizeof(struct othipfltdata));
            
	if (br > 0) {
	    fe->index = idx;
	    if (resolve) {
		fe->saddr = nametoaddr(fe->un.hp.s_fqdn, &resolv_err);
		fe->daddr = nametoaddr(fe->un.hp.d_fqdn, &resolv_err);

		if (resolv_err) {
		    free(fe);
		    continue;
		}

		fe->smask = inet_addr(fe->un.hp.s_mask);
		fe->dmask = inet_addr(fe->un.hp.d_mask);
	    }
	    if (fl->head == NULL) {
		fl->head = fe;
		fe->prev_entry = NULL;
	    } else {
		fl->tail->next_entry = fe;
		fe->prev_entry = fl->tail;
	    }
	    fe->next_entry = NULL;
	    fl->tail = fe;
	    idx++;
	} else {
	    free(fe);
	}
    } while (br > 0);

    if (br == 0)
	close(pfd);

    return 0;
}

void savefilter(unsigned int protocol, char *filename,
		struct filterlist *fl)
{
    struct filterent *fe = fl->head;
    int pfd;
    int bw;
    int resp;

    pfd = open(filename, O_CREAT | O_TRUNC | O_WRONLY, S_IRUSR | S_IWUSR);

    while (fe != NULL) {
        if (protocol != F_OTHERIP)
	    bw = write(pfd, &(fe->un.hp), sizeof(struct hostparams));
	else
	    bw = write(pfd, &(fe->un.othipdata), sizeof(struct othipfltdata));
	
	if (bw < 0) {
	    tx_errbox("Unable to save filter changes", ANYKEY_MSG, &resp);
	    clear_flt_tag(protocol);
	    return;
	}
	fe = fe->next_entry;
    }

    close(pfd);
}

/* 
 * Remove a currently applied filter from memory
 */

void destroyfilter(struct filterlist *fl)
{
    struct filterent *fe;
    struct filterent *cfe;

    if (fl->head != NULL) {
	fe = fl->head;
	cfe = fl->head->next_entry;

	do {
	    free(fe);
	    fe = cfe;
	    if (cfe != NULL)
		cfe = cfe->next_entry;
	} while (fe != NULL);

	fl->head = fl->tail = NULL;
    }
}

void print_hostparam_line(int protocol, struct filterent *fe, int idx, WINDOW * win, 
                          int attr)
{
    wattrset(win, attr);

    scrollok(win, 0);
    mvwprintw(win, idx, 0, "%78c", ' ');

    if (protocol != F_OTHERIP) {
        mvwaddnstr(win, idx, 2, fe->un.hp.s_fqdn, 15);
        wprintw(win, "/");
        waddnstr(win, fe->un.hp.s_mask, 12);
        wprintw(win, ":%u", fe->un.hp.sport);
        mvwaddnstr(win, idx, 38, fe->un.hp.d_fqdn, 15);
        wprintw(win, "/");
        waddnstr(win, fe->un.hp.d_mask, 12);
        wprintw(win, ":%u", fe->un.hp.dport);
        mvwprintw(win, idx, 76, "%c", toupper(fe->un.hp.reverse));
    } else {
        mvwaddnstr(win, idx, 2, fe->un.othipdata.hp.s_fqdn, 15);
        wprintw(win, "/");
        waddnstr(win, fe->un.othipdata.hp.s_mask, 15);
        mvwaddnstr(win, idx, 38, fe->un.othipdata.hp.d_fqdn, 15);
        wprintw(win, "/");
        waddnstr(win, fe->un.othipdata.hp.d_mask, 15);
        mvwprintw(win, idx, 76, "%c", toupper(fe->un.othipdata.hp.reverse));
    }
}

void update_hp_screen(int protocol, struct filterlist *fl,
		      struct filterent *firstvisible, WINDOW * win)
{
    struct filterent *ftmp = firstvisible;
    int i;

    wattrset(win, STDATTR);
    if (firstvisible == NULL) {
	mvwprintw(win, 0, 0, "%78c", ' ');
	return;
    }

    scrollok(win, 0);
    for (i = 0; i <= 12; i++) {
	if (ftmp != NULL) {
	    print_hostparam_line(protocol, ftmp, i, win, STDATTR);
	    ftmp = ftmp->next_entry;
	} else {
	    mvwprintw(win, i, 0, "%78c", ' ');
	}
    }
    scrollok(win, 1);
}

int new_hp_entry(struct filterent **ftemp)
{
    int resp;
    *ftemp = malloc(sizeof(struct filterent));
    if (*ftemp == NULL) {
	tx_errbox("No memory for new filter entry", ANYKEY_MSG, &resp);
	return 0;
    }
    
    bzero(*ftemp, sizeof(struct filterent));
    return 1;
}

void show_matched_protocols(WINDOW *win, struct filterent *fe)
{
    char protocols[80];
    
    bzero(protocols, 80);
    strcpy(protocols, "Matches: ");
    
    if (fe->un.othipdata.filters[F_ICMP])
        strcat(protocols, "ICMP  ");
    if (fe->un.othipdata.filters[F_IGMP])
        strcat(protocols, "IGMP  ");
    if (fe->un.othipdata.filters[F_OSPF])
        strcat(protocols, "OSPF  ");
    if (fe->un.othipdata.filters[F_IGP])
        strcat(protocols, "IGP  ");
    if (fe->un.othipdata.filters[F_IGRP])
        strcat(protocols, "IGRP  ");
    if (fe->un.othipdata.filters[F_GRE])
        strcat(protocols, "GRE  ");
    if (fe->un.othipdata.filters[F_OTHERIP])
        strcat(protocols, "Other IP");

    mvwprintw(win, 0, 0, "%80c", ' ');        
    mvwprintw(win, 0, 1, protocols);
}

void modify_host_parameters(unsigned int protocol, struct filterlist *fl)
{
    WINDOW *bwin;
    PANEL *bpanel;
    WINDOW *win;
    PANEL *panel;
    WINDOW *swin = NULL;
    PANEL *spanel = NULL;
    struct filterent *fe;
    struct filterent *ftemp;
    
    struct filterent *firstvisible = NULL;    /* cast to struct filterent */
    
    unsigned int idx = 0;
    int endloop_local = 0;
    int ch;
    int gh_aborted = 0;
    char s_portstr[8];
    char d_portstr[8];
    char inexstr[2];
    char sp_buf[10];
    union hp_un hptemp;

    bwin = newwin(15, 80, (LINES - 15) / 2, (COLS - 80) / 2);
    
    bpanel = new_panel(bwin);
    win = newwin(13, 78, (LINES - 13) / 2, (COLS - 78) / 2);
    panel = new_panel(win);
    
    if (protocol == F_OTHERIP) {
        swin = newwin(1, COLS, (LINES - 15) / 2 + 15, 0);