ack Scen
Chapter 5. Conclusion and Future Work
Developing a traceback system that can trace a single packet has been viewed as impractical due to the tremendous storage requirements of saving packet data. We believe that the implementation of IPM router is feasible for tracing a single packet. Our system is based on the observation that the marking information under attack would discover the attack path.
Our system contains three schemes for implementation. In the marking scheme, we utilize the identifiable number to reduce the space of the option. Additionally, we use MD5 function to hash a number for verification of the fields. Attackers have to try the correct hash number for masquerading option fields. The marking scheme marks packets according the domain value of RIP setting. We could choose networks that we want to mark or not. In the logging scheme, we use buffer space to reduce same records and store them into local database. Same packet information gathers into one record during a moment. In the traceback scheme, we could find the area that packets belong to according the records. The records show the IID information so that we could transfer IID to normal IP address to know the area.
Packets with wrong address are discovered by comparing the area and IP address.
An advantage of our system is that it works in real-time and non-real-time and traces a single packet. No matter how attackers modify the source IP address, the area that packets come from can not be hidden.
Commercial firewalls filter out packets by rules set by management. Packets with marking information may drop by firewall so that the transmission is not complete and failure.
In the future, the marking information may put into other header or fields which are infrequent used. The database of each IPM router could interact for changing marking information so that the whole routing path would discover.
IPM would combine with other technique for traceback in wireless network. Access points (AP) in wireless network should keep the connection information during connecting to them such that the IPM could traceback to the AP and AP applies MAC address to know who
- 36-
uses this IP address. APs are the roles of monitoring all information of mobile stations.
- 37-
References
[1] S. Savage, D. Wetherall, A. Karlin, and T. Anderson, “Network Support for IP Traceback,” IEEE/ACM Transactions on Networking, vol. 9, no. 3, pp. 226-237, 2001.
[2] S. Deering, “Internet Protocol, Version 6 IPv6,” RFC 2460, 1998.
[3] A. Belenky and N. Ansari, “IP Traceback With Deterministic Packet Marking,” IEEE Communication Letters, vol. 7, pp. 162-164, Apr. 2003.
[4] A. Belenky and N. Ansari, “Tracing multiple attackers with deterministic packet marking (DPM),” in Proceedings of IEEE Pacific Rim Con. Communications, Computers and Signal Processing, vol. 1, pp. 49-52, Aug. 2003.
[5] R. Chen, J. Park, and R. Marchany, “RIM: Router Interface Marking for IP Traceback,”
in Proceedings of IEEE GLOBECOM, pp. 1-5, Nov. 2006.
[6] A. Snoeren, C. Partridge, L. Sanchez, C. Jones, F. Tchakountio, B. Schwartz, S. Kent, and W. Strayer, “Single-Packet IP Traceback,” IEEE/ACM Transactions on Networking, vol. 10, no. 6, pp. 721-734, 2002.
[7] D. Basheer and G. Manimaran, “Novel hybrid schemes employing packet marking and logging for IP traceback,” IEEE Trans. Parallel and Distributed Systems, Vol. 17(5), pp.
403– 418, May 2006.
[8] S. Bellovin, M. Leech, and T. Taylor, ICMP Traceback Messages, Internet Draft, draft-ietf-itrace-04.txt, Feb. 2003.
[9] A. Yaar, A.Perrig, and D.Song, "FIT: Fast Internet Traceback," in Proceedings of INFOCOM, Mar. 2005, pp. 1395–1406.
Code Code Code Code Code
e 1 mpcset.
e 2 mylisten e 3 myd.c ..
e 4 Traceba e 5 br_forw
c ...
ner.c ...
...
ack.java ....
ward.c ...
Appe
...
...
...
...
...
Fi
-
38-endix A
...
...
...
...
...
gure 27 Ass
A. Cod
...
...
...
...
...
sociation
des
...
...
...
...
...
...
...
...
...
...
