pgpnetattackpriv.h

PGP8.0源码 请认真阅读您的文件包然后写出其具体功能

/*____________________________________________________________________________
	Copyright (C) 2002 PGP Corporation
	All rights reserved.
 
	$Id: pgpNetAttackPriv.h,v 1.16 2002/08/06 20:10:25 dallen Exp $
____________________________________________________________________________*/
#ifndef Included_pgpNetAttackPriv_h	/* [ */
#define Included_pgpNetAttackPriv_h

#include "pgpMemoryMgr.h"
#include "pgpNetAttack.h"

/* All times are in milliseconds unless otherwise noted */

#define TRACK_LIFETIME		3600000		/* 1 hour */

#define MAX_TCP_PORT_SCANS	20
#define MAX_UDP_PORT_SCANS	100
#define MAX_PORT_SCANS		(MAX_TCP_PORT_SCANS + MAX_UDP_PORT_SCANS) * 2
#define MIN_HIGH_PORT		1024
#define HIGH_PORT_DIVIDER	20

#define TCP_SCAN_LIFETIME	60000
#define UDP_SCAN_LIFETIME	200000

#define MAC_ADDRESS_SIZE	6

#define SYN_HANGTIME		5000
#define SYN_LIFETIME		300000
#define MIN_HIT_TIME		1000
#define MAX_SYN_HITS		50
#define MAX_SYN_TRACK		100

#define PING_LIFETIME		10000
#define MAX_PINGS			100

#define JOLT2_LIFETIME		10000
#define MAX_JOLT2			100

#define SMURF_LIFETIME		5000
#define MAX_SMURFS			15

#define FRAGGLE_LIFETIME	5000
#define MAX_FRAGGLES		15

typedef struct _PGPPortScanRecord
{
	PGPUInt16	port;
	PGPUInt32	time;
	PGPBoolean	tcp;
} PGPPortScanRecord;

typedef struct _PGPPortScanAttack
{
	PGPUInt32			numTCPScans;
	PGPUInt32			numUDPScans;
	PGPByte				tcpCounter;
	PGPByte				udpCounter;
	PGPPortScanRecord	scanRecord[MAX_PORT_SCANS];
} PGPPortScanAttack;

typedef struct _PGPSpoofAttack
{
	PGPByte mac[MAC_ADDRESS_SIZE];
} PGPSpoofAttack;

typedef struct _PGPSynFloodRecord
{
	PGPUInt16	srcPort;
	PGPUInt16	destPort;
	PGPUInt32	hangStart;
	PGPUInt32	firstHit;
	PGPUInt32	numHits;
	PGPUInt32	numFastHists;
	PGPBoolean	attacked;
} PGPSynFloodRecord;

typedef struct _PGPSynFloodAttack
{
	PGPUInt32			numSyns;
	PGPSynFloodRecord	synRecord[MAX_SYN_TRACK];
} PGPSynFloodAttack;

typedef struct _PGPPingFloodRecord
{
	PGPUInt32	time;
	PGPUInt32	bytes;
} PGPPingFloodRecord;

typedef struct _PGPPingFloodAttack
{
	PGPUInt32			numPings;
	PGPPingFloodRecord	pingRecord[MAX_PINGS];
} PGPPingFloodAttack;

typedef struct _PGPJolt2Record
{
	PGPUInt16	packetID;
	PGPUInt32	numLastFragments;
	PGPUInt32	time;
} PGPJolt2Record;

typedef struct _PGPJolt2Attack
{
	PGPUInt32		numIDs;
	PGPJolt2Record	jolt2Record[MAX_JOLT2];
} PGPJolt2Attack;

typedef struct _PGPSmurfAttack
{
	PGPUInt32	numSmurfs;
	PGPUInt32	time;
} PGPSmurfAttack;

typedef struct _PGPFraggleAttack
{
	PGPUInt32	numFraggles;
	PGPUInt32	time;
} PGPFraggleAttack;

typedef struct _PGPnetAttacker PGPnetAttacker;

struct _PGPnetAttacker
{
	PGPUInt32				ipAddress;
	PGPUInt32				lastCheck;
	PGPPortScanAttack		portScan;
	PGPSpoofAttack			spoof;
	PGPSynFloodAttack		synFlood;
	PGPPingFloodAttack		pingFlood;
	PGPJolt2Attack			jolt2;
	PGPSmurfAttack			smurf;
	PGPFraggleAttack		fraggle;

	PGPnetAttacker *	next;	
	PGPnetAttacker *	prev;	
};

struct PGPnetAttackContext
{
	PGPMemoryMgrRef		memoryMgr;
	PGPnetAttacker *	blockListStart;
	PGPnetAttacker *	blockListEnd;
	PGPnetAttacker *	trackListStart;
	PGPnetAttacker *	trackListEnd;
	PGPUserValue		userValue;
};


PGP_BEGIN_C_DECLARATIONS

PGPBoolean pgpPortScanAttack(PGPnetAttackContextRef attack, PGPUInt32 timeNow,
				PGPUInt32 ipAddress, PGPUInt16 port, PGPBoolean tcp);

PGPBoolean pgpSpoofAttack(PGPnetAttackContextRef attack, PGPUInt32 timeNow,
				PGPByte *mac, PGPUInt32 ipAddress);

PGPBoolean pgpSynFloodAttack(PGPnetAttackContextRef attack, PGPUInt32 timeNow,
				PGPUInt32 ipAddress, PGPBoolean syn, PGPBoolean ack,
				PGPUInt16 srcPort, PGPUInt16 destPort);

PGPBoolean pgpPingFloodAttack(PGPnetAttackContextRef attack, PGPUInt32 timeNow,
				PGPUInt32 ipAddress, PGPUInt32 packetSize);

PGPBoolean pgpJolt2Attack(PGPnetAttackContextRef attack, PGPUInt32 timeNow,
				PGPUInt32 ipAddress, PGPUInt16 packetID);

PGPBoolean pgpSmurfAttack(PGPnetAttackContextRef attack, PGPUInt32 timeNow,
				PGPUInt32 ipAddress);

PGPBoolean pgpFraggleAttack(PGPnetAttackContextRef attack, PGPUInt32 timeNow,
				PGPUInt32 ipAddress);

PGP_END_C_DECLARATIONS

#endif /* ] Included_pgpNetAttackPriv_h */


/*__Editor_settings____

	Local Variables:
	tab-width: 4
	End:
	vi: ts=4 sw=4
	vim: si
_____________________*/