Commit 42749546 authored by 's avatar
Browse files

Added GNUTELLA TRACKER FUNCTION


git-svn-id: file:///home/svn/mapi/trunk@261 8d5bb341-7cf1-0310-8cf6-ba355fef3186
parent 04c958e0
......@@ -10,12 +10,15 @@ all: $(TARGETS)
tracklib.o: tracklib.c ../mapidflib.h ../mapi.h
$(CC) $(CFLAGS) -c $<
tracklib.so: tracklib.o trackftp.o ../flist.o
tracklib.so: tracklib.o trackftp.o gnutella.o ../flist.o ../mstring.o
$(CC) $(CFLAGS) -shared -o $@ $^ -lfl -lrt -L.. -L. $(LIB_DIR)
cp tracklib.so ..
trackftp.o: trackftp.c
$(CC) $(CFLAGS) -c $<
gnutella.o: gnutella.c
$(CC) $(CFLAGS) -c $<
clean:
rm -f *.o *.so *- $(TARGETS)
#include <stdlib.h>
#include <stdio.h>
#include <sys/shm.h>
#include <string.h>
#include <errno.h>
#include "mapidflib.h"
#include "mapidlib.h"
#include "mapidevices.h"
#include "mapid.h"
#include "fhelp.h"
#include "debug.h"
#include "mapiipc.h"
#include "mstring.h"
#include <stdio.h>
#include <stdlib.h>
#include <netinet/in.h>
#include <net/ethernet.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <unistd.h>
#include <string.h>
#include <errno.h>
#include <pthread.h>
#include <sys/types.h>
#include <sys/mman.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/wait.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/time.h>
#include <time.h>
struct filters {
int protocol;
unsigned int saddr;
unsigned int daddr;
uint16_t sp;
uint16_t dp;
struct filters *next;
};
struct list{
struct filters *head;
struct filters *tail;
};
struct mapid_gnutella {
int *shift1; /* Boyer-Moore Shift table */
int *skip1; /* Boyer-Moore Skip table */
int *shift2; /* Boyer-Moore Shift table */
int *skip2; /* Boyer-Moore Skip table */
int *shift3; /* Boyer-Moore Shift table */
int *skip3; /* Boyer-Moore Skip table */
int *shift4; /* Boyer-Moore Shift table */
int *skip4; /* Boyer-Moore Skip table */
int *shift5; /* Boyer-Moore Shift table */
int *skip5; /* Boyer-Moore Skip table */
int *shift6; /* Boyer-Moore Shift table */
int *skip6; /* Boyer-Moore Skip table */
int *shift7; /* Boyer-Moore Shift table */
int *skip7; /* Boyer-Moore Skip table */
struct list *gnulist;
};
static int gnutella_init(mapidflib_function_instance_t *instance,
MAPI_UNUSED flist_t *flits)
{
//printf("in init\n");
instance->internal_data = malloc(sizeof(struct mapid_gnutella));
((struct mapid_gnutella*)instance->internal_data)->gnulist = (struct list*)malloc(sizeof(struct list));
((struct mapid_gnutella*)instance->internal_data)->gnulist->head = NULL;
((struct mapid_gnutella*)instance->internal_data)->gnulist->head = NULL;
((struct mapid_gnutella*)instance->internal_data)->shift1 = make_shift("GET /uri-res/",strlen("GET /uri-res/"));
((struct mapid_gnutella*)instance->internal_data)->skip1 = make_skip("GET /uri-res/", strlen("GET /uri-res/"));
((struct mapid_gnutella*)instance->internal_data)->shift2 = make_shift("GNUTELLA CONNECT/",strlen("GNUTELLA CONNECT/"));
((struct mapid_gnutella*)instance->internal_data)->skip2 = make_skip("GNUTELLA CONNECT/", strlen("GNUTELLA CONNECT/"));
((struct mapid_gnutella*)instance->internal_data)->shift3 = make_shift("GNUTELLA/",strlen("GNUTELLA/"));
((struct mapid_gnutella*)instance->internal_data)->skip3 = make_skip("GNUTELLA/", strlen("GNUTELLA/"));
((struct mapid_gnutella*)instance->internal_data)->shift4 = make_shift("GET /get/",strlen("GET /get/"));
((struct mapid_gnutella*)instance->internal_data)->skip4 = make_skip("GET /get/", strlen("GET /get/"));
((struct mapid_gnutella*)instance->internal_data)->shift5 = make_shift("GND",strlen("GND"));
((struct mapid_gnutella*)instance->internal_data)->skip5 = make_skip("GND", strlen("GND"));
((struct mapid_gnutella*)instance->internal_data)->shift6 = make_shift("GNUTELLA",strlen("GNUTELLA"));
((struct mapid_gnutella*)instance->internal_data)->skip6 = make_skip("GNUTELLA", strlen("GNUTELLA"));
((struct mapid_gnutella*)instance->internal_data)->shift7 = make_shift("GIV",strlen("GIV"));
((struct mapid_gnutella*)instance->internal_data)->skip7 = make_skip("GIV", strlen("GIV"));
//printf("out init\n");
return 0;
}
int isGnutella(mapidflib_function_instance_t *instance, const unsigned char *pkt, int len)
{
if(mSearch((unsigned char *)(pkt), len, "GET /uri-res/", strlen("GET /uri-res/"),
((struct mapid_gnutella *)instance->internal_data)->skip1,
((struct mapid_gnutella *)instance->internal_data)->shift1))
{
return 1;
}
else if(mSearch((unsigned char *)(pkt), len, "GNUTELLA CONNECT/", strlen("GNUTELLA CONNECT/"),
((struct mapid_gnutella *)instance->internal_data)->skip2,
((struct mapid_gnutella *)instance->internal_data)->shift2))
{
return 1;
}
else if(mSearch((unsigned char *)(pkt), len, "GNUTELLA/", strlen("GNUTELLA/"),
((struct mapid_gnutella *)instance->internal_data)->skip3,
((struct mapid_gnutella *)instance->internal_data)->shift3))
{
return 1;
}
else if(mSearch((unsigned char *)(pkt), len, "GET /get/", strlen("GET /get/"),
((struct mapid_gnutella *)instance->internal_data)->skip4,
((struct mapid_gnutella *)instance->internal_data)->shift4))
{
return 1;
}
else if(mSearch((unsigned char *)(pkt), len, "GND", strlen("GND"),
((struct mapid_gnutella *)instance->internal_data)->skip5,
((struct mapid_gnutella *)instance->internal_data)->shift5))
{
return 1;
}
else if(mSearch((unsigned char *)(pkt), len, "GNUTELLA", strlen("GNUTELLA"),
((struct mapid_gnutella *)instance->internal_data)->skip6,
((struct mapid_gnutella *)instance->internal_data)->shift6))
{
return 1;
}
else if(mSearch((unsigned char *)(pkt), len, "GIV", strlen("GIV"),
((struct mapid_gnutella *)instance->internal_data)->skip7,
((struct mapid_gnutella *)instance->internal_data)->shift7))
{
return 1;
}
return 0;
}
static int gnutella_process(mapidflib_function_instance_t *instance,
MAPI_UNUSED const unsigned char* dev_pkt,
const unsigned char* pkt,
mapid_pkthdr_t* pkt_head)
{
struct filters *temp = NULL, *prev = NULL, *new = NULL;
int len = pkt_head->caplen;
const unsigned char *p = NULL;
struct list *gnulist = ((struct mapid_gnutella*)instance->internal_data)->gnulist;
uint16_t ethertype;
struct ether_header *ep = NULL;
struct iphdr *iph = NULL;
struct tcphdr *tcph = NULL;
struct udphdr *udph = NULL;
unsigned int saddr, daddr;
uint16_t sp, dp;
p = pkt;
// lay the Ethernet header struct over the packet data
ep = (struct ether_header *)p;
// skip ethernet header
p += sizeof(struct ether_header);
ethertype = ntohs(ep->ether_type);
if(ethertype != ETHERTYPE_IP) {
return 0;
}
// IP header struct over the packet data;
iph = (struct iphdr*)p;
saddr = *((unsigned int *)&(iph->saddr));
daddr = *((unsigned int *)&(iph->daddr));
p += iph->ihl * 4;
new = (struct filters*)malloc(sizeof(struct filters));
if(new == NULL)
printf("new = NULL\n");
if(iph->protocol == 6) // TCP
{
new->protocol = iph->protocol;
tcph = (struct tcphdr *)p;
sp = ntohs(tcph->source);
dp = ntohs(tcph->dest);
}
else if(iph->protocol == 17) // UDP
{
udph = (struct udphdr *)p;
new->protocol = iph->protocol;
sp = ntohs(udph->source);
dp = ntohs(udph->dest);
}
else
{
return 0;
}
if(isGnutella(instance,pkt,len) == 1)
{
new->protocol = iph->protocol;
new->saddr = saddr;
new->daddr = daddr;
new->sp = sp;
new->dp = dp;
for(temp = gnulist->head; temp != NULL; temp = temp->next)
{
if(new->protocol == temp->protocol && (
(new->saddr == temp->saddr && new->daddr == temp->daddr && new->sp == temp->sp && new->dp == temp->dp)
||
(new->daddr == temp->saddr && new->saddr == temp->daddr && new->dp == temp->sp && new->sp == temp->dp)
)
)
{
return 1;
}
}
new->next = gnulist->head;
gnulist->head = new;
return 1;
}
else
{
for(temp = gnulist->head, prev = gnulist->head; temp != NULL; prev = temp, temp = temp->next)
{
if(temp->protocol == iph->protocol &&
(
(temp->saddr == saddr && temp->daddr == daddr && temp->sp == sp && temp->dp == dp)
||
(temp->saddr == daddr && temp->daddr == saddr && temp->sp == dp && temp->dp == sp))
)
{
/* if(tcph->fin)
{
prev->next = temp->next;
temp->next = NULL;
free(temp);
}
*/
return 1;
}
}
}
return 0;
}
static int gnutella_cleanup(mapidflib_function_instance_t *instance)
{
struct filters *temp = NULL, *tmp = NULL;
if(instance->internal_data != NULL){
temp = ((struct mapid_gnutella*)instance->internal_data)->gnulist->head;
while(temp != NULL)
{
tmp = temp;
temp = temp->next;
free(tmp);
}
free(((struct mapid_gnutella*)instance->internal_data)->gnulist);
free(instance->internal_data);
}
return 0;
}
static mapidflib_function_def_t finfo={
"",
"TRACK_GNUTELLA",
"Searches for Gnutella packets\n",
"",
MAPI_DEVICE_ALL,
MAPIRES_NONE,
0, //shm size
0, //modifies_pkts
NULL,
gnutella_init,
gnutella_process,
NULL, //get_result
NULL, //change_args
NULL, //reset
gnutella_cleanup,
NULL, //client_init
NULL, //client_read_result
NULL //client_cleanup
};
mapidflib_function_def_t* gnutella_get_funct_info();
mapidflib_function_def_t* gnutella_get_funct_info() {
return &finfo;
};
......@@ -24,9 +24,11 @@ int main(MAPI_UNUSED int argc, char *argv[])
fd=mapi_create_offline_flow(argv[1],MFF_PCAP);
mapi_apply_function(fd, "BPF_FILTER", "tcp or udp");
fid=mapi_apply_function(fd,"PKT_COUNTER");
fid2=mapi_apply_function(fd,"BYTE_COUNTER");
mapi_apply_function(fd,"TRACK_FTP");
//mapi_apply_function(fd,"TRACK_FTP");
mapi_apply_function(fd,"TRACK_GNUTELLA");
fid3=mapi_apply_function(fd,"PKT_COUNTER");
fid4=mapi_apply_function(fd,"BYTE_COUNTER");
......
......@@ -10,16 +10,21 @@
__attribute__ ((constructor)) void init ();
__attribute__ ((destructor)) void fini ();
mapidflib_functionlist_t functions[1];
mapidflib_functionlist_t functions[2];
extern mapidflib_function_def_t * trackftp_get_funct_info();
extern mapidflib_function_def_t * gnutella_get_funct_info();
mapidflib_functionlist_t* mapidflib_get_function_list()
{
functions[0].def=trackftp_get_funct_info();
functions[0].def->libname=libname;
functions[0].next=NULL;
functions[0].next=&functions[1];
functions[1].def=gnutella_get_funct_info();
functions[1].def->libname=libname;
functions[1].next=NULL;
return &functions[0];
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment