"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/datalink.cpp" between
tcpflow-1.5.0.tar.gz and tcpflow-1.6.1.tar.gz

About: tcpflow is a TCP/IP packet demultiplexer that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging.

datalink.cpp  (tcpflow-1.5.0):datalink.cpp  (tcpflow-1.6.1)
skipping to change at line 19 skipping to change at line 19
* COPYING for details. * COPYING for details.
* *
* This file contains datalink handlers which are called by the pcap callback. * This file contains datalink handlers which are called by the pcap callback.
* The purpose of each handler is to make a packet_info() object and then call * The purpose of each handler is to make a packet_info() object and then call
* process_packet. The packet_info() object contains both the original * process_packet. The packet_info() object contains both the original
* MAC-layer (with some of the fields broken out) and the packet data layer. * MAC-layer (with some of the fields broken out) and the packet data layer.
* *
* For wifi datalink handlers, please see datalink_wifi.cpp * For wifi datalink handlers, please see datalink_wifi.cpp
*/ */
#include <stddef.h>
#include "tcpflow.h" #include "tcpflow.h"
/* The DLT_NULL packet header is 4 bytes long. It contains a network /* The DLT_NULL packet header is 4 bytes long. It contains a network
* order 32 bit integer that specifies the family, e.g. AF_INET. * order 32 bit integer that specifies the family, e.g. AF_INET.
* DLT_NULL is used by the localhost interface. * DLT_NULL is used by the localhost interface.
*/ */
#define NULL_HDRLEN 4 #define NULL_HDRLEN 4
/* Some systems hasn't defined ETHERTYPE_IPV6 */ /* Some systems hasn't defined ETHERTYPE_IPV6 */
#ifndef ETHERTYPE_IPV6 #ifndef ETHERTYPE_IPV6
# define ETHERTYPE_IPV6 0x86DD # define ETHERTYPE_IPV6 0x86DD
#endif #endif
#ifndef ETH_P_QINQ1
# define ETH_P_QINQ1 0x9100 /* deprecated QinQ VLAN [ NOT AN OFFICIAL
LY REGISTERED ID ] */
#endif
#ifndef ETH_P_8021AD
# define ETH_P_8021AD 0x88A8 /* 802.1ad Service VLAN */
#endif
int32_t datalink_tdelta = 0; int32_t datalink_tdelta = 0;
#pragma GCC diagnostic ignored "-Wcast-align" #pragma GCC diagnostic ignored "-Wcast-align"
void dl_null(u_char *user, const struct pcap_pkthdr *h, const u_char *p) void dl_null(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
{ {
u_int caplen = h->caplen; u_int caplen = h->caplen;
u_int length = h->len; u_int length = h->len;
uint32_t family = *(uint32_t *)p; uint32_t family = (uint32_t)*p;
if (length != caplen) { if (length != caplen) {
DEBUG(6) ("warning: only captured %d bytes of %d byte null frame", DEBUG(6) ("warning: only captured %d bytes of %d byte null frame",
caplen, length); caplen, length);
} }
if (caplen < NULL_HDRLEN) { if (caplen < NULL_HDRLEN) {
DEBUG(6) ("warning: received incomplete null frame"); DEBUG(6) ("warning: received incomplete null frame");
return; return;
} }
skipping to change at line 89 skipping to change at line 98
/* Ethernet datalink handler; used by all 10 and 100 mbit/sec /* Ethernet datalink handler; used by all 10 and 100 mbit/sec
* ethernet. We are given the entire ethernet header so we check to * ethernet. We are given the entire ethernet header so we check to
* make sure it's marked as being IP. * make sure it's marked as being IP.
*/ */
#pragma GCC diagnostic ignored "-Wcast-align" #pragma GCC diagnostic ignored "-Wcast-align"
void dl_ethernet(u_char *user, const struct pcap_pkthdr *h, const u_char *p) void dl_ethernet(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
{ {
u_int caplen = h->caplen; u_int caplen = h->caplen;
u_int length = h->len; u_int length = h->len;
struct be13::ether_header *eth_header = (struct be13::ether_header *) p; struct be13::ether_header *eth_header = (struct be13::ether_header *) p;
u_int ether_type_offset = offsetof(struct be13::ether_header, ether_type);
/* Variables to support VLAN */ /* Variables to support VLAN */
const u_short *ether_type = &eth_header->ether_type; /* where the ether type const u_short *ether_type = NULL;
is located */ const u_char *ether_data = NULL;
const u_char *ether_data = p+sizeof(struct be13::ether_header); /* where the
data is located */ if (caplen < ether_type_offset) {
DEBUG(0) ("error: the captured packet header bytes are shorter than the
ether_type offset");
return;
}
ether_type = &eth_header->ether_type; /* where the ether type is located */
ether_data = p+sizeof(struct be13::ether_header); /* where the data is locat
ed */
if (length != caplen) { if (length != caplen) {
DEBUG(6) ("warning: only captured %d bytes of %d byte ether frame", DEBUG(6) ("warning: only captured %d bytes of %d byte ether frame",
caplen, length); caplen, length);
} }
/* Handle basic VLAN packets */ /* Handle basic VLAN packets */
while (ntohs(*ether_type) == ETHERTYPE_VLAN) { while (ntohs(*ether_type) == ETHERTYPE_VLAN
#ifdef ETH_P_QINQ1
|| ntohs(*ether_type) == ETH_P_QINQ1
#endif
#ifdef ETH_P_8021AD
|| ntohs(*ether_type) == ETH_P_8021AD
#endif
) {
//vlan = ntohs(*(u_short *)(p+sizeof(struct ether_header))); //vlan = ntohs(*(u_short *)(p+sizeof(struct ether_header)));
ether_type += 2; /* skip past VLAN header (note it skips by 2s) */ ether_type += 2; /* skip past VLAN header (note it skips by 2s) */
ether_data += 4; /* skip past VLAN header */ ether_data += 4; /* skip past VLAN header */
caplen -= 4; caplen -= 4;
if (caplen < ether_type_offset) {
DEBUG(0) ("error: the captured packet header bytes are shorter than
the ether_type offset");
return;
}
} }
if (caplen < sizeof(struct be13::ether_header)) { if (caplen < sizeof(struct be13::ether_header)) {
DEBUG(6) ("warning: received incomplete ethernet frame"); DEBUG(6) ("warning: received incomplete ethernet frame");
return; return;
} }
/* Create a packet_info structure with ip data and data length */ /* Create a packet_info structure with ip data and data length */
struct timeval tv; try {
be13::packet_info pi(DLT_IEEE802,h,p,tvshift(tv,h->ts), struct timeval tv;
ether_data, caplen - sizeof(struct be13::ether_header)) be13::packet_info pi(DLT_IEEE802,h,p,tvshift(tv,h->ts),
; ether_data, caplen - sizeof(struct be13::ether_head
switch (ntohs(*ether_type)){ er));
case ETHERTYPE_IP: switch (ntohs(*ether_type)){
case ETHERTYPE_IPV6: case ETHERTYPE_IP:
be13::plugin::process_packet(pi); case ETHERTYPE_IPV6:
break; be13::plugin::process_packet(pi);
break;
#ifdef ETHERTYPE_ARP #ifdef ETHERTYPE_ARP
case ETHERTYPE_ARP: case ETHERTYPE_ARP:
/* What should we do for ARP? */ /* What should we do for ARP? */
break; break;
#endif #endif
#ifdef ETHERTYPE_LOOPBACK #ifdef ETHERTYPE_LOOPBACK
case ETHERTYPE_LOOPBACK: case ETHERTYPE_LOOPBACK:
/* What do do for loopback? */ /* What do do for loopback? */
break; break;
#endif #endif
#ifdef ETHERTYPE_REVARP #ifdef ETHERTYPE_REVARP
case ETHERTYPE_REVARP: case ETHERTYPE_REVARP:
/* What to do for REVARP? */ /* What to do for REVARP? */
break; break;
#endif #endif
default: default:
/* Unknown Ethernet Frame Type */ /* Unknown Ethernet Frame Type */
DEBUG(6) ("warning: received ethernet frame with unknown type 0x%x", nto DEBUG(6) ("warning: received ethernet frame with unknown type 0x%x",
hs(eth_header->ether_type)); ntohs(eth_header->ether_type));
break; break;
}
} catch( std::logic_error e){
std::string s(std::string("warning: caught std::logic_error ")
+ e.what()
+ std::string(" in packet"));
DEBUG(6)(s.c_str());
} }
} }
#pragma GCC diagnostic warning "-Wcast-align" #pragma GCC diagnostic warning "-Wcast-align"
/* The DLT_PPP packet header is 4 bytes long. We just move past it /* The DLT_PPP packet header is 4 bytes long. We just move past it
* without parsing it. It is used for PPP on some OSs (DLT_RAW is * without parsing it. It is used for PPP on some OSs (DLT_RAW is
* used by others; see below) * used by others; see below)
*/ */
#define PPP_HDRLEN 4 #define PPP_HDRLEN 4
 End of changes. 11 change blocks. 
30 lines changed or deleted 68 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)