pck_filter.cpp

匿名通信代码

// pck_filter.cpp : implementation file
//

#include "stdafx.h"
#include "file_handle.h"
#include "pck_filter.h"
#include "database_show.h"

#include <pcap.h>
#include <remote-ext.h>
#include <winsock.h>

#include "data.h"

#pragma comment(lib,"wsock32")

#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif

/////////////////////////////////////////////////////////////////////////////
// pck_filter dialog


pck_filter::pck_filter(CWnd* pParent /*=NULL*/)
	: CDialog(pck_filter::IDD, pParent)
{
	//{{AFX_DATA_INIT(pck_filter)
	m_filter_file = _T("");
	m_pck_file = _T("");
	//}}AFX_DATA_INIT
}


void pck_filter::DoDataExchange(CDataExchange* pDX)
{
	CDialog::DoDataExchange(pDX);
	//{{AFX_DATA_MAP(pck_filter)
	DDX_Text(pDX, IDC_EDIT2, m_filter_file);
	DDX_Text(pDX, IDC_EDIT1, m_pck_file);
	//}}AFX_DATA_MAP
}


BEGIN_MESSAGE_MAP(pck_filter, CDialog)
	//{{AFX_MSG_MAP(pck_filter)
	ON_BN_CLICKED(IDC_BUTTON1, On_pck_file_open)
	ON_BN_CLICKED(IDC_BUTTON2, On_rule_file_open)
	//}}AFX_MSG_MAP
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// pck_filter message handlers

void pck_filter::On_pck_file_open() 
{
	// TODO: Add your control notification handler code here
	CString   lpszFilter;  //file filter
	lpszFilter = "Libpcap Files (*.dump)|*.dump|All Files (*.*)|*.*|"; 

	CFileDialog cfdlg(true, 0, 0, OFN_HIDEREADONLY | OFN_EXPLORER | OFN_OVERWRITEPROMPT,lpszFilter, 0); //TRUE为OPEN对话框，FALSE为SAVE AS对话框
	if(cfdlg.DoModal() == IDOK)
	{
		m_pck_file = cfdlg.GetPathName();
		UpdateData(false);
	}
	
}

void pck_filter::On_rule_file_open() 
{
	// TODO: Add your control notification handler code here
	CString   lpszFilter;  //file filter
	lpszFilter = "Txt Files (*.txt)|*.txt|";

	CFileDialog cfdlg(true, 0, 0, OFN_HIDEREADONLY | OFN_EXPLORER | OFN_OVERWRITEPROMPT,lpszFilter, 0); //TRUE为OPEN对话框，FALSE为SAVE AS对话框
	if(cfdlg.DoModal() == IDOK)
	{
		m_filter_file = cfdlg.GetPathName();
		UpdateData(false);                                           
	}
	
}

void pck_filter::OnOK() 
{
	// TODO: Add extra validation here
	UpdateData(true); //及时反映文本框所作的修改

	if(m_pck_file == "")
	{
		MessageBox("请选择一个数据包文件！");
		return;
	}

	if(m_filter_file == "")
	{
		MessageBox("请选择一个过滤策略文件！");
		return;
	}
	
    get_pcks();//读取数据包信息到数据库

	get_rules();//读取策略文件中的规则(read rules from the file)

	filter();

	TimeCount();
	
	CDialog::OnOK();
}

void pck_filter::get_rules()
{
	CStdioFile file;
	CString str;

	CString b_src_ip;
	CString e_src_ip;

	CString b_dst_ip;
	CString e_dst_ip;

	CString b_src_port;
	CString e_src_port;

	CString b_dst_port;
	CString e_dst_port;

	CString b_time;
	CString e_time;
	
	if((file.Open(m_filter_file,CFile::modeRead |  CFile::typeText)) == NULL)
	{
		AfxMessageBox("Could not open the file !");
		return;
	}
	
	else
	{
		int blank[15];
		int i = 0;
		CString temp;

		file.SeekToBegin();
		while(file.ReadString(str))//依次读取每一行，直到文件结束
		{
            strSQL[i] = "";

			blank[0] = str.Find(' ');
			blank[1] = str.Find(' ',blank[0]+1);
			blank[2] = str.Find(' ',blank[1]+1);
			blank[3] = str.Find(' ',blank[2]+1);
            blank[4] = str.Find(' ',blank[3]+1);
			blank[5] = str.Find(' ',blank[4]+1);
			blank[6] = str.Find(' ',blank[5]+1);
			
			if(str.Find("len") != -1)//长度
			{
				blank[7] = str.Find(':',str.Find("len"));
				blank[8] = str.Find(';',str.Find("len"));
				temp = str.Mid(blank[7]+1,blank[8]-blank[7]-1);
				strSQL[i] += "f_len = " + temp;
				//MessageBox(str.Mid(blank[7]+1,blank[8]-blank[7]-1));
			}

			if(str.Find("ts") != -1)//时间
			{
				blank[9] = str.Find(':',str.Find("ts"));
				blank[10] = str.Find(';',str.Find("ts"));
				temp = str.Mid(blank[9]+1,blank[10]-blank[9]-1);
				b_time = temp.Left(temp.Find('~'));
				e_time = temp.Right(temp.GetLength()-temp.Find('~')-1);
				if(!strSQL[i].IsEmpty())
					strSQL[i] += " and ";
				if(b_time == "")
					strSQL[i] += "f_b_time <= '" + e_time + "'";
				else if(e_time == "")
                    strSQL[i] += "f_b_time >= '" + b_time + "'";
				else 
					strSQL[i] += "f_b_time between '" + b_time +"' and '" + e_time + "'";
				
			}
				

			temp = str.Mid(blank[0]+1,blank[1]-blank[0]-1);//协议字段
			if(temp != "any")
			{
				if(!strSQL[i].IsEmpty())
					strSQL[i] += " and ";
				strSQL[i] += "f_proto = '" + temp + "'";
			}

			temp = str.Mid(blank[1]+1,blank[2]-blank[1]-1);//源IP地址
			if(temp.Find(':') == -1)
			{
				if(temp != "any")
				{
					if(!strSQL[i].IsEmpty())
						strSQL[i] += " and ";
					strSQL[i] += "f_src_ip = '" + temp + "'";
				}
				//MessageBox(src_ip);
			}
			else
			{
				b_src_ip = temp.Left(temp.Find(':'));
				e_src_ip = temp.Right(temp.GetLength() - temp.Find(':') - 1); 
				if(!strSQL[i].IsEmpty())
					strSQL[i] += " and ";
				if(b_src_ip == "")
					strSQL[i] += "f_src_ip <= '" + e_src_ip + "'";
				else if(e_src_ip == "")
                    strSQL[i] += "f_src_ip >= '" + b_src_ip +"'";
				else 
					strSQL[i] += "f_src_ip between '" + b_src_ip +"' and '" + e_src_ip + "'";
				//MessageBox(e_src_ip);
			}

			temp = str.Mid(blank[2]+1,blank[3]-blank[2]-1);//源端口
			if(temp.Find(':') == -1)
			{
                if(temp != "any")
				{
					if(!strSQL[i].IsEmpty())
						strSQL[i] += " and ";
					strSQL[i] += "f_src_port = " + temp;
				}
				//MessageBox(src_port);
			}
			else
			{
				b_src_port = temp.Left(temp.Find(':'));
				e_src_port = temp.Right(temp.GetLength() - temp.Find(':') - 1); 
				if(!strSQL[i].IsEmpty())
					strSQL[i] += " and ";
				if(b_src_port == "")
					strSQL[i] += "f_src_port <= " + e_src_port;
				else if(e_src_port == "")
                    strSQL[i] += "f_src_port >= " + b_src_port;
				else 
					strSQL[i] += "f_src_port between " + b_src_port +" and " + e_src_port;
				//MessageBox(e_src_port);
			}

			temp = str.Mid(blank[4]+1,blank[5]-blank[4]-1);//目的IP地址
			if(temp.Find(':') == -1)
			{
                if(temp != "any")
				{
					if(!strSQL[i].IsEmpty())
						strSQL[i] += " and ";
					strSQL[i] += "f_dst_ip = '" + temp + "'";
				}
				//MessageBox(dst_ip);
				//MessageBox(strSQL[i]);
			}
			else
			{
				b_dst_ip = temp.Left(temp.Find(':'));
				e_dst_ip = temp.Right(temp.GetLength() - temp.Find(':') - 1);
				if(!strSQL[i].IsEmpty())
					strSQL[i] += " and ";
				if(b_dst_ip == "")
					strSQL[i] += "f_dst_ip <= '" + e_dst_ip + "'";
				else if(e_dst_ip == "")
                    strSQL[i] += "f_dst_ip >= '" + b_dst_ip + "'";
				else 
					strSQL[i] += "f_dst_ip between '" + b_dst_ip +"' and '" + e_dst_ip + "'";
				//MessageBox(e_dst_ip);
				//MessageBox(strSQL[i]);
			}

			temp = str.Mid(blank[5]+1,blank[6]-blank[5]-1);//目的端口
			if(temp.Find(':') == -1)
			{
                if(temp != "any")
				{
					if(!strSQL[i].IsEmpty())
						strSQL[i] += " and ";
					strSQL[i] += "f_dst_port = " + temp;
				}
				//MessageBox(dst_port);
				MessageBox(strSQL[i]);
			}
			else
			{
				b_dst_port = temp.Left(temp.Find(':'));
				e_dst_port = temp.Right(temp.GetLength() - temp.Find(':') - 1); 
                if(!strSQL[i].IsEmpty())
					strSQL[i] += " and ";
				if(b_dst_port == "")
					strSQL[i] += "f_dst_port <= " + e_dst_port;
				else if(e_dst_port == "")
                    strSQL[i] += "f_dst_port >= " + b_dst_port;
				else 
					strSQL[i] += "f_dst_port between " + b_dst_port +" and " + e_dst_port;
				//MessageBox(e_dst_port);
				MessageBox(strSQL[i]);
			}

			i++;
		}

	}
	file.Close();
}

void pck_filter::get_pcks()
{
	CString strSQL;
	database_show file_pck;
	file_pck.DBConnect();
	
	struct pcap_pkthdr* header;
    const u_char* pkt_data;
	
	int res;
	struct tm* ltime;
	char timestr[30];
	char protocol[10];
	char srcIP[15];
	char dstIP[15];
	//char timestr1[30];
//	arp_proto* arpp;
	char packet_filter[] = ""; //the conditions for filter