... 39 ... 46 ... 58 ... 60 ... 68 9 6
0
- 39-
Code 1 mpcset.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <syscall.h>
#define RED "\E[31m\E[1m"
#define GREEN "\E[32m\E[1m"
#define BLUE "\E[34m\E[1m"
#define NORMAL "\E[m"
unsigned int reverse_submask(unsigned int num){
int i;
unsigned int submask;
submask=0;
for(i=31;i>=0;i--){
if(num%2==1)
submask += 1<<i;
num = num>>1;
}
return submask;
}
void savefile(){
FILE *output;
int i;
int temp;
if((output=fopen("mpc.config","w+"))==NULL){
printf("File mpc.config is not writeable!\n");
return;
}
// save IID first
// save SETPN second // save RIP records
fprintf(output,"%d\n",syscall(__NR_getIID));
fprintf(output,"%d\n",syscall(__NR_getSETPN));
temp = syscall(__NR_getCNT);
for(i=1;i<=temp;i++)
fprintf(output,"%d/%d\n",syscall(__NR_getRIP,i),syscall(__NR_getSUB,i));
fclose(output);
}
void loadfile(){
FILE *input;
int cnt;
int iid;
int setpn;
unsigned int ip;
- 40-
unsigned int submask;
if((input=fopen("/home/wnl/mpc.config","r"))==NULL){
fprintf(stderr,RED"File mpc.config is not found!\n"NORMAL);
exit(-1);
}
// read IID first
if(fscanf(input,"%d\n",&iid)==EOF){
fprintf(stderr,RED"File mpc.config is not correct context!\n"NORMAL);
fclose(input);
exit(-1);
}
if(iid<1 || iid>511){
fprintf(stderr,RED"File mpc.config is not correct context!\n"NORMAL);
fclose(input);
exit(-1);
}
syscall(__NR_setIID,iid);
// read SETPN second
if(fscanf(input,"%d\n",&setpn)==EOF){
fprintf(stderr,RED"File mpc.config is not correct context!\n"NORMAL);
fclose(input);
exit(-1);
}
if(setpn<0 || setpn>1){
fprintf(stderr,RED"File mpc.config is not correct context!\n"NORMAL);
fclose(input);
exit(-1);
}
syscall(__NR_setSETPN,setpn);
// clean RIP all records
syscall(__NR_setCNT,0);
cnt=0;
// read RIP records
while(fscanf(input,"%d/%d\n",&ip,&submask)!=EOF){
cnt++;
syscall(__NR_setRIP,ip,cnt);
syscall(__NR_setSUB,submask,cnt);
syscall(__NR_setCNT,cnt);
}
fclose(input);
printf(GREEN"Load mpc.config is finished!\n"NORMAL);
}
void IID(unsigned int iid){
if(iid < 1 || iid > 511){
fprintf(stderr,RED"IID Number out of range (1-511)\n"NORMAL);
exit(-1);
}
- 41-
syscall(__NR_setIID,iid);
printf(GREEN"IID = %d\n"NORMAL,syscall(__NR_getIID));
savefile();
}
void RIP(int modes,int argc,char **argv){
char *ip_str;
char *submask_str;
unsigned int ip;
unsigned int temp;
int count;
int num;
unsigned int submask;
unsigned int submask_2;
// param[0] = add, del or show if(modes==1){
// add
if(argc<2){
fprintf(stderr,RED"Too few parameter: rip add
<ip/submask>\n"NORMAL);
exit(-1);
}
// divide ip and submask ip_str=strtok(argv[1],"/");
submask_str=strtok(NULL,"/");
// deal with IP
ip_str=strtok(ip_str,".");
ip = 0;
count = -8;
while(ip_str != NULL){
count += 8;
temp = atoi(ip_str);
if(temp > 255 || temp < 0){
fprintf(stderr,RED"Error : IP address is not correct!\n"NORMAL);
exit(-1);
}
ip += (temp << count);
ip_str = strtok(NULL,".");
}
if(count != 24){
fprintf(stderr,RED"Error : IP address is not correct!\n"NORMAL);
exit(-1);
}
// deal with submask
submask_2 = atoi(submask_str);
submask=0;
while(submask_2>0){
submask = submask*2 + 1;
- 42-
submask_2--;
}
temp = syscall(__NR_getCNT);
if(temp>=30){
