protocol.h

Linux下面截获以态网数据包！是在内核态下面运行的驱动程序

#ifndef	_PROTOCOL_H_
#define	_PROTOCOL_H_

#define	true		1
#define	false		0

#define	UINT	unsigned int
#define	USHORT	unsigned short
#define	UCHAR	unsigned char
#define	ULONG	unsigned long

#define _MAX_OUTPUT_FILE_LENGTH 		128

//文件保存地址
#define	FILEPATH					"/mnt/data/"
#define	CONFIGURE_FILE				"/mnt/share/xy3/config.ini"
#define	WEB_MAIL_CONFIGURE_FILE		"/mnt/share/xy3/WEBMAILCONFIG.INI"

#define	PRE_CREATE_DIR_MINUTES		20
#define	_MAX_DIR_LENGTH				128

#define	WEB_MAIL_CONFIG_BUF_LEN		( 125 * 1024 )

//硬件层
#define	ETHER_ADDR_LEN		6		/* length of an Ethernet address */
#define	ETHER_TYPE_LEN		2		/* length of the Ethernet type field */
#define	ETHER_CRC_LEN		4		/* length of the Ethernet CRC */
#define	ETHER_HDR_LEN		(ETHER_ADDR_LEN*2+ETHER_TYPE_LEN)
#define	ETHER_MIN_LEN		64		/* minimum frame len, including CRC */
#define	ETHER_MAX_LEN		1518	/* maximum frame len, including CRC */
#define	ETHER_MAX_LEN_JUMBO	9018	/* max jumbo frame len, including CRC */

#define	ETHER_VLAN_ENCAP_LEN	4	/* len of 802.1Q VLAN encapsulation */

#define _MAX_UINT			0xFFFFFFFF

//tcp 和 udp 常用端口
#define SMTP_PORT			25
#define POP3_PORT			110

#define SMTP_PORT_NET		0X1900		//25
#define POP3_PORT_NET		0X6E00		//110
#define HTTP_PORT_NET		0X5000		//80
#define DNS_PORT_NET		0X3500		//53
#define TELNET_PORT_NET		0X1700		//23
#define FTP_PORT_NET		0X1500		//21

#define MSN_PORT_NET		0X4707		//1863
#define QQ_PORT_NET			0X401F		//8000
#define ICQ_PORT_NET		0X4614           //5190
#define ICQ_PORT_NET_443	0XBB01		//443
#define YAHOO_PORT_NET		0XBA13		//5050
#define YAHOO_PORT_NET_119	0X7700		//119
#define YAHOO_PORT_NET_5101	0XED13			//5101

#define IRC_PORT_NET		0X0B1A			//6667
#define PP_PORT_NET			0XEA14			//5354
#define AOL_PORT_NET		0X0B1A			//6667同IRC
#define GTALK_PORT_NET		0X6614			//5222

#define	STAT_INTERVAL				60

#define	WEB_MAIL_LOGIN				"webmaillogin"
#define	WEB_MAIL_SEND_CON			"webmailsend"
#define	WEB_MAIL_RECEIVE_CON		"webmailreceive"
#define	WEB_MAIL_ATTACH				"webmailattach"
#define	WEB_MAIL_ADD_LIST			"webaddlist"
#define	WEB_POST					"webpost"
#define	BBS_SEND					"bbssend"
#define	BBS_RECEIVE					"bbsreceive"

#define	TCP_PACKET_DEPTH	40000



#define xtod(c)         ((c) <= '9' ? '0' - (c) : 'a' - (c) - 10)
#define isdigit(c) ('0' <= (c) && (c)  <= '9')
#define isspace(c) ((c) == ' ' || (c)  == '\t')
#define isxdigit(c)	(('0' <= (c) && (c) <= '9') \
			 || ('a' <= (c) && (c) <= 'f') \
			 || ('A' <= (c) && (c) <= 'F'))

typedef struct _TRAFFIC_STAT_INFO
{
	long	TotalNumber;
	long	TotalBytes;
	long	AverageBytesPerPacket;
	long	MaxTraffic;
	
	//smtp/pop3
	long	MailTotalBytes;	
	long	MaxMailTraffic;
	long	SusMailTotal;	

	long	MailTotalNum;
	long	NormailMailNum;
	long	DelMailNum;
	
	//msn	
	long	MsnTraffic;
	long	SusMsnTotal;	
	
	//icq
	long	IcqTraffic;
	long	SusIcqTotal;	
	
	//irc
	long	IrcTraffic;
	long	SusIrcTotal;	
	
	//uc
	long	UcTraffic;
	long	SusUcTotal;	
	
	//pp
	long	PpTraffic;
	long	SusPpTotal;	
	
	//yahoo
	long	YahooTraffic;
	long	SusYahooTotal;	
	
	//ftp
	long	FtpTraffic;
	long	SusFtplTotal;	
	
	//telnet
	long	TelnetTraffic;
	long	SusTelnetTotal;	
	
	//gtalk
	long	GtalkTraffic;
	long	SusGtalkTotal;	
	
	//Http
	long	HttpTraffic;
	long	SusHttpUrlTotal;		
	long	SusHttpMailTotal;		
	
	//qq
	long	QqTraffic;
	long	SusQqTotal;		

	//dns
	long	DnsTraffic;
	long	SusDnsTotal;
	
	long	MaxLength;
	long	MinLength;
	
	long	Lower500;
	long	Len500;
	long	In500_1000;
	long	Len500_1000;
	long	Greater1000;
	long	Len1000;
	
	long	MailShort;
	long	MailLong;	
}TRAFFIC_STAT_INFO, *PTRAFFIC_STAT_INFO;

typedef	struct _G_VAR
{
	//数据包队列	
	CYC_ARRAY_HEAD	TcpCycArrayHead;
	CYC_ARRAY_HEAD	UdpCycArrayHead;

	//控制结构
	CTRL_THREAD_CTX	CtrlThreadCtx;

	PDOUBLE_LIST_HEAD		pShortPacketPool;
	PDOUBLE_LIST_HEAD		pLongPacketPool;

	//协议包队列
	PDOUBLE_LIST_HEAD	pSmtpQueque;
	PDOUBLE_LIST_HEAD	pHttpQueque;		//webmail
	PDOUBLE_LIST_HEAD	pMsnQueque ;
	PDOUBLE_LIST_HEAD	pPop3Queque;
	PDOUBLE_LIST_HEAD	pHttpUrlQueque;		//http_url
	PDOUBLE_LIST_HEAD	pFtpQueque;	
	PDOUBLE_LIST_HEAD	pTelnetQueque;
	PDOUBLE_LIST_HEAD	pYahooQueque;
	PDOUBLE_LIST_HEAD	pIcqQueque;	
	PDOUBLE_LIST_HEAD	pIrcQueque;		
	PDOUBLE_LIST_HEAD	pAolQueque;	
	PDOUBLE_LIST_HEAD	pPpQueque;	
	PDOUBLE_LIST_HEAD	pGtalkQueque;		
	PDOUBLE_LIST_HEAD	pHashHeadQueque;

	PDOUBLE_LIST_HEAD	pSmtpHash[ _MAX_SMTP_HASH_BUCKET ];
	PDOUBLE_LIST_HEAD	pHttpHash[ _MAX_HTTP_HASH_BUCKET ];
	PDOUBLE_LIST_HEAD	pMsnHash[ _MAX_MSN_HASH_BUCKET ];
	PDOUBLE_LIST_HEAD	pPostHash[ _MAX_HTTP_POST_BUCKET ];	
	PDOUBLE_LIST_HEAD	pFtpHash[ _MAX_FTP_HASH_BUCKET ];
	PDOUBLE_LIST_HEAD	pTelnetHash[ _MAX_TELNET_HASH_BUCKET ];
	PDOUBLE_LIST_HEAD	pIcqHash[ _MAX_ICQ_HASH_BUCKET ];
	PDOUBLE_LIST_HEAD	pYahooHash[ _MAX_YAHOO_HASH_BUCKET ];	
	PDOUBLE_LIST_HEAD	pIrcHash[ _MAX_IRC_HASH_BUCKET ];
	PDOUBLE_LIST_HEAD	pAolHash[ _MAX_AOL_HASH_BUCKET ];
	PDOUBLE_LIST_HEAD	pPpHash[ _MAX_PP_HASH_BUCKET ];
	PDOUBLE_LIST_HEAD	pGtalkHash[ _MAX_GTALK_HASH_BUCKET ];	
	
	PIP_HASH_BUCKET		pIPHash[_MAX_IP_HASH_BUCKET];
	__u32				IPNumber;
	PDOMAIN_HASH_BUCKET	pDomainHash[_MAX_DOMAIN_HASH_BUCKET];
	__u16				domainNumber;
	
	PDOUBLE_LIST_HEAD	pWebLoginFileQueque;
	PDOUBLE_LIST_HEAD	pWebMailFileQueque;
	PDOUBLE_LIST_HEAD	pBBSFileQueque;	
	PDOUBLE_LIST_HEAD	pMsnFileQueque;
	PDOUBLE_LIST_HEAD	pFtpFileQueque;
	PDOUBLE_LIST_HEAD	pTelnetFileQueque;
	PDOUBLE_LIST_HEAD	pIcqFileQueque;
	PDOUBLE_LIST_HEAD	pYahooFileQueque;
	PDOUBLE_LIST_HEAD	pFileQueque;
	PDOUBLE_LIST_HEAD	pHttpUrlFileQueque;
	PDOUBLE_LIST_HEAD	pPpFileQueque;
	PDOUBLE_LIST_HEAD	pGtalkFileQueque;
	PDOUBLE_LIST_HEAD	pIrcFileQueque;	

	struct timeval		gSysCurTime;
	
#define	_FILEPATH_NUMBER	10
#define	_FILEPATH_LEN		128

	HASHHEAD_LOOKASIDE_INFO	hashHeadInfo;
	PACKET_LOOKASIDE_INFO	shortPacketHeadInfo;
	PACKET_LOOKASIDE_INFO	longPacketHeadInfo;
	
	//smtppop3file
	char	Smtppop3Path[_FILEPATH_NUMBER][_FILEPATH_LEN];
	__u32	Smtppop3PathNumber;
	__u16	iSmtppop3Path;
	
	//webmailfile
	char	WebMailPath[_FILEPATH_NUMBER][_FILEPATH_LEN];
	__u32	WebMailPathNumber;
	__u16	iWebMailPath;

	//msnfile
	char	MsnPath[_FILEPATH_NUMBER][_FILEPATH_LEN];
	__u32	MsnPathNumber;
	__u16	iMsnPathNumber;
	
	//ImLogfile
	char	ImLogPath[_FILEPATH_NUMBER][_FILEPATH_LEN];
	__u32	ImLogPathNumber;
	__u16	iImLogPathNumber;
	
	//HttpUrlfile
	char	HttpUrlPath[_FILEPATH_NUMBER][_FILEPATH_LEN];
	__u32	HttpUrlPathNumber;
	__u16	iHttpUrlPathNumber;
	
	//Ftpfile
	char	FtpPath[_FILEPATH_NUMBER][_FILEPATH_LEN];
	__u32	FtpPathNumber;
	__u16	iFtpPathNumber;
	
	//Telnetfile
	char	TelnetPath[_FILEPATH_NUMBER][_FILEPATH_LEN];
	__u32	TelnetPathNumber;
	__u16	iTelnetPathNumber;	
	
	//Icqfile
	char	IcqPath[_FILEPATH_NUMBER][_FILEPATH_LEN];
	__u32	IcqPathNumber;
	__u16	iIcqPathNumber;
	
	//Yahoofile
	char	YahooPath[_FILEPATH_NUMBER][_FILEPATH_LEN];
	__u32	YahooPathNumber;
	__u16	iYahooPathNumber;	
	
	//Ircfile
	char	IrcPath[_FILEPATH_NUMBER][_FILEPATH_LEN];
	__u32	IrcPathNumber;
	__u16	iIrcPathNumber;	
	
	//Ppfile
	char	PpPath[_FILEPATH_NUMBER][_FILEPATH_LEN];
	__u32	PpPathNumber;
	__u16	iPpPathNumber;	
	
	//Aolfile
	char	AolPath[_FILEPATH_NUMBER][_FILEPATH_LEN];
	__u32	AolPathNumber;
	__u16	iAolPathNumber;	
	
	//Gtalkfile
	char	GtalkPath[_FILEPATH_NUMBER][_FILEPATH_LEN];
	__u32	GtalkPathNumber;
	__u16	iGtalkPathNumber;		
	
	PWEB_MAIL_CONFIG	gWebMailConfig;
	struct semaphore	logFastLock;
	
	//规则HASH表头
	RULE_HASH	ruleHash;
	
	//中标规则客户端IP HASH表头
	RULE_IP_HASH_HEAD	ruleIPHash[_MAX_RULE_IP_HASH_BUCKET];

	char		bMemoryTest;
//	PKEVENT		pMemoryEvent;
//	PKEVENT		pHMemoryEvent;
	UINT	MmHandle;
}GVAR, *PGVAR;

typedef struct _THREAD_CONTROL
{
	pid_t				thread_pid; 
	struct completion	thread_exited;
}THREAD_CONTROL, *PTHREAD_CONTROL;

#define dprintk(x...) printk(x...)
#define PROTOCOL_MAJOR	212

#ifndef KERNEL_VERSION
#define KERNEL_VERSION(vers,rel,seq) ( ((vers)<<16) |((rel)<<8) | (seq))
#endif

#endif//_THREADCONTROL_H_