/* *函数名称:tcp_input *函数功能:处理tcp数据 *输入参数:pkt_info 数据包信息 * tcp tcp数据 * tcp_size tcp数据的的大小 *输出参数:none *返回值: none */ void tcp_input(struct packet_info *pkt_info, const char *tcp, const unsigned tcp_size) { struct tcphdr *tcp_head = (struct tcphdr*)tcp; int thl = TCP_HEAD_LEN(tcp_head->doff); int tcp_data_size = tcp_size - thl; pkt_info->tuple.l4_type = YT_IS_TCP; pkt_info->tuple.port_source = tcp_head->source; pkt_info->tuple.port_dest = tcp_head->dest; TCP_PRINT_PORT("SPORT",ntohs(tcp_head->source)); TCP_PRINT_PORT("DPORT",ntohs(tcp_head->dest)); tcp_data_process(pkt_info,tcp_head,thl,tcp_data_size); return ; }
void process_packet(u_char *arg, const struct pcap_pkthdr *pkthdr, const u_char *packet) { int i = 0; int *counter = (int *)arg; const struct ethernet_head *ethernet = NULL; const struct ip_head *ip = NULL; const struct tcp_head *tcp = NULL; const u_char *payload = NULL; int payload_len = 0; printf("packet count : %d\n", ++(*counter)); printf("receive packet size : %d\n", pkthdr->len); printf("payload : \n"); for (i = 0; i < pkthdr->len; ++i) { if (i % 16 == 0 && i != 0) printf("\n"); if (isprint(packet[i])) printf("%c ", packet[i]); else printf(". "); } printf("\n"); // 数据包解析 ethernet = (struct ethernet_head *)packet; // 链路层 printf("ethernet(%lu)\n", sizeof(struct ethernet_head)); printf("源mac地址 : %02X-%02X-%02X-%02X-%02X-%02X => ", ethernet->source_mac[0], ethernet->source_mac[1], ethernet->source_mac[2], ethernet->source_mac[3], ethernet->source_mac[4], ethernet->source_mac[5]); printf("目的mac地址 : %02X-%02X-%02X-%02X-%02X-%02X\n", ethernet->dest_mac[0], ethernet->dest_mac[1], ethernet->dest_mac[2], ethernet->dest_mac[3], ethernet->dest_mac[4], ethernet->dest_mac[5]); // printf("ethernet协议号 : %04X\n", (unsigned short)ntohs(ethernet->type)); // ip层 arp层 if ((unsigned short)ntohs(ethernet->type) == 0x0800) { ip = (struct ip_head *)(packet + sizeof(struct ethernet_head)); printf("ipv%d(%d)\n", IP_VERSION(ip), IP_HEAD_LEN(ip) * 4); // printf("ip version : %d\n", IP_VERSION(ip)); // ip层的头部长度 // printf("ip header len : %d\n", IP_HEAD_LEN(ip) * 4); // total len 首部+数据部分 // printf("total len : %d\n", ntohs(ip->total_len)); // protocol // printf("protocol : %d\n", ip->protocol); printf("源ip地址 : %d.%d.%d.%d => ", ip->source_ip[0], ip->source_ip[1], ip->source_ip[2], ip->source_ip[3]); printf("目的ip地址 : %d.%d.%d.%d\n", ip->dest_ip[0], ip->dest_ip[1], ip->dest_ip[2], ip->dest_ip[3]); // 应用层 // printf("%d\n", ip->protocol); if (ip->protocol == 6) { // tcp tcp = (struct tcp_head *)(packet + sizeof(struct ethernet_head) + IP_HEAD_LEN(ip) * 4); printf("tcp(%d)\n", TCP_HEAD_LEN(tcp) * 4); // printf("%d\n", TCP_HEAD_LEN(tcp)); printf("源port : %d => 目的port : %d\n", ntohs(tcp->source_port), ntohs(tcp->dest_port)); payload = (u_char *)(packet + sizeof(struct ethernet_head) + IP_HEAD_LEN(ip) * 4 + TCP_HEAD_LEN(tcp) * 4); payload_len = ntohs(ip->total_len) - (IP_HEAD_LEN(ip) * 4 + TCP_HEAD_LEN(tcp) * 4 ); printf("payload_len %d\n", payload_len); // test for http // todo if ((ntohs(tcp->source_port) == 80) || (ntohs(tcp->dest_port) == 80)) { printf("http包体:\n"); int j = 0; u_char *ptr = payload; for (j = 0; j < payload_len; j++, ptr++) { printf("%c", *ptr); } // todo // 数据包需要组装、拼接,显示 // char buf[4000]; // memcpy(buf, payload, payload_len); // *(buf + payload_len) = 0; // printf("%s\n", buf); } } if (ip->protocol == 17) { // udp printf("udp\n"); } if (ip->protocol == 47) { // pptp } } if ((unsigned short)ntohs(ethernet->type) == 0x0806) { printf("arp\n"); } printf("-------------------------------------------------------------------\n"); }