📄 tcp_get.cpp
字号:
////每个tcp通信建立起两个对应的连接项,源和目的端口、IP;
tcplink[j+1]->saddr=ih->daddr;
tcplink[j+1]->daddr=ih->saddr;
tcplink[j+1]->sport=tcpfrag_new->dport;
tcplink[j+1]->dport=tcpfrag_new->sport;
tcplink[j+1]->nullflag=1;
tcplink[j+1]->app_process=tcpreg[i]->app_process;
tcplinksum=tcplinksum+2;
break;
}
return j;
}
else matchsum_sd=0;
}
for(i=0;i<tcpregsum;i++)
{
if (((tcpreg[i]->saddr.byte1==0)&&(tcpreg[i]->saddr.byte2==0)&&(tcpreg[i]->saddr.byte3==0)&&(tcpreg[i]->saddr.byte4==0))
|| ((ih->saddr.byte1==tcpreg[i]->daddr.byte1)&&(ih->saddr.byte2==tcpreg[i]->daddr.byte2)&&
(ih->saddr.byte3==tcpreg[i]->daddr.byte3)&&(ih->saddr.byte4==tcpreg[i]->daddr.byte4)))
matchsum_ds++;
if ((tcpreg[i]->sport==0)||(tcpfrag_new->sport==tcpreg[i]->sport))
matchsum_ds++;
if (((tcpreg[i]->daddr.byte1==0)&&(tcpreg[i]->daddr.byte2==0)&&(tcpreg[i]->daddr.byte3==0)&&(tcpreg[i]->daddr.byte4==0))
|| ((ih->daddr.byte1==tcpreg[i]->saddr.byte1)&&(ih->daddr.byte2==tcpreg[i]->saddr.byte2)&&
(ih->daddr.byte3==tcpreg[i]->saddr.byte3)&&(ih->daddr.byte4==tcpreg[i]->saddr.byte4)))
matchsum_ds++;
if ((tcpreg[i]->dport==0)||(tcpfrag_new->dport==tcpreg[i]->dport))
matchsum_ds++;
if (matchsum_ds==4)
{
/////查找TCP连接表,找一个连接记录项为空的位置,新建一个连接;
for(j=0;j<20;j=j+2)
if ((tcplink[j]->nullflag==0) &&(tcplink[j+1]->nullflag==0))
{
tcplink[j]->saddr=ih->saddr;
tcplink[j]->daddr=ih->daddr;
tcplink[j]->sport=tcpfrag_new->sport;
tcplink[j]->dport=tcpfrag_new->dport;
tcplink[j]->nullflag=1;
tcplink[j]->app_process=tcpreg[i]->app_process;
////每个tcp通信建立起两个对应的连接项,交换源和目的端口、IP;
tcplink[j+1]->saddr=ih->daddr;
tcplink[j+1]->daddr=ih->saddr;
tcplink[j+1]->sport=tcpfrag_new->dport;
tcplink[j+1]->dport=tcpfrag_new->sport;
tcplink[j+1]->nullflag=1;
tcplink[j+1]->app_process=tcpreg[i]->app_process;
tcplinksum=tcplinksum+2;
break;
}
return j;
}
else matchsum_ds=0;
}
return -1; /// -1: 无该应用程序注册信息 ;j>-1表示含有注册信息并在位置j新建连接;
}
///////判断是否按序到达
short int tcp_reassemble(ip_header* ih, const u_char *pkt_data, short int link_posi)
{
short int i=0,j=0;
u_long disorder_seq_tmp=0;
u_long disorder_ack_tmp=0;
u_short disorder_sum_tmp=0;
const u_char * disorder_pkt_tmp=NULL;
/////建立连接的第一次通信的报文处理,则link_posi为偶数;
if (((tcpfrag_new->headlen_6res_6flag&0x0012)==0x0002)&&(tcplink[link_posi]->linkstate==0))
{tcplink[link_posi]->uppkt=pkt_data+14+(ih->ver_ihl&0x0f)*4+((tcpfrag_new->headlen_6res_6flag&0xf000)>>0x0c)*4;
tcplink[link_posi]->app_process(link_posi,ih->tlen-(ih->ver_ihl&0xf)*4-((tcpfrag_new->headlen_6res_6flag&0xf000)>>0x0c)*4);
tcplink[link_posi]->curr_seq=tcpfrag_new->seq;
tcplink[link_posi+1]->next_seq=tcpfrag_new->ack+1; ////自定义
tcplink[link_posi]->linkstate=tcplink[link_posi+1]->linkstate=1;
return 1;
}
/////建立连接的第二次通信的报文处理,则link_posi为奇数;
if (((tcpfrag_new->headlen_6res_6flag&0x0012)==0x0012)&&(tcplink[link_posi]->linkstate==1))
{tcplink[link_posi]->uppkt=pkt_data+14+(ih->ver_ihl&0x0f)*4+((tcpfrag_new->headlen_6res_6flag&0xf000)>>0x0c)*4;
tcplink[link_posi]->app_process(link_posi,ih->tlen-(ih->ver_ihl&0xf)*4-((tcpfrag_new->headlen_6res_6flag&0xf000)>>0x0c)*4);
tcplink[link_posi]->curr_seq=tcpfrag_new->seq;
tcplink[link_posi-1]->next_seq=tcpfrag_new->ack;
tcplink[link_posi]->linkstate=tcplink[link_posi-1]->linkstate=2;
return 1;
}
////建立连接后的第三次通信的报文处理,则link_posi为偶数;
if (((tcpfrag_new->headlen_6res_6flag&0x0012)==0x0010)&&(tcpfrag_new->seq==tcplink[link_posi]->next_seq)&&(tcplink[link_posi]->linkstate==2))
{tcplink[link_posi]->uppkt=pkt_data+14+(ih->ver_ihl&0x0f)*4+((tcpfrag_new->headlen_6res_6flag&0xf000)>>0x0c)*4;
tcplink[link_posi]->app_process(link_posi,ih->tlen-(ih->ver_ihl&0xf)*4-((tcpfrag_new->headlen_6res_6flag&0xf000)>>0x0c)*4);
tcplink[link_posi]->curr_seq=tcpfrag_new->seq;
tcplink[link_posi+1]->next_seq=tcpfrag_new->ack;
tcplink[link_posi]->linkstate=tcplink[link_posi+1]->linkstate=3;
return 1;
}
///建立连接后对新来报文的处理,则link_posi不定奇偶;
if (tcplink[link_posi]->linkstate==3)
{
/////第三次之后通信的报文判断是不是重复报文;
for(i=0;i<tcplink[link_posi]->disorder_sum-1;i++)
if (tcpfrag_new->seq==tcplink[link_posi]->disorder_seq[i])
return -1; ////重复到达的报文丢弃处理;
//// 第三次之后通信的报文按序到达;
if(tcplink[link_posi]->next_seq==tcpfrag_new->seq)
{
tcplink[link_posi]->uppkt=pkt_data+14+(ih->ver_ihl&0x0f)*4+((tcpfrag_new->headlen_6res_6flag&0xf000)>>0x0c)*4;
tcplink[link_posi]->app_process(link_posi,ih->tlen-(ih->ver_ihl&0xf)*4-((tcpfrag_new->headlen_6res_6flag&0xf000)>>0x0c)*4);
tcplink[link_posi]->curr_seq=tcpfrag_new->seq;
if (link_posi%2==0) tcplink[link_posi+1]->next_seq=tcpfrag_new->ack;
else tcplink[link_posi-1]->next_seq=tcpfrag_new->ack;
///////////////////////////返回值是由该报文引起可以确认的报文数;
j=upmore_func(ih,pkt_data,link_posi);
if (j==0) return 1;
else return (j+1);
}
///第三次之后通信的报文未按序到达,则直接进行缓存数据处理;
else
{
if (tcplink[link_posi]->disorder_sum==0) ////未被确认的报文数为 0 ;
{
tcplink[link_posi]->disorder_seq[0]=tcpfrag_new->seq;
tcplink[link_posi]->disorder_ack[0]=tcpfrag_new->ack;
tcplink[link_posi]->disorder_pkt[0]=pkt_data+14+(ih->ver_ihl&0x0f)*4+((tcpfrag_new->headlen_6res_6flag&0xf000)>>0x0c)*4;
disorder_sum_tmp=tcplink[link_posi]->disorder_sum=1;
}
else ////未被确认的报文数为>0 ;
{
tcplink[link_posi]->disorder_sum++;
disorder_sum_tmp=tcplink[link_posi]->disorder_sum;
tcplink[link_posi]->disorder_seq[disorder_sum_tmp-1]=tcpfrag_new->seq;
tcplink[link_posi]->disorder_ack[disorder_sum_tmp-1]=tcpfrag_new->ack;
tcplink[link_posi]->disorder_pkt[disorder_sum_tmp-1]=pkt_data+14+(ih->ver_ihl&0x0f)*4+((tcpfrag_new->headlen_6res_6flag&0xf000)>>0x0c)*4;
/////对刚到来的乱序报文按seq进行排序存储;
for(j=0;j<disorder_sum_tmp-1;j++)
if (tcplink[link_posi]->disorder_seq[disorder_sum_tmp-1] < tcplink[link_posi]->disorder_seq[j])
{disorder_seq_tmp=tcplink[link_posi]->disorder_seq[j];
disorder_ack_tmp=tcplink[link_posi]->disorder_ack[j];
disorder_pkt_tmp=tcplink[link_posi]->disorder_pkt[j];
tcplink[link_posi]->disorder_seq[disorder_sum_tmp-1]=disorder_seq_tmp;
tcplink[link_posi]->disorder_ack[disorder_sum_tmp-1]=disorder_ack_tmp;
tcplink[link_posi]->disorder_pkt[disorder_sum_tmp-1]=disorder_pkt_tmp;
tcplink[link_posi]->disorder_seq[j]=tcplink[link_posi]->disorder_seq[disorder_sum_tmp-1];
tcplink[link_posi]->disorder_ack[j]=tcplink[link_posi]->disorder_ack[disorder_sum_tmp-1];
tcplink[link_posi]->disorder_pkt[j]=tcplink[link_posi]->disorder_pkt[disorder_sum_tmp-1];
}
}
return 0; ////失序到达,缓存数据;
}
}
return -1; ////不处理的报文;
}
short int upmore_func(ip_header* ih, const u_char *pkt_data, short int link_posi)
{
short int i=0, ackedsum=0;
for(i=0;i<tcplink[link_posi]->disorder_sum-1;i++)
if(tcplink[link_posi]->disorder_seq[i]==(tcplink[link_posi]->curr_seq+ih->tlen-(ih->ver_ihl&0xf)*4-((tcpfrag_new->headlen_6res_6flag&0xf000)>>0x0c)*4))
{tcplink[link_posi]->uppkt=pkt_data+14+(ih->ver_ihl&0x0f)*4+((tcpfrag_new->headlen_6res_6flag&0xf000)>>0x0c)*4;
tcplink[link_posi]->app_process(link_posi,ih->tlen-(ih->ver_ihl&0xf)*4-((tcpfrag_new->headlen_6res_6flag&0xf000)>>0x0c)*4);
tcplink[link_posi]->next_seq=tcplink[link_posi]->disorder_seq[i];
ackedsum++;
}
else break;
////被确认数>0, 则需修改tcplink信息:包括移位、确认序号改变等;
if (ackedsum>0)
{
tcplink[link_posi]->curr_seq=tcplink[link_posi]->disorder_seq[ackedsum-1];
tcplink[link_posi]->next_seq=tcplink[link_posi]->disorder_ack[ackedsum-1];
for(i=0;i<tcplink[link_posi]->disorder_sum-ackedsum;i++)
{tcplink[link_posi]->disorder_seq[i]=tcplink[link_posi]->disorder_seq[i+ackedsum];
tcplink[link_posi]->disorder_ack[i]=tcplink[link_posi]->disorder_ack[i+ackedsum];
tcplink[link_posi]->disorder_pkt[i]=tcplink[link_posi]->disorder_pkt[i+ackedsum];
}
for(i=0;i<ackedsum-1;i++)
{tcplink[link_posi]->disorder_seq[ackedsum+i]=0;
tcplink[link_posi]->disorder_ack[ackedsum+i]=0;
tcplink[link_posi]->disorder_pkt[ackedsum+i]=NULL;
}
tcplink[link_posi]->disorder_sum-=ackedsum;
}
return ackedsum; ////返回被确认的报文段数;
}
void firstinit()
{
int i=0,j=0;
for(i=0;i<5;i++)
{ tcpreg[i]=newtcpreg();
memset(tcpreg[i],0,sizeof(tcp_register));
}
for(i=0;i<20;i++)
{ tcplink[i]=newtcplinkptr();
memset(tcplink[i],0,sizeof(tcp_linker));
}
tcpfrag_new=newtcpfragptr();
memset(tcpfrag_new,0,sizeof(tcpfrag));
tcpfrag_tmp=newtcpfragptr();
memset(tcpfrag_tmp,0,sizeof(tcpfrag));
}
////向注册函数表结构中填入自行设定需要进行处理报文所包含的源、目的地址和端口号以及应用层处理函数入口;
void tcp_register_func()
{
tcpregsum++;
tcpreg[0]->app_process=ftp_print;
tcpreg[0]->dport=21;
tcpregsum++;
tcpreg[1]->app_process=http_print;
tcpreg[1]->dport=80;
}
void ftp_print(short int link_posi, short int applen)
{
FILE * fp1;
short int n=0;
char ch='\n';
if((fp1 = fopen("ftp_data.txt","a+")) == NULL)
{
printf("can not open the file!\n");
return;
}
printf("\n ftp 提交报文长度:%d 内容: \n",applen);
printf("sport:%u -> dport:%u\n",tcplink[link_posi]->sport,tcplink[link_posi]->dport);
printf("%d.%d.%d.%d -> %d.%d.%d.%d\n",
tcplink[link_posi]->saddr.byte1,tcplink[link_posi]->saddr.byte2,tcplink[link_posi]->saddr.byte3,tcplink[link_posi]->saddr.byte4,/*sport,*/
tcplink[link_posi]->daddr.byte1,tcplink[link_posi]->daddr.byte2,tcplink[link_posi]->daddr.byte3,tcplink[link_posi]->daddr.byte4/*dport*/);
fprintf(fp1,"%d.%d.%d.%d -> %d.%d.%d.%d\n",
tcplink[link_posi]->saddr.byte1,tcplink[link_posi]->saddr.byte2,tcplink[link_posi]->saddr.byte3,tcplink[link_posi]->saddr.byte4,/*sport,*/
tcplink[link_posi]->daddr.byte1,tcplink[link_posi]->daddr.byte2,tcplink[link_posi]->daddr.byte3,tcplink[link_posi]->daddr.byte4/*dport*/);
fprintf(fp1,"sport:%u -> dport:%u, 提交报文长度:%d 内容: \n", tcplink[link_posi]->sport,tcplink[link_posi]->dport,applen);
for(n=0;n<applen;n++)
{ fprintf(fp1,"%.2x ", tcplink[link_posi]->uppkt[n]);
printf("%.2x ", tcplink[link_posi]->uppkt[n]);
if ( (n+1) % 16 == 0)
{printf("\n"); fputc(ch,fp1);}
}
fputc(ch,fp1);fputc(ch,fp1);
fclose(fp1);
}
void http_print(short int link_posi,short int applen)
{
FILE * fp2;
short int n=0;
char ch='\n';
if((fp2 = fopen("http_data.txt","a+")) == NULL)
{
printf("can not open the file!\n");
return;
}
printf("\n http 提交报文长度:%d 内容: \n",applen);
printf("sport:%u -> dport:%u\n",tcplink[link_posi]->sport,tcplink[link_posi]->dport);
printf("%d.%d.%d.%d -> %d.%d.%d.%d\n",
tcplink[link_posi]->saddr.byte1,tcplink[link_posi]->saddr.byte2,tcplink[link_posi]->saddr.byte3,tcplink[link_posi]->saddr.byte4,/*sport,*/
tcplink[link_posi]->daddr.byte1,tcplink[link_posi]->daddr.byte2,tcplink[link_posi]->daddr.byte3,tcplink[link_posi]->daddr.byte4/*dport*/);
fprintf(fp2,"%d.%d.%d.%d -> %d.%d.%d.%d\n",
tcplink[link_posi]->saddr.byte1,tcplink[link_posi]->saddr.byte2,tcplink[link_posi]->saddr.byte3,tcplink[link_posi]->saddr.byte4,/*sport,*/
tcplink[link_posi]->daddr.byte1,tcplink[link_posi]->daddr.byte2,tcplink[link_posi]->daddr.byte3,tcplink[link_posi]->daddr.byte4/*dport*/);
fprintf(fp2,"sport:%u -> dport:%u, 提交报文长度:%d 内容: \n", tcplink[link_posi]->sport,tcplink[link_posi]->dport,applen);
for(n=0;n<applen;n++)
{ fprintf(fp2,"%.2x ", tcplink[link_posi]->uppkt[n]);
printf("%.2x ", tcplink[link_posi]->uppkt[n]);
if ( (n+1) % 16 == 0)
{printf("\n"); fputc(ch,fp2);}
}
fputc(ch,fp2);fputc(ch,fp2);
fclose(fp2);
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -