/*---------------------------------------------------------------------
* Method: process_ip(struct sr_instance* sr,
* uint8_t * packet,
* unsigned int len,
* char* interface)
* Scope: Internal
*
* Processes a received IP packet. Takes in a raw ethernet packet.
*
*---------------------------------------------------------------------*/
void process_ip(struct sr_instance* sr,
uint8_t * packet,
unsigned int len,
char* interface)
{
struct sr_ip_hdr *ip_hdr;
/* Return if it is not a valid ip packet */
if (!valid_ip(packet, len))
return;
/* Is it destined for me?! */
ip_hdr = ip_header(packet);
if (sr_interface_ip_match(sr, ip_hdr->ip_dst)) {
/* Process ICMP. */
if (ip_hdr->ip_p == ip_protocol_icmp) {
process_icmp(sr, ip_hdr);
/* If it's TCP/UDP, send ICMP port unreachable. */
} else {
sr_send_icmp(sr,
(uint8_t *)ip_hdr,
ip_len(ip_hdr),
ICMP_UNREACHABLE_TYPE,
ICMP_PORT_CODE);
}
/* Forward it. */
} else {
forward_ip_pkt(sr, ip_hdr);
}
}
void process_ip(const u_char* packet, const struct ether_header *ethernet, const struct sniff_ip *ip, const char *payload, u_int size_ip){
ip = (struct sniff_ip*)(packet + ETHERNET_SIZE);
size_ip = IP_HL(ip)*4;
ip_packets++;
char buffer[MAX_BUF_SIZE];
sprintf(buffer, "%s", inet_ntoa(ip->ip_src));
IP_src_addr = insert(IP_src_addr, buffer);
sprintf(buffer, "%s", inet_ntoa(ip->ip_dst));
IP_dest_addr = insert(IP_dest_addr, buffer);
sprintf(buffer, "%d", ip->ip_ttl);
TTL_list = insert(TTL_list, buffer);
if(ntohs (ethernet->ether_type) == ETHERTYPE_IP){
if(ip->ip_p==IPPROTO_TCP){
strcpy(buffer, "TCP");
transLayer = insert(transLayer, buffer);
process_tcp(packet, size_ip);
} else if(ip->ip_p == IPPROTO_UDP){
strcpy(buffer, "UDP");
transLayer = insert(transLayer, buffer);
process_udp(packet, size_ip);
} else if(ip->ip_p == IPPROTO_ICMP){
strcpy(buffer, "ICMP");
transLayer = insert(transLayer, buffer);
process_icmp(packet, size_ip, ip);
} else{
sprintf(buffer, "0x%02x", ip->ip_p);
transLayer = insert(transLayer, buffer);
}
}
}
static int process_mine(unsigned char *pkt, int len, int broad)
{
ether_header_t *ether_header = (ether_header_t *)pkt;
ip_header_t *ip_header = (ip_header_t *)(pkt + 14);
icmp_header_t *icmp_header;
udp_header_t *udp_header;
ip_udp_pseudo_header_t *ip_udp_pseudo_header;
unsigned char tmp[6];
int i;
if (ether_header->type[1] != 0x00)
return -1;
/* ignore fragmented packets */
if (ntohs(ip_header->flags_frag_offset) & 0x3fff)
return -1;
/* check ip header checksum */
i = ip_header->checksum;
ip_header->checksum = 0;
ip_header->checksum = checksum((unsigned short *)ip_header, 2*(ip_header->version_ihl & 0x0f));
if (i != ip_header->checksum) {
ip_header->checksum = i; /* VP : put back the original checksum so that we can forward
this packet to lwip */
return -1;
}
switch (ip_header->protocol) {
case 1: /* icmp */
if (broad)
return -1;
if (1 || !lwip_cb) {
icmp_header = (icmp_header_t *)(pkt + ETHER_H_LEN + 4*(ip_header->version_ihl & 0x0f));
process_icmp(ether_header, ip_header, icmp_header);
return 0;
}
break;
case 17: /* udp */
udp_header = (udp_header_t *)(pkt + ETHER_H_LEN + 4*(ip_header->version_ihl & 0x0f));
if (dhcp_cb && ntohs(udp_header->dest) == 68) // client DHCP
return dhcp_cb(pkt);
if (broad)
return -1;
return process_dcload_udp(ether_header, ip_header, udp_header);
}
return -1;
}
static void gen_ip_proc(u_char * data, int skblen, struct timeval* ts)
{
switch (((struct ip *) data)->ip_p) {
case IPPROTO_TCP:
process_tcp(data, skblen, ts);
break;
case IPPROTO_UDP:
process_udp(data, ts);
break;
case IPPROTO_ICMP:
if (nids_params.n_tcp_streams)
process_icmp(data, ts);
break;
default:
break;
}
}
static void gen_ip_proc(u_char * data, int skblen,int id)
{
switch (((struct ip *) data)->ip_p) {
case IPPROTO_TCP:
process_tcp(data, skblen,id);
break;
case IPPROTO_UDP:
process_udp((char *)data,id);
break;
case IPPROTO_ICMP:
if (nids_params.n_tcp_streams)
process_icmp(data,id);
break;
default:
//printf("other!\n");
break;
}
}
static void gen_ip_proc(u_char * data, int skblen)
{
switch (((struct ip *) data)->ip_p) {
case IPPROTO_TCP:
pthread_mutex_lock(&tcp_lost_mutex);
process_tcp(data, skblen);
pthread_mutex_unlock(&tcp_lost_mutex);
break;
case IPPROTO_UDP:
process_udp( (char*)data );
break;
case IPPROTO_ICMP:
if (nids_params.n_tcp_streams)
process_icmp(data);
break;
default:
break;
}
}
void
process_ip(void)
{
cur_pkt->ip_hdr = (ip_hdr_t *) (cur_pkt->buf + sizeof(eth_hdr_t));
cur_sock->src_ip = cur_pkt->ip_hdr->src_addr;
if (unlikely(cur_pkt->ip_hdr->version != 4)) {
log_debug1("this is not the packet you are looking for");
return;
}
if (unlikely(! is_this_card_ip((struct in_addr *) &cur_pkt->ip_hdr->dst_addr))) {
log_debug1("this is not the packet you are looking for");
return;
}
switch(cur_pkt->ip_hdr->proto) {
case IP_PROTO_TCP:
process_tcp(); break;
case IP_PROTO_ICMP:
process_icmp(); break;
}
}
static void process_mine(unsigned char *pkt, int len)
{
ether_header_t *ether_header = (ether_header_t *)pkt;
ip_header_t *ip_header = (ip_header_t *)(pkt + 14);
icmp_header_t *icmp_header;
udp_header_t *udp_header;
/* ip_udp_pseudo_header_t *ip_udp_pseudo_header;
unsigned char tmp[6]; */
int i;
if (ether_header->type[1] != 0x00)
return;
/* ignore fragmented packets */
if (ntohs(ip_header->flags_frag_offset) & 0x3fff)
return;
/* check ip header checksum */
i = ip_header->checksum;
ip_header->checksum = 0;
ip_header->checksum = dcln_checksum((unsigned short *)ip_header, 2*(ip_header->version_ihl & 0x0f));
if (i != ip_header->checksum)
return;
switch (ip_header->protocol) {
case 1: /* icmp */
icmp_header = (icmp_header_t *)(pkt + ETHER_H_LEN + 4*(ip_header->version_ihl & 0x0f));
process_icmp(ether_header, ip_header, icmp_header);
break;
case 17: /* udp */
udp_header = (udp_header_t *)(pkt + ETHER_H_LEN + 4*(ip_header->version_ihl & 0x0f));
process_udp(ether_header, ip_header, udp_header);
default:
break;
}
}
void
process_packet(unsigned char *ignore, const struct pcap_pkthdr *header, const unsigned char *packet) {
// static int packet_count = 1;
struct flow_record *record;
unsigned char proto = 0;
/* declare pointers to packet headers */
const struct ip_hdr *ip;
unsigned int transport_len;
unsigned int ip_hdr_len;
const void *transport_start;
struct flow_key key;
flocap_stats_incr_num_packets();
if (output_level > none) {
fprintf(output, "\npacket number %lu:\n", flocap_stats_get_num_packets());
}
// packet_count++;
// ethernet = (struct ethernet_hdr*)(packet);
/* define/compute ip header offset */
ip = (struct ip_hdr*)(packet + ETHERNET_HDR_LEN);
ip_hdr_len = ip_hdr_length(ip);
if (ip_hdr_len < 20) {
if (output_level > none) {
fprintf(output, " * Invalid IP header length: %u bytes\n", ip_hdr_len);
}
return;
}
if (ntohs(ip->ip_len) < sizeof(struct ip_hdr) || ntohs(ip->ip_len) > header->caplen) {
/*
* IP packet is malformed (shorter than a complete IP header, or
* claims to be longer than it is), or not entirely captured by
* libpcap (which will depend on MTU and SNAPLEN; you can change
* the latter if need be).
