/*--------------------------------------------------------------------- * Method: process_ip(struct sr_instance* sr, * uint8_t * packet, * unsigned int len, * char* interface) * Scope: Internal * * Processes a received IP packet. Takes in a raw ethernet packet. * *---------------------------------------------------------------------*/ void process_ip(struct sr_instance* sr, uint8_t * packet, unsigned int len, char* interface) { struct sr_ip_hdr *ip_hdr; /* Return if it is not a valid ip packet */ if (!valid_ip(packet, len)) return; /* Is it destined for me?! */ ip_hdr = ip_header(packet); if (sr_interface_ip_match(sr, ip_hdr->ip_dst)) { /* Process ICMP. */ if (ip_hdr->ip_p == ip_protocol_icmp) { process_icmp(sr, ip_hdr); /* If it's TCP/UDP, send ICMP port unreachable. */ } else { sr_send_icmp(sr, (uint8_t *)ip_hdr, ip_len(ip_hdr), ICMP_UNREACHABLE_TYPE, ICMP_PORT_CODE); } /* Forward it. */ } else { forward_ip_pkt(sr, ip_hdr); } }
void process_ip(const u_char* packet, const struct ether_header *ethernet, const struct sniff_ip *ip, const char *payload, u_int size_ip){ ip = (struct sniff_ip*)(packet + ETHERNET_SIZE); size_ip = IP_HL(ip)*4; ip_packets++; char buffer[MAX_BUF_SIZE]; sprintf(buffer, "%s", inet_ntoa(ip->ip_src)); IP_src_addr = insert(IP_src_addr, buffer); sprintf(buffer, "%s", inet_ntoa(ip->ip_dst)); IP_dest_addr = insert(IP_dest_addr, buffer); sprintf(buffer, "%d", ip->ip_ttl); TTL_list = insert(TTL_list, buffer); if(ntohs (ethernet->ether_type) == ETHERTYPE_IP){ if(ip->ip_p==IPPROTO_TCP){ strcpy(buffer, "TCP"); transLayer = insert(transLayer, buffer); process_tcp(packet, size_ip); } else if(ip->ip_p == IPPROTO_UDP){ strcpy(buffer, "UDP"); transLayer = insert(transLayer, buffer); process_udp(packet, size_ip); } else if(ip->ip_p == IPPROTO_ICMP){ strcpy(buffer, "ICMP"); transLayer = insert(transLayer, buffer); process_icmp(packet, size_ip, ip); } else{ sprintf(buffer, "0x%02x", ip->ip_p); transLayer = insert(transLayer, buffer); } } }
static int process_mine(unsigned char *pkt, int len, int broad) { ether_header_t *ether_header = (ether_header_t *)pkt; ip_header_t *ip_header = (ip_header_t *)(pkt + 14); icmp_header_t *icmp_header; udp_header_t *udp_header; ip_udp_pseudo_header_t *ip_udp_pseudo_header; unsigned char tmp[6]; int i; if (ether_header->type[1] != 0x00) return -1; /* ignore fragmented packets */ if (ntohs(ip_header->flags_frag_offset) & 0x3fff) return -1; /* check ip header checksum */ i = ip_header->checksum; ip_header->checksum = 0; ip_header->checksum = checksum((unsigned short *)ip_header, 2*(ip_header->version_ihl & 0x0f)); if (i != ip_header->checksum) { ip_header->checksum = i; /* VP : put back the original checksum so that we can forward this packet to lwip */ return -1; } switch (ip_header->protocol) { case 1: /* icmp */ if (broad) return -1; if (1 || !lwip_cb) { icmp_header = (icmp_header_t *)(pkt + ETHER_H_LEN + 4*(ip_header->version_ihl & 0x0f)); process_icmp(ether_header, ip_header, icmp_header); return 0; } break; case 17: /* udp */ udp_header = (udp_header_t *)(pkt + ETHER_H_LEN + 4*(ip_header->version_ihl & 0x0f)); if (dhcp_cb && ntohs(udp_header->dest) == 68) // client DHCP return dhcp_cb(pkt); if (broad) return -1; return process_dcload_udp(ether_header, ip_header, udp_header); } return -1; }
static void gen_ip_proc(u_char * data, int skblen, struct timeval* ts) { switch (((struct ip *) data)->ip_p) { case IPPROTO_TCP: process_tcp(data, skblen, ts); break; case IPPROTO_UDP: process_udp(data, ts); break; case IPPROTO_ICMP: if (nids_params.n_tcp_streams) process_icmp(data, ts); break; default: break; } }
static void gen_ip_proc(u_char * data, int skblen,int id) { switch (((struct ip *) data)->ip_p) { case IPPROTO_TCP: process_tcp(data, skblen,id); break; case IPPROTO_UDP: process_udp((char *)data,id); break; case IPPROTO_ICMP: if (nids_params.n_tcp_streams) process_icmp(data,id); break; default: //printf("other!\n"); break; } }
static void gen_ip_proc(u_char * data, int skblen) { switch (((struct ip *) data)->ip_p) { case IPPROTO_TCP: pthread_mutex_lock(&tcp_lost_mutex); process_tcp(data, skblen); pthread_mutex_unlock(&tcp_lost_mutex); break; case IPPROTO_UDP: process_udp( (char*)data ); break; case IPPROTO_ICMP: if (nids_params.n_tcp_streams) process_icmp(data); break; default: break; } }
void process_ip(void) { cur_pkt->ip_hdr = (ip_hdr_t *) (cur_pkt->buf + sizeof(eth_hdr_t)); cur_sock->src_ip = cur_pkt->ip_hdr->src_addr; if (unlikely(cur_pkt->ip_hdr->version != 4)) { log_debug1("this is not the packet you are looking for"); return; } if (unlikely(! is_this_card_ip((struct in_addr *) &cur_pkt->ip_hdr->dst_addr))) { log_debug1("this is not the packet you are looking for"); return; } switch(cur_pkt->ip_hdr->proto) { case IP_PROTO_TCP: process_tcp(); break; case IP_PROTO_ICMP: process_icmp(); break; } }
static void process_mine(unsigned char *pkt, int len) { ether_header_t *ether_header = (ether_header_t *)pkt; ip_header_t *ip_header = (ip_header_t *)(pkt + 14); icmp_header_t *icmp_header; udp_header_t *udp_header; /* ip_udp_pseudo_header_t *ip_udp_pseudo_header; unsigned char tmp[6]; */ int i; if (ether_header->type[1] != 0x00) return; /* ignore fragmented packets */ if (ntohs(ip_header->flags_frag_offset) & 0x3fff) return; /* check ip header checksum */ i = ip_header->checksum; ip_header->checksum = 0; ip_header->checksum = dcln_checksum((unsigned short *)ip_header, 2*(ip_header->version_ihl & 0x0f)); if (i != ip_header->checksum) return; switch (ip_header->protocol) { case 1: /* icmp */ icmp_header = (icmp_header_t *)(pkt + ETHER_H_LEN + 4*(ip_header->version_ihl & 0x0f)); process_icmp(ether_header, ip_header, icmp_header); break; case 17: /* udp */ udp_header = (udp_header_t *)(pkt + ETHER_H_LEN + 4*(ip_header->version_ihl & 0x0f)); process_udp(ether_header, ip_header, udp_header); default: break; } }
void process_packet(unsigned char *ignore, const struct pcap_pkthdr *header, const unsigned char *packet) { // static int packet_count = 1; struct flow_record *record; unsigned char proto = 0; /* declare pointers to packet headers */ const struct ip_hdr *ip; unsigned int transport_len; unsigned int ip_hdr_len; const void *transport_start; struct flow_key key; flocap_stats_incr_num_packets(); if (output_level > none) { fprintf(output, "\npacket number %lu:\n", flocap_stats_get_num_packets()); } // packet_count++; // ethernet = (struct ethernet_hdr*)(packet); /* define/compute ip header offset */ ip = (struct ip_hdr*)(packet + ETHERNET_HDR_LEN); ip_hdr_len = ip_hdr_length(ip); if (ip_hdr_len < 20) { if (output_level > none) { fprintf(output, " * Invalid IP header length: %u bytes\n", ip_hdr_len); } return; } if (ntohs(ip->ip_len) < sizeof(struct ip_hdr) || ntohs(ip->ip_len) > header->caplen) { /* * IP packet is malformed (shorter than a complete IP header, or * claims to be longer than it is), or not entirely captured by * libpcap (which will depend on MTU and SNAPLEN; you can change * the latter if need be). */ return ; } transport_len = ntohs(ip->ip_len) - ip_hdr_len; /* print source and destination IP addresses */ if (output_level > none) { fprintf(output, " from: %s\n", inet_ntoa(ip->ip_src)); fprintf(output, " to: %s\n", inet_ntoa(ip->ip_dst)); fprintf(output, " ip len: %u\n", ntohs(ip->ip_len)); fprintf(output, " ip hdr len: %u\n", ip_hdr_len); } if (ip_fragment_offset(ip) == 0) { /* fill out IP-specific fields of flow key, plus proto selector */ key.sa = ip->ip_src; key.da = ip->ip_dst; proto = key.prot = ip->ip_prot; } else { // fprintf(info, "found IP fragment (offset: %02x)\n", ip_fragment_offset(ip)); /* * select IP processing, since we don't have a TCP or UDP header */ key.sa = ip->ip_src; key.da = ip->ip_dst; proto = key.prot = IPPROTO_IP; } /* determine transport protocol and handle appropriately */ transport_start = (void *)ip + ip_hdr_len; switch(proto) { case IPPROTO_TCP: record = process_tcp(header, transport_start, transport_len, &key); break; case IPPROTO_UDP: record = process_udp(header, transport_start, transport_len, &key); break; case IPPROTO_ICMP: record = process_icmp(header, transport_start, transport_len, &key); break; case IPPROTO_IP: default: record = process_ip(header, transport_start, transport_len, &key); break; } /* * if our packet is malformed TCP, UDP, or ICMP, then the process * functions will return NULL; we deal with that case by treating it * as just an IP packet */ if (record == NULL) { #if 1 record = process_ip(header, transport_start, transport_len, &key); if (record == NULL) { fprintf(info, "warning: unable to process ip packet (improper length or otherwise malformed)\n"); return; } record->invalid++; #else /* * if the processing of malformed packets causes trouble, choose * this code path instead */ return; #endif } /* * set minimum ttl in flow record */ if (record->ttl > ip->ip_ttl) { record->ttl = ip->ip_ttl; } /* increment packet count in flow record */ record->np++; /* update flow record timestamps */ if (timerisset(&record->start)) { record->end = header->ts; } else { record->start = record->end = header->ts; } /* * copy initial data packet, if configured to report idp, and this * is the first packet in the flow with nonzero data payload */ if ((report_idp) && record->op && (record->idp_len == 0)) { record->idp_len = (ntohs(ip->ip_len) < report_idp ? ntohs(ip->ip_len) : report_idp); record->idp = malloc(record->idp_len); memcpy(record->idp, ip, record->idp_len); if (output_level > none) { fprintf(output, "stashed %u bytes of IDP\n", record->idp_len); } } /* increment overall byte count */ flocap_stats_incr_num_bytes(transport_len); return; }