fw_interface.h

用Delphi实现的防火墙,可实现象天网一样的功能.

/* fw_interface.h	
	writing by qsc @ 2001-06-19
	define firewall NDIS IM Driver's interface and constants
	
*/


#ifdef _WINDOWS
#include <WinIoctl.h>   // Compiling Win32 Applications Or DLL's
#include <string.h>		// inline function
#pragma intrinsic(memcpy)
#endif // _WINDOWS



// Define Driver Name Strings
#define DOGFW_BASE_NAME	TEXT("DOGFW")
#define DOGFW_DEVICE_NAME	TEXT("\\\\.\\DOGFW")
#define DOGFW_DISPLAY_NAME	TEXT("Filter")

// Define IOCTL CODE constants used by DeviceIoControl function

#define FILE_DEVICE_BASE	0x8000	//0x0 ~ 0x7FFF used by Microsoft
#define IOCTL_FW_BASE	FILE_DEVICE_BASE

#define IOCTL_DOGFW_CTL_FW_STATUS\
	CTL_CODE(IOCTL_FW_BASE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)	//char *fw_status

#define IOCTL_DOGFW_CTL_FWMODE\
	CTL_CODE(IOCTL_FW_BASE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)	//char *fw_mode

#define IOCTL_DOGFW_CTL_CHKDATA\
	CTL_CODE(IOCTL_FW_BASE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)	//

#define IOCTL_DOGFW_CTL_DELCHKDATA \
	CTL_CODE(IOCTL_FW_BASE, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)

//
// Specify Structure Packing
//
#pragma pack(1)      // x86, MS compiler; MIPS, MIPS compiler


//Define keyword infomation
struct	Interface_Keyword {
	UINT			id;		//id号	
	int			len;			//关键字长度
	USHORT		port;			//端口
};

//----------------------------------------------------

#define MAX_RULE_NUM 255
struct Time_Restrict {
	CHAR	time_enable;		//是否有效
	int 	start_time;		//当天的起始时间
	int 	end_time;		//终止时间
};

struct Proto_Restrict {
	CHAR	tcp_enable;		//是否允许TCP协议
	CHAR	udp_enable;		//是否允许UDP协议
	CHAR	icmp_enable;		//是否允许ICMP协议
	CHAR	restip_enable;	//是否允许其他ip协议
};

struct Rule {
	int				id;			//唯一标志号
	int				ip;			//IP address
	int				mask;		//掩码
	CHAR 			action;		//允许、禁止
	UCHAR			proto;		//protocol type
	CHAR			sp_operator;//源端口算子（>、<、=...）
	CHAR			dp_operator;//目的端口算子（>、<、=...）
	CHAR 			direct;		//方向（DT_IN, DT_OUT, DT_INOUT）
	CHAR			log_enable;	//是否记入日志
	CHAR			warn_enable;//是否产生报警
	USHORT				s_port[2];
	USHORT				d_port[2];
	struct Time_Restrict time;	//有效时间段
	UCHAR			tcpflag;	//tcp标志，等于0不判断
};

struct RuleSet {
	CHAR firewall_status; 		//全局防火墙开启（有规则）或关闭（最放松，没有规则）或全局设置断开所有（最安全）
	CHAR mode;			//全局模式设置（除了禁止都允许或除了允许都禁止）
	CHAR log_enable;		//是否记录日志
	CHAR warn_enable;		//是否产生报警
	struct Time_Restrict time;	//全局规则有效时间段
	struct Proto_Restrict proto;	//协议禁止设置
	USHORT	rules_num;		//规则数目
	struct Rule Rules[MAX_RULE_NUM];//规则数组
};


struct		All_Rules {
USHORT			rules_num;				//规则数目
struct 	Rule 	Rules[MAX_RULE_NUM];	//规则数组
};


//Define Flux control data structure
struct	Flux_Control {
   // Receive Delay Settings
   CHAR				m_bEnableRxDelay;       // Enable Receive Delays
    int		m_nRxBandwidth;         // Bits/Second
    int     m_nRxLatency;           // Milliseconds

   // Send Delay Settings
   CHAR				m_bEnableTxDelay;       // Enable Send Delays
    int	    m_nTxBandwidth;         // Bits/Second
    int     m_nTxLatency;           // Milliseconds
	};

//Define firewall statistics

struct	Pkt_Stat {
	 int	allow_in_pkts;
	 int	allow_in_bytes;
	 int	allow_out_pkts;
	 int 	allow_out_bytes;
	
	 int	deny_in_pkts;
	 int 	deny_in_bytes;
	 int	deny_out_pkts;
	 int	deny_out_bytes;
};

struct	Ip_Stat	{
	struct	Pkt_Stat	tcp;
	struct	Pkt_Stat	udp;
	struct	Pkt_Stat	icmp;
	struct	Pkt_Stat	restip;
};

struct	Notip_Stat {
	struct Pkt_Stat	other_stat;
};

struct	Statistics {
	struct	Ip_Stat	ip;
	struct	Notip_Stat	notip;
};

//
// Restore Default Structure Packing
//
#pragma pack()                  // x86, MS compiler; MIPS, MIPS compiler