void print_packet(const uint8_t *packet, unsigned int len)
{
assert(packet);
printf("\n");
print_eth_hdr(packet, len);
printf("\n");
eth_hdr *eth = (eth_hdr *)packet;
if (ntohs(eth->eth_type) == ETH_TYPE_ARP) {
print_arp_hdr(packet, len);
printf("\n");
} else if (ntohs(eth->eth_type) == ETH_TYPE_IP) {
ip_hdr *ip = get_ip_hdr(packet, len);
indent(1);
printf("IPv4 Packet (%d bytes)\n", len - sizeof(eth_hdr));
print_ip_hdr(packet, len);
switch(ip->ip_p) {
case 1:
{ print_icmp_load(packet, len); break; }
case 6:
{ print_tcp_load(packet, len); break; }
case 89:
{ print_pwospf_load(packet, len); break; }
default:
{ printf("UNRECOGNIZABLE PROTOCOL\n"); break;}
}
}
}
void handle_packet(const u_char *packet)
{
int i;
uint16_t pkt_size, payload_size;
struct iphdr *ip; /* The IP header */
struct tcphdr *tcp; /* The TCP header */
char *payload; /* Packet payload */
int vector_size = 18;
int substrvec[vector_size];
const char *submatchstr;
ip = (struct iphdr*)(packet + SIZE_ETHERNET);
if (ip->protocol != IPPROTO_TCP)
{
/* We are only interested in TCP traffic */
if (debug_mode >= 3)
{
fprintf(stderr, "-- Skipping non TCP packet\n");
}
return;
}
if ((ip->ihl * 4) < 20)
{
if (debug_mode >= 3)
{
fprintf(stderr, "-- Skipping Invalid IP header\n");
}
return;
}
tcp = (struct tcphdr*)(packet + SIZE_ETHERNET + (ip->ihl * 4));
if ((tcp->doff * 4) < 20)
{
if (debug_mode >= 3)
{
fprintf(stderr, "-- Skipping Invalid TCP header\n");
}
return;
}
if (debug_mode >= 4)
{
print_ip_hdr(ip);
print_tcp_hdr(tcp);
}
pkt_size = ntohs(ip->tot_len);
payload_size = pkt_size - ((ip->ihl * 4) + (tcp->doff * 4));
payload = (char *)(packet + SIZE_ETHERNET + (ip->ihl * 4) + (tcp->doff * 4));
if (ntohl(tcp->ack_seq) == prev_package.ack_nr &&
ip->saddr == prev_package.s_ip && ip->daddr == prev_package.d_ip)
{
if ((prev_package.payload_size + payload_size) > (1500 * PKT_HISTORY_SIZE) + 1)
{
if (debug_mode >= 3)
{
fprintf(stderr, "-- Dropping packet due to full packet buffer\n");
}
return;
}
prev_package.payload_size += payload_size;
strncat(prev_package.payload, payload, payload_size);
payload = prev_package.payload;
payload_size = prev_package.payload_size;
}
else
{
if (prev_package.payload_size > 0)
{
memset(&prev_package, 0x00, sizeof(struct pPackageT));
}
prev_package.ack_nr = ntohl(tcp->ack_seq);
prev_package.s_ip = ip->saddr;
prev_package.d_ip = ip->daddr;
prev_package.payload_size += payload_size;
strncat(prev_package.payload, payload, payload_size);
// if (pkt_size >= 1500)
// {
// if (debug_mode >= 3)
// {
// fprintf(stderr, "-- Skipping due to 1500bytes\n");
// }
//
// return;
// }
}
if (debug_mode >= 5)
{
fprintf(stderr, "Payload (%u): \n", payload_size);
for (i = 0; i < payload_size; i++)
{
if (isprint(payload[i]) || payload[i] == 10)
{
fprintf(stderr, "%c", payload[i]);
}
else
{
fprintf(stderr, ".");
}
}
fprintf(stderr, "\n--\n");
}
int pcre_match = pcre_exec(re, ree, payload, payload_size, 0, 0, substrvec, vector_size);
if (debug_mode)
{
fprintf(stderr, ">> pcre: %d\n", pcre_match);
}
if(pcre_match < 0)
{
// switch (pcre_match)
// {
// case PCRE_ERROR_NOMATCH:
// case PCRE_ERROR_NULL:
// case PCRE_ERROR_BADOPTION:
// case PCRE_ERROR_BADMAGIC:
// case PCRE_ERROR_UNKNOWN_NODE:
// case PCRE_ERROR_NOMEMORY:
// return;
// break;
// }
return;
}
if (pcre_match == 0)
{
if (debug_mode >= 3)
{
fprintf(stderr, "PCRE Matched but too many substrings returned\n");
}
pcre_match = (vector_size / 3);
}
if (pcre_match >= 2)
{
pcre_get_substring(payload, substrvec, pcre_match, 1, &(submatchstr));
char *clean_str = clean_xml(submatchstr);
fprintf(stdout, "%s\n", clean_str);
// Free up the stuff
free (clean_str);
pcre_free_substring(submatchstr);
memset(&prev_package, 0x00, sizeof(struct pPackageT));
}
}
