common.h

文件隐藏驱动 在2000XP2003等机器上可以运行 比较稳定

          /************************************************************
版权所有:	北京赛搏长城信息技术研究所 2005.
文件名: 	common.h
作者: 		胡托任
描述:		存放一些宏定义和数据结构的头文件
***********************************************************/


#ifndef _COMMOM1234567890_
#define _COMMOM1234567890_

/* 应用程序名称长度宏定义 */
#ifdef MAX_PATH
#undef MAX_PATH
#endif
#define MAX_PATH	260

/* 规则结构中备注字段长度宏定义 */
#define STR_LEN     64

/* 网络数据包协议类型 */
#define	IPPROTO_IP		    0		    /* dummy for IP */
#define	IPPROTO_ICMP	    1		    /* control message protocol */
#define	IPPROTO_IGMP        2		    /* group mgmt protocol */
#define	IPPROTO_GGP		    3		    /* gateway^2 (deprecated) */
#define IPPROTO_IPIP	    4 		    /* IP encapsulation in IP */
#define	IPPROTO_TCP		    6		    /* tcp */
#define	IPPROTO_EGP		    8		    /* exterior gateway protocol */
#define	IPPROTO_PUP		    12		    /* pup */
#define	IPPROTO_UDP		    17		    /* user datagram protocol */
#define	IPPROTO_IDP		    22		    /* xns idp */
#define	IPPROTO_TP		    29 		    /* tp-4 w/ class negotiation */
#define IPPROTO_RSVP	    46 		    /* resource reservation */
#define IPPROTO_ESP			50
#define IPPROTO_AH			51
#define	IPPROTO_EON		    80		    /* ISO cnlp */
#define	IPPROTO_ENCAP	    98		    /* encapsulation header */
#define	IPPROTO_RAW		    255		    /* raw IP packet */
#define	IPPROTO_MAX		    256

#define IP_PROTOCOL         0x0008       //IP 协议

#define TH_SYN            0x02
#define TH_FIN            0x01
#define TH_RST            0x04
#define TH_ACK            0x10


/* 应用层与内核通信使用的一些标志定义 */
#define FILE_DEVICE_HOOKIP	0x00008300 

//设置允许访问的子网地址 htr 2005-06-27
#define IOCTL_PROTOCOL_SET_FILTER_MODEFW		CTL_CODE(FILE_DEVICE_HOOKIP, 0 , METHOD_NEITHER, FILE_ANY_ACCESS)
#define IOCTL_PROTOCOL_SET_NETCTRLINFO			CTL_CODE(FILE_DEVICE_HOOKIP, 1 , METHOD_NEITHER, FILE_ANY_ACCESS)
#define IOCTL_PROTOCOL_FORBID_NETCTRLINFO		CTL_CODE(FILE_DEVICE_HOOKIP, 2 , METHOD_NEITHER, FILE_ANY_ACCESS)
#define IOCTL_PROTOCOL_ADD_NETCTRLINFO	    	CTL_CODE(FILE_DEVICE_HOOKIP, 3 , METHOD_NEITHER, FILE_ANY_ACCESS)
#define IOCTL_PROTOCOL_DEL_NETCTRLINFO	    	CTL_CODE(FILE_DEVICE_HOOKIP, 4 , METHOD_NEITHER, FILE_ANY_ACCESS)
#define IOCTL_PROTOCOL_DEL_ALLNETCTRL           CTL_CODE(FILE_DEVICE_HOOKIP, 5 , METHOD_NEITHER, FILE_ANY_ACCESS)
#define IOCTL_PROTOCOL_REFSEM_LOG    	    	CTL_CODE(FILE_DEVICE_HOOKIP, 6 , METHOD_NEITHER, FILE_ANY_ACCESS)
#define IOCTL_PROTOCOL_DEREFSEM_LOG    	    	CTL_CODE(FILE_DEVICE_HOOKIP, 7 , METHOD_NEITHER, FILE_ANY_ACCESS)
#define IOCTL_PROTOCOL_GET_WARNLOG    	    	CTL_CODE(FILE_DEVICE_HOOKIP, 8 , METHOD_NEITHER, FILE_ANY_ACCESS)
#define IOCTL_PROTOCOL_SET_SERVERIP             CTL_CODE(FILE_DEVICE_HOOKIP, 9 , METHOD_NEITHER, FILE_ANY_ACCESS)
#define IOCTL_PROTOCOL_SET_CENTERIP             CTL_CODE(FILE_DEVICE_HOOKIP, 10 , METHOD_NEITHER, FILE_ANY_ACCESS)

//add by htr 2005-12-18
//#define IOCTL_PROTOCOL_REFSEM_TCPUDPLOG    	    CTL_CODE(FILE_DEVICE_HOOKIP, 11 , METHOD_NEITHER, FILE_ANY_ACCESS)
//#define IOCTL_PROTOCOL_DEREFSEM_TCPUDPLOG    	CTL_CODE(FILE_DEVICE_HOOKIP, 12 , METHOD_NEITHER, FILE_ANY_ACCESS)
#define IOCTL_PROTOCOL_GET_TCPUDPLOG    	    CTL_CODE(FILE_DEVICE_HOOKIP, 13 , METHOD_NEITHER, FILE_ANY_ACCESS)

/* 缓冲区能存放数据包的个数宏定义 */
#define OUT_PKT_NUM				100

#define OUT_PKT_LEN             1514


/* 以太网包头数据结构 */
typedef struct 
{
	UCHAR     MAC_DA[6];
	UCHAR     MAC_SA[6];
	USHORT    ProtocolType;

}MAC_HEADER, *PMAC_HEADER;

/* IP包头数据结构 */
typedef struct                       
{
	UCHAR     Ver;  //版本和IP包头长度                
	UCHAR     Service;  //服务类型           
	UCHAR     LengthU;  
	UCHAR     LengthL;//封包长度
	USHORT    Identification;   //封包标志   
	USHORT    FragmentOffset;//标志位和偏移地址	   
	UCHAR     LiveTime; //存活时间           
	UCHAR     Protocol;//协议			  
	USHORT    HeaderCRC;//校验和           
	ULONG     IP_SA;//源IP
	ULONG     IP_DA;//目的IP

}IP_HEADER, *PIP_HEADER;

/* TCP包头数据结构 */
typedef struct 
{
    USHORT   SourPort;//源端口
    USHORT   DestPort;//目的端口
	ULONG    SeqNo;//序号
	ULONG    AckNo;//确认号
	UCHAR    HLen;//头长度
	UCHAR    Flag;//标志位
	USHORT   WndSize;//窗口大小
	USHORT   ChkSum;//校验和
	USHORT   UrgPtr;//紧急指针

}TCP_HEADER,*PTCP_HEADER;

/* UDP包头数据结构 */
typedef struct 
{
    USHORT   SourPort;//源端口
    USHORT   DestPort;//目的端口
	USHORT   Len;//封包长度
	USHORT   ChkSum;//校验和

}UDP_HEADER,*PUDP_HEADER;

/*ICMP包头数据结构 */
typedef struct
{
	UCHAR   Type;
	UCHAR   Code;
	USHORT  ChkSum;

}ICMP_HEADER, *PICMP_HEADER;



/* 内核使用的子网访问控制信息链表 */
typedef struct _NETCTRL_INFO_
{
	ULONG                 ulMaskIP;
	ULONG		          ulGateWay;
    struct _NETCTRL_INFO_ *next;
}NETCTRLINFO, *PNETCTRLINFO;//htr 2005-06-27


typedef struct _NetWarn_Info
{
char            pSerialNum[20];
int             bDirection;
int             iProtocol;
unsigned long   ulDHostIP;
unsigned long   ulSHostIP;
int             iDestPort;
int             iSourcePort;	
int             bCut;
unsigned long   ltime;
}NETWARNINFO,*PNETWARNINFO;

