match_ip_proto.c

Firestorm NIDS是一个性能非常高的网络入侵检测系统 (NIDS)。目前

字号:

#include "match_ip.h"#include <netdb.h>/* ip_proto - Match the IP protocol field */int proto_match_eq(struct packet *p, void *priv, unsigned int l, int n){	unsigned char proto=(unsigned char)((unsigned int)priv&0xff);	return n ^ ( p->layer[l].h.ip->protocol==proto );}/* ip_proto - Match the IP protocol field */int proto_match_lt(struct packet *p, void *priv, unsigned int l, int n){	unsigned char proto=(unsigned char)((unsigned int)priv&0xff);	return n ^ ( p->layer[l].h.ip->protocol<proto );}/* ip_proto - Match the IP protocol field */int proto_match_gt(struct packet *p, void *priv, unsigned int l, int n){	unsigned char proto=(unsigned char)((unsigned int)priv&0xff);	return n ^ ( p->layer[l].h.ip->protocol>proto );}proc_match_match proto_validate(char *args, void **priv,	struct criteria *m, u_int32_t *c){	unsigned int val;	proc_match_match ret=proto_match_eq;		if ( !args ) return NULL;	for(; *args; args++) {		if ( *args=='<' ) {			ret=proto_match_lt;		}else if ( *args=='>' ){			ret=proto_match_gt;		}else if ( isspace(*args) ){			continue;		}else{			break;		}	}		if ( strtouint(args, &val) ) {		struct protoent *p;		if ( !(p=getprotobyname(args)) ) {			return NULL;		}		mesg(M_WARN,"ip_proto: resolving %s to %i",			args, p->p_proto);		val=(unsigned int)p->p_proto;	}	/* Its a char */	if ( val&~0xffUL ) return NULL;	/* Store it directly in the pointer, hehe */	*((unsigned int *)priv)=(unsigned int)val&0xff;	return ret;}

⌨️ 快捷键说明

复制代码 Ctrl + C

搜索代码 Ctrl + F

全屏模式 F11

切换主题 Ctrl + Shift + D

显示快捷键 ?

增大字号 Ctrl + =

减小字号 Ctrl + -