int connection_tracking(packetinfo *pi) { static char ip_addr_s[INET6_ADDRSTRLEN]; static char ip_addr_d[INET6_ADDRSTRLEN]; struct in_addr *ipa; cx_track(pi); if(pi->af == AF_INET6) { u_ntop(pi->ip6->ip_src, pi->af, ip_addr_s); u_ntop(pi->ip6->ip_dst, pi->af, ip_addr_d); } else { ipa = pi->ip4->ip_src; inet_ntop(pi->af, &ipa, ip_addr_s, INET6_ADDRSTRLEN); ipa = pi->ip4->ip_dst; inet_ntop(pi->af, &ipa, ip_addr_d, INET6_ADDRSTRLEN); } if(config.cflags & CONFIG_CONNECT) printf("conn[%4lu] %s:%u -> %s:%u [%s]\n", pi->cxt->cxid, ip_addr_s, ntohs(pi->s_port), ip_addr_d, ntohs(pi->d_port), pi->sc?pi->sc==SC_SERVER? "server":"client":"NONE"); return 0; }
void got_packet (u_char *useless,const struct pcap_pkthdr *pheader, const u_char *packet) { if ( intr_flag != 0 ) { check_interupt(); } inpacket = 1; tstamp = pheader->ts; /* are we dumping */ if (mode & MODE_DUMP) { time_t now = time(NULL); /* check if we should roll on time */ if( ( roll_time != 0 ) && ( now >= (roll_time_last + roll_time) ) ) { roll_time_last = now; printf("Rolling on time.\n"); dump_file_roll(); } dump_file_offset = (uint64_t)ftell((FILE *)dump_handle); /* check if we should roll on size */ if ( (roll_size > 0) && (dump_file_offset >= roll_size) ) { printf("Rolling on size.\n"); dump_file_roll(); } /* write the packet */ pcap_dump((u_char *)dump_handle, pheader, packet); if ( dump_with_flush ) pcap_dump_flush(dump_handle); } else if ( mode & MODE_FILE ) { read_file_offset = (uint64_t)ftell(pcap_file(handle)) - pheader->caplen - 16; } /* printf("[*] Got network packet...\n"); */ ether_header *eth_hdr; eth_hdr = (ether_header *) (packet); u_short eth_type; eth_type = ntohs(eth_hdr->eth_ip_type); int eth_header_len; eth_header_len = ETHERNET_HEADER_LEN; vlanid = 0; if ( eth_type == ETHERNET_TYPE_8021Q ) { /* printf("[*] ETHERNET TYPE 8021Q\n"); */ eth_type = ntohs(eth_hdr->eth_8_ip_type); eth_header_len +=4; vlanid = ntohs(eth_hdr->eth_8_vid); } else if ( eth_type == (ETHERNET_TYPE_802Q1MT|ETHERNET_TYPE_802Q1MT2|ETHERNET_TYPE_802Q1MT3|ETHERNET_TYPE_8021AD) ) { /* printf("[*] ETHERNET TYPE 802Q1MT\n"); */ eth_type = ntohs(eth_hdr->eth_82_ip_type); eth_header_len +=8; vlanid = ntohs(eth_hdr->eth_82_vid); } /* zero-ise our structure, simplifies our hashing later on */ int ip_tracked = 0; ip_t *ip_src = calloc(1, sizeof(ip_t)); ip_t *ip_dst = calloc(1, sizeof(ip_t)); if ( eth_type == ETHERNET_TYPE_IP ) { /* printf("[*] Got IPv4 Packet...\n"); */ ip4_header *ip4; ip4 = (ip4_header *) (packet + eth_header_len); ip_set(&ip_config, ip_src, &ip4->ip_src, AF_INET); ip_set(&ip_config, ip_dst, &ip4->ip_dst, AF_INET); if ( ip4->ip_p == IP_PROTO_TCP ) { tcp_header *tcph; tcph = (tcp_header *) (packet + eth_header_len + (IP_HL(ip4)*4)); /* printf("[*] IPv4 PROTOCOL TYPE TCP:\n"); */ ip_tracked = cx_track(ip_src, tcph->src_port, ip_dst, tcph->dst_port, ip4->ip_p, pheader->len, tcph->t_flags, tstamp, AF_INET); } else if (ip4->ip_p == IP_PROTO_UDP) { udp_header *udph; udph = (udp_header *) (packet + eth_header_len + (IP_HL(ip4)*4)); /* printf("[*] IPv4 PROTOCOL TYPE UDP:\n"); */ ip_tracked = cx_track(ip_src, udph->src_port, ip_dst, udph->dst_port, ip4->ip_p, pheader->len, 0, tstamp, AF_INET); } else if (ip4->ip_p == IP_PROTO_ICMP) { icmp_header *icmph; icmph = (icmp_header *) (packet + eth_header_len + (IP_HL(ip4)*4)); /* printf("[*] IP PROTOCOL TYPE ICMP\n"); */ ip_tracked = cx_track(ip_src, icmph->s_icmp_id, ip_dst, icmph->s_icmp_id, ip4->ip_p, pheader->len, 0, tstamp, AF_INET); } else { /* printf("[*] IPv4 PROTOCOL TYPE OTHER: %d\n",ip4->ip_p); */ ip_tracked = cx_track(ip_src, ip4->ip_p, ip_dst, ip4->ip_p, ip4->ip_p, pheader->len, 0, tstamp, AF_INET); } } else if ( eth_type == ETHERNET_TYPE_IPV6) { /* printf("[*] Got IPv6 Packet...\n"); */ ip6_header *ip6; ip6 = (ip6_header *) (packet + eth_header_len); ip_set(&ip_config, ip_src, &ip6->ip_src, AF_INET6); ip_set(&ip_config, ip_dst, &ip6->ip_dst, AF_INET6); if ( ip6->next == IP_PROTO_TCP ) { tcp_header *tcph; tcph = (tcp_header *) (packet + eth_header_len + IP6_HEADER_LEN); /* printf("[*] IPv6 PROTOCOL TYPE TCP:\n"); */ ip_tracked = cx_track(ip_src, tcph->src_port, ip_dst, tcph->dst_port, ip6->next, pheader->len, tcph->t_flags, tstamp, AF_INET6); } else if (ip6->next == IP_PROTO_UDP) { udp_header *udph; udph = (udp_header *) (packet + eth_header_len + IP6_HEADER_LEN); /* printf("[*] IPv6 PROTOCOL TYPE UDP:\n"); */ ip_tracked = cx_track(ip_src, udph->src_port, ip_dst, udph->dst_port, ip6->next, pheader->len, 0, tstamp, AF_INET6); } else if (ip6->next == IP6_PROTO_ICMP) { //icmp6_header *icmph; //icmph = (icmp6_header *) (packet + eth_header_len + IP6_HEADER_LEN); /* printf("[*] IPv6 PROTOCOL TYPE ICMP\n"); */ ip_tracked = cx_track(ip_src, ip6->hop_lmt, ip_dst, ip6->hop_lmt, ip6->next, pheader->len, 0, tstamp, AF_INET6); } else { /* printf("[*] IPv6 PROTOCOL TYPE OTHER: %d\n",ip6->next); */ ip_tracked = cx_track(ip_src, ip6->next, ip_dst, ip6->next, ip6->next, pheader->len, 0, tstamp, AF_INET6); } } if ( ip_tracked == 0 ) { if (ip_src != NULL) ip_free(ip_src); if (ip_dst != NULL) ip_free(ip_dst); } inpacket = 0; return; (void) useless; /* else { */ /* printf("[*] ETHERNET TYPE : %x\n", eth_hdr->eth_ip_type); */ /* return; */ /* } */ }