fprintf(stderr,RED"Error : The records are full! Please delete record first!\n"NORMAL);
exit(-1);
}
temp++;
syscall(__NR_setRIP,ip,temp);
syscall(__NR_setSUB,submask,temp);
syscall(__NR_setCNT,temp);
savefile();
printf(GREEN"Add the record into RIP!\n");
printf("IP:%d.%d.%d.%d\t",ip&0xFF,ip>>8&0xFF,ip>>16&0xFF,ip>>24&0xFF);
printf("submask:%08X\n"NORMAL,reverse_submask(submask));
}else if(modes==2){
// del
if(argc<2){
fprintf(stderr,RED"Too few parameter: rip del <ip/submask>\n"NORMAL);
exit(-1);
}
// divide ip and submask ip_str=strtok(argv[1],"/");
submask_str=strtok(NULL,"/");
// deal with IP
ip_str=strtok(ip_str,".");
ip = 0;
count = -8;
while(ip_str != NULL){
count += 8;
temp = atoi(ip_str);
if(temp > 255 || temp < 0){
fprintf(stderr,RED"Error : IP address is not correct!\n"NORMAL);
exit(-1);
}
ip += (temp << count);
ip_str = strtok(NULL,".");
}
if(count != 24){
fprintf(stderr,RED"Error : IP address is not correct!\n"NORMAL);
exit(-1);
}
// deal with submask
submask_2 = atoi(submask_str);
submask=0;
while(submask_2>0){
submask = submask*2 + 1;
- 43-
submask_2--;
}
temp = syscall(__NR_getCNT);
//search the records
num = 1;
while(temp >= num){
if(syscall(__NR_getRIP,num)==ip &&
syscall(__NR_getSUB,num)==submask){
break;
} num++;
}
if(num>temp){
fprintf(stderr,RED"Error : The record is not found!\n"NORMAL);
exit(-1);
}
ip=syscall(__NR_getRIP,temp);
submask=syscall(__NR_getSUB,temp);
syscall(__NR_setRIP,ip,num);
syscall(__NR_setSUB,submask,num);
temp--;
syscall(__NR_setCNT,temp);
savefile();
printf(GREEN"Succeed! Delete the record from RIP!\n"NORMAL);
}else if(modes==3){
// show
temp = syscall(__NR_getCNT);
printf(GREEN"The records(Total:%d):\n",temp);
for(num=1; num<=temp; num++){
ip=syscall(__NR_getRIP,num);
submask=syscall(__NR_getSUB,num);
printf("IP:%d.%d.%d.%d\t",ip&0xFF,ip>>8&0xFF,ip>>16&0xFF,ip>>24&0xFF);
printf("submask:%08X\n",reverse_submask(submask));
}
printf(NORMAL);
} }
void SETPN(unsigned int setpn){
if(setpn < 0 || setpn > 1){
fprintf(stderr,RED"SETPN Number out of range (0-1)\n"NORMAL);
exit(-1);
}
syscall(__NR_setSETPN,setpn);
savefile();
printf(GREEN"SETPN = %d\n"NORMAL,setpn);
}
- 44-
int main(int argc, char **argv) {
char *cmds[]={"iid","rip","setpn","load","help"};
char *ripcmds[]={"add","del","show"};
int modes,ripmodes;
if(argc < 2) {
fprintf(stderr,RED"%s <execute command> <parameter>\n"NORMAL, argv[0]);
return -1;
}
if(!strcasecmp(cmds[0],argv[1])){
// iid
modes=1;
}else if(!strcasecmp(cmds[1],argv[1])){
// rip
modes=2;
}else if(!strcasecmp(cmds[2],argv[1])){
// setpn
modes=3;
}else if(!strcasecmp(cmds[3],argv[1])){
// load config loadfile();
return 0;
}else if(!strcasecmp(cmds[4],argv[1])){
// help
printf("---\n");
printf("Example:\n");
printf("\tShow IID Number : %s iid\n",argv[0]);
printf("\tSet IID Number : %s iid <number 1-511>\n",argv[0]);
printf("\tAdd ip and submask : %s rip add <ip>/<submask 0-32>\n",argv[0]);
printf("\tDelete ip and submask : %s rip del <ip>/<submask 0-32>\n",argv[0]);
printf("\tShow all ip and submask : %s rip show\n",argv[0]);
printf("\tShow SETPN Number : %s setpn\n",argv[0]);
printf("\tSet SETPN Number : %s setpn <number 0-1>\n",argv[0]);
printf("\tLoad the setting : %s load\n",argv[0]);
printf("---\n");
return 0;
}else{
fprintf(stderr,RED"%s <execute command> <parameter>\n"NORMAL, argv[0]);
fprintf(stderr,RED"%s %s:Unknow\n"NORMAL, argv[0], argv[1]);
return -1;
}
switch(modes){
case 1:
if(argc <3){
- 45-
// show IID
printf(BLUE"IID = %d \n"NORMAL,syscall(__NR_getIID));
return 0;
}else{
IID(atoi(argv[2]));
} break;
case 2:
if(argc <3){
fprintf(stderr,RED"%s rip [\"add <ip>/<submask 0-32>\" | \"del
<ip>/<submask 0-32>\" | \"show\"]\n"NORMAL, argv[0]);
return -1;
}
if(!strcasecmp(ripcmds[0],argv[2])){
// add
ripmodes=1;
}else if(!strcasecmp(ripcmds[1],argv[2])){
// del
ripmodes=2;
}else if(!strcasecmp(ripcmds[2],argv[2])){
// show
ripmodes=3;
}else{
fprintf(stderr,RED"%s rip [\"add <ip>/<submask 0-32>\" | \"del
<ip>/<submask 0-32>\" | \"show\"]\n"NORMAL, argv[0]);
fprintf(stderr,RED"%s rip %s:Unknow\n"NORMAL, argv[0],argv[2]);
return -1;
}
RIP(ripmodes,argc-2,&argv[2]);
break;
case 3:
if(argc <3){
// show SETPN
printf(BLUE"SETPN = %d \n"NORMAL,syscall(__NR_getSETPN));
return 0;
}else{
SETPN(atoi(argv[2]));
} break;
default:
break;
}
return 0;
}
- 46-
Code 2 mylistener.c
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <fcntl.h>
#include <netpacket/packet.h>
#include <net/if.h>
#include <net/if_arp.h>
#include <netinet/in.h>
#include <net/ethernet.h>
#include <netinet/ether.h>
#include <netinet/ip.h>
#include <netinet/udp.h>
#include <netinet/tcp.h>
#include <linux/if_ether.h>
#include <arpa/inet.h>
#include <sys/ioctl.h>
#include <unistd.h>
#include <time.h>
#include <sys/time.h>
#include <signal.h>
#include <mysql/mysql.h>
#include <linux/unistd.h>
#define RED "\E[31m\E[1m"
#define GREEN "\E[32m\E[1m"
#define YELLOW "\E[33m\E[1m"
#define BLUE "\E[34m\E[1m"
#define NORMAL "\E[m"
#define MAX_BUFFER 100 // max number of records
#define MAX_SECOND 60.0 // Time of life for each record
// The option from internet without editing, only get the infomation and copy to this structure
typedef struct Tempop {
unsigned short option:8, length:8;
unsigned char ops[6];
} Tempop;
// The option corss Tempop structure and get the correct information to each field typedef struct Myop {
unsigned short option:8, length:8;
unsigned short hash;
unsigned short IID[6];
}Myop;
- 47-
// Full information for each packet typedef struct ops {
time_t Ts,Te; // time of first packet crossed and time of last packet crossed (Same info.)
unsigned int source_IP; // Source IP unsigned int dest_IP; // Destination IP unsigned short protocol; // IP Protocol unsigned int source_PORT; // Source Port unsigned int dest_PORT; // Destination Port unsigned short IID_Num; // Number of IIDs Myop op; // Packet Option Information
struct ops *next,*pre; // Linking list according to time (H:earlist T:latest) struct ops *IID_next,*IID_pre; // Linking list according to number of IIDs }OPs;
// Global variables
int RecordNum; // count number of information
OPs *IIDListH[6], *IIDListT[6]; // IID linking list Head and Tail OPs *TimeListH,*TimeListT; // Time linking list Head and Tail MYSQL mysql;
char *host;
char *database;
char *user;
char *passwd;
unsigned int IID;
int Get_IfaceIndex(int fd, const char* interfaceName) {
struct ifreq ifr;
if (interfaceName == NULL) {
return -1;
}
memset(&ifr, 0, sizeof(ifr));
strcpy(ifr.ifr_name, interfaceName);
if (ioctl(fd, SIOCGIFINDEX, &ifr) == -1) {
printf("RED ioctl error\n");
return -1;
}
return ifr.ifr_ifindex;
}
int set_Iface_promisc(int fd, int dev_id) {
struct packet_mreq mr;
memset(&mr,0,sizeof(mr));
mr.mr_ifindex = dev_id;
mr.mr_type = PACKET_MR_PROMISC;
- 48-
if(setsockopt(fd, SOL_PACKET,
PACKET_ADD_MEMBERSHIP,&mr,sizeof(mr))==-1) {
fprintf(stderr,"GREEN set promisc failed! \n");
return -1;
}
return 0;
}
int compareBuf(OPs *CP1, OPs *CP2){
if(CP1->source_IP == CP2->source_IP && CP1->dest_IP == CP2->dest_IP) if(CP1->dest_PORT == CP2->dest_PORT && CP1->protocol ==
CP2->protocol)
if(CP1->op.IID[0] == CP2->op.IID[0] &&CP1->op.IID[1] ==
CP2->op.IID[1] &&CP1->op.IID[2] == CP2->op.IID[2] &&CP1->op.IID[3] ==
CP2->op.IID[3] )
return 1;
return 0;
}
void usage(char *exename) {
fprintf(stderr,RED"%s <interface>\n"NORMAL, exename);
}
void printPacket(OPs *Opbuf) {
struct tm sts,ste;
#ifdef SunOS
memcpy(&sts, localtime(&Opbuf->Ts), sizeof(struct tm));
memcpy(&ste, localtime(&Opbuf->Te), sizeof(struct tm));
#else
localtime_r(&Opbuf->Ts, &sts);
localtime_r(&Opbuf->Te, &ste);
#endif
fprintf(stdout,"Start: %04d-%02d-%02d %02d:%02d:%02d
",sts.tm_year+1900,sts.tm_mon+1,sts.tm_mday,sts.tm_hour,sts.tm_min,sts.tm_sec);
fprintf(stdout,"End: %04d-%02d-%02d
%02d:%02d:%02d\n",ste.tm_year+1900,ste.tm_mon+1,ste.tm_mday,ste.tm_hour,ste.tm_mi n,ste.tm_sec);
fprintf(stdout,"source IP = 0x%08x",Opbuf->source_IP);
fprintf(stdout,"(%d.%d.%d.%d)",Opbuf->source_IP>>24&0xFF,Opbuf->source_IP>>
16&0xFF,Opbuf->source_IP>>8&0xFF,Opbuf->source_IP&0xFF);
fprintf(stdout," ---> ");
fprintf(stdout,"dest IP = 0x%08x",Opbuf->dest_IP);
fprintf(stdout,"(%d.%d.%d.%d)\n",Opbuf->dest_IP>>24&0xFF,Opbuf->dest_IP>>16
&0xFF,Opbuf->dest_IP>>8&0xFF,Opbuf->dest_IP&0xFF);
if(Opbuf->protocol == 6)
- 49-
fprintf(stdout,"Protocol:TCP(%d) ",Opbuf->protocol);
if(Opbuf->protocol == 17)
fprintf(stdout,"Protocol:UDP(%d) ",Opbuf->protocol);
fprintf(stdout,"Source Port:%d Dest Port:%d\n ",Opbuf->source_PORT, Opbuf->dest_PORT);
fprintf(stdout,"Option=%d, Length=%d, Hash=%d,\n",Opbuf->op.option, Opbuf->op.length, Opbuf->op.hash);
fprintf(stdout," Router Number:%d -->",Opbuf->IID_Num);
fprintf(stdout,"IID1=%d ,IID2=%d,IID3=%d,
",Opbuf->op.IID[0],Opbuf->op.IID[1],Opbuf->op.IID[2]);
fprintf(stdout,"IID4=%d ,IID5=%d,IID6=%d\n\n",Opbuf->op.IID[3],Opbuf->op.IID[4 ],Opbuf->op.IID[5]);
}
void PacketRecv() {
int i;
time_t nt,nowt;
struct tm sts,ste;
OPs *tbuf;
char *query;
// get the time and date time(&nt);
memcpy(&nowt,&nt,sizeof(time_t));
tbuf = TimeListH;
while(tbuf != NULL){
if(difftime(nowt,tbuf->Ts) > MAX_SECOND) {
#ifdef SunOS
memcpy(&sts, localtime(&tbuf->Ts), sizeof(struct tm));
memcpy(&ste, localtime(&tbuf->Te), sizeof(struct tm));
#else
localtime_r(&tbuf->Ts, &sts);
localtime_r(&tbuf->Te, &ste);
#endif
query = malloc(256*sizeof(char));
sprintf(query,"insert into
tam(Stime,Etime,SIP,DIP,Protocol,DPORT,IIDNUM,IID1,IID2,IID3,IID4,IID5,IID6) \ value('%04d-%02d-%02d %02d:%02d:%02d','%04d-%02d-%02d
%02d:%02d:%02d',0x%08x,0x%08x,%d,%d,%d,%d,%d, \
%d,%d,%d,%d)",sts.tm_year+1900,sts.tm_mon+1,sts.tm_mday,sts.tm_hour,sts.tm_mi n,sts.tm_sec, \
ste.tm_year+1900,ste.tm_mon+1,ste.tm_mday,ste.tm_hour,ste.tm_min,ste.tm_sec,tbuf ->source_IP,tbuf->dest_IP,tbuf->protocol, \
- 50-
tbuf->dest_PORT,tbuf->IID_Num,tbuf->op.IID[0],tbuf->op.IID[1],tbuf->op.IID[2],tb uf->op.IID[3],tbuf->op.IID[4],tbuf->op.IID[5]);
if(mysql_real_query(&mysql,query,strlen(query))){
if(!mysql_real_connect(&mysql,host,user,passwd,database,0,NULL,0)){
fprintf(stderr, "Failed to connect to database: Error: %s\n", mysql_error(&mysql));
return ; }
}
// delete the record
TimeListH = TimeListH->next;
if(TimeListH == NULL)
TimeListT = NULL;
else
TimeListH->pre = NULL;
if(tbuf->IID_pre == NULL){
// it's head
IIDListH[tbuf->IID_Num-1] = IIDListH[tbuf->IID_Num-1]->IID_next;
if(IIDListH[tbuf->IID_Num-1] == NULL)
// no data
IIDListT[tbuf->IID_Num-1] = NULL;
else
IIDListH[tbuf->IID_Num-1] -> IID_pre = NULL;
}else{
if(tbuf->IID_next == NULL){
// it's tail
IIDListT[tbuf->IID_Num-1] = tbuf->IID_pre;
IIDListT[tbuf->IID_Num-1]->IID_next = NULL;
}else{
// it's middle
tbuf->IID_pre->IID_next = tbuf->IID_next;
tbuf->IID_next->IID_pre = tbuf->IID_pre;
} }
RecordNum--;
free(tbuf);
}else break;
tbuf = tbuf->next;
} }
void recordMAX() {
- 51-
OPs *tbuf; // options pointer struct tm sts,ste; // structure of time int i;
char *query;
tbuf = TimeListH;
#ifdef SunOS
memcpy(&sts, localtime(&tbuf->Ts), sizeof(struct tm));
memcpy(&ste, localtime(&tbuf->Te), sizeof(struct tm));
#else
localtime_r(&tbuf->Ts, &sts);
localtime_r(&tbuf->Te, &ste);
#endif
query = malloc(256*sizeof(char));
sprintf(query,"insert into
tam(Stime,Etime,SIP,DIP,Protocol,DPORT,IIDNUM,IID1,IID2,IID3,IID4,IID5,IID6) \ value('%04d-%02d-%02d %02d:%02d:%02d','%04d-%02d-%02d
%02d:%02d:%02d',0x%08x,0x%08x,%d,%d,%d,%d,%d, \
%d,%d,%d,%d)",sts.tm_year+1900,sts.tm_mon+1,sts.tm_mday,sts.tm_hour,sts.tm_mi n,sts.tm_sec, \
ste.tm_year+1900,ste.tm_mon+1,ste.tm_mday,ste.tm_hour,ste.tm_min,ste.tm_sec,tbuf ->source_IP,tbuf->dest_IP,tbuf->protocol, \
tbuf->dest_PORT,tbuf->IID_Num,tbuf->op.IID[0],tbuf->op.IID[1],tbuf->op.IID[2],tb uf->op.IID[3],tbuf->op.IID[4],tbuf->op.IID[5]);
if(mysql_real_query(&mysql,query,strlen(query))){
if(!mysql_real_connect(&mysql,host,user,passwd,database,0,NULL,0)){
fprintf(stderr, "Failed to connect to database: Error: %s\n", mysql_error(&mysql));
return;
} }
// delete the record
TimeListH = TimeListH->next;
if(TimeListH == NULL) TimeListT = NULL;
else
TimeListH->pre = NULL;
if(tbuf->IID_pre == NULL){
// it's head
IIDListH[tbuf->IID_Num-1] = IIDListH[tbuf->IID_Num-1]->IID_next;
if(IIDListH[tbuf->IID_Num-1] == NULL)
// no data
IIDListT[tbuf->IID_Num-1] = NULL;
else
IIDListH[tbuf->IID_Num-1] -> IID_pre = NULL;
- 52-
}else{
if(tbuf->IID_next == NULL){
// it's tail
IIDListT[tbuf->IID_Num-1] = tbuf->IID_pre;
IIDListT[tbuf->IID_Num-1]->IID_next = NULL;
}else{
// it's middle
tbuf->IID_pre->IID_next = tbuf->IID_next;
tbuf->IID_next->IID_pre = tbuf->IID_pre;
} }
RecordNum--;
free(tbuf);
}
int main(int argc, char **argv) {
int listen_fd;
int ipak=0,maxk=0;
char buffer[256];
int frmlen;
int i;
sigset_t intmask,oldmask;
Tempop *top; // option pointer to packet OPs *Opbuf; // packet buffer for record OPs *tbuf; // pointer used for linking list time_t t; // time
struct sockaddr_ll sll;
struct ether_header *eptr; /* net/ethernet.h */
struct iphdr *ip; // for ip header struct tcphdr *tcp; // for tcp header struct udphdr *udp; // for udp header struct tm sts,ste; // structure of time struct itimerval value;
u_short ether_type;
if(argc <2) {
usage(argv[0]);
return -1;
}
listen_fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
sll.sll_family = AF_PACKET;
sll.sll_ifindex = Get_IfaceIndex(listen_fd,argv[1]);
sll.sll_protocol = htons(ETH_P_ALL);
if(bind(listen_fd,(struct sockaddr *)(&sll),sizeof(sll))==-1)
- 53-
{
fprintf(stderr,YELLOW"bind error:%s !\n"NORMAL,strerror(errno));
goto FAIL;
}
if(set_Iface_promisc(listen_fd,sll.sll_ifindex) == -1) {
fprintf(stderr,"BLUE set promisc failed !\n");
goto FAIL;
} // read IID
IID = syscall(__NR_getIID);
if(argc>2)
maxk = atoi(argv[2]);
RecordNum = 0;
signal(SIGALRM, PacketRecv);
value.it_value.tv_sec = 5;
value.it_value.tv_usec = 0;
value.it_interval.tv_sec = 5;
value.it_interval.tv_usec = 0;
setitimer(ITIMER_REAL,&value, NULL);
for(i=0;i<6;i++) {
IIDListH[i] = NULL;
IIDListT[i] = NULL;
}
TimeListH = NULL;
TimeListT = NULL;
sigemptyset(&intmask);
sigaddset(&intmask,SIGALRM);
host = "127.0.0.1";
user="wnl";
passwd="1234";
database="wnl";
mysql_init(&mysql);
if(!mysql_real_connect(&mysql,host,user,passwd,database,0,NULL,0)){
fprintf(stderr, "Failed to connect to database: Error: %s\n", mysql_error(&mysql));
return 0;
}
fprintf(stdout,"Listen %s start!!\n",argv[1]);
while(!maxk || (ipak < maxk || maxk==0)) {
- 54-
frmlen = recv(listen_fd,buffer,192,MSG_TRUNC); //0->flags (MSG_PEEK,MSG_OOB,MSG_WAITALL,MSG_TRUNC)
if(frmlen < 32) continue;
eptr = (struct ether_header *) buffer;
ether_type = ntohs(eptr->ether_type);
if(ether_type != ETHERTYPE_IP) continue;
// get the address of protocols
ip = (struct iphdr *)(buffer + sizeof(struct ethhdr));
if(ip->ihl==7) {
top = (struct Tempop *)(buffer + sizeof(struct ethhdr) + sizeof(struct iphdr));
if(top->option != 27) continue;
/* ######################## packet record start
######################## */
Opbuf = (OPs *) malloc(sizeof(struct ops));
// get the time and date time(&t);
memcpy(&(Opbuf->Ts),&t, sizeof(time_t));
memcpy(&(Opbuf->Te),&t, sizeof(time_t));
// TCP
if(ip->protocol==6)
tcp = (struct tcphdr *)(buffer + sizeof(struct ethhdr) + sizeof(struct iphdr) + sizeof(struct Tempop) );
// UDP
else if(ip->protocol==17)
udp = (struct udphdr *)(buffer + sizeof(struct ethhdr) + sizeof(struct iphdr) + sizeof(struct Tempop) );
else
continue;
// source IP and destination IP
Opbuf->source_IP = *(int *)&ip->saddr;
Opbuf->source_IP = (Opbuf->source_IP>>24 & 0xFF) | (Opbuf->source_IP>>8 & 0xFF00) | (Opbuf->source_IP<<8 & 0xFF0000) | (Opbuf->source_IP<<24 & 0xFF000000);
Opbuf->dest_IP = *(int *)&ip->daddr;
Opbuf->dest_IP = (Opbuf->dest_IP>>24 & 0xFF) | (Opbuf->dest_IP>>8 &
0xFF00) | (Opbuf->dest_IP<<8 & 0xFF0000) | (Opbuf->dest_IP<<24 & 0xFF000000);
// IP protocol
- 55-
Opbuf->protocol = ip->protocol;
if(ip->protocol==6) {
// TCP - source port & destination port
Opbuf->source_PORT = ntohs(tcp->source);
Opbuf->dest_PORT = ntohs(tcp->dest);
}
else if(ip->protocol==17) {
// UDP - source port & destination port
Opbuf->source_PORT = ntohs(udp->source);
Opbuf->dest_PORT = ntohs(udp->dest);
}
// Packet option
Opbuf->op.option = top->option;
Opbuf->op.length = top->length;
Opbuf->op.hash = (top->ops[4]&0xF) | top->ops[5];
Opbuf->op.IID[0]= top->ops[0] | ((top->ops[4]&0x80)<<1);
Opbuf->op.IID[1]= top->ops[1] | ((top->ops[4]&0x40)<<2);
Opbuf->op.IID[2]= top->ops[2] | ((top->ops[4]&0x20)<<3);
Opbuf->op.IID[3]= top->ops[3] | ((top->ops[4]&0x10)<<4);
Opbuf->op.IID[4]= 0;
Opbuf->op.IID[5]= 0;
// IID number
Opbuf->IID_Num = 0;
if(Opbuf->op.IID[Opbuf->IID_Num]==0) continue;
while(Opbuf->op.IID[Opbuf->IID_Num]!=0) {
Opbuf->IID_Num ++;
}
if(Opbuf->op.IID[Opbuf->IID_Num-1]!=IID){
Opbuf->op.IID[Opbuf->IID_Num] = IID;
Opbuf->IID_Num++;
}else{
if(Opbuf->IID_Num != 1) continue;
}
// pointer default Opbuf->next = NULL;
Opbuf->pre = NULL;
Opbuf->IID_next = NULL;
Opbuf->IID_pre = NULL;
/* ######################## packet record end
######################## */
- 56-
sigprocmask(SIG_BLOCK,&intmask,NULL);
// search the buffer whether the record is exist if(IIDListH[Opbuf->IID_Num-1] ==NULL)
{
// The Head is NULL
IIDListH[Opbuf->IID_Num-1] = Opbuf;
IIDListT[Opbuf->IID_Num-1] = Opbuf;
if(TimeListH == NULL) {
TimeListH = Opbuf;
TimeListT = Opbuf;
}else{
TimeListT->next = Opbuf;
Opbuf -> pre = TimeListT;
TimeListT = Opbuf;
}
RecordNum++;
if(RecordNum > MAX_BUFFER) {
recordMAX();
}
//printPacket(Opbuf);//////////// print the packet information }else{
// search buffer other than head
tbuf = IIDListH[Opbuf->IID_Num-1];
while(tbuf !=NULL)
{
if(compareBuf(tbuf,Opbuf)) break;
tbuf = tbuf->IID_next;
}
if(tbuf != NULL)
{
memcpy(&(tbuf->Te), &(Opbuf->Te), sizeof(time_t));
free(Opbuf);
}else{
// compare not found
IIDListT[Opbuf->IID_Num-1]->IID_next = Opbuf;
Opbuf->IID_pre = IIDListT[Opbuf->IID_Num-1];
IIDListT[Opbuf->IID_Num-1] = Opbuf;
TimeListT ->next = Opbuf;
Opbuf->pre = TimeListT;
TimeListT = Opbuf;
RecordNum++;
if(RecordNum >MAX_BUFFER)
- 57-
{
recordMAX();
}
//printPacket(Opbuf);////////
} }
sigprocmask(SIG_UNBLOCK,&intmask,NULL);
}else{
continue;
} ipak++;
}
mysql_close(&mysql);
return 0;
FAIL:
close(listen_fd);
return -1;
}
- 58-
Code 3 myd.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <sys/time.h>
#include <mysql/mysql.h>
#define MAX_DAY 7
int main(int argc, char **argv) {
time_t t; // time struct tm sts;
char host[] ="127.0.0.1";
char database[]="wnl";
char user[]="root";
char passwd[]="wnl";
char *query;
MYSQL mysql;
mysql_init(&mysql);
// get the time and date
t = time(NULL)- MAX_DAY * 3600 * 24;
#ifdef SunOS
memcpy(&sts, localtime(&t), sizeof(struct tm));
#else
localtime_r(&t, &sts);
#endif
if(!mysql_real_connect(&mysql,host,user,passwd,database,0,NULL,0)){
fprintf(stderr, "Failed to connect to database: Error: %s\n", mysql_error(&mysql));
return 0;
}
query = (char *) malloc(256*sizeof(char));
sprintf(query,"delete from tam where STime<'%04d-%02d-%02d
%02d:%02d:%02d'",sts.tm_year+1900,sts.tm_mon+1,sts.tm_mday,sts.tm_hour,sts.tm_min, sts.tm_sec);
printf("%s",query);
if(mysql_real_query(&mysql,query,strlen(query))){
fprintf(stderr, "Failed to update database: Error: %s\n", mysql_error(&mysql));
}
mysql_close(&mysql);
- 59-
return 0;
}
- 60-
Code 4 Traceback.java