Commit 04c958e0 authored by 's avatar
Browse files

Final version of TRACK_FTP



git-svn-id: file:///home/svn/mapi/trunk@260 8d5bb341-7cf1-0310-8cf6-ba355fef3186
parent 671ad38d
......@@ -53,38 +53,45 @@ int extract_ports(char *payload,int len,struct extract_res *res) {
unsigned int *addr;
if(strncmp(payload,"PORT",4)==0 || strncmp(payload,"PASV",4)==0) {
ptr=payload+5;
for(i=0;i<4;i++) {
if(strncmp(payload,"PORT",4) == 0
|| strncmp(payload,"PASV",4) ==0 )
{
// Get the client/server IP address.
ptr = payload+5;
for(i=0;i<4;i++)
{
tmp=ptr;
while(*tmp!=',')
while(*tmp != ',')
tmp++;
*tmp='\0';
address[i]=atoi(ptr);
ptr=tmp+1;
address[i] = atoi(ptr);
ptr = tmp+1;
}
// Get the port.
tmp=ptr;
while(*tmp!=',')
tmp++;
*tmp='\0';
port[0]=atoi(ptr);
ptr=tmp+1;
port[0] = atoi(ptr);
ptr = tmp+1;
while(*tmp!='\r')
tmp++;
*tmp='\0';
port[1]=atoi(ptr);
port[1] = atoi(ptr);
res->port=ntohs((port[0]<<8)+port[1]);
addr=(unsigned int *)(&address[0]);
res->address=*addr;
// Keep the IP & port in network byte order,
// so that comparison with elements
// in the list is faster.
res->port = ntohs((port[0]<<8)+port[1]);
addr = (unsigned int *)(&address[0]);
res->address = *addr;
printf("port: %d\n",res->port);
if(strncmp(payload,"PORT",4)==0)
res->method=METHOD_PORT;
if(strncmp(payload,"PORT",4) == 0)
res->method = METHOD_PORT;
else
res->method=METHOD_PASV;
res->method = METHOD_PASV;
return 1;
}
......@@ -111,7 +118,7 @@ static int trackftp_process(mapidflib_function_instance_t *instance,
ether_header *eth = NULL;
ip_header *ip = NULL;
tcp_header *tcp = NULL;
udp_header *udp = NULL;
//udp_header *udp = NULL;
int ether_len = 0, ip_len = 0, tcp_len = 0;
unsigned int src_ip, dst_ip;
......@@ -150,22 +157,22 @@ static int trackftp_process(mapidflib_function_instance_t *instance,
data->total_pkt_count++;
data->total_byte_count += pkt_head->wlen;
payload = link_pkt + ether_len + ip_len + tcp_len;
len = pkt_head->wlen - (payload-link_pkt);
len = pkt_head->wlen - (payload - link_pkt);
if(len > 4 && extract_ports(payload,len,&res)){
if(res.method==METHOD_PORT) {
add_to_list(data->filters,res.address,res.port,dst_ip,ntohs(20));
add_to_list((void *)data->filters, res.address, res.port, dst_ip, ntohs(20));
}
else { //PASV
add_to_list(data->filters,res.address,res.port,dst_ip,tcp->dport);
add_to_list((void *)data->filters, res.address, res.port, dst_ip, tcp->dport);
}
}
return 1;
}
node=flist_head(data->filters);
node = flist_head((flist_t *)data->filters);
while(node) {
filter=flist_data(node);
filter = flist_data(node);
if(
(src_ip==filter->address1 && dst_ip==filter->address2 && tcp->sport==filter->port1 && tcp->dport==filter->port2)
||(src_ip==filter->address2 && dst_ip==filter->address1 && tcp->sport==filter->port2 && tcp->dport==filter->port1))
......@@ -181,7 +188,7 @@ static int trackftp_process(mapidflib_function_instance_t *instance,
return 1;
}
node=flist_next(node);
node = flist_next(node);
}
break;
......@@ -190,36 +197,15 @@ static int trackftp_process(mapidflib_function_instance_t *instance,
return 0;
}
static int trackftp_reset(mapidflib_function_instance_t *instance)
{
((track_ftp_results *)instance->result.data)->total_pkt_count = 0;
((track_ftp_results *)instance->result.data)->total_byte_count = 0;
return 0;
}
static int trackftp_cleanup(mapidflib_function_instance_t *instance)
{
if(instance->internal_data != NULL)
if(((track_ftp_results *)instance->internal_data)->filters != NULL)
flist_destroy((flist_t *)((track_ftp_results *)instance->internal_data)->filters, 1);
free(instance->internal_data);
return 0;
}
/*
static int <funct_name>_client_init(mapidflib_function_instance_t *instance,
void* data)
{
return 0;
}
static int <funct_name>_client_read_result(mapidflib_function_instance_t* instance,
mapid_result_t *res)
{
return 0;
}
static int <funct_name>_client_cleanup(mapidflib_function_instance_t* instance)
{
return 0;
}
*/
static mapidflib_function_def_t finfo={
"", //libname
"TRACK_FTP", //name
......@@ -227,14 +213,14 @@ static mapidflib_function_def_t finfo={
"", //argdescr
MAPI_DEVICE_ALL, //devtype
MAPIRES_SHM, //Method for returning results
sizeof(track_ftp_results), //shm size
0, //shm size
0, //modifies_pkts
NULL, //instance
trackftp_init, //init
trackftp_process, //process
NULL, //get_result,
NULL, //change_args
trackftp_reset, //reset
NULL, //reset
trackftp_cleanup, //cleanup
NULL, //client_init
NULL, //client_read_result
......
No preview for this file type
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment