dealpacket.h

Linux环境下mail监控程序的源代码

#ifndef _DEAL_PACKET_H_
#define _DEAL_PACKET_H_

#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <time.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <net/ethernet.h>
#include <pthread.h>

#include "myfunc.h"
#include "daoutil.h"
#include "decode.h"

#define PATH_MAXLEN 256
#define TEMP_PATH	"/usr/local/mbond/eml/"		//注意将该目录的权限改为 drwxr-xr-x apache:apache,这样可以避免网页没有权限访问该目录
#define MAIL_LINE	512
#define MAIL_FROM_LEN			256
#define MAIL_TO_LEN				256
//#define MAIL_SUBJECT_LEN		512
#define DB_MAIL_TABLE_NAME		"nbemail"


#define CHK_END_TIME 10			//连接被检查的超时时间
#define TIME_OUT 120			//连接被强制关闭的超时时间


typedef struct s_tcp_stream
{
	u_int16_t source;
	u_int16_t dest;
	u_int32_t fp;
	char      path[PATH_MAXLEN];
	u_int32_t bflag;
	u_int32_t eflag;
	//u_int32_t e_f;//  \r\f.\r\f 结束标记出现在数据包的开始部分
	u_int32_t e_b;//  \r\f.\r\f	结束标记出现在数据包的结束部分
}tcp_stream;

typedef struct s_tcp_stream_node
{
	u_int32_t	hash;
	u_int8_t	smac[ETH_ALEN];
	u_int8_t	dmac[ETH_ALEN];
	u_int32_t	saddr;
	u_int32_t	daddr;
	u_int32_t   seq_beg;
	tcp_stream	req_stream;
	tcp_stream	res_stream;
	time_t stime;
	time_t etime;
	u_int32_t   mail_len;
	char		from[MAIL_FROM_LEN];
	char		*rcpt_to;
	char		*to;
	char		*cc;
	char		*bcc;
	char		*subject;
	struct s_tcp_stream_node *next;
}tcp_stream_node;


u_int32_t SMTP_THREAD_STATUS;

tcp_stream_node *tcp_stream_head;

int create_smtp_thread(pthread_t *pid);

int close_smtp_thread(pthread_t pid);

char *create_sql(tcp_stream_node *stream_node);

void write_database(tcp_stream_node *stream_node);

void analysis_smtp(tcp_stream_node *stream_node);

void analysis_subject(char **subject);

void find_mail_bcc(tcp_stream_node *stream_node);

void free_stream_node(tcp_stream_node *stream_node);

int deal_packet(const char *packet, int len);

void smtp_thread(void);

tcp_stream_node *find_node_by_hash(tcp_stream_node *tcp_stream_head, u_int32_t hash);

#endif//_DEAL_PACKET_H_