/* Ethernet datalink handler; used by all 10 and 100 mbit/sec
* ethernet. We are given the entire ethernet header so we check to
* make sure it's marked as being IP. */
void dl_ethernet(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
{
u_int caplen = h->caplen;
u_int length = h->len;
struct ether_header *eth_header = (struct ether_header *) p;
if (length != caplen) {
DEBUG(6) ("warning: only captured %d bytes of %d byte ether frame",
caplen, length);
}
if (caplen < sizeof(struct ether_header)) {
DEBUG(6) ("warning: received incomplete ethernet frame");
return;
}
/* we're only expecting IP datagrams, nothing else */
if (ntohs(eth_header->ether_type) != ETHERTYPE_IP) {
DEBUG(6) ("warning: received ethernet frame with unknown type %x",
ntohs(eth_header->ether_type));
return;
}
process_ip(p + sizeof(struct ether_header),
caplen - sizeof(struct ether_header), (struct timeval*) &h->ts);
}
/*---------------------------------------------------------------------
* Method: sr_handlepacket(uint8_t* p,char* interface)
* Scope: Global
*
* This method is called each time the router receives a packet on the
* interface. The packet buffer, the packet length and the receiving
* interface are passed in as parameters. The packet is complete with
* ethernet headers.
*
* Note: Both the packet buffer and the character's memory are handled
* by sr_vns_comm.c that means do NOT delete either. Make a copy of the
* packet instead if you intend to keep it around beyond the scope of
* the method call.
*
*---------------------------------------------------------------------*/
void sr_handlepacket(struct sr_instance* sr,
uint8_t * packet/* lent */,
unsigned int len,
char* interface/* lent */)
{
/* REQUIRES */
assert(sr);
assert(packet);
assert(interface);
printf("*** -> Received packet of length %d \n",len);
/* Ensure that the length is at least enough for an ethernet header */
if (len < sizeof(struct sr_ethernet_hdr))
return;
/* Handle ARP packet */
if (ethertype(packet) == ethertype_arp) {
process_arp(sr, packet, len, interface);
/* Handle IP packet */
} else {
process_ip(sr, packet, len, interface);
}
}/* end sr_ForwardPacket */
void dl_null(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
{
u_int caplen = h->caplen;
u_int length = h->len;
u_int family;
if (length != caplen) {
DEBUG(6) ("warning: only captured %d bytes of %d byte null frame",
caplen, length);
}
if (caplen < NULL_HDRLEN) {
DEBUG(6) ("warning: received incomplete null frame");
return;
}
/* One of the symptoms of a broken DLT_NULL is that this value is
* not set correctly, so we don't check for it -- instead, just
* assume everything is IP. --JE 20 April 1999*/
#ifndef DLT_NULL_BROKEN
/* make sure this is AF_INET */
memcpy((char *)&family, (char *)p, sizeof(family));
family = ntohl(family);
if (family != AF_INET && family != AF_LOOPBACK) {
DEBUG(6) ("warning: received non-AF_INET null frame (type %d)", family);
return;
}
#endif
process_ip(p + NULL_HDRLEN, caplen - NULL_HDRLEN, (struct timeval*) &h->ts);
}
void process_ether(char *ether)
{
int i;
pkt->eth_head = (struct ether_header *)ether;
printf("Packet destination MAC is:");
for(i=0; i<6; i++){
printf("%02X ", pkt->eth_head->ether_dhost[i]);
}
printf("\n");
printf("Packet source MAC is:");
for(i=0; i<6; i++){
printf("%02X ", pkt->eth_head->ether_shost[i]);
}
printf("\n");
printf("Packet next layer is %04X\n", pkt->eth_head->ether_type);
tmp_pkt = ether + sizeof(struct ether_header);
length -= sizeof(struct ether_header);
switch(pkt->eth_head->ether_type){
case 0x0008:
process_ip(tmp_pkt);
break;
default:
break;
}
}
/* DLT_RAW: just a raw IP packet, no encapsulation or link-layer
* headers. Used for PPP connections under some OSs including Linux
* and IRIX. */
void dl_raw(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
{
u_int caplen = h->caplen;
u_int length = h->len;
if (length != caplen) {
DEBUG(6) ("warning: only captured %d bytes of %d byte raw frame",
caplen, length);
}
process_ip(p, caplen, (struct timeval*) &h->ts);
}
void
process_packet(unsigned char *user, const struct pcap_pkthdr *header,
const unsigned char *packet)
{
pcap_t *pcap;
const struct sll_header *sll;
const struct ether_header *ether_header;
const struct ip *ip;
unsigned short packet_type;
pcap = (pcap_t *) user;
// Parse packet
switch (pcap_datalink(pcap)) {
case DLT_LINUX_SLL:
sll = (struct sll_header *) packet;
packet_type = ntohs(sll->sll_protocol);
ip = (const struct ip *) (packet + sizeof(struct sll_header));
break;
case DLT_EN10MB:
ether_header = (struct ether_header *) packet;
packet_type = ntohs(ether_header->ether_type);
ip = (const struct ip *) (packet + sizeof(struct ether_header));
break;
case DLT_RAW:
packet_type = ETHERTYPE_IP; //This is raw ip
ip = (const struct ip *) packet;
break;
default:
return;
}
if (packet_type != ETHERTYPE_IP)
return;
if (capture_file)
output_offline_update(header->ts);
process_ip(pcap, ip, header->ts);
}
void dl_linux_sll(u_char *user, const struct pcap_pkthdr *h, const u_char *p){
u_int caplen = h->caplen;
u_int length = h->len;
if (length != caplen) {
DEBUG(6) ("warning: only captured %d bytes of %d byte Linux cooked frame",
caplen, length);
}
if (caplen < SLL_HDR_LEN) {
DEBUG(6) ("warning: received incomplete Linux cooked frame");
return;
}
process_ip(p + SLL_HDR_LEN, caplen - SLL_HDR_LEN, (struct timeval*) &h->ts);
}
void dl_ppp(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
{
u_int caplen = h->caplen;
u_int length = h->len;
if (length != caplen) {
DEBUG(6) ("warning: only captured %d bytes of %d byte PPP frame",
caplen, length);
}
if (caplen < PPP_HDRLEN) {
DEBUG(6) ("warning: received incomplete PPP frame");
return;
}
process_ip(p + PPP_HDRLEN, caplen - PPP_HDRLEN, (struct timeval*) &h->ts);
}
int recv_dgram ()
{
int err;
socklen_t len;
ssize_t n;
struct ip *ip;
int maxfdp1 = max (recvfd, pipefd[0]) + 1;
fd_set rset[1];
FD_ZERO (rset);
alarm(3); /* set the timeout alarm to handle dropped packets */
while (1) {
FD_SET (recvfd, rset);
FD_SET (pipefd[0], rset);
n = select (maxfdp1, rset, NULL, NULL, NULL);
if (n < 0 && errno != EINTR) {
err_sys ("select error");
}
if (FD_ISSET (recvfd, rset)) {
len = salen;
n = recvfrom (recvfd, recvbuf, sizeof(recvbuf), 0, sarecv, &len);
err = errno;
Gettimeofday (recvtv, NULL); /* get time of packet arrival */
if (n < 0 && err != EAGAIN) {
err_sys ("recvfrom error");
}
}
if (FD_ISSET (pipefd[0], rset)) {
Read (pipefd[0], &n, 1);
return -3; /* timeout */
}
ip = (struct ip *) recvbuf;
return process_ip (ip, n);
}
}
void my_callback(u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* packet) {
const struct ether_header *ethernet; /* The ethernet header */
const struct sniff_ip *ip; /* The IP header */
const char *payload; /* Packet payload */
char buffer[MAX_BUF_SIZE];
char ip_addr[MAX_BUF_SIZE];
struct arp_hdr *arpheader = NULL; /* Pointer to the ARP header */
get_time = pkthdr->ts;
time_buffer_usec = (long)get_time.tv_usec;
time_buffer_sec = (long)get_time.tv_sec;
time_buffer_usec += time_buffer_sec*1000000;
if(time_buffer_usec < min){
min = time_buffer_usec;
start_time = get_time;
strftime(timebuffer,30,"%Y-%m-%d %T.",localtime(&time_buffer_sec));
}
if(time_buffer_usec > max)
max = time_buffer_usec;
start_date=get_time.tv_sec;
u_int size_ip;
int len = pkthdr->len;
packets++;
total_bytes += len;
if (len < smallest_pkt)
smallest_pkt = len;
if (len > largest_pkt)
largest_pkt = len;
ethernet = (struct ether_header*)(packet);
sprintf(buffer, "%02x:%02x:%02x:%02x:%02x:%02x", (unsigned int) ethernet->ether_dhost[0],
(unsigned int) ethernet->ether_dhost[1], (unsigned int) ethernet->ether_dhost[2],
(unsigned int) ethernet->ether_dhost[3],(unsigned int) ethernet->ether_dhost[4],
(unsigned int) ethernet->ether_dhost[5]);
eth_dest_addr = insert(eth_dest_addr, buffer);
//arp_participants = insert_arp_node(arp_participants, buffer, inet_ntoa(ip->ip_dst));
sprintf(buffer, "%02x:%02x:%02x:%02x:%02x:%02x", (unsigned int) ethernet->ether_shost[0],
(unsigned int) ethernet->ether_shost[1], (unsigned int) ethernet->ether_shost[2],
(unsigned int) ethernet->ether_shost[3],(unsigned int) ethernet->ether_shost[4],
(unsigned int) ethernet->ether_shost[5]);
eth_src_addr = insert(eth_src_addr, buffer);
//arp_participants = insert_arp_node(arp_participants, buffer, inet_ntoa(ip->ip_src));
if(ntohs (ethernet->ether_type) == ETHERTYPE_IP) {
process_ip(packet, ethernet, ip, payload, size_ip);
net_layer = insert(net_layer, "IP");
} else if(ntohs (ethernet->ether_type) == ETHERTYPE_ARP) {
net_layer = insert(net_layer, "ARP");
arpheader = (struct arp_hdr *)(packet+14); /* Point to the ARP header */
/* If is Ethernet and IPv4, print packet contents */
if (ntohs(arpheader->htype) == 1 && ntohs(arpheader->ptype) == 0x0800) {
sprintf(buffer, "%02x:%02x:%02x:%02x:%02x:%02x", (unsigned int) arpheader->sha[0],
(unsigned int) arpheader->sha[1], (unsigned int) arpheader->sha[2],
(unsigned int) arpheader->sha[3],(unsigned int) arpheader->sha[4],
(unsigned int) arpheader->sha[5]);
sprintf(ip_addr, "%d.%d.%d.%d", arpheader->spa[0], arpheader->spa[1], arpheader->spa[2],
arpheader->spa[3]);
arp_participants = insert_arp_node(arp_participants, buffer, ip_addr);
}
} else {
sprintf(buffer, "0x%04x", ntohs(ethernet->ether_type));
net_layer = insert(net_layer, buffer);
}
}
void
process_packet(unsigned char *ignore, const struct pcap_pkthdr *header, const unsigned char *packet) {
// static int packet_count = 1;
struct flow_record *record;
unsigned char proto = 0;
/* declare pointers to packet headers */
const struct ip_hdr *ip;
unsigned int transport_len;
unsigned int ip_hdr_len;
const void *transport_start;
struct flow_key key;
flocap_stats_incr_num_packets();
if (output_level > none) {
fprintf(output, "\npacket number %lu:\n", flocap_stats_get_num_packets());
}
// packet_count++;
// ethernet = (struct ethernet_hdr*)(packet);
/* define/compute ip header offset */
ip = (struct ip_hdr*)(packet + ETHERNET_HDR_LEN);
ip_hdr_len = ip_hdr_length(ip);
if (ip_hdr_len < 20) {
if (output_level > none) {
fprintf(output, " * Invalid IP header length: %u bytes\n", ip_hdr_len);
}
return;
}
if (ntohs(ip->ip_len) < sizeof(struct ip_hdr) || ntohs(ip->ip_len) > header->caplen) {
/*
* IP packet is malformed (shorter than a complete IP header, or
* claims to be longer than it is), or not entirely captured by
* libpcap (which will depend on MTU and SNAPLEN; you can change
* the latter if need be).
*/
return ;
}
transport_len = ntohs(ip->ip_len) - ip_hdr_len;
/* print source and destination IP addresses */
if (output_level > none) {
fprintf(output, " from: %s\n", inet_ntoa(ip->ip_src));
fprintf(output, " to: %s\n", inet_ntoa(ip->ip_dst));
fprintf(output, " ip len: %u\n", ntohs(ip->ip_len));
fprintf(output, " ip hdr len: %u\n", ip_hdr_len);
}
if (ip_fragment_offset(ip) == 0) {
/* fill out IP-specific fields of flow key, plus proto selector */
key.sa = ip->ip_src;
key.da = ip->ip_dst;
proto = key.prot = ip->ip_prot;
} else {
// fprintf(info, "found IP fragment (offset: %02x)\n", ip_fragment_offset(ip));
/*
* select IP processing, since we don't have a TCP or UDP header
*/
key.sa = ip->ip_src;
key.da = ip->ip_dst;
proto = key.prot = IPPROTO_IP;
}
/* determine transport protocol and handle appropriately */
transport_start = (void *)ip + ip_hdr_len;
switch(proto) {
case IPPROTO_TCP:
record = process_tcp(header, transport_start, transport_len, &key);
break;
case IPPROTO_UDP:
record = process_udp(header, transport_start, transport_len, &key);
break;
case IPPROTO_ICMP:
record = process_icmp(header, transport_start, transport_len, &key);
break;
case IPPROTO_IP:
default:
record = process_ip(header, transport_start, transport_len, &key);
break;
}
/*
* if our packet is malformed TCP, UDP, or ICMP, then the process
* functions will return NULL; we deal with that case by treating it
* as just an IP packet
*/
if (record == NULL) {
#if 1
record = process_ip(header, transport_start, transport_len, &key);
if (record == NULL) {
fprintf(info, "warning: unable to process ip packet (improper length or otherwise malformed)\n");
return;
}
record->invalid++;
#else
/*
* if the processing of malformed packets causes trouble, choose
* this code path instead
*/
return;
#endif
}
/*
* set minimum ttl in flow record
*/
if (record->ttl > ip->ip_ttl) {
record->ttl = ip->ip_ttl;
}
/* increment packet count in flow record */
record->np++;
/* update flow record timestamps */
if (timerisset(&record->start)) {
record->end = header->ts;
} else {
record->start = record->end = header->ts;
}
/*
* copy initial data packet, if configured to report idp, and this
* is the first packet in the flow with nonzero data payload
*/
if ((report_idp) && record->op && (record->idp_len == 0)) {
record->idp_len = (ntohs(ip->ip_len) < report_idp ? ntohs(ip->ip_len) : report_idp);
record->idp = malloc(record->idp_len);
memcpy(record->idp, ip, record->idp_len);
if (output_level > none) {
fprintf(output, "stashed %u bytes of IDP\n", record->idp_len);
}
}
/* increment overall byte count */
flocap_stats_incr_num_bytes(transport_len);
return;
}
int MAIN(net_test, int argc, char** argv) {
const char* version = "net_test (KaOS shell builtins) 0.1\n"
"C0d3d by Kaos crew \n\nThis is free software\n";
const char* usage = "Usage: net_test\n"
"Report bugs to <*****@*****.**>.\n";
int opt_ip = 0;
int opt_read = 0;
int opt_write = 0;
int i;
int none = 1;
for(i=1; i<argc; i++) {
none = 0;
if(!(strcmp(argv[i], "--help"))) {
printf("%s", usage);
return 0;
} else if(!(strcmp(argv[i], "--version"))) {
printf("%s", version);
return 0;
} else if(!(strcmp(argv[i], "-r") && strcmp(argv[i], "--read"))) {
opt_read = 1;
} else if(!(strcmp(argv[i], "-i") && strcmp(argv[i], "--ip"))) {
opt_ip = 1;
} else if(!(strcmp(argv[i], "-w") && strcmp(argv[i], "--write"))) {
opt_write = 1;
}
}
int res;
if(opt_ip) {
process_ip();
} else if(opt_read) {
int fd = open("/Devices/Pcnet32/0", 0);
// read test
while(1) {
memset(buff, 0, 1500);
res = read(fd, buff, 1500);
if(res>0) {
char *needle = "f";
int hi = 1500;
int len = strlen(needle);
int i;
//for(i=0; i < hi; i++){
// if(strncmp(buff+i, needle, len) == 0) {
//hexdump(buff,res);
printf("res = %d\n", res);
// break;
// }
//}
}
}
close(fd);
} else if(opt_write) {
int fd = open("/Devices/Pcnet32/0", 1);
int ret=0;
int i=5;
// read test
while (i--){
memset(buff, 0x02, 1500);
ret=make_arp(buff);
res = write(fd, buff, ret);
if(res>0) {
// hexdump(buff,res + 16);
xprintf("write res=%d , ret=%d \n",res,ret);
}
}
close(fd);
}
return 0;
}
