capture.h

电子邮件系统数据包获取与还原技术的研究原码

#include "pcap.h"

#define BUFFER_SIZE 65536
u_char buff[BUFFER_SIZE];
char path[256];

typedef struct ip_address{
	u_char byte1;
	u_char byte2;
	u_char byte3;
	u_char byte4;
}ip_address;

/* IPv4 header */
typedef struct ip_header{
	u_char ver_ihl; // version << 4 | header length >> 2
	u_char tos; // type of service 
	u_short len; // total length
	u_short identification; // Identification
	u_short flg_off;         // fragment offset field 
#define IP_RF 0x8000            // reserved fragment flag 
#define IP_DF 0x4000            // dont fragment flag 
#define IP_MF 0x2000            // more fragments flag 
#define IP_OFFMASK 0x1fff       // mask for fragmenting bits 
	u_char ttl; // time to live
	u_char proto; // protocol
	u_short checksum; // checksum
	ip_address saddr; // source address
	ip_address daddr; // destination address
}ip_header;
#define IP_HL(ip)               (((ip)->ver_ihl) & 0x0f)
#define IP_V(ip)                (((ip)->ver_ihl) >> 4)

/* TCP header*/
typedef struct tcp_header {
	u_short sport;               /* source port */
	u_short dport;               /* destination port */
	u_int seq;                 /* sequence number */
	u_int ack;                 /* acknowledgement number */
	u_char  offset;               /* data offset, rsvd */
	u_char  flags;
	u_short window;                 /* window */
	u_short checksum;                 /* checksum */
	u_short urgentP;                 /* urgent pointer */
}tcp_header;
#define TH_FIN  0x01
#define TH_SYN  0x02
#define TH_RST  0x04
#define TH_PUSH 0x08
#define TH_ACK  0x10
#define TH_URG  0x20
#define TH_ECE  0x40
#define TH_CWR  0x80
#define TH_FLAGS        (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR)
#define TCP_OFF(tcp)      (((tcp)->offset & 0xf0) >> 4)

/* describe the ip fragment */
typedef struct ip_frag{
	u_char    *data;                  /* data */
	u_short offset;                 /* fragment offset */
	u_short length;                 /* data length */
	u_short  mf;                     /* flag */
	struct  ip_frag *next;          /* a pointer to next struct */
}ip_frag;

/* identify datagram fragments */
typedef struct ip_datagram{
	ip_address ip_src,ip_dst;  /* Source Address，Destination Address */
	u_char  ip_pro;                 /* Protocol */
	u_short ip_id;                  /* Identification */
	ip_frag *frag;
	struct ip_datagram *next;
}ip_datagram;

/* tcp fragment */
typedef struct tcp_frag{
	u_int seq;
	u_int len;
	u_char  *data;
	struct tcp_frag *next;
}tcp_frag;

/* identify tcp datagram */
typedef struct tcp_datagram{
	u_short sport;               /* source port */
	u_short dport;               /* destination port */
	u_int begin_seq,final_seq;     
	ip_address ip_src,ip_dst;    /*  source sddress，destination address */
	u_int  ocet_num;                /* ocet number */
	tcp_frag *frag;
	struct tcp_datagram *next;
}tcp_datagram;

ip_datagram *ip_lt = NULL;
tcp_datagram *tcp_lt = NULL;

/*packet handler*/
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data);
/*copy data*/
void copy_data(const u_char *data,int len,u_char *dst_data);
/*compare address*/
bool compare_address(const ip_address *address1,const ip_address *address2);
/*check ip list*/
u_char* check_ip(ip_address *src,ip_address *dst,u_short*off);

void tcp(const ip_address src,const ip_address dst,int tcp_lenth,u_char* head);