dealpacket.c

Linux环境下mail监控程序的源代码

		return 0;
	//doLog(0, "name_len=%u\n", name_len);
	name_begin = l_temp;
	goto deal;

deal:
	if (*p != NULL && strlen(*p)>0)
		len = name_len+strlen(*p)+1;
	else
		len = name_len;
	if (has_flag==0)
		len+=2;//如果邮件地址两边没有"<>",最后将为该地址加上"<>"
	//doLog(0, "len=%u\n", len);
	temp_to = (char *)malloc(len+1);
	memset(temp_to, 0, len+1);
	if (*p != NULL && strlen(*p)>0)
	{
		//doLog(0, "*p != NULL && strlen(*p)>0\n");
		if (has_flag==0)
		{
			sprintf(temp_to, "%s,<", *p);
			memcpy(temp_to+strlen(*p)+1+1, name_begin, name_len);
			sprintf(temp_to, "%s>", temp_to);
		}
		else
		{
			sprintf(temp_to, "%s,", *p);
			memcpy(temp_to+strlen(*p)+1, name_begin, name_len);
		}
		//doLog(0, "free(*p)1\n");
		free(*p);
		//doLog(0, "free(*p)2\n");
	}
	else
	{
		if (has_flag==0)
		{
			strcpy(temp_to, "<");
			memcpy(temp_to+1, name_begin, name_len);
			sprintf(temp_to, "%s>", temp_to);
		}
		else
			memcpy(temp_to, name_begin, name_len);
	}
		
	*p = temp_to;
	temp_to = NULL;
	return 1;

}

//将邮件地址列表分割成单独的邮件地址处理
int find_receiver(char **p, char *temp, int *find_to)
{
	char *s_temp=NULL;
	char *sa_temp=NULL;
	char *first_name = NULL;
	u_int32_t first_len = 0;
	int ret = 0;

	s_temp = strchr(temp, ',');
	
	if (!s_temp)//没有找到','
	{
		*find_to = 1;
		//doLog(0, "no find ','\n");
		//doLog(0, "find_to: %u\n", *find_to);
		return get_address(p, temp);
	}
	else
		*find_to = 2;
	
	//doLog(0, "find ','\n");
	first_len = strlen(temp) - strlen(s_temp);
	//doLog(0, "first_len=%u\n", first_len);
	first_name = (char *)malloc(first_len + 1);
	memset(first_name, 0, first_len+1);
	memcpy(first_name, temp, first_len);

	//doLog(0, "first_name: %s\n", first_name);
	
	ret = get_address(p, first_name);
	free(first_name);
	if (ret == 0)
		return 0;
	
	sa_temp = strchr(s_temp+1, ',');
	if (!sa_temp)//在第一个','后面没有找到其他','
	{
		//doLog(0, "no ',' after the first ','\n");
		sa_temp = strchr(s_temp+1, '@');
		if (!sa_temp)
			return 1;
		else//在第一个','后如果出现@符号则代表还有一封信件,该信件为整个收信人列表的最后一封信
		{	
			//doLog(0, "find the '@'\n");
			*find_to = 1;
			
			first_name = (char *)malloc(strlen(s_temp+1) + 1);
			memset(first_name, 0, strlen(s_temp+1) + 1);
			memcpy(first_name, s_temp+1, strlen(s_temp+1));
			
			ret = get_address(p, first_name);
			free(first_name);
			return ret;
		}
	}
	return find_receiver(p, s_temp+1, find_to);
}


void free_pop3_mail_list(pop3_mail *head_pop3_mail)
{
	if (head_pop3_mail==NULL)
		return;
		
	pop3_mail *temp=NULL;

	temp = head_pop3_mail;
	//doLog(0, "temp!=NULL\n");
	while (temp != NULL)
	{
		if (temp->next != NULL)
		{
			//doLog(0, "temp->next != NULL, free_pop3_mail_list(temp->next)\n");
			free_pop3_mail_list(temp->next);
		}
		if (temp->from!=NULL)
		{
			//doLog(0, "temp->from != NULL, free(temp->from)\n");
			free(temp->from);
		}
		if (temp->to!=NULL)
		{
			//doLog(0, "temp->to != NULL, free(temp->to)\n");
			free(temp->to);
		}
		if (temp->cc!=NULL)
		{
			//doLog(0, "temp->cc != NULL, free(temp->cc)\n");
			free(temp->cc);
		}
		if (temp->subject!=NULL)
		{
			//doLog(0, "temp->subject != NULL, free(temp->subject)\n");
			free(temp->subject);
		}
		//doLog(0, "free(temp)\n");
		free(temp);
		temp = NULL;
	}
}


void free_stream_node(tcp_stream_node *stream_node)
{
	
	if (stream_node==NULL)
		return;
	else
	{
		//doLog(0, "stream_node!=NULL, free_pop3_mail_list()\n");	
		free_pop3_mail_list(stream_node->mail_list);
	}
	//doLog(0, "free(stream_node)\n");	
	free(stream_node);
}


void pop3_thread(void)
{
	//doLog(0, "begin pop3_thread()\n");
	time_t now = 0;
	tcp_stream_node *stream_node = NULL;
	tcp_stream_node *prev_node = NULL;
	pop3_mail *temp=NULL;

	while (POP3_THREAD_STATUS)
	{
		sleep(1);
		now = time(NULL);
		stream_node = tcp_stream_head;
		//doLog(0, "find a stream()\n");
		if (stream_node == NULL)
		{
			continue;
		}
		if (now - stream_node->etime >= CHK_END_TIME)
		{
			//doLog(0, "find a close stream()\n");

			temp = stream_node->mail_list;
			while (temp!=NULL)
			{
				if (temp->fp_open==1)
				{
					temp->fp_open=0;
					//doLog(0, "close fp!\n");
					close(temp->fp);
				}
				//doLog(0, "b_flag : %u, e_flag : %u\n", temp->b_flag, temp->e_flag);
				if (temp->b_flag>0 && temp->e_flag>0)
				{
					temp->mail_len = temp->e_flag - temp->b_flag;
					//doLog(0, "mail_len : %u\n", temp->mail_len);
					analysis_pop3(temp);
					write_database(stream_node, temp);

				}
				else
				{
					//if (temp->b_flag<=0)
					//	doLog(0, "未开始\n");
					//if (temp->e_flag<=0)
					//	doLog(0, "未结束\n");
					//doLog(0, "Remove File : %s\n", temp->path);
					remove(temp->path);
				}
				temp = temp->next;
			}
		
			pthread_mutex_lock(&pop3_mutex);
			tcp_stream_head = tcp_stream_head->next;
			free_stream_node(stream_node);
			pthread_mutex_unlock(&pop3_mutex);
			
			continue;
		}
		//doLog(0, "stream() no close\n");
		prev_node = stream_node;
		for (stream_node = stream_node->next; stream_node != NULL; )
		{
			if (now - stream_node->etime < CHK_END_TIME)
			{
				prev_node = stream_node;
				stream_node = stream_node->next;
				continue;
			}
			//doLog(0, "find a close stream()\n");
			
			temp = stream_node->mail_list;
			while (temp!=NULL)
			{
				if (temp->fp_open==1)
				{
					temp->fp_open=0;
					close(temp->fp);
				}
				//doLog(0, "b_flag : %u, e_flag : %u\n", temp->b_flag, temp->e_flag);
				if (temp->b_flag>0 && temp->e_flag>0)
				{
					temp->mail_len = temp->e_flag - temp->b_flag;
					
					analysis_pop3(temp);
					write_database(stream_node, temp);

				}
				else
				{
					//if (temp->b_flag<=0)
					//	doLog(0, "未开始\n");
					//if (temp->e_flag<=0)
					//	doLog(0, "未结束\n");
					//doLog(0, "Remove File : %s\n", temp->path);
					remove(temp->path);
				}
				temp = temp->next;
			}

			pthread_mutex_lock(&pop3_mutex);
			prev_node->next = stream_node->next;
			free_stream_node(stream_node);
			stream_node = prev_node->next;
			pthread_mutex_unlock(&pop3_mutex);
		}
	}

	//doLog(0, "end pop3_thread()\n");
}

void get_id(char *temp, u_int16_t *id)
{
	char *str=NULL;
	int len = strlen(temp)-7+1;
	//doLog(0, "len : %u\n", len);
	if (len<=1)
		*id=0;
	else
	{
		str = (char *)malloc(len);
		memset(str, 0, len);
		memcpy(str, temp+5, len-1);
		//doLog(0,"str : %s\n", str);
		*id = atoi(str);
		free(str);
	}
	return;
}


int deal_packet(const char *packet, int len)
{
	struct ether_header *peth = NULL;
	struct iphdr *pip = NULL;
	struct tcphdr *ptcp = NULL;

	u_int16_t flags = 0;
	u_int16_t head_len = 0;
	u_int16_t data_len = 0;
	time_t now = 0;
	char *temp=NULL;
	u_int16_t temp_id = 0;
	
	pop3_mail *temp_mail=NULL;

	peth = (struct ether_header *)packet;
	pip = (struct iphdr *)(packet + sizeof(struct ether_header)); //pip指向ip层的包头
	ptcp = (struct tcphdr *)((char *)pip + sizeof(struct iphdr)); //ptcp指向tcp头部
	
	//0x003f = 111111 B
	flags = *((char *)ptcp + 13) & 0x003f;	//source+dest+seq+ack_seq+1=13
	head_len = pip->ihl*4 + ptcp->doff*4;
	data_len = ntohs(pip->tot_len) - head_len;
	now = time(NULL);
	
	//doLog(0, "data_len = %d, flags = 0X%04x, source=%u, dest=%u\n", data_len, flags, ntohs(ptcp->source), ntohs(ptcp->dest));
	
	//0x0010 = 010000 B
	if (data_len == 0 && flags == 0x0010)//没有携带数据的ACK包
	{
		u_int32_t hash = pip->saddr + pip->daddr + ntohs(ptcp->source) + ntohs(ptcp->dest);
		tcp_stream_node *stream_node = find_node_by_hash(tcp_stream_head, hash);
		if (stream_node == NULL)
		{
			//doLog(0, "can't find the tcp_stream_node, lost this packet.\n");
			return ACCEPT;
		}

		if ((stream_node->req_stream.source != ntohs(ptcp->source)) && (stream_node->res_stream.source != ntohs(ptcp->source)))
		{
			//doLog(0, "to determine req_stream or res_stream wrong!\n");
			return ACCEPT;
		}

		stream_node->etime = now;

		return ACCEPT;
	}

	//0x0002 = 000010 B
	if (flags == 0x0002)//SYN请求包
	{
		//doLog(0, "it's the SYN packet, lost it.\n");
		return ACCEPT;
	}
	//0x0012 = 010010 B
	else if (flags == 0x0012)//SYN应答包
	{
		//smtp首先由客户端向服务端的110端口发起连接请求,然后由服务端110端口应答客户端,如果SYN应答包中源端口不为110则代表该连接不是POP3连接
		if (ntohs(ptcp->source)!=110)
		{
			return ACCEPT;
		}
		
		u_int32_t hash = pip->saddr + pip->daddr + ntohs(ptcp->source) + ntohs(ptcp->dest);
		
		tcp_stream_node *stream_node = find_node_by_hash(tcp_stream_head, hash);
		if (stream_node != NULL)
		{
			//应该覆盖原来内容????????????????????
			//doLog(0, "has found the tcp_stream_node, lost this packet.\n");
			return ACCEPT;
		}

		//doLog(0, "begin create a new tcp_stream_node.\n");

		stream_node = (tcp_stream_node *)malloc(sizeof(tcp_stream_node));
		
		//doLog(0, "malloc new tcp_stream_node.\n");
		
		memset(stream_node, 0, sizeof(tcp_stream_node));

		stream_node->hash = hash;
		stream_node->saddr = pip->daddr;
		stream_node->daddr = pip->saddr;
		stream_node->seq_beg = ntohl(ptcp->ack_seq);
		stream_node->ack_beg = ntohl(ptcp->seq)+1;
		stream_node->stime = now;
		stream_node->etime = now;
		
		stream_node->req_stream.source = ntohs(ptcp->dest);
		stream_node->req_stream.dest = ntohs(ptcp->source);
		stream_node->res_stream.source = ntohs(ptcp->source);
		stream_node->res_stream.dest = ntohs(ptcp->dest);
		
		memcpy(stream_node->smac, peth->ether_dhost, ETH_ALEN);
		memcpy(stream_node->dmac, peth->ether_shost, ETH_ALEN);
		
		
		stream_node->link_state = POP3_LINKED;//通讯状态设置为连接