static void GetNewRegValue( HWND hwnd ) { HWND owner; DLGPROC fp; INT_PTR reg_modified; RegModifyData modify_data; const char *descript; unsigned max_descript; mad_type_info tinfo; mad_registers *regs; owner = GetParent( hwnd ); regs = RegListGetMadRegisters( owner ); modify_data.reg_set = RegListGetMadRegSetData( owner ); owner = GetParent( owner ); MADRegSetDisplayGetPiece( modify_data.reg_set, regs, GetDlgCtrlID( hwnd ), &descript, &max_descript, (const mad_reg_info **) (&( modify_data.curr_info )), &( modify_data.th ), &( modify_data.maxv ) ); MADTypeInfo( modify_data.curr_info->type, &tinfo ); modify_data.curr_value = alloca( tinfo.b.bits / BITS_PER_BYTE ); BitGet( modify_data.curr_value, (unsigned char *)regs, modify_data.curr_info->bit_start, modify_data.curr_info->bit_size); MADRegSetDisplayModify( modify_data.reg_set, modify_data.curr_info, (const mad_modify_list **)( &( modify_data.m_list ) ), &(modify_data.num_possible) ); switch( modify_data.num_possible ) { case 2: if( memcmp( modify_data.curr_value, modify_data.m_list[0].data, tinfo.b.bits / BITS_PER_BYTE ) == 0 ){ memcpy( modify_data.curr_value, modify_data.m_list[1].data, tinfo.b.bits / BITS_PER_BYTE ); }else { memcpy( modify_data.curr_value, modify_data.m_list[0].data, tinfo.b.bits / BITS_PER_BYTE ); } reg_modified = 1; break; case 1: fp = (DLGPROC)MakeProcInstance( ChangeRegisterDialog, Instance ); reg_modified = JDialogBoxParam( Instance, "CHANGE_REG_EDIT", owner, fp, (LPARAM)( &modify_data ) ); FreeProcInstance( fp ); break; default: fp = (DLGPROC)MakeProcInstance( ChangeRegisterDialog, Instance ); reg_modified = JDialogBoxParam( Instance, "CHANGE_REG_COMBO", owner, fp, (LPARAM)( &modify_data ) ); FreeProcInstance( fp ); } if( reg_modified == 1 ) { MADRegUpdateStart( regs, modify_data.curr_info->flags, modify_data.curr_info->bit_start, modify_data.curr_info->bit_size ); BitPut( (unsigned char *)regs, modify_data.curr_info->bit_start, modify_data.curr_value, modify_data.curr_info->bit_size ); MADRegUpdateEnd( regs, modify_data.curr_info->flags, modify_data.curr_info->bit_start, modify_data.curr_info->bit_size ); } }
static void getMadString( mad_reg_set_data *data, mad_registers *regs, int i, RegStringCreateData *create ) { mad_type_handle mtype; mad_type_info mti; mad_radix radix; const mad_reg_info *rinfo; void *value; unsigned max_len; const char *descript; MADRegSetDisplayGetPiece( data, regs, i, &descript, &( create[i].maxd ), &rinfo, &mtype, &( create[i].length ) ); if ( create[i].maxd == 0 && descript != NULL ){ create[i].maxd = strlen( descript ); } if ( descript != NULL && IsEmptyString( descript ) == FALSE ){ strcpy( create[i].buffer, descript ); create[i].maxd ++; } else { create[i].buffer[0] = '\0'; create[i].maxd = 0; } if( create[i].length == 0 && rinfo != NULL ) { create[i].length = getMADMaxFormatWidth(mtype); } if( rinfo != NULL ) { MADTypeInfo( rinfo->type, &mti ); value = alloca( BITS2BYTES( mti.b.bits ) ); BitGet( value, (unsigned char *)regs, rinfo->bit_start, rinfo->bit_size ); radix = MADTypePreferredRadix( mtype ); max_len = create[i].length + 1; MADTypeHandleToString( radix, mtype, value, create[i].value, &max_len ); } else { create[i].value[0] = '\0'; } }
/** * 离线模式配置初始化 */ AP_DECLARE(int) ap_offline_configure(void) { int i; apr_status_t rv; ap_directive_t *newdir; ap_directive_t *current; ap_directive_t *conftree; apr_pool_t *ptemp; /* Pool for temporary config stuff, reset often */ char strbuf[STR_LEN_MAX]; if (ap_off_iface == 0) { return DONE; } /* 配置处理过程中的临时数据放在临时内存池里面 */ apr_pool_create(&ptemp, pconf); apr_pool_tag(ptemp, "ptemp"); rv = OK; /* 建立一颗临时的配置树 */ conftree = NULL; current = conftree; newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t)); newdir->filename = "offline mode"; newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1); newdir->directive = apr_pstrdup(ptemp, "OfflineEngine"); newdir->args = apr_pstrdup(ptemp, "On"); current = ap_add_node(&conftree, current, newdir, 0); conftree = current; /* 设定监听端口 */ for (i = 0; i < OFFLINE_INTF_NUM; i++) { if (BitGet(ap_off_iface, i + 1)) { sprintf(strbuf, "eth%d", i); newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t)); newdir->filename = "offline mode"; newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1); newdir->directive = apr_pstrdup(ptemp, "OfflineEthName"); newdir->args = apr_pstrdup(ptemp, strbuf); current = ap_add_node(&conftree, current, newdir, 0); } } newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t)); newdir->filename = "offline mode"; newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1); newdir->directive = apr_pstrdup(ptemp, "OfflineLogLevel"); newdir->args = apr_pstrdup(ptemp, "fatal"); current = ap_add_node(&conftree, current, newdir, 0); /* 指令下发调试 */ for (current = conftree; current != NULL; current = current->next) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_main_server, "%s: line[%d] directive[%s] args[%s]", current->filename, current->line_num, current->directive, current->args); } if (conftree) { rv = ap_process_config_tree(ap_main_server, conftree, pconf, ptemp); } apr_pool_destroy(ptemp); return rv; }
/*--------------------------------------------------------------- Routine : calculate_probs Purpose : Calculate the probabilities for the tree, based upon the minimal cut sets. ---------------------------------------------------------------*/ BOOL calculate_probs( char *filename, /* IN - filename to write report to */ TREE *tree, /* IN - tree */ int max_order, /* IN - max order of cut sets to use */ int prob_n_terms, /* IN - number of terms in expansion */ float unit_time ) /* IN - unit time factor to be applied */ { BitArray *stop = BitCreate(1); /* 1-bit zero */ FILE *file; Expr e; Group *g; float *probs, *cp, *imp; float p; int num_bas, num_mcs, i, j; /* char *mcs_file; */ /* int order; */ clock_t time1, time2; time_t tp; BOOL success = TRUE; float one_increment /* value for one increment of the progress bar */; /* start clock */ time1 = clock(); if ( (file = fopen(filename, "w")) == NULL) { printf("*** calculate_probs : error opening file\n"); return FALSE; } /* printf("calculate_probs()\n"); */ /* include transfered-in trees and build the primary event list * * We need to do something different to deal with Common Cause Analysis * We don't need the tree, but we do need the primary event list. * Need to add the common cause events into the primary event list. */ /* if necessary, expand tree */ expand_tree(tree); /* set probs in BASLIST from the events database */ set_bas_prob( unit_time ); /* get number of primary events */ if ((num_bas = tree->num_bas) == 0) { fclose( file ); return FALSE; } if (GenerateNumericalProbabilityCheckForInterrupt()) { success = FALSE; fclose( file ); return success; } /* create array of probabilities of primary events */ if ( !fNewMemory( (void *)&probs, ( num_bas * sizeof(float) ) ) ) { printf("\n*** calculate_probs 1 : malloc failed ***\n"); exit(1); } if ( !fNewMemory( (void *)&imp, ( num_bas * sizeof(float) ) ) ) { printf("\n*** calculate_probs : malloc failed ***\n"); exit(1); } /* fill array */ get_probs( probs ); /* get mcs list */ e = tree->mcs_expr; /* num_mcs = ExprCount(e); */ /* how many mcs are actually used? */ num_mcs = ExprCountOrder(tree->mcs_expr, max_order); /* make sure that max_term does not exceed number of mcs */ /* if number of mcs is zero then return FALSE */ if(num_mcs == 0) { return FALSE; } else if (prob_n_terms > num_mcs) { prob_n_terms = num_mcs; } /* initialise Working dialog */ /* most of the cpu time is taken up in the ExprProb() function */ /* the working dialog is incremented in the combs() function */ one_increment = 0.0; for(i = 1; i <= prob_n_terms; i++) { one_increment += nCr(num_mcs, i); } /* set up progress bar */ one_increment /= 100.0; set_one_increment(one_increment); GenerateNumericalProbabilitySetProgressBarMax(100); /* ExprPrint(e); */ /* print header */ fprintf(file, "Probabilities Analysis\n" "======================\n\n"); fprintf(file, "Tree : %s\n", tree->name); time(&tp); fprintf(file, "Time : %s\n", ctime(&tp)); fprintf(file, "Number of primary events = %d\n", num_bas); fprintf(file, "Number of minimal cut sets = %d\n", num_mcs); fprintf(file, "Order of minimal cut sets = %d\n", tree->max_order); if (max_order < tree->max_order) { fprintf(file, " (order <= %d used)\n\n", max_order); } else { fprintf(file, "\n"); } fprintf(file, "Unit time span = %f\n\n", unit_time); /* calculate cut set probabilities - use ALL the cut sets */ cp = ExprCutsetProbs(e, probs); fprintf(file, "Minimal cut set probabilities :\n\n"); i = 0; for(g=e; !BitEquals(g->b, stop); g=g->next) { char **fp = BitPara( g->b, 30 ); /* printf("(%3d) %s %-20s - %E\n", */ /* i+1, */ /* BitString(g->b), */ /* fp[0], */ /* cp[i]); */ /* */ /* for (j = 1; fp[j] != NULL; j++) { */ /* printf(" %-20s\n", fp[j]); */ /* } */ if (GenerateNumericalProbabilityCheckForInterrupt()) { success = FALSE; CleanUpOperations( file, probs, cp, imp, stop); ParaDestroy(fp); return success; } fprintf(file, "%3d %-30s %E\n", i+1, fp[0], cp[i]); for (j = 1; fp[j] != NULL; j++) { fprintf(file, " %-20s\n", fp[j]); } ParaDestroy(fp); i++; } /* calculate top level probability - use only up to max_order cut sets */ fprintf(file, "\n\n" "Probability of top level event " "(minimal cut sets up to order %d used):\n\n", max_order); p = 0; for (i = 1; i <= prob_n_terms && i <= num_mcs && !GenerateNumericalProbabilityCheckForInterrupt(); i++) { float term; char *sign, *s, *bound; p += (term = ExprProb(e, probs, max_order, i)); sign = ((i % 2) ? "+" : "-" ); s = ((i > 1) ? "s" : " " ); bound = ((i % 2) ? "upper" : "lower" ); fprintf(file, "%2d term%s %s%E = %E (%s bound)\n", i, s, sign, fabs(term), p, bound); } if (prob_n_terms >= num_mcs) { fprintf(file, "\nExact value : %E\n", p); } if (GenerateNumericalProbabilityCheckForInterrupt()) { success = FALSE; CleanUpOperations( file, probs, cp, imp, stop); return success; } /* calculate importances of individual events */ for (j = 0; j < num_bas; j++) { imp[j] = 0; } i = 0; for(g=e; !BitEquals(g->b, stop); g=g->next) { for (j = 0; j < g->b->n; j++) { if ( BitGet(g->b, (g->b->n-1) - j) ) { imp[j] += cp[i]; } } i++; } if (GenerateNumericalProbabilityCheckForInterrupt()) { success = FALSE; CleanUpOperations( file, probs, cp, imp, stop); return success; } fprintf(file, "\n\nPrimary Event Analysis:\n\n"); fprintf(file, " Event " "Failure contrib. " "Importance\n\n"); for (i = 0; i < num_bas; i++) { char *fs = BasicString(num_bas, i); fprintf(file, "%-15s %E %5.2f%%\n", fs, imp[i], 100 * imp[i] / p); strfree(fs); } time2 = clock(); /* printf("calculate_probs : num_terms = %d : time = %f\n", */ /* prob_n_terms, (time2-time1)/(float)CLOCKS_PER_SEC); */ CleanUpOperations( file, probs, cp, imp, stop); /* fclose(file); */ /* FreeMemory(probs); */ /* free(cp); */ /* FreeMemory(imp); */ return ( TRUE ); } /* calculate_probs */
/* 处理每个服务器策略下的指令 */ static int process_server_policy(server_policy_t *sp, server_rec *server_conf, apr_pool_t *ptemp) { apr_status_t rv; ap_directive_t *newdir; ap_directive_t *current; ap_directive_t *conftree; virt_host_t *vhost; int sname_set; char strbuf[STR_LEN_MAX]; /* 每个服务器策略建立一颗临时的配置树 */ conftree = NULL; current = NULL; /* 限制了当启用KeepAlive时,每个连接允许的请求数量。*/ newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t)); newdir->filename = sp->name; /* 使用服务器策略名字作为指令文件名 */ newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1); newdir->directive = apr_pstrdup(ptemp, "MaxKeepAliveRequests"); newdir->args = apr_pstrdup(ptemp, "500"); current = ap_add_node(&conftree, current, newdir, 0); conftree = current; if (sp->work_mode == WORK_REVERSE) { /* 处理反向代理配置 */ if (sp->orig_host->proto == PROTO_HTTPS) { sprintf(strbuf, "/ https://%d.%d.%d.%d:%d/", NIPQUAD(sp->orig_host->ipaddr.s_addr), sp->orig_host->port); } else { sprintf(strbuf, "/ http://%d.%d.%d.%d:%d/", NIPQUAD(sp->orig_host->ipaddr.s_addr), sp->orig_host->port); } ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_main_server, "backend host: %s", strbuf); newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t)); newdir->filename = sp->name; newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1); newdir->directive = apr_pstrdup(ptemp, "ProxyPass"); newdir->args = apr_pstrdup(ptemp, strbuf); current = ap_add_node(&conftree, current, newdir, 0); newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t)); newdir->filename = sp->name; newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1); newdir->directive = apr_pstrdup(ptemp, "ProxyPassReverse"); newdir->args = apr_pstrdup(ptemp, strbuf); current = ap_add_node(&conftree, current, newdir, 0); } else if ((sp->work_mode == WORK_BRIDGE) || (sp->work_mode == WORK_ROUTE)) { /* 处理透明代理配置 */ newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t)); newdir->filename = sp->name; newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1); newdir->directive = apr_pstrdup(ptemp, "ProxyTransparent"); newdir->args = apr_pstrdup(ptemp, "On"); current = ap_add_node(&conftree, current, newdir, 0); if (!sp->is_default) { for (sname_set = 0, vhost = sp->virt_host->next; vhost; vhost = vhost->next) { if (strlen(vhost->server_name) > 0) { newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t)); newdir->filename = sp->name; newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1); if (!sname_set) { newdir->directive = apr_pstrdup(ptemp, "ServerName"); sname_set = 1; } else { newdir->directive = apr_pstrdup(ptemp, "ServerAlias"); } newdir->args = apr_pstrdup(ptemp, vhost->server_name); current = ap_add_node(&conftree, current, newdir, 0); } } } newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t)); newdir->filename = sp->name; newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1); newdir->directive = apr_pstrdup(ptemp, "ProxyPreserveHost"); newdir->args = apr_pstrdup(ptemp, "On"); current = ap_add_node(&conftree, current, newdir, 0); } else if (sp->work_mode == WORK_OFFLINE) { /* 处理离线模式配置 */ if (!sp->is_default) { for (sname_set = 0, vhost = sp->virt_host->next; vhost; vhost = vhost->next) { if (strlen(vhost->server_name) > 0) { newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t)); newdir->filename = sp->name; newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1); if (!sname_set) { newdir->directive = apr_pstrdup(ptemp, "ServerName"); sname_set = 1; } else { newdir->directive = apr_pstrdup(ptemp, "ServerAlias"); } newdir->args = apr_pstrdup(ptemp, vhost->server_name); current = ap_add_node(&conftree, current, newdir, 0); } } } } else { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_main_server, "work mode error"); return DECLINED; } /* 配置防护引擎 */ if (BitGet(sp->opt_flags, ENGINE_FLAG)) { switch (sp->engine) { case BLOCK_OFF: sprintf(strbuf, "Off"); break; case BLOCK_DET: sprintf(strbuf, "DetectionOnly"); break; case BLOCK_ON: sprintf(strbuf, "On"); break; default: sprintf(strbuf, "On"); break; } newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t)); newdir->filename = sp->name; newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1); newdir->directive = apr_pstrdup(ptemp, "SecRuleEngine"); newdir->args = apr_pstrdup(ptemp, strbuf); current = ap_add_node(&conftree, current, newdir, 0); } /* 配置审核日志 */ if (BitGet(sp->audit_set, ACCESS_LOG)) { if (BitGet(sp->audit_log, ACCESS_LOG)) { newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t)); newdir->filename = sp->name; newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1); newdir->directive = apr_pstrdup(ptemp, "SecAccessLog"); newdir->args = apr_pstrdup(ptemp, "On"); current = ap_add_node(&conftree, current, newdir, 0); } else { newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t)); newdir->filename = sp->name; newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1); newdir->directive = apr_pstrdup(ptemp, "SecAccessLog"); newdir->args = apr_pstrdup(ptemp, "Off"); current = ap_add_node(&conftree, current, newdir, 0); } } if (BitGet(sp->audit_set, ATTACK_LOG)) { if (BitGet(sp->audit_log, ATTACK_LOG)) { newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t)); newdir->filename = sp->name; newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1); newdir->directive = apr_pstrdup(ptemp, "SecAttackLog"); newdir->args = apr_pstrdup(ptemp, "On"); current = ap_add_node(&conftree, current, newdir, 0); if (sp->atlog_lev) { sprintf(strbuf, "%d", sp->atlog_lev); newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t)); newdir->filename = sp->name; /* 使用服务器策略名字作为指令文件名 */ newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1); newdir->directive = apr_pstrdup(ptemp, "SecAttackLogLevel"); newdir->args = apr_pstrdup(ptemp, strbuf); current = ap_add_node(&conftree, current, newdir, 0); } } else { newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t)); newdir->filename = sp->name; /* 使用服务器策略名字作为指令文件名 */ newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1); newdir->directive = apr_pstrdup(ptemp, "SecAttackLog"); newdir->args = apr_pstrdup(ptemp, "Off"); current = ap_add_node(&conftree, current, newdir, 0); } } /* 离线模式不配置缓存模块 */ if (sp->cache_root && sp->work_mode != WORK_OFFLINE) { newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t)); newdir->filename = sp->name; /* 使用服务器策略名字作为指令文件名 */ newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1); newdir->directive = apr_pstrdup(ptemp, "CacheEnable"); newdir->args = apr_pstrdup(ptemp, "disk /"); current = ap_add_node(&conftree, current, newdir, 0); newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t)); newdir->filename = sp->name; newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1); newdir->directive = apr_pstrdup(ptemp, "CacheRoot"); newdir->args = apr_pstrdup(ptemp, sp->cache_root); current = ap_add_node(&conftree, current, newdir, 0); } else if (sp->cache_root && sp->work_mode == WORK_OFFLINE) { newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t)); newdir->filename = sp->name; newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1); newdir->directive = apr_pstrdup(ptemp, "CacheDisable"); newdir->args = apr_pstrdup(ptemp, "/"); current = ap_add_node(&conftree, current, newdir, 0); } /* 配置安全策略和规则集 */ rv = process_security_rule(sp, current, conftree, ptemp); if (rv != OK) { return DECLINED; } #if SHOW_SECURITY_RULE /* 指令下发调试 */ conftree_traverse(conftree); #endif if (conftree) { rv = ap_process_config_tree(server_conf, conftree, sp->pvhost, ptemp); } return rv; }