/*
Print the UDP header for UDP packets
*/
void print_udp_packet(u_char *Buffer, int Size)
{
int iphdrlen = 0, data_size = 0;
iphdr = (IPV4_HDR *)(Buffer + sizeof(ETHER_HDR));
iphdrlen = iphdr->ip_header_len * 4;
udpheader = (UDP_HDR*)(Buffer + iphdrlen + sizeof(ETHER_HDR));
data = (Buffer + sizeof(ETHER_HDR)+iphdrlen + sizeof(UDP_HDR));
data_size = (Size - sizeof(ETHER_HDR)-iphdrlen - sizeof(UDP_HDR));
fprintf(logfile, "\n\n***********************UDP Packet*************************\n");
PrintIpHeader(Buffer, Size);
fprintf(logfile, "\nUDP Header\n");
fprintf(logfile, " |-Source Port : %d\n", ntohs(udpheader->source_port));
fprintf(logfile, " |-Destination Port : %d\n", ntohs(udpheader->dest_port));
fprintf(logfile, " |-UDP Length : %d\n", ntohs(udpheader->udp_length));
fprintf(logfile, " |-UDP Checksum : %d\n", ntohs(udpheader->udp_checksum));
fprintf(logfile, "\n");
fprintf(logfile, "IP Header\n");
PrintData((u_char*)iphdr, iphdrlen);
fprintf(logfile, "UDP Header\n");
PrintData((u_char*)udpheader, sizeof(UDP_HDR));
fprintf(logfile, "Data Payload\n");
PrintData(data, data_size);
fprintf(logfile, "\n###########################################################\n");
}
void PrintUdpPacket(unsigned char *Buffer,int Size)
{
unsigned short iphdrlen;
iphdr = (IPV4_HDR *)Buffer;
iphdrlen = iphdr->ip_header_len*4;
udpheader = (UDP_HDR *)(Buffer + iphdrlen);
fprintf(logfile,"\n\n***********************UDP Packet*************************\n");
PrintIpHeader(Buffer,Size);
fprintf(logfile,"\nUDP Header\n");
fprintf(logfile," |-Source Port : %d\n",ntohs(udpheader->source_port));
fprintf(logfile," |-Destination Port : %d\n",ntohs(udpheader->dest_port));
fprintf(logfile," |-UDP Length : %d\n",ntohs(udpheader->udp_length));
fprintf(logfile," |-UDP Checksum : %d\n",ntohs(udpheader->udp_checksum));
fprintf(logfile,"\n");
fprintf(logfile,"IP Header\n");
PrintData(Buffer,iphdrlen);
fprintf(logfile,"UDP Header\n");
PrintData(Buffer+iphdrlen,sizeof(UDP_HDR));
fprintf(logfile,"Data Payload\n");
PrintData(Buffer+iphdrlen+sizeof(UDP_HDR)
,(Size - sizeof(UDP_HDR) - iphdr->ip_header_len*4));
fprintf(logfile,"\n###########################################################");
}
/*
Print the TCP header for TCP packets
*/
void PrintTcpPacket(u_char* Buffer, int Size)
{
unsigned short iphdrlen;
int header_size = 0, tcphdrlen, data_size;
iphdr = (IPV4_HDR *)(Buffer + sizeof(ETHER_HDR));
iphdrlen = iphdr->ip_header_len * 4;
tcpheader = (TCP_HDR*)(Buffer + iphdrlen + sizeof(ETHER_HDR));
tcphdrlen = tcpheader->data_offset * 4;
data = (Buffer + sizeof(ETHER_HDR)+iphdrlen + tcphdrlen);
data_size = (Size - sizeof(ETHER_HDR)-iphdrlen - tcphdrlen);
fprintf(logfile, "\n\n***********************TCP Packet*************************\n");
PrintIpHeader(Buffer, Size);
fprintf(logfile, "\n");
fprintf(logfile, "TCP Header\n");
fprintf(logfile, " |-Source Port : %u\n", ntohs(tcpheader->source_port));
fprintf(logfile, " |-Destination Port : %u\n", ntohs(tcpheader->dest_port));
fprintf(logfile, " |-Sequence Number : %u\n", ntohl(tcpheader->sequence));
fprintf(logfile, " |-Acknowledge Number : %u\n", ntohl(tcpheader->acknowledge));
fprintf(logfile, " |-Header Length : %d DWORDS or %d BYTES\n", (unsigned int)tcpheader->data_offset, (unsigned int)tcpheader->data_offset * 4);
fprintf(logfile, " |-CWR Flag : %d\n", (unsigned int)tcpheader->cwr);
fprintf(logfile, " |-ECN Flag : %d\n", (unsigned int)tcpheader->ecn);
fprintf(logfile, " |-Urgent Flag : %d\n", (unsigned int)tcpheader->urg);
fprintf(logfile, " |-Acknowledgement Flag : %d\n", (unsigned int)tcpheader->ack);
fprintf(logfile, " |-Push Flag : %d\n", (unsigned int)tcpheader->psh);
fprintf(logfile, " |-Reset Flag : %d\n", (unsigned int)tcpheader->rst);
fprintf(logfile, " |-Synchronise Flag : %d\n", (unsigned int)tcpheader->syn);
fprintf(logfile, " |-Finish Flag : %d\n", (unsigned int)tcpheader->fin);
fprintf(logfile, " |-Window : %d\n", ntohs(tcpheader->window));
fprintf(logfile, " |-Checksum : %d\n", ntohs(tcpheader->checksum));
fprintf(logfile, " |-Urgent Pointer : %d\n", tcpheader->urgent_pointer);
fprintf(logfile, "\n");
fprintf(logfile, " DATA Dump ");
fprintf(logfile, "\n");
fprintf(logfile, "IP Header\n");
PrintData((u_char*)iphdr, iphdrlen);
fprintf(logfile, "TCP Header\n");
PrintData((u_char*)tcpheader, tcphdrlen);
fprintf(logfile, "Data Payload\n");
PrintData(data, data_size);
fprintf(logfile, "\n###########################################################\n");
}
void PrintIcmpPacket(u_char* Buffer, int Size)
{
int iphdrlen = 0, icmphdrlen = 0, data_size = 0;
iphdr = (IPV4_HDR *)(Buffer + sizeof(ETHER_HDR));
iphdrlen = iphdr->ip_header_len * 4;
icmpheader = (ICMP_HDR*)(Buffer + iphdrlen + sizeof(ETHER_HDR));
data = (Buffer + sizeof(ETHER_HDR)+iphdrlen + sizeof(ICMP_HDR));
data_size = (Size - sizeof(ETHER_HDR)-iphdrlen - sizeof(ICMP_HDR));
fprintf(logfile, "\n\n***********************ICMP Packet*************************\n");
PrintIpHeader(Buffer, Size);
fprintf(logfile, "\n");
fprintf(logfile, "ICMP Header\n");
fprintf(logfile, " |-Type : %d", (unsigned int)(icmpheader->type));
if ((unsigned int)(icmpheader->type) == 11)
{
fprintf(logfile, " (TTL Expired)\n");
}
else if ((unsigned int)(icmpheader->type) == 0)
{
fprintf(logfile, " (ICMP Echo Reply)\n");
}
fprintf(logfile, " |-Code : %d\n", (unsigned int)(icmpheader->code));
fprintf(logfile, " |-Checksum : %d\n", ntohs(icmpheader->checksum));
fprintf(logfile, " |-ID : %d\n", ntohs(icmpheader->id));
fprintf(logfile, " |-Sequence : %d\n", ntohs(icmpheader->seq));
fprintf(logfile, "\n");
fprintf(logfile, "IP Header\n");
PrintData((u_char*)iphdr, iphdrlen);
fprintf(logfile, "ICMP Header\n");
PrintData((u_char*)icmpheader, sizeof(ICMP_HDR));
fprintf(logfile, "Data Payload\n");
PrintData(data, data_size);
fprintf(logfile, "\n###########################################################\n");
}
void PrintIcmpPacket(char* Buffer , int Size)
{
unsigned short iphdrlen;
iphdr = (IPV4_HDR *)Buffer;
iphdrlen = iphdr->ip_header_len*4;
icmpheader=(ICMP_HDR*)(Buffer+iphdrlen);
fprintf(logfile,"\n\n***********************ICMP Packet*************************\n");
PrintIpHeader(Buffer);
fprintf(logfile,"\n");
fprintf(logfile,"ICMP Header\n");
fprintf(logfile," |-Type : %d",(unsigned int)(icmpheader->type));
if((unsigned int)(icmpheader->type)==11)
{
fprintf(logfile," (TTL Expired)\n");
}
else if((unsigned int)(icmpheader->type)==0)
{
fprintf(logfile," (ICMP Echo Reply)\n");
}
fprintf(logfile," |-Code : %d\n",(unsigned int)(icmpheader->code));
fprintf(logfile," |-Checksum : %d\n",ntohs(icmpheader->checksum));
fprintf(logfile," |-ID : %d\n",ntohs(icmpheader->id));
fprintf(logfile," |-Sequence : %d\n",ntohs(icmpheader->seq));
fprintf(logfile,"\n");
fprintf(logfile,"IP Header\n");
PrintData(Buffer,iphdrlen);
fprintf(logfile,"UDP Header\n");
PrintData(Buffer+iphdrlen,sizeof(ICMP_HDR));
fprintf(logfile,"Data Payload\n");
PrintData(Buffer+iphdrlen+sizeof(ICMP_HDR) , (Size - sizeof(ICMP_HDR) - iphdr->ip_header_len*4));
fprintf(logfile,"\n###########################################################");
}
int AnalyzeIp(u_char *data, int size) {
u_char *ptr = NULL;
int lest = 0;
struct iphdr *iphdr = NULL; // IPヘッダ
u_char *option = NULL; // ヘッダオプション
int optionLen = 0; // ヘッダオプションサイズ
int len = 0;
unsigned short sum = 0;
ptr = data; // IPヘッダの先頭ポインタ
lest = size;
if (lest < sizeof(struct iphdr)) {
ExitWithTooLittleLengthError("iphdr", lest);
}
iphdr = (struct iphdr *) ptr; // IPヘッダの先頭ポインタ
ptr += sizeof(struct iphdr); // IPヘッダオプションの先頭ポインタ
lest -= sizeof(struct iphdr);
// ヘッダオプションサイズを求める(パディングを含む)
optionLen = iphdr->ihl * 4 - sizeof(struct iphdr);
if (optionLen > 0) {
if (optionLen >= 1500) {
fprintf(stderr, "IP optionLen(%d):too big\n", optionLen);
}
option = ptr; // IPヘッダオプションの先頭ポインタ
ptr += optionLen; // ペイロードの先頭ポインタ
lest -= optionLen;
}
if (checkIPchecksum(iphdr, option, optionLen) == 0) {
ExitWithBadChecksumError("ip");
}
PrintIpHeader(iphdr, option, optionLen, stdout);
if (iphdr->protocol == IPPROTO_ICMP) {
// ペイロードサイズを取得する
// tot_lenはペイロードを含めたIPヘッダのサイズ
len = ntohs(iphdr->tot_len) - iphdr->ihl * 4;
sum = checksum(ptr, len); // ペイロードのチェックサムを取得する
if (sum != 0 && sum != 0xFFFF) {
ExitWithBadChecksumError("icmp");
}
AnalyzeIcmp(ptr, lest);
}
else if (iphdr->protocol == IPPROTO_TCP) {
// ペイロードサイズを取得する
len = ntohs(iphdr->tot_len) - iphdr->ihl * 4;
if (checkIPDATAchecksum(iphdr, ptr, len) == 0) {
ExitWithBadChecksumError("tcp");
}
AnalyzeTcp(ptr, lest);
}
else if (iphdr->protocol == IPPROTO_UDP) {
struct udphdr *udphdr;
udphdr = (struct udphdr *) ptr;
len = ntohs(iphdr->tot_len) - iphdr->ihl * 4;
if (udphdr->check != 0 && checkIPDATAchecksum(iphdr, ptr, len) == 0) {
ExitWithBadChecksumError("udp");
}
AnalyzeUdp(ptr, lest);
}
return 0;
}
int AnalyzeIp(u_char *data,int size)
{
u_char *ptr;
int lest;
struct iphdr *iphdr;
u_char *option;
int optionLen,len;
unsigned short sum;
ptr=data;
lest=size;
if(lest<sizeof(struct iphdr)){
if(fil[2] == 1 || fil[3] == 1 || fil[4] == 1 || fil [6] == 1){
fprintf(stderr,"lest(%d)<sizeof(struct iphdr)\n",lest);
}
return(-1);
}
iphdr=(struct iphdr *)ptr;
ptr+=sizeof(struct iphdr);
lest-=sizeof(struct iphdr);
optionLen=iphdr->ihl*4-sizeof(struct iphdr);
if(optionLen>0){
if(optionLen>=1500){
if(fil[2] == 1 || fil[3] == 1 || fil[4] == 1 || fil[6] == 1){
fprintf(stderr,"IP optionLen(%d):too big\n",optionLen);
}
return(-1);
}
option=ptr;
ptr+=optionLen;
lest-=optionLen;
}
if(checkIPchecksum(iphdr,option,optionLen)==0){
fprintf(stderr,"bad ip checksum\n");
return(-1);
}
if(fil[6] == 1){
PrintIpHeader(iphdr,option,optionLen,stdout);
}
if(iphdr->protocol==IPPROTO_ICMP){
len=ntohs(iphdr->tot_len)-iphdr->ihl*4;
sum=checksum(ptr,len);
if(sum!=0&&sum!=0xFFFF){
fprintf(stderr,"bad icmp checksum\n");
return(-1);
}
AnalyzeIcmp(ptr,lest);
}
else if(iphdr->protocol==IPPROTO_TCP){
len=ntohs(iphdr->tot_len)-iphdr->ihl*4;
if(checkIPDATAchecksum(iphdr,ptr,len)==0){
fprintf(stderr,"bad tcp checksum\n");
return(-1);
}
AnalyzeTcp(ptr,lest);
}
else if(iphdr->protocol==IPPROTO_UDP){
struct udphdr *udphdr;
udphdr=(struct udphdr *)ptr;
len=ntohs(iphdr->tot_len)-iphdr->ihl*4;
if(udphdr->check!=0&&checkIPDATAchecksum(iphdr,ptr,len)==0){
fprintf(stderr,"bad udp checksum\n");
return(-1);
}
AnalyzeUdp(ptr,lest);
}
return(0);
}
