Commit a5839977 authored by 's avatar
Browse files

Debuging Tracker functions


git-svn-id: file:///home/svn/mapi/trunk@433 8d5bb341-7cf1-0310-8cf6-ba355fef3186
parent 55505502
......@@ -10,10 +10,13 @@ all: $(TARGETS)
tracklib.o: tracklib.c ../mapidflib.h ../mapi.h
$(CC) $(CFLAGS) -c $<
tracklib.so: tracklib.o trackftp.o gnutella.o torrent.o dc.o edonkey.o ../flist.o ../mstring.o
tracklib.so: tracklib.o trackftp.o gnutella.o torrent.o dc.o edonkey.o ../flist.o ../mstring.o log.o
$(CC) $(CFLAGS) -shared -o $@ $^ -lfl -lrt -L.. -L. $(LIB_DIR)
cp tracklib.so ..
log.o: log.c
$(CC) $(CFLAGS) -c $<
trackftp.o: trackftp.c
$(CC) $(CFLAGS) -c $<
......
......@@ -34,6 +34,8 @@
#include <sys/time.h>
#include <time.h>
#include "log.h"
struct filters {
int protocol;
unsigned int saddr;
......@@ -50,24 +52,56 @@ struct list{
};
#define HASHTABLESIZE 101
char *dc_strings[42]={"$MyNick","$Lock","$Direction","$Key","$ConnectToMe","$Get","$Send|","$HubName","$ValidateNick",
"$ValidateDenide","$GetPass","$MyPass","$LogedIn","$BadPass","$Hello","$MyINFO $ALL","$GetINFO","$GetListLen",
"$ListLen","$MaxedOut","$Error","$FileLength","$Canceled","$SR","$Ping","$Hello","$Version","$GetNickList",
"$NickList","$OpList","$MultiConnectToMe","$RevConnectToMe","$To:","$Quit","$OpForceMove $Who:","$ForceMove",
"$To:","$Kick","$Search","$Search Hub:","$Up","$UpToo"};
int isDc(mapidflib_function_instance_t *, unsigned char *, int );
#define STRING_NUM 15
char *dc_strings[STRING_NUM]={"$MyNick","$Lock EXTENDEDPROTOCOL" ,"$Sending", "$Direction Download ","$Direction Upload ","$Supports", "$GetNickList|",
"$ValidateNick", "$ConnectToMe","$HubName","$Hello","$MyINFO $ALL","$GetINFO","$Search Hub:","$OpList"};
/* Backup Strings
* "$Key",
* "$Get",
* "$Send|",
* "$ValidateDenide",
* "$GetPass",
* "$MyPass",
* "$LogedIn",
* "$BadPass",
* "$GetListLen",
* "$ListLen",
* "$MaxedOut",
* "$Error",
* "$FileLength",
* "$Canceled",
* "$SR",
* "$Ping",
* "$Version",
* "$NickList",
* "$MultiConnectToMe",
* "$RevConnectToMe",
* "$To:",
* "$Quit",
* "$OpForceMove $Who:",
* "$ForceMove",
* "$Kick",
* "$Search",
* "$Up",
* "$UpToo"
* };
*/
int dc_string_len[STRING_NUM] = {0};
//char *dc_strings[2]={"|$Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS", "|$Direction Download"};
///int isDc(mapidflib_function_instance_t *, unsigned char *, int );
struct mapid_dc {
int *shift[42];
int *skip[42];
int *shift[STRING_NUM];
int *skip[STRING_NUM];
struct list **dclist;
};
static int dc_init(mapidflib_function_instance_t *instance, MAPI_UNUSED int fd)
{
int i=0;
int i=0;
instance->internal_data = malloc(sizeof(struct mapid_dc));
((struct mapid_dc*)instance->internal_data)->dclist = (struct list**)malloc(sizeof(struct list*)*HASHTABLESIZE);
......@@ -77,7 +111,7 @@ static int dc_init(mapidflib_function_instance_t *instance, MAPI_UNUSED int fd)
((struct mapid_dc*)instance->internal_data)->dclist[i]->head = NULL;
((struct mapid_dc*)instance->internal_data)->dclist[i]->tail = NULL;
}
for(i=0;i<42;i++) {
for(i=0;i<STRING_NUM;i++) {
((struct mapid_dc*)instance->internal_data)->shift[i] = make_shift(dc_strings[i],strlen(dc_strings[i]));
((struct mapid_dc*)instance->internal_data)->skip[i] = make_skip(dc_strings[i], strlen(dc_strings[i]));
}
......@@ -85,19 +119,32 @@ static int dc_init(mapidflib_function_instance_t *instance, MAPI_UNUSED int fd)
return 0;
}
int isDc(mapidflib_function_instance_t *instance, unsigned char *pkt, int len)
int isDc(mapidflib_function_instance_t *instance, unsigned char *pkt, unsigned int len)
{
int i=0;
for(i=0;i<42;i++) {
if(mSearch((unsigned char *)(pkt), len, dc_strings[i], strlen(dc_strings[i]),
((struct mapid_dc *)instance->internal_data)->skip[i],
((struct mapid_dc *)instance->internal_data)->shift[i]))
{
return 1;
for(i=0;i<STRING_NUM;i++) {
if(len < strlen(dc_strings[i]))
continue;
if(len >= 100) {
if(mSearch((unsigned char *)(pkt), 100, dc_strings[i], strlen(dc_strings[i]),
((struct mapid_dc *)instance->internal_data)->skip[i],
((struct mapid_dc *)instance->internal_data)->shift[i]))
{
return i;
}
}
else {
if(mSearch((unsigned char *)(pkt), len, dc_strings[i], strlen(dc_strings[i]),
((struct mapid_dc *)instance->internal_data)->skip[i],
((struct mapid_dc *)instance->internal_data)->shift[i]))
{
return i;
}
}
}
return 0;
return -1;
}
......@@ -120,9 +167,11 @@ static int dc_process(mapidflib_function_instance_t *instance,
unsigned int saddr, daddr;
struct in_addr source, dest;
uint16_t sp, dp;
unsigned int hashval = 0;
int i = 0;
p = pkt;
......@@ -131,6 +180,7 @@ static int dc_process(mapidflib_function_instance_t *instance,
// skip ethernet header
p += sizeof(struct ether_header);
len -= sizeof(struct ether_header);
ethertype = ntohs(ep->ether_type);
......@@ -144,10 +194,13 @@ static int dc_process(mapidflib_function_instance_t *instance,
saddr = *((unsigned int *)&(iph->saddr));
daddr = *((unsigned int *)&(iph->daddr));
p += iph->ihl * 4;
source.s_addr = (unsigned long int)iph->saddr ;
dest.s_addr = (unsigned long int)iph->daddr;
p += iph->ihl * 4;
len -= iph->ihl * 4;
hashval = saddr % HASHTABLESIZE;
hashval = (saddr + daddr) % HASHTABLESIZE;
if(iph->protocol == 6) // TCP
{
......@@ -155,6 +208,13 @@ static int dc_process(mapidflib_function_instance_t *instance,
sp = ntohs(tcph->source);
dp = ntohs(tcph->dest);
p += tcph->doff * 4;
len -= tcph->doff * 4;
if((p - pkt) == pkt_head->caplen) {
return 0;
}
}
else if(iph->protocol == 17) // UDP
{
......@@ -162,6 +222,13 @@ static int dc_process(mapidflib_function_instance_t *instance,
sp = ntohs(udph->source);
dp = ntohs(udph->dest);
p += sizeof(struct udphdr);
len -= sizeof(struct udphdr);
if((p - pkt) == pkt_head->caplen) {
return 0;
}
}
else
{
......@@ -191,10 +258,11 @@ static int dc_process(mapidflib_function_instance_t *instance,
temp->next = NULL;
free(temp);
}
return 1;
}
else if(ts.tv_sec - temp->ts.tv_sec > 1) {
if(ts.tv_sec - temp->ts.tv_sec > 60) {
if(temp == dclist[hashval]->head){
dclist[hashval]->head = temp->next;
}
......@@ -206,38 +274,46 @@ static int dc_process(mapidflib_function_instance_t *instance,
}
}
if(isDc(instance,pkt,len) == 1)
{
if(iph->protocol == 6)
{
p += tcph->doff * 4;
if(p == NULL)
return 0;
if(*p != '$')
return 0;
if(pkt[pkt_head->wlen - 1] != '|')
return 0;
if(iph->protocol == 6) {
if(p == NULL)
return 0;
if(*p != '$')
return 0;
/* if(p[len - 1] != '|')
return 0;
*/ }
else if(iph->protocol == 17) {
if(p == NULL)
return 0;
if(*p != '$')
return 0;
/* if(p[len - 1] != '|')
return 0;
*/ }
else {
return 0;
}
/* for(i = 0; i < len && i < len; i++) {
if(isprint(p[i])){
printf("%c", p[i]);
}
else if(iph->protocol == 17)
{
p += 16;
if(p == NULL)
return 0;
if(*p != '$')
return 0;
if(pkt[pkt_head->wlen - 1] != '|')
return 0;
else if(p[i] == '\n') {
printf(".");
}
else
{
return 0;
else {
printf(".");
}
}
printf("\n\n");
*/
if((i = isDc(instance,pkt,len)) >= 0)
{
unsigned char *p_b = p;
new = (struct filters*)malloc(sizeof(struct filters));
......@@ -247,7 +323,9 @@ static int dc_process(mapidflib_function_instance_t *instance,
new->sp = sp;
new->dp = dp;
hashval = new->saddr % HASHTABLESIZE;
write_to_log("DC++", dc_strings[i], iph->protocol, source, sp, dest, dp, p_b, len);
// printf("DC++ %s %d \n\n",dc_strings[i], iph->protocol);
for(temp = dclist[hashval]->head; temp != NULL; temp = temp->next)
{
......@@ -262,6 +340,8 @@ static int dc_process(mapidflib_function_instance_t *instance,
}
}
gettimeofday(&(new->ts), NULL);
new->next = dclist[hashval]->head;
dclist[hashval]->head = new;
......
......@@ -28,6 +28,7 @@
#include <time.h>
#include "edonkey.h"
#include "log.h"
struct filters {
int protocol;
......@@ -50,6 +51,8 @@ int isEdonkey(int, char);
unsigned int getSize(char *);
struct mapid_edonkey {
int *shift[1];
int *skip[1];
struct list **edonkeylist;
};
......@@ -60,6 +63,8 @@ struct edonkey_header
char type;
};
char edonkey_string[] = "\x03\x02\x00\x70\x72\x01\x00\x00\x00";
static int edonkey_init(mapidflib_function_instance_t *instance, MAPI_UNUSED int fd)
{
int i = 0;
......@@ -73,10 +78,39 @@ static int edonkey_init(mapidflib_function_instance_t *instance, MAPI_UNUSED int
((struct mapid_edonkey*)instance->internal_data)->edonkeylist[i]->tail = NULL;
}
((struct mapid_edonkey*)instance->internal_data)->shift[0] = make_shift(edonkey_string, 9);
((struct mapid_edonkey*)instance->internal_data)->skip[0] = make_skip(edonkey_string, 9);
return 0;
}
int isEdonkeyString(mapidflib_function_instance_t *instance, unsigned char *pkt, unsigned int len) {
if(len < 9)
return -1;
if(len >= 100) {
if(mSearch((unsigned char *)(pkt), 100, edonkey_string, 9,
((struct mapid_edonkey *)instance->internal_data)->skip[0],
((struct mapid_edonkey *)instance->internal_data)->shift[0]))
{
return 0;
}
}
else {
if(mSearch((unsigned char *)(pkt), len, edonkey_string, 9,
((struct mapid_edonkey *)instance->internal_data)->skip[0],
((struct mapid_edonkey *)instance->internal_data)->shift[0]))
{
return 0;
}
}
return -1;
}
int isEdonkey(int proto, char c)
{
if(proto == 6)
......@@ -244,14 +278,17 @@ static int edonkey_process(mapidflib_function_instance_t *instance,
struct udphdr *udph = NULL;
int ether_len =0 , ip_len = 0, tcp_len = 0, udp_len = 0;
struct timeval ts;
unsigned int len = pkt_head->caplen;
struct edonkey_header *edonkey_h;
unsigned int saddr, daddr;
struct in_addr source, dest;
uint16_t sp, dp;
unsigned int hashval = 0;
int i = 0;
p = pkt;
......@@ -261,6 +298,7 @@ static int edonkey_process(mapidflib_function_instance_t *instance,
// skip ethernet header
p += sizeof(struct ether_header);
len -= sizeof(struct ether_header);
ethertype = ntohs(ep->ether_type);
......@@ -275,10 +313,14 @@ static int edonkey_process(mapidflib_function_instance_t *instance,
saddr = *((unsigned int *)&(iph->saddr));
daddr = *((unsigned int *)&(iph->daddr));
source.s_addr = (unsigned long int)iph->saddr ;
dest.s_addr = (unsigned long int)iph->daddr;
p += iph->ihl * 4;
len -= iph->ihl *4;
hashval = saddr % HASHTABLESIZE;
hashval = (saddr + daddr) % HASHTABLESIZE;
if(iph->protocol == 6) // TCP
{
......@@ -287,6 +329,14 @@ static int edonkey_process(mapidflib_function_instance_t *instance,
sp = ntohs(tcph->source);
dp = ntohs(tcph->dest);
p += tcph->doff * 4;
len -= tcph->doff * 4;
if((p - pkt) == pkt_head->caplen) {
return 0;
}
}
else if(iph->protocol == 17) // UDP
{
......@@ -295,6 +345,13 @@ static int edonkey_process(mapidflib_function_instance_t *instance,
sp = ntohs(udph->source);
dp = ntohs(udph->dest);
p += sizeof(struct udphdr);
len -= sizeof(struct udphdr);
if((p - pkt) == pkt_head->caplen) {
return 0;
}
}
else
{
......@@ -327,7 +384,7 @@ static int edonkey_process(mapidflib_function_instance_t *instance,
return 1;
}
else if(ts.tv_sec - temp->last_timestamp.tv_sec > 1) {
else if(ts.tv_sec - temp->last_timestamp.tv_sec > 60) {
if(temp == edonkeylist[hashval]->head) {
edonkeylist[hashval]->head = temp->next;
}
......@@ -339,10 +396,37 @@ static int edonkey_process(mapidflib_function_instance_t *instance,
}
}
if(isEdonkeyString(instance, p, len) >= 0) {
new = (struct filters*)malloc(sizeof(struct filters));
new->protocol = iph->protocol;
new->saddr = saddr;
new->daddr = daddr;
new->sp = sp;
new->dp = dp;
gettimeofday(&(new->last_timestamp), NULL);
write_to_log("eDonkey", "03020070720100000", iph->protocol, source, sp, dest, dp, p, len);
for(temp = edonkeylist[hashval]->head; temp != NULL; temp = temp->next) {
if(new->protocol == temp->protocol && (
(new->saddr == temp->saddr && new->daddr == temp->daddr && new->sp == temp->sp && new->dp == temp->dp)
||
(new->daddr == temp->saddr && new->saddr == temp->daddr && new->dp == temp->sp && new->sp == temp->dp)
)
)
{
return 1;
}
}
new->next = edonkeylist[hashval]->head;
edonkeylist[hashval]->head = new;
return 1;
}
if(iph->protocol == 6)
{
p += tcph->doff * 4;
edonkey_h = (struct edonkey_header *)p;
if(edonkey_h->protocol != (char)0xE3 && edonkey_h->protocol != (char)0xC5 && edonkey_h->protocol != (char)0xd4)
......@@ -359,8 +443,6 @@ static int edonkey_process(mapidflib_function_instance_t *instance,
}
else if(iph->protocol == 17)
{
p += sizeof(struct udphdr);
edonkey_h = (struct edonkey_header *)p;
if(edonkey_h->protocol != (char)0xe3 && edonkey_h->protocol != (char)0xC5 && edonkey_h->protocol != (char)0xd4)
......@@ -369,7 +451,7 @@ static int edonkey_process(mapidflib_function_instance_t *instance,
return 0;
}
if(getSize(edonkey_h->size) != (pkt_head->caplen - ether_len - ip_len - tcp_len - 5))
if(getSize(edonkey_h->size) != (pkt_head->caplen - ether_len - ip_len - udp_len - 5))
{
if(isEdonkey(iph->protocol, edonkey_h->size[0]) == 0)
return 0;
......@@ -392,8 +474,8 @@ static int edonkey_process(mapidflib_function_instance_t *instance,
new->sp = sp;
new->dp = dp;
gettimeofday(&(new->last_timestamp), NULL);
hashval = new->saddr % HASHTABLESIZE;
write_to_log("eDonkey", "No String match", iph->protocol, source, sp, dest, dp, p, len);
for(temp = edonkeylist[hashval]->head; temp != NULL; temp = temp->next)
{
......
......@@ -34,6 +34,8 @@
#include <sys/time.h>
#include <time.h>
#include "log.h"
struct filters {
int protocol;
unsigned int saddr;
......@@ -51,11 +53,11 @@ struct list{
#define HASHTABLESIZE 101
char *gnutella_strings[7]={"GET /uri-res/","GNUTELLA CONNECT/","GNUTELLA/","GET /get/","GND","GNUTELLA","GIV"};
char *gnutella_strings[3]={"GET /uri-res/N2R?urn:sha1:","GNUTELLA CONNECT/","GNUTELLA/"};//,"GET /get/"};
struct mapid_gnutella {
int *shift[7];
int *skip[7];
int *shift[3];
int *skip[3];
struct list **gnulist;
};
......@@ -64,7 +66,7 @@ int isGnutella(mapidflib_function_instance_t *, unsigned char *, int );
static int gnutella_init(mapidflib_function_instance_t *instance, MAPI_UNUSED int fd)
{
int i=0;
//printf("in init\n");
instance->internal_data = malloc(sizeof(struct mapid_gnutella));
((struct mapid_gnutella*)instance->internal_data)->gnulist = (struct list**)malloc(sizeof(struct list *)*HASHTABLESIZE);
memset(((struct mapid_gnutella*)instance->internal_data)->gnulist, 0, (sizeof(struct list*)*HASHTABLESIZE));
......@@ -73,27 +75,38 @@ static int gnutella_init(mapidflib_function_instance_t *instance, MAPI_UNUSED in
((struct mapid_gnutella*)instance->internal_data)->gnulist[i]->head = NULL;
((struct mapid_gnutella*)instance->internal_data)->gnulist[i]->tail = NULL;
}
for(i=0;i<7;i++) {
for(i=0;i<3;i++) {
((struct mapid_gnutella*)instance->internal_data)->shift[i] = make_shift(gnutella_strings[i],strlen(gnutella_strings[i]));
((struct mapid_gnutella*)instance->internal_data)->skip[i] = make_skip(gnutella_strings[i], strlen(gnutella_strings[i]));
}
//printf("out init\n");
return 0;
}
int isGnutella(mapidflib_function_instance_t *instance, unsigned char *pkt, int len)
{
int i=0;
for(i=0;i<3;i++) {
if(len < strlen(gnutella_strings[i]))
continue;
for(i=0;i<7;i++) {
if(mSearch((char *)(pkt), len, gnutella_strings[i], strlen(gnutella_strings[i]),
if(len < 100) {
if(mSearch((char *)(pkt), len, gnutella_strings[i], strlen(gnutella_strings[i]),
((struct mapid_gnutella *)instance->internal_data)->skip[i],
((struct mapid_gnutella *)instance->internal_data)->shift[i]))
{
return 1;
((struct mapid_gnutella *)instance->internal_data)->shift[i])) {
return i;
}
}
else {
if(mSearch((char *)(pkt), 100, gnutella_strings[i], strlen(gnutella_strings[i]),
((struct mapid_gnutella *)instance->internal_data)->skip[i],
((struct mapid_gnutella *)instance->internal_data)->shift[i])){
return i;
}
}
}
return 0;
return -1;
}
......@@ -115,11 +128,13 @@ static int gnutella_process(mapidflib_function_instance_t *instance,
struct udphdr *udph = NULL;
unsigned int saddr, daddr;
struct in_addr source, dest;
uint16_t sp, dp;
unsigned int hashval = 0;
int i = 0;
p = pkt;
// lay the Ethernet header struct over the packet data
......@@ -127,6 +142,7 @@ static int gnutella_process(mapidflib_function_instance_t *instance,
// skip ethernet header
p += sizeof(struct ether_header);
len -= sizeof(struct ether_header);
ethertype = ntohs(ep->ether_type);
......@@ -139,17 +155,28 @@ static int gnutella_process(mapidflib_function_instance_t *instance,
saddr = *((unsigned int *)&(iph->saddr));
daddr = *((unsigned int *)&