📄 protocol.c
字号:
#ifndef __KERNEL__
#define __KERNEL__
#endif
#ifndef NULL
#define NULL 0L
#endif
//系统文件
#include <linux/module.h>
#include <linux/config.h>
#include <linux/init.h>
#include <linux/netdevice.h> /* for dev_base */
#include <linux/fs.h>
#include <linux/slab.h>
#include <linux/sched.h>
#include <linux/file.h>
#include <linux/dnotify.h>
#include <linux/if_ether.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/udp.h>
#include <linux/time.h>
#include <linux/namei.h>
#include <linux/dcache.h>
#include <linux/rcupdate.h>
#include <asm/semaphore.h>
#include <asm/unistd.h>
//工程定义文件
#include "createDir.h"
#include "DomainIPHash.h"
#include "list.h"
#include "Rule.h"
#include "RuleIp.h"
#include "protocol.h"
#include "function.h"
GVAR gVar;
TRAFFIC_STAT_INFO statInfo;
THREAD_CONTROL gThread;
static struct net_device* sniffer_dev = NULL;
static int dev_flags = 0;
int nCount;
void inline WriteArrayPacket( struct sk_buff *, PCYC_ARRAY_HEAD ,PIP_HASH_BUCKET,
UINT, UINT );
//全局函数
ssize_t protocol_read( struct file *, char *, size_t, loff_t * );
int protocol_open( struct inode * , struct file* );
int protocol_release( struct inode * , struct file * );
int protocol_ctl_ioctl( struct inode * , struct file* , unsigned int,unsigned long);
int protocol_rcv( struct sk_buff *, struct net_device *, struct packet_type * );
static struct packet_type pt_packet_type =
{
.type = __constant_htons(ETH_P_IP),
.func = protocol_rcv,
};
static struct file_operations protocol_fops =
{
.open = protocol_open,
.read = protocol_read,
.release= protocol_release,
.ioctl = protocol_ctl_ioctl,
};
/* 接收硬件层发送来的以态网包 */
int protocol_rcv( struct sk_buff *skb, struct net_device *dev, struct packet_type *pt )
{
struct iphdr *pIpHeader;
struct tcphdr *pTcpHeader;
// struct udphdr *pUdpHeader;
// PIP_HASH_BUCKET pIPHashBucket = NULL;
UINT ruleID = 0;
pIpHeader = (struct iphdr *)skb->data;
switch( pIpHeader->version )
{
case 4:
break;
case 6:
default:
return 0;
}
//进行抓包大小统计
//进行包过滤
switch( pIpHeader->protocol )
{
case IPPROTO_TCP:
pTcpHeader = (struct tcphdr *)( (UCHAR *)pIpHeader + pIpHeader->ihl * 4 );;
switch( pTcpHeader->dest )
{
case SMTP_PORT_NET:
// ruleID = MatchRuleIP( pIpHeader->saddr );
WriteArrayPacket( skb, &gVar.TcpCycArrayHead, NULL,
APP_TYPE_SMTP, ruleID );
return 0;
case POP3_PORT_NET:
// ruleID = MatchRuleIP( pIpHeader->saddr );
WriteArrayPacket( skb, &gVar.TcpCycArrayHead, NULL,
APP_TYPE_POP3, ruleID );
return 0;
/* case HTTP_PORT_NET:
statInfo.HttpTraffic += skb->len;
ruleID = MatchPostRuleIP( pIpHeader->saddr);
if( ruleID != 0 )
{
WriteArrayPacket( skb, gVar.pTcpCycArrayHead, NULL,
APP_TYPE_HTTP_POST, ruleID );
}
ruleID = MatchRuleIP( pIpHeader->saddr );
if( ruleID != 0 )
{
WriteArrayPacket( skb, gVar.pTcpCycArrayHead, NULL,
APP_TYPE_HTTP_URL, ruleID );
}
pIPHashBucket = FindIP( pIpHeader->saddr );
if( pIPHashBucket )
{
WriteArrayPacket( skb, gVar.pTcpCycArrayHead, NULL,
APP_TYPE_HTTP_MAIL, ruleID );
}
else
{
pIPHashBucket = FindIP( pIpHeader->saddr );
if( pIPHashBucket )
{
WriteArrayPacket( skb, gVar.pTcpCycArrayHead, NULL,
APP_TYPE_HTTP_MAIL, ruleID );
}
}
return 0;
case MSN_PORT_NET:
statInfo.MsnTraffic += skb->len;
ruleID = MatchRuleIP( pIpHeader->saddr);
WriteArrayPacket( skb, gVar.pTcpCycArrayHead, NULL,
APP_TYPE_MSN, ruleID );
return 0;
case TELNET_PORT_NET:
statInfo.TelnetTraffic += skb->len;
ruleID = MatchRuleIP( pIpHeader->saddr );
if( ruleID == 0 )
return 0;
WriteArrayPacket( skb, gVar.pTcpCycArrayHead, NULL,
APP_TYPE_HTTP_MAIL, ruleID );
return 0;
case FTP_PORT_NET:
statInfo.FtpTraffic += skb->len;
ruleID = MatchRuleIP( pIpHeader->saddr );
if( ruleID == 0 )
return 0;
WriteArrayPacket( skb, gVar.pTcpCycArrayHead, NULL,
APP_TYPE_HTTP_MAIL, ruleID );
return 0;
case ICQ_PORT_NET:
statInfo.IcqTraffic += skb->len;
ruleID = MatchRuleIP( pIpHeader->saddr );
WriteArrayPacket( skb, gVar.pTcpCycArrayHead, NULL,
APP_TYPE_ICQ, ruleID );
return 0;
case YAHOO_PORT_NET:
case YAHOO_PORT_NET_119:
case YAHOO_PORT_NET_5101:
statInfo.YahooTraffic += skb->len;
ruleID = MatchRuleIP( pIpHeader->saddr );
WriteArrayPacket( skb, gVar.pTcpCycArrayHead, NULL,
APP_TYPE_YAHOOMSG, ruleID );
return 0;
case IRC_PORT_NET:
statInfo.IrcTraffic += skb->len;
ruleID = MatchRuleIP( pIpHeader->saddr);
WriteArrayPacket( skb, gVar.pTcpCycArrayHead, NULL,
APP_TYPE_IRC, ruleID );
return 0;
case PP_PORT_NET:
statInfo.PpTraffic += skb->len;
ruleID = MatchRuleIP( pIpHeader->saddr );
WriteArrayPacket( skb, gVar.pTcpCycArrayHead, NULL,
APP_TYPE_HTTP_MAIL, ruleID );
return 0;
case GTALK_PORT_NET:
statInfo.GtalkTraffic += skb->len;
ruleID = MatchRuleIP( pIpHeader->saddr );
WriteArrayPacket( skb, gVar.pTcpCycArrayHead, NULL,
APP_TYPE_GTALK, ruleID );
return 0;*/
default:
break;
}
switch( pTcpHeader->source )
{
case POP3_PORT_NET:
// ruleID = MatchRuleIP( pIpHeader->daddr );
WriteArrayPacket( skb, &gVar.TcpCycArrayHead, NULL,
APP_TYPE_POP3, ruleID );
return 0;
/* case HTTP_PORT_NET:
statInfo.HttpTraffic += skb->len;
ruleID = MatchRuleIP( pIpHeader->daddr );
pIPHashBucket = FindIP( pIpHeader->saddr );
if( pIPHashBucket )
{
WriteArrayPacket( skb, gVar.pTcpCycArrayHead, NULL,
APP_TYPE_HTTP_MAIL, ruleID );
}
else
{
pIPHashBucket = FindIP( pIpHeader->daddr );
if( pIPHashBucket )
{
WriteArrayPacket( skb, gVar.pTcpCycArrayHead, NULL,
APP_TYPE_HTTP_MAIL, ruleID );
}
}
return 0;
case MSN_PORT_NET:
statInfo.MsnTraffic += skb->len;
ruleID = MatchRuleIP( pIpHeader->daddr );
WriteArrayPacket( skb, gVar.pTcpCycArrayHead, NULL,
APP_TYPE_MSN, ruleID );
return 0;
case TELNET_PORT_NET:
statInfo.TelnetTraffic += skb->len;
ruleID = MatchRuleIP( pIpHeader->daddr );
if( ruleID == 0 )
return 0;
WriteArrayPacket( skb, gVar.pTcpCycArrayHead, NULL,
APP_TYPE_TELNET, ruleID );
return 0;
case FTP_PORT_NET:
statInfo.FtpTraffic += skb->len;
ruleID = MatchRuleIP( pIpHeader->daddr );
if( ruleID == 0 )
return 0;
WriteArrayPacket( skb, gVar.pTcpCycArrayHead, NULL,
APP_TYPE_FTP, ruleID );
return 0;
case ICQ_PORT_NET:
statInfo.IcqTraffic += skb->len;
ruleID = MatchRuleIP( pIpHeader->daddr );
WriteArrayPacket( skb, gVar.pTcpCycArrayHead, NULL,
APP_TYPE_ICQ, ruleID );
return 0;
case YAHOO_PORT_NET:
case YAHOO_PORT_NET_119:
case YAHOO_PORT_NET_5101:
statInfo.YahooTraffic += skb->len;
ruleID = MatchRuleIP( pIpHeader->daddr );
WriteArrayPacket( skb, gVar.pTcpCycArrayHead, NULL,
APP_TYPE_YAHOOMSG, ruleID );
return 0;
case IRC_PORT_NET:
statInfo.IrcTraffic += skb->len;
ruleID = MatchRuleIP( pIpHeader->daddr );
WriteArrayPacket( skb, gVar.pTcpCycArrayHead, NULL,
APP_TYPE_IRC, ruleID );
return 0;
case PP_PORT_NET:
statInfo.PpTraffic += skb->len;
ruleID = MatchRuleIP( pIpHeader->daddr );
WriteArrayPacket( skb, gVar.pTcpCycArrayHead, NULL,
APP_TYPE_PP, ruleID );
return 0;
case GTALK_PORT_NET:
statInfo.GtalkTraffic += skb->len;
ruleID = MatchRuleIP( pIpHeader->daddr );
WriteArrayPacket( skb, gVar.pTcpCycArrayHead, NULL,
APP_TYPE_GTALK, ruleID );
return 0;*/
default:
break;
}
break;
case IPPROTO_UDP:
/* pUdpHeader = skb->h.uh;
switch( pUdpHeader->source )
{
case DNS_PORT_NET:
statInfo.DnsTraffic += skb->len;
WriteArrayPacket( skb, gVar.pTcpCycArrayHead, NULL,
APP_TYPE_DNS, ruleID );
return 0;
default:
break;
}
switch( pUdpHeader->dest )
{
case QQ_PORT_NET:
statInfo.QqTraffic += skb->len;
ruleID = MatchRuleIP( pIpHeader->saddr );
WriteArrayPacket( skb, gVar.pTcpCycArrayHead, NULL,
APP_TYPE_QQ, ruleID );
return 0;
default:
return 0;
}
break;*/
default:
break;
}
kfree_skb( skb );
return 0;
}
int __init protocol_module_init(void)
{
//将网卡设置成混杂模式
sniffer_dev = dev_get_by_name( "eth1" );
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -