📄 ipfilter.c
字号:
* Process Source Port fields */ fieldptr = fieldptr->nextfield; if (fieldptr->buf[0] == '\0') data->sport1 = 0; else data->sport1 = atoi(fieldptr->buf); fieldptr = fieldptr->nextfield; if (fieldptr->buf[0] == '\0') data->sport2 = 0; else data->sport2 = atoi(fieldptr->buf); /* * Process Destination Address field */ fieldptr = fieldptr->nextfield; if (fieldptr->buf[0] == '\0') strcpy(data->d_fqdn, WILDCARD); else strcpy(data->d_fqdn, fieldptr->buf); maskbits = 0; if (strchr(data->d_fqdn, '/') != NULL) { cidr_split_address(data->d_fqdn, actual_address, &maskbits); strcpy(data->d_fqdn, actual_address); } /* * Process Destination mask field */ fieldptr = fieldptr->nextfield; if (fieldptr->buf[0] == '\0') { if (maskbits > 32) { strcpy(data->d_mask, WILDCARD); } else { strncpy(data->d_mask, cidr_get_quad_mask(maskbits), 20); } } else strcpy(data->d_mask, fieldptr->buf); /* * Process Dedination Port fields */ fieldptr = fieldptr->nextfield; if (fieldptr->buf[0] == '\0') data->dport1 = 0; else data->dport1 = atoi(fieldptr->buf); fieldptr = fieldptr->nextfield; if (fieldptr->buf[0] == '\0') data->dport2 = 0; else data->dport2 = atoi(fieldptr->buf); /* * Process IP protocol filter fields */ fieldptr = fieldptr->nextfield; memset(&(data->filters), 0, sizeof(data->filters)); if (toupper(fieldptr->buf[0]) == 'Y') data->filters[F_ALL_IP] = 1; fieldptr = fieldptr->nextfield; if (toupper(fieldptr->buf[0]) == 'Y') data->filters[F_TCP] = 1; fieldptr = fieldptr->nextfield; if (toupper(fieldptr->buf[0]) == 'Y') data->filters[F_UDP] = 1; fieldptr = fieldptr->nextfield; if (toupper(fieldptr->buf[0]) == 'Y') data->filters[F_ICMP] = 1; fieldptr = fieldptr->nextfield; if (toupper(fieldptr->buf[0]) == 'Y') data->filters[F_IGMP] = 1; fieldptr = fieldptr->nextfield; if (toupper(fieldptr->buf[0]) == 'Y') data->filters[F_OSPF] = 1; fieldptr = fieldptr->nextfield; if (toupper(fieldptr->buf[0]) == 'Y') data->filters[F_IGP] = 1; fieldptr = fieldptr->nextfield; if (toupper(fieldptr->buf[0]) == 'Y') data->filters[F_IGRP] = 1; fieldptr = fieldptr->nextfield; if (toupper(fieldptr->buf[0]) == 'Y') data->filters[F_GRE] = 1; fieldptr = fieldptr->nextfield; if (toupper(fieldptr->buf[0]) == 'Y') data->filters[F_L2TP] = 1; fieldptr = fieldptr->nextfield; if (toupper(fieldptr->buf[0]) == 'Y') data->filters[F_IPSEC_AH] = 1; fieldptr = fieldptr->nextfield; if (toupper(fieldptr->buf[0]) == 'Y') data->filters[F_IPSEC_ESP] = 1; fieldptr = fieldptr->nextfield; /* * Parse protocol string */ cptr = fieldptr->buf; strncpy(data->protolist, cptr, 60); do { get_next_protorange(fieldptr->buf, &cptr, &rangeproto1, &rangeproto2, &parse_result, &bptr); if (parse_result == RANGE_OK) { if (rangeproto2 != 0) { for (i = rangeproto1; i <= rangeproto2; i++) { data->filters[i] = 1; } } else { data->filters[rangeproto1] = 1; } } } while (parse_result == RANGE_OK); data->reverse = toupper(fieldptr->nextfield->buf[0]); if (data->reverse != 'E') data->reverse = 'I'; data->match_opposite = toupper(fieldptr->nextfield->nextfield->buf[0]); if (data->match_opposite != 'Y') data->match_opposite = 'N'; } tx_destroyfields(&fields); del_panel(dlgpanel); delwin(dlgwin); update_panels(); doupdate();}void ipfilterselect(struct filterlist *fl, char *filename, int *fltcode, int *aborted){ struct MENU menu; int row = 1; struct filterfileent fflist; makestdfiltermenu(&menu); do { tx_showmenu(&menu); tx_operatemenu(&menu, &row, aborted); switch (row) { case 1: definefilter(aborted); break; case 2: selectfilter(&fflist, aborted); if (!(*aborted)) { memset(filename, 0, FLT_FILENAME_MAX); strncpy(filename, get_path(T_WORKDIR, fflist.filename), FLT_FILENAME_MAX - 1); if (!loadfilter(filename, fl, FLT_RESOLVE)) *fltcode = 1; else *fltcode = 0; } break; case 3: destroyfilter(fl); *fltcode = 0; tx_infobox("IP filter deactivated", ANYKEY_MSG); break; case 4: editfilter(aborted); break; case 5: delfilter(aborted); if (!(*aborted)) tx_infobox("IP filter deleted", ANYKEY_MSG); } } while (row != 7); tx_destroymenu(&menu); update_panels(); doupdate();}/* * Display/logging filter for other (non-TCP, non-UDP) IP protocols. */int ipfilter(unsigned long saddr, unsigned long daddr, unsigned int sport, unsigned int dport, unsigned int protocol, int match_opp_mode, struct filterlist *fl){ struct filterent *fe = fl->head; int result = 0; int fltexpr1; int fltexpr2; while (fe != NULL) { if (protocol == IPPROTO_TCP || protocol == IPPROTO_UDP) { fltexpr1 = ((saddr & fe->smask) == (fe->saddr & fe->smask) && (daddr & fe->dmask) == (fe->daddr & fe->dmask)) && (((fe->hp.sport2 == 0 && (fe->hp.sport1 == sport || fe->hp.sport1 == 0)) || (fe->hp.sport2 != 0 && (sport >= fe->hp.sport1 && sport <= fe->hp.sport2))) && ((fe->hp.dport2 == 0 && (fe->hp.dport1 == dport || fe->hp.dport1 == 0)) || (fe->hp.dport2 != 0 && (dport >= fe->hp.dport1 && dport <= fe->hp.dport2)))); if ((protocol == IPPROTO_TCP && match_opp_mode == MATCH_OPPOSITE_ALWAYS) || (fe->hp.match_opposite == 'Y')) fltexpr2 = ((saddr & fe->dmask) == (fe->daddr & fe->dmask) && (daddr & fe->smask) == (fe->saddr & fe->smask)) && (((fe->hp.dport2 == 0 && (sport == fe->hp.dport1 || fe->hp.dport1 == 0)) || (fe->hp.dport2 != 0 && (sport >= fe->hp.dport1 && sport <= fe->hp.dport2))) && ((fe->hp.sport2 == 0 && (dport == fe->hp.sport1 || fe->hp.sport1 == 0)) || (fe->hp.dport2 != 0 && (dport >= fe->hp.sport1 && dport <= fe->hp.sport2)))); else fltexpr2 = 0; } else { fltexpr1 = ((saddr & fe->smask) == (fe->saddr & fe->smask)) && ((daddr & fe->dmask) == (fe->daddr & fe->dmask)); if (fe->hp.match_opposite == 'Y') { fltexpr2 = ((daddr & fe->smask) == (fe->saddr & fe->smask)) && ((saddr & fe->dmask) == (fe->daddr & fe->dmask)); } else fltexpr2 = 0; } if (fltexpr1 || fltexpr2) { result = fe->hp.filters[protocol] || fe->hp.filters[F_ALL_IP]; if (result) { if (toupper(fe->hp.reverse) == 'E') { return 0; } return 1; } } fe = fe->next_entry; } return 0;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -