Global sites
   

Plugin development - Logged events processing 


The Logged Events plugin API relies on the pluginAPI.h file which is common to all plugin types. The following 8 functions can be used in a logged events plugin, the first four being mandatory.
(Please contact us to get a logged events plugin VC++ 6.0 sample project.)

  1. PiInit - PlugIn initialisation
  2. PiUninit - PlugIn uninitialisation
  3. PiConfigure - PlugIn configuration through any plugin specific functions.
  4. PiInfo - PlugIn information to provide to Look 'n' Stop.
  5. PiLogDisplayEntryPF - Display a Packet Filtering entry from the Log page
  6. PiHandleAlertPF - Handle a new Packet Filtering event.
  7. PiLogDisplayEntryAF - Display an Application Filtering entry from the Log page
  8. PiHandleAlertAF - Handle a Application Filtering event.


    AF: Application Filtering
    PF: Packet Filtering (i.e. Internet Filtering)
  1. PiInit - PlugIn initialisation

    The plugin initialisation function is used by the plugin to transmit to Look 'n' Stop various data like the plugin name (ShortName), the plugin type (type) an array (of size *nb_values) of integer values (tab_values) and an array (of size *nb_values_str) of strings (tab_values_str) .
    All these plugin data will be stored by Look 'n' Stop in the registry.


    The PiInit function can also be used to allocate some memory for the plugin.

    Here is an example of PiInit function.

    #define PLUGIN_TYPE TYPE_PLUGIN_RULE

    #define NB_VALUES 5
    #define NB_VALUES_STR 2

    int tab_val[NB_VALUES];

    char ValStr1[16];
    char ValStr2[16];
    char *tab_val_str[NB_VALUES_STR] = { ValStr1, ValStr2 };

    char *pShortName = "My Plugin";

    extern "C" __declspec( dllexport) int PiInit(
     char **ShortName,
     int *type,
     int *nb_values,
     int **tab_values, 
     int *nb_values_str,
     char ***tab_values_str)
    {
    unsigned int i;

    AFX_MANAGE_STATE(AfxGetStaticModuleState());

    *ShortName = pShortName;
    *type = PLUGIN_TYPE;
    *nb_values = NB_VALUES;
    *tab_values = tab_val;
    *nb_values_str = NB_VALUES_STR;
    *tab_values_str = tab_val_str;

    strcpy(ValStr1, "Test1Test1");
    strcpy(ValStr1, "Test2Test2");
    for(i=0;i<NB_VALUES;i++)
    {
    tab_val[i] = i*10;
    }
    return 1;
    }


  2. PiUninit - PlugIn uninitialisation

    The PiUninit function is called by Look 'n' Stop when the user closes Look 'n' Stop.
    It can be used to deallocate memory previously allocated in PiInit.
  3. PiConfigure - PlugIn configuration through any plugin specific functions.

    The PiConfigure function is called by Look 'n' Stop when the user clicks on the
    Options > Advanced Options > Plugin > Configure button after having selected the plugin to configure in the plugin list.

    The PiConfigure function is usually used to open a configuration window from which the end user will configure various options in the plugin.

    Here is an example of simple PiConfigure function.
    extern "C" __declspec( dllexport) int PiConfigure(unsigned int Info)
    {
    AFX_MANAGE_STATE(AfxGetStaticModuleState());
    CConfigure config;

    return config.DoModal();
    }

  4. PiInfo - PlugIn information to provide to Look 'n' Stop. 

    When the users selects a plugin from the
    Options > Advanced Options > Plugin window, Look 'n' Stop displays information about the plugin in the right part of the window. Those information are provided by the plugin through the PiInfo function.

    Here is an example of simple PiInfo function.
    char *pShortName   = "My Rule Editor";
    char *pDescription = "Customized rules.";
    char *pVersion     = "1.01";
    char *pAuthor      = "Your name";
    char *pEmail       = "me@myisp.com";

    extern "C" __declspec( dllexport) int
    PiInfo(
      char **ShortName,
      char **Description,
      char **Version,
      char **Author,
      char **Email,
      int  *Type)
    {
    AFX_MANAGE_STATE(AfxGetStaticModuleState());

    *ShortName = pShortName;
    *Description = pDescription;
    *Version = pVersion;
    *Author = pAuthor;
    *Email = pEmail;
    *Type = TYPE_PLUGIN_RULE;

    return 1;
    }

  5. PiLogDisplayEntryPF - Display a packet filtering entry from the Log page


    ///////////////////////////////////////////////////////
    // This function is called by Look 'n' Stop when
    // the user chooses to see a log entry with the plugin,
    // the log entry is a packet filter alert
    ///////////////////////////////////////////////////////
    extern "C" __declspec( dllexport) int PiLogDisplayEntryPF(

      unsigned long Type,
      unsigned long Action,
      char *RuleName,
      unsigned int Direction,
      unsigned char *Packet,
      unsigned int PacketSize)
    {
    ...

    }

    Type
       Type of Packet Filtering alert. Authorized values:

      #define PF_TYPE_STANDARD 0x0100
      Packet filtered when an Internet Filtering  rule applies

      #define PF_TYPE_TCP_SPI 0x0101 
      Packet filtered because of TCP Stateful Packet Inspection 

      #define PF_TYPE_SPARE_UNUSED 0x0102
      Unused value

      #define PF_TYPE_PROTOCOL 0x0103 
      Packet filtered because the protocol used is not allowed 

    Action
     
    Allows to know if the filtered packet was blocked or allowed. Authorized values:

     
    #define ACTION_BLOCK 0
     Packet or application was blocked

     #define ACTION_ALLOW 1
     Packet or application was allowed

    RuleName
       Pointer to the rule name that filtered the packet.

    Direction
      Allows to know the filtered packet direction. Authorized values:

     
    #define DIRECTION_UL 1  
      Outbound/Uplink

      #define DIRECTION_DL 2
      Inbound/Downlink

    Packet
      Pointer to the packet content, starting from the MAC address.

    PacketSize
      Size of the packet (number of bytes)

  6. PiHandleAlertPF - Real-time handling of a new Packet Filtering event.
    ////////////////////////////////////////////////////
    // This function is called by Look 'n' Stop
    // everytime an alert is being added to the log.
    // The alert is a packet filter one. Parameters are // the same as the PiLogDisplayEntryPF function
    ////////////////////////////////////////////////////
    extern "C" __declspec( dllexport) int PiHandleAlertPF(

      unsigned long Type,
      unsigned long Action,
      char *RuleName,
      unsigned int Direction,
      unsigned char *Packet,
      unsigned int PacketSize)
    {
    ...

    }

  7. PiLogDisplayEntryAF - Display an Application Filtering entry from the Log page
    ///////////////////////////////////////////////////////////
    // This function is called by Look 'n' Stop when the user // chooses to see a log entry with the plugin, the log 
    //  entry is an application filtering alert
    ///////////////////////////////////////////////////////////
    extern "C" __declspec( dllexport) int PiLogDisplayEntryAF(

    unsigned long Type,
    unsigned long Action
    char *ApplicationPathName,
    char *AdditionalInfo)
    {
    ...

    }


    Type
       Type of Application Filtering event. Authorized values:

    #define AF_TYPE_STANDARD 0
    An application connects to the Internet
    AdditionalInfo is not used.

    #define AF_TYPE_LAUNCH 16
    An application started another one that connects.
    AdditionalInfo = PathName of the application Starter.


    #define AF_TYPE_DLL 32
    An application connects to the Internet through a DLL.
    AdditionalInfo = PathName of the DLL.

    #define AF_TYPE_IPPORT 128
    An application has been blocked because of a blocked port or IP address.
    AdditionalInfo = Port & IP the application tried to use

    Action
     
    Allows to know if the Application Filtering event was blocked or allowed.
      Authorized values:

     
    #define ACTION_BLOCK 0
     Packet or application was blocked

     #define ACTION_ALLOW 1
     Packet or application was allowed

    ApplicationPathName
      
    Pathname of the application

    AdditionalInfo
      Additionnal string depending of the Application Filtering alert type.

  8. PiHandleAlertAF - Real-time handling of a new Application Filtering event.
    ///////////////////////////////////////////////////////////
    // This function is called by Look 'n' Stop everytime an
    // Application Filtering alert is being added
    // to the Log. The parameters are the same as the 
    // PiLogDisplayEntryAF function
    ///////////////////////////////////////////////////////////
    extern "C" __declspec( dllexport) int 
    PiHandleAlertAF
    (

    unsigned long Type,
    unsigned long Action
    char *ApplicationPathName,
    char *AdditionalInfo)
    {
    ...

    }

 


Look 'n' Stop Firewall | Buy Now | Download | Questions | Contact

Copyright © 2000-2006, All rights reserved