ctr_filter.cpp

IP数据包过滤

#include <string.h>
#include "ctr_filter.h"
#include "IPPackageFilter.h"


unsigned long inet_addr(const char *sIp)
{
	int octets[4];
	int i;
	const char * auxCad = sIp;
	unsigned long lIp = 0;
	
	//we extract each octet of the ip address
	//atoi will get characters until it found a non numeric character(in our case '.')
	for(i = 0; i < 4; i++)
	{
		octets[i] = atoi(auxCad);

		if(octets[i] < 0 || octets[i] > 255)
			return 0;

		lIp |= (octets[i] << (i*8));

		//update auxCad to point to the next octet
		auxCad = strchr(auxCad, '.');

		if(auxCad == NULL && i!=3)
			return -1;

		auxCad++;
	}


	return lIp;
}




unsigned short htons(unsigned short port)
{
	unsigned short portRet;

	portRet = ((port << 8) | (port >> 8));

	return portRet;
}
/*
 * 添加规则
 *
 *
 */
    


BOOLEAN addRule(char *driver_name,USHORT type,USHORT protocol,char *sourceIp,char *sourceMask,USHORT sourcePort, char *destinationIp, char *destinationMask, USHORT  destinationPort,BOOLEAN isDrop){

	DWORD result;
	IPFilter pf;
    
	TDriver filterDriver;
    TDriver ipFltDrv;
	//we load the IPFilter Driver
	char buf[512];
	memset(buf,0,512);
	strcpy(buf, "System32\\Drivers\\");
	strcat(buf, driver_name);
	strcat(buf, ".sys");

	filterDriver.LoadDriver("IpFilterDriver", buf, NULL, TRUE);

	//we don't deregister the driver at destructor
	filterDriver.SetRemovable(FALSE);

	//we load the Filter-Hook Driver
	ipFltDrv.ReLoadDriver(driver_name, NULL, NULL, TRUE);
	ipFltDrv.SetRemovable(FALSE);

	pf.filter_type = type;
	pf.protocol = protocol;			//ICMP protocol
	if ((destinationIp==NULL) || (strlen(destinationIp)==0)){
	  pf.destinationIp = 0;		//all destinations
	}
	else{ 
	  pf.destinationIp = inet_addr(destinationIp);		////all sources
	}
    if ((sourceIp==NULL) || (strlen(sourceIp)==0)){
	  pf.sourceIp = 0;		//all destinations
	}
	else{ 
	  pf.sourceIp = inet_addr(sourceIp);		//all sources
	}
	if ((destinationMask==NULL) || (strlen(destinationMask)==0)){
		pf.destinationMask = 0;
	}else{
	   pf.destinationMask = inet_addr(destinationMask);
	}
	if ((sourceMask==NULL) || (strlen(sourceMask)==0)){
		pf.sourceMask = 0;
	}else{
	  pf.sourceMask = inet_addr(sourceMask); 
	}
	if (destinationPort ==0){
	  pf.destinationPort = destinationPort;		//all ports. As protocol isnt tcp neither udp, we can pass other values
	}else{
	  pf.destinationPort = htons(destinationPort);
	}
    if (sourcePort ==0){
	  pf.sourcePort = 0;			//all ports. As protocol isnt tcp neither udp, we can pass other values
	}else{
	    pf.sourcePort = htons(sourcePort);
	}
	pf.drop = isDrop;				//drop all this traffic

	result = ipFltDrv.WriteIo(ADD_FILTER, &pf, sizeof(pf));
	if (result != DRV_SUCCESS) 
	{
		AfxMessageBox("添加策略失败！");

		return FALSE;
	}

	else
		return TRUE;

}

int startFilter(char *driver_name){
	TDriver ipFltDrv;
	ipFltDrv.ReLoadDriver(driver_name, NULL, NULL, TRUE);
	ipFltDrv.SetRemovable(FALSE);
    if(ipFltDrv.WriteIo(START_IP_HOOK, NULL, 0) != DRV_ERROR_IO)
	{
	    return 0;
	}else{
		return -1;
	}
}


	//卸载过滤驱动
int unInstall_filter(char * driver_name){
	//stop the driver and clear rules
	TDriver ipFltDrv;
	ipFltDrv.SetRemovable(TRUE);
	ipFltDrv.ReLoadDriver(driver_name, NULL, NULL, TRUE);
	if(ipFltDrv.WriteIo(STOP_IP_HOOK, NULL, 0) == DRV_ERROR_IO)
	{
		//记录错误日志
	}
	ipFltDrv.WriteIo(CLEAR_FILTER, NULL, 0);
return 0;
}


int Reg(char * exename) 
{ 
	//修改注册表启动一个NTHANDLE驱动程序 
	char subkey[200];
	int buflen;
	HKEY hkResult;
	char Data[4];
	DWORD isok;
	buflen = sprintf(subkey,"System\\CurrentControlSet\\Services\\%s",exename);
	subkey[buflen]=0;
	isok = RegCreateKey(HKEY_LOCAL_MACHINE,subkey,&hkResult);
	if(isok!=ERROR_SUCCESS) 
	return FALSE;
	Data[0]=3;
	Data[1]=0;
	Data[2]=0;
    Data[3]=0;
	isok=RegSetValueEx(hkResult,"Start",0,4,(const unsigned char *)Data,4);
	Data[0]=1;
	isok=RegSetValueEx(hkResult,"Type",0,4,(const unsigned char *)Data,4);
	isok=RegSetValueEx(hkResult,"ErrorControl",0,4,(const unsigned char *)Data,4);
	GetSystemDirectory((LPSTR)sysdir,256);
    char buf[512];
	memset(buf,0,512);
	strcpy(buf, "%s\\Drivers\\");
	strcat(buf, exename);
	strcat(buf,".sys");

	buflen = sprintf((char *)drivcedir, buf,sysdir);
	buflen = sprintf(subkey,"\\??\\%s",drivcedir);
	subkey[buflen]=0;
	isok=RegSetValueEx(hkResult,"ImagePath",0,1,(const unsigned char *)subkey,buflen);
	RegCloseKey(hkResult);
	buflen = sprintf(subkey,"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\%s",exename);
	subkey[buflen]=0;
	return TRUE;
}
/**
 *  驱动注册程序
 *  参数：exename 驱动名称
 *  返回：注册成功 TRUE;失败FALSE;
 */
int RegHandelDev(char * exename)
{
    //注册驱动程序
    if(Reg(exename)==FALSE)
        return FALSE;
    return TRUE;
} 


int main(){
	//注册驱动程序 
if(RegHandelDev("IPPackageFilter")==FALSE) 
return FALSE;
int rtn = 0;
rtn = addRule("IPPackageFilter", LOCAL_PORT_FILTER, 0, "",  "", 0, "139.9.9.8", "", 1521, TRUE);
rtn = addRule("IPPackageFilter", BLANK_IP_FILTER, 0, "",  "", 0, "139.9.9.37", "", 0, TRUE);
rtn = addRule("IPPackageFilter", NET_FILTER, 0, "",  "",0, "139.9.9.0", "255.255.255.0", 0, FALSE);
rtn = startFilter("IPPackageFilter");
rtn = unInstall_filter("IPPackageFilter");
return 0;
}