/* UDP port pair リスト各パケットを表示。*/
int
view_pair()
{
struct udp_port_pair_t *pair;
struct udp_stream_t *udp_streams;
struct udp_stream_t *udp_streams_check;
double udp_stream_init_time; /* UDP port pair 毎の開始時間*/
double receive_time; /* 個々の packet の到着時間 */
double previous_time = 0; /* 一つ前の packet の到着時間 */
/* pair_head は空なので、次から・・*/
pair = pair_head->pair_next ;
if(pair == NULL )
return(0);
printf("\n====================================\n");
printf(" Check each UDP port pair \n");
printf("====================================\n");
for( ; pair != NULL ; pair = pair->pair_next) {
printf("\n====================================\n");
printf("Number of packets : %d\n\n", pair->pair_count);
printf("Addr 0: %s : Port: %d",inet_ntoa(pair->addr0), pair->port0);
printf("\t\t\t\t\t");
printf("Addr 1: %s : Port: %d",inet_ntoa(pair->addr1), pair->port1);
printf("---------------------------------------------------------------");
printf("----------------------------------------------------------------\n");
udp_stream_init_time = TIMEVAL_TO_SEC(pair->udp_stream->plist->php->pktime);
previous_time = udp_stream_init_time;
/* 以下 個々の packet の処理 */
for(udp_streams = pair->udp_stream ; udp_streams != NULL ; udp_streams = udp_streams->udp_stream_next ){
receive_time = TIMEVAL_TO_SEC(udp_streams->plist->php->pktime);
INDENT(udp_streams);
/* 以下 summary 表示部 */
printf("%d: ",udp_streams->plist->packet_number);
printf("%5.3f ",receive_time - previous_time);
printf(" IPID: %u",ntohs(udp_streams->ip->ip_id));
printf(" Len:%4d", UDPLEN(udp_streams));
printf(" ");
printf(" Flag: 0x%x",ntohs(udp_streams->ip->ip_off));
printf(" Offset: %u",((ntohs(udp_streams->ip->ip_off)) & (8191))<<3);
if (ntohs(udp_streams->ip->ip_off) & IP_MF)
printf(" MF");
if (ntohs(udp_streams->ip->ip_off) & IP_DF)
printf(" DF");
previous_time = receive_time ;
printf("\n");
if(!(optflag & DIAG))
continue;
} /* loop for udp_stream end */
} /* loop for UDP port pair list end */
}
/*
* Write captured packet to file
*
* uint8_t *flag : filter is set or not
* const uint8_t *packet : captured packet
* char *fltrload : filter for payload
* cosnt int payloadlen : length of captured payload
*/
static void printfile(uint8_t *flag, const uint8_t *packet, char *fltrload, const int payloadlen)
{
FILE *fp = fopen(LOGFILE, "a");
const uint8_t *http = NULL;
char *timestamp;
struct ether_header *eth;
struct ip *iphdr;
struct tcphdr *tcphdr;
struct udphdr *udphdr;
uint8_t prot;
int hdrlen, i;
flag += 2; // remove unused member
eth = (struct ether_header *)packet;
hdrlen = sizeof(struct ether_header);
iphdr = (struct ip *)(packet + hdrlen);
hdrlen += sizeof(struct ip);
prot = iphdr->ip_p;
if( prot == 17 ) {
udphdr = (struct udphdr *)(packet + hdrlen);
hdrlen += sizeof(struct udphdr);
}else {
tcphdr = (struct tcphdr *)(packet + hdrlen);
hdrlen += sizeof(struct tcphdr);
// HTTP request check
if( PROTOCOL(flag) ) {
if( prot == 3 ) {
if( HTTPTEST("GET",3) == false )
return;
}else if( prot == 5 ) {
if( HTTPTEST("PUT",3) == false )
return;
}else if(prot == 7) {
if( HTTPTEST("POST",4) == false )
return;
}
}
}
// Timestamp
timestamp = (char *)gettime();
fprintf(fp, "%s ------\n", timestamp);
free(timestamp);
/* Ethernet Header */
i = 0;
if( DSTMAC(flag) ) {
fprintf(fp, "\x1b[45mDestination MAC\x1b[0m\t: \x1b[45m");
while( i < 5 )
fprintf(fp, "%02X:", eth->ether_dhost[i++]);
fprintf(fp, "%02X\x1b[0m\n", eth->ether_dhost[i]);
}else {
fprintf(fp, "Destination MAC\t: ");
while( i < 5 )
fprintf(fp, "%02X:", eth->ether_dhost[i++]);
fprintf(fp, "%02X\n", eth->ether_dhost[i]);
}
i = 0;
if( SRCMAC(flag) ) {
fprintf(fp, "\x1b[45mSource MAC\x1b[0m\t: \x1b[45m");
while( i < 5 )
fprintf(fp, "%02X:", eth->ether_shost[i++]);
fprintf(fp, "%02X\x1b[0m\n", eth->ether_shost[i]);
}else {
fprintf(fp, "Source MAC\t: ");
while( i < 5 )
fprintf(fp, "%02X:", eth->ether_shost[i++]);
fprintf(fp, "%02X\n", eth->ether_shost[i]);
}
if( ETHERTYPE(flag) )
fprintf(fp, "\x1b[45mEthernet Type\x1b[0m\t: \x1b[45m%s\x1b[0m\n", gettype(eth->ether_type));
else
fprintf(fp, "Ethernet Type\t: %s\n", gettype(eth->ether_type));
/* IP Header */
if( VERSION(flag) & 0xf0 )
fprintf(fp, "\x1b[44mVersion\x1b[0m\t\t: \x1b[44m%d\x1b[0m\n", iphdr->ip_v);
else
fprintf(fp, "Version\t\t: %d\n", iphdr->ip_v);
if( IPHLEN(flag) & 0x0f )
fprintf(fp, "\x1b[44mIP Header length\x1b[0m: \x1b[44m%d\x1b[0m\n", iphdr->ip_hl);
else
fprintf(fp, "IP Header length: %d\n", iphdr->ip_hl);
if( TOS(flag) )
fprintf(fp, "\x1b[44mType of Service\x1b[0m\t: \x1b[44m%s\x1b[0m\n", gettos(iphdr->ip_tos));
else
fprintf(fp, "Type of Service\t: %s\n", gettos(iphdr->ip_tos));
if( IPLEN(flag) )
fprintf(fp, "\x1b[44mTotal length\x1b[0m\t: \x1b[44m%d\x1b[0m\n", ntohs(iphdr->ip_len));
else
fprintf(fp, "Total length\t: %d\n", ntohs(iphdr->ip_len));
if( IPID(flag) )
fprintf(fp, "\x1b[44mIdentification\x1b[0m\t: \x1b[44m%d\x1b[0m\n", ntohs(iphdr->ip_id));
else
fprintf(fp, "Identification\t: %d\n", ntohs(iphdr->ip_id));
if( FRAGMENT(flag) )
fprintf(fp, "\x1b[44mFragment\x1b[0m\t: \x1b[44m%d\x1b[0m\n", iphdr->ip_off);
else
fprintf(fp, "Fragment\t: %d\n", iphdr->ip_off);
if( TTL(flag) )
fprintf(fp, "\x1b[44mTime to live\x1b[0m\t: \x1b[44m%d\x1b[0m\n", iphdr->ip_ttl);
else
fprintf(fp, "Time to live\t: %d\n", iphdr->ip_ttl);
if( PROTOCOL(flag) )
fprintf(fp, "\x1b[44mProtocol\x1b[0m\t: \x1b[44m%s\x1b[0m\n", getprot(iphdr->ip_p));
else
fprintf(fp, "Protocol\t: %s\n", getprot(iphdr->ip_p));
if( IPCKSUM(flag) )
fprintf(fp, "\x1b[44mChecksum\x1b[0m\t: \x1b[44m%d\x1b[0m\n", ntohs(iphdr->ip_sum));
else
fprintf(fp, "Checksum\t: %d\n", ntohs(iphdr->ip_sum));
if( SRCIP(flag) )
fprintf(fp, "\x1b[44mSource IP\x1b[0m\t: \x1b[44m%s\x1b[0m\n", inet_ntoa(iphdr->ip_src));
else
fprintf(fp, "Source IP\t: %s\n", inet_ntoa(iphdr->ip_src));
if( DSTIP(flag) )
fprintf(fp, "\x1b[44mDestination IP\x1b[0m\t: \x1b[44m%s\x1b[0m\n", inet_ntoa(iphdr->ip_dst));
else
fprintf(fp, "Destination IP\t: %s\n", inet_ntoa(iphdr->ip_dst));
if( iphdr->ip_p == 17 ) {
/* UDP Header */
if( SRCPORT(flag) )
fprintf(fp, "\x1b[42mSource Port\x1b[0m\t: \x1b[42m%d\x1b[0m\n", ntohs(udphdr->source));
else
fprintf(fp, "Source Port\t: %d\n", ntohs(udphdr->source));
if( DSTPORT(flag) )
fprintf(fp, "\x1b[42mDestination Port\x1b[0m: \x1b[42m%d\x1b[0m\n", ntohs(udphdr->dest));
else
fprintf(fp, "Destination Port: %d\n", ntohs(udphdr->dest));
if( UDPLEN(flag) )
fprintf(fp, "\x1b[42mTotal length\x1b[0m\t: \x1b[42m%d\x1b[0m\n", ntohs(udphdr->len));
else
fprintf(fp, "Total length\t: %d\n", ntohs(udphdr->len));
if( UDPCKSUM(flag) )
fprintf(fp, "\x1b[42mCheckSum\x1b[0m\t: \x1b[42m%d\x1b[0m\n", ntohs(udphdr->check));
else
fprintf(fp, "Checksum\t: %d\n", ntohs(udphdr->check));
}else {
/* TCP Header */
if( SRCPORT(flag) )
fprintf(fp, "\x1b[31;43mSource Port\x1b[0m\t: \x1b[31;43m%d\x1b[0m\n", ntohs(tcphdr->source));
else
fprintf(fp, "Source Port\t: %d\n", ntohs(tcphdr->source));
if( DSTPORT(flag) )
fprintf(fp, "\x1b[31;43mDestination Port\x1b[0m: \x1b[31;43m%d\x1b[0m\n", ntohs(tcphdr->dest));
else
fprintf(fp, "Destination Port: %d\n", ntohs(tcphdr->dest));
if( SEQ(flag) )
fprintf(fp, "\x1b[31;43mSequence Number\x1b[0m\t: \x1b[31;43m%u\x1b[0m\n", ntohl(tcphdr->seq));
else
fprintf(fp, "Sequence Number\t: %u\n", ntohl(tcphdr->seq));
if( ACK(flag) )
fprintf(fp, "\x1b[31;43mAcknowledgement\x1b[0m\t: \x1b[31;43m%u\x1b[0m\n", ntohl(tcphdr->ack));
else
fprintf(fp, "Acknowledgement\t: %u\n", ntohl(tcphdr->ack));
if( TCPOFF(flag) & 0x0f )
fprintf(fp, "\x1b[31;43mOffset\x1b[0m\t\t: \x1b[31;43m%d\x1b[0m\n", tcphdr->doff);
else
fprintf(fp, "Offset\t\t: %d\n", tcphdr->doff);
if( TCPRES(flag) & 0xf0 )
fprintf(fp, "\x1b[31;43mReserved\x1b[0m\t: \x1b[31;43m%d\x1b[0m\n", tcphdr->res1);
else
fprintf(fp, "Reserved\t: %d\n", tcphdr->res1);
char *tmp = getflag(*(packet + 47), tcphdr->res1, tcphdr->res2);
if( TCPFLAG(flag) )
fprintf(fp, "\x1b[31;43mFlags\x1b[0m\t\t: \x1b[31;43m%s\x1b[0m\n", tmp);
else
fprintf(fp, "Flags\t\t: %s\n", tmp);
free(tmp);
if( WINDOW(flag) )
fprintf(fp, "\x1b[31;43mWindow size\x1b[0m\t: \x1b[31;43m%d\x1b[0m\n", ntohs(tcphdr->window));
else
fprintf(fp, "Window size\t: %d\n", ntohs(tcphdr->window));
if( TCPCKSUM(flag) )
fprintf(fp, "\x1b[31;43mChecksum\x1b[0m\t: \x1b[31;43m%d\x1b[0m\n", ntohs(tcphdr->check));
else
fprintf(fp, "Checksum\t: %d\n", ntohs(tcphdr->check));
if( URGPTR(flag) )
fprintf(fp, "\x1b[31;43mUrgent Pointer\x1b[0m\t: \x1b[31;43m%d\x1b[0m\n", ntohs(tcphdr->urg_ptr));
else
fprintf(fp, "Urgent Pointer\t: %d\n", ntohs(tcphdr->urg_ptr));
}
/* Payload */
if( fltrload != NULL ) {
const uint8_t *match = NULL;
uint8_t highlight[MAXPAYLOAD];
int fltrloadlen, unmatchlen = 0;
int colorhex = 0, colorstr = 0;
int i = 0, str = 0, colorlen = 0, highlen = 0;
char ch;
memset(highlight, 0, MAXPAYLOAD);
packet += hdrlen;
fltrloadlen = strlen(fltrload);
fprintf(fp, "*** Payload ***\n");
if( http != NULL ) {
if( prot == 3 ) {
memcpy(highlight, HTTPCOLOR, 5);
memcpy(highlight + 5, "GET\x1b[0m", 7);
highlen += 12;
i += 3;
}else if( prot == 5 ) {
memcpy(highlight, HTTPCOLOR, 5);
memcpy(highlight + 5, "PUT\x1b[0m", 7);
highlen += 12;
i += 3;
}else if( prot == 7 ) {
memcpy(highlight, HTTPCOLOR, 5);
memcpy(highlight + 5, "POST\x1b[0m", 8);
highlen += 13;
i += 4;
}
}
while( i < payloadlen ) {
// move to next matching string
match = memcmp_cont(packet + i, fltrload, fltrloadlen, payloadlen - i);
if( match == NULL ) {
unmatchlen = payloadlen - i;
memcpy(highlight + highlen, packet + i, unmatchlen);
highlen += unmatchlen;
break;
}else {
if( http != NULL && match - packet > http - packet ) {
// HTTP/1.1
unmatchlen = http - (packet + i);
memcpy(highlight + highlen, packet + i, unmatchlen);
highlen += unmatchlen;
i += unmatchlen;
memcpy(highlight + highlen, "\x1b[46mHTTP/1.1\x1b[0m", 17);
highlen += 17;
i += 8;
http = NULL;
}else {
unmatchlen = match - (packet + i);
memcpy(highlight + highlen, packet + i, unmatchlen);
highlen += unmatchlen;
i += unmatchlen;
memcpy(highlight + highlen, PAYLOADCOLOR, 5);
highlen += 5;
memcpy(highlight + highlen, packet + i, fltrloadlen);
highlen += fltrloadlen;
i += fltrloadlen;
memcpy(highlight + highlen, NORMALCOLOR, 4);
highlen += 4;
}
}
}
i = 0;
while( i < highlen ) {
ch = *(highlight + i);
if( ch == '\x1b' ) {
if( COLORTEST(i, PAYLOADCOLOR) == true ) {
fprintf(fp, PAYLOADCOLOR);
colorhex = 41;
i += 5;
colorlen += 5;
continue;
}else if( COLORTEST(i, HTTPCOLOR) == true ) {
fprintf(fp, HTTPCOLOR);
colorhex = 46;
i += 5;
colorlen += 5;
continue;
}else if( COLORTEST(i, NORMALCOLOR) == true ) {
fprintf(fp, NORMALCOLOR);
colorhex = 0;
i += 4;
colorlen += 4;
continue;
}
}
fprintf(fp, "%02X ", ch);
i++;
if( ++str == 16 ) {
if( colorhex != 0 )
fprintf(fp, NORMALCOLOR);
fprintf(fp, " ");
if( colorstr == 41 ) {
fprintf(fp, PAYLOADCOLOR);
colorstr = 0;
}else if( colorstr == 46 ) {
fprintf(fp, HTTPCOLOR);
colorstr = 0;
}
while( colorlen > 0 ) {
ch = *(highlight + i - colorlen - str);
if( ch > 126 || ch < 32 ) {
if( ch == 27 ) {
if( COLORTEST(i - colorlen - str, PAYLOADCOLOR) == true )
colorstr = 41;
else if( COLORTEST(i - colorlen - str, HTTPCOLOR) == true )
colorstr = 46;
else if( COLORTEST(i - colorlen - str, NORMALCOLOR) == true )
colorstr = 0;
else
ch = '.';
}else
ch = '.';
}
fprintf(fp, "%c", ch);
colorlen--;
}
while( str > 0 ) {
ch = *(highlight + i - str);
if( ch > 126 || ch < 32 ) {
if( ch == 27 ) {
if( COLORTEST(i - colorlen - str, PAYLOADCOLOR) == true )
colorstr = 41;
else if( COLORTEST(i - colorlen - str, HTTPCOLOR) == true )
colorstr = 46;
else if( COLORTEST(i - colorlen - str, NORMALCOLOR) == true )
colorstr = 0;
else
ch = '.';
}else
ch = '.';
}
fprintf(fp, "%c", ch);
str--;
}
if( colorstr != 0 )
fprintf(fp, NORMALCOLOR);
fprintf(fp, "\n");
if( colorhex == 41 ) {
fprintf(fp, PAYLOADCOLOR);
colorhex = 0;
}else if( colorhex == 46 ) {
fprintf(fp, HTTPCOLOR);
colorhex = 0;
}
}
}
if( str != 0 ) {
int padd = 17;
if( colorhex != 0 )
fprintf(fp, NORMALCOLOR);
while( str < padd-- )
fprintf(fp, " ");
if( colorstr == 41 ) {
fprintf(fp, PAYLOADCOLOR);
colorstr = 0;
}else if( colorstr == 46 ) {
fprintf(fp, HTTPCOLOR);
colorstr = 0;
}
while( colorlen > 0 ) {
ch = *(highlight + i - colorlen - str);
if( ch > 126 || ch < 32 ) {
if( ch == 27 ) {
if( COLORTEST(i - colorlen - str, PAYLOADCOLOR) == true )
colorstr = 41;
else if( COLORTEST(i - colorlen - str, HTTPCOLOR) == true )
colorstr = 46;
else if( COLORTEST(i - colorlen - str, NORMALCOLOR) == true )
colorstr = 0;
else
ch = '.';
}else
ch = '.';
}
fprintf(fp, "%c", ch);
colorlen--;
}
while( str > 0 ) {
ch = *(highlight + i - str);
if( ch > 126 || ch < 32 ) {
if( ch == 27 ) {
if( COLORTEST(i - colorlen - str, PAYLOADCOLOR) == true )
colorstr = 41;
else if( COLORTEST(i - colorlen - str, HTTPCOLOR) == true )
colorstr = 46;
else if( COLORTEST(i - colorlen - str, NORMALCOLOR) == true )
colorstr = 0;
else
ch = '.';
}else
ch = '.';
}
fprintf(fp, "%c", ch);
str--;
}
fprintf(fp, "\x1b[0m\n");
}
}else { // fltrload == NULL
uint8_t highlight[MAXPAYLOAD];
int unmatchlen = 0;
int colorhex = 0, colorstr = 0;
int i = 0, str = 0, colorlen = 0, highlen = 0;
char ch;
memset(highlight, 0, MAXPAYLOAD);
packet += hdrlen;
fprintf(fp, "*** Payload ***\n");
if( http != NULL ) {
if( prot == 3 ) {
memcpy(highlight, HTTPCOLOR, 5);
memcpy(highlight + 5, "GET\x1b[0m", 7);
highlen += 12;
i += 3;
}else if( prot == 5 ) {
memcpy(highlight, HTTPCOLOR, 5);
memcpy(highlight + 5, "PUT\x1b[0m", 7);
highlen += 12;
i += 3;
}else if( prot == 7 ) {
memcpy(highlight, HTTPCOLOR, 5);
memcpy(highlight + 5, "POST\x1b[0m", 8);
highlen += 13;
i += 4;
}
}
while( i < payloadlen ) {
// move to next matching string
if( http != NULL ) {
// HTTP/1.1
unmatchlen = http - (packet + i);
memcpy(highlight + highlen, packet + i, unmatchlen);
highlen += unmatchlen;
i += unmatchlen;
memcpy(highlight + highlen, "\x1b[46mHTTP/1.1\x1b[0m", 17);
highlen += 17;
i += 8;
http = NULL;
}else {
memcpy(highlight + highlen, packet + i, payloadlen - i);
highlen += unmatchlen;
i += unmatchlen;
}
}
i = 0;
while( i < highlen ) {
ch = *(highlight + i);
if( ch == '\x1b' ) {
if( COLORTEST(i, PAYLOADCOLOR) == true ) {
fprintf(fp, PAYLOADCOLOR);
colorhex = 41;
i += 5;
colorlen += 5;
continue;
}else if( COLORTEST(i, HTTPCOLOR) == true ) {
fprintf(fp, HTTPCOLOR);
colorhex = 46;
i += 5;
colorlen += 5;
continue;
}else if( COLORTEST(i, NORMALCOLOR) == true ) {
fprintf(fp, NORMALCOLOR);
colorhex = 0;
i += 4;
colorlen += 4;
continue;
}
}
fprintf(fp, "%02X ", ch);
i++;
if( ++str == 16 ) {
if( colorhex != 0 )
fprintf(fp, NORMALCOLOR);
fprintf(fp, " ");
if( colorstr == 41 ) {
fprintf(fp, PAYLOADCOLOR);
colorstr = 0;
}else if( colorstr == 46 ) {
fprintf(fp, HTTPCOLOR);
colorstr = 0;
}
while( colorlen > 0 ) {
ch = *(highlight + i - colorlen - str);
if( ch > 126 || ch < 32 ) {
if( ch == 27 ) {
if( COLORTEST(i - colorlen - str, PAYLOADCOLOR) == true )
colorstr = 41;
else if( COLORTEST(i - colorlen - str, HTTPCOLOR) == true )
colorstr = 46;
else if( COLORTEST(i - colorlen - str, NORMALCOLOR) == true )
colorstr = 0;
else
ch = '.';
}else
ch = '.';
}
fprintf(fp, "%c", ch);
colorlen--;
}
while( str > 0 ) {
ch = *(highlight + i - str);
if( ch > 126 || ch < 32 ) {
if( ch == 27 ) {
if( COLORTEST(i - colorlen - str, PAYLOADCOLOR) == true )
colorstr = 41;
else if( COLORTEST(i - colorlen - str, HTTPCOLOR) == true )
colorstr = 46;
else if( COLORTEST(i - colorlen - str, NORMALCOLOR) == true )
colorstr = 0;
else
ch = '.';
}else
ch = '.';
}
fprintf(fp, "%c", ch);
str--;
}
if( colorstr != 0 )
fprintf(fp, NORMALCOLOR);
fprintf(fp, "\n");
if( colorhex == 41 ) {
fprintf(fp, PAYLOADCOLOR);
colorhex = 0;
}else if( colorhex == 46 ) {
fprintf(fp, HTTPCOLOR);
colorhex = 0;
}
}
}
if( str != 0 ) {
int padd = 17;
if( colorhex != 0 )
fprintf(fp, NORMALCOLOR);
while( str < padd-- )
fprintf(fp, " ");
if( colorstr == 41 ) {
fprintf(fp, PAYLOADCOLOR);
colorstr = 0;
}else if( colorstr == 46 ) {
fprintf(fp, HTTPCOLOR);
colorstr = 0;
}
while( colorlen > 0 ) {
ch = *(highlight + i - colorlen - str);
if( ch > 126 || ch < 32 ) {
if( ch == 27 ) {
if( COLORTEST(i - colorlen - str, PAYLOADCOLOR) == true )
colorstr = 41;
else if( COLORTEST(i - colorlen - str, HTTPCOLOR) == true )
colorstr = 46;
else if( COLORTEST(i - colorlen - str, NORMALCOLOR) == true )
colorstr = 0;
else
ch = '.';
}else
ch = '.';
}
fprintf(fp, "%c", ch);
colorlen--;
}
while( str > 0 ) {
ch = *(highlight + i - str);
if( ch > 126 || ch < 32 ) {
if( ch == 27 ) {
if( COLORTEST(i - colorlen - str, PAYLOADCOLOR) == true )
colorstr = 41;
else if( COLORTEST(i - colorlen - str, HTTPCOLOR) == true )
colorstr = 46;
else if( COLORTEST(i - colorlen - str, NORMALCOLOR) == true )
colorstr = 0;
else
ch = '.';
}else
ch = '.';
}
fprintf(fp, "%c", ch);
str--;
}
fprintf(fp, "\x1b[0m\n");
}
}
fprintf(fp, "----------------------------\n");
fclose(fp);
}