nidsdlg.cpp

基于协议分析的网络入侵检测,在互联网上与人（或网站）通讯的时候

// NIDSDlg.cpp : implementation file
//

#include "stdafx.h"
#include "NIDS.h"
#include "NIDSDlg.h"
# include "winsock2.h"
# include "ws2tcpip.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
#define		TRAN_SUCCESS		1	//传输成功
#define		SOCK_WSA_ERR		(-1)	//启动winsock失败
#define		SOCK_CRSOCK_ERR		(-2)	//创建套接字失败
#define		SOCK_BIND_ERR		(-3)	//绑定端口失败
#define		SOCK_LISTEN_ERR		(-4)	//监听失败
#define		SOCK_ACCEPT_ERR		(-5)	//等待连接失败
#define		SOCK_SEND_ERR		(-6)	//发送数据失败
#define		SOCK_CLOSE_ERR		(-7)	//关闭	SOCKET失败
#define		SOCK_RECVE_ERR		(-8)	//接受数据失败
#define		FILE_ERR		(-9)	//文件错误
#define 	Other_ERR		(0)	//其他不明原因
#define SIO_RCVALL _WSAIOW(IOC_VENDOR,1)
/////////////////////////////////////////////////////////////////////////////
// CAboutDlg dialog used for App About
#pragma comment(lib, "ws2_32.lib")
typedef struct _TCP
{
 WORD SrcPort; // 源端口  
 WORD DstPort; // 目的端口
 DWORD SeqNum; // 顺序号
 DWORD AckNum; // 确认号
 BYTE DataOff; // TCP头长
 BYTE Flags; // 标志（URG、ACK等）
 WORD Window; // 窗口大小
 WORD Chksum; // 校验和
 WORD UrgPtr; // 紧急指针
} TCP;
typedef TCP *LPTCP;
typedef TCP UNALIGNED * ULPTCP;
typedef struct _UDP
{
 unsigned short SrcPort ; //WORD SrcPort; // 源端口
 unsigned short DstPort ; //WORD DstPort; // 目的端口
 short Length;            //WORD Length; // UDP 长度
 unsigned short Chksum;   //WORD Chksum; // 校验和
} UDP;
typedef UDP *LPUDP;
typedef UDP UNALIGNED * ULPUDP;

typedef struct _IP
{
	union{ BYTE Version; // 版本        //     |前4位 是 版本号| 后4位 是头的长度|
		BYTE HdrLen; // IHL                 //其中，头的第一个字段指定的是IP版本，目前通常是版本4。头长度是指在整个头中， 3 2
                                        // 位字一共有多少个（一头的长度必须是3 2位的整数倍）
	};
	BYTE ServiceType; // 服务类型
	WORD TotalLen; // 总长
	WORD ID; // 标识
	union{ WORD Flags; // 标志
		WORD FragOff; // 分段偏移
	};
	BYTE TimeToLive; // 生命期
	BYTE Protocol; // 协议
	WORD HdrChksum; // 头校验和
	DWORD SrcAddr; // 源地址
	DWORD DstAddr; // 目的地址
	BYTE Options; // 选项
 // 根据Network Programming for Microsoft Windows 1st 的描述
 //IP选项字段是一个长度不定的字段，包含了某些可选的信息，通常与I P安全或路由选择有关
 //但书中，没有说如何确定这个长度，有的书上定一个结构也是没有这个结构的，所以这里也注释掉了，才能获得
 //正确的端口号。
} IP; 
typedef IP * LPIP;
typedef IP UNALIGNED * ULPIP;
IP ip;
TCP tcp;
HWND hMainHandle;

typedef struct _ipdata
{
	int len;
	char *buf;
} IPDATA;
IPDATA stIPData;

DWORD WINAPI ThreadStartDetectProc(LPVOID lpParameter);

class CAboutDlg : public CDialog
{
public:
	CAboutDlg();

// Dialog Data
	//{{AFX_DATA(CAboutDlg)
	enum { IDD = IDD_ABOUTBOX };
	//}}AFX_DATA

	// ClassWizard generated virtual function overrides
	//{{AFX_VIRTUAL(CAboutDlg)
	protected:
	virtual void DoDataExchange(CDataExchange* pDX);    // DDX/DDV support
	//}}AFX_VIRTUAL

// Implementation
protected:
	//{{AFX_MSG(CAboutDlg)
	//}}AFX_MSG
	DECLARE_MESSAGE_MAP()
};

CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD)
{
	//{{AFX_DATA_INIT(CAboutDlg)
	//}}AFX_DATA_INIT
}

void CAboutDlg::DoDataExchange(CDataExchange* pDX)
{
	CDialog::DoDataExchange(pDX);
	//{{AFX_DATA_MAP(CAboutDlg)
	//}}AFX_DATA_MAP
}

BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)
	//{{AFX_MSG_MAP(CAboutDlg)
		// No message handlers
	//}}AFX_MSG_MAP
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// CNIDSDlg dialog

CNIDSDlg::CNIDSDlg(CWnd* pParent /*=NULL*/)
	: CDialog(CNIDSDlg::IDD, pParent)
{
	//{{AFX_DATA_INIT(CNIDSDlg)
	m_edit3 = _T("");
	//}}AFX_DATA_INIT
	// Note that LoadIcon does not require a subsequent DestroyIcon in Win32
	m_IsAllPort=TRUE;
	m_IsAllIp=TRUE;
	m_IsAllProto=TRUE;
	m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}

void CNIDSDlg::DoDataExchange(CDataExchange* pDX)
{
	CDialog::DoDataExchange(pDX);
	//{{AFX_DATA_MAP(CNIDSDlg)
	DDX_Control(pDX, IDC_IPADDRESS2, m_TurnIP);
	DDX_Control(pDX, IDC_CHECKTCP, m_checkTCP);
	DDX_Control(pDX, IDC_LIST3, m_List);
	DDX_Control(pDX, IDC_IPADDRESS1, m_IP);
	DDX_Control(pDX, IDC_LIST1, m_ListCtrl);
	DDX_Text(pDX, IDC_EDIT3, m_edit3);
	//}}AFX_DATA_MAP
}

BEGIN_MESSAGE_MAP(CNIDSDlg, CDialog)
	//{{AFX_MSG_MAP(CNIDSDlg)
	ON_WM_SYSCOMMAND()
	ON_WM_PAINT()
	ON_WM_QUERYDRAGICON()
	ON_BN_CLICKED(IDC_BUTTONCHECK, OnButtoncheck)
	ON_BN_CLICKED(IDC_BUTTONEXIT, OnButtonexit)
	ON_BN_CLICKED(IDC_RADIO1, OnAllPort)
	ON_BN_CLICKED(IDC_RADIO2, OnRadio2)
	ON_BN_CLICKED(IDC_RADIO3, OnRadio3)
	ON_BN_CLICKED(IDC_RADIO4, OnRadio4)
	ON_BN_CLICKED(IDC_RADIO5, OnRadio5)
	ON_BN_CLICKED(IDC_RADIO8, OnRadio8)
	ON_BN_CLICKED(IDC_RADIO6, OnRadio6)
	ON_BN_CLICKED(IDC_RADIO7, OnRadio7)
	ON_BN_CLICKED(IDC_BUTTON1, OnButton1)
	ON_LBN_DBLCLK(IDC_LIST3, OnDblclkList3)
	ON_BN_CLICKED(IDC_BUTTON2, OnButton2)
	ON_BN_CLICKED(IDC_CHECKTCP, OnChecktcp)
	ON_BN_CLICKED(IDC_BUTTON4, OnButton4)
	ON_BN_CLICKED(IDC_BUTTON5, OnButton5)
	//}}AFX_MSG_MAP
	//ON_MESSAGE(WM_START_DETECT, OnStartDetect)
	ON_MESSAGE(WM_CLOSE_DETECT, OnCloseDetect)
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// CNIDSDlg message handlers

BOOL CNIDSDlg::OnInitDialog()
{
	CDialog::OnInitDialog();

	// Add "About..." menu item to system menu.

	// IDM_ABOUTBOX must be in the system command range.
	ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
	ASSERT(IDM_ABOUTBOX < 0xF000);

	CMenu* pSysMenu = GetSystemMenu(FALSE);
	if (pSysMenu != NULL)
	{
		CString strAboutMenu;
		strAboutMenu.LoadString(IDS_ABOUTBOX);
		if (!strAboutMenu.IsEmpty())
		{
			pSysMenu->AppendMenu(MF_SEPARATOR);
			pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
		}
	}

	// Set the icon for this dialog.  The framework does this automatically
	//  when the application's main window is not a dialog
	SetIcon(m_hIcon, TRUE);			// Set big icon
	SetIcon(m_hIcon, FALSE);		// Set small icon
	
	// TODO: Add extra initialization here
	hMainHandle=this->m_hWnd;
	InitListCtrl();
	return TRUE;  // return TRUE  unless you set the focus to a control
}

void CNIDSDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
	if ((nID & 0xFFF0) == IDM_ABOUTBOX)
	{
		CAboutDlg dlgAbout;
		dlgAbout.DoModal();
	}
	else
	{
		CDialog::OnSysCommand(nID, lParam);
	}
}

// If you add a minimize button to your dialog, you will need the code below
//  to draw the icon.  For MFC applications using the document/view model,
//  this is automatically done for you by the framework.

void CNIDSDlg::OnPaint() 
{
	if (IsIconic())
	{
		CPaintDC dc(this); // device context for painting

		SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);

		// Center icon in client rectangle
		int cxIcon = GetSystemMetrics(SM_CXICON);
		int cyIcon = GetSystemMetrics(SM_CYICON);
		CRect rect;
		GetClientRect(&rect);
		int x = (rect.Width() - cxIcon + 1) / 2;
		int y = (rect.Height() - cyIcon + 1) / 2;

		// Draw the icon
		dc.DrawIcon(x, y, m_hIcon);
	}
	else
	{
		CDialog::OnPaint();
	}
}

// The system calls this to obtain the cursor to display while the user drags
//  the minimized window.
HCURSOR CNIDSDlg::OnQueryDragIcon()
{
	return (HCURSOR) m_hIcon;
}

void CNIDSDlg::OnButtoncheck() 
{
	// TODO: Add your control notification handler code here
	if(hThreadStartDetect)
		TerminateThread(hThreadStartDetect,dwThreadStartDetectId);
	hThreadStartDetect=CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)ThreadStartDetectProc,
		(LPVOID *)this,0,&dwThreadStartDetectId);
}
char * GetProtocolTxt(int Protocol)
{
	switch (Protocol){
		case IPPROTO_ICMP : //1 
			return "ICMP";
		case IPPROTO_TCP : //6  
			return "TCP";
		case IPPROTO_UDP : //17   
			return "UDP";
		default:
			return "unknown";
	}

}
void CNIDSDlg:: StartDetect()
{
	WSADATA wsDATA;
	sockaddr_in addr_in;
	const int  BUFFER_SIZE =65535;
	int  flag =1;
	char LocalName[256];
	hostent  * pHost;
	char RecvBuf [BUFFER_SIZE];

	WORD wVersion = MAKEWORD( 2, 0 );
	int nFlag;
	//CString strBuf;
	nFlag=1;
	if(WSAStartup(wVersion, &wsDATA))
	{
		AfxMessageBox(SOCK_WSA_ERR);
		return;
	};
	SOCKET sock = socket(AF_INET, SOCK_RAW, IPPROTO_IP);
	if(INVALID_SOCKET==sock)
	{
		AfxMessageBox(SOCK_CRSOCK_ERR);	 //错误处理
		return;
	}
	setsockopt(sock, IPPROTO_IP, IP_HDRINCL, (char*)&nFlag, sizeof(nFlag));
	// 获取本机名
	gethostname((char*)LocalName, sizeof(LocalName)-1);
	// 获取本地 IP 地址
	pHost = gethostbyname((char*)LocalName);
	// 填充SOCKADDR_IN结构
	addr_in.sin_addr = *(in_addr *)pHost->h_addr_list[0]; //IP
	addr_in.sin_family = AF_INET;
	addr_in.sin_port = htons(57274);
	// 把原始套接字sock 绑定到本地网卡地址上
	bind(sock, (PSOCKADDR)&addr_in, sizeof(addr_in));
	// dwValue为输入输出参数，为1时执行，0时取消
	DWORD dwValue = 1; 
	// 设置 SOCK_RAW 为SIO_RCVALL，以便接收所有的IP包。其中SIO_RCVALL
	// 的定义为： #define SIO_RCVALL _WSAIOW(IOC_VENDOR,1)
	ioctlsocket(sock, SIO_RCVALL, &dwValue); 

	while (true)
	{
   
		//If no incoming data is available at the socket, the recv call blocks and waits for data to arrive according to the blocking rules defined for WSARecv with the MSG_PARTIAL flag not set unless the socket is nonblocking. In this case, a value of SOCKET_ERROR is returned with the error code set to WSAEWOULDBLOCK. The select, WSAAsyncSelect, or WSAEventSelect functions can be used to determine when more data arrives
		// 接收原始数据包信息