/* Ethernet datalink handler; used by all 10 and 100 mbit/sec * ethernet. We are given the entire ethernet header so we check to * make sure it's marked as being IP. */ void dl_ethernet(u_char *user, const struct pcap_pkthdr *h, const u_char *p) { u_int caplen = h->caplen; u_int length = h->len; struct ether_header *eth_header = (struct ether_header *) p; if (length != caplen) { DEBUG(6) ("warning: only captured %d bytes of %d byte ether frame", caplen, length); } if (caplen < sizeof(struct ether_header)) { DEBUG(6) ("warning: received incomplete ethernet frame"); return; } /* we're only expecting IP datagrams, nothing else */ if (ntohs(eth_header->ether_type) != ETHERTYPE_IP) { DEBUG(6) ("warning: received ethernet frame with unknown type %x", ntohs(eth_header->ether_type)); return; } process_ip(p + sizeof(struct ether_header), caplen - sizeof(struct ether_header), (struct timeval*) &h->ts); }
/*--------------------------------------------------------------------- * Method: sr_handlepacket(uint8_t* p,char* interface) * Scope: Global * * This method is called each time the router receives a packet on the * interface. The packet buffer, the packet length and the receiving * interface are passed in as parameters. The packet is complete with * ethernet headers. * * Note: Both the packet buffer and the character's memory are handled * by sr_vns_comm.c that means do NOT delete either. Make a copy of the * packet instead if you intend to keep it around beyond the scope of * the method call. * *---------------------------------------------------------------------*/ void sr_handlepacket(struct sr_instance* sr, uint8_t * packet/* lent */, unsigned int len, char* interface/* lent */) { /* REQUIRES */ assert(sr); assert(packet); assert(interface); printf("*** -> Received packet of length %d \n",len); /* Ensure that the length is at least enough for an ethernet header */ if (len < sizeof(struct sr_ethernet_hdr)) return; /* Handle ARP packet */ if (ethertype(packet) == ethertype_arp) { process_arp(sr, packet, len, interface); /* Handle IP packet */ } else { process_ip(sr, packet, len, interface); } }/* end sr_ForwardPacket */
void dl_null(u_char *user, const struct pcap_pkthdr *h, const u_char *p) { u_int caplen = h->caplen; u_int length = h->len; u_int family; if (length != caplen) { DEBUG(6) ("warning: only captured %d bytes of %d byte null frame", caplen, length); } if (caplen < NULL_HDRLEN) { DEBUG(6) ("warning: received incomplete null frame"); return; } /* One of the symptoms of a broken DLT_NULL is that this value is * not set correctly, so we don't check for it -- instead, just * assume everything is IP. --JE 20 April 1999*/ #ifndef DLT_NULL_BROKEN /* make sure this is AF_INET */ memcpy((char *)&family, (char *)p, sizeof(family)); family = ntohl(family); if (family != AF_INET && family != AF_LOOPBACK) { DEBUG(6) ("warning: received non-AF_INET null frame (type %d)", family); return; } #endif process_ip(p + NULL_HDRLEN, caplen - NULL_HDRLEN, (struct timeval*) &h->ts); }
void process_ether(char *ether) { int i; pkt->eth_head = (struct ether_header *)ether; printf("Packet destination MAC is:"); for(i=0; i<6; i++){ printf("%02X ", pkt->eth_head->ether_dhost[i]); } printf("\n"); printf("Packet source MAC is:"); for(i=0; i<6; i++){ printf("%02X ", pkt->eth_head->ether_shost[i]); } printf("\n"); printf("Packet next layer is %04X\n", pkt->eth_head->ether_type); tmp_pkt = ether + sizeof(struct ether_header); length -= sizeof(struct ether_header); switch(pkt->eth_head->ether_type){ case 0x0008: process_ip(tmp_pkt); break; default: break; } }
/* DLT_RAW: just a raw IP packet, no encapsulation or link-layer * headers. Used for PPP connections under some OSs including Linux * and IRIX. */ void dl_raw(u_char *user, const struct pcap_pkthdr *h, const u_char *p) { u_int caplen = h->caplen; u_int length = h->len; if (length != caplen) { DEBUG(6) ("warning: only captured %d bytes of %d byte raw frame", caplen, length); } process_ip(p, caplen, (struct timeval*) &h->ts); }
void process_packet(unsigned char *user, const struct pcap_pkthdr *header, const unsigned char *packet) { pcap_t *pcap; const struct sll_header *sll; const struct ether_header *ether_header; const struct ip *ip; unsigned short packet_type; pcap = (pcap_t *) user; // Parse packet switch (pcap_datalink(pcap)) { case DLT_LINUX_SLL: sll = (struct sll_header *) packet; packet_type = ntohs(sll->sll_protocol); ip = (const struct ip *) (packet + sizeof(struct sll_header)); break; case DLT_EN10MB: ether_header = (struct ether_header *) packet; packet_type = ntohs(ether_header->ether_type); ip = (const struct ip *) (packet + sizeof(struct ether_header)); break; case DLT_RAW: packet_type = ETHERTYPE_IP; //This is raw ip ip = (const struct ip *) packet; break; default: return; } if (packet_type != ETHERTYPE_IP) return; if (capture_file) output_offline_update(header->ts); process_ip(pcap, ip, header->ts); }
void dl_linux_sll(u_char *user, const struct pcap_pkthdr *h, const u_char *p){ u_int caplen = h->caplen; u_int length = h->len; if (length != caplen) { DEBUG(6) ("warning: only captured %d bytes of %d byte Linux cooked frame", caplen, length); } if (caplen < SLL_HDR_LEN) { DEBUG(6) ("warning: received incomplete Linux cooked frame"); return; } process_ip(p + SLL_HDR_LEN, caplen - SLL_HDR_LEN, (struct timeval*) &h->ts); }
void dl_ppp(u_char *user, const struct pcap_pkthdr *h, const u_char *p) { u_int caplen = h->caplen; u_int length = h->len; if (length != caplen) { DEBUG(6) ("warning: only captured %d bytes of %d byte PPP frame", caplen, length); } if (caplen < PPP_HDRLEN) { DEBUG(6) ("warning: received incomplete PPP frame"); return; } process_ip(p + PPP_HDRLEN, caplen - PPP_HDRLEN, (struct timeval*) &h->ts); }
int recv_dgram () { int err; socklen_t len; ssize_t n; struct ip *ip; int maxfdp1 = max (recvfd, pipefd[0]) + 1; fd_set rset[1]; FD_ZERO (rset); alarm(3); /* set the timeout alarm to handle dropped packets */ while (1) { FD_SET (recvfd, rset); FD_SET (pipefd[0], rset); n = select (maxfdp1, rset, NULL, NULL, NULL); if (n < 0 && errno != EINTR) { err_sys ("select error"); } if (FD_ISSET (recvfd, rset)) { len = salen; n = recvfrom (recvfd, recvbuf, sizeof(recvbuf), 0, sarecv, &len); err = errno; Gettimeofday (recvtv, NULL); /* get time of packet arrival */ if (n < 0 && err != EAGAIN) { err_sys ("recvfrom error"); } } if (FD_ISSET (pipefd[0], rset)) { Read (pipefd[0], &n, 1); return -3; /* timeout */ } ip = (struct ip *) recvbuf; return process_ip (ip, n); } }
void my_callback(u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* packet) { const struct ether_header *ethernet; /* The ethernet header */ const struct sniff_ip *ip; /* The IP header */ const char *payload; /* Packet payload */ char buffer[MAX_BUF_SIZE]; char ip_addr[MAX_BUF_SIZE]; struct arp_hdr *arpheader = NULL; /* Pointer to the ARP header */ get_time = pkthdr->ts; time_buffer_usec = (long)get_time.tv_usec; time_buffer_sec = (long)get_time.tv_sec; time_buffer_usec += time_buffer_sec*1000000; if(time_buffer_usec < min){ min = time_buffer_usec; start_time = get_time; strftime(timebuffer,30,"%Y-%m-%d %T.",localtime(&time_buffer_sec)); } if(time_buffer_usec > max) max = time_buffer_usec; start_date=get_time.tv_sec; u_int size_ip; int len = pkthdr->len; packets++; total_bytes += len; if (len < smallest_pkt) smallest_pkt = len; if (len > largest_pkt) largest_pkt = len; ethernet = (struct ether_header*)(packet); sprintf(buffer, "%02x:%02x:%02x:%02x:%02x:%02x", (unsigned int) ethernet->ether_dhost[0], (unsigned int) ethernet->ether_dhost[1], (unsigned int) ethernet->ether_dhost[2], (unsigned int) ethernet->ether_dhost[3],(unsigned int) ethernet->ether_dhost[4], (unsigned int) ethernet->ether_dhost[5]); eth_dest_addr = insert(eth_dest_addr, buffer); //arp_participants = insert_arp_node(arp_participants, buffer, inet_ntoa(ip->ip_dst)); sprintf(buffer, "%02x:%02x:%02x:%02x:%02x:%02x", (unsigned int) ethernet->ether_shost[0], (unsigned int) ethernet->ether_shost[1], (unsigned int) ethernet->ether_shost[2], (unsigned int) ethernet->ether_shost[3],(unsigned int) ethernet->ether_shost[4], (unsigned int) ethernet->ether_shost[5]); eth_src_addr = insert(eth_src_addr, buffer); //arp_participants = insert_arp_node(arp_participants, buffer, inet_ntoa(ip->ip_src)); if(ntohs (ethernet->ether_type) == ETHERTYPE_IP) { process_ip(packet, ethernet, ip, payload, size_ip); net_layer = insert(net_layer, "IP"); } else if(ntohs (ethernet->ether_type) == ETHERTYPE_ARP) { net_layer = insert(net_layer, "ARP"); arpheader = (struct arp_hdr *)(packet+14); /* Point to the ARP header */ /* If is Ethernet and IPv4, print packet contents */ if (ntohs(arpheader->htype) == 1 && ntohs(arpheader->ptype) == 0x0800) { sprintf(buffer, "%02x:%02x:%02x:%02x:%02x:%02x", (unsigned int) arpheader->sha[0], (unsigned int) arpheader->sha[1], (unsigned int) arpheader->sha[2], (unsigned int) arpheader->sha[3],(unsigned int) arpheader->sha[4], (unsigned int) arpheader->sha[5]); sprintf(ip_addr, "%d.%d.%d.%d", arpheader->spa[0], arpheader->spa[1], arpheader->spa[2], arpheader->spa[3]); arp_participants = insert_arp_node(arp_participants, buffer, ip_addr); } } else { sprintf(buffer, "0x%04x", ntohs(ethernet->ether_type)); net_layer = insert(net_layer, buffer); } }
void process_packet(unsigned char *ignore, const struct pcap_pkthdr *header, const unsigned char *packet) { // static int packet_count = 1; struct flow_record *record; unsigned char proto = 0; /* declare pointers to packet headers */ const struct ip_hdr *ip; unsigned int transport_len; unsigned int ip_hdr_len; const void *transport_start; struct flow_key key; flocap_stats_incr_num_packets(); if (output_level > none) { fprintf(output, "\npacket number %lu:\n", flocap_stats_get_num_packets()); } // packet_count++; // ethernet = (struct ethernet_hdr*)(packet); /* define/compute ip header offset */ ip = (struct ip_hdr*)(packet + ETHERNET_HDR_LEN); ip_hdr_len = ip_hdr_length(ip); if (ip_hdr_len < 20) { if (output_level > none) { fprintf(output, " * Invalid IP header length: %u bytes\n", ip_hdr_len); } return; } if (ntohs(ip->ip_len) < sizeof(struct ip_hdr) || ntohs(ip->ip_len) > header->caplen) { /* * IP packet is malformed (shorter than a complete IP header, or * claims to be longer than it is), or not entirely captured by * libpcap (which will depend on MTU and SNAPLEN; you can change * the latter if need be). */ return ; } transport_len = ntohs(ip->ip_len) - ip_hdr_len; /* print source and destination IP addresses */ if (output_level > none) { fprintf(output, " from: %s\n", inet_ntoa(ip->ip_src)); fprintf(output, " to: %s\n", inet_ntoa(ip->ip_dst)); fprintf(output, " ip len: %u\n", ntohs(ip->ip_len)); fprintf(output, " ip hdr len: %u\n", ip_hdr_len); } if (ip_fragment_offset(ip) == 0) { /* fill out IP-specific fields of flow key, plus proto selector */ key.sa = ip->ip_src; key.da = ip->ip_dst; proto = key.prot = ip->ip_prot; } else { // fprintf(info, "found IP fragment (offset: %02x)\n", ip_fragment_offset(ip)); /* * select IP processing, since we don't have a TCP or UDP header */ key.sa = ip->ip_src; key.da = ip->ip_dst; proto = key.prot = IPPROTO_IP; } /* determine transport protocol and handle appropriately */ transport_start = (void *)ip + ip_hdr_len; switch(proto) { case IPPROTO_TCP: record = process_tcp(header, transport_start, transport_len, &key); break; case IPPROTO_UDP: record = process_udp(header, transport_start, transport_len, &key); break; case IPPROTO_ICMP: record = process_icmp(header, transport_start, transport_len, &key); break; case IPPROTO_IP: default: record = process_ip(header, transport_start, transport_len, &key); break; } /* * if our packet is malformed TCP, UDP, or ICMP, then the process * functions will return NULL; we deal with that case by treating it * as just an IP packet */ if (record == NULL) { #if 1 record = process_ip(header, transport_start, transport_len, &key); if (record == NULL) { fprintf(info, "warning: unable to process ip packet (improper length or otherwise malformed)\n"); return; } record->invalid++; #else /* * if the processing of malformed packets causes trouble, choose * this code path instead */ return; #endif } /* * set minimum ttl in flow record */ if (record->ttl > ip->ip_ttl) { record->ttl = ip->ip_ttl; } /* increment packet count in flow record */ record->np++; /* update flow record timestamps */ if (timerisset(&record->start)) { record->end = header->ts; } else { record->start = record->end = header->ts; } /* * copy initial data packet, if configured to report idp, and this * is the first packet in the flow with nonzero data payload */ if ((report_idp) && record->op && (record->idp_len == 0)) { record->idp_len = (ntohs(ip->ip_len) < report_idp ? ntohs(ip->ip_len) : report_idp); record->idp = malloc(record->idp_len); memcpy(record->idp, ip, record->idp_len); if (output_level > none) { fprintf(output, "stashed %u bytes of IDP\n", record->idp_len); } } /* increment overall byte count */ flocap_stats_incr_num_bytes(transport_len); return; }
int MAIN(net_test, int argc, char** argv) { const char* version = "net_test (KaOS shell builtins) 0.1\n" "C0d3d by Kaos crew \n\nThis is free software\n"; const char* usage = "Usage: net_test\n" "Report bugs to <*****@*****.**>.\n"; int opt_ip = 0; int opt_read = 0; int opt_write = 0; int i; int none = 1; for(i=1; i<argc; i++) { none = 0; if(!(strcmp(argv[i], "--help"))) { printf("%s", usage); return 0; } else if(!(strcmp(argv[i], "--version"))) { printf("%s", version); return 0; } else if(!(strcmp(argv[i], "-r") && strcmp(argv[i], "--read"))) { opt_read = 1; } else if(!(strcmp(argv[i], "-i") && strcmp(argv[i], "--ip"))) { opt_ip = 1; } else if(!(strcmp(argv[i], "-w") && strcmp(argv[i], "--write"))) { opt_write = 1; } } int res; if(opt_ip) { process_ip(); } else if(opt_read) { int fd = open("/Devices/Pcnet32/0", 0); // read test while(1) { memset(buff, 0, 1500); res = read(fd, buff, 1500); if(res>0) { char *needle = "f"; int hi = 1500; int len = strlen(needle); int i; //for(i=0; i < hi; i++){ // if(strncmp(buff+i, needle, len) == 0) { //hexdump(buff,res); printf("res = %d\n", res); // break; // } //} } } close(fd); } else if(opt_write) { int fd = open("/Devices/Pcnet32/0", 1); int ret=0; int i=5; // read test while (i--){ memset(buff, 0x02, 1500); ret=make_arp(buff); res = write(fd, buff, ret); if(res>0) { // hexdump(buff,res + 16); xprintf("write res=%d , ret=%d \n",res,ret); } } close(fd); } return 0; }