match_ip_proto.c

来自「Firestorm NIDS是一个性能非常高的网络入侵检测系统 (NIDS)。目」· C语言 代码 · 共 66 行

#include "match_ip.h"
#include <netdb.h>

/* ip_proto - Match the IP protocol field */
int proto_match_eq(struct packet *p, void *priv, unsigned int l, int n)
{
	unsigned char proto=(unsigned char)((unsigned int)priv&0xff);
	return n ^ ( p->layer[l].h.ip->protocol==proto );
}

/* ip_proto - Match the IP protocol field */
int proto_match_lt(struct packet *p, void *priv, unsigned int l, int n)
{
	unsigned char proto=(unsigned char)((unsigned int)priv&0xff);
	return n ^ ( p->layer[l].h.ip->protocol<proto );
}

/* ip_proto - Match the IP protocol field */
int proto_match_gt(struct packet *p, void *priv, unsigned int l, int n)
{
	unsigned char proto=(unsigned char)((unsigned int)priv&0xff);
	return n ^ ( p->layer[l].h.ip->protocol>proto );
}

proc_match_match proto_validate(char *args, void **priv,
	struct criteria *m, u_int32_t *c)
{
	unsigned int val;
	proc_match_match ret=proto_match_eq;
	
	if ( !args ) return NULL;

	for(; *args; args++) {
		if ( *args=='<' ) {
			ret=proto_match_lt;
		}else if ( *args=='>' ){
			ret=proto_match_gt;
		}else if ( isspace(*args) ){
			continue;
		}else{
			break;
		}
	}
	
	if ( strtouint(args, &val) ) {
		struct protoent *p;

		if ( !(p=getprotobyname(args)) ) {
			return NULL;
		}

		mesg(M_WARN,"ip_proto: resolving %s to %i",
			args, p->p_proto);

		val=(unsigned int)p->p_proto;
	}

	/* Its a char */
	if ( val&~0xffUL ) return NULL;

	/* Store it directly in the pointer, hehe */
	*((unsigned int *)priv)=(unsigned int)val&0xff;

	return ret;
}