📄 util.c
字号:
//return FALSE; //skip not define protocol
break;
} // end of switch (protocol)
} //end of for
return TRUE;
}
*/
/////////////////////////////////////////////////////////////////
//
//函数UTIL_DelAllrules
//
//参数
//无
//
//返回值
//是,否成功
//
//
//备注
//删除所有规则
/*
BOOLEAN UTIL_DelAllrules(void)
{
struct Fw_Rule_Node *ptr_current=NULL;
struct Fw_Rule_Node *ptr_next=NULL;
//tcp in chain
if (g_Rules.tcp.pin!=NULL)
{
ptr_current=g_Rules.tcp.pin;
ptr_next=ptr_current->next;
while (ptr_current!=NULL)
{
UTIL_FreeMemory((void *)ptr_current);
ptr_current=ptr_next;
if (ptr_current!=NULL)
ptr_next=ptr_current->next;
}
g_Rules.tcp.pin=NULL;
}
//tcp out chain
if (g_Rules.tcp.pout!=NULL)
{
ptr_current=g_Rules.tcp.pout;
ptr_next=ptr_current->next;
while (ptr_current!=NULL)
{
UTIL_FreeMemory((void *)ptr_current);
ptr_current=ptr_next;
if (ptr_current!=NULL)
ptr_next=ptr_current->next;
}
g_Rules.tcp.pout=NULL;
}
//udp in chain
if (g_Rules.udp.pin!=NULL)
{
ptr_current=g_Rules.udp.pin;
ptr_next=ptr_current->next;
while (ptr_current!=NULL)
{
UTIL_FreeMemory((void *)ptr_current);
ptr_current=ptr_next;
if (ptr_current!=NULL)
ptr_next=ptr_current->next;
}
g_Rules.udp.pin=NULL;
}
//udp out chain
if (g_Rules.udp.pout!=NULL)
{
ptr_current=g_Rules.udp.pout;
ptr_next=ptr_current->next;
while (ptr_current!=NULL)
{
UTIL_FreeMemory((void *)ptr_current);
ptr_current=ptr_next;
if (ptr_current!=NULL)
ptr_next=ptr_current->next;
}
g_Rules.udp.pout=NULL;
}
//icmp in chain
if (g_Rules.icmp.pin!=NULL)
{
ptr_current=g_Rules.icmp.pin;
ptr_next=ptr_current->next;
while (ptr_current!=NULL)
{
UTIL_FreeMemory((void *)ptr_current);
ptr_current=ptr_next;
if (ptr_current!=NULL)
ptr_next=ptr_current->next;
}
g_Rules.icmp.pin=NULL;
}
//icmp out chain
if (g_Rules.icmp.pout!=NULL)
{
ptr_current=g_Rules.icmp.pout;
ptr_next=ptr_current->next;
while (ptr_current!=NULL)
{
UTIL_FreeMemory((void *)ptr_current);
ptr_current=ptr_next;
if (ptr_current!=NULL)
ptr_next=ptr_current->next;
}
g_Rules.icmp.pout=NULL;
}
//restip in chain
if (g_Rules.ip.pin!=NULL)
{
ptr_current=g_Rules.ip.pin;
ptr_next=ptr_current->next;
while (ptr_current!=NULL)
{
UTIL_FreeMemory((void *)ptr_current);
ptr_current=ptr_next;
if (ptr_current!=NULL)
ptr_next=ptr_current->next;
}
g_Rules.ip.pin=NULL;
}
//restip out chain
if (g_Rules.ip.pout!=NULL)
{
ptr_current=g_Rules.ip.pout;
ptr_next=ptr_current->next;
while (ptr_current!=NULL)
{
UTIL_FreeMemory((void *)ptr_current);
ptr_current=ptr_next;
if (ptr_current!=NULL)
ptr_next=ptr_current->next;
}
g_Rules.ip.pout=NULL;
}
return TRUE;
}
*/
/*
UCHAR UTIL_MatchTcpRule(struct ip *pIpHeader, struct tcphdr *pTcpHeader, UCHAR Direct)
{
UCHAR nAction=NOT_MATCH;
USHORT nSrcPort, nDstPort;
ULONG nSrcIP, nDstIP;
struct Fw_Rule *pTcpRule=NULL;
struct Fw_Rule_Node *ptr=NULL;
pTcpRule=&g_Rules.tcp;
if(!pTcpRule->enable) return DENY; //不允许TCP协议通过
if(Direct==DT_OUT)
{
nSrcIP=(ULONG)pIpHeader->ip_src.s_addr;
nDstIP=(ULONG)pIpHeader->ip_dst.s_addr;
nSrcPort=UTIL_ntohs(pTcpHeader->th_sport);
nDstPort=UTIL_ntohs(pTcpHeader->th_dport);
ptr=pTcpRule->pout;
}
else
{
nSrcIP=pIpHeader->ip_dst.s_addr;
nDstIP=pIpHeader->ip_src.s_addr;
nSrcPort=UTIL_ntohs(pTcpHeader->th_dport);
nDstPort=UTIL_ntohs(pTcpHeader->th_sport);
ptr=pTcpRule->pin;
}
for(; ptr!=NULL; ptr=ptr->next)
{
if(ptr->schedule.enable)
{
int cur_time=UTIL_GetCurrentTime();
// if 当前时间不在时间表范围内
// 返回 PASS
if (cur_time<ptr->schedule.start_time ||cur_time>ptr->schedule.end_time)
{
ptr=ptr->next; //取下一个节点
continue;
}
}
if(UTIL_SizeupPort(nSrcPort, ptr->sp_operator, ptr->s_port[0], ptr->s_port[1]) &&
UTIL_SizeupPort(nDstPort, ptr->dp_operator, ptr->d_port[0], ptr->d_port[1]) &&
((ptr->ip==(nDstIP & ptr->mask))||(ptr->ip==0)))
{
//tcpflag add by qsc
if (ptr->tcpflag==0||ptr->tcpflag==pTcpHeader->th_flags)
{
nAction=ptr->action;
break;
}
}
}
UTIL_CountPacket(PT_TCP, Direct, nAction, (int)UTIL_ntohs(pIpHeader->ip_len));
if (nAction!=NOT_MATCH)
{
if (g_Rules.global.warn_enable && ptr->warn_enable && g_alarmfop &&g_alarmpdx)
UTIL_TcpAlarm(ptr, pIpHeader, pTcpHeader);
if (g_Rules.global.log_enable && ptr->log_enable && g_logfop && g_logpdx)
UTIL_TcpWriteLog(ptr, pIpHeader,pTcpHeader );
}
return nAction;
}
UCHAR UTIL_MatchUdpRule(struct ip *pIpHeader, struct udphdr *pUdpHeader, UCHAR Direct)
{
UCHAR nAction=NOT_MATCH;
USHORT nSrcPort, nDstPort;
ULONG nSrcIP, nDstIP;
struct Fw_Rule_Node *ptr=NULL;
if(!g_Rules.udp.enable) return DENY; //不允许UDP协议通过
if(Direct==DT_OUT)
{
nSrcIP=pIpHeader->ip_src.s_addr;
nDstIP=pIpHeader->ip_dst.s_addr;
nSrcPort=UTIL_ntohs(pUdpHeader->uh_sport);
nDstPort=UTIL_ntohs(pUdpHeader->uh_dport);
ptr=g_Rules.udp.pout;
}
else
{
nSrcIP=pIpHeader->ip_dst.s_addr;
nDstIP=pIpHeader->ip_src.s_addr;
nSrcPort=UTIL_ntohs(pUdpHeader->uh_dport);
nDstPort=UTIL_ntohs(pUdpHeader->uh_sport);
ptr=g_Rules.udp.pin;
}
for(; ptr!=NULL; ptr=ptr->next)
{
if(ptr->schedule.enable)
{
int cur_time=UTIL_GetCurrentTime();
// if 当前时间不在时间表范围内
// 返回 PASS
if (cur_time<ptr->schedule.start_time ||cur_time>ptr->schedule.end_time)
{
ptr=ptr->next; //取下一个节点
continue;
}
}
if(UTIL_SizeupPort(nSrcPort, ptr->sp_operator, ptr->s_port[0], ptr->s_port[1]) &&
UTIL_SizeupPort(nDstPort, ptr->dp_operator, ptr->d_port[0], ptr->d_port[1]) &&
((ptr->ip==(nDstIP & ptr->mask))||(ptr->ip==0)))
{
nAction=ptr->action;
break;
}
}
UTIL_CountPacket(PT_UDP, Direct, nAction, (int)UTIL_ntohs(pIpHeader->ip_len));
if (nAction!=NOT_MATCH)
{
if (g_Rules.global.warn_enable && ptr->warn_enable && g_alarmfop &&g_alarmpdx)
UTIL_UdpAlarm(ptr, pIpHeader, pUdpHeader);
if (g_Rules.global.log_enable && ptr->log_enable && g_logfop && g_logpdx)
UTIL_UdpWriteLog(ptr, pIpHeader, pUdpHeader);
}
return nAction;
}
UCHAR UTIL_MatchIcmpRule(struct ip *pIpHeader, struct icmp *pIcmpHeader, UCHAR Direct)
{
UCHAR nAction=NOT_MATCH;
ULONG nSrcIP, nDstIP;
struct Fw_Rule_Node *ptr=NULL;
if(!g_Rules.icmp.enable) return DENY; //不允许ICMP协议通过
if(Direct==DT_OUT)
{
nSrcIP=pIpHeader->ip_src.s_addr;
nDstIP=pIpHeader->ip_dst.s_addr;
ptr=g_Rules.icmp.pout;
}
else
{
nSrcIP=pIpHeader->ip_dst.s_addr;
nDstIP=pIpHeader->ip_src.s_addr;
ptr=g_Rules.icmp.pin;
}
for(; ptr!=NULL; ptr=ptr->next)
{
if(ptr->schedule.enable)
{
int cur_time=UTIL_GetCurrentTime();
// if 当前时间不在时间表范围内
// 返回 PASS
if (cur_time<ptr->schedule.start_time ||cur_time>ptr->schedule.end_time)
{
ptr=ptr->next; //取下一个节点
continue;
}
}
if((ptr->ip==(nDstIP & ptr->mask))||(ptr->ip==0))
{
nAction=ptr->action;
break;
}
}
UTIL_CountPacket(PT_ICMP, Direct, nAction, (int)UTIL_ntohs(pIpHeader->ip_len));
if (nAction!=NOT_MATCH)
{
if (g_Rules.global.warn_enable && ptr->warn_enable && g_alarmfop &&g_alarmpdx)
UTIL_IcmpAlarm(ptr, pIpHeader, pIcmpHeader);
if (g_Rules.global.log_enable && ptr->log_enable && g_logfop && g_logpdx)
UTIL_IcmpWriteLog(ptr, pIpHeader, pIcmpHeader);
}
return nAction;
}
UCHAR UTIL_MatchIpRule(struct ip *pIpHeader, UCHAR Direct)
{
UCHAR nAction=NOT_MATCH;
ULONG nSrcIP, nDstIP;
struct Fw_Rule_Node *ptr=NULL;
if(!g_Rules.ip.enable) return DENY; //不允许ICMP协议通过
if(Direct==DT_OUT)
{
nSrcIP=pIpHeader->ip_src.s_addr;
nDstIP=pIpHeader->ip_dst.s_addr;
ptr=g_Rules.ip.pout;
}
else
{
nSrcIP=pIpHeader->ip_dst.s_addr;
nDstIP=pIpHeader->ip_src.s_addr;
ptr=g_Rules.ip.pin;
}
for(; ptr!=NULL; ptr=ptr->next)
{
if(ptr->schedule.enable)
{
int cur_time=UTIL_GetCurrentTime();
// if 当前时间不在时间表范围内
// 返回 PASS
