annids.c

一个入侵检测小程序,用C编写,linux环境

//annids.c


#include"annids.h"


int main(int argc,char **argv)
{

  int write_yn;

  ctrl_c=0;
  write_yn=0;

  if(signal(SIGINT,&TermSig)==SIG_ERR)
    {
      printf("Can not register signal handler!\n");
    }

  Order(argc,argv);
  if(study_detect)
    {
      printf("                        HELLO! ANNIDS IS RUNNING IN STUDY MODE.\nYou can stop it by push Ctrl+c\n");
    }
  else
    {
      printf("                        HELLO! ANNIDS IS RUNNING IN DETECT MODE.\nYou can stop it by push Ctrl+c\n");
    }

  //initial the w21[] and w12[]
  
  strcpy(p_w21,neural_w21);
  strcpy(p_w12,neural_w21);
  strcpy(p_equsum,neural_w21);
  
  strcat(p_w21,"/w21.txt");
  strcat(p_w12,"/w12.txt");
  strcat(p_equsum,"/equ_sum.txt");

  InitWeight();
  input_sum=0;


  PcapLoop(); 

  switch(over_for)
    {
    case 1:
      printf("Quit successfully!\n");
      break;

    case 21:
      //write w21[]w12[],equ_sum
      write_yn=1;
      printf("The study of neural is over for study %d packet!\n",M_IN);
      break;

    case 22:
      //write w21[]w12[],equ_sum
      write_yn=1;
      printf("The study of neural is over successfully!\n");
      break;

    case 3:
      //write w21[]w12[],equ_sum
      write_yn=1;
      printf("Study has been quited,you can continue later!\n");
      break;

    }
    
  if(write_yn)
    {
      if((f_w21=fopen(p_w21,"w+"))==NULL)
	{

	  if(mkdir(neural_w21,S_IRWXU)<0)
	    {
	      printf("mkdir %s failed:%s!\n",neural_w21,strerror(errno));
	      exit(1);
	    }

	  if((f_w21=fopen(p_w21,"w+"))==NULL)
	    {
	      printf("open file w21.txt to write failed:%s!\n",strerror(errno));
	      exit(1);
	    }

	}
      for(i1=0;i1<S1;i1++)
	{
	  for(i2=0;i2<S2;i2++)
	    {    
	      fprintf(f_w21,"w21[%d][%d]=%d\n",i1,i2,w21[i1][i2]);
	    }
	}
      fclose(f_w21);

      if((f_w12=fopen(p_w12,"w+"))==NULL)
	{

	  if(mkdir(neural_w21,S_IRWXU)<0)
	    {
	      printf("mkdir %s failed:%s!\n",neural_w21,strerror(errno));
	      exit(1);
	    }

	  if((f_w12=fopen(p_w12,"w+"))==NULL)
	    {
	      printf("open file w12.txt to write failed:%s!\n",strerror(errno));
	      exit(1);
	    }

	}
      for(i2=0;i2<S2;i2++)
	{
	  for(i1=0;i1<S1;i1++)
	    {    
	      fprintf(f_w12,"w12[%d][%d]=%f\n",i2,i1,w12[i2][i1]);
	    }
	}
      fclose(f_w12);

      if((f_equsum=fopen(p_equsum,"w+"))==NULL)
	{
	  if(mkdir(neural_w21,S_IRWXU)<0)
	    {
	      printf("mkdir %s failed:%s!\n",neural_w21,strerror(errno));
	      exit(1);
	    }

	  if((f_equsum=fopen(p_equsum,"w+"))==NULL)
	    {
	      printf("open file equ_sum.txt to write failed:%s!\n",strerror(errno));
	      exit(1);
	    }
	 
	}
      fprintf(f_equsum,"equ_sum=%d\n",equ_sum);
      fclose(f_equsum);

      printf("the weight matrix w21[] is saved in:%s\n",p_w21);
      printf("the weight matrix w12[] is saved in:%s\n",p_w12);
      printf("the nochange times of w21[] is saved in:%s\n",p_equsum);

    }
  return 0;
}


/*function order()*/
int Order(int argc,char **argv)
{
  extern char *optarg;
  char order;
  int n_w21;//whether appoint the path of weight matrixw21[]
  int i_file;//whether appoint the path of intrusion record file 


  n_w21=0;
  i_file=0;
  con_stu=0;
  study_detect=0;

  while((order=getopt(argc,argv,"scw:i:?"))!=EOF)
    {
      switch(order)
	{
	  case's':/*study*/
	    study_detect=1;

	  break;

	  case'c':
	    con_stu=1;
	  break;

          case'w':/*appoint the path of weight matrix w21[] and w12[] and equ_sum*/
	    n_w21=1;
	    bzero(neural_w21,BUF_SIZE);
            strncpy(neural_w21,optarg,BUF_SIZE-1);  
#ifdef DEBUG
	    printf("neural_w21 file:%s\n",neural_w21);
#endif
          break;

          case'i':/*appoint the path of intrusion record*/
	    i_file=1;
	    bzero(intru_file,BUF_SIZE);
            strncpy(intru_file,optarg,BUF_SIZE-1);  
#ifdef DEBUG
	    printf("intrusion record file:%s\n",intru_file);
#endif
          break;

          case'?':/*show help*/
            ShowHelp();      	  
	    exit(0);
	

	}
    }
  if(!n_w21)
    {
      sprintf(neural_w21,WIR);
  
    }

  if(!i_file)
    {

      sprintf(intru_file,WIR);
    }


  return 0;


}
/*function pcaploop()*/
int PcapLoop()
{
  dev=pcap_lookupdev(errbuf);
  if(dev==NULL)
    {
      printf("pcap_lookupdev error %s!\n",errbuf);
      exit(1);
    }
  if(pcap_lookupnet(dev,&net,&mask,errbuf)<0)
    {
      printf("pcap_lookupnet error %s!\n",errbuf);
      exit(1);
    }
  hand=pcap_open_live(dev,BUF_SIZE,1,0,errbuf);
  if(hand==NULL)
    {
      printf("pcap_open_live error %s!\n",errbuf);
      exit(1);
    }
  if(pcap_compile(hand,&filter,NULL,0,net)<0)
    {
      printf("pcap_compile error %s!\n",pcap_geterr(hand));
      exit(1);
    }
  if(pcap_setfilter(hand,&filter)<0)
    {
      printf("pcap_setfilter error %s!\n",pcap_geterr(hand));
      exit(1);
    }
  datalink=pcap_datalink(hand);
  if(datalink<0)
    {
      printf("pcap_datalink error %s\n",pcap_geterr(hand));
      exit(1);
    }
  switch(datalink)
    {
    case DLT_EN10MB:
      printf("LAN is ethernet.\n");
      handler=(pcap_handler)GetEthernet;
      break;
    case DLT_RAW:
      printf("LAN is raw ip.\n");
      handler=(pcap_handler)GetRawIP;
      break;
    default:
      printf("datalink type is unknown now.\n");
      exit(1);
    }
  if(pcap_loop(hand,-1,handler,NULL)<0)
    printf("study or detect over or pcap_loop error!\n");


  return 0;

}


/*function init_w()*/
void InitWeight()
{
  int x,y;
  int z21,equ;
  float z12;

  if((!study_detect) || con_stu)// equal (!study_detect || (study_detect && con_stu)
    {
      //open w21[] and w12[]file
      //read equ_sum;

#ifdef DEBUG4
     
	printf("continue study\n");
#endif
      
      if((f_w21=fopen(p_w21,"r"))==NULL)
	{
	  printf("open file w21.txt to read failed:%s!\n",strerror(errno));
	  exit(1);
	}
      while(fgets(str_fscan,20,f_w21)!=NULL)
	{
	  sscanf(str_fscan,"w21[%d][%d]=%d",&x,&y,&z21);
	  w21[x][y]=z21;
	}
      fclose(f_w21);

#ifdef DEBUG4
      for(i2=0;i2<S2;i2++)
	{
	  for(i1=0;i1<S1;i1++)
	    printf("%d, ",w21[i2][i1]);
	  printf("\n");
	}
#endif


      if((f_w12=fopen(p_w12,"r"))==NULL)
	{
	  printf("open file w12.txt to read failed:%s!\n",strerror(errno));
	  exit(1);
	}
      while(fgets(str_fscan,20,f_w12)!=NULL)
	{
	  sscanf(str_fscan,"w12[%d][%d]=%f",&x,&y,&z12);
	  w12[x][y]=z12;
	}
      fclose(f_w12);

#ifdef DEBUG4
      for(i2=0;i2<S2;i2++)
	{
	  for(i1=0;i1<S1;i1++)
	    printf("%f, ",w12[i2][i1]);
	  printf("\n");
	}
#endif



      if((f_equsum=fopen(p_equsum,"r"))==NULL)
	{
	  printf("open file equ_sum.txt to reak failed:%s!\n",strerror(errno));
	  exit(1);
	}
      while(fgets(str_fscan,20,f_equsum)!=NULL)
	{
	  sscanf(str_fscan,"equ_sum=%d",&equ);
	  equ_sum=equ;
	}
      fclose(f_equsum);

    }
  else                         //now is (study_detect && !con_stu)
    {
      //new w21[] and w12[] and equ_sum
      //initial new w[]

      equ_sum=0;
  
      for(i2=0;i2<S2;i2++)
	{
	  for(i1=0;i1<S1;i1++)
	    {
	      w21[i1][i2]=1;//w21 :the column is the vector 
	      w12[i2][i1]=(float) ZETA/(ZETA+S1-1);//w12:the row is the vector
	    }
	}

    }
#ifdef DEBUG3
      for(i1=0;i1<S1;i1++)
	{
	  for(i2=0;i2<S2;i2++)
	    {
	      printf("%d,",w21[i1][i2]);
	    }
	  printf("\n");
	}
      printf("w12\n");
      for(i2=0;i2<S2;i2++)
	{
	  for(i1=0;i1<S1;i1++)
	    {
	      printf("%f,",w12[i2][i1]);
	    }
	  printf("\n");
	}
#endif


  return;


}

/*funtion showhelp()*/
int ShowHelp()
{

   printf("\nSYNOPSIS\n");
   printf("        annids [-sc?][-w path_w][-i path_i]\n");  
   printf("\nOPTIONS\n");
   printf("         -s         The neural will study\n");
   printf("         -c         Continue study from last quit\n");
   printf("         -w path_w  Appoint the path of weight matrix w21[] and w12[] and equ_sum\n");
   printf("         -i path_i  Appoint the path of intrusion record\n");
   printf("         -?         Show this information\n");
   printf("Find details in readme\n");
   printf("\n");

   fflush(stdout);

   return 0;
}

void TermSig(int signumber)
{

  ctrl_c=1;

}