开通博客赚积分
发布资源赚积分
分类

源码开发语言/平台
当前位置:首页 > 源码/资料 > Internet/网络编程 > 防火墙与安全工具 > 查看源码
Config.cpp
资源名称:Firewall防火墙.rar [点击查看]
上传用户:heseme
上传日期:2009-12-23
资源大小:228k
文件大小:11k
源码类别:

防火墙与安全工具

开发平台:

Visual C++

Config.cpp:源码内容
  1. #include "StdAfx.h"
  2. #include "Struct.h"
  3. #include "ip.h"
  4. #include "ipfilter.h"
  5. #include "winsock2.h"
  6. #include "config.h"
  7. #ifdef _DEBUG
  8. #define new DEBUG_NEW
  9. #undef THIS_FILE
  10. static char THIS_FILE[] = __FILE__;
  11. #endif
  12. extern  FilterConfig filtercfg;//ipfilter.cpp
  13. extern  LogManage TheLogManage;
  14. extern  DefaultSetData TheDefaultSetData;
  15. extern  BYTE INNO;
  16. extern  BYTE OUTNO;
  17. extern  BYTE DMNO;
  18. static unsigned int netmask(unsigned int);
  19. static int numzeros(ULONG a);
  20. static int
  21. numzeros(ULONG a)
  22. {
  23. register int i;
  25. for (i=0; (i < 32) && !(a & 1); i++, a >>= 1);
  26. return i;
  27. }       
  29. static unsigned int netmask(unsigned int bits)
  30. {
  31. return (0xFFFFFFFFUL << ((bits < 32) ? 32 - bits : 0));
  32. }
  33. VOID StartFilter()
  34. {
  35.    manageTablesReq *NewToActive=new manageTablesReq;
  36.    NewToActive->command=ACTIVATE_NEW;
  37.    NewToActive->val=0;//类的最大数;在此函数下无用
  38.    filter_command(DIOCMNETWORK,(char*)NewToActive);
  39.    filter_command(DIOCSTART,NULL);
  40.    delete NewToActive;
  41. }
  43. VOID SetFilterlogMask()
  44. {
  45.    return;
  46. }
  47. int SetDmIpTab(CPtrList &listRejIp,UCHAR type)
  48. {
  49.    int tt=sizeof(addrTreeNode);
  50.    rejaccTableReq  *pRej=new rejaccTableReq;
  52.    int count=listRejIp.GetCount();
  53.    pRej->ptr=new RejAccTableEntry[count];
  54.    struct IpaddrRange *iprang;
  55.    POSITION pos;
  56.    int i=0;
  57.    pos=listRejIp.GetHeadPosition();
  58.    while(pos!=NULL)
  59.    {
  60.    iprang=(struct IpaddrRange *)listRejIp.GetNext(pos);
  61.    pRej->ptr[i].network.ss_addr=ntohl(iprang->nIpAddr);
  62.    pRej->ptr[i].bits=iprang->nIpaddrNum;
  63.    pRej->ptr[i].flag=1;//恒定
  64.    i++;
  65.    }
  67.  
  68.    pRej->addr=0;//无用!!
  69.    pRej->bytes=count*(sizeof(RejAccTableEntry));//bytes 数
  70.    int ret;
  71.    switch(type)
  72.    {
  73.    case T_INDM:
  74.    ret= filter_command(DIOCS_INDM,(char*)pRej);
  75.    break;
  76.    case T_OUTDM:
  77.    ret= filter_command(DIOCS_OUTDM,(char*)pRej);
  78.    break;
  79.    }
  80.    delete pRej->ptr;
  81.    delete pRej;
  82.    return ret;
  83. }
  84. int SetFilterAcceptTab(CPtrList &listRejIp)
  85. {
  86.    int tt=sizeof(addrTreeNode);
  87.    rejaccTableReq  *pRej=new rejaccTableReq;
  89.    int count=listRejIp.GetCount();
  90.    pRej->ptr=new RejAccTableEntry[count];
  91.    struct IpaddrRange *iprang;
  92.    POSITION pos;
  93.    int i=0;
  94.    pos=listRejIp.GetHeadPosition();
  95.    while(pos!=NULL)
  96.    {
  97.    iprang=(struct IpaddrRange *)listRejIp.GetNext(pos);
  98.    pRej->ptr[i].network.ss_addr=ntohl(iprang->nIpAddr);
  99.    pRej->ptr[i].bits=iprang->nIpaddrNum;
  100.    pRej->ptr[i].flag=1;//恒定
  101.    i++;
  102.    }
  104.    pRej->bytes=count*(sizeof(RejAccTableEntry));//bytes 数
  106.    int ret= filter_command(DIOCSREJECT,(char*)pRej);
  107.    delete pRej->ptr;
  108.    delete pRej;
  109.    return ret;
  110. }
  112. int SetFilterRejTab(CPtrList &listRejIp)
  113. {
  114.    int tt=sizeof(addrTreeNode);
  115.    rejaccTableReq  *pRej=new rejaccTableReq;
  117.    int count=listRejIp.GetCount();
  118.    pRej->ptr=new RejAccTableEntry[count];
  119.    struct IpaddrRange *iprang;
  120.    POSITION pos;
  121.    int i=0;
  122.    pos=listRejIp.GetHeadPosition();
  123.    while(pos!=NULL)
  124.    {
  125.    iprang=(struct IpaddrRange *)listRejIp.GetNext(pos);
  126.    pRej->ptr[i].network.ss_addr=ntohl(iprang->nIpAddr);
  127.    pRej->ptr[i].bits=iprang->nIpaddrNum;
  128.    pRej->ptr[i].flag=1;//恒定
  129.    i++;
  130.    }
  131.    pRej->bytes=count*(sizeof(RejAccTableEntry));//bytes 数
  133.    int ret=filter_command(DIOCSACCEPT,(char*)pRej);
  134.    delete  []pRej->ptr;
  135.    delete pRej;
  136.    return ret;
  138. }
  140. //设置端口列表请求的同时设置地址表
  141. //通过该地址树查找该地址所对应的端口列表所在的位置
  142. VOID SetFilterAddrTree(struct IpaddrRange iprange,USHORT group)
  143. {
  144.    addrTreeReq *paddrTree=new addrTreeReq;
  145.    paddrTree->num=0;//节点的总数
  146.    paddrTree->addr[paddrTree->num].ss_addr=ntohl(iprange.nIpAddr);
  147.   
  148.    paddrTree->bits[paddrTree->num]=iprange.nIpaddrNum;
  149.    paddrTree->group[paddrTree->num]=group;//所属的主机类
  150.    paddrTree->num++;
  151.    filter_command(DIOCSNETWORK,(char*)paddrTree);
  152.    delete paddrTree;
  153. }
  154. //END????????????????????????????????????????????????
  155. //对于设置的每一台主机分别调用;
  156. VOID SetFilterPortList(struct  HostList* phostlist,UCHAR type,unsigned short group)
  157. {
  158.    
  159.    portListReq *  portlistreq=new  portListReq; 
  160.    portlistreq->group=group;
  161.    switch (type) 
  162.    {
  163. case TCPSRCOUT:  
  164. {
  165.    ULONG num=phostlist->sTcpPortSet.sAllowOutSrcPortList.GetCount();
  166.    struct PortList *portlist;
  167.        portlistreq->ptr=new PortListEntry[num];
  168.        portlistreq->id=T_SRC_OUT;
  169.    int i=0;
  170.    POSITION pos;
  171.    pos=phostlist->sTcpPortSet.sAllowOutSrcPortList.GetHeadPosition();
  172.    while(pos!=NULL)
  173.    {
  174.   portlist=(struct PortList *)phostlist->sTcpPortSet.sAllowOutSrcPortList.GetNext(pos);
  175.   if(portlist->bRange)
  176.   {
  177.   portlistreq->ptr[i].begin=portlist->sPortRange.nPortBegin;
  178.   portlistreq->ptr[i].end=portlist->sPortRange.nPortEnd;
  179.   }
  180.   else
  181.   {
  182.   if(portlist->nPort==0)
  183.   {
  184.   num--;
  185.    i--;
  186.   }
  187.   else
  188.   {
  189.   portlistreq->ptr[i].begin=portlist->nPort;
  190.   portlistreq->ptr[i].end=portlist->nPort;
  191.   }
  192.   }
  193.   i++;
  194.    }
  195.         portlistreq->bytes=num*sizeof(PortListEntry);
  196.        filter_command(DIOCSGROUP,(char*)portlistreq);
  197. delete []portlistreq->ptr;
  198.     delete portlistreq;
  199. }
  200.         break;
  201. case TCPDSTOUT:  
  202. {
  203.    ULONG num=phostlist->sTcpPortSet.sAllowOutDstPortList.GetCount();
  204.    struct PortList *portlist;
  205.        portlistreq->ptr=new PortListEntry[num];
  206.        portlistreq->id=T_DST_OUT;
  207.    int i=0;
  208.    POSITION pos;
  209.    pos=phostlist->sTcpPortSet.sAllowOutDstPortList.GetHeadPosition();
  210.    while(pos!=NULL)
  211.    {
  212.   portlist=(struct PortList *)phostlist->sTcpPortSet.sAllowOutDstPortList.GetNext(pos);
  213.   if(portlist->bRange)
  214.   {
  215.   portlistreq->ptr[i].begin=portlist->sPortRange.nPortBegin;
  216.   portlistreq->ptr[i].end=portlist->sPortRange.nPortEnd;
  217.   }
  218.   else
  219.   {
  220.   if(portlist->nPort==0)
  221.   {
  222.   num--;
  223.    i--;
  224.   }
  225.   else
  226.   {
  227.   portlistreq->ptr[i].begin=portlist->nPort;
  228.   portlistreq->ptr[i].end=portlist->nPort;
  229.   }
  230.   }
  231.   i++;
  232.    }
  233.        portlistreq->bytes=num*sizeof(PortListEntry);
  234.        filter_command(DIOCSGROUP,(char*)portlistreq);
  235. delete []portlistreq->ptr;
  236.     delete portlistreq;
  237. }
  238.         break;
  239. case UDPSRCOUT:  
  240. {
  241.    ULONG num=phostlist->sUdpPortSet.sAllowOutSrcPortList.GetCount();
  242.    struct PortList *portlist;
  243.        portlistreq->ptr=new PortListEntry[num];
  244.        portlistreq->id=U_SRC_OUT;
  245.    int i=0;
  246.    POSITION pos;
  247.    pos=phostlist->sUdpPortSet.sAllowOutSrcPortList.GetHeadPosition();
  248.    while(pos!=NULL)
  249.    {
  250.   portlist=(struct PortList *)phostlist->sUdpPortSet.sAllowOutSrcPortList.GetNext(pos);
  251.   if(portlist->bRange)
  252.   {
  253.   portlistreq->ptr[i].begin=portlist->sPortRange.nPortBegin;
  254.   portlistreq->ptr[i].end=portlist->sPortRange.nPortEnd;
  255.   }
  256.   else
  257.   {
  258.   if(portlist->nPort==0)
  259.   {
  260.   num--;
  261.   i--;
  262.   }
  263.   else
  264.   {
  265.   portlistreq->ptr[i].begin=portlist->nPort;
  266.   portlistreq->ptr[i].end=portlist->nPort;
  267.   }
  268.   }
  269.   i++;
  270.    }
  271.        portlistreq->bytes=num*sizeof(PortListEntry);
  272.        filter_command(DIOCSGROUP,(char*)portlistreq);
  273. delete []portlistreq->ptr;
  274.     delete portlistreq;
  275. }
  276.         break;
  277. case UDPDSTOUT:  
  278. {
  279.    ULONG num=phostlist->sUdpPortSet.sAllowOutDstPortList.GetCount();
  280.    struct PortList *portlist;
  281.        portlistreq->ptr=new PortListEntry[num];
  282.        portlistreq->id=U_DST_OUT;
  283.    int i=0;
  284.    POSITION pos;
  285.    pos=phostlist->sUdpPortSet.sAllowOutDstPortList.GetHeadPosition();
  286.    while(pos!=NULL)
  287.    {
  288.   portlist=(struct PortList *)phostlist->sUdpPortSet.sAllowOutDstPortList.GetNext(pos);
  289.   if(portlist->bRange)
  290.   {
  291.   portlistreq->ptr[i].begin=portlist->sPortRange.nPortBegin;
  292.   portlistreq->ptr[i].end=portlist->sPortRange.nPortEnd;
  293.   }
  294.   else
  295.   {
  296.   if(portlist->nPort==0)
  297.   {
  298.   num--;
  299.      i--;
  300.   }
  301.   else
  302.   {
  303.   portlistreq->ptr[i].begin=portlist->nPort;
  304.   portlistreq->ptr[i].end=portlist->nPort;
  305.   }
  306.   }
  307.   i++;
  308.    }
  309.        portlistreq->bytes=num*sizeof(PortListEntry);
  310.        filter_command(DIOCSGROUP,(char*)portlistreq);
  311. delete []portlistreq->ptr;
  312.     delete portlistreq;
  313. }
  314.         break;
  315. case ICMPTYPEIN:
  316. {
  317.    ULONG num=phostlist->sInIcmpSet.GetCount();
  318.    struct IcmpList *portlist;
  319.        portlistreq->ptr=new PortListEntry[num];
  320.        portlistreq->id=I_TYP_IN;
  321.    int i=0;
  322.    POSITION pos;
  323.    pos=phostlist->sInIcmpSet.GetHeadPosition();
  324.    while(pos!=NULL)
  325.    {
  326.   portlist=(struct IcmpList *)phostlist->sInIcmpSet.GetNext(pos);
  327.   if(portlist->bRange)
  328.   {
  329.   portlistreq->ptr[i].begin=portlist->sIcmpRange.nIcmpBegin;
  330.   portlistreq->ptr[i].end=portlist->sIcmpRange.nIcmpEnd;
  331.   }
  332.   else
  333.   {
  334.    if(portlist->nIcmpType==0)
  335.   {
  336.   num--;
  337.      i--;
  338.   }
  339.   else
  340.   {
  341.   //ICM类型规定从1开始!!!因此减一
  342.   portlistreq->ptr[i].begin=portlist->nIcmpType-1;
  343.   portlistreq->ptr[i].end=portlist->nIcmpType-1;
  344.   }
  345.   }
  346.   i++;
  347.    }
  348.        portlistreq->bytes=num*4;
  349.        filter_command(DIOCSGROUP,(char*)portlistreq);
  350. delete []portlistreq->ptr;
  351.     delete portlistreq;
  352. }
  353.         break;
  354. case ICMPTYPEOUT:
  355. {
  356.    ULONG num=phostlist->sOutIcmpSet.GetCount();
  357.    struct IcmpList *portlist;
  358.        portlistreq->ptr=new PortListEntry[num];
  359.        portlistreq->id=I_TYP_OUT;
  360.    int i=0;
  361.    POSITION pos;
  362.    pos=phostlist->sOutIcmpSet.GetHeadPosition();
  363.    while(pos!=NULL)
  364.    {
  365.   portlist=(struct IcmpList *)phostlist->sOutIcmpSet.GetNext(pos);
  366.   if(portlist->bRange)
  367.   {
  368.   portlistreq->ptr[i].begin=portlist->sIcmpRange.nIcmpBegin;
  369.   portlistreq->ptr[i].end=portlist->sIcmpRange.nIcmpEnd;
  370.   }
  371.   else
  372.   {
  373.   if(portlist->nIcmpType==0)
  374.   {
  375.   num--;
  376.      i--;
  377.   }
  378.   else   
  379.   {
  380.   //ICM类型规定从1开始!!!因此减一
  381.   portlistreq->ptr[i].begin=portlist->nIcmpType-1;
  382.   portlistreq->ptr[i].end=portlist->nIcmpType-1;
  383.   }
  384.   }
  385.   i++;
  386.    }
  387.           portlistreq->bytes=num*4;
  388.        filter_command(DIOCSGROUP,(char*)portlistreq);
  389. delete []portlistreq->ptr;
  390.     delete portlistreq;
  391. }
  392.         break;
  393. default:
  394.      delete portlistreq;
  395. return;
  396.    }
  398. }
  401. //首先必须调用次函数
  402. VOID SetFilterInitReq(struct FireWallConfig  mycfg)
  403. {
  404. // initReq * inireq=new initReq;
  405. filter_command(DIOCINIT,(char*)NULL);
  406. // delete inireq;
  407. }
  408. VOID SetFilterCfg(struct FireWallConfig  mycfg,struct GlobalFlags myflags)
  409. {
  410.    filtercfg.discardAttackICMP=myflags.bSusPectIcmp;
  411.    filtercfg.discardIcmp=myflags.bforbidIcmp;
  412.    filtercfg.discardFragmentedICMP=myflags.bFragmentIcmp;
  413.    filtercfg.discardMulticast=myflags.bMulticast;
  414.    filtercfg.discardNonIp=myflags.bNonIpPacket;
  415.    filtercfg.discardOtherIp=myflags.bOtherIpPacket;
  416. //   filtercfg.discardRouteIp=myflags.现无
  417.    filtercfg.discardSuspectOffset=myflags.bSusPectOffset;
  418.    filtercfg.dm_ip=ntohl(mycfg.nMiddleIp);
  419.    filtercfg.dm_mask=ntohl(mycfg.nMiddleMask);
  420.    filtercfg.dm_number=DMNO-0X30;//mycfg.MdNumber;//for test!!
  421.    filtercfg.in_number=INNO-0X30;//mycfg.InNumber;
  422.    filtercfg.in_ip=ntohl(mycfg.nIntraIp);
  423.    filtercfg.in_mask=ntohl(mycfg.nIntraMask);
  424.    filtercfg.logMask=TheLogManage.TheIpFilter.Options|0XFFFE0000;//根据日志管理器设置
  425.    filtercfg.media_type=IFT_ETHER;//现在硬编码在此:以太
  426.    filtercfg.out_ip=ntohl(mycfg.nOutsideIp);
  427.    filtercfg.out_mask=ntohl(mycfg.nOutsideMask);
  428.    filtercfg.out_number=OUTNO-0X30;//mycfg.OutNumber;
  429. }
  432. VOID ClearStatisticsInfo()
  433. {
  434. filter_command(DIOCCSTATS,(char*)NULL);
  435. }