📄 probe_main.c
字号:
#include "probe_main.h"
#include "queue.h"
#include "node_operate.h"
#include "http.h"
#include "inet.h"
//#include "include/pcap.h"
#include <pcap.h>
pthread_mutex_t print_m;
u_int32_t print_num = 0;
u_int32_t free_num = 0;
u_int32_t out_buf = 0 ;
u_int32_t total = 0;
#define RULE "action (store and sample) ((port 80 or port 21 or port 8080 or port 4430 or port 4510 or port 4200 or port 1201 or port 8000\
or port 53 or port 443 or port 5190 or port 143 or port 5559 or port 7200 or port 1863 or port 1521 or port 110 or port 25 or port 1433\
or port 23 or port 3724 or port 5200 or port 5050 or port 5101 or port 9090 or port 5631 or port 5632 or port 2000 or port 2002) and tcp)\
or ((port 1511 or port 9191 or port 1813) and udp)"
void *probe_capture(probe_all_t *all_info)
{
int i = 0;
int res = 0;
pcap_t *pd;
char errbuf[PCAP_ERRBUF_SIZE];
struct pcap_pkthdr bh;
const u_char *packet = NULL;
struct bpf_program *program;
if((pd = pcap_open_live( "eth1", 1518, 1, 1000, errbuf)) == NULL)
{
printf("pcap_open_live: %s\n", errbuf);
exit(0);
}
while(all_info->pthread[i] != NULL)
{
all_info->pthread[i]->pd = pd;
i++;
}
//combrio_delflag(pcap_t * p, unsigned int headerType);
if(pcap_compile( pd, &program, RULE, 0, 0) < 0)
{
printf("pcap_compile is error, exit the program \n");
exit(0);
}
if( pcap_setfilter( pd, &program) < 0 )
{
printf("pcap_setfilter is error, exit the program \n");
exit(0);
}
for(;;)
{
// printf("total %d \n" , total);
// pthread_mutex_lock(&print_m);
// printf("out buffer %d \n" , out_buf);
// pthread_mutex_unlock(&print_m);
// printf("in free %d \n" , free_num);
// printf("in buffer %d \n" , print_num);
packet = pcap_next(pd, &bh ); /* Get next packet */
if(packet == NULL || res < 0)
{
continue; /* 有可能出现 */
}
// printf("pcap_next\n\n");
//packet_dispatch(all_info->pthread, all_info->port , packet , bh.len, bh.ts.tv_sec , bh.handle); /*数据报分发*/
packet_dispatch(all_info->pthread, all_info->port, packet, bh.len, bh.ts.tv_sec, bh.handle);
}
pcap_close(pd);
return;
}
/*
int comm_connect_admin(pthread_infor_t *pthread)
{
packet_t * packet = NULL;
connect_node_head hash_table[MB];
connect_node * node = NULL;
void * module_pt = NULL;
u_int8_t direct = 0;
u_int8_t ret = 0;
while(1)
{
packet = pbuffer_get_packet( &(pthread->pbuf) );
if(packet != NULL)
{
printf(" ###### %d %d #### %s ### \n" , packet->dport, packet->sport, pthread->name);
node = compare_node( hash_table, packet);
if(node == NULL)
{
if(insert_node(hash_table, packet) == -1)
{
free(packet);
continue;
}
}
if(node->sport == packet->sport)
direct = 0;
else
direct = 1;
if(node->state == UNCONFIRM)
{
if((ret = pthread->functions.judge(pthread , module_pt , node , packet , direct)) == NEEDED)
node->state = CONFIRM;
else if( ret == UNNEEDED)
{
node->state = UNNEEDED;
}
else
{
if((node->counter ++) > MAX_COMPARE)
node->state = UNNEEDED;
}
}
else if(node->state == CONFIRM && packet->app_len > 0)
{
pthread->functions.audit_packet(pthread , module_pt , node , packet, direct);
}
if(packet->protocol_type == TCP && ( TCP_FLAG_FIN(packet->trans_data) ||TCP_FLAG_RST(packet->trans_data)) )
{
pthread->functions.connect_destroy( pthread , module_pt , node );
remove_node(hash_table, node, packet);
}
free(packet);
}
}
return -1;
}
int consult_connect_admin(pthread_infor_t *pthread)
{
packet_t * packet = NULL;
connect_node * consult_node = NULL;
connect_node * node = NULL;
void * module_pt = NULL;
u_int8_t direct = 0;
u_int8_t ret = 0;
connect_node_head consult_hash_table[4096];
connect_node_head hash_table[MB];
while(1)
{
packet = pbuffer_get_packet( &(pthread->pbuf) );
if(packet != NULL)
{
printf(" ###### %d %d #### %s ### \n" , packet->dport, packet->sport, pthread->name);
node = compare_node( hash_table, packet);
if(node == NULL)
{
if(insert_node(hash_table, packet) == -1)
{
free(packet);
continue;
}
}
direct = (node->sport == packet->sport) ? 0:1;
if(node->state == UNCONFIRM)
{
if((ret = pthread->functions.judge(pthread , module_pt , node , packet , direct)) == NEEDED)
node->state = CONFIRM;
else if( ret == UNNEEDED)
{
node->state = UNNEEDED;
}
else
{
if((node->counter ++) > MAX_COMPARE)
node->state = UNNEEDED;
}
}
else if(node->state == CONFIRM && packet->app_len > 0)
{
pthread->functions.audit_packet(pthread , module_pt , node , packet, direct);
}
if(packet->protocol_type == TCP && ( TCP_FLAG_FIN(packet->trans_data) ||TCP_FLAG_RST(packet->trans_data)) )
{
pthread->functions.connect_destroy( pthread , module_pt , node );
remove_node(hash_table, node, packet);
}
free(packet);
}
}
return -1;
}
*/
void function( pthread_infor_t *pthread )
{
packet_t * packet = NULL;
//connect_node_head hash_table[MB];
connect_node * node = NULL;
void * module_pt = NULL;
u_int8_t direct = 0;
u_int8_t ret = 0;
// printf("+++++++++ %s %x ++++++++++++\n" , pthread->name ,hash_table);
// memset(hash_table , 0 , MB * sizeof(connect_node_head));
int i = 0;
/* for(i = 0 ; i < MB ; i ++)
{
if(hash_table[i].first != NULL || hash_table[i].tail != NULL)
printf("NO NONONNONONNOONONONONONONONOONONONONONO\n\n");
}*/
module_pt = pthread->functions.init();
while(1)
{
ret = kfifo_get( pthread->fifo, &packet, 4) ;
if(packet != NULL)
{
// printf(" ###### %d %d #### %s ### \n" , packet->dport, packet->sport, pthread->name);
// node = compare_node( hash_table, packet);
// if(node == NULL)
// {
// if((node = insert_node(hash_table, packet)) == NULL)
// {
// free(packet);
// continue;
// }
// }
direct = (node->sport == packet->sport) ? 0:1;
// if(node->state == UNCONFIRM)
// {
if((ret = pthread->functions.judge(pthread , module_pt , node , packet , direct)) == NEEDED)
// node->state = CONFIRM;
// else if( ret == UNNEEDED)
// {
// node->state = UNNEEDED;
// }
// else
// {
// if((node->counter ++) > MAX_COMPARE)
// node->state = UNNEEDED;
// }
// }
// else if(node->state == CONFIRM && packet->app_len > 0)
// {
pthread->functions.audit_packet(pthread , module_pt , node , packet, direct);
// }
// if(packet->protocol_type == TCP && ( TCP_FLAG_FIN(packet->trans_data) ||TCP_FLAG_RST(packet->trans_data)) )
// {
pthread->functions.connect_destroy( pthread , module_pt , node );
// remove_node(hash_table, node, packet);
// }
free(packet);
packet = NULL;
}
else
usleep(10);
// pthread_mutex_lock(&print_m);
// out_buf ++;
// pthread_mutex_unlock(&print_m);
//printf(" buffer %d \n " , print_num);
}
return ;
}
int startup_pthread( pthread_infor_t *pthread[] )
{
int i = 0;
int ret = 0;
while(pthread[i] != NULL)
{
ret = pthread_create(&(pthread[i]->tid) , NULL, function, pthread[i]);
printf("****** %d ****** %u ***\n", ret , pthread[i]->tid);
i ++;
}
return 0;
}
int register_port_func(pthread_infor_t *pthread[] , port_array_t *port_a)
{
int i = 0;
int j = 0;
int n = 0;
int m= 0;
for(m = 0 ; m < 17 ; m ++)
{
printf("QQQQQQQQQQ %d DDDDDDDDDD\n\n" , (*(pthread+m))->port[0]);
}
memset(port_a , 0 , 65535*sizeof(port_array_t)) ;
while( pthread[i] != NULL)
{
//for( n=0; n<1000 ; n ++)
// printf("######## %x #########\n\n" ,port[n] );
// for(j= 0 ; j < strlen(pthread[i]->port) ; j++)
j = 0;
while( pthread[i]->port[1][j] != 0 )
{
if(pthread[i]->port[0][j] == TCP_TYPE )
{
if( port_a[ pthread[i]->port[1][j] ].tailt == NULL )
{
if((port_a[ pthread[i]->port[1][j] ].headt = malloc(sizeof(port_t)) ) != NULL)
{
port_a[ pthread[i]->port[1][j] ].headt->fifo = pthread[i]->fifo ;
port_a[ pthread[i]->port[1][j] ].headt->next = NULL ;
port_a[ pthread[i]->port[1][j] ].tailt = port_a[ pthread[i]->port[1][j] ].headt;
}
else
return -1;
}
else
{
if((port_a[ pthread[i]->port[1][j] ].tailt->next = malloc(sizeof(port_t)) ) != NULL)
{
port_t *tmp = port_a[ pthread[i]->port[1][j] ].tailt->next ;
tmp->fifo = pthread[i]->fifo;
tmp->next = NULL ;
port_a[ pthread[i]->port[1][j] ].tailt = tmp;
}
else
return -1;
}
}
else
{
if( port_a[ pthread[i]->port[1][j] ].tailu == NULL )
{
if((port_a[ pthread[i]->port[1][j] ].headu = malloc(sizeof(port_t)) ) != NULL)
{
port_a[ pthread[i]->port[1][j] ].headu->fifo = pthread[i]->fifo ;
port_a[ pthread[i]->port[1][j] ].headu->next = NULL ;
port_a[ pthread[i]->port[1][j] ].tailu = port_a[ pthread[i]->port[1][j] ].headu;
}
else
return -1;
}
else
{
if((port_a[ pthread[i]->port[1][j] ].tailt->next = malloc(sizeof(port_t)) ) != NULL)
{
port_t *tmp = port_a[ pthread[i]->port[1][j] ].tailu->next ;
tmp->fifo =pthread[i]->fifo ;
tmp->next = NULL ;
port_a[ pthread[i]->port[1][j] ].tailu = tmp;
}
else
return -1;
}
}
j++;
}
i++;
}
for(i = 0 ; i < 65535 ; i++)
{
if( port_a[i].headt != NULL)
printf("@@@@@ %d ******** %x ****\n", i ,port_a[i].tailt->fifo);
}
return 0;
}
int init_all(probe_infor_t * probe , pthread_infor_t *pthread[] )
{
/*将xml里的信息分别读入到这两个结构中*/
int i = 0;
/*测试*/
memset(probe , 0 , sizeof(probe_infor_t));
memset(pthread , 0 , 64*sizeof(pthread_infor_t *));
memcpy(probe->device , "eth1" , 4);
//21 , 8000 , 1863, 443 , 25 , 110 , 1201 ,53 , 8080 , 5222 , 5190 , 143 , 1521 , 1433 , 5050 , 5101};
u_int16_t ports[18] = { 80, 80,80,80,80,80,80,80,80,80,80,80,80,80,80,80,80};
static u_int8_t * name[18] = {"HTTP" , "FTP" , "QQ" , "MSN" , "HTTPS" , "SMTP" , "POP3" , "CGA" , "DNS", "8080" , "Gtalk" , "ICQ" ,
"IMAP" , "ORCLE" , "SQLSERVER" , "YMSG" , "YMSG"};
for(i = 0 ; i < 17; i ++)
{
pthread_infor_t *tmp ;
tmp = malloc(sizeof(pthread_infor_t)) ;
memset(tmp , 0 , sizeof(pthread_infor_t));
tmp->port[0][0] = TCP_TYPE;
tmp->port[1][0] = ports[i];
printf("&&&&&&&& %d &&&&&&&&\n\n " , ports[i]);
tmp->fifo = kfifo_alloc(1024*16);
tmp->functions.init = http_init;
tmp->functions.judge = http_judge;
tmp->functions.audit_packet = http_audit_packet;
tmp->functions.connect_destroy = http_connect_destroy;
tmp->functions.consult_audit_packet = http_consult_audit_packet;
tmp->functions.consult_connect_destroy = http_consult_connect_destroy;
strcpy( tmp->name , name[i] );
pthread[i] = tmp ;
}
return 0;
/**/
}
int probe_main(int argc , char **argv)
{
pthread_t cid;
probe_infor_t probe;
pthread_infor_t * pthread[64] ;
port_array_t port[65535];
probe_all_t all_info;
all_info.pthread = pthread;
all_info.port = port;
pthread_mutex_init(&print_m , NULL) ;
/*初始化线程信息,从xml 文件读取线程配置文件*/
if(init_all(&probe , pthread) < 0)
{
printf("获取配置文件信息出错\n");
exit(0);
}
if(register_port_func( pthread, port)<0)
{
printf("注册模块端口和函数出错\n");
exit(0);
}
/* 启动线程*/
startup_pthread(pthread);
pthread_create(&cid , NULL , probe_capture , &all_info);
pthread_join(cid , NULL);
//clean_all();
}
int main(int argc, char **argv)
{
/*添加守护进城*/
probe_main(argc , argv);
return 0;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -