int connection_tracking(packetinfo *pi)
{
static char ip_addr_s[INET6_ADDRSTRLEN];
static char ip_addr_d[INET6_ADDRSTRLEN];
struct in_addr *ipa;
cx_track(pi);
if(pi->af == AF_INET6) {
u_ntop(pi->ip6->ip_src, pi->af, ip_addr_s);
u_ntop(pi->ip6->ip_dst, pi->af, ip_addr_d);
} else {
ipa = pi->ip4->ip_src;
inet_ntop(pi->af, &ipa, ip_addr_s, INET6_ADDRSTRLEN);
ipa = pi->ip4->ip_dst;
inet_ntop(pi->af, &ipa, ip_addr_d, INET6_ADDRSTRLEN);
}
if(config.cflags & CONFIG_CONNECT)
printf("conn[%4lu] %s:%u -> %s:%u [%s]\n", pi->cxt->cxid,
ip_addr_s, ntohs(pi->s_port),
ip_addr_d, ntohs(pi->d_port),
pi->sc?pi->sc==SC_SERVER? "server":"client":"NONE");
return 0;
}
void got_packet (u_char *useless,const struct pcap_pkthdr *pheader, const u_char *packet) {
if ( intr_flag != 0 ) { check_interupt(); }
inpacket = 1;
tstamp = pheader->ts;
/* are we dumping */
if (mode & MODE_DUMP) {
time_t now = time(NULL);
/* check if we should roll on time */
if( ( roll_time != 0 ) &&
( now >= (roll_time_last + roll_time) ) )
{
roll_time_last = now;
printf("Rolling on time.\n");
dump_file_roll();
}
dump_file_offset = (uint64_t)ftell((FILE *)dump_handle);
/* check if we should roll on size */
if ( (roll_size > 0) &&
(dump_file_offset >= roll_size) )
{
printf("Rolling on size.\n");
dump_file_roll();
}
/* write the packet */
pcap_dump((u_char *)dump_handle, pheader, packet);
if ( dump_with_flush )
pcap_dump_flush(dump_handle);
}
else if ( mode & MODE_FILE ) {
read_file_offset = (uint64_t)ftell(pcap_file(handle)) - pheader->caplen - 16;
}
/* printf("[*] Got network packet...\n"); */
ether_header *eth_hdr;
eth_hdr = (ether_header *) (packet);
u_short eth_type;
eth_type = ntohs(eth_hdr->eth_ip_type);
int eth_header_len;
eth_header_len = ETHERNET_HEADER_LEN;
vlanid = 0;
if ( eth_type == ETHERNET_TYPE_8021Q ) {
/* printf("[*] ETHERNET TYPE 8021Q\n"); */
eth_type = ntohs(eth_hdr->eth_8_ip_type);
eth_header_len +=4;
vlanid = ntohs(eth_hdr->eth_8_vid);
}
else if ( eth_type == (ETHERNET_TYPE_802Q1MT|ETHERNET_TYPE_802Q1MT2|ETHERNET_TYPE_802Q1MT3|ETHERNET_TYPE_8021AD) ) {
/* printf("[*] ETHERNET TYPE 802Q1MT\n"); */
eth_type = ntohs(eth_hdr->eth_82_ip_type);
eth_header_len +=8;
vlanid = ntohs(eth_hdr->eth_82_vid);
}
/* zero-ise our structure, simplifies our hashing later on */
int ip_tracked = 0;
ip_t *ip_src = calloc(1, sizeof(ip_t));
ip_t *ip_dst = calloc(1, sizeof(ip_t));
if ( eth_type == ETHERNET_TYPE_IP ) {
/* printf("[*] Got IPv4 Packet...\n"); */
ip4_header *ip4;
ip4 = (ip4_header *) (packet + eth_header_len);
ip_set(&ip_config, ip_src, &ip4->ip_src, AF_INET);
ip_set(&ip_config, ip_dst, &ip4->ip_dst, AF_INET);
if ( ip4->ip_p == IP_PROTO_TCP ) {
tcp_header *tcph;
tcph = (tcp_header *) (packet + eth_header_len + (IP_HL(ip4)*4));
/* printf("[*] IPv4 PROTOCOL TYPE TCP:\n"); */
ip_tracked = cx_track(ip_src, tcph->src_port, ip_dst, tcph->dst_port, ip4->ip_p, pheader->len, tcph->t_flags, tstamp, AF_INET);
}
else if (ip4->ip_p == IP_PROTO_UDP) {
udp_header *udph;
udph = (udp_header *) (packet + eth_header_len + (IP_HL(ip4)*4));
/* printf("[*] IPv4 PROTOCOL TYPE UDP:\n"); */
ip_tracked = cx_track(ip_src, udph->src_port, ip_dst, udph->dst_port, ip4->ip_p, pheader->len, 0, tstamp, AF_INET);
}
else if (ip4->ip_p == IP_PROTO_ICMP) {
icmp_header *icmph;
icmph = (icmp_header *) (packet + eth_header_len + (IP_HL(ip4)*4));
/* printf("[*] IP PROTOCOL TYPE ICMP\n"); */
ip_tracked = cx_track(ip_src, icmph->s_icmp_id, ip_dst, icmph->s_icmp_id, ip4->ip_p, pheader->len, 0, tstamp, AF_INET);
}
else {
/* printf("[*] IPv4 PROTOCOL TYPE OTHER: %d\n",ip4->ip_p); */
ip_tracked = cx_track(ip_src, ip4->ip_p, ip_dst, ip4->ip_p, ip4->ip_p, pheader->len, 0, tstamp, AF_INET);
}
}
else if ( eth_type == ETHERNET_TYPE_IPV6) {
/* printf("[*] Got IPv6 Packet...\n"); */
ip6_header *ip6;
ip6 = (ip6_header *) (packet + eth_header_len);
ip_set(&ip_config, ip_src, &ip6->ip_src, AF_INET6);
ip_set(&ip_config, ip_dst, &ip6->ip_dst, AF_INET6);
if ( ip6->next == IP_PROTO_TCP ) {
tcp_header *tcph;
tcph = (tcp_header *) (packet + eth_header_len + IP6_HEADER_LEN);
/* printf("[*] IPv6 PROTOCOL TYPE TCP:\n"); */
ip_tracked = cx_track(ip_src, tcph->src_port, ip_dst, tcph->dst_port, ip6->next, pheader->len, tcph->t_flags, tstamp, AF_INET6);
}
else if (ip6->next == IP_PROTO_UDP) {
udp_header *udph;
udph = (udp_header *) (packet + eth_header_len + IP6_HEADER_LEN);
/* printf("[*] IPv6 PROTOCOL TYPE UDP:\n"); */
ip_tracked = cx_track(ip_src, udph->src_port, ip_dst, udph->dst_port, ip6->next, pheader->len, 0, tstamp, AF_INET6);
}
else if (ip6->next == IP6_PROTO_ICMP) {
//icmp6_header *icmph;
//icmph = (icmp6_header *) (packet + eth_header_len + IP6_HEADER_LEN);
/* printf("[*] IPv6 PROTOCOL TYPE ICMP\n"); */
ip_tracked = cx_track(ip_src, ip6->hop_lmt, ip_dst, ip6->hop_lmt, ip6->next, pheader->len, 0, tstamp, AF_INET6);
}
else {
/* printf("[*] IPv6 PROTOCOL TYPE OTHER: %d\n",ip6->next); */
ip_tracked = cx_track(ip_src, ip6->next, ip_dst, ip6->next, ip6->next, pheader->len, 0, tstamp, AF_INET6);
}
}
if ( ip_tracked == 0 )
{
if (ip_src != NULL) ip_free(ip_src);
if (ip_dst != NULL) ip_free(ip_dst);
}
inpacket = 0;
return;
(void) useless;
/* else { */
/* printf("[*] ETHERNET TYPE : %x\n", eth_hdr->eth_ip_type); */
/* return; */
/* } */
}