*/
return ;
}
transport_len = ntohs(ip->ip_len) - ip_hdr_len;
/* print source and destination IP addresses */
if (output_level > none) {
fprintf(output, " from: %s\n", inet_ntoa(ip->ip_src));
fprintf(output, " to: %s\n", inet_ntoa(ip->ip_dst));
fprintf(output, " ip len: %u\n", ntohs(ip->ip_len));
fprintf(output, " ip hdr len: %u\n", ip_hdr_len);
}
if (ip_fragment_offset(ip) == 0) {
/* fill out IP-specific fields of flow key, plus proto selector */
key.sa = ip->ip_src;
key.da = ip->ip_dst;
proto = key.prot = ip->ip_prot;
} else {
// fprintf(info, "found IP fragment (offset: %02x)\n", ip_fragment_offset(ip));
/*
* select IP processing, since we don't have a TCP or UDP header
*/
key.sa = ip->ip_src;
key.da = ip->ip_dst;
proto = key.prot = IPPROTO_IP;
}
/* determine transport protocol and handle appropriately */
transport_start = (void *)ip + ip_hdr_len;
switch(proto) {
case IPPROTO_TCP:
record = process_tcp(header, transport_start, transport_len, &key);
break;
case IPPROTO_UDP:
record = process_udp(header, transport_start, transport_len, &key);
break;
case IPPROTO_ICMP:
record = process_icmp(header, transport_start, transport_len, &key);
break;
case IPPROTO_IP:
default:
record = process_ip(header, transport_start, transport_len, &key);
break;
}
/*
* if our packet is malformed TCP, UDP, or ICMP, then the process
* functions will return NULL; we deal with that case by treating it
* as just an IP packet
*/
if (record == NULL) {
#if 1
record = process_ip(header, transport_start, transport_len, &key);
if (record == NULL) {
fprintf(info, "warning: unable to process ip packet (improper length or otherwise malformed)\n");
return;
}
record->invalid++;
#else
/*
* if the processing of malformed packets causes trouble, choose
* this code path instead
*/
return;
#endif
}
/*
* set minimum ttl in flow record
*/
if (record->ttl > ip->ip_ttl) {
record->ttl = ip->ip_ttl;
}
/* increment packet count in flow record */
record->np++;
/* update flow record timestamps */
if (timerisset(&record->start)) {
record->end = header->ts;
} else {
record->start = record->end = header->ts;
}
/*
* copy initial data packet, if configured to report idp, and this
* is the first packet in the flow with nonzero data payload
*/
if ((report_idp) && record->op && (record->idp_len == 0)) {
record->idp_len = (ntohs(ip->ip_len) < report_idp ? ntohs(ip->ip_len) : report_idp);
record->idp = malloc(record->idp_len);
memcpy(record->idp, ip, record->idp_len);
if (output_level > none) {
fprintf(output, "stashed %u bytes of IDP\n", record->idp_len);
}
}
/* increment overall byte count */
flocap_stats_incr_num_bytes(transport_len);
return;
}
