Commit 04c958e0 authored by 's avatar
Browse files

Final version of TRACK_FTP



git-svn-id: file:///home/svn/mapi/trunk@260 8d5bb341-7cf1-0310-8cf6-ba355fef3186
parent 671ad38d
...@@ -53,38 +53,45 @@ int extract_ports(char *payload,int len,struct extract_res *res) { ...@@ -53,38 +53,45 @@ int extract_ports(char *payload,int len,struct extract_res *res) {
unsigned int *addr; unsigned int *addr;
if(strncmp(payload,"PORT",4)==0 || strncmp(payload,"PASV",4)==0) { if(strncmp(payload,"PORT",4) == 0
ptr=payload+5; || strncmp(payload,"PASV",4) ==0 )
for(i=0;i<4;i++) { {
// Get the client/server IP address.
ptr = payload+5;
for(i=0;i<4;i++)
{
tmp=ptr; tmp=ptr;
while(*tmp!=',') while(*tmp != ',')
tmp++; tmp++;
*tmp='\0'; *tmp='\0';
address[i]=atoi(ptr); address[i] = atoi(ptr);
ptr=tmp+1; ptr = tmp+1;
} }
// Get the port.
tmp=ptr; tmp=ptr;
while(*tmp!=',') while(*tmp!=',')
tmp++; tmp++;
*tmp='\0'; *tmp='\0';
port[0]=atoi(ptr); port[0] = atoi(ptr);
ptr=tmp+1; ptr = tmp+1;
while(*tmp!='\r') while(*tmp!='\r')
tmp++; tmp++;
*tmp='\0'; *tmp='\0';
port[1]=atoi(ptr); port[1] = atoi(ptr);
res->port=ntohs((port[0]<<8)+port[1]); // Keep the IP & port in network byte order,
addr=(unsigned int *)(&address[0]); // so that comparison with elements
res->address=*addr; // in the list is faster.
res->port = ntohs((port[0]<<8)+port[1]);
addr = (unsigned int *)(&address[0]);
res->address = *addr;
printf("port: %d\n",res->port); if(strncmp(payload,"PORT",4) == 0)
if(strncmp(payload,"PORT",4)==0) res->method = METHOD_PORT;
res->method=METHOD_PORT;
else else
res->method=METHOD_PASV; res->method = METHOD_PASV;
return 1; return 1;
} }
...@@ -111,7 +118,7 @@ static int trackftp_process(mapidflib_function_instance_t *instance, ...@@ -111,7 +118,7 @@ static int trackftp_process(mapidflib_function_instance_t *instance,
ether_header *eth = NULL; ether_header *eth = NULL;
ip_header *ip = NULL; ip_header *ip = NULL;
tcp_header *tcp = NULL; tcp_header *tcp = NULL;
udp_header *udp = NULL; //udp_header *udp = NULL;
int ether_len = 0, ip_len = 0, tcp_len = 0; int ether_len = 0, ip_len = 0, tcp_len = 0;
unsigned int src_ip, dst_ip; unsigned int src_ip, dst_ip;
...@@ -150,22 +157,22 @@ static int trackftp_process(mapidflib_function_instance_t *instance, ...@@ -150,22 +157,22 @@ static int trackftp_process(mapidflib_function_instance_t *instance,
data->total_pkt_count++; data->total_pkt_count++;
data->total_byte_count += pkt_head->wlen; data->total_byte_count += pkt_head->wlen;
payload = link_pkt + ether_len + ip_len + tcp_len; payload = link_pkt + ether_len + ip_len + tcp_len;
len = pkt_head->wlen - (payload-link_pkt); len = pkt_head->wlen - (payload - link_pkt);
if(len > 4 && extract_ports(payload,len,&res)){ if(len > 4 && extract_ports(payload,len,&res)){
if(res.method==METHOD_PORT) { if(res.method==METHOD_PORT) {
add_to_list(data->filters,res.address,res.port,dst_ip,ntohs(20)); add_to_list((void *)data->filters, res.address, res.port, dst_ip, ntohs(20));
} }
else { //PASV else { //PASV
add_to_list(data->filters,res.address,res.port,dst_ip,tcp->dport); add_to_list((void *)data->filters, res.address, res.port, dst_ip, tcp->dport);
} }
} }
return 1; return 1;
} }
node=flist_head(data->filters); node = flist_head((flist_t *)data->filters);
while(node) { while(node) {
filter=flist_data(node); filter = flist_data(node);
if( if(
(src_ip==filter->address1 && dst_ip==filter->address2 && tcp->sport==filter->port1 && tcp->dport==filter->port2) (src_ip==filter->address1 && dst_ip==filter->address2 && tcp->sport==filter->port1 && tcp->dport==filter->port2)
||(src_ip==filter->address2 && dst_ip==filter->address1 && tcp->sport==filter->port2 && tcp->dport==filter->port1)) ||(src_ip==filter->address2 && dst_ip==filter->address1 && tcp->sport==filter->port2 && tcp->dport==filter->port1))
...@@ -181,7 +188,7 @@ static int trackftp_process(mapidflib_function_instance_t *instance, ...@@ -181,7 +188,7 @@ static int trackftp_process(mapidflib_function_instance_t *instance,
return 1; return 1;
} }
node=flist_next(node); node = flist_next(node);
} }
break; break;
...@@ -190,36 +197,15 @@ static int trackftp_process(mapidflib_function_instance_t *instance, ...@@ -190,36 +197,15 @@ static int trackftp_process(mapidflib_function_instance_t *instance,
return 0; return 0;
} }
static int trackftp_reset(mapidflib_function_instance_t *instance)
{
((track_ftp_results *)instance->result.data)->total_pkt_count = 0;
((track_ftp_results *)instance->result.data)->total_byte_count = 0;
return 0;
}
static int trackftp_cleanup(mapidflib_function_instance_t *instance) static int trackftp_cleanup(mapidflib_function_instance_t *instance)
{ {
if(instance->internal_data != NULL)
if(((track_ftp_results *)instance->internal_data)->filters != NULL)
flist_destroy((flist_t *)((track_ftp_results *)instance->internal_data)->filters, 1);
free(instance->internal_data);
return 0; return 0;
} }
/*
static int <funct_name>_client_init(mapidflib_function_instance_t *instance,
void* data)
{
return 0;
}
static int <funct_name>_client_read_result(mapidflib_function_instance_t* instance,
mapid_result_t *res)
{
return 0;
}
static int <funct_name>_client_cleanup(mapidflib_function_instance_t* instance)
{
return 0;
}
*/
static mapidflib_function_def_t finfo={ static mapidflib_function_def_t finfo={
"", //libname "", //libname
"TRACK_FTP", //name "TRACK_FTP", //name
...@@ -227,14 +213,14 @@ static mapidflib_function_def_t finfo={ ...@@ -227,14 +213,14 @@ static mapidflib_function_def_t finfo={
"", //argdescr "", //argdescr
MAPI_DEVICE_ALL, //devtype MAPI_DEVICE_ALL, //devtype
MAPIRES_SHM, //Method for returning results MAPIRES_SHM, //Method for returning results
sizeof(track_ftp_results), //shm size 0, //shm size
0, //modifies_pkts 0, //modifies_pkts
NULL, //instance NULL, //instance
trackftp_init, //init trackftp_init, //init
trackftp_process, //process trackftp_process, //process
NULL, //get_result, NULL, //get_result,
NULL, //change_args NULL, //change_args
trackftp_reset, //reset NULL, //reset
trackftp_cleanup, //cleanup trackftp_cleanup, //cleanup
NULL, //client_init NULL, //client_init
NULL, //client_read_result NULL, //client_read_result
......
No preview for this file type
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment