Commit a8c1ce46 authored by 's avatar
Browse files

Added a tracker for web. This tracker uses packet coloring

to make sure that no other packet has collored the packet and if
not (and the packet is in port 80/443) is categorizes the packet as 
WEB


git-svn-id: file:///home/svn/mapi/trunk@809 8d5bb341-7cf1-0310-8cf6-ba355fef3186
parent 702b202a
......@@ -20,4 +20,5 @@ log.c log.h \
torrent.c \
skype.c \
trackflib.c trackflib.h \
trackftp.c trackftp.h
trackftp.c trackftp.h \
web.c
......@@ -13,7 +13,7 @@
__attribute__ ((constructor)) void init ();
__attribute__ ((destructor)) void fini ();
mapidflib_functionlist_t functions[8];
mapidflib_functionlist_t functions[9];
extern mapidflib_function_def_t * trackftp_get_funct_info();
extern mapidflib_function_def_t * gnutella_get_funct_info();
......@@ -23,6 +23,7 @@ extern mapidflib_function_def_t * edonkey_get_funct_info();
extern mapidflib_function_def_t * ipoverip_get_funct_info();
extern mapidflib_function_def_t * irc_get_funct_info();
extern mapidflib_function_def_t * trackskype_get_funct_info();
extern mapidflib_function_def_t * web_get_funct_info();
mapidflib_functionlist_t* mapidflib_get_function_list()
{
......@@ -54,9 +55,13 @@ mapidflib_functionlist_t* mapidflib_get_function_list()
functions[6].def->libname=libname;
functions[6].next=&functions[7];
functions[7].def=trackskype_get_funct_info();
functions[7].def=irc_get_funct_info();
functions[7].def->libname=libname;
functions[7].next=NULL;
functions[7].next=&functions[8];
functions[8].def=web_get_funct_info();
functions[8].def->libname=libname;
functions[8].next=NULL;
return &functions[0];
}
......
......@@ -12,6 +12,8 @@
#define DC_COLOR 4
#define FTP_COLOR 5
#define SKYPE_COLOR 6
#define WEB_COLOR 7
#define COWEB_COLOR 8
static int color;
......
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdlib.h>
#include <stdio.h>
#include <sys/shm.h>
#include <string.h>
#include <errno.h>
#include "mapidflib.h"
#include "mapidlib.h"
#include "mapidevices.h"
#include "mapid.h"
#include "fhelp.h"
#include "debug.h"
#include "mapiipc.h"
#include "mstring.h"
#include "acsmx2.h"
#include "mapi_errors.h"
#include <stdio.h>
#include <stdlib.h>
#include <netinet/in.h>
#include <net/ethernet.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <unistd.h>
#include <string.h>
#include <errno.h>
#include <pthread.h>
#include <sys/types.h>
#include <sys/mman.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/wait.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/time.h>
#include <time.h>
#include "log.h"
#include "trackflib.h"
static int web_process(mapidflib_function_instance_t *instance,
MAPI_UNUSED unsigned char* dev_pkt,
unsigned char* pkt,
mapid_pkthdr_t* pkt_head)
{
struct filters *temp = NULL, *prev = NULL, *new = NULL;
int len = pkt_head->caplen;
unsigned char *p = NULL;
struct timeval ts;
uint16_t ethertype;
struct ether_header *ep = NULL;
struct iphdr *iph = NULL;
struct tcphdr *tcph = NULL;
struct udphdr *udph = NULL;
struct vlan_802q_header *vlan_header;
unsigned int saddr, daddr;
struct in_addr source, dest;
uint16_t sp, dp;
int i = 0;
if(color != 0 && color != WEB_COLOR) {
return 0;
}
p = pkt;
// lay the Ethernet header struct over the packet data
ep = (struct ether_header *)p;
// skip ethernet header
p += sizeof(struct ether_header);
len -= sizeof(struct ether_header);
ethertype = ntohs(ep->ether_type);
if(ethertype == ETHERTYPE_8021Q) {
vlan_header = (struct vlan_802q_header*)p;
ethertype = ntohs(vlan_header->ether_type);
p += sizeof(struct vlan_802q_header);
}
if(ethertype != ETHERTYPE_IP) {
return 0;
}
// IP header struct over the packet data;
iph = (struct iphdr*)p;
saddr = *((unsigned int *)&(iph->saddr));
daddr = *((unsigned int *)&(iph->daddr));
source.s_addr = (unsigned long int)iph->saddr;
dest.s_addr = (unsigned long int)iph->daddr;
p += iph->ihl * 4;
len -= iph->ihl * 4;
if(iph->protocol == 6) // TCP
{
tcph = (struct tcphdr *)p;
sp = ntohs(tcph->source);
dp = ntohs(tcph->dest);
p += tcph->doff * 4;
if((unsigned int)(p - pkt) == pkt_head->caplen) {
return 0;
}
len -= tcph->doff * 4;
}
else
{
return 0;
}
if(sp == 80 || sp == 443 || dp == 80 || dp == 443) {
// this is web (almost for sure since it is not any of the P2P
// portocols)
#ifdef __TRACKFLIB_LOGGING__
write_to_log("WEB", "WEB", iph->protocol, source, sp, dest, dp, pkt, len);
#endif
color = WEB_COLOR;
return 1;
}
return 0;
}
static mapidflib_function_def_t finfo={
"",
"TRACK_WEB",
"Looks for Web packets\n",
"",
MAPI_DEVICE_ALL,
MAPIRES_NONE,
0, //shm size
0, //modifies_pkts
1, //filters packets
MAPIOPT_NONE,
NULL,
NULL, // init
web_process,
NULL, //get_result
NULL, //reset
NULL, // cleanup
NULL, //client_init
NULL, //client_read_result
NULL //client_cleanup
};
mapidflib_function_def_t* web_get_funct_info();
mapidflib_function_def_t* web_get_funct_info() {
return &finfo;
};
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment