阅读:3178回复:0
我想这里的高手应该能看懂,请指点一下,谢谢!
下面的代码,特别是处理UDP前的那些看不懂,请高手给注释一下,谢谢啊!
/*++ 过滤函数 --*/ /*++ 说明一下参数: PacketHeader - 指向Ip包首地址. Packet - 指向IP包减去IP包头的地址 PacketLength - 上面包的长度. direction - 表明是发送还是接收. RecvInterfaceIndex - 已接收的接口. SendInterfaceIndex - 要发送的接口. --*/ FORWARD_ACTION FilterPacket(unsigned char *PacketHeader, unsigned char *Packet, unsigned int PacketLength, DIRECTION_E direction, unsigned int RecvInterfaceIndex, unsigned int SendInterfaceIndex) { IPHeader *ipp; TCPHeader *tcph; UDPHeader *udph; ICMPHeader *icmph; int countRule = 0; struct filterList *aux = first; BOOLEAN retTraffic; //获得IP包头 ipp=(IPHeader *)PacketHeader; if(ipp->protocol == IPPROTO_ICMP) { icmph = (ICMPHeader *) Packet; } if(ipp->protocol == IPPROTO_TCP) tcph=(TCPHeader *)Packet; // 比较限制 while(aux != NULL) { if(aux->ipf.protocol == 0 || ipp->protocol == aux->ipf.protocol)//协议为所有或IP包头的协议与限制链表协议相等 { retTraffic = FALSE; if(aux->ipf.sourceIp != 0 && (ipp->source & aux->ipf.sourceMask) != aux->ipf.sourceIp)//链表源IP不为0且与包的源IP相等 { // TCP if(ipp->protocol == IPPROTO_TCP)//为TCP协议 { //如果不是初始化;或是初始化,但确认字段有效(在已刚握手) if(((tcph->flags & TH_SYN) != TH_SYN) || ((tcph->flags & (TH_SYN | TH_ACK)) == (TH_SYN | TH_ACK))) { if((ipp->destination & aux->ipf.sourceMask) == aux->ipf.sourceIp)//源IP相等 { retTraffic = TRUE; } } } if(retTraffic != TRUE) { aux=aux->next; countRule++; continue; } } if(!retTraffic) { if(aux->ipf.destinationIp != 0 && (ipp->destination & aux->ipf.destinationMask) != aux->ipf.destinationIp)//链表目标IP不为0且和包IP不相等 { aux=aux->next; countRule++; continue; } } else { if(aux->ipf.destinationIp != 0 && (ipp->source & aux->ipf.destinationMask) != aux->ipf.destinationIp)//链表目标IP不为0且和包 { aux=aux->next; countRule++; continue; } } if(ipp->protocol == IPPROTO_TCP) { if(!retTraffic) { if(aux->ipf.sourcePort == 0 || tcph->sourcePort == aux->ipf.sourcePort) { if(aux->ipf.destinationPort == 0 || tcph->destinationPort == aux->ipf.destinationPort) { if(aux->ipf.drop) return DROP; else return FORWARD; } } } else { if(aux->ipf.sourcePort == 0 || tcph->destinationPort == aux->ipf.sourcePort) { if(aux->ipf.destinationPort == 0 || tcph->sourcePort == aux->ipf.destinationPort) { if(aux->ipf.drop) return DROP; else return FORWARD; } } } } //Si es un datagrama UDP, miro los puertos else if(ipp->protocol == IPPROTO_UDP) { udph=(UDPHeader *)Packet; if(aux->ipf.sourcePort == 0 || udph->sourcePort == aux->ipf.sourcePort) { if(aux->ipf.destinationPort == 0 || udph->destinationPort == aux->ipf.destinationPort) { // Coincidencia!! Decido que hacer con el paquete. if(aux->ipf.drop) return DROP; else return FORWARD; } } } else { // return result if(aux->ipf.drop) return DROP; else return FORWARD; } } // Next rule... countRule++; aux=aux->next; } return FORWARD; } |
|