network sessions and sending files

Background

Hi.

I write a program that analyzes the packets for specific words contained therein. I need to analyze outgoing email, jabber, ICQ. If the words are found, the packet is blocked.I did it, but I have a problem with the files and sending email through the web.

Problems

Simple code:

while (Ndisapi.ReadPacket(hNdisapi, ref Request))
{
   // some work
switch (protocol)
{
//.... 
case "HTTP":
    // parse packet(byte[])
    HTTP.HttpField field = HTTP.ParseHttp(ret);
    if (field != null && field.Method == HTTP.HttpMethod.POST)
    {
        // analyze packet and drop if needed
        DoWork();
    }
}

The problem is the following. For example, I attach to email the file of 500 KB. The file will be split approximately in 340 packe开发者_Python百科ts. In the code above, DoWork() only for first packet will be executed.

Ok, then I need to restore session completely and pass whole session to DoWork(). I did it. But I can't wait while session is finished, because other packet( http, arp, all packets) will be suspended (And after a couple of minutes the Internet is disconnected).

Therefore, the first question:

How to solve this problem (may be advice for design program)?

Now the email, suppose this code:

switch (protocol)
{
//.... 
case "HTTP":
    // parse packet(byte[])
    var httpMimeMessage = Mime.Parse(ret);
    // analyze packet and drop if needed
    DoSomeWork();
    break;
}

For example, we are looking for word "Finance". Then, if we open any website and there will be a word finance then packet is blocked.

Second question: How do I determine that this is the e-mail?

Thanks and sorry for my English.

To be able to analyze more than one packet/stream at the same time, you'll need to refactor your solution to use threading or some other form of multitasking and since your task appears to be both compute and io-intensive, you'll probably want to take a hard look at how to leverage event-handling at the operating system level (select, epoll, or the equivalent for your target platform).

And to answer your second question regarding email, you'll need to be able to identify and track the tcp session used to deliver email messages from client to server, assuming the session hasn't been encrypted.

As I'm sure you already know, the problem you're trying to solve is a very complicated one, requiring very specialized skills like realtime programming, deep knowledge of networking protocols, etc.

Of course, there are several "deep packet inspection" solutions out there already that do all of this for you, (typically used by public companies to fulfill regulatory requirements like Sarbanes-Oxley), but they are quite expensive.