cfip.cpp

linux 上http email 协议分析程序 主要能够处理大数据量的主干网的应用

/**************************************************************
  Copyright (C), 2002-2010, congxing Co., Ltd.
 
 ***************************************************************/

#include <stdio.h>
#include <stdlib.h>
#include <memory.h>
#include <unistd.h>
#include <netinet/if_ether.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>

#include <arpa/inet.h>
#include <pcap.h>
#include <time.h>

#include "Cnstream.h"
void dealpacket(u_char *packets, const struct pcap_pkthdr *header, const u_char *pp);
/*
	报文定义部分
*/
struct iphdr *ptr_iph; 			// IP报头
struct tcphdr *ptr_tcph;		// TCP报头


/*
	参数定义部分
*/
char *g_pdata;
char g_szline[1024];
char g_szfilename[512];

int g_i_iphead_len;
int g_i_tcphead_len;
int g_i_datalen;
int g_i_ip_len;
u_int32_t g_i_ip;

Cmimestream *g_stream;

char g_chDev[50]; 
char g_chErrBuf[PCAP_ERRBUF_SIZE];

/*
	argv1:设备 argv2:IP
*/
int main(int argc, char* argv[])
{
	for(int i=0;i<argc;i++)
		printf("%s\n",argv[i]);
	if (argc < 3)
	{
		printf("Usage: %s   <Device> \n", argv[0]);
		exit(-1);
	}
	else
	{
		strcpy(g_chDev, argv[1]);
		struct in_addr inaddr;
                if(!inet_aton(argv[2], &inaddr))
                {
                     	printf("invalid ip=[%s]\n",argv[2]);
                        exit( -2);
                }
                g_i_ip=inaddr.s_addr;
                
                g_stream=new Cmimestream();
                
                strcpy(g_szfilename,"/tmp/");
                strcat(g_szfilename,argv[2]);
	}
	
			
	pcap_t *pd = pcap_open_live(g_chDev, 1550, 1, 5, g_chErrBuf);
	if(pd == NULL)
	{
		printf("%s--pcap_open_live failed! %s\n", argv[0], g_chErrBuf);
		return -1; 
	}
	pcap_loop(pd,0,dealpacket,NULL);
	pcap_close(pd);	

}



void dealpacket(u_char *packets, const struct pcap_pkthdr *header, const u_char *pp)
{
	pp+=sizeof(struct ether_header);
	
	ptr_iph=(struct iphdr *)(pp ) ;
	
	if(ptr_iph->version!=4)
		return;
      		
	if(ptr_iph->daddr!=g_i_ip && ptr_iph->saddr!=g_i_ip)
		return;
	
	if(ptr_iph->protocol!=6)//TCP协议
		return;
	
	ptr_tcph=(struct tcphdr*)(pp + 4*ptr_iph->ihl);
	//if(ptr_tcph->dest!=20480 )
	//	return;
		
	
	g_i_ip_len=ntohs(ptr_iph->tot_len);
	g_i_iphead_len=4*ptr_iph->ihl;
	g_i_tcphead_len=4*ptr_tcph->doff;
	g_i_datalen=g_i_ip_len-g_i_iphead_len-g_i_tcphead_len;
	g_pdata=(char *)pp+g_i_iphead_len+g_i_tcphead_len;
	
	if(g_i_datalen<=0)
		return;
		
	printf("recv len=[%d]\n",g_i_datalen);
	
	FILE *fp=fopen(g_szfilename,"a+");
	if(fp==NULL)
		return;
	
	g_stream->init(g_i_datalen,g_pdata);
	
	int len=0;
	while(1)
	{
		len=g_stream->getLine(g_szline,sizeof(g_szline));
		if(len==0)
			break;
		if(strncasecmp(g_szline,"POST",4)==0)
		{
			fwrite(g_szline,1,len,fp);
			fwrite("\n\r",1,2,fp);
		}
		else
		if(strncasecmp(g_szline,"HOST",4)==0)
		{
			fwrite(g_szline,1,len,fp);
			fwrite("\n\r",1,2,fp);
		}	
	}	
	
	len=(g_stream->getLine(g_szline,sizeof(g_szline)));
	if(len>0)
	{
		 char *p=strtok(g_szline,"&");
 		 
 		 while(p!=NULL)
 		 {
 		 	fwrite(p,1,strlen(p),fp);
 		 	fwrite("\n\r",1,2,fp);
 		 	p=strtok(NULL,"&");
 		 }
		
	}
	fclose(fp);
}