dealpacket.c

Linux环境下mail监控程序的源代码

#include<sys/types.h>
#include<sys/stat.h>
#include<fcntl.h>

#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>

#include "dealpacket.h"
#include "logUtil.h"


static pthread_mutex_t pop3_mutex = PTHREAD_MUTEX_INITIALIZER;

int create_pop3_thread(pthread_t *pid)
{
	POP3_THREAD_STATUS = 1;

	if (pthread_create(pid, NULL, (void *)pop3_thread, NULL))
	{
		//#ifdef _TEST_DEBUG_		
			doLog(0, "        deal_packet() 创建pop3_thread线程失败,退出!\n");
			return FAIL;
		//#endif
	}
	return SUCCESS;
}

int close_pop3_thread(pthread_t pid)
{
	POP3_THREAD_STATUS = 0;

	if (pthread_join(pid, NULL))
	{
		doLog(0, "the pop3 deal thread exit error\n");
		return FAIL;
	}
	//doLog(0, "the pop3 deal thread exit SUCCESS\n");
	return SUCCESS;
}

char * create_sql(tcp_stream_node *stream_node, pop3_mail *mail)
{
	char *sql=NULL;

	int sql_len = 256 + PATH_MAXLEN;
	if (mail->from!=NULL)
		sql_len += strlen(mail->from);
	if (mail->to!=NULL)
		sql_len += strlen(mail->to);
	if (mail->cc!=NULL)
		sql_len += strlen(mail->cc);
	if (mail->subject!=NULL)
		sql_len += strlen(mail->subject);
	//doLog(0, "sql_len: %u\n", sql_len);
	struct tm *tm_stime = localtime(&stream_node->stime);
	
	sql = (char *)malloc(sql_len);
	memset(sql, 0, sql_len);
	sprintf(sql, "insert  into %s values( default,", DB_MAIL_TABLE_NAME);
	sprintf(sql, "%s '%4d-%02d-%02d %02d:%02d:%02d',",
				 sql, tm_stime->tm_year+1900, tm_stime->tm_mon+1, tm_stime->tm_mday, 
		              tm_stime->tm_hour, tm_stime->tm_min, tm_stime->tm_sec
		    );
	sprintf(sql, "%s '%s',", sql, inet_ntoa(*(struct in_addr*)&stream_node->saddr));
	sprintf(sql, "%s %u,"  , sql, stream_node->req_stream.source);
	sprintf(sql, "%s '%02X%02X%02X%02X%02X%02X',", 
				 sql, stream_node->smac[0], stream_node->smac[1], stream_node->smac[2],
					  stream_node->smac[3], stream_node->smac[4], stream_node->smac[5]
			);
	sprintf(sql, "%s '%s',", sql, inet_ntoa(*(struct in_addr*)&stream_node->daddr));
	sprintf(sql, "%s %u,"  , sql, stream_node->req_stream.dest);
	sprintf(sql, "%s '%02X%02X%02X%02X%02X%02X',", 
				 sql, stream_node->dmac[0], stream_node->dmac[1], stream_node->dmac[2],
					  stream_node->dmac[3], stream_node->dmac[4], stream_node->dmac[5]
			);
	sprintf(sql, "%s '%s',", sql, "POP3");
	sprintf(sql, "%s '%s',", sql, mail->from==NULL?"":mail->from);
	sprintf(sql, "%s '%s',", sql, mail->to==NULL?"":mail->to);
	sprintf(sql, "%s '%s',", sql, mail->cc==NULL?"":mail->cc);
	sprintf(sql, "%s '',", sql);//bcc
	sprintf(sql, "%s '%s',", sql, mail->subject==NULL?"":mail->subject);
	sprintf(sql, "%s %u,"  , sql, mail->mail_len);
	sprintf(sql, "%s '%s',", sql, mail->path);
	sprintf(sql, "%s '');", sql);
	
	//doLog(0, "sql: %s\n", sql);
	
	return sql;
}


void write_database(tcp_stream_node *stream_node, pop3_mail *mail)
{
	char *sql=NULL;
	sql = create_sql(stream_node, mail);

	if (dao_mysql_connect())
	{
		doLog(0, "database error:%s\n", dao_mysql_getError());
	}
	else if (dao_mysql_executeSql(sql))
	{
		doLog(0, "sql:%s\n", sql);
		doLog(0, "database error:%s\n", dao_mysql_getError());
		dao_mysql_close();
	}
	else
	{
		dao_mysql_close();
	}

	free(sql);
	return;
}

void analysis_pop3(pop3_mail *mail)
{
	FILE    *fp;
	char *readStr=NULL;
	char *temp=NULL;
	char *temp_readStr=NULL;
	int i = 1, subject_len=0, find_from=0, find_to=0, find_subject=0, find_cc=0;
	u_int32_t size= 0;

//"/usr/local/mbond/log/temp/1077229913_1234519682_132.eml"
	if( ( fp = fopen(mail->path, "r") ) == NULL )	//文件不存在
		return ;
	//doLog(0, "begin analysis_pop3()--------------------------\n");
	
	while (!feof(fp))
	{
		size = i*MAIL_LINE;
		readStr = (char *)malloc(size+1);
		memset(readStr, 0, size+1);
		if (temp_readStr!=NULL)
		{
			memcpy(readStr,temp_readStr,strlen(temp_readStr));
			fgets( readStr+strlen(temp_readStr), MAIL_LINE, fp );
			free(temp_readStr);
			temp_readStr=NULL;
		}
		else
			fgets( readStr, MAIL_LINE, fp );
		 
		if (memcmp(readStr, "", strlen(readStr))==0)
		{
			free(readStr);
			i = 1; 
			continue;
		}

		if (strlen(readStr)==2 && memcmp(readStr, "\r\n", 2)==0)
		{
			//doLog(0, "find 邮件头和邮件体的分隔符 \\r\\n\n");
			free(readStr);
/*
			doLog(0, "MAIL FROM: %s\n", mail->from);
			if (mail->to!=NULL)
				doLog(0, "To: %s\n", mail->to);
			if (mail->subject!=NULL)
				doLog(0, "Subject :%s\n", mail->subject);
			if (mail->cc!=NULL)
				doLog(0, "CC: %s\n", mail->cc);
*/
			break;
		}

		if (strstr(readStr, "\r\n")==0)
		{
			//doLog(0, "no find \\r\\n\n");
			temp_readStr = readStr;
//			free(readStr);
			i+=1;
			continue;
		}
		else
		{
			//doLog(0, "find \\r\\n\n");
			temp = NULL;

			if (find_from==0 && ( (temp=strstr(readStr, "From: "))!=0 || (temp=strstr(readStr, "from: "))!=0 || (temp=strstr(readStr, "FROM: "))!=0))
			{
				if (strncasecmp(readStr, "From: ", 6)!=0)//'From: '不在该行的开头
				{
					//doLog(0, "find From: but From: not in head\n");
					free(readStr);
					i = 1; 
					continue;
				}
				//doLog(0, "find FROM\n");
				
				get_address(&(mail->from), temp+6);

				find_from = 1;
				
				free(readStr);
				i = 1; 
				continue;
			}
			else if (find_to==0 && ( (temp=strstr(readStr, "To: "))!=0 || (temp=strstr(readStr, "to: "))!=0 || (temp=strstr(readStr, "TO: "))!=0 ) )
			{
				if (strncasecmp(readStr, "To: ", 4)!=0)//'To: '不在该行的开头
				{
					//doLog(0, "find To: but To: not in head\n");
					free(readStr);
					i = 1; 
					continue;
				}
				//doLog(0, "find To:\n");

				//doLog(0, "readStr: %s\n", readStr);
				find_receiver(&(mail->to), temp+4, &find_to);
				free(readStr);
				i = 1; 
				continue;
				
			}
			else if (find_to==2)
			{
				find_receiver(&(mail->to), readStr, &find_to);
				free(readStr);
				i = 1; 
				continue;
			}
			else if (find_cc==0 && ( (temp=strstr(readStr, "Cc: "))!=0 || (temp=strstr(readStr, "cc: "))!=0 || (temp=strstr(readStr, "CC: "))!=0 ) )
			{
				if (strncasecmp(readStr, "Cc: ", 4)!=0)//'Cc: '不在该行的开头
				{
					//doLog(0, "find Cc: but Cc: not in head\n");
					free(readStr);
					i = 1; 
					continue;
				}
				//doLog(0, "find Cc:\n");

				find_receiver(&(mail->cc), temp+4, &find_cc);
				free(readStr);
				i = 1; 
				continue;
			}
			else if (find_cc==2)
			{
				find_receiver(&(mail->cc), temp+4, &find_cc);
				free(readStr);
				i = 1; 
				continue;
			}
			else if (find_subject==0 && ( (temp=strstr(readStr, "Subject: "))!=0 || (temp=strstr(readStr, "subject: "))!=0 || (temp=strstr(readStr, "SUBJECT: "))!=0  ) )
			{
				if (strncasecmp(readStr, "Subject: ", 9)!=0)//'Subject: '不在该行的开头
				{
					//doLog(0, "find Subject: but Subject: not in head\n");
					free(readStr);
					i = 1; 
					continue;
				}
				//doLog(0, "find Subject:\n");
				
				subject_len = strlen(temp)-9;
				if (subject_len<=0)
				{
					free(readStr);
					i = 1; 
					continue;
				}
				
				//doLog(0, "Subject len: %u\n", subject_len);
				
				mail->subject = (char *)malloc(subject_len+1);
				memset(mail->subject, 0, subject_len+1);
				memcpy(mail->subject, temp+9, subject_len);
				find_subject = 1;

				free(readStr);
				i = 1; 
				continue;
			}
			
			free(readStr);

			if (find_from == 1 && find_to == 1 && find_subject == 1 && find_cc == 1)
			{
				//doLog(0, "MAIL FROM: %s\n", mail->from);
				//doLog(0, "To: %s\n", mail->to);
				//doLog(0, "Subject :%s\n", mail->subject);
				//doLog(0, "CC :%s\n", mail->cc);
				break;
			}
		}
	}
	
	//doLog(0, "end analysis_pop3()--------------------------\n");
	fclose(fp);
	
	analysis_subject(&mail->subject);

	return;
}

void analysis_subject(char **subject)
{
	char *temp_to_utf8=NULL;
	struct_decode my_decode;

	if (*subject!=NULL)
	{
		//doLog(0, "subject: %s\n", *subject);
		memset(&my_decode, 0, sizeof(struct_decode));
		if(analysis_encode_string(&my_decode, *subject)==1)
		{
			if (my_decode.dest!=NULL && my_decode.d_len>0)
			{
				temp_to_utf8 = NULL;

				if (strcasecmp(my_decode.charset, "gb2312")==0)
				{
					//doLog(0, "my_decode.charset is GB2312!\n");
					temp_to_utf8 = g2u((char *)my_decode.dest);
				}
				else if (strcasecmp(my_decode.charset, "gbk")==0)
				{
					//doLog(0, "my_decode.charset is GBK!\n");
					temp_to_utf8 = gbk2u((char *)my_decode.dest);
				}
				else
				{
					//doLog(0, "my_decode.charset is %s!\n",my_decode.charset);
				}
				
				if (temp_to_utf8 == NULL)
				{
					free(*subject);
					*subject = (char *)malloc(strlen((char *)my_decode.dest)+1);
					memset(*subject, 0, strlen((char *)my_decode.dest)+1);
					memcpy(*subject, my_decode.dest, strlen((char *)my_decode.dest));
				}
				else
				{
					//doLog(0, "temp_to_utf8 not NULL!\n");
					free(*subject);
					*subject = (char *)malloc(strlen(temp_to_utf8)+1);
					memset(*subject, 0, strlen(temp_to_utf8)+1);
					memcpy(*subject, temp_to_utf8, strlen(temp_to_utf8));
					free(temp_to_utf8);
					temp_to_utf8=NULL;
				}

				//doLog(0, "decode subject: %s\n", *subject);
			}
			free_struct_decode(&my_decode);
		}
		//else
			//doLog(0, "subject no encoded!\n");
	}
	return;
}

//从一段格式不规则的邮件地址中获得格式规则的邮件地址
//可能的邮件格式:		1: '***'<*@*.*>
//						2: <*@*.*>
//						3: *@*.	
//格式规则的邮件格式:	<*@*.*>
int get_address(char **p, char *temp)
{
	char *l_temp=NULL;
	char *r_temp=NULL;
	char *temp_to=NULL;
	char *name_begin=NULL;
	u_int32_t len=0;
	u_int32_t name_len=0;
	int has_flag=0;

	l_temp = strchr(temp, '<');
	r_temp = strchr(temp, '>');
	
	if (!l_temp || !r_temp)//收件人中不带'<' '>'符号
	{
		has_flag = 0;
		//doLog(0, "has_flag =%u\n", has_flag);
		name_len = strlen(temp);
		if (name_len>2)
		{
			if (temp[name_len-2]==0x0d && temp[name_len-1]==0x0a)
			{
				//doLog(0, "the last two is \\r\\n\n");
				name_len-=2;//去掉最后的\r\n
			}
		}
		if (name_len<5)//最短的邮箱名*@*.*,其长度最少为5
			return 0;
		//doLog(0, "name_len=%u\n", name_len);
		name_begin = temp;
		goto deal;
	}
	
	has_flag = 1;
	//doLog(0, "has_flag =%u\n", has_flag);
	name_len = strlen(l_temp)-strlen(r_temp)+1;
	if (name_len<7)//最短的邮箱名<*@*.*>,其长度最少为7