📄 ippackagefilter.c
字号:
else
dprintf("Error while getting the pointer\n");
return status;
}
/*++
Routine Description:
Add a rule to the filter list
Arguments:
pf - pointer to filter rule
Return Value:
STATUS_SUCCESS if successful,
STATUS_INSUFFICIENT_RESOURCES otherwise
--*/
NTSTATUS AddFilterToList(IPFilter *pf)
{
struct filterList *aux=NULL;
// first, we reserve memory (non paged) to the new filter
aux=(struct filterList *) ExAllocatePool(NonPagedPool, sizeof(struct filterList));
if(aux == NULL)
{
dprintf("Problem reserving memory\n");
return STATUS_INSUFFICIENT_RESOURCES;
}
//fill the new structure
aux->ipf.filter_type = pf->filter_type;
aux->ipf.destinationIp = pf->destinationIp;
aux->ipf.sourceIp = pf->sourceIp;
aux->ipf.destinationMask = pf->destinationMask;
aux->ipf.sourceMask = pf->sourceMask;
aux->ipf.destinationPort = pf->destinationPort;
aux->ipf.sourcePort = pf->sourcePort;
aux->ipf.protocol = pf->protocol;
aux->ipf.drop=pf->drop;
//Add the new filter to the filter list
if(first == NULL)
{
first = last = aux;
first->next = NULL;
}
else
{
last->next = aux;
last = aux;
last->next = NULL;
}
dprintf("Rule Added\n\t%x %x\n\t%x %x\n\t%x\n\t%x", aux->ipf.sourceIp
, aux->ipf.sourceMask
, aux->ipf.destinationIp
, aux->ipf.destinationMask
, aux->ipf.sourcePort
, aux->ipf.destinationPort);
return STATUS_SUCCESS;
}
/*++
Routine Description:
Remove the linked list where the rules were saved.
Arguments:
Return Value:
--*/
void ClearFilterList(void)
{
struct filterList *aux = NULL;
//free the linked list
dprintf("Removing the filter List...");
while(first != NULL)
{
aux = first;
first = first->next;
ExFreePool(aux);
dprintf("One Rule removed");
}
first = last = NULL;
dprintf("Removed is complete.");
}
/*++
Routine Description:
Filter each packet is received or sended
To see parameters and return you can read it in MSDN
--*/
PF_FORWARD_ACTION cbFilterFunction(IN unsigned char *PacketHeader,IN unsigned char *Packet, IN unsigned int PacketLength, IN unsigned int RecvInterfaceIndex, IN unsigned int SendInterfaceIndex, IN unsigned long RecvLinkNextHop, IN unsigned long SendLinkNextHop)
{
IPPacket *ipp;
TCPHeader *tcph;
UDPHeader *udph;
int countRule=0;
struct filterList *aux = first;
//提取IP包头部
ipp=(IPPacket *)PacketHeader;
dprintf("Tama: %x, %d", PacketLength, RecvInterfaceIndex);
//打印源地址、目的地址、协议号
dprintf("Source: %x\nDestination: %x\nProtocol: %d", ipp->ipSource, ipp->ipDestination, ipp->ipProtocol);
//TCP -> protocol = 6 TCP协议号为:1
//我们接收已连接的所有数据报
if(ipp->ipProtocol == 6)
{
tcph=(TCPHeader *)Packet;
dprintf("FLAGS: %x\n", tcph->flags);
//if we havent the bit SYN activate, we pass the packets
if(!(tcph->flags & 0x02))
return PF_FORWARD;
}else if(ipp->ipProtocol == 17)
{
//获得UDP分组头
udph=(UDPHeader *)Packet;
}
//其它分组,应用规则
while(aux != NULL)
{
dprintf("和规则 %d 比较.\n", countRule);
dprintf("执行位置 1 ok!.\n");
dprintf("规则类型 %x .\n", aux->ipf.filter_type);
//所有过滤
if (aux->ipf.filter_type==ALL_FILTER){
if(aux->ipf.drop){
dprintf("发送:丢弃数据报: Source: %x\nDestination: %x\nProtocol: %d", ipp->ipSource, ipp->ipDestination, ipp->ipProtocol);
return PF_DROP;
}
else{
countRule++;
aux=aux->next;
continue;
//return PF_FORWARD;
}
}
if (aux->ipf.filter_type==BLANK_IP_FILTER){
//IP黑名单
dprintf("进入IP黑名单筛选。");
if (aux->ipf.sourceIp == 0){
//目的地址过滤
if (aux->ipf.destinationIp == ipp->ipDestination){
if(aux->ipf.drop){
dprintf("发送:丢弃数据报: Source: %x\nDestination: %x\nProtocol: %d", ipp->ipSource, ipp->ipDestination, ipp->ipProtocol);
return PF_DROP;
}
else{
countRule++;
aux=aux->next;
continue;
//return PF_FORWARD;
}
}
}
else{
if (aux->ipf.destinationIp == 0){
if (aux->ipf.sourceIp == ipp->ipSource){
if(aux->ipf.drop){
dprintf("接收:丢弃数据报: Source: %x\nDestination: %x\nProtocol: %d", ipp->ipSource, ipp->ipDestination, ipp->ipProtocol);
return PF_DROP;
}
else{
//return PF_FORWARD;
countRule++;
aux=aux->next;
continue;
}
}
else{
if ((aux->ipf.destinationIp == ipp->ipDestination) && (aux->ipf.sourceIp == ipp->ipSource)){
if(aux->ipf.drop){
dprintf("丢弃数据报: Source: %x\nDestination: %x\nProtocol: %d", ipp->ipSource, ipp->ipDestination, ipp->ipProtocol);
return PF_DROP;
}
else{
countRule++;
aux=aux->next;
continue;
//return PF_FORWARD;
}
}
}
}
}
}
dprintf("执行位置 2 ok!.\n");
if (aux->ipf.filter_type==LOCAL_PORT_FILTER){
//过滤本机端口
if(aux->ipf.protocol==0){
//所有协议的都过滤端口
filterport: if(ipp->ipProtocol == 6){
if(((aux->ipf.sourcePort != 0) && (tcph->sourcePort == aux->ipf.sourcePort) && ((aux->ipf.sourcePort == 0) || (aux->ipf.sourceIp==ipp->ipSource))) || ((aux->ipf.destinationPort != 0) && (tcph->destinationPort == aux->ipf.destinationPort) && (aux->ipf.destinationIp==0 || aux->ipf.destinationIp==ipp->ipDestination))){
//规则的目的端口=0(不管);或 目的地址端口=规则的目的地址端口
//处理数据报
if(aux->ipf.drop){
dprintf("TCP丢弃数据报;源端口= %d ;目的端口 = %x\n", tcph->sourcePort, tcph->destinationPort);
return PF_DROP;//丢弃
}
else{
dprintf("TCP放过数据报;源端口= %d ;目的端口 = %x\n", tcph->sourcePort, tcph->destinationPort);
countRule++;
aux=aux->next;
continue;
//return PF_FORWARD;//放过
}
}
}
if(ipp->ipProtocol == 17){
if((aux->ipf.sourcePort != 0 && udph->sourcePort == aux->ipf.sourcePort && ((aux->ipf.sourcePort == 0) || (aux->ipf.sourceIp==ipp->ipSource))) || (aux->ipf.destinationPort != 0 && udph->destinationPort == aux->ipf.destinationPort && (aux->ipf.destinationIp==0 || aux->ipf.destinationIp==ipp->ipDestination))){
//如果规则的源地址端口=0(即:全部端口), 源地址端口 = 规则源地址端口;
//dprintf("如果规则的源地址端口=0(即:全部端口), 源地址端口 = 规则源地址端口: %d", udph->destinationPort);
//根据规则处理分组包
if(aux->ipf.drop){
dprintf("UDP丢弃数据报;源端口= %d ;目的端口 = %x\n", udph->sourcePort, udph->destinationPort);
return PF_DROP;//丢弃
}
else{
dprintf("UDP放过数据报;源端口= %d ;目的端口 = %x\n", udph->sourcePort, udph->destinationPort);
countRule++;
aux=aux->next;
continue;
//return PF_FORWARD;//放过
}
}
}
}//end if ipp->ipProtocol == 0
if (ipp->ipProtocol == aux->ipf.protocol){
//指定的协议,我们无法处理。
if(aux->ipf.drop){
dprintf("丢弃 \n");
return PF_DROP;
}
else{
countRule++;
aux=aux->next;
continue;
//return PF_FORWARD;
}
}
else if (aux->ipf.protocol== ipp->ipProtocol){
goto filterport;
}
}
dprintf("执行位置 3 ok!.\n");
if (aux->ipf.filter_type==NET_FILTER){
//网络过滤
if(((aux->ipf.sourceIp == 0) && (aux->ipf.destinationIp !=0)) && ((ipp->ipDestination & aux->ipf.destinationMask) == (aux->ipf.destinationIp & aux->ipf.destinationMask)))
{
//源地址不要求,目的地址同一网段
if(aux->ipf.drop){
dprintf("丢弃,源地址(=0)不要求,目的地址同一网段:源地址= %x Destination: %x Protocol: %d", ipp->ipSource, ipp->ipDestination, ipp->ipProtocol);
return PF_DROP;
}
else{
countRule++;
aux=aux->next;
continue;
//return PF_FORWARD;
}
}
if (((aux->ipf.sourceIp != 0) && (aux->ipf.destinationIp ==0)) && ((ipp->ipSource & aux->ipf.sourceMask) == (aux->ipf.sourceIp & aux->ipf.sourceMask))){
//目的地址部要求,源地址同一网段
if(aux->ipf.drop){
dprintf("丢弃,目的地址(=0)不要求,源地址同一网段:源地址= %x Destination: %x Protocol: %d", ipp->ipSource, ipp->ipDestination, ipp->ipProtocol);
return PF_DROP;
}
else{
countRule++;
aux=aux->next;
continue;
//return PF_FORWARD;
}
}
if (((aux->ipf.sourceIp != 0) && (aux->ipf.destinationIp !=0)) && ((ipp->ipDestination & aux->ipf.destinationMask) == (aux->ipf.destinationIp & aux->ipf.destinationMask)) && ((ipp->ipSource & aux->ipf.sourceMask) == (aux->ipf.sourceIp & aux->ipf.sourceMask))){
//目的地址和源地址皆在同一网段
if(aux->ipf.drop){
dprintf("丢弃,目的地址和源地址皆在同一网段,源地址= %x Destination: %x Protocol: %d", ipp->ipSource, ipp->ipDestination, ipp->ipProtocol);
return PF_DROP;
}
else{
countRule++;
aux=aux->next;
continue;
//return PF_FORWARD;
}
}
}
dprintf("执行位置 4 ok!.\n");
//比较下一个规则
countRule++;
aux=aux->next;
}
//对于没有注册的,我们统统接受
dprintf("数据报没有匹配的规则,放过: Source: %x Destination: %x Protocol: %d", ipp->ipSource, ipp->ipDestination, ipp->ipProtocol);
return PF_FORWARD;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -