📄 util.c
字号:
case PT_RESTIP:
g_stat.ip.restip.allow_out_bytes+=packsize;
g_stat.ip.restip.allow_out_pkts++;
break;
default:
g_stat.notip.other_stat.allow_out_bytes+=packsize;
g_stat.notip.other_stat.allow_out_pkts++;
}
}
if (action==DENY)
{
switch (ptype)
{
case PT_TCP:
g_stat.ip.tcp.deny_out_bytes+=packsize;
g_stat.ip.tcp.deny_out_pkts++;
break;
case PT_UDP:
g_stat.ip.udp.deny_out_bytes+=packsize;
g_stat.ip.udp.deny_out_pkts++;
break;
case PT_ICMP:
g_stat.ip.icmp.deny_out_bytes+=packsize;
g_stat.ip.icmp.deny_out_pkts++;
break;
case PT_RESTIP:
g_stat.ip.restip.deny_out_bytes+=packsize;
g_stat.ip.restip.deny_out_pkts++;
break;
default:
g_stat.notip.other_stat.deny_out_bytes+=packsize;
g_stat.notip.other_stat.deny_out_pkts++;
}
}
}
}
*/
/////////////////////////////////////////////////////////////////
//
//函数UTIL_WriteLog
//
//参数
//USHORT ID,struct ip cur_ip
//
//返回值
//无
//
//
//备注
//在IOCTL中加入SETLOGADDRESS,传入回调函数地址,并得到当前线程号。
//在此函数中调用 _VWIN32_QueueUserApc() 调用应用程序函数。
/*
void UTIL_TcpWriteLog(
struct Fw_Rule_Node *pTcpRule,
struct ip *piphdr,
struct tcphdr *ptcphdr
)
{
g_AllLog[lcall_num].logs[log_num].ID=pTcpRule->ID;
g_AllLog[lcall_num].log_num=log_num+1;
g_AllLog[lcall_num].protocol=PT_TCP;
memcpy((void *)&g_AllLog[lcall_num].logs[log_num].ip_pkt,(void *)piphdr,sizeof(struct ip));
memcpy((void *)&g_AllLog[lcall_num].logs[log_num].log_trans_pkt.tcp_pkt,(void *)ptcphdr,sizeof(struct tcphdr));
if ((log_num+1)>=MAX_LOG_NUM)
{
if (g_logfop && g_logpdx)
SignalEvent(g_logpdx,g_logfop);
log_num=0;
lcall_num++;
if (lcall_num>=MAX_CALL_NUM)
lcall_num=0;
}
else
{
log_num++;
}
}
*/
/////////////////////////////////////////////////////////////////
//
//函数UTIL_Alarm
//
//参数
//USHORT ID,struct ip cur_ip
//
//返回值
//无
//
//
//备注
//在IOCTL中加入SETALARMADDRESS,传入回调函数地址,并得到当前线程号。
//在此函数中调用 _VWIN32_QueueUserApc() 调用应用程序函数。
/*
void UTIL_TcpAlarm(
struct Fw_Rule_Node *pTcpRule,
struct ip *piphdr,
struct tcphdr *ptcphdr
)
{
g_AllAlarm[acall_num].Alarms[alarm_num].ID=pTcpRule->ID;
g_AllAlarm[acall_num].Alarms[alarm_num].protocol=PT_TCP;
g_AllAlarm[acall_num].alarm_num=alarm_num+1;
memcpy((void *)&g_AllAlarm[acall_num].Alarms[alarm_num].ip_pkt,(void *)piphdr,sizeof(struct ip));
memcpy((void *)&g_AllAlarm[acall_num].Alarms[alarm_num].alarm_trans_pkt.tcp_pkt,(void *)ptcphdr,sizeof(struct tcphdr));
if ((alarm_num+1)>=MAX_ALARM_NUM)
{
if (g_alarmfop && g_alarmpdx)
SignalEvent(g_alarmpdx,g_alarmfop);
alarm_num=0;
acall_num++;
if (acall_num>=MAX_CALL_NUM)
acall_num=0;
}
else
{
alarm_num++;
}
}
*/
/*
void UTIL_UdpWriteLog(
struct Fw_Rule_Node *pUdpRule,
struct ip *piphdr,
struct udphdr *pudphdr
)
{
g_AllLog[lcall_num].logs[log_num].ID=pUdpRule->ID;
g_AllLog[lcall_num].log_num=log_num+1;
g_AllLog[lcall_num].protocol=PT_UDP;
memcpy((void *)&g_AllLog[lcall_num].logs[log_num].ip_pkt,(void *)piphdr,sizeof(struct ip));
memcpy((void *)&g_AllLog[lcall_num].logs[log_num].log_trans_pkt.udp_pkt,(void *)pudphdr,sizeof(struct udphdr));
if ((log_num+1)>=MAX_LOG_NUM)
{
if (g_logfop && g_logpdx)
SignalEvent(g_logpdx,g_logfop);
log_num=0;
lcall_num++;
if (lcall_num>=MAX_CALL_NUM)
lcall_num=0;
}
else
{
log_num++;
}
}
void UTIL_UdpAlarm(
struct Fw_Rule_Node *pUdpRule,
struct ip *piphdr,
struct udphdr *pudphdr
)
{
g_AllAlarm[acall_num].Alarms[alarm_num].ID=pUdpRule->ID;
g_AllAlarm[acall_num].Alarms[alarm_num].protocol=PT_UDP;
g_AllAlarm[acall_num].alarm_num=alarm_num+1;
memcpy((void *)&g_AllAlarm[acall_num].Alarms[alarm_num].ip_pkt,(void *)piphdr,sizeof(struct ip));
memcpy((void *)&g_AllAlarm[acall_num].Alarms[alarm_num].alarm_trans_pkt.udp_pkt,(void *)pudphdr,sizeof(struct udphdr));
if ((alarm_num+1)>=MAX_ALARM_NUM)
{
if (g_alarmfop && g_alarmpdx)
SignalEvent(g_alarmpdx,g_alarmfop);
alarm_num=0;
acall_num++;
if (acall_num>=MAX_CALL_NUM)
acall_num=0;
}
else
{
alarm_num++;
}
}
void UTIL_IcmpWriteLog(
struct Fw_Rule_Node *pIcmpRule,
struct ip *piphdr,
struct icmp *picmphdr
)
{
g_AllLog[lcall_num].logs[log_num].ID=pIcmpRule->ID;
g_AllLog[lcall_num].log_num=log_num+1;
g_AllLog[lcall_num].protocol=PT_ICMP;
memcpy((void *)&g_AllLog[lcall_num].logs[log_num].ip_pkt,(void *)piphdr,sizeof(struct ip));
memcpy((void *)&g_AllLog[lcall_num].logs[log_num].log_trans_pkt.icmp_pkt,(void *)picmphdr,sizeof(struct icmp));
if ((log_num+1)>=MAX_LOG_NUM)
{
if (g_logfop && g_logpdx)
SignalEvent(g_logpdx,g_logfop);
log_num=0;
lcall_num++;
if (lcall_num>=MAX_CALL_NUM)
lcall_num=0;
}
else
{
log_num++;
}
}
void UTIL_IcmpAlarm(
struct Fw_Rule_Node *pIcmpRule,
struct ip *piphdr,
struct icmp *picmphdr
)
{
g_AllAlarm[acall_num].Alarms[alarm_num].ID=pIcmpRule->ID;
g_AllAlarm[acall_num].Alarms[alarm_num].protocol=PT_ICMP;
g_AllAlarm[acall_num].alarm_num=alarm_num+1;
memcpy((void *)&g_AllAlarm[acall_num].Alarms[alarm_num].ip_pkt,(void *)piphdr,sizeof(struct ip));
memcpy((void *)&g_AllAlarm[acall_num].Alarms[alarm_num].alarm_trans_pkt.icmp_pkt,(void *)picmphdr,sizeof(struct icmp));
if ((alarm_num+1)>=MAX_ALARM_NUM)
{
if (g_alarmfop && g_alarmpdx)
SignalEvent(g_alarmpdx,g_alarmfop);
alarm_num=0;
acall_num++;
if (acall_num>=MAX_CALL_NUM)
acall_num=0;
}
else
{
alarm_num++;
}
}
void UTIL_RestipWriteLog(
struct Fw_Rule_Node *pRestipRule,
struct ip *piphdr
)
{
g_AllLog[lcall_num].logs[log_num].ID=pRestipRule->ID;
g_AllLog[lcall_num].log_num=log_num+1;
g_AllLog[lcall_num].protocol=PT_RESTIP;
memcpy((void *)&g_AllLog[lcall_num].logs[log_num].ip_pkt,(void *)piphdr,sizeof(struct ip));
if ((log_num+1)>=MAX_LOG_NUM)
{
if (g_logfop && g_logpdx)
SignalEvent(g_logpdx,g_logfop);
log_num=0;
lcall_num++;
if (lcall_num>=MAX_CALL_NUM)
lcall_num=0;
}
else
{
log_num++;
}
}
void UTIL_RestipAlarm(
struct Fw_Rule_Node *pRestipRule,
struct ip *piphdr
)
{
g_AllAlarm[acall_num].Alarms[alarm_num].ID=pRestipRule->ID;
g_AllAlarm[acall_num].Alarms[alarm_num].protocol=PT_RESTIP;
g_AllAlarm[acall_num].alarm_num=alarm_num+1;
memcpy((void *)&g_AllAlarm[acall_num].Alarms[alarm_num].ip_pkt,(void *)piphdr,sizeof(struct ip));
if ((alarm_num+1)>=MAX_ALARM_NUM)
{
if (g_alarmfop && g_alarmpdx)
SignalEvent(g_alarmpdx,g_alarmfop);
alarm_num=0;
acall_num++;
if (acall_num>=MAX_CALL_NUM)
acall_num=0;
}
else
{
alarm_num++;
}
}
/////////////////////////////////////////////////////////////////
//
//函数UTIL_SizeupPort
//
//参数
//USHORT cur_port,char p_operator,USHORT port1,USHORT port2
//
//返回值
//TRUE,FALSE
//
//
//备注
//cur_port是否满足规则中对端口的要求
BOOLEAN UTIL_SizeupPort(
USHORT cur_port,
char p_operator,
USHORT port1,
USHORT port2
)
{
if (port1==0 && port2==0)
return TRUE;
switch (p_operator)
{
case OP_GT:
return (cur_port>port1);
case OP_LT:
return (cur_port<port1);
case OP_EQ:
return (cur_port==port1);
case OP_NE:
return (cur_port != port1);
case OP_BW:
return (cur_port>port1 && cur_port<port2);
}
return FALSE;
}
//////////////////////////////////////////////////////
//
//函数UTIL_GetCurrentTime()
//
//参数
//无
//
//返回值
//从当天零点到调用函数时的秒数
//
//
int UTIL_GetCurrentTime(void)
{
LARGE_INTEGER current;
ULONGLONG cursec=0;
ULONG sec=0;
KeQuerySystemTime(¤t);
cursec=current.QuadPart/10000000;
sec=(int)(cursec%86400);
return (sec+3600*8);
}
*/
/*-------------------------------------------------------------------
数据检查相关函数
--------------------------------------------------------------------*/
/////////////////////////////////////////////////////////////////
//
//函数UTIL_ExamineData
//
//参数
//要检查的数据buf,size,关键字,关键字size
//
//返回值
//是,否
//
//
//备注
//在buf中查找是否包含关键字
//kmp算法中求next
void UTIL_getnext(char *p,int len_p,short *next)//p为子串,len_p为子串长度
{
short i=0,j=-1;
next[0]=-1;
while (i<=len_p-1)
{
while(j>=0 && p[i]!=p[j])
{
j=next[j];
}
i++;j++;next[i]=j;
}
}
//kmp 算法
BOOLEAN UTIL_kmp(
char *data,
int datasize,
char *keyword,
int keysize,
short *next
)
{
int i=0,j=0;
while(i<=datasize-1&&j<=keysize-1)
{
while(j>=0 && data[i]!=keyword[j])
{
j=next[j];
}
i++;j++;
}
if (j==keysize) return TRUE;
else return FALSE;
}
///////////////////////////////////////////////
//查找符合端口节点的函数
//
//参数
//
//返回值
//
//备注
struct KeyList *UTIL_FindPortNode(USHORT port)
{
struct KeyList *plistnode;
plistnode=g_Rules.global.pkeylist;
while (plistnode)
{
if (port<plistnode->port)
{
plistnode=plistnode->next;
continue;
}
if (plistnode->port==port)
return plistnode;
if(port>plistnode->port)
break;
}
return NULL;
}
///////////////////////////////////////////////
//插入关键字节点的函数
//
//参数
//
//返回值
//
//备注
void UTIL_InsertKeyNode(struct KeyList *pnode,UINT id,char *key,ULONG keylen)
{
struct Keyword *keynode,*newkey;
newkey=(struct Keyword *)UTIL_AllocateMemory(sizeof(struct Keyword));
newkey->id=id;
newkey->keyword=key;
newkey->len=keylen;
newkey->overlap=(short *)UTIL_AllocateMemory((keylen+1)*sizeof(short));
UTIL_getnext(newkey->keyword,newkey->len ,newkey->overlap);
newkey->next=NULL;
keynode=pnode->pkeyword;
while(keynode->next)
{
keynode=keynode->next;
}
keynode->next=newkey;
return;
}
///////////////////////////////////////////////
//找到符合端口的插入函数
//
//参数
//
//返回值
//
//备注
void UTIL_FindRightPlace(struct KeyList **prenode,USHORT port)
{
struct KeyList *pnode,*ppre,*pnext;
pnode=g_Rules.global.pkeylist;
if (pnode==NULL || port<pnode->port)
{
*prenode=NULL;
return;
}
else
{
ppre=pnode;
pnext=ppre->next;
while (pnext)
{
if (port > ppre->port && port < pnext->port ) // I find it
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -