Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- bool Analizer::FindBlackwordsInData(char *Buffer, int Size, int &retWordPos)
- {
- int counter = 0;
- for (int pattern = 0; pattern < blacklist.size(); pattern++)
- {
- for (int i = 0; i < Size; i++)
- {
- if (blacklist[pattern].size() <= Size)
- {
- if (Buffer[i] == blacklist[pattern].at(0))
- {
- for (int j = 0; j < blacklist[pattern].size(); j++)
- {
- if (Buffer[i + j] == blacklist[pattern].at(j))
- {
- counter++;
- if (counter == blacklist[pattern].size())
- {
- retWordPos = pattern;
- return true;
- }
- }
- else
- {
- counter = 0;
- }
- }
- }
- }
- }
- }
- return false;
- }
- void Analizer::FilterTcpPacket(char *Buffer, int Size)
- {
- unsigned short iphdrlen;
- // Накладываем IP-хедер на буффер
- iphdr = (IPV4_HDR *)Buffer;
- iphdrlen = iphdr->ip_header_len*4;
- memset(&source, 0, sizeof(source));
- source.sin_addr.s_addr = iphdr->ip_srcaddr;
- memset(&dest, 0, sizeof(dest));
- dest.sin_addr.s_addr = iphdr->ip_destaddr;
- // Накладывает TCP-хедер на буффер
- tcpheader=(TCP_HDR *)(Buffer + iphdrlen);
- // Получаем IP отправителя
- std::string src_ip(inet_ntoa(source.sin_addr));
- // Получаем порт отправителя
- int src_port = ntohs(tcpheader->source_port);
- // И порт получателя
- int dest_port = ntohs(tcpheader->dest_port);
- // Фильтруем по IP и порту отправителя. Если в таблице запрещенных адресов
- // порт указан -1, отклоняем пакеты, отправленные с любого порта
- auto it = forbidden_ip.find(src_ip);
- if (it != forbidden_ip.end())
- {
- if (it->first == src_ip && (it->second == src_port || it->second == -1))
- {
- // Отбрасываем пакет
- printf("\n###########################################################");
- printf("\n############### TCP PACKET REJECTED ####################");
- printf("\n##### REASON: IP = %s, PORT = %d #######", src_ip.c_str(), src_port);
- printf("\n###########################################################\n");
- return;
- }
- }
- // Фильтруем по данным
- char *data = Buffer + iphdrlen + tcpheader->data_offset * 4;
- int size_of_data = Size - tcpheader->data_offset * 4 - iphdr->ip_header_len * 4;
- int blackword_pos = 0;
- if (FindBlackwordsInData(data, size_of_data, blackword_pos))
- {
- // Отбрасываем пакет
- printf("\n###########################################################");
- printf("\n############### TCP PACKET REJECTED ####################");
- printf("\n##### REASON: BLACKWORD %s #######", blacklist[blackword_pos]);
- printf("\n###########################################################\n");
- return;
- }
- // Пакет пропущен
- PrintTcpPacket(Buffer, Size);
- }
- void Analizer::PrintTcpPacket(char* Buffer, int Size)
- {
- unsigned short iphdrlen;
- iphdr = (IPV4_HDR *)Buffer;
- iphdrlen = iphdr->ip_header_len*4;
- tcpheader=(TCP_HDR *)(Buffer + iphdrlen);
- printf("\n\n***********************TCP Packet*************************\n");
- PrintIpHeader( Buffer );
- printf("\n");
- printf("TCP Header\n");
- printf(" |-Source Port : %u\n", ntohs(tcpheader->source_port));
- printf(" |-Destination Port : %u\n", ntohs(tcpheader->dest_port));
- printf(" |-Sequence Number : %u\n", ntohl(tcpheader->sequence));
- printf(" |-Acknowledge Number : %u\n", ntohl(tcpheader->acknowledge));
- printf(" |-Header Length : %d DWORDS or %d BYTES\n"
- ,(unsigned int)tcpheader->data_offset,(unsigned int)tcpheader->data_offset*4);
- printf(" |-CWR Flag : %d\n", (unsigned int)tcpheader->cwr);
- printf(" |-ECN Flag : %d\n", (unsigned int)tcpheader->ecn);
- printf(" |-Urgent Flag : %d\n", (unsigned int)tcpheader->urg);
- printf(" |-Acknowledgement Flag : %d\n", (unsigned int)tcpheader->ack);
- printf(" |-Push Flag : %d\n", (unsigned int)tcpheader->psh);
- printf(" |-Reset Flag : %d\n", (unsigned int)tcpheader->rst);
- printf(" |-Synchronise Flag : %d\n", (unsigned int)tcpheader->syn);
- printf(" |-Finish Flag : %d\n", (unsigned int)tcpheader->fin);
- printf(" |-Window : %d\n", ntohs(tcpheader->window));
- printf(" |-Checksum : %d\n", ntohs(tcpheader->checksum));
- printf(" |-Urgent Pointer : %d\n", tcpheader->urgent_pointer);
- printf("\n");
- printf(" DATA Dump ");
- printf("\n");
- printf("IP Header\n");
- PrintData(Buffer, iphdrlen);
- printf("TCP Header\n");
- PrintData(Buffer+iphdrlen, tcpheader->data_offset * 4);
- printf("Data Payload\n");
- PrintData(Buffer + iphdrlen + tcpheader->data_offset*4, (Size-tcpheader->data_offset * 4 - iphdr->ip_header_len * 4));
- printf("\n###########################################################");
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement