⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 smtpparser.c

📁 Linux下面截获以态网数据包!是在内核态下面运行的驱动程序
💻 C
📖 第 1 页 / 共 2 页
字号:
🔍
12 
				
				pSmtpHashHead->iSeqCount++;
			}
		}

		if( pOKHashHead != NULL && pSmtpHashHead->pSeq != NULL )
		{
			do
			{
				if( FindDot( pSmtpHashHead, (PDOUBLE_LIST_PACKET)( pSmtpHashHead->pSeq ) ) )
					break;

				if( pSmtpHashHead->pSeq->pNext == NULL )
					break;

				pIPHeader = (struct iphdr *)( (UCHAR *)((PDOUBLE_LIST_PACKET)pSmtpHashHead->pSeq->pNext )->packet.buf );
				pTCPHeader = (struct tcphdr *)( (UCHAR *)pIPHeader + pIPHeader->ihl * 4 );
				
				if( ((PDOUBLE_LIST_PACKET)pSmtpHashHead->pSeq)->packet.nextSeqNumber != ntohl(pTCPHeader->seq ) )
				{
					break;
				}
				
				pSmtpHashHead->pSeq = pSmtpHashHead->pSeq->pNext;
				if( ((PDOUBLE_LIST_PACKET)pSmtpHashHead->pSeq)->bLong )
				{
					pSmtpHashHead->iSeqLen += _LONG_PACKET_LEN;
				}
				else
				{
					pSmtpHashHead->iSeqLen += _SHORT_PACKET_LEN;
				}
				
				pSmtpHashHead->iSeqCount++;
			}while( 1 );
		}
	}

	up( &pSmtpHashBucket->fastMutex );
	
	if( pOKHashHead )
	{
		_InsertHeadList( gVar.pFileQueque, &pOKHashHead->item);
	}

	return true;	
}

char inline SmtpHashItemOp( PSMTP_HASH_HEAD pSmtpHashHead, PDOUBLE_LIST_PACKET pItem )
{
	struct iphdr*		pIPHeader;
	struct tcphdr*		pTCPHeader;
	struct iphdr*		pIPHeader2;
	struct tcphdr*		pTCPHeader2;
	PDOUBLE_LIST_PACKET pListPacket;
	PPACKET_DATA 		pPrePacket;
//	int					nError;

	pIPHeader = (struct iphdr *)pItem->packet.buf;
	pTCPHeader = (struct tcphdr *)( (UCHAR *)pIPHeader + pIPHeader->ihl * 4 );

#ifdef _SMTP_POP3_DEBUG
	sprintf( message, "len : %d, seq : %x, ack seq : %x, nextseq : %x ", pItem->packet.len ,
		ntohl( pTCPHeader->seq ), ntohl( pTCPHeader->ack_seq ), pItem->packet.nextSeqNumber );
	WriteLogFile( message );
	printk( "%s", message );
#endif

	if( pSmtpHashHead->bPrew && pSmtpHashHead->nextSeqNumber > ntohl( pTCPHeader->seq ) )
	{
#ifdef _SMTP_POP3_DEBUG
		sprintf( message, " head seq : %d; drop", pSmtpHashHead->nextSeqNumber );
		WriteLogFile( message );
		printk( "%s", message );
#endif
		return false;
	}
	
	if( pTCPHeader->fin )
		pSmtpHashHead->type |= SMTP_HASH_TYPE_FIN;
		
	if( pSmtpHashHead->pTail == NULL )
	{
		InitializeDoubleListItem( &pItem->doubleListItem );
		if( pSmtpHashHead->bPrew )
		{
			if( pSmtpHashHead->nextSeqNumber == (UINT)ntohl( pTCPHeader->seq ) )
			{
				pSmtpHashHead->pTail = pSmtpHashHead->pHead = pSmtpHashHead->pSeq = 
					&pItem->doubleListItem;

				if( ((PDOUBLE_LIST_PACKET)pSmtpHashHead->pSeq)->bLong )
					pSmtpHashHead->iSeqLen += _LONG_PACKET_LEN;
				else
					pSmtpHashHead->iSeqLen += _SHORT_PACKET_LEN;
				
				pSmtpHashHead->iSeqCount = 1;
			}
			else
			{
				pSmtpHashHead->pTail = pSmtpHashHead->pHead =  &pItem->doubleListItem;
				pSmtpHashHead->pSeq = NULL;
				pSmtpHashHead->iSeqLen = 0;
				pSmtpHashHead->iSeqCount = 0;	
			}		
		}
		else
		{
			pSmtpHashHead->pTail = pSmtpHashHead->pHead = pSmtpHashHead->pSeq = &pItem->doubleListItem;
			
			if( ((PDOUBLE_LIST_PACKET)pSmtpHashHead->pSeq)->bLong )
				pSmtpHashHead->iSeqLen += _LONG_PACKET_LEN;
			else
				pSmtpHashHead->iSeqLen += _SHORT_PACKET_LEN;

			pSmtpHashHead->iSeqCount = 1;
		}
		
		pSmtpHashHead->iNumber++;
		if( pSmtpHashHead->iSeqLen != 0 )
		{
			if( pItem->packet.dataLen >= 5 )
				FindDot( pSmtpHashHead, pItem );
		}

#ifdef _SMTP_POP3_DEBUG
		sprintf( message, " init head" );
		WriteLogFile( message );
		printk( "%s", message );
#endif
		return true;
	} 
	else
	{
		pPrePacket = &( (PDOUBLE_LIST_PACKET)pSmtpHashHead->pTail )->packet;
		if( ntohl( pTCPHeader->seq ) >= pPrePacket->nextSeqNumber )
		{
			//add tail
			//goto ADDTAIL;
			InitializeDoubleListItem( &pItem->doubleListItem );

			if( !( pSmtpHashHead->type & SMTP_HASH_TYPE_SEQ ) && pSmtpHashHead->pSeq == pSmtpHashHead->pTail 
				&& ((PDOUBLE_LIST_PACKET)pSmtpHashHead->pTail)->packet.nextSeqNumber == ntohl(pTCPHeader->seq) )
			{
				//Move the pSeq pointer
				pSmtpHashHead->pSeq = &pItem->doubleListItem;
				if( pItem->packet.dataLen >= 5 )
				{
					FindDot( pSmtpHashHead, pItem );
				}

				if( pItem->bLong )
					pSmtpHashHead->iSeqLen += _LONG_PACKET_LEN;
				else
					pSmtpHashHead->iSeqLen += _SHORT_PACKET_LEN;

				pSmtpHashHead->iSeqCount++;
			}

			pItem->doubleListItem.pPre = pSmtpHashHead->pTail;
			pSmtpHashHead->pTail->pNext = &pItem->doubleListItem;
			pSmtpHashHead->pTail = &pItem->doubleListItem;
			pSmtpHashHead->iNumber++;
			
#ifdef _SMTP_POP3_DEBUG
			sprintf( message, " end" );
			WriteLogFile( message );
			printk( "%s", message );
#endif
			return true;
		}
/*		else if( pItem->packet.len > 500 
			&& ( pPrePacket->nextSeqNumber - ntohl( pTCPHeader->seq ) ) < 80 )
		{
			InitializeDoubleListItem( &pItem->doubleListItem );
			
			//改变错位长度
			nError = pPrePacket->nextSeqNumber - ntohl( pTCPHeader->seq ); 
			pItem->packet.dataOffset += nError;
			pItem->packet.dataLen -= nError;
				
#ifdef _SMTP_POP3_DEBUG
			sprintf( message, "change data %d\r\n",  nError );
			WriteLogFile( message );
			printk( "%s", message );
			SLEEP;
#endif
			//Move the pSeq pointer
			pSmtpHashHead->pSeq = &pItem->doubleListItem;
			if( pItem->packet.dataLen >= 5 )
			{
				FindDot( pSmtpHashHead, pItem );
			}
				
			if( pItem->bLong )
				pSmtpHashHead->iSeqLen += _LONG_PACKET_LEN;
			else
				pSmtpHashHead->iSeqLen += _SHORT_PACKET_LEN;
				
			pSmtpHashHead->iSeqCount++;
			pItem->doubleListItem.pPre = pSmtpHashHead->pTail;
			pSmtpHashHead->pTail->pNext = &pItem->doubleListItem;
			pSmtpHashHead->pTail = &pItem->doubleListItem;
			
			pSmtpHashHead->iNumber++;
			return true;
		}*/
		else
		{
			//查找数据包插入位置
			pListPacket = (PDOUBLE_LIST_PACKET)pSmtpHashHead->pTail->pPre;
			while( pListPacket )
			{
				if( ntohl(pTCPHeader->seq) >= pListPacket->packet.nextSeqNumber )
					break;

				pListPacket = (PDOUBLE_LIST_PACKET)pListPacket->doubleListItem.pPre;
			}

			if( pListPacket && pSmtpHashHead->pSeq != NULL 
				&& ntohl( pTCPHeader->seq ) < ((PDOUBLE_LIST_PACKET)pSmtpHashHead->pSeq)->packet.nextSeqNumber )
			{
				//This is strange packet, lost it
				return false;
			}
			
			if( pListPacket )
			{
				//插入队列中间
				pIPHeader2 = (struct iphdr *)( (UCHAR *)( ( (PDOUBLE_LIST_PACKET)pListPacket->doubleListItem.pNext )->packet.buf ) );
				pTCPHeader2 = (struct tcphdr *)( (UCHAR *)pIPHeader2 + pIPHeader2->ihl * 4 );
				
				//相同包,返回
				if( pTCPHeader->seq == pTCPHeader2->seq )
					return false;
				
				pItem->doubleListItem.pNext = pListPacket->doubleListItem.pNext;
				pItem->doubleListItem.pPre = &pListPacket->doubleListItem;

				pListPacket->doubleListItem.pNext->pPre = &(pItem->doubleListItem);
				pListPacket->doubleListItem.pNext = &(pItem->doubleListItem);
				pSmtpHashHead->iNumber++;
	
				if( !(pSmtpHashHead->type & SMTP_HASH_TYPE_SEQ) && pSmtpHashHead->pSeq != NULL)
				{
					pIPHeader2 = (struct iphdr *)( (UCHAR *)( (PDOUBLE_LIST_PACKET)pSmtpHashHead->pSeq->pNext )->packet.buf );
					pTCPHeader2 = (struct tcphdr *)( (UCHAR *)pIPHeader2 + pIPHeader2->ihl * 4 );
					
					while( pSmtpHashHead->pSeq 	&& ( (PDOUBLE_LIST_PACKET)pSmtpHashHead->pSeq )->packet.nextSeqNumber 
						== ntohl(pTCPHeader2->seq ) )
					{
						pSmtpHashHead->pSeq = pSmtpHashHead->pSeq->pNext;
						if( ((PDOUBLE_LIST_PACKET)pSmtpHashHead->pSeq)->bLong )
							pSmtpHashHead->iSeqLen += _LONG_PACKET_LEN;
						else
							pSmtpHashHead->iSeqLen += _SHORT_PACKET_LEN;
						
						pSmtpHashHead->iSeqCount++;
						
						if( FindDot( pSmtpHashHead, (PDOUBLE_LIST_PACKET)pSmtpHashHead->pSeq ) )
							break;
						
						if( pSmtpHashHead->pSeq->pNext == NULL )
							break;

						pIPHeader2 = (struct iphdr *)( (UCHAR *)( (PDOUBLE_LIST_PACKET)pSmtpHashHead->pSeq->pNext )->packet.buf );
						pTCPHeader2 = (struct tcphdr *)( (UCHAR *)pIPHeader2 + pIPHeader2->ihl * 4 );
						
					}
				}

#ifdef _SMTP_POP3_DEBUG
				sprintf( message, "middle" );
				WriteLogFile( message );
				printk( "%s", message );
#endif
				return true;
			}
			else
			{
				//插入头
				pIPHeader2 = (struct iphdr *)( ((PDOUBLE_LIST_PACKET)pSmtpHashHead->pHead)->packet.buf );
				pTCPHeader2 = (struct tcphdr *)( (UCHAR *)pIPHeader2 + pIPHeader2->ihl * 4 );

				//相同包,抛弃
				if( pTCPHeader->seq == pTCPHeader2->seq )
					return false;
				
				if( pSmtpHashHead->pSeq == NULL )
				{
					if( pSmtpHashHead->nextSeqNumber == ntohl(pTCPHeader->seq) )
					{
						pSmtpHashHead->pSeq = &pItem->doubleListItem;
						pSmtpHashHead->iSeqLen = pItem->bLong ? _LONG_PACKET_LEN : _SHORT_PACKET_LEN;
						pSmtpHashHead->iSeqCount = 1;
					}
				}
				else
				{
					if( pItem->packet.nextSeqNumber != ntohl(pTCPHeader2->seq ) )
					{
			
						//Move the pSeq pointer to the first packet
						pSmtpHashHead->pSeq = &pItem->doubleListItem;
						pSmtpHashHead->iSeqLen = pItem->bLong ? _LONG_PACKET_LEN : _SHORT_PACKET_LEN;
						pSmtpHashHead->iSeqCount = 1;
						
						//Clear the type: DOT AND SEQ
						pSmtpHashHead->type &= ~(SMTP_HASH_TYPE_SEQ | SMTP_HASH_TYPE_DOT);

						//find mail "."
						FindDot( pSmtpHashHead, pItem );	
					}
					else
					{
						if( pItem->bLong )
							pSmtpHashHead->iSeqLen += _LONG_PACKET_LEN;
						else
							pSmtpHashHead->iSeqLen += _SHORT_PACKET_LEN;

						pSmtpHashHead->iSeqCount++;
					}
				}

				pItem->doubleListItem.pNext = pSmtpHashHead->pHead;
				pItem->doubleListItem.pPre = NULL;
				pSmtpHashHead->pHead->pPre = &(pItem->doubleListItem);
				pSmtpHashHead->pHead = &(pItem->doubleListItem);
				
				//进行排序
				if( pSmtpHashHead->pSeq != NULL )
				{
					do
					{
						if( FindDot( pSmtpHashHead, (PDOUBLE_LIST_PACKET)pSmtpHashHead->pSeq ) )
							break;

						if( !pSmtpHashHead->pSeq->pNext )
							break;

						pIPHeader = (struct iphdr *)( (UCHAR *)( (PDOUBLE_LIST_PACKET)pSmtpHashHead->pSeq->pNext )->packet.buf );
						pTCPHeader = (struct tcphdr *)( (UCHAR *)pIPHeader + pIPHeader->ihl * 4 );
						
						if( ( (PDOUBLE_LIST_PACKET)pSmtpHashHead->pSeq )->packet.nextSeqNumber != ntohl(pTCPHeader->seq) )
						{
							break;
						}
						
						pSmtpHashHead->pSeq = pSmtpHashHead->pSeq->pNext;
						if( ((PDOUBLE_LIST_PACKET)pSmtpHashHead->pSeq)->bLong )
							pSmtpHashHead->iSeqLen += _LONG_PACKET_LEN;
						else
							pSmtpHashHead->iSeqLen += _SHORT_PACKET_LEN;
					
						pSmtpHashHead->iSeqCount++;
					}while( 1 );
				}
				
#ifdef _SMTP_POP3_DEBUG
				sprintf( message, " head" );
				WriteLogFile( message );
				printk( "%s", message );
#endif

				pSmtpHashHead->iNumber++;
				return true;
			}
		}			
	}
	
	return false;
}

int inline FindDot( PSMTP_HASH_HEAD pSmtpHashHead, PDOUBLE_LIST_PACKET pItem )
{
	char*	ptr;
 	int		i;

	ptr = pItem->packet.buf + pItem->packet.len - 5;
	for( i = 0; i < 4; i ++ )
	{
		if( ptr[ i ] == 0x2e )
		{
			pSmtpHashHead->type |= SMTP_HASH_TYPE_SEQ | SMTP_HASH_TYPE_DOT;
			pSmtpHashHead->iPart++;
			return 1;
		}
	}

	return 0;
}

void inline MailHashHandle( PDOUBLE_LIST_PACKET pItem )
{
	if( !SmtpHashOp( pItem ) )
	{
		PutPacketPool( pItem );
	}
}
12

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -