?? checkacl.cpp
字號:
*session = m_SessionBuf[iIndex];
m_SessionBuf[iIndex].s = 0;
return XERR_SUCCESS;
}
BOOL CCheckAcl::InitializeSession(SESSION* session)
{
ODS(_T("Initialize Session ..."));
session->bDirection = ACL_DIRECTION_IN_OUT;
session->bProtocol = ACL_SERVICE_TYPE_ALL;
session->bAction = ACL_ACTION_PASS;
session->tStartTime = 0;
session->uiPort = 0;
session->ulRemoteIP = 0;
session->ulSendData = 0;
session->ulRecvData = 0;
session->sMemo[0] = '\0';
session->uiLocalPort = 0;
session->ulLocalIP = 0;
return TRUE;
}
int CCheckAcl::CreateSession(SOCKET s, int nProtocol)
{
ODS("XFILTER.DLL: Create Session...");
EnterCriticalSection(&m_csSession);
{
for(int i = 0; i < m_SessionCount; i++)
{
if(m_Session[i].s == s)
{
LeaveCriticalSection(&m_csSession);
return XERR_SESSION_ALREDAY_EXISTS;
}
}
SESSION *tmpSession = new SESSION[m_SessionCount];
memcpy(tmpSession, m_Session, m_SessionCount * SESSION_LENTH);
delete[](m_Session);
m_Session = new SESSION[m_SessionCount + 1];
memcpy(m_Session, tmpSession, m_SessionCount * SESSION_LENTH);
delete[](tmpSession);
InitializeSession(m_Session + m_SessionCount);
m_Session[m_SessionCount].s = s;
m_Session[m_SessionCount].bProtocol = nProtocol;
m_Session[m_SessionCount].tStartTime = CTime::GetCurrentTime();
_tcscpy(m_Session[m_SessionCount].sPathName, m_sProcessName);
m_SessionCount ++;
}
LeaveCriticalSection(&m_csSession);
DP1("Session Count: %u\n", m_SessionCount);
return m_SessionCount - 1; // return m_SessionCount will have a bug, this value
// used in new session index. It must - 1 .
}
int CCheckAcl::DeleteSession(SOCKET s)
{
ODS("XFILTER.DLL: Delete Session...");
EnterCriticalSection(&m_csSession);
{
for(int i = 0; i < m_SessionCount; i++)
{
if(m_Session[i].s == s)
{
SendSessionToApp(m_Session + i);
memcpy(m_Session + i, m_Session + i + 1, (m_SessionCount - i - 1) * SESSION_LENTH);
break;
}
}
if(i >= m_SessionCount)
{
LeaveCriticalSection(&m_csSession);
return XERR_SESSION_NOT_EXISTS;
}
m_SessionCount -- ;
}
LeaveCriticalSection(&m_csSession);
DP1("Session Count: %u\n", m_SessionCount);
return XERR_SUCCESS;
}
int CCheckAcl::SetSession(SESSION *session, BYTE bDirection, UINT uiPort, DWORD ulRemoteIP)
{
if(session->bProtocol == ACL_SERVICE_TYPE_TCP)
{
if(uiPort == ACL_SERVICE_PORT_FTP)
session->bProtocol = ACL_SERVICE_TYPE_FTP;
else if(uiPort == ACL_SERVICE_PORT_HTTP1 || uiPort == ACL_SERVICE_PORT_HTTP2)
session->bProtocol = ACL_SERVICE_TYPE_HTTP;
else if(uiPort == ACL_SERVICE_PORT_TELNET)
session->bProtocol = ACL_SERVICE_TYPE_TELNET;
else if(uiPort == ACL_SERVICE_PORT_NNTP)
session->bProtocol = ACL_SERVICE_TYPE_NNTP;
else if(uiPort == ACL_SERVICE_PORT_POP3)
session->bProtocol = ACL_SERVICE_TYPE_POP3;
else if(uiPort == ACL_SERVICE_PORT_SMTP)
session->bProtocol = ACL_SERVICE_TYPE_SMTP;
}
session->bDirection = bDirection;
session->uiPort = uiPort;
session->ulRemoteIP = htonl(ulRemoteIP);
#if _DEBUG
CString sOut;
sOut.Format(_T("SOCKET: %u, Process: %s, Direction: %s, Protocol: %s:%u, Start Time: %s, Port: %u, Remote IP Address: %s"),
session->s,
session->sPathName,
GUI_DIRECTION[session->bDirection],
GUI_SERVICE_TYPE[session->bProtocol], session->bProtocol,
session->tStartTime.Format(_T("%Y-%m-%d %H:%M:%S")),
session->uiPort,
CXCommon::DIPToSIP(&session->ulRemoteIP)
);
ODS(sOut);
#endif
return XERR_SUCCESS;
}
int CCheckAcl::SetSessionEx(SESSION *session, BYTE bDirection, const TCHAR *pMemo, int ByteCount, BOOL isSend)
{
if(session->ulLocalIP == 0)
{
SOCKADDR_IN inetAddr;
int nNameLength = sizeof(inetAddr);
if(getsockname(session->s, (SOCKADDR*)&inetAddr, &nNameLength) == 0)
{
session->uiLocalPort = ntohs(inetAddr.sin_port);
memcpy(&session->ulLocalIP, &inetAddr.sin_addr, 4);
session->ulLocalIP = htonl(session->ulLocalIP);
}
}
if(bDirection != ACL_DIRECTION_NOT_SET && session->bDirection != bDirection)
session->bDirection = bDirection;
if(pMemo != NULL && session->sMemo[0] == '\0' )
_tcscpy(session->sMemo, pMemo);
if(ByteCount > 0)
{
if(isSend)
session->ulSendData += ByteCount;
else
session->ulRecvData += ByteCount;
}
return XERR_SUCCESS;
}
int CCheckAcl::FindSession(SOCKET s)
{
int i;
for(i = 0; i < m_SessionCount; i++)
if(m_Session[i].s == s)
break;
return i;
}
int CCheckAcl::FinallySession()
{
ODS(_T("XFILTER.DLL: FinallySession ..."));
for(int i = 0; i < m_SessionCount; i ++)
SendSessionToApp(m_Session + i);
return XERR_SUCCESS;
}
int CCheckAcl::SendSessionToApp(SESSION *session)
{
#if !defined(_DEBUG)
if(IsLocalIP(&session->ulRemoteIP))
return XERR_SUCCESS;
#endif
if(m_GuiHwnd != NULL && m_AclFile.mAclHeader.sSignature[0] != 0)
{
int iIndex;
for(iIndex = 0; iIndex < MAX_SESSION_BUFFER; iIndex++)
{
if(m_SessionBuf[iIndex].s == 0)
{
session->tEndTime = CTime::GetCurrentTime();
m_SessionBuf[iIndex] = *session;
break;
}
}
//
// 2001-12-24 修改,增加對PostMessage的錯誤判斷,如果發送失敗
// 直接設置緩沖區標志為無效,丟棄封包往應用程序的發送
//
if(iIndex < MAX_SESSION_BUFFER
&& !::PostMessage(m_GuiHwnd, WM_SESSION_NOTIFY, iIndex, NULL))
m_SessionBuf[iIndex].s = 0;
}
#if _DEBUG
CString tmpStr;
tmpStr.Format(
_T("SOCKET: %u, Action: %s, Direction: %s, Protocol: %s, Start Time: %s, End Time: %s,\
Local Port: %u, Remotoe Port: %u, Local IP Address: %s, Remote IP Address: %s,\
In amount data: %u, Out amout Data: %u, \nMemo: %s, sProcess: %s"),
session->s,
GUI_ACTION[session->bAction],
GUI_DIRECTION[session->bDirection],
GUI_SERVICE_TYPE[session->bProtocol],
session->tStartTime.Format(_T("%Y-%m-%d %H:%M:%S")),
CTime::GetCurrentTime().Format(_T("%Y-%m-%d %H:%M:%S")),
session->uiLocalPort,
session->uiPort,
CXCommon::DIPToSIP(&session->ulLocalIP),
CXCommon::DIPToSIP(&session->ulRemoteIP),
session->ulSendData,
session->ulRecvData,
session->sMemo,
session->sPathName
);
ODS(tmpStr);
#endif
session->sMemo[0] = '\0';
session->ulRecvData = 0;
session->ulSendData = 0;
return XERR_SUCCESS;
}
//=============================================================================================
// check the hook function, set session value and return access info.
int CCheckAcl::CheckStartup()
{
if(m_iWorkMode != XF_QUERY_ALL
|| _tcscmp(m_sGuiPathName, m_sProcessName) == 0
|| m_AclFile.mAclHeader.sSignature[0] == 0
)
return XF_PASS;
if(m_sProcessName[0] == 0)
return XERR_ACCESS_INVALID_PROCESS;
DWORD iIndex = FindAcl(m_sProcessName, 0);
if(iIndex >= m_AclFile.mAclHeader.ulAclCount)
return XF_QUERY;
return XF_PASS;
}
void CCheckAcl::CheckSocket(SOCKET s, int af, int type, int protocol)
{
if (af != AF_INET)
return;
WORD wProtocol = ACL_SERVICE_TYPE_ALL;
if (protocol == IPPROTO_IP)
{
if (type == SOCK_STREAM)
wProtocol = ACL_SERVICE_TYPE_TCP;
else if (type == SOCK_DGRAM)
wProtocol = ACL_SERVICE_TYPE_UDP;
}
else if (protocol == IPPROTO_TCP)
wProtocol = ACL_SERVICE_TYPE_TCP;
else if (protocol == IPPROTO_UDP)
wProtocol = ACL_SERVICE_TYPE_UDP;
CreateSession(s, wProtocol);
}
void CCheckAcl::CheckCloseSocket(SOCKET s)
{
DeleteSession(s);
}
int CCheckAcl::CheckConnect(SOCKET s, const struct sockaddr FAR *name, int namelen)
{
int iIndex;
if((iIndex = FindSession(s)) >= m_SessionCount)
return XF_PASS;
SOCKADDR_IN *pInetAddr = (SOCKADDR_IN*)name;
WORD wPort = ntohs(pInetAddr->sin_port);
DWORD *pRemoteIp = (DWORD*)&pInetAddr->sin_addr;
SetSession(m_Session + iIndex, ACL_DIRECTION_OUT, wPort, *pRemoteIp);
return GetAccessInfo(m_Session + iIndex);
}
int CCheckAcl::CheckAccept(SOCKET s, SOCKET news)
{
int iIndex;
if((iIndex = FindSession(s)) >= m_SessionCount)
return XF_PASS;
if((iIndex = CreateSession(news, ACL_SERVICE_TYPE_TCP)) == XERR_SESSION_ALREDAY_EXISTS)
return XF_PASS;
SOCKADDR_IN addr;
int addrlen = sizeof(addr);
DWORD ulRemoteIp;
getpeername(news, (SOCKADDR*)&addr, &addrlen);
memcpy(&ulRemoteIp, &addr.sin_addr, 4);
getsockname(news, (SOCKADDR*)&addr, &addrlen);
if (SetSession(m_Session + iIndex, ACL_DIRECTION_IN, ntohs(addr.sin_port), ulRemoteIp) != XERR_SUCCESS)
return XF_PASS;
return GetAccessInfo(m_Session + iIndex);
}
int CCheckAcl::CheckSend(SOCKET s, TCHAR *buf, int len, LPDWORD lpNumberOfBytesSent)
{
int iIndex;
if((iIndex = FindSession(s)) >= m_SessionCount)
return XF_PASS;
SetSessionEx(m_Session + iIndex, ACL_DIRECTION_NOT_SET, NULL, *lpNumberOfBytesSent, TRUE);
m_ProtocolInfo.GetProtocolInfo(m_Session + iIndex, buf, len, TRUE);
return GetAccessInfo(m_Session + iIndex);
}
int CCheckAcl::CheckSendTo(SOCKET s, const SOCKADDR *pTo, TCHAR *buf, int len, LPDWORD lpNumberOfBytesSent)
{
int iIndex;
if((iIndex = FindSession(s)) >= m_SessionCount)
return XF_PASS;
if (pTo != NULL && m_Session[iIndex].bProtocol == ACL_SERVICE_TYPE_UDP )
{
SOCKADDR_IN *pAddr = (SOCKADDR_IN*)pTo;
DWORD *pRemoteIp = (DWORD*)&pAddr->sin_addr;
SetSession(m_Session + iIndex, ACL_DIRECTION_OUT, ntohs(pAddr->sin_port), *pRemoteIp);
}
SetSessionEx(m_Session + iIndex, ACL_DIRECTION_NOT_SET, NULL, *lpNumberOfBytesSent, TRUE);
m_ProtocolInfo.GetProtocolInfo(m_Session + iIndex, buf, len, TRUE);
return GetAccessInfo(m_Session + iIndex);
}
int CCheckAcl::CheckRecv(SOCKET s, TCHAR *buf, int len, LPDWORD lpNumberOfBytesRecvd)
{
int iIndex;
if((iIndex = FindSession(s)) >= m_SessionCount)
return XF_PASS;
SetSessionEx(m_Session + iIndex, ACL_DIRECTION_NOT_SET, NULL, *lpNumberOfBytesRecvd, FALSE);
m_ProtocolInfo.GetProtocolInfo(m_Session + iIndex, buf, len, FALSE);
return GetAccessInfo(m_Session + iIndex);
}
int CCheckAcl::CheckRecvFrom(SOCKET s, SOCKADDR *pFrom, TCHAR *buf, int len, LPDWORD lpNumberOfBytesRecvd)
{
int iIndex;
if((iIndex = FindSession(s)) >= m_SessionCount)
return XF_PASS;
if (pFrom != NULL && m_Session[iIndex].bProtocol == ACL_SERVICE_TYPE_UDP)
{
SOCKADDR_IN *pInetAddr = (SOCKADDR_IN*)pFrom;
DWORD *pRemoteIp = (DWORD*)&pInetAddr->sin_addr;
SetSession(m_Session + iIndex, ACL_DIRECTION_IN, ntohs(pInetAddr->sin_port), *pRemoteIp);
}
SetSessionEx(m_Session + iIndex, ACL_DIRECTION_NOT_SET, NULL, *lpNumberOfBytesRecvd, FALSE);
m_ProtocolInfo.GetProtocolInfo(m_Session + iIndex, buf, len, FALSE);
return GetAccessInfo(m_Session + iIndex);
}
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -