snifferfilter.java

流量分析 可以对SNIFFER抓的包进行分析

package com.tianxun.NEI.sniffer;

import com.tianxun.NEI.sniffer.util.NetFlow;
import com.tianxun.NEI.sniffer.util.SnifferData;

import java.util.HashMap;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;

/**
 * 过滤网络包.
 *
 * @author 聂军
 * @version 1.0 2004-9-13
 */

public class SnifferFilter implements Filter {
    
    private static final String SRC_IP_FILE = "src_ip.txt";
    private static final String DEST_IP_FILE = "dest_ip.txt";
    private static final String SRC_PORT_FILE = "src_port.txt";
    private static final String DEST_PORT_FILE = "dest_port.txt";
    private static final String PROTOCOL_FILE = "protocol.txt";

    private HashMap srcAddrFilter;
    private HashMap dstAddrFilter;
    private HashMap srcPortFilter;
    private HashMap dstPortFilter;
    private HashMap protocolFilter;

    // 是否需要进行过滤
    private boolean isFilter = false;

    public SnifferFilter(String name) {
        File filterDir = new File(name.replace('/', File.separatorChar));
        if (filterDir.exists()) {
            srcAddrFilter = loadFilterItems(
                new File(filterDir, SRC_IP_FILE), true);
            dstAddrFilter = loadFilterItems(
                new File(filterDir, DEST_IP_FILE), true);
            srcPortFilter = loadFilterItems(
                new File(filterDir, SRC_PORT_FILE), false);
            dstPortFilter = loadFilterItems(
                new File(filterDir, DEST_PORT_FILE), false);
            protocolFilter = loadFilterItems(
                new File(filterDir, PROTOCOL_FILE), false);
        }
    }

    // 载入过滤条件
    private HashMap loadFilterItems(File file, boolean ip) {
        HashMap map = new HashMap();
        BufferedReader reader = null;
        try {
            reader = new BufferedReader(new FileReader(file));
            String str = reader.readLine();
            while (str != null) {
                if (!str.trim().equals("") && !str.startsWith("/")) {
                    if (ip) {
                        map.put("" + NetFlow.ip2long(str), str);
                    } else {
                        map.put(str, str);
                    }
                }
                str = reader.readLine();
            }
            if (map.size() > 0) {
                isFilter = true;
            } 
        } catch (Exception ex) {
        } finally {
            try {
                if (reader != null) {
                    reader.close();
                }
            } catch (IOException ioe) {
            }
        }
        return map;
    }

    /**
     * @see com.sniffer.Filter#filter(SnifferData)
     */
    public boolean filter(SnifferData packet) {
        if ((srcAddrFilter.size() > 0) &&
            (!srcAddrFilter.containsKey("" + packet.getSrcaddr()))) {
            return false;
        }
        if (dstAddrFilter.size() > 0 &&
            (!dstAddrFilter.containsKey("" + packet.getDstaddr()))) {
            return false;
        }
        if (protocolFilter.size() > 0 &&
            (!protocolFilter.containsKey("" + packet.getProtocol()))) {
            return false;
        }
        if (srcPortFilter.size() > 0 &&
            (!srcPortFilter.containsKey("" + packet.getSrcport()))) {
            return false;
        }
        if (dstPortFilter.size() > 0 &&
            (!dstPortFilter.containsKey("" + packet.getDstport()))) {
            return false;
        }
        return true;
    }

    /**
     * @see com.sniffer.Filter#isFilter()
     */
    public boolean isFilter() {
        return isFilter;
    }

}