Commit ad026bfa authored by 's avatar
Browse files

passive mode fix for ftp tracker



git-svn-id: file:///home/svn/mapi/trunk@272 8d5bb341-7cf1-0310-8cf6-ba355fef3186
parent 02246a09
......@@ -27,8 +27,8 @@ int main(MAPI_UNUSED int argc, char *argv[])
mapi_apply_function(fd, "BPF_FILTER", "tcp or udp");
fid=mapi_apply_function(fd,"PKT_COUNTER");
fid2=mapi_apply_function(fd,"BYTE_COUNTER");
//mapi_apply_function(fd,"TRACK_FTP");
mapi_apply_function(fd,"TRACK_GNUTELLA");
mapi_apply_function(fd,"TRACK_FTP");
//mapi_apply_function(fd,"TRACK_GNUTELLA");
fid3=mapi_apply_function(fd,"PKT_COUNTER");
fid4=mapi_apply_function(fd,"BYTE_COUNTER");
......
......@@ -31,7 +31,7 @@ static int trackftp_init(mapidflib_function_instance_t *instance,
return 0;
}
void add_to_list(flist_t *list, unsigned int address1, unsigned short port1,
void add_to_list(flist_t *list,char method, unsigned int address1, unsigned short port1,
unsigned int address2, unsigned short port2)
{
struct extract_filter *newnode;
......@@ -41,6 +41,7 @@ void add_to_list(flist_t *list, unsigned int address1, unsigned short port1,
newnode->address2=address2;
newnode->port1=port1;
newnode->port2=port2;
newnode->method=method;
flist_append(list,0,newnode);
}
......@@ -53,8 +54,7 @@ int extract_ports(char *payload,int len,struct extract_res *res) {
unsigned int *addr;
if(strncmp(payload,"PORT",4) == 0
|| strncmp(payload,"PASV",4) ==0 )
if(strncmp(payload,"PORT",4) == 0)
{
// Get the client/server IP address.
ptr = payload+5;
......@@ -88,14 +88,48 @@ int extract_ports(char *payload,int len,struct extract_res *res) {
addr = (unsigned int *)(&address[0]);
res->address = *addr;
if(strncmp(payload,"PORT",4) == 0)
res->method = METHOD_PORT;
else
res->method = METHOD_PASV;
res->method = METHOD_PORT;
return 1;
}
else if(strncmp(payload,"227 ",4)==0){
ptr=payload+5;
while(*ptr!='(')
ptr++;
ptr++;
for(i=0;i<4;i++)
{
tmp=ptr;
while(*tmp != ',')
tmp++;
*tmp='\0';
address[i] = atoi(ptr);
*tmp=',';
ptr = tmp+1;
}
tmp=ptr;
while(*tmp!=',')
tmp++;
*tmp='\0';
port[0] = atoi(ptr);
ptr = tmp+1;
while(*tmp!=')')
tmp++;
*tmp='\0';
port[1] = atoi(ptr);
printf("Passive mode: %d.%d.%d.%d : %d\n",address[0],address[1],address[2],address[3],(port[0]<<8)+port[1]);
res->port = ntohs((port[0]<<8)+port[1]);
addr = (unsigned int *)(&address[0]);
res->address = *addr;
res->method = METHOD_PASV;
return 1;
}
return 0;
}
......@@ -161,10 +195,10 @@ static int trackftp_process(mapidflib_function_instance_t *instance,
if(len > 4 && extract_ports(payload,len,&res)){
if(res.method==METHOD_PORT) {
add_to_list((void *)data->filters, res.address, res.port, dst_ip, ntohs(20));
add_to_list((void *)data->filters,METHOD_PORT, res.address, res.port, dst_ip, ntohs(20));
}
else { //PASV
add_to_list((void *)data->filters, res.address, res.port, dst_ip, tcp->dport);
add_to_list((void *)data->filters,METHOD_PASV, res.address, res.port, dst_ip, tcp->dport);
}
}
return 1;
......@@ -173,19 +207,26 @@ static int trackftp_process(mapidflib_function_instance_t *instance,
node = flist_head((flist_t *)data->filters);
while(node) {
filter = flist_data(node);
if(
(src_ip==filter->address1 && dst_ip==filter->address2 && tcp->sport==filter->port1 && tcp->dport==filter->port2)
||(src_ip==filter->address2 && dst_ip==filter->address1 && tcp->sport==filter->port2 && tcp->dport==filter->port1))
{
if(filter->method==METHOD_PASV) {
if((src_ip==filter->address1 && dst_ip==filter->address2 && tcp->sport==filter->port1) || (src_ip==filter->address2 && dst_ip==filter->address1 && tcp->dport==filter->port1)) {
data->total_pkt_count++;
data->total_byte_count += pkt_head->wlen;
return 1;
}
}
else {
if((src_ip==filter->address1 && dst_ip==filter->address2 && tcp->sport==filter->port1 && tcp->dport==filter->port2) ||(src_ip==filter->address2 && dst_ip==filter->address1 && tcp->sport==filter->port2 && tcp->dport==filter->port1))
{
// Match!
data->total_pkt_count++;
data->total_byte_count += pkt_head->wlen;
data->total_pkt_count++;
data->total_byte_count += pkt_head->wlen;
/*
* TODO: If the packet terminates the connection, remove the filter from the list.
*/
/*
* TODO: If the packet terminates the connection, remove the filter from the list.
*/
return 1;
return 1;
}
}
node = flist_next(node);
......
......@@ -18,6 +18,7 @@ typedef struct _track_ftp_results
} track_ftp_results;
struct extract_filter {
char method;
unsigned int address1;
unsigned short port1;
unsigned int address2;
......@@ -25,5 +26,5 @@ struct extract_filter {
};
int extract_ports(char *, int, struct extract_res *);
void add_to_list(flist_t *, unsigned int, unsigned short, unsigned int, unsigned short);
void add_to_list(flist_t *,char, unsigned int, unsigned short, unsigned int, unsigned short);
#endif
No preview for this file type
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment