int analyze_packet(u_char *data, int size) { u_char *mdata = data; int msize = size; struct ether_header *eth = (struct ether_header *)mdata; if (msize < sizeof(struct ether_header)) return(-1); if (ntohs(eth->ether_type) == ETHERTYPE_ARP) { fprintf(stdout, "Ethertype ARP Packet = %d bytes\n", size); //print_ether_header(eth, stdout); analyze_arp(mdata+sizeof(struct ether_header), msize-sizeof(struct ether_header)); } else if (ntohs(eth->ether_type) == ETHERTYPE_IP) { if (IPFLAG == 1) { fprintf(stdout, "Ethertype IP Packet = %d bytes\n", size); print_ether_header(eth, stdout); analyze_ip(mdata+sizeof(struct ether_header), msize-sizeof(struct ether_header)); } } else if (ntohs(eth->ether_type) == ETHERTYPE_IPV6) { fprintf(stdout, "EtherType IPv6 Packet = %d bytes\n", size); } else { fprintf(stdout, "Unknown Packet = %d bytes\n", size); } return(0); }
void process_packet(u_char *user, const struct pcap_pkthdr *pkthdr, const u_char *packet) { static int packet_count = 0; static struct timeval first_packet_ts; time_t ref_tv_sec; time_t ref_tv_usec; if (packet_count == 0) { first_packet_ts = pkthdr->ts; ref_tv_sec = 0; ref_tv_usec = 0; } else { if (first_packet_ts.tv_usec > pkthdr->ts.tv_usec) { ref_tv_sec = pkthdr->ts.tv_sec - first_packet_ts.tv_sec - 1; ref_tv_usec = 1000000 - first_packet_ts.tv_usec + pkthdr->ts.tv_usec; } else { ref_tv_sec = pkthdr->ts.tv_sec - first_packet_ts.tv_sec; ref_tv_usec = pkthdr->ts.tv_usec - first_packet_ts.tv_usec; } } printf("=======================================================\n"); /* print headers */ print_pcap_packet_info(packet_count, ref_tv_sec, ref_tv_usec, pkthdr->len); /* print payload */ print_payload(packet, pkthdr->len); /* print headers */ print_ether_header(packet); print_ip_header(packet); print_tcp_header(packet); printf("=======================================================\n\n"); packet_count++; }
static int analyze_packet(int device_no, u_char *data, int size) { u_char *ptr; int lest; struct ether_header *eh; char buf[80]; int tno; u_char hwaddr[6]; ptr = data; lest = size; if (lest < sizeof(struct ether_header)) { /* Packet size must be above or equal to ethernet header's. */ debug_printf("[%d]:lest(%d)<sizeof(struct ether_header)\n", device_no, lest); return -1; } eh = (struct ether_header *)ptr; ptr += sizeof(struct ether_header); lest -= sizeof(struct ether_header); if (memcmp(&eh->ether_dhost, device[device_no].hwaddr, 6) != 0) { //debug_printf("[%d]:dhost not match %s\n", device_no, ether_ntoa((u_char*)&eh->ether_dhost, buf, sizeof(buf))); return -1; } //debug_printf("[%d]:dhost match %s\n", device_no, ether_ntoa((u_char*)&eh->ether_dhost, buf, sizeof(buf))); #ifdef CONFIG_DEBUG print_ether_header(eh, stderr); #endif if (ntohs(eh->ether_type) == ETHERTYPE_ARP) { /* Recieved ARP type packet */ struct ether_arp *arp; if (lest < sizeof(struct ether_arp)) { /* Packet size must be above or equal to ethernet header's. */ debug_printf("[%d]:lest(%d)<sizeof(struct ether_header)\n", device_no, lest); return -1; } arp = (struct ether_arp *)ptr; ptr += sizeof(struct ether_arp); lest -= sizeof(struct ether_arp); if (arp->arp_op == htons(ARPOP_REQUEST)) { debug_printf("[%d]recv:ARP REQUEST:%dbytes\n",device_no, size); ip_2_mac(device_no, *(in_addr_t *)arp->arp_spa, arp->arp_sha); } if (arp->arp_op == htons(ARPOP_REPLY)) { debug_printf("[%d]recv:ARP REPLY:%dbytes\n",device_no, size); ip_2_mac(device_no, *(in_addr_t *)arp->arp_spa, arp->arp_sha); } } else if (ntohs(eh->ether_type) == ETHERTYPE_IP) { /* Recieved IP packet */ struct iphdr *iphdr; u_char option[1500]; int option_len; if (lest < sizeof(struct iphdr)) { /* Packet size must be above or equal to ethernet header's. */ debug_printf("[%d]:lest(%d)<sizeof(struct iphdr)\n", device_no, lest); return -1; } iphdr = (struct iphdr *)ptr; ptr += sizeof(struct iphdr); lest -= sizeof(struct iphdr); option_len = iphdr->ihl * 4 - sizeof(struct iphdr); if (option_len > 0) { if (option_len >= 1500) { debug_printf("[%d]: IP option_len(%d): too big\n", device_no, option_len); return -1; } memcpy(option, ptr, option_len); ptr += option_len; lest -= option_len; } if (check_ip_checksum(iphdr, option, option_len) == 0) { debug_printf("[%d]: bad IP checksum\n",device_no); return -1; } if (iphdr->ttl - 1 == 0) { /* TTL has expired. Router must notice edge user it by ICMP. */ debug_printf("[%d]: iphdr->ttl == 0 error\n",device_no); send_icmp_time_exceeded(device_no, eh, iphdr, data, size); return -1; } tno = get_opposite_dev(device_no); debug_printf("[%d] %s -> ",device_no,in_addr_t2str(iphdr->saddr, buf, sizeof(buf))); debug_printf("%s\n",in_addr_t2str(iphdr->daddr, buf, sizeof(buf))); // debug_printf("[%d] %s\n", device_no, in_addr_t2str(device[tno].netmask.s_addr, buf, sizeof(buf))); // debug_printf("[%d] subnet:%s\n", device_no, in_addr_t2str(device[tno].subnet.s_addr, buf, sizeof(buf))); if ((iphdr->daddr & device[tno].netmask.s_addr) == device[tno].subnet.s_addr) { /* Same subnet network */ IP2MAC *ip2mac; debug_printf("[%d]:%s to target segment\n", device_no, in_addr_t2str(iphdr->daddr, buf, sizeof(buf))); debug_printf("[%d]:%s\n",device_no, in_addr_t2str(device[device_no].addr.s_addr, buf, sizeof(buf))); if (iphdr->daddr == device[tno].addr.s_addr) { debug_printf("[%d]:recv:myaddr\n",device_no); return -1; } ip2mac = ip_2_mac(tno, iphdr->daddr, NULL); if (ip2mac->flag == FLAG_NG || ip2mac->sd.dno != 0) { debug_printf("[%d]Ip2Mac: error or sending\n", device_no); append_send_data(ip2mac, 1, iphdr->daddr, data, size); return -1; } else { memcpy(hwaddr, ip2mac->hwaddr, 6); } } else { /* Differenct subnet network */ IP2MAC *ip2mac; debug_printf("[%d]:%s to different segment\n", device_no, in_addr_t2str(iphdr->daddr, buf, sizeof(buf))); ip2mac = ip_2_mac(tno, next_router.s_addr, NULL); if (ip2mac->flag == FLAG_NG || ip2mac->sd.dno != 0) { debug_printf("[%d]:Ip2Mac: error or sending\n", device_no); append_send_data(ip2mac, 1, next_router.s_addr, data, size); return -1; } else { memcpy(hwaddr, ip2mac->hwaddr, 6); } } /* Finally we can send packet to next router. */ memcpy(eh->ether_dhost, hwaddr, 6); memcpy(eh->ether_shost, device[tno].hwaddr, 6); iphdr->ttl--; iphdr->check = 0; iphdr->check = checksum2((u_char *)iphdr, sizeof(struct iphdr), option, option_len); write(device[tno].soc, data, size); } return 0; }