function fetch_useful_headers()
{
$this->subject = $this->headers['subject'];
// Attempt to Get Poster's IP from fields commonly used to store it
if (isset($this->headers['x-posted-by'])) {
$this->ip = parse_ip($this->headers['x-posted-by']);
} else {
if (isset($this->headers['x-originating-ip'])) {
$this->ip = parse_ip($this->headers['x-originating-ip']);
} else {
if (isset($this->headers['x-senderip'])) {
$this->ip = parse_ip($this->headers['x-senderip']);
} else {
if (isset($this->headers['x-mdremoteip'])) {
$this->ip = parse_ip($this->headers['x-mdremoteip']);
} else {
if (isset($this->headers['received'])) {
$this->ip = parse_ip($this->headers['received']);
}
}
}
}
}
// Fetch From email and Possible name
if (preg_match('!(.*?)<(.*?)>!', $this->headers['from'], $matches)) {
$this->from_email = trim($matches[2]);
if (!empty($matches[1])) {
$matches[1] = trim($matches[1]);
if ($matches[1][0] == '"' && substr($matches[1], -1) == '"') {
$this->from_name = substr($matches[1], 1, -1);
} else {
$this->from_name = $matches[1];
}
} else {
$this->from_name = $this->from_email;
}
if (preg_match('![^A-Za-z0-9\\-_ ]!', $this->from_name)) {
$this->from_name = substr($this->from_email, 0, strpos($this->from_email, '@'));
}
} else {
$this->from_email = trim($this->headers['from']);
$this->from_name = substr($this->from_email, 0, strpos($this->from_email, '@'));
}
if (empty($this->from_email) || empty($this->from_name)) {
trigger_error("no name or email for {$this->headers['from']}\n data: {$this->raw_msg}", E_USER_WARNING);
}
if (isset($this->headers['message-id'])) {
$this->msg_id = substr(trim($this->headers['message-id']), 1, -1);
} else {
if (isset($this->headers['x-qmail-scanner-message-id'])) {
$this->msg_id = substr(trim($this->headers['x-qmail-scanner-message-id']), 1, -1);
} else {
trigger_error("No message id\n data: {$this->raw_msg}", E_USER_WARNING);
}
}
// This fetches the id of the message if this is a reply to an existing message
if (!empty($this->headers['in-reply-to']) && preg_match('!<([^>]+)>$!', trim($this->headers['in-reply-to']), $match)) {
$this->reply_to_msg_id = $match[1];
} else {
if (!empty($this->headers['references']) && preg_match('!<([^>]+)>$!', trim($this->headers['references']), $match)) {
$this->reply_to_msg_id = $match[1];
}
}
$this->phpgw_header = '';
if (isset($this->headers['x-phpgroupware'])) {
$this->phpgw_header = $this->headers['x-phpgroupware'];
}
}
$selected['gateway'] = in_array("gateway", $installed) ? 'on' : 'off';
$selected['dansguardian'] = in_array("dansguardian", $installed) ? 'on' : 'off';
$selected['opendns'] = in_array("opendns", $installed) ? 'on' : 'off';
$selected['squid'] = in_array("squid", $installed) ? 'on' : 'off';
$selected['named'] = in_array("named", $installed) ? 'on' : 'off';
}
$forwarders = "";
if (isset($_POST['token'])) {
if (strlen($_POST['opendnsip']) > 0) {
// use php to sanity check the ip address -- an error will kill named
$dnsip = $_REQUEST['opendnsip'];
$ip_list = explode(";", $dnsip);
// ok flag indicates valid ip format
foreach ($ip_list as $ip) {
if (strlen(parse_ip($ip)) > 0) {
$forwarders .= parse_ip($ip) . ";";
}
}
}
}
function parse_ip($ip_in)
{
$ok = true;
$outstr = "";
$nibbles = explode(".", $ip_in);
if (count($nibbles) != 4) {
$ok = false;
}
foreach ($nibbles as $nibble) {
$num = (int) $nibble;
if ($num < 0 or $num > 254) {
} else {
if (!isset($argv[1]) || !file_exists($argv[1])) {
die("Missing file\n");
}
}
$filter = false;
if (isset($argv[2])) {
$filter = $argv[2];
}
$p = new pcap_file_reader();
$r = $p->open($argv[1]);
$reg = array();
$num = array();
while ($s = $p->read_packet()) {
$eth = parse_ethframe($s['data']);
$ip = parse_ip($eth['data']);
if ($ip['protocol'] == 6) {
$tcp = parse_tcp($ip['data']);
$data = $tcp['data'];
$line = date("H:i:s", $s['ts_sec']) . "." . $s['ts_usec'] . " " . $ip['source_ip'] . ":" . $tcp['source_port'] . " > " . $ip['destination_ip'] . ":" . $tcp['destination_port'] . " TCP";
} else {
if ($ip['protocol'] == 17) {
$udp = parse_udp($ip['data']);
$data = $udp['data'];
$line = date("H:i:s", $s['ts_sec']) . "." . $s['ts_usec'] . " " . $ip['source_ip'] . ":" . $udp['source_port'] . " > " . $ip['destination_ip'] . ":" . $udp['destination_port'] . " UDP";
} else {
continue;
}
}
if ($filter !== false) {
if (strpos($data, $filter) === false) {
function dump_pcap($fname, $force = false)
{
$hdr = null;
$path_parts = pathinfo($fname);
$dir = preg_replace('#.pcap$#i', '', $path_parts['basename']);
if (!is_dir('./' . $dir)) {
mkdir('./' . $dir);
}
$ret = '';
$fs = filesize($fname);
if (file_exists($dir . '/' . $fs . ".htm") && !$force) {
$ret = "Previously parsed<br/>" . file_get_contents($dir . '/' . $fs . ".htm");
return $ret;
}
clean_dir($dir);
$ret = $fname . "<br/>" . get_now() . "<br/><br/>";
if (valid_pcap($fname)) {
$cnt = 0;
$hdr = new pcap_hdr_s();
$hdr->records = array();
$hdr->size = $fs;
$b = file_get_contents($fname, NULL, NULL, 0, 24);
$lng = byte_array_to_long($b, 0);
$hdr->magic_number = $lng;
$hdr->version_major = byte_array_to_int($b, 4);
$hdr->version_minor = byte_array_to_int($b, 6);
$hdr->thiszone = byte_array_to_long($b, 8);
$hdr->sigfigs = byte_array_to_long($b, 12);
$hdr->snaplen = byte_array_to_long($b, 16);
$hdr->network = byte_array_to_long($b, 20);
$offset = 24;
if ($hdr->network == 1) {
// link type was expected. continue
while ($offset + 54 < $hdr->size) {
$off = $offset;
$cnt++;
$pr = new pcap_record();
$b = file_get_contents($fname, NULL, NULL, $offset, 16);
$pr->ts_sec = byte_array_to_long($b, 0);
$pr->ts_usec = byte_array_to_long($b, 4);
$pr->incl_len = byte_array_to_long($b, 8);
$pr->orig_len = byte_array_to_long($b, 12);
$off += 16;
if ($pr->incl_len < 0 || $pr->orig_len < 0) {
$ret .= "Error parsing";
break;
} else {
// ethernet header
$pr->eth = parse_ethernet_header($fname, $off);
$off += 14;
// add size of ethernet packet header
// ip header
$pr->ip = parse_ip($fname, $off);
$off += $pr->ip->hdr_len * 4;
// add size of ip packet header
if ($pr->ip->proto == 6) {
// tcp
$pr->tcp = parse_tcp($fname, $off, $pr->ip->src, $pr->ip->dest, $pr->incl_len - (14 + $pr->ip->hdr_len * 4));
$off += $pr->tcp->data_offset * 4;
// add size of tcp packet header
// data
$dend = $pr->incl_len - (14 + $pr->ip->hdr_len * 4 + $pr->tcp->data_offset * 4);
if ($dend > 0) {
$pr->tcp->data = file_get_contents($fname, NULL, NULL, $off, $dend);
if ($pr->tcp->data != "") {
$fn = $pr->ip->src_ip . "-" . $pr->tcp->src_port;
$fn .= "--" . $pr->ip->dest_ip . "-" . $pr->tcp->dest_port;
$fn .= "--" . $pr->tcp->ack;
$seq = 0;
if (file_exists($dir . '/' . $fn . ".seq")) {
$seq = file_get_contents($dir . '/' . $fn . ".seq");
}
//$se = chr(($pr->tcp->seq >> 24) & 0xff) . chr(($pr->tcp->seq >> 16) & 0xff) . chr(($pr->tcp->seq >> 8) & 0xff) . chr($pr->tcp->seq & 0xff);
if ($pr->tcp->seq > $seq) {
// is packet unique?
file_put_contents($dir . '/' . $fn . ".seq", $pr->tcp->seq);
file_put_contents($dir . '/' . $fn . ".raw", $pr->tcp->data, FILE_APPEND);
}
}
}
} elseif ($pr->ip->proto == 17) {
// udp
} elseif ($pr->ip->proto == 1) {
// icmp
}
}
$pr->index = $cnt;
$offset += $pr->incl_len + 16;
}
} else {
$ret .= "Unknown network link type<br/>";
}
} else {
$ret .= "Invalid pcap file<br/>";
}
$ret .= parse_streams($fname);
file_put_contents($dir . '/' . $fs . ".htm", $ret);
return $ret;
}
