collfilter.cpp

linux 上http email 协议分析程序 主要能够处理大数据量的主干网的应用

/**************************************************************
  Copyright (C), 2002-2010, congxing Co., Ltd.
  File name:     CollMain.cpp
Author:        何杰锋 
Updated by:		wzy
Version:       V01.00.00.00
Date:          2004.03.24
Description:   采集过滤处理主程序
Others:        
History:       
 ***************************************************************/

//引用头文件
#include <stdio.h>
#include <stdlib.h>
#include <memory.h>
#include <unistd.h>
#include <netinet/if_ether.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>

#include <arpa/inet.h>
#include <pcap.h>
#include <time.h>

#include "Tools.h"
#include "BaseConst.h"
#include "ShmApply.h"
#include "Ini.h"
#include "UDPPacket.h"
#include "TCPPacket.h"
#include "UTF8Util.h"
#include "RtRadiusIP.h"
#include "Db.h"
//int ahextoi(char c)


void terminate(int _sig) ;
void initShm( char *szfilename);
void packet_parseAll(u_char *packets, const struct pcap_pkthdr *header, const u_char *pp);

CShmApply csa_udp,csa_tcp,csa_msn,csa_radius,csa_qq,csa_yahoo,csa_telnet,csa_ftp;

CRtRdsIP watchip;
/*
	报文定义部分
*/
ST_APPDATA *pwdata = NULL;		// 传送到共享内存的缓存指针
struct ether_header *ptr_eth; 	// 以太网帧报头指针
struct iphdr *ptr_iph; 			// IP报头
struct tcphdr *ptr_tcph;		// TCP报头
struct udphdr *ptr_udph;		// UDP
unsigned char *g_pdata;					// 数据部分指针

/*
	统计数据定义部分
*/

int g_icurlen;
int g_icurpos;

/*
	参数定义部分
*/
char g_chDev[50]; 
char g_chErrBuf[PCAP_ERRBUF_SIZE];

COra *g_db;

/*
	定时统计
	判断数据部分头两个字节
	
	argv1:共享内存配置文件名
	argv2:设备

	argv4:输出文件名
	argv5:统计时间单位
	
*/

int main(int argc, char* argv[])
{
	if (argc < 3)
	{
		printf("Usage: %s  <config file> <Device>  \n", argv[0]);
		exit(-1);
	}

	//g_db=new COra("netmon","netmon");
	initShm( argv[1]);
	strcpy(g_chDev, argv[2]);
		
	CTools::signal(SIGTERM,terminate); 
	CTools::signal(SIGINT,terminate); 
	CTools::signal(SIGQUIT,terminate);
	
		
	pcap_t *pd = pcap_open_live(g_chDev, NETMON_IP_MTU, 1, 5, g_chErrBuf);
	if(pd == NULL)
	{
		printf("%s--pcap_open_live failed! %s\n", argv[0], g_chErrBuf);
		return -1; 
	}
	
	pcap_loop(pd,0,packet_parseAll,NULL);
		
	pcap_close(pd);	

}

void packet_parseAll(u_char *packets, const struct pcap_pkthdr *header, const u_char *pp)
{
	pp+=sizeof(struct ether_header);
	ptr_iph=(struct iphdr *)(pp ) ;
	
	//printf("v=[%d]\n",ptr_iph->version);
	if(ptr_iph->version!=4)
		return;
	pwdata = (ST_APPDATA*)(pp - sizeof(int));
	pwdata->size = sizeof(int) + ntohs(ptr_iph->tot_len);
	
	
	
	
	if(ptr_iph->protocol==17) //UDP报文
	{
		ptr_udph=(struct udphdr *)(pp + 4*ptr_iph->ihl);
		/*if(ptr_udph->dest==16415||ptr_udph->source==16415)	//8000      
		{	
			//g_pdata=(char *)ptr_udph+8;
			csa_qq.write(pwdata);
		}
		else*/ if(ptr_udph->dest==28166||ptr_udph->source==28166)	//1646     
		{	
			//g_pdata=(char *)ptr_udph+8;
			csa_radius.write(pwdata);
		}
	/*	else //if(ptr_udph->dest==5383 || ptr_udph->source==5383)		//1813       
		{	
			g_pdata=((unsigned char *)ptr_udph)+8;
			if((unsigned char)((*g_pdata)&0xc0)==(unsigned char)0x80) 
				if((unsigned char )((*(g_pdata+1))&0x7f)==(unsigned char)0x04) 
					csa_udp.write(pwdata);
		}i*/
	}
	else if(ptr_iph->protocol==6)//TCP协议
	{
		
		ptr_tcph=(struct tcphdr*)(pp + 4*ptr_iph->ihl);
		//printf("tcp %d\n",ptr_tcph->dest);
		if(ptr_tcph->source==20480 ||ptr_tcph->dest==20480 )
		{//80
			//g_pdata=(char *)ptr_tcph+ptr_tcph->doff*4;
			//printf("http\n");
			csa_tcp.write(pwdata);
		}
		else if(ptr_tcph->source==6400 ||ptr_tcph->dest==6400 )
		{//25
			//g_pdata=(char *)ptr_tcph+ptr_tcph->doff*4;
			printf("25\n");
			csa_tcp.write(pwdata);
		}
		else if(ptr_tcph->source==28160 ||ptr_tcph->dest==28160)
		{//110
			//g_pdata=(char *)ptr_tcph+ptr_tcph->doff*4;
			printf("110\n");
			csa_tcp.write(pwdata);
		}
		else if(ptr_tcph->source==18183 ||ptr_tcph->dest==18183 )
		{//1863 msn
			//g_pdata=(char *)ptr_tcph+ptr_tcph->doff*4;
			csa_msn.write(pwdata);
		}
		else if(ptr_tcph->source==47635 ||ptr_tcph->dest==47635 )
		{//yahoot
			//g_pdata=(char *)ptr_tcph+ptr_tcph->doff*4;
			csa_yahoo.write(pwdata);
		}
		else if(ptr_tcph->source==60691 ||ptr_tcph->dest==60691 )
		{//yahoot
			//g_pdata=(char *)ptr_tcph+ptr_tcph->doff*4;
			csa_yahoo.write(pwdata);
		}
		else if(ptr_tcph->source==5376 || ptr_tcph->source==5120)
		{
			printf("ftp inq\n");
			csa_ftp.write(pwdata);
		}
		else if( ptr_tcph->dest==5376 || ptr_tcph->dest==5120 )
		{
			printf("ftp ret\n");
			csa_ftp.write(pwdata);
		}
		else if( ptr_tcph->source==5888 ||  ptr_tcph->dest==5888)
		{
			printf("telnet \n");
			csa_telnet.write(pwdata);
		}
		
	}

}

void initShm( char *szfilename)
{
	
	CConfig cfg;
	//char* chIniFile = "../etc/Config.ini";
	char chKey[15+1];
	key_t key ;
	char chShmSize[15+1];
	long lgShmSize = 0;

	
	bzero(chKey, sizeof(chKey)); 
	bzero(chShmSize, sizeof(chShmSize));  	

	

	// 读配置文件，获取共享内存的key值和大小
	if (cfg.ReadConfig(szfilename) != 0)
	{
		printf("--Read INI File:%s Failed!\n",szfilename );
		exit(-1);
	}

	//tcp (exclude msn)
	cfg.GetItemValue("COLLSHM", "key_tcp", chKey);		// 获取共享内存key值
	cfg.GetItemValue("COLLSHM", "size_tcp", chShmSize);	// 获取共享内存大小

	if (sscanf(chShmSize, "%ld", &lgShmSize) != 1)
	{
		printf("[COLLSHM]:size_tcp %s is Not numeric!\n", chShmSize);
		exit(-1);
	}

	if (sscanf(chKey, "%d", &key) != 1)
	{
		printf("[COLLSHM]:key_tcp %s is Not numeric!\n", chKey);
		exit(-1);
	}

	if (csa_tcp.init(key, lgShmSize * 1024 * 1024, 0666) < 0)
	{
		printf("Init semaphore failed!\n");
		exit(-1);
	}
	//udp(exclude radius)
	cfg.GetItemValue("COLLSHM", "key_udp", chKey);		// 获取共享内存key值
	cfg.GetItemValue("COLLSHM", "size_udp", chShmSize);	// 获取共享内存大小
	if (sscanf(chShmSize, "%ld", &lgShmSize) != 1)
	{
		printf("[COLLSHM]:size_udp %s is Not numeric!\n", chShmSize);
		exit(-1);
	}

	if (sscanf(chKey, "%d", &key) != 1)
	{
		printf("[COLLSHM]:key_udp %s is Not numeric!\n", chKey);
		exit(-1);
	}

	if (csa_udp.init(key, lgShmSize * 1024 * 1024, 0666) < 0)
	{
		printf("--Init  failed!\n");
		exit(-1);
	}

	//msn
	cfg.GetItemValue("COLLSHM", "key_msn", chKey);		// 获取共享内存key值
	cfg.GetItemValue("COLLSHM", "size_msn", chShmSize);	// 获取共享内存大小
	if (sscanf(chShmSize, "%ld", &lgShmSize) != 1)
	{
		printf("[COLLSHM]:size_msn %s is Not numeric!\n", chShmSize);
		exit(-1);
	}

	if (sscanf(chKey, "%d", &key) != 1)
	{
		printf("[COLLSHM]:key_msn %s is Not numeric!\n", chKey);
		exit(-1);
	}

	if (csa_msn.init(key, lgShmSize * 1024 * 1024, 0666) < 0)
	{
		printf("-Init  failed!\n");
		exit(-1);
	}

	//radius
	cfg.GetItemValue("COLLSHM", "key_radius", chKey);		// 获取共享内存key值
	cfg.GetItemValue("COLLSHM", "size_radius", chShmSize);	// 获取共享内存大小
	if (sscanf(chShmSize, "%ld", &lgShmSize) != 1)
	{
		printf("[COLLSHM]:size_radius %s is Not numeric!\n", chShmSize);
		exit(-1);
	}

	if (sscanf(chKey, "%d", &key) != 1)
	{
		printf("[COLLSHM]:key_radius %s is Not numeric!\n", chKey);
		exit(-1);
	}

	if (csa_radius.init(key, lgShmSize * 1024 * 1024, 0666) < 0)
	{
		printf("-Init  failed!\n");
		exit(-1);
	}
	
	//IPWATCH
	cfg.GetItemValue("IPWATCH", "key", chKey);		// 获取共享内存key值
	cfg.GetItemValue("IPWATCH", "size", chShmSize);	// 获取共享内存大小
	if (sscanf(chShmSize, "%ld", &lgShmSize) != 1)
	{
		printf("[IPWATCH]:size %s is Not numeric!\n", chShmSize);
		exit(-1);
	}
	
	if (sscanf(chKey, "%d", &key) != 1)
	{
		printf("[IPWATCH]:key %s is Not numeric!\n", chKey);
		exit(-1);
	}
	watchip.init(key,lgShmSize * 1024 * 1024);
	

	//qq
	cfg.GetItemValue("COLLSHM", "key_qq", chKey);		// 获取共享内存key值
	cfg.GetItemValue("COLLSHM", "size_qq", chShmSize);	// 获取共享内存大小
	if (sscanf(chShmSize, "%ld", &lgShmSize) != 1)
	{
		printf("[COLLSHM]:size_radius %s is Not numeric!\n", chShmSize);
		exit(-1);
	}

	if (sscanf(chKey, "%d", &key) != 1)
	{
		printf("[COLLSHM]:key_radius %s is Not numeric!\n", chKey);
		exit(-1);
	}

	if (csa_qq.init(key, lgShmSize * 1024 * 1024, 0666) < 0)
	{
		printf("--Init  failed!\n");
		exit(-1);
	}


	//yahoo
	cfg.GetItemValue("COLLSHM", "key_yahoo", chKey);		// 获取共享内存key值
	cfg.GetItemValue("COLLSHM", "size_yahoo", chShmSize);	// 获取共享内存大小
	if (sscanf(chShmSize, "%ld", &lgShmSize) != 1)
	{
		printf("[COLLSHM]:size_radius %s is Not numeric!\n", chShmSize);
		exit(-1);
	}

	if (sscanf(chKey, "%d", &key) != 1)
	{
		printf("[COLLSHM]:key_radius %s is Not numeric!\n", chKey);
		exit(-1);
	}

	if (csa_yahoo.init(key, lgShmSize * 1024 * 1024, 0666) < 0)
	{
		printf("--Init  failed!\n");
		exit(-1);
	}


	//ftp
	cfg.GetItemValue("COLLSHM", "key_ftp", chKey);		// 获取共享内存key值
	cfg.GetItemValue("COLLSHM", "size_ftp", chShmSize);	// 获取共享内存大小
	if (sscanf(chShmSize, "%ld", &lgShmSize) != 1)
	{
		printf("[COLLSHM]:size_ftp %s is Not numeric!\n", chShmSize);
		exit(-1);
	}

	if (sscanf(chKey, "%d", &key) != 1)
	{
		printf("[COLLSHM]:key_ftp %s is Not numeric!\n", chKey);
		exit(-1);
	}

	if (csa_ftp.init(key, lgShmSize * 1024 * 1024, 0666) < 0)
	{
		printf("--Init  failed!\n");
		exit(-1);
	}

	//telnet
	cfg.GetItemValue("COLLSHM", "key_telnet", chKey);		// 获取共享内存key值
	cfg.GetItemValue("COLLSHM", "size_telnet", chShmSize);	// 获取共享内存大小
	if (sscanf(chShmSize, "%ld", &lgShmSize) != 1)
	{
		printf("[COLLSHM]:size_telnet %s is Not numeric!\n", chShmSize);
		exit(-1);
	}

	if (sscanf(chKey, "%d", &key) != 1)
	{
		printf("[COLLSHM]:key_telnet %s is Not numeric!\n", chKey);
		exit(-1);
	}

	if (csa_telnet.init(key, lgShmSize * 1024 * 1024, 0666) < 0)
	{
		printf("--Init  failed!\n");
		exit(-1);
	}


}

void terminate(int _sig) 
{
	
	exit(1);
}