user.c

我开发的小型入侵检测系统模型

#include <stdlib.h> 
#include <unistd.h>
#include <sys/stat.h>
#include <linux/ip.h>
#include <netinet/in.h>
#include <sys/mman.h> 
#include <sys/types.h> 
#include <fcntl.h> 
#include <signal.h>
#include "config.h"
#define PAGE_OFFSET 0xc0000000
#define PAGES 512
#define RX_BUF_LEN (8192<<2)
#define u32 unsigned int
#define unlikely(x) __builtin_expect(!!(x),0)
struct eth_header
{
	unsigned char dest[6];
	unsigned char src[6];
	unsigned short type;
};
struct arphdr
{
	unsigned short arp_hrd;
	unsigned short arp_pro;
	unsigned char arp_hln;
	unsigned char arp_pln;
	unsigned short arp_op;
	
	unsigned char arp_sha[6];
	unsigned char arp_spa;
	unsigned char arp_tha[6];
	unsigned char arp_tpa;

} *arp;
long count=0;
void signal_handler(int signum)
{
	printf("Signal=%d\n",signum);
	printf("count=%ld\n", count);
	exit(0);
}

unsigned long le32_to_cpu(unsigned long x)
{
	return(((x & 0x000000ffU)<<24)|
	((x & 0x0000ff00U)<<8)|
	((x &0x00ff0000U)>>8)|
	((x & 0xff000000U)>>24));
}


int main(int argc, char *argv[])
{
    char *su1_2;
    int i,j;
    int fd;
    int fd_procaddr;
    int fd_index;
    CUR_INDEX *addr_index;
    unsigned int size;
    char addr[9];
    unsigned long ADDR;
    unsigned int rx_size;   
    unsigned long old_offset=-1;
    unsigned int pkt_size = 0;
    unsigned int val=0;
    u32 rx_status;
    unsigned long cur_rx=0;
    int writeptr=0;
    u32 ring_offset=0;
    int n = 0;

    struct in_addr inaddr1;
    struct in_addr inaddr2;
    struct iphdr *iph;
    j = 0;
    atexit(fn1);
    fd=open("/dev/mem",O_RDWR);    
    fd_procaddr = open("/proc/nf_kernel",O_RDONLY);
    if(fd_procaddr==-1)
    {
	    perror("open proc nf_kernel\n");
	    return -1;
    }
   fd_index=open("/dev/mmap",O_RDWR);
   if(fd_index==-1)
   {
	    perror("open /dev/mmap\n"); 
	    return -1;
   }
   read(fd_procaddr,addr,9);
   ADDR = atol(addr);
   printf("su1_2=%u[0x%08x]",ADDR,ADDR);
   close(fd_procaddr);
   addr_index=(CUR_INDEX *)mmap(NULL, 4096, PROT_READ|PROT_WRITE,MAP_SHARED, fd_index, 0);
   /*Map the address in kernel to user space, use mmap function*/
   su1_2 = mmap(0,PAGES*4*1024, PROT_READ|PROT_WRITE, MAP_SHARED, fd, ADDR);
   if(su1_2==MAP_FAILED)
   {
	    perror("mmap:::");
   } 
   
   signal(SIGINT,signal_handler);

   ring_offset=0;
   while(1)
   {
    	writeptr=addr_index->writeindex;	
		rx_status=*(u32 *)(su1_2+ring_offset);
		rx_size=rx_status>>16;
		pkt_size=rx_size-4;
		int a=(ring_offset<=writeptr)?1:0; //读指针小于写指针？
		int c=ring_offset+rx_size+4; //读指针加上包大小
		int b=(c)>writeptr?1:0;
		int d=c/RX_BUF_LEN; //判断是否转了一圈
		int e=(((c)%RX_BUF_LEN)>writeptr)?1:0;
		if((a&&b)||((!a)&&d&&e))
		{
		//	printf("Waiting Write ring_offset=%d, writeptr=%d (%d, %d, %d, %d, %d)\n",ring_offset, writeptr,a,b,c,d,e);
		continue;
		}
		if(unlikely(((int)pkt_size<1)||(pkt_size>1514)))
		{	
			printf("error:2---count %d:pkt_size:=%d,Read:=%d,writeindex=%d\n",count,pkt_size,ring_offset,addr_index->writeindex);
			sleep(1);
			ring_offset=addr_index->writeindex;	
			continue;
			//break;
		}//end if
	printf("count %d:pkt_size:=%d,Read:=%d, Write=%d\n",count,pkt_size,ring_offset,writeptr);
	cur_rx=(cur_rx+rx_size+4+3)&~3;
   	ring_offset=cur_rx%RX_BUF_LEN; 
	addr_index->readindex=ring_offset;

	count++;
    }// end while(1)

	//memset((su1_2+ring_offset),0x0,pkt_size+8);
            munmap(su1_2,PAGES*4*1024);
            close(fd);

}