📄 ipcontroldoc.cpp
字号:
m_pRecordset->AddNew();
m_pRecordset->PutCollect("ID", _variant_t(m_strPacketIndex));
m_pRecordset->PutCollect("TIME", _variant_t(m_strTime));
m_pRecordset->PutCollect("LENGTH", _variant_t(m_strLen));
m_pRecordset->PutCollect("SMAC", _variant_t(m_strSourMAC));
m_pRecordset->PutCollect("DMAC", _variant_t(m_strDestMAC));
m_pRecordset->PutCollect("SIP", _variant_t(m_strSourIP));
m_pRecordset->PutCollect("DIP", _variant_t(m_strDestIP));
m_pRecordset->PutCollect("SPORT", _variant_t(m_strSport));
m_pRecordset->PutCollect("DPORT", _variant_t(m_strDport));
m_pRecordset->PutCollect("VER", _variant_t(m_ver_ihl));
m_pRecordset->PutCollect("TOS", _variant_t(m_tos));
m_pRecordset->PutCollect("TLEN", _variant_t(m_tlen));
m_pRecordset->PutCollect("IDEN", _variant_t(m_identification));
m_pRecordset->PutCollect("FLAG", _variant_t(m_flags_fo));
m_pRecordset->PutCollect("TTL", _variant_t(m_ttl));
m_pRecordset->PutCollect("PROTO", _variant_t(m_proto));
m_pRecordset->PutCollect("CRC", _variant_t(m_crc));
m_pRecordset->PutCollect("OP_PAD", _variant_t(m_op_pad));
m_pRecordset->PutCollect("TYPE", _variant_t(m_icmptype));
m_pRecordset->PutCollect("ICMPIDEN", _variant_t(m_icmpidentifer));
m_pRecordset->PutCollect("SEQ", _variant_t(m_icmpsequence));
m_pRecordset->PutCollect("CHKSUM", _variant_t(m_icmpchksum));
m_pRecordset->Update();
}
catch(_com_error *e)
{
AfxMessageBox(e->ErrorMessage());
}
}
else
{m_pRecordset.CreateInstance("ADODB.Recordset");
m_pRecordset->Open("SELECT * FROM other",_variant_t((IDispatch*)theApp.m_pConnection,true),adOpenStatic,adLockOptimistic,adCmdText);
try
{
m_pRecordset->AddNew();
m_pRecordset->PutCollect("ID", _variant_t(m_strPacketIndex));
m_pRecordset->PutCollect("TIME", _variant_t(m_strTime));
m_pRecordset->PutCollect("LENGTH", _variant_t(m_strLen));
m_pRecordset->PutCollect("SMAC", _variant_t(m_strSourMAC));
m_pRecordset->PutCollect("DMAC", _variant_t(m_strDestMAC));
m_pRecordset->PutCollect("SIP", _variant_t(m_strSourIP));
m_pRecordset->PutCollect("DIP", _variant_t(m_strDestIP));
m_pRecordset->PutCollect("SPORT", _variant_t(m_strSport));
m_pRecordset->PutCollect("DPORT", _variant_t(m_strDport));
m_pRecordset->PutCollect("VER", _variant_t(m_ver_ihl));
m_pRecordset->PutCollect("TOS", _variant_t(m_tos));
m_pRecordset->PutCollect("TLEN", _variant_t(m_tlen));
m_pRecordset->PutCollect("IDEN", _variant_t(m_identification));
m_pRecordset->PutCollect("FLAG", _variant_t(m_flags_fo));
m_pRecordset->PutCollect("TTL", _variant_t(m_ttl));
m_pRecordset->PutCollect("PROTO", _variant_t(m_proto));
m_pRecordset->PutCollect("CRC", _variant_t(m_crc));
m_pRecordset->PutCollect("OP_PAD", _variant_t(m_op_pad));
m_pRecordset->Update();
}
catch(_com_error *e)
{
AfxMessageBox(e->ErrorMessage());
}
}
return 1;
}
//清空所有数据,释放资源
void CIPControlDoc::CleanData()
{
if(!m_data.IsEmpty())
{
POSITION pos=m_data.GetHeadPosition();
while(pos!=NULL)
{
DataPacket* p=(DataPacket*)(m_data.GetNext(pos));
delete p->pTCP_UDP;
delete p;
}
m_data.RemoveAll();
}
m_nPackerNum=0;
}
void CIPControlDoc::OnFileOpen()
{
// TODO: Add your command handler code here
char szFilter[]="我的数据包(*.log)|*.log|";
CFileDialog file(TRUE,NULL,NULL,OFN_HIDEREADONLY | OFN_OVERWRITEPROMPT,szFilter,NULL);
if(file.DoModal()==IDOK)
{
//读取文件
char filename[100];
strcpy(filename,file.GetPathName());
pcap_t *fp;
fp=pcap_open_offline(filename,errbuf);
if(fp==NULL)
{
AfxMessageBox("打开文件错误!");
return;
}
int res;
struct pcap_pkthdr *header;
const u_char *pkt_data;
while((res=pcap_next_ex(fp,&header,&pkt_data))>=0)
{
if(res==0)
{
//time out
continue;
}
else
{
//处理header和pkt_data消息
//保存数据
SavePacket(header,pkt_data);
//通知View更新列表控件 先获得视图的指针
POSITION curTemplatePos=GetFirstViewPosition();
CIPControlView* pView=(CIPControlView*)GetNextView(curTemplatePos);
pView->UpdateList();//通知视图更新列表
}
}
pcap_close(fp);//关闭文件
}
}
void CIPControlDoc::OnFileSave()
{
// TODO: Add your command handler code here
return;
}
void CIPControlDoc::read_rules_from_file(char *filename)
{FILE *fp;
fp=fopen(filename,"r");
total_rules_number=0;
clear_all_rules();
while(!feof(fp))
{sprintf(total_rules[total_rules_number],"%s",ReadFile(fp,'\n'));
total_rules_number++;
}
total_rules_number--;
}
char* CIPControlDoc::ReadFile(FILE *fp, char flag)
{char word[10000];
char *string;
int x=0;
while(1)
{word[x]=(char)fgetc(fp);
if((word[x]==flag)||(feof(fp)))
{if(word[x]!=flag)
x++;
word[x]='\0';
string=word;
return string;
}
++x;
}
}
void CIPControlDoc::read_statement_from_rules()
{int i;
char *rules;
for(i=0;i<total_rules_number;i++)
{rules=total_rules[i];
sprintf(event_name[i],"%s",ReadData(rules,'\t'));
sprintf(event_protocol[i],"%s",ReadData(rules,'\t'));
sprintf(event_code[i],"%s",ReadData(rules,'\t'));
sprintf(event_defination[i],"%s",ReadData(rules,'\t'));
sprintf(event_information[i],"%s",ReadData(rules,'\t'));
sprintf(alert_type[i],"%s",ReadData(rules,'\t'));
}
}
void CIPControlDoc::clear_all_rules()
{int i;
for(i=0;i<1024;i++)
{strcpy(total_rules[i],"");
strcpy(event_name[i],"");
strcpy(event_protocol[i],"");
strcpy(event_code[i],"");
strcpy(event_defination[i],"");
strcpy(event_information[i],"");
strcpy(alert_type[i],"");
}
}
char * CIPControlDoc::ReadData(char *line, char flag)
{int i=0;
int j;
char word[1024];
char *string;
for(i=0;((line[i])&&(line[i]!=flag));i++)
word[i]=line[i];
word[i]='\0';
while(line[i]==flag)
++i;
j=0;
while(line[j++]=line[i++])
string=word;
return string;
}
int CIPControlDoc::parse_rules(char *rules)
{int i=0;
int j=0;
int yu[1024];
int yu_number=0;
read_event_defination(rules);
for(j=0;j<state_number-1;j++)
{if(relation[j]=='&')
{yu[yu_number]=get_yu_result(event_statement[j],event_statement[j+1]);
yu_number++;
}
}
if(yu_number==0)
return read_a_statement(rules);
for(i=0;i<yu_number;i++)
{if(yu[yu_number]==1)
{return 1;break;
}
}
return 0;
}
int CIPControlDoc::read_a_statement(char *statement)
{int i=0;
int length=strlen(statement);
char fuhao;
char *result;
int number_result=0;
char variable[1024];
for(i=0;i<length;i++)
{if(*(statement+i)=='=')
{fuhao='=';
break;
}
if(*(statement+i)=='~')
{fuhao='~';
break;
}
if(*(statement+i)=='>')
{fuhao='>';
break;
}
if(*(statement+i)=='<')
{fuhao='<';
break;
}
if(*(statement+i)=='^')
{fuhao='^';
break;
}
variable[i]=*(statement+i);
}
variable[i]='\0';
result=statement+i+1;
if(strcmp(variable,"ip_sip")==0)
{if(fuhao=='=')
{if(strcmp(nids_ip_variable.ip_sip,result)==0)
return 1;
}
if(fuhao=='~')
{if(strcmp(nids_ip_variable.ip_sip,result)!=0)
return 1;
}
}
if(strcmp(variable,"ip_dip")==0)
{if(fuhao=='=')
{if(strcmp(nids_ip_variable.ip_dip,result)==0)
return 1;
}
if(fuhao=='~')
{if(strcmp(nids_ip_variable.ip_dip,result)!=0)
return 1;
}
}
if(strcmp(variable,"ip_type")==0)
{if(fuhao=='=')
{if(strcmp(nids_ip_variable.ip_type,result)==0)
return 1;
}
if(fuhao=='~')
{if(strcmp(nids_ip_variable.ip_type,result)!=0)
return 1;
}
}
if(strcmp(variable,"tcp_flags")==0)
{if(fuhao=='=')
{if(strcmp(nids_tcp_variable.tcp_flags,result)==0)
return 1;
}
if(fuhao=='~')
{if(strcmp(nids_tcp_variable.tcp_flags,result)!=0)
return 1;
}
}
if(strcmp(variable,"tcp_content")==0)
{if(fuhao=='^')
{if(strstr(nids_tcp_variable.tcp_content,result)!=NULL)
return 1;
}
}
if(strcmp(variable,"udp_content")==0)
{if(fuhao=='^')
{if(strstr(nids_udp_variable.udp_content,result)!=NULL)
return 1;
}
}
if(strcmp(variable,"icmp_content")==0)
{if(fuhao=='^')
{if(strstr(nids_icmp_variable.icmp_content,result)!=NULL)
return 1;
}
}
if(compare_variable(variable,fuhao,result)==1)
return 1;
return 0;
}
int CIPControlDoc::compare_variable(char variable[], char fuhao, char *result)
{int number_result=0;int variable_value;
number_result=atoi(result);
variable_value=get_protocol_variable(variable);
if(variable_value==-1)
return 0;
if(fuhao=='=')
{if(variable_value==number_result)
return 1;
}
if(fuhao=='~')
{if(variable_value!=number_result)
return 1;
}
if(fuhao=='>')
{if(variable_value>number_result)
return 1;
}
if(fuhao=='<')
{if(variable_value<number_result)
return 1;
}
return 0;
}
void CIPControlDoc::read_event_defination(char *event)
{int total_length;
int length;
int i;
int j;
int relation_number=0;
total_length=strlen(event);
for(i=0;i<total_length;i++)
{if(*(event+i)=='&')
{relation[relation_number]='&';
relation_number++;
}
if(*(event+i)=='|')
{relation[relation_number]='|';
relation_number++;
}
}
state_number=0;
state_number=relation_number+1;
for(i=0;i<state_number;i++)
{strcpy(event_statement[i],"");
}
for(j=0;j<state_number;j++)
{length=strlen(event);
for(i=0;i<length;i++)
{if(*(event+i)=='&'||(*(event+i)=='|'))
{event=event+i+1;
break;
}
event_statement[j][i]=*(event+i);
}
event_statement[j][i]='\0';
}
}
int CIPControlDoc::get_yu_result(char *str1, char *str2)
{if(read_a_statement(str1)&&(read_a_statement(str2)))
return 1;
else
return 0;
}
void CIPControlDoc::get_ip_variable()
{int temp;
temp=atoi(m_ver_ihl);
nids_ip_variable.ip_hlength=temp;
temp=atoi(m_ttl);
nids_ip_variable.ip_ttl=temp;
sprintf(nids_ip_variable.ip_sip,"%s",m_strSourIP);
sprintf(nids_ip_variable.ip_dip,"%s",m_strDestIP);
temp=atoi(m_flags_fo);
nids_ip_variable.ip_distance=temp;
sprintf(nids_ip_variable.ip_type,"%s",m_proto);
temp=atoi(m_tlen);
nids_ip_variable.ip_length=temp;
temp=atoi(m_identification);
nids_ip_variable.ip_ident=temp;
temp=atoi(m_tos);
nids_ip_variable.ip_service=temp;
}
void CIPControlDoc::get_tcp_variable()
{int temp;
temp=atoi(m_strSport);
nids_tcp_variable.tcp_sport=temp;
nids_tcp_variable.tcp_dport=atoi(m_strDport);
nids_tcp_variable.tcp_sequence=atoi(m_tcpsn);
nids_tcp_variable.tcp_ack=atoi(m_tcpan);
nids_tcp_variable.tcp_hlength=atoi(m_tcpother);
nids_tcp_variable.tcp_checksum=atoi(m_tcpcheck_sum);
nids_tcp_variable.tcp_urge=atoi(m_tcpurgent_pointer);
nids_tcp_variable.tcp_window=atoi(m_tcpwindow_size);
}
void CIPControlDoc::get_udp_variable()
{nids_udp_variable.udp_checksum=atoi(m_udpcrc);
nids_udp_variable.udp_sport=atoi(m_strSport);
nids_udp_variable.udp_dport=atoi(m_strDport);
nids_udp_variable.udp_length=atoi(m_udplen);
}
void CIPControlDoc::get_icmp_variable()
{nids_icmp_variable.icmp_checksum=atoi(m_icmpchksum);
nids_icmp_variable.icmp_type=atoi(m_icmptype);
nids_icmp_variable.icmp_code=atoi(m_icmpsequence);
}
int CIPControlDoc::get_protocol_variable(char variable[1024])
{if(strcmp(variable,"ip_hlength")==0)
return nids_ip_variable.ip_hlength;
if(strcmp(variable,"ip_length")==0)
return nids_ip_variable.ip_length;
if(strcmp(variable,"ip_service")==0)
return nids_ip_variable.ip_service;
if(strcmp(variable,"ip_ttl")==0)
return nids_ip_variable.ip_ttl;
if(strcmp(variable,"ip_distance")==0)
return nids_ip_variable.ip_distance;
if(strcmp(variable,"ip_ident")==0)
return nids_ip_variable.ip_ident;
if(strcmp(variable,"tcp_sport")==0)
return nids_tcp_variable.tcp_sport;
if(strcmp(variable,"tcp_dport")==0)
return nids_tcp_variable.tcp_dport;
if(strcmp(variable,"tcp_sequence")==0)
return nids_tcp_variable.tcp_sequence;
if(strcmp(variable,"tcp_ack")==0)
return nids_tcp_variable.tcp_ack;
if(strcmp(variable,"tcp_hlength")==0)
return nids_tcp_variable.tcp_hlength;
if(strcmp(variable,"tcp_checksum")==0)
return nids_tcp_variable.tcp_checksum;
if(strcmp(variable,"tcp_urge")==0)
return nids_tcp_variable.tcp_urge;
if(strcmp(variable,"tcp_window")==0)
return nids_tcp_variable.tcp_window;
if(strcmp(variable,"udp_checksum")==0)
return nids_udp_variable.udp_checksum;
if(strcmp(variable,"udp_sport")==0)
return nids_udp_variable.udp_sport;
if(strcmp(variable,"udp_dport")==0)
return nids_udp_variable.udp_dport;
if(strcmp(variable,"udp_length")==0)
return nids_udp_variable.udp_length;
if(strcmp(variable,"icmp_checksum")==0)
return nids_icmp_variable.icmp_checksum;
if(strcmp(variable,"icmp_type")==0)
return nids_icmp_variable.icmp_type;
if(strcmp(variable,"icmp_code")==0)
return nids_udp_variable.udp_length;
return -1;
}
void CIPControlDoc::whole_parse_rules()
{char *rules;
int i;
for(i=0;i<total_rules_number;i++)
{rules=event_defination[i];
if(parse_rules(rules)==1)
{make_log(i);
}
}
}
void CIPControlDoc::make_log(int number)
{/*m_pRecordset.CreateInstance("ADODB.Recordset");
m_pRecordset->Open("SELECT * FROM parse",_variant_t((IDispatch*)theApp.m_pConnection,true),adOpenStatic,adLockOptimistic,adCmdText);
try
{
m_pRecordset->AddNew();
m_pRecordset->PutCollect("eventname", _variant_t(event_name[number]));
m_pRecordset->PutCollect("eventcode", _variant_t(event_code[number]));
m_pRecordset->Update();
}
catch(_com_error *e)
{
AfxMessageBox(e->ErrorMessage());
}*/
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -