1,183
社区成员
发帖
与我相关
我的任务
分享哪位大哥,帮帮我啊。把一段C代码翻译成Delphi的
/*
利用操作系统提供的API编写防火墙.
该程序涉及到的API说明请访问微软的MSDN Library
代码在C++ Builder 5编译通过
如果您想和我交流请email:zzwinner@163.com
*/
#pragma hdrstop
#include "windows.h"
#include "Fltdefs.h"
// 需要加载"iphlpapi.lib"
//---------------------------------------------------------------------------
#pragma argsused
int main(int argc, char* argv[])
{
// 一个创建网络包过滤接口
INTERFACE_HANDLE hInterface;
PfCreateInterface(0,
PF_ACTION_DROP,//PF_ACTION_FORWARD,
PF_ACTION_DROP,//PF_ACTION_FORWARD,
FALSE,
TRUE,
&hInterface);
// 绑定需要网络包过滤的IP地址
BYTE localIp[] = {192,168,0,2};
PfBindInterfaceToIPAddress(hInterface, PF_IPV4, localIp);
// 现在我们开始过滤HTTP协议的的接口
FILTER_HANDLE fHandle;
// 填充过滤包的规则结构
PF_FILTER_DESCRIPTOR inFilter;
inFilter.dwFilterFlags = FD_FLAGS_NOSYN; //一直添这个值
inFilter.dwRule = 0; //一直添这个值
inFilter.pfatType = PF_IPV4; //用 ipV4 地址
inFilter.SrcAddr = localIp; //设置本地IP地址
inFilter.SrcMask = "\xff\xff\xff\xff"; //设置本地子网掩码
inFilter.wSrcPort = FILTER_TCPUDP_PORT_ANY; //任意来源端口
inFilter.wSrcPortHighRange = FILTER_TCPUDP_PORT_ANY;
inFilter.DstAddr = 0; //任意目标地址
inFilter.DstMask = 0;
inFilter.wDstPort = 80; //目标端口 80(http 服务)
inFilter.wDstPortHighRange = 80;
inFilter.dwProtocol = FILTER_PROTO_TCP; // 过滤的协议
// 加入一个过滤接口
PfAddFiltersToInterface(hInterface, 1, &inFilter, 0, NULL, &fHandle);
// 请在这设置一个调试断点,然后看看你的IE是否不能访问WEB页. :)
// 移除过滤接口
PfRemoveFilterHandles(hInterface, 1, &fHandle);
PfUnBindInterface(hInterface);
PfDeleteInterface(hInterface);
return 0;
}
利用操作系统提供的API编写防火墙.
该程序涉及到的API说明请访问微软的MSDN Library
代码在C++ Builder 5编译通过
如果您想和我交流请email:zzwinner@163.com
*/
#pragma hdrstop
#include "windows.h"
#include "Fltdefs.h"
// 需要加载"iphlpapi.lib"
//---------------------------------------------------------------------------
#pragma argsused
int main(int argc, char* argv[])
{
// 一个创建网络包过滤接口
INTERFACE_HANDLE hInterface;
PfCreateInterface(0,
PF_ACTION_DROP,//PF_ACTION_FORWARD,
PF_ACTION_DROP,//PF_ACTION_FORWARD,
FALSE,
TRUE,
&hInterface);
// 绑定需要网络包过滤的IP地址
BYTE localIp[] = {192,168,0,2};
PfBindInterfaceToIPAddress(hInterface, PF_IPV4, localIp);
// 现在我们开始过滤HTTP协议的的接口
FILTER_HANDLE fHandle;
// 填充过滤包的规则结构
PF_FILTER_DESCRIPTOR inFilter;
inFilter.dwFilterFlags = FD_FLAGS_NOSYN; //一直添这个值
inFilter.dwRule = 0; //一直添这个值
inFilter.pfatType = PF_IPV4; //用 ipV4 地址
inFilter.SrcAddr = localIp; //设置本地IP地址
inFilter.SrcMask = "\xff\xff\xff\xff"; //设置本地子网掩码
inFilter.wSrcPort = FILTER_TCPUDP_PORT_ANY; //任意来源端口
inFilter.wSrcPortHighRange = FILTER_TCPUDP_PORT_ANY;
inFilter.DstAddr = 0; //任意目标地址
inFilter.DstMask = 0;
inFilter.wDstPort = 80; //目标端口 80(http 服务)
inFilter.wDstPortHighRange = 80;
inFilter.dwProtocol = FILTER_PROTO_TCP; // 过滤的协议
// 加入一个过滤接口
PfAddFiltersToInterface(hInterface, 1, &inFilter, 0, NULL, &fHandle);
// 请在这设置一个调试断点,然后看看你的IE是否不能访问WEB页. :)
// 移除过滤接口
PfRemoveFilterHandles(hInterface, 1, &fHandle);
PfUnBindInterface(hInterface);
PfDeleteInterface(hInterface);
return 0;
}
...全文
请发表友善的回复…
发表回复
hotman1117 2008-12-02
- 打赏
- 举报
多谢,这生不能回报,来生都要感谢!
carmen816 2008-01-13
- 打赏
- 举报
超汗。。。
僵哥 2008-01-13
- 打赏
- 举报
楼主难道没发现自己贴出来的代码当中就有了?
下面这段不就是了?
下面这段不就是了?
////////////////////////////////////////////////////////////////////////////////
//
// Test a packet. This call will evaluate the packet against the given
// interfaces and return the filtering action.
//
////////////////////////////////////////////////////////////////////////////////
function PfTestPacket(
pInInterface: INTERFACE_HANDLE;
pOutInterface: INTERFACE_HANDLE;
cBytes: DWORD;
pbPacket: PByteArray;
ppAction: PPFFORWARD_ACTION): DWORD;
stdcall; external IPHLPAPI name '_PfTestPacket@20';
implementation
end.
(********)
//uses winsock, fltdefs;
procedure main();
const
localIp : array[0..3] of BYTE = (192,168,0,2);
FILTER_TCPUDP_PORT_ANY : WORD = $0000;
FD_FLAGS_NOSYN = $1;
var
hInterface : INTERFACE_HANDLE;
fHandle : FILTER_HANDLE;
inFilter : PF_FILTER_DESCRIPTOR;
FILTER_PROTO_TCP : DWORD;
dwSrcMask : DWORD;
begin
FILTER_PROTO_TCP := MAKELONG(MAKEWORD(($06),$00),$00000);
dwSrcMask := $FFFFFFFF;
PfCreateInterface(0,
PF_ACTION_DROP,//PF_ACTION_FORWARD,
PF_ACTION_DROP,//PF_ACTION_FORWARD,
FALSE,
TRUE,
hInterface);
PfBindInterfaceToIPAddress(hInterface, PF_IPV4, @localIp);
inFilter.dwFilterFlags := FD_FLAGS_NOSYN;
inFilter.dwRule := 0;
inFilter.pfatType := PF_IPV4;
inFilter.SrcAddr := @localIp;
inFilter.SrcMask := @dwSrcMask;
inFilter.wSrcPort := FILTER_TCPUDP_PORT_ANY;
inFilter.wSrcPortHighRange := FILTER_TCPUDP_PORT_ANY;
inFilter.DstAddr := nil;
inFilter.DstMask := nil;
inFilter.wDstPort := 80;
inFilter.wDstPortHighRange := 80;
inFilter.dwProtocol := FILTER_PROTO_TCP;
PfAddFiltersToInterface(hInterface, 1, @inFilter, 0, nil, @fHandle);
PfRemoveFilterHandles(hInterface, 1, @fHandle);
PfUnBindInterface(hInterface);
PfDeleteInterface(hInterface);
end;
carmen816 2008-01-12
- 打赏
- 举报
comanche 大哥
D版的也有了,代码翻译啊
D版的也有了,代码翻译啊
jhldelphi 2008-01-12
- 打赏
- 举报
牛
carmen816 2008-01-12
- 打赏
- 举报
Delphi版的Fltdefs (下)
////////////////////////////////////////////////////////////////////////////////
//
// Log APIs. Note that there is at most one log and it must be created
// before any interface needing it is created. There is no way to set a
// log onto an existing interface. The log can be applied to any or all of
// the interfaces.
//
///////////////////////////////////////////////////////////////////////
function PfMakeLog(
hEvent: THandle): DWORD;
stdcall; external IPHLPAPI name '_PfMakeLog@4';
function PfSetLogBuffer(
pbBuffer: PByteArray;
dwSize: DWORD;
dwThreshold: DWORD;
dwEntries: DWORD;
pdwLoggedEntries: PDWORD;
pdwLostEntries: PDWORD;
pdwSizeUsed: PDWORD): DWORD;
stdcall; external IPHLPAPI name '_PfSetLogBuffer@28';
function PfDeleteLog(
): DWORD;
stdcall; external IPHLPAPI name '_PfDeleteLog@0';
////////////////////////////////////////////////////////////////////////////////
//
// Get statistics. Note pdwBufferSize in an IN/OUT parameter. If
// ERROR_INSUFFICIENT_BUFFER is returned, the common statistics are
// available and the correct byte count is in *pdwBufferSize. If only the
// interface statistics are needed, provide a buffer of size
// PF_INTERFACE_STATS only. If the filter descriptions are also needed,
// then supply a large buffer, or use the returned count from the first call
// to allocate a buffer of sufficient size. Note that for a shared interface,
// this second call may fail with ERROR_INSUFFICIENT_BUFFER. This can happen
// if the other sharers add filters in the interim. This should not happen for
// a UNIQUE interface.
//
////////////////////////////////////////////////////////////////////////////////
function PfGetInterfaceStatistics(
pInterface: INTERFACE_HANDLE;
ppfStats: PPF_INTERFACE_STATS;
pdwBufferSize: PDWORD;
fResetCounters: BOOL): DWORD;
stdcall; external IPHLPAPI name '_PfGetInterfaceStatistics@16';
////////////////////////////////////////////////////////////////////////////////
//
// Test a packet. This call will evaluate the packet against the given
// interfaces and return the filtering action.
//
////////////////////////////////////////////////////////////////////////////////
function PfTestPacket(
pInInterface: INTERFACE_HANDLE;
pOutInterface: INTERFACE_HANDLE;
cBytes: DWORD;
pbPacket: PByteArray;
ppAction: PPFFORWARD_ACTION): DWORD;
stdcall; external IPHLPAPI name '_PfTestPacket@20';
implementation
end.
(********)
//uses winsock, fltdefs;
procedure main();
const
localIp : array[0..3] of BYTE = (192,168,0,2);
FILTER_TCPUDP_PORT_ANY : WORD = $0000;
FD_FLAGS_NOSYN = $1;
var
hInterface : INTERFACE_HANDLE;
fHandle : FILTER_HANDLE;
inFilter : PF_FILTER_DESCRIPTOR;
FILTER_PROTO_TCP : DWORD;
dwSrcMask : DWORD;
begin
FILTER_PROTO_TCP := MAKELONG(MAKEWORD(($06),$00),$00000);
dwSrcMask := $FFFFFFFF;
PfCreateInterface(0,
PF_ACTION_DROP,//PF_ACTION_FORWARD,
PF_ACTION_DROP,//PF_ACTION_FORWARD,
FALSE,
TRUE,
hInterface);
PfBindInterfaceToIPAddress(hInterface, PF_IPV4, @localIp);
inFilter.dwFilterFlags := FD_FLAGS_NOSYN;
inFilter.dwRule := 0;
inFilter.pfatType := PF_IPV4;
inFilter.SrcAddr := @localIp;
inFilter.SrcMask := @dwSrcMask;
inFilter.wSrcPort := FILTER_TCPUDP_PORT_ANY;
inFilter.wSrcPortHighRange := FILTER_TCPUDP_PORT_ANY;
inFilter.DstAddr := nil;
inFilter.DstMask := nil;
inFilter.wDstPort := 80;
inFilter.wDstPortHighRange := 80;
inFilter.dwProtocol := FILTER_PROTO_TCP;
PfAddFiltersToInterface(hInterface, 1, @inFilter, 0, nil, @fHandle);
PfRemoveFilterHandles(hInterface, 1, @fHandle);
PfUnBindInterface(hInterface);
PfDeleteInterface(hInterface);
end;
carmen816 2008-01-12
- 打赏
- 举报
Delphi版的Fltdefs (上)
unit fltdefs;
////////////////////////////////////////////////////////////////////////////////
//
// Delphi conversion of fltdefs.h for use with the IPHLPAPI.DLL
//
////////////////////////////////////////////////////////////////////////////////
interface
uses
Windows;
const
IPHLPAPI = 'IPHLPAPI.DLL';
// Byte array
type
TByteArray = Array [0..Pred(MaxInt)] of Byte;
PByteArray = ^TByteArray;
// Data types
type
FILTER_HANDLE = Pointer;
PFILTER_HANDLE = ^FILTER_HANDLE;
INTERFACE_HANDLE = Pointer;
PINTERFACE_HANDLE = ^INTERFACE_HANDLE;
// GlobalFilter enumeration
const
GF_FRAGMENTS = 2;
GF_STRONGHOST = 8;
GF_FRAGCACHE = 9;
type
GLOBAL_FILTER = Integer;
PGLOBAL_FILTER = ^GLOBAL_FILTER;
// PFAddressType enumeration
const
PF_IPV4 = 0;
PF_IPV6 = 1;
type
PFADDRESSTYPE = Integer;
PPFADDRESSTYPE = ^PFADDRESSTYPE;
// PFForwardAction enumeration
const
PF_ACTION_FORWARD = 0;
PF_ACTION_DROP = 1;
type
PFFORWARD_ACTION = Integer;
PPFFORWARD_ACTION = ^PPFFORWARD_ACTION;
// PFFrameType enumeration
const
PFFT_FILTER = 1;
PFFT_FRAG = 2;
PFFT_SPOOF = 3;
type
PFFRAMETYPE = Integer;
PPFFRAMETYPE = ^PFFRAMETYPE;
type
_PF_FILTER_DESCRIPTOR = packed record
dwFilterFlags: DWORD;
dwRule: DWORD;
pfatType: PFADDRESSTYPE;
SrcAddr: PByteArray;
SrcMask: PByteArray;
DstAddr: PByteArray;
DstMask: PByteArray;
dwProtocol: DWORD;
fLateBound: DWORD;
wSrcPort: Word;
wDstPort: Word;
wSrcPortHighRange: Word;
wDstPortHighRange: Word;
end;
PF_FILTER_DESCRIPTOR = _PF_FILTER_DESCRIPTOR;
PPF_FILTER_DESCRIPTOR = ^PF_FILTER_DESCRIPTOR;
type
_PF_FILTER_STATS = packed record
dwNumPacketsFiltered:DWORD;
info: PF_FILTER_DESCRIPTOR;
end;
PF_FILTER_STATS = _PF_FILTER_STATS;
PPF_FILTER_STATS = ^PF_FILTER_STATS;
type
_PF_INTERFACE_STATS = packed record
pvDriverContext: Pointer;
dwFlags: DWORD;
dwInDrops: DWORD;
dwOutDrops: DWORD;
eaInAction: PFFORWARD_ACTION;
eaOutAction: PFFORWARD_ACTION;
dwNumInFilters: DWORD;
dwNumOutFilters: DWORD;
dwFrag: DWORD;
dwSpoof: DWORD;
dwReserved1: DWORD;
dwReserved2: DWORD;
liSyn: LARGE_INTEGER;
liTotalLogged: LARGE_INTEGER;
dwLostLogEntries: DWORD;
FilterInfo: Array [0..0] of PF_FILTER_STATS;
end;
PF_INTERFACE_STATS = _PF_INTERFACE_STATS;
PPF_INTERFACE_STATS = ^PF_INTERFACE_STATS;
type
_PF_LATEBIND_INFO = packed record
SrcAddr: PByteArray;
DstAddr: PByteArray;
Mask: PByteArray;
end;
PF_LATEBIND_INFO = _PF_LATEBIND_INFO;
PPF_LATEBIND_INFO = ^PF_LATEBIND_INFO;
type
_PFLOGFRAME = packed record
Timestamp: LARGE_INTEGER;
pfeTypeOfFrame: PFFRAMETYPE;
dwTotalSizeUsed: DWORD;
dwFilterRule: DWORD;
wSizeOfAdditionalData:Word;
wSizeOfIpHeader: Word;
dwInterfaceName: DWORD;
dwIPIndex: DWORD;
bPacketData: Array [0..0] of Byte;
end;
PFLOGFRAME = _PFLOGFRAME;
PPFLOGFRAME = ^PFLOGFRAME;
const
FILTER_PROTO_ANY = $00;
FILTER_PROTO_ICMP = $01;
FILTER_PROTO_TCP = $06;
FILTER_PROTO_UDP = $11;
FILTER_TCPUDP_PORT_ANY = $00;
const
FILTER_ICMP_TYPE_ANY = $FF;
FILTER_ICMP_CODE_ANY = $FF;
const
FD_FLAGS_NOSYN = $01;
FD_FLAGS_ALLFLAGS = FD_FLAGS_NOSYN;
const
LB_SRC_ADDR_USE_SRCADDR_FLAG = $00000001;
LB_SRC_ADDR_USE_DSTADDR_FLAG = $00000002;
LB_DST_ADDR_USE_SRCADDR_FLAG = $00000004;
LB_DST_ADDR_USE_DSTADDR_FLAG = $00000008;
LB_SRC_MASK_LATE_FLAG = $00000010;
LB_DST_MASK_LATE_FLAG = $00000020;
const
ERROR_BASE = 23000;
PFERROR_NO_PF_INTERFACE = (ERROR_BASE + 0); // never returned.
PFERROR_NO_FILTERS_GIVEN = (ERROR_BASE + 1);
PFERROR_BUFFER_TOO_SMALL = (ERROR_BASE + 2);
ERROR_IPV6_NOT_IMPLEMENTED = (ERROR_BASE + 3);
////////////////////////////////////////////////////////////////////////////////
//
// Filter functions exported by IPHLPAPI
//
////////////////////////////////////////////////////////////////////////////////
function PfCreateInterface(
dwName: DWORD;
inAction: PFFORWARD_ACTION;
outAction: PFFORWARD_ACTION;
bUseLog: BOOL;
bMustBeUnique: BOOL;
var ppInterface: INTERFACE_HANDLE): DWORD;
stdcall; external IPHLPAPI name '_PfCreateInterface@24';
function PfDeleteInterface(
pInterface: INTERFACE_HANDLE): DWORD;
stdcall; external IPHLPAPI name '_PfDeleteInterface@4';
function PfAddFiltersToInterface(
ih: INTERFACE_HANDLE;
cInFilters: DWORD;
pfiltIn: PPF_FILTER_DESCRIPTOR;
cOutFilters: DWORD;
pfiltOut: PPF_FILTER_DESCRIPTOR;
pfHandle: PFILTER_HANDLE): DWORD;
stdcall; external IPHLPAPI name '_PfAddFiltersToInterface@24';
function PfRemoveFiltersFromInterface(
ih: INTERFACE_HANDLE;
cInFilters: DWORD;
pfiltIn: PPF_FILTER_DESCRIPTOR;
cOutFilters: DWORD;
pfiltOut: PPF_FILTER_DESCRIPTOR): DWORD;
stdcall; external IPHLPAPI name '_PfRemoveFiltersFromInterface@20';
function PfRemoveFilterHandles(
pInterface: INTERFACE_HANDLE;
cFilters: DWORD;
pvHandles: PFILTER_HANDLE): DWORD;
stdcall; external IPHLPAPI name '_PfRemoveFilterHandles@12';
function PfUnBindInterface(
pInterface: INTERFACE_HANDLE): DWORD;
stdcall; external IPHLPAPI name '_PfUnBindInterface@4';
function PfBindInterfaceToIndex(
pInterface: INTERFACE_HANDLE;
dwIndex: DWORD;
pfatLinkType: PFADDRESSTYPE;
LinkIPAddress: PByteArray): DWORD;
stdcall; external IPHLPAPI name '_PfBindInterfaceToIndex@16';
function PfBindInterfaceToIPAddress(
pInterface: INTERFACE_HANDLE;
pfatLinkType: PFADDRESSTYPE;
IPAddress: PByteArray): DWORD;
stdcall; external IPHLPAPI name '_PfBindInterfaceToIPAddress@12';
function PfRebindFilters(
pInterface: INTERFACE_HANDLE;
pLateBindInfo: PPF_LATEBIND_INFO): DWORD;
stdcall; external IPHLPAPI name '_PfRebindFilters@8';
function PfAddGlobalFilterToInterface(
pInterface: INTERFACE_HANDLE;
gfFilter: GLOBAL_FILTER): DWORD;
stdcall; external IPHLPAPI name '_PfAddGlobalFilterToInterface@8';
function PfRemoveGlobalFilterFromInterface(
pInterface: INTERFACE_HANDLE;
gfFilter: GLOBAL_FILTER): DWORD;
stdcall; external IPHLPAPI name '_PfRemoveGlobalFilterFromInterface@8';
carmen816 2008-01-12
- 打赏
- 举报
C版的Fltdefs 下
//////////////////////////////////////////////////////////////////////////////
// //
// Error codes. These extend the WIN32 errors by having errors specific to //
// these APIs. Besides these errors, the APIs may return any of the WIN32 //
// errors. //
// //
//////////////////////////////////////////////////////////////////////////////
#define ERROR_BASE 23000
#define PFERROR_NO_PF_INTERFACE (ERROR_BASE + 0) // never returned.
#define PFERROR_NO_FILTERS_GIVEN (ERROR_BASE + 1)
#define PFERROR_BUFFER_TOO_SMALL (ERROR_BASE + 2)
#define ERROR_IPV6_NOT_IMPLEMENTED (ERROR_BASE + 3)
//////////////////////////////////////////////////////////////////////////////
// //
// The API prototypes //
// //
//////////////////////////////////////////////////////////////////////////////
PFAPIENTRY
PfCreateInterface(
DWORD dwName,
PFFORWARD_ACTION inAction,
PFFORWARD_ACTION outAction,
BOOL bUseLog,
BOOL bMustBeUnique,
INTERFACE_HANDLE *ppInterface
);
PFAPIENTRY
PfDeleteInterface(
INTERFACE_HANDLE pInterface
);
PFAPIENTRY
PfAddFiltersToInterface(
INTERFACE_HANDLE ih,
DWORD cInFilters,
PPF_FILTER_DESCRIPTOR pfiltIn,
DWORD cOutFilters,
PPF_FILTER_DESCRIPTOR pfiltOut,
PFILTER_HANDLE pfHandle
);
PFAPIENTRY
PfRemoveFiltersFromInterface(
INTERFACE_HANDLE ih,
DWORD cInFilters,
PPF_FILTER_DESCRIPTOR pfiltIn,
DWORD cOutFilters,
PPF_FILTER_DESCRIPTOR pfiltOut
);
PFAPIENTRY
PfRemoveFilterHandles(
INTERFACE_HANDLE pInterface,
DWORD cFilters,
PFILTER_HANDLE pvHandles
);
PFAPIENTRY
PfUnBindInterface(
INTERFACE_HANDLE pInterface
);
PFAPIENTRY
PfBindInterfaceToIndex(
INTERFACE_HANDLE pInterface,
DWORD dwIndex,
PFADDRESSTYPE pfatLinkType,
PBYTE LinkIPAddress
);
PFAPIENTRY
PfBindInterfaceToIPAddress(
INTERFACE_HANDLE pInterface,
PFADDRESSTYPE pfatType,
PBYTE IPAddress
);
PFAPIENTRY
PfRebindFilters(
INTERFACE_HANDLE pInterface,
PPF_LATEBIND_INFO pLateBindInfo
);
PFAPIENTRY
PfAddGlobalFilterToInterface(
INTERFACE_HANDLE pInterface,
GLOBAL_FILTER gfFilter
);
PFAPIENTRY
PfRemoveGlobalFilterFromInterface(
INTERFACE_HANDLE pInterface,
GLOBAL_FILTER gfFilter
);
//////////////////////////////////////////////////////////////////////////////
// //
// Log APIs. Note that there is at most one log and it must be created //
// before any interface needing it is created. There is no way to set a //
// log onto an existing interface. The log can be applied to any or all of //
// the interfaces. //
// //
//////////////////////////////////////////////////////////////////////////////
PFAPIENTRY
PfMakeLog(
HANDLE hEvent
);
//
// Provide a buffer, and notification parameters, and get back
// the old buffer and status.
//
PFAPIENTRY
PfSetLogBuffer(
PBYTE pbBuffer,
DWORD dwSize,
DWORD dwThreshold,
DWORD dwEntries,
PDWORD pdwLoggedEntries,
PDWORD pdwLostEntries,
PDWORD pdwSizeUsed
);
//
// Doing this will disable the log on any of the interfaces. But if
// an interface was created with the log, the actual log will not be
// completely deleted until that interface is deleted. This is a small
// point, but it might explain a mystery or two.
//
PFAPIENTRY
PfDeleteLog(
VOID
);
//////////////////////////////////////////////////////////////////////////////
// //
// Get statistics. Note pdwBufferSize in an IN/OUT parameter. If //
// ERROR_INSUFFICIENT_BUFFER is returned, the common statistics are //
// available and the correct byte count is in *pdwBufferSize. If only the //
// interface statistics are needed, provide a buffer of size //
// PF_INTERFACE_STATS only. //
// If the filter descriptions are also needed, then supply a large buffer, //
// or use the returned count from the first call to allocate a buffer of //
// sufficient size. Note that for a shared interface, this second call may //
// fail with ERROR_INSUFFICIENT_BUFFER. This can happen if the other //
// sharers add filters in the interim. This should not happen for a UNIQUE //
// interface. //
// //
//////////////////////////////////////////////////////////////////////////////
PFAPIENTRY
PfGetInterfaceStatistics(
INTERFACE_HANDLE pInterface,
PPF_INTERFACE_STATS ppfStats,
PDWORD pdwBufferSize,
BOOL fResetCounters
);
//////////////////////////////////////////////////////////////////////////////
// //
// Test a packet. //
// This call will evaluate the packet against the given interfaces //
// and return the filtering action. //
// //
//////////////////////////////////////////////////////////////////////////////
PFAPIENTRY
PfTestPacket(
INTERFACE_HANDLE pInInterface OPTIONAL,
INTERFACE_HANDLE pOutInterface OPTIONAL,
DWORD cBytes,
PBYTE pbPacket,
PPFFORWARD_ACTION ppAction
);
#endif
carmen816 2008-01-12
- 打赏
- 举报
C版的Fltdefs 上
Copyright (c) 1995-1999 Microsoft Corporation
Module Name:
fltdefs.h
Abstract:
Definitions for the WIN32 filter APIs
Author:
Arnold Miller (arnoldm) 24-Sept-1997
Revision History:
--*/
#ifndef _FLTDEFS_H
#define _FLTDEFS_H
#if _MSC_VER > 1000
#pragma once
#endif
typedef PVOID FILTER_HANDLE, *PFILTER_HANDLE;
typedef PVOID INTERFACE_HANDLE, *PINTERFACE_HANDLE;
#define PFEXPORT _declspec(dllexport)
#ifdef __cplusplus
#define EXTERNCDECL EXTERN_C
#else
#define EXTERNCDECL
#endif
#define PFAPIENTRY EXTERNCDECL DWORD PFEXPORT WINAPI
typedef enum _GlobalFilter
{
GF_FRAGMENTS = 2, // check consistency of fragments
GF_STRONGHOST = 8, // check destination address of input frames
GF_FRAGCACHE = 9 // check fragments from cache
} GLOBAL_FILTER, *PGLOBAL_FILTER;
typedef enum _PfForwardAction
{
PF_ACTION_FORWARD = 0,
PF_ACTION_DROP
} PFFORWARD_ACTION, *PPFFORWARD_ACTION;
typedef enum _PfAddresType
{
PF_IPV4,
PF_IPV6
} PFADDRESSTYPE, *PPFADDRESSTYPE;
//////////////////////////////////////////////////////////////////////////////
// //
// The constants that should be used to set up the FILTER_INFO_STRUCTURE //
// //
//////////////////////////////////////////////////////////////////////////////
#define FILTER_PROTO(ProtoId) MAKELONG(MAKEWORD((ProtoId),0x00),0x00000)
#define FILTER_PROTO_ANY FILTER_PROTO(0x00)
#define FILTER_PROTO_ICMP FILTER_PROTO(0x01)
#define FILTER_PROTO_TCP FILTER_PROTO(0x06)
#define FILTER_PROTO_UDP FILTER_PROTO(0x11)
#define FILTER_TCPUDP_PORT_ANY (WORD)0x0000
#define FILTER_ICMP_TYPE_ANY (BYTE)0xff
#define FILTER_ICMP_CODE_ANY (BYTE)0xff
typedef struct _PF_FILTER_DESCRIPTOR
{
DWORD dwFilterFlags; // see below
DWORD dwRule; // copied into the log when appropriate
PFADDRESSTYPE pfatType;
PBYTE SrcAddr;
PBYTE SrcMask;
PBYTE DstAddr;
PBYTE DstMask;
DWORD dwProtocol;
DWORD fLateBound;
WORD wSrcPort;
WORD wDstPort;
WORD wSrcPortHighRange;
WORD wDstPortHighRange;
}PF_FILTER_DESCRIPTOR, *PPF_FILTER_DESCRIPTOR;
//////////////////////////////////////////////////////////////////////////////
// //
// Structure for PfGetInterfaceStatistics //
// //
//////////////////////////////////////////////////////////////////////////////
typedef struct _PF_FILTER_STATS
{
DWORD dwNumPacketsFiltered;
PF_FILTER_DESCRIPTOR info;
}PF_FILTER_STATS, *PPF_FILTER_STATS;
typedef struct _PF_INTERFACE_STATS
{
PVOID pvDriverContext;
DWORD dwFlags; // none as yet (28-Sept-1997)
DWORD dwInDrops;
DWORD dwOutDrops;
PFFORWARD_ACTION eaInAction;
PFFORWARD_ACTION eaOutAction;
DWORD dwNumInFilters;
DWORD dwNumOutFilters;
DWORD dwFrag;
DWORD dwSpoof;
DWORD dwReserved1;
DWORD dwReserved2;
LARGE_INTEGER liSYN;
LARGE_INTEGER liTotalLogged;
DWORD dwLostLogEntries;
PF_FILTER_STATS FilterInfo[1];
} PF_INTERFACE_STATS, *PPF_INTERFACE_STATS;
//////////////////////////////////////////////////////////////////////////////
// //
// The number of bytes starting at SrcAddr. If you add something to the //
// structure make sure this remains valid //
// //
//////////////////////////////////////////////////////////////////////////////
#define FILTERSIZE \
(sizeof(PF_FILTER_DESCRIPTOR) - \
(DWORD)(&((PPF_FILTER_DESCRIPTOR)0)->SrcAddr))
//////////////////////////////////////////////////////////////////////////////
// //
// Flags for PF_FILTER_DESCRIPTOR //
// //
//////////////////////////////////////////////////////////////////////////////
//
// Disallows incoming SYN
//
#define FD_FLAGS_NOSYN 0x1
//
// All legal flags
//
#define FD_FLAGS_ALLFLAGS FD_FLAGS_NOSYN
//////////////////////////////////////////////////////////////////////////////
// //
// Late bound defs. Go in fLateBound in a PF_FILTER_DESCRIPTOR and //
// describe which other fields of the filter are affected by a //
// PfRebindFilters call. In general such filters are on WAN interfaces //
// where one or the other address may change as the connection is //
// reconnected. //
// The assumption is that such interfaces HAVE ONLY ONE ADDRESS. //
// //
//////////////////////////////////////////////////////////////////////////////
#define LB_SRC_ADDR_USE_SRCADDR_FLAG 0x00000001
#define LB_SRC_ADDR_USE_DSTADDR_FLAG 0x00000002
#define LB_DST_ADDR_USE_SRCADDR_FLAG 0x00000004
#define LB_DST_ADDR_USE_DSTADDR_FLAG 0x00000008
#define LB_SRC_MASK_LATE_FLAG 0x00000010
#define LB_DST_MASK_LATE_FLAG 0x00000020
typedef struct _PF_LATEBIND_INFO
{
PBYTE SrcAddr;
PBYTE DstAddr;
PBYTE Mask;
}PF_LATEBIND_INFO, *PPF_LATEBIND_INFO;
//////////////////////////////////////////////////////////////////////////////
// //
// The format of a logged frame and defs for it. //
// //
//////////////////////////////////////////////////////////////////////////////
typedef enum _PfFrameType
{
PFFT_FILTER = 1, // a filter violation
PFFT_FRAG = 2, // bad fragment
PFFT_SPOOF = 3 // strong host failure
} PFFRAMETYPE, *PPFFRAMETYPE;
typedef struct _pfLogFrame
{
LARGE_INTEGER Timestamp;
PFFRAMETYPE pfeTypeOfFrame;
DWORD dwTotalSizeUsed; // used to find the next frame
DWORD dwFilterRule; // from the filter
WORD wSizeOfAdditionalData;
WORD wSizeOfIpHeader;
DWORD dwInterfaceName; // the name of the interface
DWORD dwIPIndex;
BYTE bPacketData[1]; // the frame. wsizeOfIpHeader
// and wsizeOfAdditionalData
// describe this
} PFLOGFRAME, *PPFLOGFRAME;
comanche 2008-01-12
- 打赏
- 举报
.c 不难改, Fltdefs.h 要贴出来,这里面都得改
ghd2004 2008-01-12
- 打赏
- 举报
c还不知道什么时候学的了。
Up
Up
