www.gusucode.com > VC++ Firewall防火墙源代码 > VC++ Firewall防火墙源代码/Firewall防火墙/Config.cpp
//Download by http://www.NewXing.com
#include "StdAfx.h"
#include "Struct.h"
#include "ip.h"
#include "ipfilter.h"
#include "winsock2.h"
#include "config.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
extern FilterConfig filtercfg;//ipfilter.cpp
extern LogManage TheLogManage;
extern DefaultSetData TheDefaultSetData;
extern BYTE INNO;
extern BYTE OUTNO;
extern BYTE DMNO;
static unsigned int netmask(unsigned int);
static int numzeros(ULONG a);
static int
numzeros(ULONG a)
{
register int i;
for (i=0; (i < 32) && !(a & 1); i++, a >>= 1);
return i;
}
static unsigned int netmask(unsigned int bits)
{
return (0xFFFFFFFFUL << ((bits < 32) ? 32 - bits : 0));
}
VOID StartFilter()
{
manageTablesReq *NewToActive=new manageTablesReq;
NewToActive->command=ACTIVATE_NEW;
NewToActive->val=0;//类的最大数;在此函数下无用
filter_command(DIOCMNETWORK,(char*)NewToActive);
filter_command(DIOCSTART,NULL);
delete NewToActive;
}
VOID SetFilterlogMask()
{
return;
}
int SetDmIpTab(CPtrList &listRejIp,UCHAR type)
{
int tt=sizeof(addrTreeNode);
rejaccTableReq *pRej=new rejaccTableReq;
int count=listRejIp.GetCount();
pRej->ptr=new RejAccTableEntry[count];
struct IpaddrRange *iprang;
POSITION pos;
int i=0;
pos=listRejIp.GetHeadPosition();
while(pos!=NULL)
{
iprang=(struct IpaddrRange *)listRejIp.GetNext(pos);
pRej->ptr[i].network.ss_addr=ntohl(iprang->nIpAddr);
pRej->ptr[i].bits=iprang->nIpaddrNum;
pRej->ptr[i].flag=1;//恒定
i++;
}
pRej->addr=0;//无用!!
pRej->bytes=count*(sizeof(RejAccTableEntry));//bytes 数
int ret;
switch(type)
{
case T_INDM:
ret= filter_command(DIOCS_INDM,(char*)pRej);
break;
case T_OUTDM:
ret= filter_command(DIOCS_OUTDM,(char*)pRej);
break;
}
delete pRej->ptr;
delete pRej;
return ret;
}
int SetFilterAcceptTab(CPtrList &listRejIp)
{
int tt=sizeof(addrTreeNode);
rejaccTableReq *pRej=new rejaccTableReq;
int count=listRejIp.GetCount();
pRej->ptr=new RejAccTableEntry[count];
struct IpaddrRange *iprang;
POSITION pos;
int i=0;
pos=listRejIp.GetHeadPosition();
while(pos!=NULL)
{
iprang=(struct IpaddrRange *)listRejIp.GetNext(pos);
pRej->ptr[i].network.ss_addr=ntohl(iprang->nIpAddr);
pRej->ptr[i].bits=iprang->nIpaddrNum;
pRej->ptr[i].flag=1;//恒定
i++;
}
pRej->bytes=count*(sizeof(RejAccTableEntry));//bytes 数
int ret= filter_command(DIOCSREJECT,(char*)pRej);
delete pRej->ptr;
delete pRej;
return ret;
}
int SetFilterRejTab(CPtrList &listRejIp)
{
int tt=sizeof(addrTreeNode);
rejaccTableReq *pRej=new rejaccTableReq;
int count=listRejIp.GetCount();
pRej->ptr=new RejAccTableEntry[count];
struct IpaddrRange *iprang;
POSITION pos;
int i=0;
pos=listRejIp.GetHeadPosition();
while(pos!=NULL)
{
iprang=(struct IpaddrRange *)listRejIp.GetNext(pos);
pRej->ptr[i].network.ss_addr=ntohl(iprang->nIpAddr);
pRej->ptr[i].bits=iprang->nIpaddrNum;
pRej->ptr[i].flag=1;//恒定
i++;
}
pRej->bytes=count*(sizeof(RejAccTableEntry));//bytes 数
int ret=filter_command(DIOCSACCEPT,(char*)pRej);
delete []pRej->ptr;
delete pRej;
return ret;
}
//设置端口列表请求的同时设置地址表
//通过该地址树查找该地址所对应的端口列表所在的位置
VOID SetFilterAddrTree(struct IpaddrRange iprange,USHORT group)
{
addrTreeReq *paddrTree=new addrTreeReq;
paddrTree->num=0;//节点的总数
paddrTree->addr[paddrTree->num].ss_addr=ntohl(iprange.nIpAddr);
paddrTree->bits[paddrTree->num]=iprange.nIpaddrNum;
paddrTree->group[paddrTree->num]=group;//所属的主机类
paddrTree->num++;
filter_command(DIOCSNETWORK,(char*)paddrTree);
delete paddrTree;
}
//END????????????????????????????????????????????????
//对于设置的每一台主机分别调用;
VOID SetFilterPortList(struct HostList* phostlist,UCHAR type,unsigned short group)
{
portListReq * portlistreq=new portListReq;
portlistreq->group=group;
switch (type)
{
case TCPSRCOUT:
{
ULONG num=phostlist->sTcpPortSet.sAllowOutSrcPortList.GetCount();
struct PortList *portlist;
portlistreq->ptr=new PortListEntry[num];
portlistreq->id=T_SRC_OUT;
int i=0;
POSITION pos;
pos=phostlist->sTcpPortSet.sAllowOutSrcPortList.GetHeadPosition();
while(pos!=NULL)
{
portlist=(struct PortList *)phostlist->sTcpPortSet.sAllowOutSrcPortList.GetNext(pos);
if(portlist->bRange)
{
portlistreq->ptr[i].begin=portlist->sPortRange.nPortBegin;
portlistreq->ptr[i].end=portlist->sPortRange.nPortEnd;
}
else
{
if(portlist->nPort==0)
{
num--;
i--;
}
else
{
portlistreq->ptr[i].begin=portlist->nPort;
portlistreq->ptr[i].end=portlist->nPort;
}
}
i++;
}
portlistreq->bytes=num*sizeof(PortListEntry);
filter_command(DIOCSGROUP,(char*)portlistreq);
delete []portlistreq->ptr;
delete portlistreq;
}
break;
case TCPDSTOUT:
{
ULONG num=phostlist->sTcpPortSet.sAllowOutDstPortList.GetCount();
struct PortList *portlist;
portlistreq->ptr=new PortListEntry[num];
portlistreq->id=T_DST_OUT;
int i=0;
POSITION pos;
pos=phostlist->sTcpPortSet.sAllowOutDstPortList.GetHeadPosition();
while(pos!=NULL)
{
portlist=(struct PortList *)phostlist->sTcpPortSet.sAllowOutDstPortList.GetNext(pos);
if(portlist->bRange)
{
portlistreq->ptr[i].begin=portlist->sPortRange.nPortBegin;
portlistreq->ptr[i].end=portlist->sPortRange.nPortEnd;
}
else
{
if(portlist->nPort==0)
{
num--;
i--;
}
else
{
portlistreq->ptr[i].begin=portlist->nPort;
portlistreq->ptr[i].end=portlist->nPort;
}
}
i++;
}
portlistreq->bytes=num*sizeof(PortListEntry);
filter_command(DIOCSGROUP,(char*)portlistreq);
delete []portlistreq->ptr;
delete portlistreq;
}
break;
case UDPSRCOUT:
{
ULONG num=phostlist->sUdpPortSet.sAllowOutSrcPortList.GetCount();
struct PortList *portlist;
portlistreq->ptr=new PortListEntry[num];
portlistreq->id=U_SRC_OUT;
int i=0;
POSITION pos;
pos=phostlist->sUdpPortSet.sAllowOutSrcPortList.GetHeadPosition();
while(pos!=NULL)
{
portlist=(struct PortList *)phostlist->sUdpPortSet.sAllowOutSrcPortList.GetNext(pos);
if(portlist->bRange)
{
portlistreq->ptr[i].begin=portlist->sPortRange.nPortBegin;
portlistreq->ptr[i].end=portlist->sPortRange.nPortEnd;
}
else
{
if(portlist->nPort==0)
{
num--;
i--;
}
else
{
portlistreq->ptr[i].begin=portlist->nPort;
portlistreq->ptr[i].end=portlist->nPort;
}
}
i++;
}
portlistreq->bytes=num*sizeof(PortListEntry);
filter_command(DIOCSGROUP,(char*)portlistreq);
delete []portlistreq->ptr;
delete portlistreq;
}
break;
case UDPDSTOUT:
{
ULONG num=phostlist->sUdpPortSet.sAllowOutDstPortList.GetCount();
struct PortList *portlist;
portlistreq->ptr=new PortListEntry[num];
portlistreq->id=U_DST_OUT;
int i=0;
POSITION pos;
pos=phostlist->sUdpPortSet.sAllowOutDstPortList.GetHeadPosition();
while(pos!=NULL)
{
portlist=(struct PortList *)phostlist->sUdpPortSet.sAllowOutDstPortList.GetNext(pos);
if(portlist->bRange)
{
portlistreq->ptr[i].begin=portlist->sPortRange.nPortBegin;
portlistreq->ptr[i].end=portlist->sPortRange.nPortEnd;
}
else
{
if(portlist->nPort==0)
{
num--;
i--;
}
else
{
portlistreq->ptr[i].begin=portlist->nPort;
portlistreq->ptr[i].end=portlist->nPort;
}
}
i++;
}
portlistreq->bytes=num*sizeof(PortListEntry);
filter_command(DIOCSGROUP,(char*)portlistreq);
delete []portlistreq->ptr;
delete portlistreq;
}
break;
case ICMPTYPEIN:
{
ULONG num=phostlist->sInIcmpSet.GetCount();
struct IcmpList *portlist;
portlistreq->ptr=new PortListEntry[num];
portlistreq->id=I_TYP_IN;
int i=0;
POSITION pos;
pos=phostlist->sInIcmpSet.GetHeadPosition();
while(pos!=NULL)
{
portlist=(struct IcmpList *)phostlist->sInIcmpSet.GetNext(pos);
if(portlist->bRange)
{
portlistreq->ptr[i].begin=portlist->sIcmpRange.nIcmpBegin;
portlistreq->ptr[i].end=portlist->sIcmpRange.nIcmpEnd;
}
else
{
if(portlist->nIcmpType==0)
{
num--;
i--;
}
else
{
//ICM类型规定从1开始!!!因此减一
portlistreq->ptr[i].begin=portlist->nIcmpType-1;
portlistreq->ptr[i].end=portlist->nIcmpType-1;
}
}
i++;
}
portlistreq->bytes=num*4;
filter_command(DIOCSGROUP,(char*)portlistreq);
delete []portlistreq->ptr;
delete portlistreq;
}
break;
case ICMPTYPEOUT:
{
ULONG num=phostlist->sOutIcmpSet.GetCount();
struct IcmpList *portlist;
portlistreq->ptr=new PortListEntry[num];
portlistreq->id=I_TYP_OUT;
int i=0;
POSITION pos;
pos=phostlist->sOutIcmpSet.GetHeadPosition();
while(pos!=NULL)
{
portlist=(struct IcmpList *)phostlist->sOutIcmpSet.GetNext(pos);
if(portlist->bRange)
{
portlistreq->ptr[i].begin=portlist->sIcmpRange.nIcmpBegin;
portlistreq->ptr[i].end=portlist->sIcmpRange.nIcmpEnd;
}
else
{
if(portlist->nIcmpType==0)
{
num--;
i--;
}
else
{
//ICM类型规定从1开始!!!因此减一
portlistreq->ptr[i].begin=portlist->nIcmpType-1;
portlistreq->ptr[i].end=portlist->nIcmpType-1;
}
}
i++;
}
portlistreq->bytes=num*4;
filter_command(DIOCSGROUP,(char*)portlistreq);
delete []portlistreq->ptr;
delete portlistreq;
}
break;
default:
delete portlistreq;
return;
}
}
//首先必须调用次函数
VOID SetFilterInitReq(struct FireWallConfig mycfg)
{
// initReq * inireq=new initReq;
filter_command(DIOCINIT,(char*)NULL);
// delete inireq;
}
VOID SetFilterCfg(struct FireWallConfig mycfg,struct GlobalFlags myflags)
{
filtercfg.discardAttackICMP=myflags.bSusPectIcmp;
filtercfg.discardIcmp=myflags.bforbidIcmp;
filtercfg.discardFragmentedICMP=myflags.bFragmentIcmp;
filtercfg.discardMulticast=myflags.bMulticast;
filtercfg.discardNonIp=myflags.bNonIpPacket;
filtercfg.discardOtherIp=myflags.bOtherIpPacket;
// filtercfg.discardRouteIp=myflags.现无
filtercfg.discardSuspectOffset=myflags.bSusPectOffset;
filtercfg.dm_ip=ntohl(mycfg.nMiddleIp);
filtercfg.dm_mask=ntohl(mycfg.nMiddleMask);
filtercfg.dm_number=DMNO-0X30;//mycfg.MdNumber;//for test!!
filtercfg.in_number=INNO-0X30;//mycfg.InNumber;
filtercfg.in_ip=ntohl(mycfg.nIntraIp);
filtercfg.in_mask=ntohl(mycfg.nIntraMask);
filtercfg.logMask=TheLogManage.TheIpFilter.Options|0XFFFE0000;//根据日志管理器设置
filtercfg.media_type=IFT_ETHER;//现在硬编码在此:以太
filtercfg.out_ip=ntohl(mycfg.nOutsideIp);
filtercfg.out_mask=ntohl(mycfg.nOutsideMask);
filtercfg.out_number=OUTNO-0X30;//mycfg.OutNumber;
}
VOID ClearStatisticsInfo()
{
filter_command(DIOCCSTATS,(char*)NULL);
}