if (cur_time<ptr->schedule.start_time ||cur_time>ptr->schedule.end_time)
{
ptr=ptr->next; //取下一个节点
continue;
}
}
if((ptr->ip==(nDstIP & ptr->mask))||(ptr->ip==0))
{
nAction=ptr->action;
break;
}
}
UTIL_CountPacket(PT_RESTIP, Direct, nAction, (int)UTIL_ntohs(pIpHeader->ip_len));
if (nAction!=NOT_MATCH)
{
if (g_Rules.global.warn_enable && ptr->warn_enable && g_alarmfop &&g_alarmpdx)
UTIL_RestipAlarm(ptr, pIpHeader);
if (g_Rules.global.log_enable && ptr->log_enable && g_logfop && g_logpdx)
UTIL_RestipWriteLog(ptr, pIpHeader);
}
return nAction;
}
UCHAR UTIL_MatchNotIpRule(PNDIS_PACKET Packet, USHORT nEtherType, UCHAR Direct)
{
return ALLOW;
}
*/
UCHAR UTIL_MatchRule(PNDIS_PACKET Packet, UCHAR Direct)
{
ULONG nNumberOfBytesRead = 0;
UCHAR nProtocol;
USHORT nEtherType, nIPhdrLen, nIPOffset;
UCHAR nAction;
ULONG datetime=0;
ULONG datasize;
PUCHAR ppktdata=NULL;
BOOLEAN bisinclude;
//如果防火墙状态为切断所有则返回
if(g_Rules.global.fw_status==FWS_DENYALL) return DENY;
if(g_Rules.global.fw_status==FWS_ALLOWALL) return ALLOW;
UTIL_ReadOnPacket(
Packet,
(PUCHAR )&nEtherType,
sizeof( USHORT ),
MEtherType, // See PCAEnet.h
&nNumberOfBytesRead
);
if( nNumberOfBytesRead ) //if 读出正确
{
nAction = ALLOW;
nEtherType = UTIL_htons( nEtherType ); //将包类型转换为网络顺序
if( nEtherType == ETHERTYPE_IP ) //if 包类型是IP包
{
//read ip header
UTIL_ReadOnPacket(
Packet,
(PUCHAR )g_pIPHeader,
sizeof(*g_pIPHeader),
MHdrSize, // ATTENTION!!! Media-Dependent!!!
&nNumberOfBytesRead
);
if(nNumberOfBytesRead<sizeof(struct ip)) return DENY;//IP头不完整,丢卒
nIPOffset=UTIL_ntohs(g_pIPHeader->ip_off);
if((nIPOffset&IP_DF==0) && (nIPOffset&0x1FFF!=0)) //分片非第一片允许通过
return ALLOW;
nIPhdrLen=g_pIPHeader->ip_hl*4;
nProtocol=g_pIPHeader->ip_p;
switch(nProtocol)
{
case IPPROTO_TCP:
UTIL_ReadOnPacket(
Packet,
(PUCHAR)g_pTCPHeader,
sizeof(*g_pTCPHeader),
MHdrSize + nIPhdrLen,
&nNumberOfBytesRead
);
if(nNumberOfBytesRead<sizeof(struct tcphdr)) return DENY; //TCP头不完整,不允许通过
//fetch pkt data
datasize=Packet->Private.TotalLength-MHdrSize-nIPhdrLen-sizeof(struct tcphdr);
ppktdata=UTIL_AllocateMemory(datasize);
UTIL_ReadOnPacket(
Packet,
ppktdata,
datasize,
MHdrSize + nIPhdrLen+sizeof(struct tcphdr),
&nNumberOfBytesRead
);
bisinclude=UTIL_ExamineData(ppktdata,datasize,UTIL_ntohs(g_pTCPHeader->th_sport),UTIL_ntohs(g_pTCPHeader->th_dport));
if (bisinclude)
nAction=DENY;
break;
}
if (ppktdata)
UTIL_FreeMemory((void *)ppktdata);
}
return nAction;
}
else return ALLOW;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -