資源簡介
一個解析oracle協議的源碼
分析比較深入
An oracle protocol parsing code
代碼片段和文件信息
/*
*?Copyright?(c)?2006
*?All?rights?reserved.
*?
*?文件名稱:Decode.cpp
*?文件標識:
*?摘????要:TCP/IP層包解析(沒有進行IP碎片重組和TCP流重組)
*?
*?當前版本:0.1
*?作????者:yangjp
*?完成日期:2006年6月21日
*/
#include?“decode.h“
#include?“rules.h“
#include?“tns.h“
#include?“tsnaudit.h“
PROTOMAP?ProtoMap[MAX_PROTO_NUM]={ //為子協議映射表賦值
????{?IPPROTO_IP????“IP??“?}?
????{?IPPROTO_ICMP??“ICMP“?}??
????{?IPPROTO_IGMP??“IGMP“?}?
????{?IPPROTO_GGP???“GGP?“?}??
????{?IPPROTO_TCP???“TCP?“?}??
????{?IPPROTO_PUP???“PUP?“?}??
????{?IPPROTO_UDP???“UDP?“?}??
????{?IPPROTO_IDP???“IDP?“?}??
????{?IPPROTO_ND????“NP??“?}??
????{?IPPROTO_RAW???“RAW?“?}??
????{?IPPROTO_MAX???“MAX?“?}
????{?NULL??““ }?};
char?TcpFlag[6]={‘F‘‘S‘‘R‘‘P‘‘A‘‘U‘}; //定義TCP標志位
extern?char?*strFromIpFilter; //?源IP地址過濾
extern?char?*strDestIpFilter; //?目的地址過濾
extern?int??iPortFilter; //?端口過濾
extern?char?*strSensitive; //?敏感字符串
extern?bool?ParamTcp; //?-t關注TCP?報文
extern?bool?ParamUdp; //?-u關注UDP?報文
extern?bool?ParamIcmp; //?-i關注ICMP報文
extern?bool?ParamDecode; //?-d對協議進行解碼
/***************************************************************
Function:???????DecodeIpPack
Description:????解析IP曾
Input:??????????????????????
????????????????1.?char?*pszIpBuf????IP層數據流
????????????????2.?int?iIpBufSize????數據長度
Output:?
????????????????1.??PACKET_INFO?*pPacketInfo????解析包的相關信息
Return:?????????
Others:??????????
***************************************************************/
int?DecodeIpPack(PACKET_INFO?*pPacketInfo?char?*pszIpBuf?int?iIpBufSize)
{
????if(iIpBufSize?????{
????????return?-1;
????}
????IP_HEADER?*pIpheader?=?NULL;
????int?iProtocol?=?0;
????SOCKADDR_IN?saSource?saDest;
//????char?szProtocol[MAX_PROTO_TEXT_LEN];
????char?szSourceIP[MAX_ADDR_LEN]?szDestIP[MAX_ADDR_LEN];
????
????pIpheader?=?(IP_HEADER?*)pszIpBuf;
????pPacketInfo->pszIpHeader?=?pszIpBuf;
????//協議甄別
????pPacketInfo->unTranProtocol?=?pIpheader->proto;
????iProtocol?=?pIpheader->proto;
????if((iProtocol==IPPROTO_TCP)?&&?(!ParamTcp))?return?0;
????if((iProtocol==IPPROTO_UDP)?&&?(!ParamUdp))?return?0;
????if((iProtocol==IPPROTO_ICMP)?&&?(!ParamIcmp))?return?0;
????//源地址
????pPacketInfo->ulSrcIp?=?pIpheader->sourceIP;
????pPacketInfo->ulDstIp?=?pIpheader->destIP;
????//源地址
????saSource.sin_addr.s_addr?=?pIpheader->sourceIP;
????strncpy(szSourceIP?inet_ntoa(saSource.sin_addr)?MAX_ADDR_LEN);
????if?(strFromIpFilter)
????????if?(strcmp(strFromIpFilterszSourceIP))?return?0;
????//目的地址
????saDest.sin_addr.s_addr?=?pIpheader->destIP;
????strncpy(szDestIP?inet_ntoa(saDest.sin_addr)?MAX_ADDR_LEN);
????if?(strDestIpFilter)
????????if?(strcmp(strDestIpFilterszDestIP))?return?0;
????int?iTTL?=?pIpheader->ttl;
????//計算IP首部的長度
????int?iIphLen?=?sizeof(unsigned?long)?*?(pIpheader->h_lenver?&?0xf);
????//根據協議類型分別調用相應的函數
????switch(iProtocol)
????{
????????case?IPPROTO_TCP :
????????????DecodeTcpPack(pPacke ?屬性????????????大小?????日期????時間???名稱
-----------?---------??----------?-----??----
????I.A....??????2173??2006-06-25?15:46??TnsAudit\data.txt
????I.A....?????74836??2006-05-25?14:14??TnsAudit\data.txt.bak
????I.A....???1075583??2006-06-25?15:46??TnsAudit\data1.txt
????I.A....?????12944??2006-05-25?14:27??TnsAudit\data1.txt.bak
????I.A....??????6368??2006-06-22?10:37??TnsAudit\decode.cpp
????I.A....??????3110??2006-06-22?09:36??TnsAudit\decode.h
????I.A...R???????147??2006-06-14?14:39??TnsAudit\mssccprj.scc
????I.A....???????870??2003-05-07?21:08??TnsAudit\mstcpip.h
????I.A....??????1578??2006-05-29?13:44??TnsAudit\output.cpp
????I.A....??????3707??2006-06-22?10:31??TnsAudit\rules.cpp
????I.A....???????752??2006-06-22?10:31??TnsAudit\rules.h
????I.A....?????36167??2006-06-25?15:41??TnsAudit\tns.cpp
????I.A....?????47654??2006-06-25?15:26??TnsAudit\tns.h
????I.A....??????5115??2006-05-23?16:25??TnsAudit\TnsAudit.cpp
????I.A....??????4016??2006-09-07?23:04??TnsAudit\TnsAudit.dsp
????I.A....???????539??2006-05-18?09:14??TnsAudit\TnsAudit.dsw
????I.A....?????66560??2006-09-07?23:04??TnsAudit\TnsAudit.ncb
????I.A....?????53760??2006-09-07?23:04??TnsAudit\TnsAudit.opt
????I.A....???????765??2006-05-18?09:14??TnsAudit\TnsAudit.plg
????I.A....??????1337??2006-06-14?14:42??TnsAudit\TnsAudit.sln
????I.A..H.?????13312??2006-06-25?16:06??TnsAudit\TnsAudit.suo
????I.A....??????4774??2006-06-14?14:43??TnsAudit\TnsAudit.vcproj
????I.A....???????256??2006-06-12?09:36??TnsAudit\TnsAudit.vcproj.vspscc
????I.A....???????256??2006-06-12?09:36??TnsAudit\TnsAudit.vssscc
????I.A....???????237??2006-06-22?09:33??TnsAudit\tsnaudit.h
????I.A....???????432??2006-06-25?12:57??TnsAudit\vssver.scc
????I..D...?????????0??2009-10-28?10:32??TnsAudit
-----------?---------??----------?-----??----
??????????????1417248????????????????????27
............此處省略0個文件信息
評論
共有 條評論
川公網安備 51152502000135號