⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 match_icmp.c

📁 Firestorm NIDS是一个性能非常高的网络入侵检测系统 (NIDS)。目前
💻 C
字号:
🔍 
#include <stdlib.h>#include <stdio.h>#include <string.h>#include <netinet/in.h>#include <errno.h>#include <firestorm.h>#include <packet.h>#include <alert.h>#include <signature.h>#include <matcher.h>#include <plugin.h>PLUGIN_STD_DEFS();proc_template template_shortrange;int uci_compare(void *p1, void *p2){	unsigned char t1=(unsigned char)((unsigned int)p1&0xff);	unsigned char t2=(unsigned char)((unsigned int)p2&0xff);	if ( t1==t2 ) return 0;	return 1;}int itype_match(struct packet *p, void *priv, unsigned int l, int n){	unsigned char val=(unsigned char)((unsigned int)priv&0xff);	return n ^ ( p->layer[l+1].h.icmp->type==val );}int icode_match(struct packet *p, void *priv, unsigned int l, int n){	unsigned char val=(unsigned char)((unsigned int)priv&0xff);	return n ^ ( p->layer[l+1].h.icmp->code==val );}proc_match_match itype_validate(char *args, void **priv,	struct criteria *m, u_int32_t *c){	unsigned int val;	if ( !args ) return NULL;	if ( strtouint(args, &val) ) return NULL;	if ( val&~(0xffUL)) return NULL;	*((unsigned int *)priv)=(unsigned int)val&0xff;	return itype_match;}proc_match_match icode_validate(char *args, void **priv,	struct criteria *m, u_int32_t *c){	unsigned int val;	if ( !args ) return NULL;	if ( strtouint(args, &val) ) return NULL;	if ( val&~(0xffUL)) return NULL;	*((unsigned int *)priv)=(unsigned int)val&0xff;	return icode_match;}int iseq_match(struct packet *p, void *priv, unsigned int l, int n){	struct pkt_icmphdr *icmph=p->layer[l+1].h.icmp;	u_int16_t seq=__constant_ntohs(icmph->un.echo.seq);	struct shortrange *lr=priv;	if(icmph->type != ICMP_ECHO && icmph->type != ICMP_ECHOREPLY)		return n^0;	return n ^ (seq>=lr->min && seq<=lr->max);}int iid_match(struct packet *p, void *priv, unsigned int l, int n){	struct pkt_icmphdr *icmph=p->layer[l+1].h.icmp;	u_int16_t id=__constant_ntohs(icmph->un.echo.id);	struct shortrange *lr=priv;	if(icmph->type != ICMP_ECHO && icmph->type != ICMP_ECHOREPLY)		return n^0;	return n ^ (id>=lr->min && id<=lr->max);}proc_match_match iseq_validate(char *args, void **ptr,	struct criteria *m, u_int32_t *c){	if ( !args ) return NULL;	if ( template_shortrange(args, ptr) ) {		return iseq_match;	}else return NULL;}proc_match_match iid_validate(char *args, void **ptr,	struct criteria *m, u_int32_t *c){	if ( !args ) return NULL;	if ( template_shortrange(args, ptr) ) {		return iid_match;	}else return NULL;}struct matcher icmp_matchers[]={	matcher_init("itype", 12, itype_validate, uci_compare, NULL),	matcher_init("icode", 13, icode_validate, uci_compare, NULL),	matcher_init("icmp_id", MCOST_TRANS+4, iid_validate, MCMP_SR, MATCHER_FREE),	matcher_init("icmp_seq", MCOST_TRANS+6, iseq_validate, MCMP_SR, MATCHER_FREE),	matcher_null()};int PLUGIN_MATCHER (struct matcher_api *m){	object_check(m);	template_shortrange=m->template_shortrange;	if ( !m->matcher_add(icmp_matchers) )		return PLUGIN_ERR_FAIL;	return PLUGIN_ERR_OK;}int PLUGIN_INIT (struct plugin_in *in, struct plugin_out *out){	plugin_check(in, out);	PLUGIN_ID("match.icmp", "ICMP matching routines");	PLUGIN_VERSION(2, 0);	PLUGIN_AUTHOR("Gianni Tedesco", "gianni@scaramanga.co.uk");	PLUGIN_LICENSE("GPL");	return PLUGIN_ERR_OK;}int PLUGIN_UNLOAD (int code) {	return PLUGIN_ERR_OK;}

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -