spyfun.c

Linux 上的socket嗅探器

/*
 *
 * Copyright (C) 2003 Xiangbin Lee <honeycombs@sina.com> <honeycombs@263.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software Foundation.
 */

#include <time.h>

#include "spyfun.h"
#include "serverfun.h"

void ExportTree_RecvInfo(ACHETREE *lptree,SPYLIST *lplist)
{
    char itemsg[256];
    ACHETREE *subitem, *rootitem;
    /* -------------------- SPYLIST  ------------------------ */

    sprintf(itemsg,"SPYLIST Info");
    rootitem = AcheTreeInsertItem(lptree,itemsg,-1);
    SetAcheTreeData(rootitem,ACHETREE_ITEMDATA(0,0));
    {
        /* -------------------- SPYLIST header ------------------------ */
        sprintf(itemsg,"ID = %ld",lplist->ID);
        subitem=AcheTreeInsertItem(rootitem,itemsg,-1);
        SetAcheTreeData(subitem,ACHETREE_ITEMDATA(0,0));

        sprintf(itemsg,"DateTime = %d-%02d-%02d %02d:%02d:%02d",
            lplist->recvtm.year,lplist->recvtm.month,lplist->recvtm.day,
            lplist->recvtm.hour,lplist->recvtm.minute,lplist->recvtm.second
            );
        subitem=AcheTreeInsertItem(rootitem,itemsg,-1);
        SetAcheTreeData(subitem,ACHETREE_ITEMDATA(0,0));

        sprintf(itemsg,"Length = %d",lplist->dlen);
        subitem=AcheTreeInsertItem(rootitem,itemsg,-1);
        SetAcheTreeData(subitem,ACHETREE_ITEMDATA(0,0));
    }

    /* -------------------- end of export ------------------------ */

}


/*----------------------------------------------------*/
static WINPRO_ACHE SockSpy_CircleAche ={{'S','P','Y',':'},} ;
static unsigned long SockSpy_nID=0;


static SPYLIST *MallocSockSpy(unsigned short dlen)
{
    SPYLIST *ret=0;
    SockSpy_nID++;
    ret= (SPYLIST *)(MallocWinPro(&SockSpy_CircleAche,SockSpy_nID,sizeof(SPYLIST)+dlen));
    if(ret!=NULL)
    {
        ret->ID=SockSpy_nID;
        ret->dlen=0;
    }

    return ret;
}

static int FreeSockSpy(SPYLIST *lpspy)
{
    if(lpspy!=0)
        return FreeWinPro(&SockSpy_CircleAche,lpspy->ID);
    return 0;
}

static int FreeAllSockSpy(void)
{
    return FreeAllWinPro(&SockSpy_CircleAche);
}

static unsigned long GetSockSpyCount(void)
{
    unsigned long ret=0;
    ret = GetCircleAcheCount(&(SockSpy_CircleAche.cir_ache));
    return ret;
}

static void RestSockSpyGetindex(void)
{
    CircleAcheResetRead(&(SockSpy_CircleAche.cir_ache));
}

static SPYLIST *GetSpyUser(unsigned long sID)
{
    return (SPYLIST *)FindWinPro(&SockSpy_CircleAche,sID);
}

static SPYLIST *GetNextSockSpy(void)
{
    return (SPYLIST *)NextWinPro(&SockSpy_CircleAche);
}




/*--------------   start up spy pro --------------------*/


#define MAX_IP_SIZE   65535

typedef struct _SockSpy_Param
{
    unsigned short state;
    SOCKET sockspy;
    int spy_recvlen;
#ifdef GTK_INCLUDE
    pthread_t spy_AcceptPid;
#else
    int spy_AcceptPid;        /* Socket Thread Handle */
#endif
    unsigned char spy_buf[MAX_IP_SIZE];
}SockSpy_Param ;

static SockSpy_Param spyfunparam=
{SPY_CLOSE,0,0,
#ifndef GTK_INCLUDE
 0,
#endif  
};

static int Spy_OnGetPacket_Default(SPYLIST *lplist)
{
    return 0;
}

static int (*Spy_OnGetPacket)(SPYLIST *)=Spy_OnGetPacket_Default;


#include <stdarg.h>
static void Spy_OnDebugMessage_Default(char *pszMsg, ...)
{
    char pszErr[ 1024 ];
    va_list args;
    va_start( args, pszMsg );
    vsprintf( pszErr, pszMsg, args );  pszErr[ 1023 ] = '\0';
    va_end( args );
    printf("\nDBG: %s",pszErr);
}
static void (*Spy_OnDebugMessage)( char *pszMsg, ... ) =Spy_OnDebugMessage_Default;

static int Spy_OnDelPacket_Default(SPYLIST *lplist)
{
    return 0;
}
static int (*Spy_OnDelPacket)(SPYLIST *) =Spy_OnDelPacket_Default;

 
static void SpyProStep(void)
{
    SPYLIST* lpsRecv=0;

    if(spyfunparam.state!=SPY_OPEN&&spyfunparam.state!=SPY_CONTINUE)
        return;
    
    if(GetSockSpyCount()>SPY_MAXLIST) 
    {
        RestSockSpyGetindex();
        lpsRecv=GetNextSockSpy();
        if(lpsRecv!=0)
        {
            Spy_OnDelPacket(lpsRecv);
            FreeSockSpy(lpsRecv);
        }
    }
    
    spyfunparam.spy_recvlen=IpspySocketRecv(spyfunparam.sockspy,spyfunparam.spy_buf,MAX_IP_SIZE);
    if(spyfunparam.spy_recvlen>=ETH_HLEN)
    {
        lpsRecv=MallocSockSpy(spyfunparam.spy_recvlen);
        if(lpsRecv!=0)
        {
            time_t ctimet=time(0);
            struct tm *lptm=gmtime(&ctimet);
            lpsRecv->recvtm.year=lptm->tm_year+1900;
            lpsRecv->recvtm.month=lptm->tm_mon+1;
            lpsRecv->recvtm.day=lptm->tm_mday;
            lpsRecv->recvtm.hour=lptm->tm_hour+8;
            lpsRecv->recvtm.minute=lptm->tm_min;
            lpsRecv->recvtm.second=lptm->tm_sec;

            lpsRecv->dlen=spyfunparam.spy_recvlen;
            memcpy(lpsRecv->data,spyfunparam.spy_buf,lpsRecv->dlen);
            if(Spy_OnGetPacket!=0)
            {
                Spy_OnGetPacket(lpsRecv);
            }

        }
    }// len >0

}


static int SpyStop(void)
{
    int err=0; 

    if(  spyfunparam.state!=SPY_OPEN
      &&spyfunparam.state!=SPY_CONTINUE
      &&spyfunparam.state!=SPY_PAUSE)
         return -1;

    spyfunparam.state=SPY_CLOSE ;
    if(Spy_OnDebugMessage!=NULL)
        Spy_OnDebugMessage("SpyStopping ...");

    if(spyfunparam.sockspy)
    {
        if(Spy_OnDebugMessage!=NULL)
            Spy_OnDebugMessage("    close socket[%d]");
        closesocket(spyfunparam.sockspy);
        spyfunparam.sockspy=0;
        if(Spy_OnDebugMessage!=NULL)
            Spy_OnDebugMessage("    close socket ok!");
    }

    if(Spy_OnDebugMessage!=NULL)
        Spy_OnDebugMessage("    terminate existe thread ...");
#ifdef GTK_INCLUDE
#else     
    if(spyfunparam.spy_AcceptPid>0)
    {
		    kill(spyfunparam.spy_AcceptPid,SIGTERM);
		    kill(spyfunparam.spy_AcceptPid,SIGKILL);                  
        spyfunparam.spy_AcceptPid=0;
    }
#endif
    if(Spy_OnDebugMessage!=NULL)
        Spy_OnDebugMessage("    terminate existe thread OK!");    

    if(Spy_OnDebugMessage!=NULL)
        Spy_OnDebugMessage("    Empty buffer ...");
    err= FreeAllSockSpy();
    if(Spy_OnDebugMessage!=NULL)
        Spy_OnDebugMessage("    Empty buffer OK, Spy stopped !");
    
    return err;
}

static void *SpyPro(void *arg)
{
    while(spyfunparam.state==SPY_OPEN||spyfunparam.state==SPY_CONTINUE)
    {
       SpyProStep();
    }// while(sockspy)

#ifdef GTK_INCLUDE
    pthread_exit(NULL);
#endif
    return NULL;
}



static int SpyStartup(void)
{
    if(spyfunparam.state==SPY_OPEN
    ||spyfunparam.state==SPY_CONTINUE
    ||spyfunparam.state==SPY_PAUSE )
        SpyStop();

    if(Spy_OnDebugMessage!=NULL)
        Spy_OnDebugMessage("Spy startup ...");  
    if(Spy_OnDebugMessage!=NULL)
        Spy_OnDebugMessage("    Init adapter");      
    spyfunparam.sockspy=IpspySocket("eth0",1);
    if(spyfunparam.sockspy<=0)
    {
        if(Spy_OnDebugMessage!=NULL)
            Spy_OnDebugMessage("    IpspySocket error !!");
        return -1;
    }
    spyfunparam.state=SPY_OPEN ;
    
#ifdef GTK_INCLUDE
    pthread_create( &(spyfunparam.spy_AcceptPid), NULL, SpyPro,NULL);
#else
    spyfunparam.spy_AcceptPid=fork();
    if (spyfunparam.spy_AcceptPid==0)
    {
        /* I am child process */
        setpgrp();
        if(Spy_OnDebugMessage!=NULL)
            Spy_OnDebugMessage("Enter SpyPro ...");
        SpyPro(NULL);
        exit(1);
    }
    else if(spyfunparam.spy_AcceptPid<0)
    {
        fd_set allset;
        FD_ZERO(&allset);
        FD_SET(spyfunparam.sockspy,&allset);
        if(spyfunparam.sockspy)
            closesocket(spyfunparam.sockspy);
        spyfunparam.sockspy=0;
        if(Spy_OnDebugMessage!=NULL)
            Spy_OnDebugMessage("    Error, can not create thread for service");
        spyfunparam.state=SPY_CLOSE ;
        return -1;
    }
    else
    {
        if(Spy_OnDebugMessage!=NULL)
            Spy_OnDebugMessage("create thread [%d] ok !",spyfunparam.spy_AcceptPid);
    }
#endif    
    if(Spy_OnDebugMessage!=NULL)
        Spy_OnDebugMessage("Spy startup OK!");
    return 0;
}



static int SpyPause(void)
{
    if(spyfunparam.state==SPY_OPEN ||spyfunparam.state==SPY_CONTINUE)
    {
        if(Spy_OnDebugMessage!=NULL)
            Spy_OnDebugMessage("Setting state pause !",spyfunparam.spy_AcceptPid);
        spyfunparam.state=SPY_PAUSE;
        return 0;
    }

    return -1;
  
}

static int SpyContinue(void)
{
    if(spyfunparam.state==SPY_PAUSE)
    {
        if(Spy_OnDebugMessage!=NULL)
            Spy_OnDebugMessage("Setting state continue !",spyfunparam.spy_AcceptPid);
        spyfunparam.state=SPY_CONTINUE;
        return 0;
    }

    return -1; 
}


/*  public using functions */



int SpySetState(unsigned short state)
{

    switch(state)
    {
       case SPY_CLOSE:
           return  SpyStop();
       case SPY_OPEN:
           return SpyStartup();
       case SPY_CONTINUE:
           return SpyContinue();
       case SPY_PAUSE:
           return SpyPause();
    };
    
    return -1;
}


void SpySetFunction(
    int (*OnGetPacket)(SPYLIST *),
    int (*OnDelPacket)(SPYLIST *),
    void (*OnDebugMessage)( char *pszMsg, ... )
    )
{
    Spy_OnGetPacket=OnGetPacket;
    Spy_OnDelPacket=OnDelPacket;
    Spy_OnDebugMessage=OnDebugMessage;
}