static void GetNewRegValue( HWND hwnd )
{
HWND owner;
DLGPROC fp;
INT_PTR reg_modified;
RegModifyData modify_data;
const char *descript;
unsigned max_descript;
mad_type_info tinfo;
mad_registers *regs;
owner = GetParent( hwnd );
regs = RegListGetMadRegisters( owner );
modify_data.reg_set = RegListGetMadRegSetData( owner );
owner = GetParent( owner );
MADRegSetDisplayGetPiece( modify_data.reg_set, regs, GetDlgCtrlID( hwnd ),
&descript, &max_descript, (const mad_reg_info **) (&( modify_data.curr_info )),
&( modify_data.th ), &( modify_data.maxv ) );
MADTypeInfo( modify_data.curr_info->type, &tinfo );
modify_data.curr_value = alloca( tinfo.b.bits / BITS_PER_BYTE );
BitGet( modify_data.curr_value, (unsigned char *)regs, modify_data.curr_info->bit_start, modify_data.curr_info->bit_size);
MADRegSetDisplayModify( modify_data.reg_set, modify_data.curr_info,
(const mad_modify_list **)( &( modify_data.m_list ) ),
&(modify_data.num_possible) );
switch( modify_data.num_possible ) {
case 2:
if( memcmp( modify_data.curr_value, modify_data.m_list[0].data, tinfo.b.bits / BITS_PER_BYTE ) == 0 ){
memcpy( modify_data.curr_value, modify_data.m_list[1].data, tinfo.b.bits / BITS_PER_BYTE );
}else {
memcpy( modify_data.curr_value, modify_data.m_list[0].data, tinfo.b.bits / BITS_PER_BYTE );
}
reg_modified = 1;
break;
case 1:
fp = (DLGPROC)MakeProcInstance( ChangeRegisterDialog, Instance );
reg_modified = JDialogBoxParam( Instance, "CHANGE_REG_EDIT", owner, fp, (LPARAM)( &modify_data ) );
FreeProcInstance( fp );
break;
default:
fp = (DLGPROC)MakeProcInstance( ChangeRegisterDialog, Instance );
reg_modified = JDialogBoxParam( Instance, "CHANGE_REG_COMBO", owner, fp, (LPARAM)( &modify_data ) );
FreeProcInstance( fp );
}
if( reg_modified == 1 ) {
MADRegUpdateStart( regs, modify_data.curr_info->flags, modify_data.curr_info->bit_start, modify_data.curr_info->bit_size );
BitPut( (unsigned char *)regs, modify_data.curr_info->bit_start, modify_data.curr_value, modify_data.curr_info->bit_size );
MADRegUpdateEnd( regs, modify_data.curr_info->flags, modify_data.curr_info->bit_start, modify_data.curr_info->bit_size );
}
}
static void getMadString( mad_reg_set_data *data, mad_registers *regs, int i,
RegStringCreateData *create )
{
mad_type_handle mtype;
mad_type_info mti;
mad_radix radix;
const mad_reg_info *rinfo;
void *value;
unsigned max_len;
const char *descript;
MADRegSetDisplayGetPiece( data, regs, i, &descript, &( create[i].maxd ), &rinfo, &mtype, &( create[i].length ) );
if ( create[i].maxd == 0 && descript != NULL ){
create[i].maxd = strlen( descript );
}
if ( descript != NULL && IsEmptyString( descript ) == FALSE ){
strcpy( create[i].buffer, descript );
create[i].maxd ++;
} else {
create[i].buffer[0] = '\0';
create[i].maxd = 0;
}
if( create[i].length == 0 && rinfo != NULL ) {
create[i].length = getMADMaxFormatWidth(mtype);
}
if( rinfo != NULL ) {
MADTypeInfo( rinfo->type, &mti );
value = alloca( BITS2BYTES( mti.b.bits ) );
BitGet( value, (unsigned char *)regs, rinfo->bit_start, rinfo->bit_size );
radix = MADTypePreferredRadix( mtype );
max_len = create[i].length + 1;
MADTypeHandleToString( radix, mtype, value, create[i].value, &max_len );
} else {
create[i].value[0] = '\0';
}
}
/**
* 离线模式配置初始化
*/
AP_DECLARE(int) ap_offline_configure(void)
{
int i;
apr_status_t rv;
ap_directive_t *newdir;
ap_directive_t *current;
ap_directive_t *conftree;
apr_pool_t *ptemp; /* Pool for temporary config stuff, reset often */
char strbuf[STR_LEN_MAX];
if (ap_off_iface == 0) {
return DONE;
}
/* 配置处理过程中的临时数据放在临时内存池里面 */
apr_pool_create(&ptemp, pconf);
apr_pool_tag(ptemp, "ptemp");
rv = OK;
/* 建立一颗临时的配置树 */
conftree = NULL;
current = conftree;
newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t));
newdir->filename = "offline mode";
newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1);
newdir->directive = apr_pstrdup(ptemp, "OfflineEngine");
newdir->args = apr_pstrdup(ptemp, "On");
current = ap_add_node(&conftree, current, newdir, 0);
conftree = current;
/* 设定监听端口 */
for (i = 0; i < OFFLINE_INTF_NUM; i++) {
if (BitGet(ap_off_iface, i + 1)) {
sprintf(strbuf, "eth%d", i);
newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t));
newdir->filename = "offline mode";
newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1);
newdir->directive = apr_pstrdup(ptemp, "OfflineEthName");
newdir->args = apr_pstrdup(ptemp, strbuf);
current = ap_add_node(&conftree, current, newdir, 0);
}
}
newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t));
newdir->filename = "offline mode";
newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1);
newdir->directive = apr_pstrdup(ptemp, "OfflineLogLevel");
newdir->args = apr_pstrdup(ptemp, "fatal");
current = ap_add_node(&conftree, current, newdir, 0);
/* 指令下发调试 */
for (current = conftree; current != NULL; current = current->next) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_main_server,
"%s: line[%d] directive[%s] args[%s]",
current->filename, current->line_num,
current->directive, current->args);
}
if (conftree) {
rv = ap_process_config_tree(ap_main_server, conftree,
pconf, ptemp);
}
apr_pool_destroy(ptemp);
return rv;
}
/*---------------------------------------------------------------
Routine : calculate_probs
Purpose : Calculate the probabilities for the tree, based upon
the minimal cut sets.
---------------------------------------------------------------*/
BOOL
calculate_probs(
char *filename, /* IN - filename to write report to */
TREE *tree, /* IN - tree */
int max_order, /* IN - max order of cut sets to use */
int prob_n_terms, /* IN - number of terms in expansion */
float unit_time ) /* IN - unit time factor to be applied */
{
BitArray *stop = BitCreate(1); /* 1-bit zero */
FILE *file;
Expr e;
Group *g;
float *probs, *cp, *imp;
float p;
int num_bas, num_mcs, i, j;
/* char *mcs_file; */
/* int order; */
clock_t time1, time2;
time_t tp;
BOOL success = TRUE;
float one_increment /* value for one increment of the progress bar */;
/* start clock */
time1 = clock();
if ( (file = fopen(filename, "w")) == NULL) {
printf("*** calculate_probs : error opening file\n");
return FALSE;
}
/* printf("calculate_probs()\n"); */
/* include transfered-in trees and build the primary event list
*
* We need to do something different to deal with Common Cause Analysis
* We don't need the tree, but we do need the primary event list.
* Need to add the common cause events into the primary event list.
*/
/* if necessary, expand tree */
expand_tree(tree);
/* set probs in BASLIST from the events database */
set_bas_prob( unit_time );
/* get number of primary events */
if ((num_bas = tree->num_bas) == 0) {
fclose( file );
return FALSE;
}
if (GenerateNumericalProbabilityCheckForInterrupt()) {
success = FALSE;
fclose( file );
return success;
}
/* create array of probabilities of primary events */
if ( !fNewMemory( (void *)&probs, ( num_bas * sizeof(float) ) ) )
{
printf("\n*** calculate_probs 1 : malloc failed ***\n");
exit(1);
}
if ( !fNewMemory( (void *)&imp, ( num_bas * sizeof(float) ) ) )
{
printf("\n*** calculate_probs : malloc failed ***\n");
exit(1);
}
/* fill array */
get_probs( probs );
/* get mcs list */
e = tree->mcs_expr;
/* num_mcs = ExprCount(e); */
/* how many mcs are actually used? */
num_mcs = ExprCountOrder(tree->mcs_expr, max_order);
/* make sure that max_term does not exceed number of mcs */
/* if number of mcs is zero then return FALSE */
if(num_mcs == 0) {
return FALSE;
} else if (prob_n_terms > num_mcs) {
prob_n_terms = num_mcs;
}
/* initialise Working dialog */
/* most of the cpu time is taken up in the ExprProb() function */
/* the working dialog is incremented in the combs() function */
one_increment = 0.0;
for(i = 1; i <= prob_n_terms; i++) {
one_increment += nCr(num_mcs, i);
}
/* set up progress bar */
one_increment /= 100.0;
set_one_increment(one_increment);
GenerateNumericalProbabilitySetProgressBarMax(100);
/* ExprPrint(e); */
/* print header */
fprintf(file,
"Probabilities Analysis\n"
"======================\n\n");
fprintf(file, "Tree : %s\n", tree->name);
time(&tp);
fprintf(file, "Time : %s\n", ctime(&tp));
fprintf(file, "Number of primary events = %d\n", num_bas);
fprintf(file, "Number of minimal cut sets = %d\n", num_mcs);
fprintf(file, "Order of minimal cut sets = %d\n", tree->max_order);
if (max_order < tree->max_order) {
fprintf(file, " (order <= %d used)\n\n", max_order);
} else {
fprintf(file, "\n");
}
fprintf(file, "Unit time span = %f\n\n", unit_time);
/* calculate cut set probabilities - use ALL the cut sets */
cp = ExprCutsetProbs(e, probs);
fprintf(file, "Minimal cut set probabilities :\n\n");
i = 0;
for(g=e; !BitEquals(g->b, stop); g=g->next) {
char **fp = BitPara( g->b, 30 );
/* printf("(%3d) %s %-20s - %E\n", */
/* i+1, */
/* BitString(g->b), */
/* fp[0], */
/* cp[i]); */
/* */
/* for (j = 1; fp[j] != NULL; j++) { */
/* printf(" %-20s\n", fp[j]); */
/* } */
if (GenerateNumericalProbabilityCheckForInterrupt()) {
success = FALSE;
CleanUpOperations(
file,
probs,
cp,
imp,
stop);
ParaDestroy(fp);
return success;
}
fprintf(file,
"%3d %-30s %E\n",
i+1,
fp[0],
cp[i]);
for (j = 1; fp[j] != NULL; j++) {
fprintf(file,
" %-20s\n", fp[j]);
}
ParaDestroy(fp);
i++;
}
/* calculate top level probability - use only up to max_order cut sets */
fprintf(file, "\n\n"
"Probability of top level event "
"(minimal cut sets up to order %d used):\n\n", max_order);
p = 0;
for (i = 1; i <= prob_n_terms && i <= num_mcs && !GenerateNumericalProbabilityCheckForInterrupt(); i++) {
float term;
char *sign, *s, *bound;
p += (term = ExprProb(e, probs, max_order, i));
sign = ((i % 2) ? "+" : "-" );
s = ((i > 1) ? "s" : " " );
bound = ((i % 2) ? "upper" : "lower" );
fprintf(file, "%2d term%s %s%E = %E (%s bound)\n",
i, s, sign, fabs(term), p, bound);
}
if (prob_n_terms >= num_mcs) {
fprintf(file, "\nExact value : %E\n", p);
}
if (GenerateNumericalProbabilityCheckForInterrupt()) {
success = FALSE;
CleanUpOperations(
file,
probs,
cp,
imp,
stop);
return success;
}
/* calculate importances of individual events */
for (j = 0; j < num_bas; j++) {
imp[j] = 0;
}
i = 0;
for(g=e; !BitEquals(g->b, stop); g=g->next) {
for (j = 0; j < g->b->n; j++) {
if ( BitGet(g->b, (g->b->n-1) - j) ) {
imp[j] += cp[i];
}
}
i++;
}
if (GenerateNumericalProbabilityCheckForInterrupt()) {
success = FALSE;
CleanUpOperations(
file,
probs,
cp,
imp,
stop);
return success;
}
fprintf(file, "\n\nPrimary Event Analysis:\n\n");
fprintf(file, " Event "
"Failure contrib. "
"Importance\n\n");
for (i = 0; i < num_bas; i++) {
char *fs = BasicString(num_bas, i);
fprintf(file, "%-15s %E %5.2f%%\n",
fs, imp[i], 100 * imp[i] / p);
strfree(fs);
}
time2 = clock();
/* printf("calculate_probs : num_terms = %d : time = %f\n", */
/* prob_n_terms, (time2-time1)/(float)CLOCKS_PER_SEC); */
CleanUpOperations(
file,
probs,
cp,
imp,
stop);
/* fclose(file); */
/* FreeMemory(probs); */
/* free(cp); */
/* FreeMemory(imp); */
return ( TRUE );
} /* calculate_probs */
/* 处理每个服务器策略下的指令 */
static int process_server_policy(server_policy_t *sp,
server_rec *server_conf, apr_pool_t *ptemp)
{
apr_status_t rv;
ap_directive_t *newdir;
ap_directive_t *current;
ap_directive_t *conftree;
virt_host_t *vhost;
int sname_set;
char strbuf[STR_LEN_MAX];
/* 每个服务器策略建立一颗临时的配置树 */
conftree = NULL;
current = NULL;
/* 限制了当启用KeepAlive时,每个连接允许的请求数量。*/
newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t));
newdir->filename = sp->name; /* 使用服务器策略名字作为指令文件名 */
newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1);
newdir->directive = apr_pstrdup(ptemp, "MaxKeepAliveRequests");
newdir->args = apr_pstrdup(ptemp, "500");
current = ap_add_node(&conftree, current, newdir, 0);
conftree = current;
if (sp->work_mode == WORK_REVERSE) {
/* 处理反向代理配置 */
if (sp->orig_host->proto == PROTO_HTTPS) {
sprintf(strbuf, "/ https://%d.%d.%d.%d:%d/",
NIPQUAD(sp->orig_host->ipaddr.s_addr), sp->orig_host->port);
} else {
sprintf(strbuf, "/ http://%d.%d.%d.%d:%d/",
NIPQUAD(sp->orig_host->ipaddr.s_addr), sp->orig_host->port);
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_main_server,
"backend host: %s", strbuf);
newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t));
newdir->filename = sp->name;
newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1);
newdir->directive = apr_pstrdup(ptemp, "ProxyPass");
newdir->args = apr_pstrdup(ptemp, strbuf);
current = ap_add_node(&conftree, current, newdir, 0);
newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t));
newdir->filename = sp->name;
newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1);
newdir->directive = apr_pstrdup(ptemp, "ProxyPassReverse");
newdir->args = apr_pstrdup(ptemp, strbuf);
current = ap_add_node(&conftree, current, newdir, 0);
} else if ((sp->work_mode == WORK_BRIDGE) || (sp->work_mode == WORK_ROUTE)) {
/* 处理透明代理配置 */
newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t));
newdir->filename = sp->name;
newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1);
newdir->directive = apr_pstrdup(ptemp, "ProxyTransparent");
newdir->args = apr_pstrdup(ptemp, "On");
current = ap_add_node(&conftree, current, newdir, 0);
if (!sp->is_default) {
for (sname_set = 0, vhost = sp->virt_host->next; vhost; vhost = vhost->next) {
if (strlen(vhost->server_name) > 0) {
newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t));
newdir->filename = sp->name;
newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1);
if (!sname_set) {
newdir->directive = apr_pstrdup(ptemp, "ServerName");
sname_set = 1;
} else {
newdir->directive = apr_pstrdup(ptemp, "ServerAlias");
}
newdir->args = apr_pstrdup(ptemp, vhost->server_name);
current = ap_add_node(&conftree, current, newdir, 0);
}
}
}
newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t));
newdir->filename = sp->name;
newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1);
newdir->directive = apr_pstrdup(ptemp, "ProxyPreserveHost");
newdir->args = apr_pstrdup(ptemp, "On");
current = ap_add_node(&conftree, current, newdir, 0);
} else if (sp->work_mode == WORK_OFFLINE) {
/* 处理离线模式配置 */
if (!sp->is_default) {
for (sname_set = 0, vhost = sp->virt_host->next; vhost; vhost = vhost->next) {
if (strlen(vhost->server_name) > 0) {
newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t));
newdir->filename = sp->name;
newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1);
if (!sname_set) {
newdir->directive = apr_pstrdup(ptemp, "ServerName");
sname_set = 1;
} else {
newdir->directive = apr_pstrdup(ptemp, "ServerAlias");
}
newdir->args = apr_pstrdup(ptemp, vhost->server_name);
current = ap_add_node(&conftree, current, newdir, 0);
}
}
}
} else {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_main_server,
"work mode error");
return DECLINED;
}
/* 配置防护引擎 */
if (BitGet(sp->opt_flags, ENGINE_FLAG)) {
switch (sp->engine) {
case BLOCK_OFF:
sprintf(strbuf, "Off");
break;
case BLOCK_DET:
sprintf(strbuf, "DetectionOnly");
break;
case BLOCK_ON:
sprintf(strbuf, "On");
break;
default:
sprintf(strbuf, "On");
break;
}
newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t));
newdir->filename = sp->name;
newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1);
newdir->directive = apr_pstrdup(ptemp, "SecRuleEngine");
newdir->args = apr_pstrdup(ptemp, strbuf);
current = ap_add_node(&conftree, current, newdir, 0);
}
/* 配置审核日志 */
if (BitGet(sp->audit_set, ACCESS_LOG)) {
if (BitGet(sp->audit_log, ACCESS_LOG)) {
newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t));
newdir->filename = sp->name;
newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1);
newdir->directive = apr_pstrdup(ptemp, "SecAccessLog");
newdir->args = apr_pstrdup(ptemp, "On");
current = ap_add_node(&conftree, current, newdir, 0);
} else {
newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t));
newdir->filename = sp->name;
newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1);
newdir->directive = apr_pstrdup(ptemp, "SecAccessLog");
newdir->args = apr_pstrdup(ptemp, "Off");
current = ap_add_node(&conftree, current, newdir, 0);
}
}
if (BitGet(sp->audit_set, ATTACK_LOG)) {
if (BitGet(sp->audit_log, ATTACK_LOG)) {
newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t));
newdir->filename = sp->name;
newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1);
newdir->directive = apr_pstrdup(ptemp, "SecAttackLog");
newdir->args = apr_pstrdup(ptemp, "On");
current = ap_add_node(&conftree, current, newdir, 0);
if (sp->atlog_lev) {
sprintf(strbuf, "%d", sp->atlog_lev);
newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t));
newdir->filename = sp->name; /* 使用服务器策略名字作为指令文件名 */
newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1);
newdir->directive = apr_pstrdup(ptemp, "SecAttackLogLevel");
newdir->args = apr_pstrdup(ptemp, strbuf);
current = ap_add_node(&conftree, current, newdir, 0);
}
} else {
newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t));
newdir->filename = sp->name; /* 使用服务器策略名字作为指令文件名 */
newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1);
newdir->directive = apr_pstrdup(ptemp, "SecAttackLog");
newdir->args = apr_pstrdup(ptemp, "Off");
current = ap_add_node(&conftree, current, newdir, 0);
}
}
/* 离线模式不配置缓存模块 */
if (sp->cache_root && sp->work_mode != WORK_OFFLINE) {
newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t));
newdir->filename = sp->name; /* 使用服务器策略名字作为指令文件名 */
newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1);
newdir->directive = apr_pstrdup(ptemp, "CacheEnable");
newdir->args = apr_pstrdup(ptemp, "disk /");
current = ap_add_node(&conftree, current, newdir, 0);
newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t));
newdir->filename = sp->name;
newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1);
newdir->directive = apr_pstrdup(ptemp, "CacheRoot");
newdir->args = apr_pstrdup(ptemp, sp->cache_root);
current = ap_add_node(&conftree, current, newdir, 0);
} else if (sp->cache_root && sp->work_mode == WORK_OFFLINE) {
newdir = (ap_directive_t *)apr_pcalloc(ptemp, sizeof(ap_directive_t));
newdir->filename = sp->name;
newdir->line_num = (current == NULL) ? 1 : (current->line_num + 1);
newdir->directive = apr_pstrdup(ptemp, "CacheDisable");
newdir->args = apr_pstrdup(ptemp, "/");
current = ap_add_node(&conftree, current, newdir, 0);
}
/* 配置安全策略和规则集 */
rv = process_security_rule(sp, current, conftree, ptemp);
if (rv != OK) {
return DECLINED;
}
#if SHOW_SECURITY_RULE
/* 指令下发调试 */
conftree_traverse(conftree);
#endif
if (conftree) {
rv = ap_process_config_tree(server_conf, conftree,
sp->pvhost, ptemp);
}
return rv;
}
