void my_pcap_handler(u_char *arg,const struct pcap_pkthdr *pkthdr,const u_char *packet){ //calc timestamp u64 time; static u64 lasttime=0; time = ((u64)pkthdr->ts.tv_sec)*detection_tick_resolution + pkthdr->ts.tv_usec/(1000000/detection_tick_resolution); if(lasttime>time) time=lasttime; lasttime=time; // int *cnt=(int *)arg; //printf("Pakcet cnt: %d\n",++(*cnt)); //printf("Packet size: %d\n",pkthdr->len); /* printf("Payload:\n"); unsigned char i=0; for(i=0;i<pkthdr->len;i++){ if(isprint(packet[i])) printf("%c ",packet[i]); else printf(". "); if(i%16==15||i==pkthdr->len-1) printf("\n"); } */ // basic packet info // args to cnt No. of packet seq // packet length: pkthdr->len // payload: *packet // header of ethernet const struct ethhdr *ethernet=(struct ethhdr *)packet; // header of ip level struct iphdr *iph = (struct iphdr*)&packet[sizeof(struct ethhdr)]; u16 type; type=ethernet->h_proto; if(type==htons(ETH_P_IP)) printf("type: eth ip\n"); if(pkthdr->caplen < pkthdr->len){ printf("capture size is smaller than packet size\n"); }else{ // invoke packet processing func packet_processing(time,iph,pkthdr->len-sizeof(struct ethhdr),pkthdr->len); } }
if(flags & 0x04) ip_offset += 1; /* next_ext_header is present */ if(flags & 0x02) ip_offset += 4; /* sequence_number is present (it also includes next_ext_header and pdu_number) */ if(flags & 0x01) ip_offset += 1; /* pdu_number is present */ iph = (struct ndpi_iphdr *) &packet[ip_offset]; if(iph->version != 4) { // printf("WARNING: not good (packet_id=%u)!\n", (unsigned int)raw_packet_count); goto v4_warning; } } } } // process the packet protocol_detected = packet_processing(time, iph, iph6, ip_offset, header->len - ip_offset, header->len); if (protocol_detected > 0 ){ g_num_flows += 1; printf("This is the detected protocol: %d\n", protocol_detected); printf("Number of protocols detected so far: %llu\n", g_num_flows); } } static void runPcapLoop(void) { if((!shutdown_app) && (_pcap_handle != NULL)) pcap_loop(_pcap_handle, -1, &pcap_packet_callback, NULL); }