//TCP连接日志
typedef struct _TCP_CONN_LOG{
char              pSerialNum[20];//序列号
int               iProtocol;//协议，同告警信息
int               iType;//1表示建立连接。0表示断开连接
unsigned long     ulSHostIP;//源地址
unsigned long     ulDHostIP;//目的地址
unsigned short    iSPort;//源端口
int  short        iDPort;//目的端口
unsigned long     ltime;//时间
}TCPCONLOG,*PTCPCONLOG;

//TCP连接列表
typedef struct _TCP_CONN_LOG_LIST{
int               iType;//1表示建立连接。0表示断开连接
unsigned long     ulDHostIP;//目的地址
int  short        iDPort;//目的端口
struct _TCP_CONN_LOG_LIST    *Next;//下一个信息列表
}TCPCONLOGLIST,*PTCPCONLOGLIST;


/* ICMP访问方向宏定义 */
#define		ICMP_NORMAL					0
#define		ICMP_REQUEST				1
#define		ICMP_RESPONSE				2

/* ICMP包头标志宏定义 */
#define		ICMP_ECHOREPLY				0		/* echo reply */
#define		ICMP_UNREACH				3		/* dest unreachable, codes: */
#define		ICMP_UNREACH_NET			0		/* bad net */
#define		ICMP_UNREACH_HOST			1		/* bad host */
#define		ICMP_UNREACH_PROTOCOL		2		/* bad protocol */
#define		ICMP_UNREACH_PORT			3		/* bad port */
#define		ICMP_UNREACH_NEEDFRAG		4		/* IP_DF caused drop */
#define		ICMP_UNREACH_SRCFAIL		5		/* src route failed */
#define		ICMP_UNREACH_NET_UNKNOWN	6		/* unknown net */
#define		ICMP_UNREACH_HOST_UNKNOWN	7		/* unknown host */
#define		ICMP_UNREACH_ISOLATED		8		/* src host isolated */
#define		ICMP_UNREACH_NET_PROHIB		9		/* prohibited access */
#define		ICMP_UNREACH_HOST_PROHIB	10		/* ditto */
#define		ICMP_UNREACH_TOSNET			11		/* bad tos for net */
#define		ICMP_UNREACH_TOSHOST		12		/* bad tos for host */
#define		ICMP_SOURCEQUENCH			4		/* packet lost, slow down */
#define		ICMP_REDIRECT				5		/* shorter route, codes: */
#define		ICMP_REDIRECT_NET			0		/* for network */
#define		ICMP_REDIRECT_HOST			1		/* for host */
#define		ICMP_REDIRECT_TOSNET		2		/* for tos and net */
#define		ICMP_REDIRECT_TOSHOST		3		/* for tos and host */
#define		ICMP_ECHO					8		/* echo service */
#define		ICMP_ROUTERADVERT			9		/* router advertisement */
#define		ICMP_ROUTERSOLICIT			10		/* router solicitation */
#define		ICMP_TIMXCEED				11		/* _time32 exceeded, code: */
#define		ICMP_TIMXCEED_INTRANS		0		/* ttl==0 in transit */
#define		ICMP_TIMXCEED_REASS			1		/* ttl==0 in reass */
#define		ICMP_PARAMPROB				12		/* ip header bad */
#define		ICMP_PARAMPROB_OPTABSENT	1		/* req. opt. absent */
#define		ICMP_TSTAMP					13		/* timestamp request */
#define		ICMP_TSTAMPREPLY			14		/* timestamp reply */
#define		ICMP_IREQ					15		/* information request */
#define		ICMP_IREQREPLY				16		/* information reply */
#define		ICMP_MASKREQ				17		/* address mask request */
#define		ICMP_MASKREPLY				18		/* address mask reply */


#endif