Commit ed005bbf authored by 's avatar
Browse files

Added TRACKER functions for BitTorrent and Direct Connect (DC)


git-svn-id: file:///home/svn/mapi/trunk@274 8d5bb341-7cf1-0310-8cf6-ba355fef3186
parent 62cf2c50
...@@ -10,7 +10,7 @@ all: $(TARGETS) ...@@ -10,7 +10,7 @@ all: $(TARGETS)
tracklib.o: tracklib.c ../mapidflib.h ../mapi.h tracklib.o: tracklib.c ../mapidflib.h ../mapi.h
$(CC) $(CFLAGS) -c $< $(CC) $(CFLAGS) -c $<
tracklib.so: tracklib.o trackftp.o gnutella.o ../flist.o ../mstring.o tracklib.so: tracklib.o trackftp.o gnutella.o torrent.o dc.o ../flist.o ../mstring.o
$(CC) $(CFLAGS) -shared -o $@ $^ -lfl -lrt -L.. -L. $(LIB_DIR) $(CC) $(CFLAGS) -shared -o $@ $^ -lfl -lrt -L.. -L. $(LIB_DIR)
cp tracklib.so .. cp tracklib.so ..
...@@ -20,5 +20,11 @@ trackftp.o: trackftp.c ...@@ -20,5 +20,11 @@ trackftp.o: trackftp.c
gnutella.o: gnutella.c gnutella.o: gnutella.c
$(CC) $(CFLAGS) -c $< $(CC) $(CFLAGS) -c $<
torrent.o: torrent.c
$(CC) $(CFLAGS) -c $<
dc.o: dc.c
$(CC) $(CFLAGS) -c $<
clean: clean:
rm -f *.o *.so *- $(TARGETS) rm -f *.o *.so *- $(TARGETS)
#include <stdlib.h>
#include <stdio.h>
#include <sys/shm.h>
#include <string.h>
#include <errno.h>
#include "mapidflib.h"
#include "mapidlib.h"
#include "mapidevices.h"
#include "mapid.h"
#include "fhelp.h"
#include "debug.h"
#include "mapiipc.h"
#include "mstring.h"
#include <stdio.h>
#include <stdlib.h>
#include <netinet/in.h>
#include <net/ethernet.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <unistd.h>
#include <string.h>
#include <errno.h>
#include <pthread.h>
#include <sys/types.h>
#include <sys/mman.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/wait.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/time.h>
#include <time.h>
struct filters {
int protocol;
unsigned int saddr;
unsigned int daddr;
uint16_t sp;
uint16_t dp;
struct filters *next;
};
struct list{
struct filters *head;
struct filters *tail;
};
char *dc_strings[42]={"$MyNick","$Lock","$Direction","$Key","$ConnectToMe","$Get","$Send|","$HubName","$ValidateNick",
"$ValidateDenide","$GetPass","$MyPass","$LogedIn","$BadPass","$Hello","$MyINFO $ALL","$GetINFO","$GetListLen",
"$ListLen","$MaxedOut","$Error","$FileLength","$Canceled","$SR","$Ping","$Hello","$Version","$GetNickList",
"$NickList","$OpList","$MultiConnectToMe","$RevConnectToMe","$To:","$Quit","$OpForceMove $Who:","$ForceMove",
"$To:","$Kick","$Search","$Search Hub:","$Up","$UpToo"};
struct mapid_dc {
int *shift[42];
int *skip[42];
struct list *dclist;
};
static int dc_init(mapidflib_function_instance_t *instance,
MAPI_UNUSED flist_t *flits)
{
int i=0;
instance->internal_data = malloc(sizeof(struct mapid_dc));
((struct mapid_dc*)instance->internal_data)->dclist = (struct list*)malloc(sizeof(struct list));
((struct mapid_dc*)instance->internal_data)->dclist->head = NULL;
((struct mapid_dc*)instance->internal_data)->dclist->head = NULL;
for(i=0;i<42;i++) {
((struct mapid_dc*)instance->internal_data)->shift[i] = make_shift(dc_strings[i],strlen(dc_strings[i]));
((struct mapid_dc*)instance->internal_data)->skip[i] = make_skip(dc_strings[i], strlen(dc_strings[i]));
}
return 0;
}
int isDc(mapidflib_function_instance_t *instance, const unsigned char *pkt, int len)
{
int i=0;
for(i=0;i<42;i++) {
if(mSearch((unsigned char *)(pkt), len, dc_strings[i], strlen(dc_strings[i]),
((struct mapid_dc *)instance->internal_data)->skip[i],
((struct mapid_dc *)instance->internal_data)->shift[i]))
{
return 1;
}
}
return 0;
}
static int dc_process(mapidflib_function_instance_t *instance,
MAPI_UNUSED const unsigned char* dev_pkt,
const unsigned char* pkt,
mapid_pkthdr_t* pkt_head)
{
struct filters *temp = NULL, *prev = NULL, *new = NULL;
int len = pkt_head->caplen;
const unsigned char *p = NULL;
struct list *dclist = ((struct mapid_dc*)instance->internal_data)->dclist;
uint16_t ethertype;
struct ether_header *ep = NULL;
struct iphdr *iph = NULL;
struct tcphdr *tcph = NULL;
struct udphdr *udph = NULL;
unsigned int saddr, daddr;
uint16_t sp, dp;
p = pkt;
// lay the Ethernet header struct over the packet data
ep = (struct ether_header *)p;
// skip ethernet header
p += sizeof(struct ether_header);
ethertype = ntohs(ep->ether_type);
if(ethertype != ETHERTYPE_IP) {
return 0;
}
// IP header struct over the packet data;
iph = (struct iphdr*)p;
saddr = *((unsigned int *)&(iph->saddr));
daddr = *((unsigned int *)&(iph->daddr));
p += iph->ihl * 4;
if(iph->protocol == 6) // TCP
{
tcph = (struct tcphdr *)p;
sp = ntohs(tcph->source);
dp = ntohs(tcph->dest);
}
else if(iph->protocol == 17) // UDP
{
udph = (struct udphdr *)p;
sp = ntohs(udph->source);
dp = ntohs(udph->dest);
}
else
{
return 0;
}
if(isDc(instance,pkt,len) == 1)
{
new = (struct filters*)malloc(sizeof(struct filters));
new->protocol = iph->protocol;
new->saddr = saddr;
new->daddr = daddr;
new->sp = sp;
new->dp = dp;
for(temp = dclist->head; temp != NULL; temp = temp->next)
{
if(new->protocol == temp->protocol && (
(new->saddr == temp->saddr && new->daddr == temp->daddr && new->sp == temp->sp && new->dp == temp->dp)
||
(new->daddr == temp->saddr && new->saddr == temp->daddr && new->dp == temp->sp && new->sp == temp->dp)
)
)
{
return 1;
}
}
new->next = dclist->head;
dclist->head = new;
return 1;
}
else
{
for(temp = dclist->head, prev = dclist->head; temp != NULL; prev = temp, temp = temp->next)
{
if(temp->protocol == iph->protocol &&
(
(temp->saddr == saddr && temp->daddr == daddr && temp->sp == sp && temp->dp == dp)
||
(temp->saddr == daddr && temp->daddr == saddr && temp->sp == dp && temp->dp == sp))
)
{
/* if(tcph->fin)
{
prev->next = temp->next;
temp->next = NULL;
free(temp);
}
*/
return 1;
}
}
}
return 0;
}
static int dc_cleanup(mapidflib_function_instance_t *instance)
{
struct filters *temp = NULL, *tmp = NULL;
if(instance->internal_data != NULL){
temp = ((struct mapid_dc*)instance->internal_data)->dclist->head;
while(temp != NULL)
{
tmp = temp;
temp = temp->next;
free(tmp);
}
free(((struct mapid_dc*)instance->internal_data)->dclist);
free(instance->internal_data);
}
return 0;
}
static mapidflib_function_def_t finfo={
"",
"TRACK_DC",
"Searches for Direct Connect (DC) packets\n",
"",
MAPI_DEVICE_ALL,
MAPIRES_NONE,
0, //shm size
0, //modifies_pkts
NULL,
dc_init,
dc_process,
NULL, //get_result
NULL, //change_args
NULL, //reset
dc_cleanup,
NULL, //client_init
NULL, //client_read_result
NULL //client_cleanup
};
mapidflib_function_def_t* dc_get_funct_info();
mapidflib_function_def_t* dc_get_funct_info() {
return &finfo;
};
...@@ -134,7 +134,6 @@ static int gnutella_process(mapidflib_function_instance_t *instance, ...@@ -134,7 +134,6 @@ static int gnutella_process(mapidflib_function_instance_t *instance,
if(iph->protocol == 6) // TCP if(iph->protocol == 6) // TCP
{ {
tcph = (struct tcphdr *)p; tcph = (struct tcphdr *)p;
sp = ntohs(tcph->source); sp = ntohs(tcph->source);
......
...@@ -27,8 +27,10 @@ int main(MAPI_UNUSED int argc, char *argv[]) ...@@ -27,8 +27,10 @@ int main(MAPI_UNUSED int argc, char *argv[])
mapi_apply_function(fd, "BPF_FILTER", "tcp or udp"); mapi_apply_function(fd, "BPF_FILTER", "tcp or udp");
fid=mapi_apply_function(fd,"PKT_COUNTER"); fid=mapi_apply_function(fd,"PKT_COUNTER");
fid2=mapi_apply_function(fd,"BYTE_COUNTER"); fid2=mapi_apply_function(fd,"BYTE_COUNTER");
//mapi_apply_function(fd,"TRACK_FTP"); // mapi_apply_function(fd,"TRACK_FTP");
mapi_apply_function(fd,"TRACK_GNUTELLA"); // mapi_apply_function(fd,"TRACK_GNUTELLA");
// mapi_apply_function(fd,"TRACK_TORRENT");
mapi_apply_function(fd,"TRACK_DC");
fid3=mapi_apply_function(fd,"PKT_COUNTER"); fid3=mapi_apply_function(fd,"PKT_COUNTER");
fid4=mapi_apply_function(fd,"BYTE_COUNTER"); fid4=mapi_apply_function(fd,"BYTE_COUNTER");
......
#include <stdlib.h>
#include <stdio.h>
#include <sys/shm.h>
#include <string.h>
#include <errno.h>
#include "mapidflib.h"
#include "mapidlib.h"
#include "mapidevices.h"
#include "mapid.h"
#include "fhelp.h"
#include "debug.h"
#include "mapiipc.h"
#include "mstring.h"
#include <stdio.h>
#include <stdlib.h>
#include <netinet/in.h>
#include <net/ethernet.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <unistd.h>
#include <string.h>
#include <errno.h>
#include <pthread.h>
#include <sys/types.h>
#include <sys/mman.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/wait.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/time.h>
#include <time.h>
struct filters {
int protocol;
unsigned int saddr;
unsigned int daddr;
uint16_t sp;
uint16_t dp;
struct filters *next;
};
struct list{
struct filters *head;
struct filters *tail;
};
char *torrent_strings[4]={"BitTorrent protocol","GET /scrape?info_hash=","GET /announce?info_hash=","announce"};
struct mapid_torrent {
int *shift[4];
int *skip[4];
struct list *torlist;
};
static int torrent_init(mapidflib_function_instance_t *instance,
MAPI_UNUSED flist_t *flits)
{
int i=0;
instance->internal_data = malloc(sizeof(struct mapid_torrent));
((struct mapid_torrent*)instance->internal_data)->torlist = (struct list*)malloc(sizeof(struct list));
((struct mapid_torrent*)instance->internal_data)->torlist->head = NULL;
((struct mapid_torrent*)instance->internal_data)->torlist->head = NULL;
for(i=0;i<4;i++) {
((struct mapid_torrent*)instance->internal_data)->shift[i] = make_shift(torrent_strings[i],strlen(torrent_strings[i]));
((struct mapid_torrent*)instance->internal_data)->skip[i] = make_skip(torrent_strings[i], strlen(torrent_strings[i]));
}
return 0;
}
int isTorrent(mapidflib_function_instance_t *instance, const unsigned char *pkt, int len)
{
int i=0;
for(i=0;i<4;i++) {
if(mSearch((unsigned char *)(pkt), len, torrent_strings[i], strlen(torrent_strings[i]),
((struct mapid_torrent *)instance->internal_data)->skip[i],
((struct mapid_torrent *)instance->internal_data)->shift[i]))
{
return 1;
}
}
return 0;
}
static int torrent_process(mapidflib_function_instance_t *instance,
MAPI_UNUSED const unsigned char* dev_pkt,
const unsigned char* pkt,
mapid_pkthdr_t* pkt_head)
{
struct filters *temp = NULL, *prev = NULL, *new = NULL;
int len = pkt_head->caplen;
const unsigned char *p = NULL;
struct list *torlist = ((struct mapid_torrent*)instance->internal_data)->torlist;
uint16_t ethertype;
struct ether_header *ep = NULL;
struct iphdr *iph = NULL;
struct tcphdr *tcph = NULL;
struct udphdr *udph = NULL;
unsigned int saddr, daddr;
uint16_t sp, dp;
p = pkt;
// lay the Ethernet header struct over the packet data
ep = (struct ether_header *)p;
// skip ethernet header
p += sizeof(struct ether_header);
ethertype = ntohs(ep->ether_type);
if(ethertype != ETHERTYPE_IP) {
return 0;
}
// IP header struct over the packet data;
iph = (struct iphdr*)p;
saddr = *((unsigned int *)&(iph->saddr));
daddr = *((unsigned int *)&(iph->daddr));
p += iph->ihl * 4;
if(iph->protocol == 6) // TCP
{
tcph = (struct tcphdr *)p;
sp = ntohs(tcph->source);
dp = ntohs(tcph->dest);
}
else if(iph->protocol == 17) // UDP
{
udph = (struct udphdr *)p;
sp = ntohs(udph->source);
dp = ntohs(udph->dest);
}
else
{
return 0;
}
if(isTorrent(instance,pkt,len) == 1)
{
new = (struct filters*)malloc(sizeof(struct filters));
new->protocol = iph->protocol;
new->saddr = saddr;
new->daddr = daddr;
new->sp = sp;
new->dp = dp;
for(temp = torlist->head; temp != NULL; temp = temp->next)
{
if(new->protocol == temp->protocol && (
(new->saddr == temp->saddr && new->daddr == temp->daddr && new->sp == temp->sp && new->dp == temp->dp)
||
(new->daddr == temp->saddr && new->saddr == temp->daddr && new->dp == temp->sp && new->sp == temp->dp)
)
)
{
return 1;
}
}
new->next = torlist->head;
torlist->head = new;
return 1;
}
else
{
for(temp = torlist->head, prev = torlist->head; temp != NULL; prev = temp, temp = temp->next)
{
if(temp->protocol == iph->protocol &&
(
(temp->saddr == saddr && temp->daddr == daddr && temp->sp == sp && temp->dp == dp)
||
(temp->saddr == daddr && temp->daddr == saddr && temp->sp == dp && temp->dp == sp))
)
{
/* if(tcph->fin)
{
prev->next = temp->next;
temp->next = NULL;
free(temp);
}
*/
return 1;
}
}
}
return 0;
}
static int torrent_cleanup(mapidflib_function_instance_t *instance)
{
struct filters *temp = NULL, *tmp = NULL;
if(instance->internal_data != NULL){
temp = ((struct mapid_torrent*)instance->internal_data)->torlist->head;
while(temp != NULL)
{
tmp = temp;
temp = temp->next;
free(tmp);
}
free(((struct mapid_torrent*)instance->internal_data)->torlist);
free(instance->internal_data);
}
return 0;
}
static mapidflib_function_def_t finfo={
"",
"TRACK_TORRENT",
"Searches for BitTorrent packets\n",
"",
MAPI_DEVICE_ALL,
MAPIRES_NONE,
0, //shm size
0, //modifies_pkts
NULL,
torrent_init,
torrent_process,
NULL, //get_result
NULL, //change_args
NULL, //reset
torrent_cleanup,
NULL, //client_init
NULL, //client_read_result
NULL //client_cleanup
};
mapidflib_function_def_t* torrent_get_funct_info();
mapidflib_function_def_t* torrent_get_funct_info() {
return &finfo;
};
...@@ -10,10 +10,12 @@ ...@@ -10,10 +10,12 @@
__attribute__ ((constructor)) void init (); __attribute__ ((constructor)) void init ();
__attribute__ ((destructor)) void fini (); __attribute__ ((destructor)) void fini ();
mapidflib_functionlist_t functions[2]; mapidflib_functionlist_t functions[4];
extern mapidflib_function_def_t * trackftp_get_funct_info(); extern mapidflib_function_def_t * trackftp_get_funct_info();
extern mapidflib_function_def_t * gnutella_get_funct_info(); extern mapidflib_function_def_t * gnutella_get_funct_info();
extern mapidflib_function_def_t * torrent_get_funct_info();
extern mapidflib_function_def_t * dc_get_funct_info();
mapidflib_functionlist_t* mapidflib_get_function_list() mapidflib_functionlist_t* mapidflib_get_function_list()
{ {
...@@ -23,8 +25,16 @@ mapidflib_functionlist_t* mapidflib_get_function_list() ...@@ -23,8 +25,16 @@ mapidflib_functionlist_t* mapidflib_get_function_list()
functions[1].def=gnutella_get_funct_info(); functions[1].def=gnutella_get_funct_info();
functions[1].def->libname=libname; functions[1].def->libname=libname;
functions[1].next=NULL; functions[1].next=&functions[2];
functions[2].def=torrent_get_funct_info();
functions[2].def->libname=libname;
functions[2].next=&functions[3];
functions[3].def=dc_get_funct_info();
functions[3].def->libname=libname;
functions[3].next=NULL;
return &functions[0]; return &functions[0];
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment