void my_callback(u_char *args,const struct pcap_pkthdr *hdr, const u_char *packet){ uint16_t type = handle_ethernet(args,hdr,packet); uint16_t ipproto = -1; uint16_t pld_l =0; printf("type eth: %d\n",type); if(type == ETHERTYPE_IP){ ipproto = handle_IP(args,hdr,packet); } else if (type == ETHERTYPE_ARP) { printf("ARP\n"); } if(ipproto == 17) pld_l = handle_UDP(args,hdr,packet); else if(ipproto == 6){ //pld_l = handle_TCP(args,hdr,packet); } printf("length pld: %d\n",pld_l); if(pld_l > 0) handle_PLD(args,hdr,packet); }
u_char* handle_IP (u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* packet) { const struct my_ip* ip; u_int length = pkthdr->len; u_int hlen,off,version; int i; int len; /* jump pass the ethernet header */ ip = (struct my_ip*)(packet + sizeof(struct ether_header)); length -= sizeof(struct ether_header); /* check to see we have a packet of valid length */ if (length < sizeof(struct my_ip)) { fprintf(stderr, "!"); return NULL; } len = ntohs(ip->ip_len); hlen = IP_HL(ip); /* header length */ version = IP_V(ip);/* ip version */ /* check version */ if(version != 4) { fprintf(stdout,"Unknown version %d\n",version); return NULL; } /* check header length */ if(hlen < 5 ) { fprintf(stdout,"bad-hlen %d \n",hlen); } /* see if we have as much packet as we should */ if(length < len) printf("\ntruncated IP - %d bytes missing\n",len - length); /* Check to see if we have the first fragment */ off = ntohs(ip->ip_off); if((off & 0x1fff) == 0 )/* aka no 1's in first 13 bits */ {/* print SOURCE DESTINATION hlen version len offset */ fprintf(stdout, "%5d ", pkt_count); switch (ip->ip_p) { case 1: fprintf(stdout, "ICMP"); break; case 6: fprintf(stdout, "TCP"); break; case 17: fprintf(stdout, "UDP"); break; case 41: fprintf(stdout, "IPv6"); break; case 47: fprintf(stdout, "GRE"); break; case 50: fprintf(stdout, "ESP"); break; default: fprintf(stdout, "UNKNOWN (%d)", ip->ip_p); break; } fprintf(stdout,":\t%s\t%s", inet_ntoa(ip->ip_src), inet_ntoa(ip->ip_dst)); // fprintf(stdout,"\tlen= %3d hlen = %3d", len, hlen); switch (ip->ip_p) { case 6: handle_TCP(args, pkthdr, packet + sizeof(struct ether_header) + (hlen * 4), len - (hlen * 4)); break; case 17: handle_UDP(args, pkthdr, packet + sizeof(struct ether_header) + (hlen * 4)); break; default: fprintf(stdout, "\n"); break; } } return NULL; }