int arp_rcv(struct sk_buff *skb, struct device *dev, struct packet_type *pt) { struct arp *arp; struct arp_table *tbl; int ret; PRINTK ("<<\n"); arp = skb->h.arp; print_arp(arp); /* if this test doesn't pass, something fishy is going on. */ if (arp->hlen != dev->addr_len || dev->type !=NET16( arp->hrd)) { free_skb(skb, FREE_READ); return (0); } /* for now we will only deal with ip addresses. */ if (arp->pro != NET16(ARP_IP_PROT) || arp->plen != 4) { free_skb (skb, FREE_READ); return (0); } /* now look up the ip address in the table. */ tbl = arp_lookup (*arp_sourcep(arp)); if (tbl != NULL) { memcpy (tbl->hard, arp+1, arp->hlen); tbl->hlen = arp->hlen; tbl->last_used = timer_seq; } if (!my_ip_addr(*arp_targetp(arp))) { free_skb (skb, FREE_READ); return (0); } if (tbl == NULL) create_arp (*arp_sourcep(arp), arp_sourceh(arp), arp->hlen); /* now see if we can send anything. */ send_arp_q(); if (arp->op != NET16(ARP_REQUEST)) { free_skb (skb, FREE_READ); return (0); } /* now we need to create a new packet. */ ret = arp_response(arp, dev); free_skb (skb, FREE_READ); return (ret); }
void do_rarp(void *p) { g.packet_rarp++; if(g.print_flag_rarp) { printf("\n===================== rarp 头信息 =====================\n"); print_arp(p); } }
void do_arp( char * data ) { global.packet_arp ++; struct arphdr * parp; parp = ( struct arphdr * ) data; if( global.print_flag_arp ) { printf("============= arp 头信息 ==============\n"); print_arp( parp ); } }
void arp_snd (unsigned long paddr, struct device *dev, unsigned long saddr) { struct sk_buff *skb; struct arp *arp; struct arp_table *apt; int tmp; PRINTK ("arp_snd (paddr=%X, dev=%X, saddr=%X)\n",paddr, dev, saddr); /* first we build a dummy arp table entry. */ apt = create_arp (paddr, NULL, 0); if (apt == NULL) return; skb = arp_malloc (sizeof (*arp) + sizeof (*skb) + dev->hard_header_len + 2*dev->addr_len+8); if (skb == NULL) return; skb->sk = NULL; skb->mem_addr = skb; skb->mem_len = sizeof (*arp) + sizeof (*skb) + dev->hard_header_len + 2*dev->addr_len+8; skb->arp = 1; skb->dev = dev; skb->len = sizeof (*arp) + dev->hard_header_len + 2*dev->addr_len+8; skb->next = NULL; tmp = dev->hard_header ((unsigned char *)(skb+1), dev, ETHERTYPE_ARP, 0, saddr, skb->len); if (tmp < 0) { arp_free (skb->mem_addr, skb->mem_len); return; } arp =(struct arp *) ((unsigned char *)skb+sizeof (*skb) + tmp ); arp->hrd = net16(dev->type); arp->pro = NET16(ARP_IP_PROT); arp->hlen = dev->addr_len; arp->plen = 4; arp->op = NET16(ARP_REQUEST); *arp_sourcep(arp) = saddr; *arp_targetp(arp) = paddr; memcpy (arp_sourceh(arp), dev->dev_addr, dev->addr_len); memcpy (arp_targeth(arp), dev->broadcast, dev->addr_len); PRINTK(">>\n"); print_arp(arp); dev->queue_xmit (skb, dev, 0); }
static int arp_response (struct arp *arp1, struct device *dev) { struct arp *arp2; struct sk_buff *skb; int tmp; /* get some mem and initialize it for the return trip. */ skb = arp_malloc (sizeof (*skb) + sizeof (*arp2) + 2*arp1->hlen + 2*arp1->plen + dev->hard_header_len); if (skb == NULL) return (1); skb->mem_addr = skb; skb->mem_len = sizeof (*skb) + sizeof (*arp2) + 2*arp1->hlen + 2*arp1->plen + dev->hard_header_len; skb->len = sizeof (*arp2) + 2*arp1->hlen + 2*arp1->plen + dev->hard_header_len; tmp = dev->hard_header((unsigned char *)(skb+1), dev, ETHERTYPE_ARP, *arp_sourcep(arp1), *arp_targetp(arp1),skb->len); if (tmp < 0) return (1); arp2 =(struct arp *) ((unsigned char *)skb+sizeof (*skb) + tmp ); memcpy (arp2, arp1, sizeof (*arp2)); /* now swap the addresses. */ *arp_sourcep(arp2) = *arp_targetp(arp1); memcpy(arp_sourceh(arp2), dev->dev_addr, arp1->hlen); *arp_targetp(arp2) = *arp_sourcep(arp1); memcpy(arp_targeth(arp2), arp_sourceh(arp1), arp1->hlen); arp2->op = NET16(ARP_REPLY); skb->free = 1; skb->arp = 1; /* so the code will know it's not waiting on an arp. */ skb->sk = NULL; skb->next = NULL; PRINTK (">>"); print_arp(arp2); /* send it. */ dev->queue_xmit (skb, dev, 0); return (0); }
void arp(pid_t pid) { if (getuid() == 0) firemon_drop_privs(); pid_read(pid); // print processes int i; for (i = 0; i < MAX_PIDS; i++) { if (pids[i].level == 1) { pid_print_list(i, 0); int child = find_child(i); if (child != -1) { char *fname; if (!asprintf(&fname, "/proc/%d/net/arp", child) == -1) errExit("asprintf"); print_arp(fname); free(fname); printf("\n"); } } } }
int main(int argc,char **argv) { pcap_t *pcap; char pcapErr[PCAP_ERRBUF_SIZE], line[80] ; char* title; int datalink; char timeDuration[MAX_BUF_SIZE]; char file_name[MAX_BUF_SIZE]; if (argc != 2) { printf("Usage: ./wiretap file.pcap\n"); printf(" ./wiretap file.pcap > output.txt\n"); exit(1); } strcpy(file_name, argv[1]); pcap = pcap_open_offline(file_name, pcapErr); if (pcap == NULL) { fprintf(stderr, "pcap_open_offline failed: %s\n", pcapErr); exit(EXIT_FAILURE); } datalink = pcap_datalink(pcap); if(datalink != Ethernet) { printf("not Ethernet!\n"); exit(EXIT_FAILURE); } pcap_loop(pcap,-1,my_callback,NULL); getTimeDiff(timeDuration); print_summary(timebuffer, start_time, timeDuration); printf("=== Link layer ===\n\n"); print("Source ethernet addresses", eth_src_addr, packets); free_nodes(eth_src_addr); print("Destination ethernet addresses", eth_dest_addr, packets); free_nodes(eth_dest_addr); printf("=== Network Layer ===\n\n"); print("Network layer protocols", net_layer, packets); free_nodes(net_layer); print("Source IP addresses", IP_src_addr, ip_packets); free_nodes(IP_src_addr); print("Destination IP addresses", IP_dest_addr, ip_packets); free_nodes(IP_dest_addr); print("TTLs",TTL_list, ip_packets); free_nodes(TTL_list); print_arp(arp_participants); free_arp_nodes(arp_participants); printf("=== Transport Layer ===\n\n"); print("Transport Layer protocols", transLayer, ip_packets); free_nodes(transLayer); printf("=== Transport Layer: TCP ===\n\n"); print("Source TCP ports", TCP_src_ports, TCP_packets); free_nodes(TCP_src_ports); print("Destination TCP ports", TCP_dest_ports, TCP_packets); free_nodes(TCP_dest_ports); print("TCP flags", TCP_flags, TCP_packets); free_nodes(TCP_flags); print("TCP options", TCP_options, TCP_packets); free_nodes(TCP_options); printf("=== Transport Layer: UDP ===\n\n"); print("Source UDP ports", UDP_src_ports, UDP_packets); free_nodes(UDP_src_ports); print("Destination UDP ports", UDP_dest_ports, UDP_packets); free_nodes(UDP_dest_ports); printf("=== Transport Layer: ICMP ===\n\n"); print("Source IPs for ICMP", ICMP_src_IP, ICMP_packets); free_nodes(ICMP_src_IP); print("Destination IPs for ICMP", ICMP_dest_IP, ICMP_packets); free_nodes(ICMP_dest_IP); print("ICMP types", ICMP_TYPE, ICMP_packets); free_nodes(ICMP_TYPE); print("ICMP codes", ICMP_CODE, ICMP_packets); free_nodes(ICMP_CODE); print("ICMP responses", ICMP_RESPONSE, ICMP_packets); free_nodes(ICMP_RESPONSE); pcap_close(pcap); }
/* for local debug */ void ofp_print_packet_buffer(const char *comment, uint8_t *p) { static int first = 1; FILE *f; struct ofp_ip *ip; uint16_t proto; char *g; /* * Filter "noise" */ #if 0 if (p[12] == 0x00 && p[13] == 0x27) return; if (p[12] == 0x01 && p[13] == 0x98) return; #endif if (first) { f = fopen(DEFAULT_DEBUG_TXT_FILE_NAME, "w"); fclose(f); first = 0; } f = fopen(DEFAULT_DEBUG_TXT_FILE_NAME, "a"); if (!f) return; static struct timeval tv0; struct timeval tv; gettimeofday(&tv, NULL); if (tv0.tv_sec == 0) tv0 = tv; int ms = (tv.tv_sec*1000+tv.tv_usec/1000) - (tv0.tv_sec*1000+tv0.tv_usec/1000); ofp_printf(f, "\n*************\n"); ofp_printf(f, "[%d] %s: %d.%03d\n", odp_cpu_id(), comment, ms/1000, ms%1000); ofp_printf(f, "%s ->%s\n ", ofp_print_mac(p+6), ofp_print_mac(p)); if (p[12] == 0x81 && p[13] == 0x00) { ofp_printf(f, "VLAN %d ", (p[14]<<8)|p[15]); p += 4; } if (p[12] == 0x88 && p[13] == 0x47) { uint8_t *label = p+14; int i; ofp_printf(f, "MPLS "); while (1) { ofp_printf(f, "[label=%d ttl=%d] ", label[0]*16*256 + label[1]*16 + label[2]/16, label[3]); if (label[2] & 1) break; label += 4; } if ((label[4] & 0xf0) == 0x40) { label[2] = 0x08; /* ipv4 */ label[3] = 0x00; } else { label[2] = 0x86; /* ipv6 */ label[3] = 0xdd; } label++; for (i = 0; i < 12; i++) *label-- = p[11 - i]; p = label+1; } if (p[12] == 0x08 && p[13] == 0x06) { print_arp(f, (char *)(p + L2_HEADER_NO_VLAN_SIZE)); } else if (p[12] == 0x86 && p[13] == 0xdd) { print_ipv6(f, (char *)(p + L2_HEADER_NO_VLAN_SIZE)); } else if (p[12] == 0x08 && p[13] == 0x00) { ip = (struct ofp_ip *)(p + L2_HEADER_NO_VLAN_SIZE); if (ip->ip_p == 47) { /* GRE */ g = ((char *)ip) + (ip->ip_hl << 2); g += print_gre(f, g, &proto); if (proto == 0x0800) print_ipv4(f, g); else if (proto == 0x86dd) print_ipv6(f, g); } else print_ipv4(f, (char *)(p + L2_HEADER_NO_VLAN_SIZE)); } else { ofp_printf(f, "UNKNOWN ETH PACKET TYPE 0x%02x%02x ", p[12], p[13]); } ofp_printf(f, "\n"); fclose(f); fflush(stdout); }
void ifget(int sockfd, enum mode mode, char *name) { char *buf,*ptr,*colon; int len; int l; struct ifreq *ifr; struct sockaddr_in *sa_in, *sin; #ifdef HAVE_arpreq struct arpreq arpreq; #endif #ifndef USE_IFALIAS int cnt = 0; #endif buf = getifreq(sockfd, &len); for(ptr=buf;ptr < buf+len;) { ifr=(struct ifreq *)ptr; if (mode == IP) { sa_in=(struct sockaddr_in *)&ifr->ifr_addr; if(strncmp(name,inet_ntoa(sa_in->sin_addr), IFNAMSIZ) == 0) printf("%s\n",ifr->ifr_name); #ifdef DEBUG fprintf(stderr, "%s %s %s\n", name, inet_ntoa(sa_in->sin_addr), ifr->ifr_name); #endif } else if (mode == IF) { /* This is rather questionable on linux and solaris */ /* It will probably go in later versions */ /* We return names of devices which are aliased. */ /* Under BSD this makes no sense so we fake it */ /* Note: the numbers under BSD are just placeholders */ #ifdef USE_IFALIAS if((colon=memchr(ifr->ifr_name,':',strlen(ifr->ifr_name))) != NULL) { *colon='\0'; if(strncmp(name,ifr->ifr_name, IFNAMSIZ) == 0) printf("%s\n",++colon); } #else if(strncmp(name,ifr->ifr_name, IFNAMSIZ) == 0) { sa_in=(struct sockaddr_in *)&ifr->ifr_addr; if (sa_in->sin_family == AF_INET) { if (cnt > 0) { printf("%d\n", cnt); } cnt++; } } #endif #ifdef DEBUG fprintf(stderr, "%s %s\n", name, ifr->ifr_name); #endif } else if (mode == HW) { if(strncmp(name,ifr->ifr_name, IFNAMSIZ) == 0) { #ifdef HAVE_sockaddr_dl print_arp(LLADDR((struct sockaddr_dl *) &ifr->ifr_addr)); #elif defined(HAVE_SIOCGIFHWADDR) if(ioctl(sockfd,SIOCGIFHWADDR,ifr) == 0) { print_arp(ifr->ifr_hwaddr.sa_data); } #elif defined(HAVE_arpreq) memset(&arpreq, 0, sizeof(arpreq)); sin = ((struct sockaddr_in *) &arpreq.arp_pa); memset(sin, 0, sizeof(*sin)); sa_in=(struct sockaddr_in *)&ifr->ifr_addr; memcpy(&sin->sin_addr, &sa_in->sin_addr, sizeof(struct in_addr)); if(ioctl(sockfd,SIOCGARP,&arpreq) == 0) { print_arp(arpreq.arp_ha.sa_data); } #else # error "Unable to work out hardware address" #endif break; } } else { error(3, "Invalid mode"); } #ifdef SA_LEN_IN_SOCKADDR l = ifr->ifr_addr.sa_len + sizeof(ifr->ifr_name); if (l < sizeof(*ifr)) l = sizeof(*ifr); #else l = sizeof(ifr->ifr_name)+sizeof(struct sockaddr); #endif ptr+=l; } free(buf); }