1 | /* |
---|
2 | * |
---|
3 | * Copyright (c) 2007-2016 The University of Waikato, Hamilton, New Zealand. |
---|
4 | * All rights reserved. |
---|
5 | * |
---|
6 | * This file is part of libtrace. |
---|
7 | * |
---|
8 | * This code has been developed by the University of Waikato WAND |
---|
9 | * research group. For further information please see http://www.wand.net.nz/ |
---|
10 | * |
---|
11 | * libtrace is free software; you can redistribute it and/or modify |
---|
12 | * it under the terms of the GNU Lesser General Public License as published by |
---|
13 | * the Free Software Foundation; either version 3 of the License, or |
---|
14 | * (at your option) any later version. |
---|
15 | * |
---|
16 | * libtrace is distributed in the hope that it will be useful, |
---|
17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
19 | * GNU Lesser General Public License for more details. |
---|
20 | * |
---|
21 | * You should have received a copy of the GNU Lesser General Public License |
---|
22 | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
---|
23 | * |
---|
24 | * |
---|
25 | */ |
---|
26 | |
---|
27 | #include "libtrace_int.h" |
---|
28 | #include "libtrace.h" |
---|
29 | #include "protocols.h" |
---|
30 | #include "checksum.h" |
---|
31 | #include <assert.h> |
---|
32 | #include <stdlib.h> |
---|
33 | #include <stdio.h> // fprintf |
---|
34 | #include <string.h> |
---|
35 | |
---|
36 | /* This file contains all the protocol decoding functions for transport layer |
---|
37 | * protocols. This includes functions for access port numbers. |
---|
38 | * |
---|
39 | * Supported protocols include (but are not limited to): |
---|
40 | * TCP |
---|
41 | * UDP |
---|
42 | * ICMP |
---|
43 | */ |
---|
44 | |
---|
45 | /* Get the size of the payload as it was in the original packet, i.e. prior |
---|
46 | * to any truncation. |
---|
47 | * |
---|
48 | * Basically, wire length minus the packet headers. |
---|
49 | * |
---|
50 | * Currently only supports IP (v4 and v6) and TCP, UDP and ICMP. Will return |
---|
51 | * 0 if an unsupported protocol header is encountered, or if one of the |
---|
52 | * headers is truncated. |
---|
53 | */ |
---|
54 | DLLEXPORT size_t trace_get_payload_length(const libtrace_packet_t *packet) { |
---|
55 | |
---|
56 | void *layer; |
---|
57 | uint16_t ethertype; |
---|
58 | uint8_t proto; |
---|
59 | uint32_t rem; |
---|
60 | libtrace_ip_t *ip; |
---|
61 | libtrace_ip6_t *ip6; |
---|
62 | libtrace_tcp_t *tcp; |
---|
63 | size_t len = 0; |
---|
64 | uint8_t iplenzero = 0; |
---|
65 | |
---|
66 | /* Just use the cached length if we can */ |
---|
67 | if (packet->payload_length != -1) |
---|
68 | return packet->payload_length; |
---|
69 | |
---|
70 | /* Set to zero so that we can return early without having to |
---|
71 | * worry about forgetting to update the cached value */ |
---|
72 | ((libtrace_packet_t *)packet)->payload_length = 0; |
---|
73 | layer = trace_get_layer3(packet, ðertype, &rem); |
---|
74 | if (!layer) |
---|
75 | return 0; |
---|
76 | switch (ethertype) { |
---|
77 | case TRACE_ETHERTYPE_IP: |
---|
78 | ip = (libtrace_ip_t *)layer; |
---|
79 | if (rem < sizeof(libtrace_ip_t)) |
---|
80 | return 0; |
---|
81 | if (ntohs(ip->ip_len) == 0) { |
---|
82 | iplenzero = 1; |
---|
83 | break; |
---|
84 | } |
---|
85 | len = ntohs(ip->ip_len) - (4 * ip->ip_hl); |
---|
86 | |
---|
87 | /* Deal with v6 within v4 */ |
---|
88 | if (ip->ip_p == TRACE_IPPROTO_IPV6) |
---|
89 | len -= sizeof(libtrace_ip6_t); |
---|
90 | |
---|
91 | break; |
---|
92 | case TRACE_ETHERTYPE_IPV6: |
---|
93 | ip6 = (libtrace_ip6_t *)layer; |
---|
94 | if (rem < sizeof(libtrace_ip6_t)) |
---|
95 | return 0; |
---|
96 | len = ntohs(ip6->plen); |
---|
97 | if (len == 0) { |
---|
98 | iplenzero = 1; |
---|
99 | } |
---|
100 | break; |
---|
101 | default: |
---|
102 | return 0; |
---|
103 | } |
---|
104 | |
---|
105 | if (iplenzero) { |
---|
106 | /* deal with cases where IP length is zero due to |
---|
107 | * hardware segmentation offload */ |
---|
108 | uint8_t *iplayer, *pktstart; |
---|
109 | libtrace_linktype_t linktype; |
---|
110 | uint32_t rem; |
---|
111 | |
---|
112 | iplayer = (uint8_t *)layer; |
---|
113 | pktstart = (uint8_t *)trace_get_packet_buffer(packet, &linktype, &rem); |
---|
114 | |
---|
115 | len = rem - (iplayer - pktstart); |
---|
116 | if (ethertype == TRACE_ETHERTYPE_IP) { |
---|
117 | ip = (libtrace_ip_t *)layer; |
---|
118 | len -= (4 * ip->ip_hl); |
---|
119 | } else { |
---|
120 | len -= sizeof(libtrace_ip6_t); |
---|
121 | } |
---|
122 | } |
---|
123 | |
---|
124 | layer = trace_get_transport(packet, &proto, &rem); |
---|
125 | if (!layer) |
---|
126 | return 0; |
---|
127 | |
---|
128 | switch(proto) { |
---|
129 | case TRACE_IPPROTO_TCP: |
---|
130 | if (rem < sizeof(libtrace_tcp_t)) |
---|
131 | return 0; |
---|
132 | tcp = (libtrace_tcp_t *)layer; |
---|
133 | |
---|
134 | if (len < (size_t)(4 * tcp->doff)) |
---|
135 | return 0; |
---|
136 | |
---|
137 | len -= (4 * tcp->doff); |
---|
138 | break; |
---|
139 | case TRACE_IPPROTO_UDP: |
---|
140 | if (rem < sizeof(libtrace_udp_t)) |
---|
141 | return 0; |
---|
142 | if (len < sizeof(libtrace_udp_t)) |
---|
143 | return 0; |
---|
144 | len -= sizeof(libtrace_udp_t); |
---|
145 | break; |
---|
146 | case TRACE_IPPROTO_ICMP: |
---|
147 | if (rem < sizeof(libtrace_icmp_t)) |
---|
148 | return 0; |
---|
149 | if (len < sizeof(libtrace_icmp_t)) |
---|
150 | return 0; |
---|
151 | len -= sizeof(libtrace_icmp_t); |
---|
152 | break; |
---|
153 | case TRACE_IPPROTO_ICMPV6: |
---|
154 | if (rem < sizeof(libtrace_icmp6_t)) |
---|
155 | return 0; |
---|
156 | if (len < sizeof(libtrace_icmp6_t)) |
---|
157 | return 0; |
---|
158 | len -= sizeof(libtrace_icmp6_t); |
---|
159 | break; |
---|
160 | |
---|
161 | default: |
---|
162 | return 0; |
---|
163 | } |
---|
164 | |
---|
165 | ((libtrace_packet_t *)packet)->payload_length = len; |
---|
166 | return len; |
---|
167 | |
---|
168 | } |
---|
169 | |
---|
170 | DLLEXPORT void *trace_get_transport(const libtrace_packet_t *packet, |
---|
171 | uint8_t *proto, |
---|
172 | uint32_t *remaining |
---|
173 | ) |
---|
174 | { |
---|
175 | uint8_t dummy_proto; |
---|
176 | uint16_t ethertype; |
---|
177 | uint32_t dummy_remaining; |
---|
178 | void *transport; |
---|
179 | |
---|
180 | if (!proto) proto=&dummy_proto; |
---|
181 | |
---|
182 | if (!remaining) remaining=&dummy_remaining; |
---|
183 | |
---|
184 | if (packet->l4_header) { |
---|
185 | /* |
---|
186 | void *link; |
---|
187 | libtrace_linktype_t linktype; |
---|
188 | link = trace_get_packet_buffer(packet, &linktype, remaining); |
---|
189 | if (!link) |
---|
190 | return NULL; |
---|
191 | */ |
---|
192 | *proto = packet->transport_proto; |
---|
193 | /* *remaining -= (packet->l4_header - link); */ |
---|
194 | *remaining = packet->l4_remaining; |
---|
195 | return packet->l4_header; |
---|
196 | } |
---|
197 | |
---|
198 | transport = trace_get_layer3(packet,ðertype,remaining); |
---|
199 | |
---|
200 | if (!transport || *remaining == 0) |
---|
201 | return NULL; |
---|
202 | |
---|
203 | switch (ethertype) { |
---|
204 | case TRACE_ETHERTYPE_IP: /* IPv4 */ |
---|
205 | transport=trace_get_payload_from_ip( |
---|
206 | (libtrace_ip_t*)transport, proto, remaining); |
---|
207 | /* IPv6 */ |
---|
208 | if (transport && *proto == TRACE_IPPROTO_IPV6) { |
---|
209 | transport=trace_get_payload_from_ip6( |
---|
210 | (libtrace_ip6_t*)transport, proto,remaining); |
---|
211 | } |
---|
212 | break; |
---|
213 | case TRACE_ETHERTYPE_IPV6: /* IPv6 */ |
---|
214 | transport = trace_get_payload_from_ip6( |
---|
215 | (libtrace_ip6_t*)transport, proto, remaining); |
---|
216 | break; |
---|
217 | default: |
---|
218 | *proto = 0; |
---|
219 | transport = NULL; |
---|
220 | break; |
---|
221 | |
---|
222 | } |
---|
223 | |
---|
224 | ((libtrace_packet_t *)packet)->transport_proto = *proto; |
---|
225 | ((libtrace_packet_t *)packet)->l4_header = transport; |
---|
226 | ((libtrace_packet_t *)packet)->l4_remaining = *remaining; |
---|
227 | |
---|
228 | |
---|
229 | return transport; |
---|
230 | } |
---|
231 | |
---|
232 | DLLEXPORT libtrace_tcp_t *trace_get_tcp(libtrace_packet_t *packet) { |
---|
233 | uint8_t proto; |
---|
234 | uint32_t rem = 0; |
---|
235 | libtrace_tcp_t *tcp; |
---|
236 | |
---|
237 | tcp=(libtrace_tcp_t*)trace_get_transport(packet,&proto,&rem); |
---|
238 | |
---|
239 | if (!tcp || proto != TRACE_IPPROTO_TCP) |
---|
240 | return NULL; |
---|
241 | |
---|
242 | /* We should return NULL if there isn't a full TCP header, because the |
---|
243 | * caller has no way of telling how much of a TCP header we have |
---|
244 | * returned - use trace_get_transport() if you want to deal with |
---|
245 | * partial headers |
---|
246 | * |
---|
247 | * NOTE: We're not going to insist that all the TCP options are present |
---|
248 | * as well, because lots of traces are snapped after 20 bytes of TCP |
---|
249 | * header and I don't really want to break libtrace programs that |
---|
250 | * use this function to process those traces */ |
---|
251 | |
---|
252 | if (rem < sizeof(libtrace_tcp_t)) |
---|
253 | return NULL; |
---|
254 | |
---|
255 | return (libtrace_tcp_t*)tcp; |
---|
256 | } |
---|
257 | |
---|
258 | DLLEXPORT libtrace_tcp_t *trace_get_tcp_from_ip(libtrace_ip_t *ip, uint32_t *remaining) |
---|
259 | { |
---|
260 | libtrace_tcp_t *tcpptr = 0; |
---|
261 | |
---|
262 | if (ip->ip_p == TRACE_IPPROTO_TCP) { |
---|
263 | tcpptr = (libtrace_tcp_t *) |
---|
264 | trace_get_payload_from_ip(ip, NULL, remaining); |
---|
265 | } |
---|
266 | |
---|
267 | return tcpptr; |
---|
268 | } |
---|
269 | |
---|
270 | DLLEXPORT libtrace_udp_t *trace_get_udp(libtrace_packet_t *packet) { |
---|
271 | uint8_t proto; |
---|
272 | uint32_t rem = 0; |
---|
273 | libtrace_udp_t *udp; |
---|
274 | |
---|
275 | udp=(libtrace_udp_t*)trace_get_transport(packet,&proto,&rem); |
---|
276 | |
---|
277 | if (!udp || proto != TRACE_IPPROTO_UDP) |
---|
278 | return NULL; |
---|
279 | |
---|
280 | /* Make sure we return a full UDP header as the caller has no way of |
---|
281 | * telling how much of the packet is remaining */ |
---|
282 | if (rem < sizeof(libtrace_udp_t)) |
---|
283 | return NULL; |
---|
284 | |
---|
285 | return udp; |
---|
286 | } |
---|
287 | |
---|
288 | DLLEXPORT libtrace_udp_t *trace_get_udp_from_ip(libtrace_ip_t *ip, uint32_t *remaining) |
---|
289 | { |
---|
290 | libtrace_udp_t *udpptr = 0; |
---|
291 | |
---|
292 | if (ip->ip_p == TRACE_IPPROTO_UDP) { |
---|
293 | udpptr = (libtrace_udp_t *) |
---|
294 | trace_get_payload_from_ip(ip, NULL, remaining); |
---|
295 | } |
---|
296 | |
---|
297 | return udpptr; |
---|
298 | } |
---|
299 | |
---|
300 | DLLEXPORT libtrace_icmp_t *trace_get_icmp(libtrace_packet_t *packet) { |
---|
301 | uint8_t proto; |
---|
302 | uint32_t rem = 0; |
---|
303 | libtrace_icmp_t *icmp; |
---|
304 | |
---|
305 | icmp=(libtrace_icmp_t*)trace_get_transport(packet,&proto,&rem); |
---|
306 | |
---|
307 | if (!icmp || proto != TRACE_IPPROTO_ICMP) |
---|
308 | return NULL; |
---|
309 | |
---|
310 | /* Make sure we return a full ICMP header as the caller has no way of |
---|
311 | * telling how much of the packet is remaining */ |
---|
312 | if (rem < sizeof(libtrace_icmp_t)) |
---|
313 | return NULL; |
---|
314 | |
---|
315 | return icmp; |
---|
316 | } |
---|
317 | |
---|
318 | DLLEXPORT libtrace_icmp6_t *trace_get_icmp6(libtrace_packet_t *packet) { |
---|
319 | uint8_t proto; |
---|
320 | uint32_t rem = 0; |
---|
321 | libtrace_icmp6_t *icmp; |
---|
322 | |
---|
323 | icmp=(libtrace_icmp6_t*)trace_get_transport(packet,&proto,&rem); |
---|
324 | |
---|
325 | if (!icmp || proto != TRACE_IPPROTO_ICMPV6) |
---|
326 | return NULL; |
---|
327 | |
---|
328 | /* Make sure we return a full ICMP header as the caller has no way of |
---|
329 | * telling how much of the packet is remaining */ |
---|
330 | if (rem < sizeof(libtrace_icmp6_t)) |
---|
331 | return NULL; |
---|
332 | |
---|
333 | return icmp; |
---|
334 | } |
---|
335 | |
---|
336 | DLLEXPORT libtrace_icmp_t *trace_get_icmp_from_ip(libtrace_ip_t *ip, uint32_t *remaining) |
---|
337 | { |
---|
338 | libtrace_icmp_t *icmpptr = 0; |
---|
339 | |
---|
340 | if (ip->ip_p == TRACE_IPPROTO_ICMP) { |
---|
341 | icmpptr = (libtrace_icmp_t *)trace_get_payload_from_ip(ip, |
---|
342 | NULL, remaining); |
---|
343 | } |
---|
344 | |
---|
345 | return icmpptr; |
---|
346 | } |
---|
347 | |
---|
348 | DLLEXPORT void *trace_get_payload_from_udp(libtrace_udp_t *udp, uint32_t *remaining) |
---|
349 | { |
---|
350 | if (remaining) { |
---|
351 | if (*remaining < sizeof(libtrace_udp_t)) { |
---|
352 | *remaining = 0; |
---|
353 | return NULL; |
---|
354 | } |
---|
355 | *remaining-=sizeof(libtrace_udp_t); |
---|
356 | } |
---|
357 | return (void*)((char*)udp+sizeof(libtrace_udp_t)); |
---|
358 | } |
---|
359 | |
---|
360 | DLLEXPORT void *trace_get_payload_from_tcp(libtrace_tcp_t *tcp, uint32_t *remaining) |
---|
361 | { |
---|
362 | unsigned int dlen = tcp->doff*4; |
---|
363 | if (remaining) { |
---|
364 | if (*remaining < dlen) { |
---|
365 | *remaining = 0; |
---|
366 | return NULL; |
---|
367 | } |
---|
368 | *remaining-=dlen; |
---|
369 | } |
---|
370 | return (void *)((char *)tcp+dlen); |
---|
371 | } |
---|
372 | |
---|
373 | DLLEXPORT void *trace_get_payload_from_icmp(libtrace_icmp_t *icmp, uint32_t *remaining) |
---|
374 | { |
---|
375 | if (remaining) { |
---|
376 | if (*remaining < sizeof(libtrace_icmp_t)) { |
---|
377 | *remaining = 0; |
---|
378 | return NULL; |
---|
379 | } |
---|
380 | *remaining-=sizeof(libtrace_icmp_t); |
---|
381 | } |
---|
382 | return (char*)icmp+sizeof(libtrace_icmp_t); |
---|
383 | } |
---|
384 | |
---|
385 | DLLEXPORT void *trace_get_payload_from_icmp6(libtrace_icmp6_t *icmp, uint32_t *remaining) |
---|
386 | { |
---|
387 | if (remaining) { |
---|
388 | if (*remaining < sizeof(libtrace_icmp6_t)) { |
---|
389 | *remaining = 0; |
---|
390 | return NULL; |
---|
391 | } |
---|
392 | *remaining-=sizeof(libtrace_icmp6_t); |
---|
393 | } |
---|
394 | return (char*)icmp+sizeof(libtrace_icmp6_t); |
---|
395 | } |
---|
396 | |
---|
397 | /* Return the source port |
---|
398 | */ |
---|
399 | DLLEXPORT uint16_t trace_get_source_port(const libtrace_packet_t *packet) |
---|
400 | { |
---|
401 | uint32_t remaining; |
---|
402 | uint8_t proto; |
---|
403 | struct ports_t *port; |
---|
404 | uint16_t fragoff; |
---|
405 | uint8_t more; |
---|
406 | |
---|
407 | fragoff = trace_get_fragment_offset(packet, &more); |
---|
408 | |
---|
409 | /* If we're not the first fragment, we're unlikely to be able |
---|
410 | * to get any useful port numbers from this packet. |
---|
411 | */ |
---|
412 | if (fragoff != 0) |
---|
413 | return 0; |
---|
414 | |
---|
415 | |
---|
416 | port = (struct ports_t*)trace_get_transport( |
---|
417 | (libtrace_packet_t*)packet, |
---|
418 | &proto, &remaining); |
---|
419 | |
---|
420 | /* Snapped too early */ |
---|
421 | if (remaining<2) |
---|
422 | return 0; |
---|
423 | |
---|
424 | /* ICMP *technically* doesn't have ports */ |
---|
425 | if (proto == TRACE_IPPROTO_ICMP || proto == TRACE_IPPROTO_ICMPV6) |
---|
426 | return 0; |
---|
427 | |
---|
428 | if (port) |
---|
429 | return ntohs(port->src); |
---|
430 | else |
---|
431 | return 0; |
---|
432 | } |
---|
433 | |
---|
434 | /* Same as get_source_port except use the destination port */ |
---|
435 | DLLEXPORT uint16_t trace_get_destination_port(const libtrace_packet_t *packet) |
---|
436 | { |
---|
437 | uint32_t remaining; |
---|
438 | uint8_t proto; |
---|
439 | struct ports_t *port; |
---|
440 | uint16_t fragoff; |
---|
441 | uint8_t more; |
---|
442 | |
---|
443 | fragoff = trace_get_fragment_offset(packet, &more); |
---|
444 | |
---|
445 | /* If we're not the first fragment, we're unlikely to be able |
---|
446 | * to get any useful port numbers from this packet. |
---|
447 | */ |
---|
448 | if (fragoff != 0) |
---|
449 | return 0; |
---|
450 | |
---|
451 | |
---|
452 | port = (struct ports_t*)trace_get_transport( |
---|
453 | (libtrace_packet_t*)packet, |
---|
454 | &proto, &remaining); |
---|
455 | /* Snapped too early */ |
---|
456 | if (remaining<4) |
---|
457 | return 0; |
---|
458 | |
---|
459 | /* ICMP *technically* doesn't have ports */ |
---|
460 | if (proto == TRACE_IPPROTO_ICMP || proto == TRACE_IPPROTO_ICMPV6) |
---|
461 | return 0; |
---|
462 | |
---|
463 | if (port) |
---|
464 | return ntohs(port->dst); |
---|
465 | else |
---|
466 | return 0; |
---|
467 | } |
---|
468 | |
---|
469 | DLLEXPORT uint16_t *trace_checksum_transport(libtrace_packet_t *packet, |
---|
470 | uint16_t *csum) { |
---|
471 | |
---|
472 | void *header = NULL; |
---|
473 | uint16_t ethertype; |
---|
474 | uint32_t remaining; |
---|
475 | uint32_t sum = 0; |
---|
476 | uint8_t proto = 0; |
---|
477 | char *csum_ptr = NULL; |
---|
478 | int plen = 0; |
---|
479 | |
---|
480 | uint8_t safety[65536]; |
---|
481 | uint8_t *ptr = safety; |
---|
482 | |
---|
483 | header = trace_get_layer3(packet, ðertype, &remaining); |
---|
484 | |
---|
485 | if (header == NULL) |
---|
486 | return NULL; |
---|
487 | |
---|
488 | if (ethertype == TRACE_ETHERTYPE_IP) { |
---|
489 | libtrace_ip_t *ip = (libtrace_ip_t *)header; |
---|
490 | |
---|
491 | if (remaining < sizeof(libtrace_ip_t)) |
---|
492 | return NULL; |
---|
493 | |
---|
494 | sum = ipv4_pseudo_checksum(ip); |
---|
495 | |
---|
496 | } else if (ethertype == TRACE_ETHERTYPE_IPV6) { |
---|
497 | libtrace_ip6_t *ip = (libtrace_ip6_t *)header; |
---|
498 | |
---|
499 | if (remaining < sizeof(libtrace_ip6_t)) |
---|
500 | return 0; |
---|
501 | |
---|
502 | sum = ipv6_pseudo_checksum(ip); |
---|
503 | |
---|
504 | } |
---|
505 | |
---|
506 | header = trace_get_transport(packet, &proto, &remaining); |
---|
507 | |
---|
508 | if (proto == TRACE_IPPROTO_TCP) { |
---|
509 | libtrace_tcp_t *tcp = (libtrace_tcp_t *)header; |
---|
510 | header = trace_get_payload_from_tcp(tcp, &remaining); |
---|
511 | |
---|
512 | csum_ptr = (char *)(&tcp->check); |
---|
513 | |
---|
514 | memcpy(ptr, tcp, tcp->doff * 4); |
---|
515 | |
---|
516 | tcp = (libtrace_tcp_t *)ptr; |
---|
517 | tcp->check = 0; |
---|
518 | |
---|
519 | ptr += (tcp->doff * 4); |
---|
520 | } |
---|
521 | |
---|
522 | else if (proto == TRACE_IPPROTO_UDP) { |
---|
523 | |
---|
524 | libtrace_udp_t *udp = (libtrace_udp_t *)header; |
---|
525 | header = trace_get_payload_from_udp(udp, &remaining); |
---|
526 | |
---|
527 | csum_ptr = (char *)(&udp->check); |
---|
528 | memcpy(ptr, udp, sizeof(libtrace_udp_t)); |
---|
529 | |
---|
530 | udp = (libtrace_udp_t *)ptr; |
---|
531 | udp->check = 0; |
---|
532 | |
---|
533 | ptr += sizeof(libtrace_udp_t); |
---|
534 | } |
---|
535 | |
---|
536 | else if (proto == TRACE_IPPROTO_ICMP) { |
---|
537 | /* ICMP doesn't use the pseudo header */ |
---|
538 | sum = 0; |
---|
539 | |
---|
540 | libtrace_icmp_t *icmp = (libtrace_icmp_t *)header; |
---|
541 | header = trace_get_payload_from_icmp(icmp, &remaining); |
---|
542 | |
---|
543 | csum_ptr = (char *)(&icmp->checksum); |
---|
544 | memcpy(ptr, icmp, sizeof(libtrace_icmp_t)); |
---|
545 | |
---|
546 | icmp = (libtrace_icmp_t *)ptr; |
---|
547 | icmp->checksum = 0; |
---|
548 | |
---|
549 | ptr += sizeof(libtrace_icmp_t); |
---|
550 | |
---|
551 | } |
---|
552 | else { |
---|
553 | return NULL; |
---|
554 | } |
---|
555 | |
---|
556 | sum += add_checksum(safety, (uint16_t)(ptr - safety)); |
---|
557 | |
---|
558 | plen = trace_get_payload_length(packet); |
---|
559 | if (plen < 0) |
---|
560 | return NULL; |
---|
561 | |
---|
562 | if (remaining < (uint32_t)plen) |
---|
563 | return NULL; |
---|
564 | |
---|
565 | if (header == NULL) |
---|
566 | return NULL; |
---|
567 | |
---|
568 | sum += add_checksum(header, (uint16_t)plen); |
---|
569 | *csum = ntohs(finish_checksum(sum)); |
---|
570 | //assert(0); |
---|
571 | |
---|
572 | return (uint16_t *)csum_ptr; |
---|
573 | } |
---|
574 | |
---|
575 | DLLEXPORT void *trace_get_payload_from_gre(libtrace_gre_t *gre, |
---|
576 | uint32_t *remaining) |
---|
577 | { |
---|
578 | uint8_t flags = ntohs(gre->flags); |
---|
579 | uint32_t size = 4; /* GRE is 4 bytes long by default */ |
---|
580 | if (remaining && *remaining < size) { |
---|
581 | *remaining = 0; |
---|
582 | return NULL; |
---|
583 | } |
---|
584 | |
---|
585 | if((flags & LIBTRACE_GRE_FLAG_VERMASK) == LIBTRACE_GRE_PPTP_VERSION) { |
---|
586 | size += 4; |
---|
587 | |
---|
588 | if ((flags & LIBTRACE_GRE_FLAG_SEQ) != 0) { |
---|
589 | size += 4; |
---|
590 | } |
---|
591 | if ((flags & LIBTRACE_GRE_FLAG_ACK) != 0) { |
---|
592 | size += 4; |
---|
593 | } |
---|
594 | } else { |
---|
595 | |
---|
596 | if ((ntohs(gre->flags) & LIBTRACE_GRE_FLAG_CHECKSUM) != 0) { |
---|
597 | size += 4; /* An extra 4 bytes. */ |
---|
598 | } |
---|
599 | |
---|
600 | if ((ntohs(gre->flags) & LIBTRACE_GRE_FLAG_KEY) != 0) { |
---|
601 | size += 4; /* An extra 4 bytes. */ |
---|
602 | } |
---|
603 | |
---|
604 | if ((ntohs(gre->flags) & LIBTRACE_GRE_FLAG_SEQ) != 0) { |
---|
605 | size += 4; /* An extra 4 bytes. */ |
---|
606 | } |
---|
607 | } |
---|
608 | |
---|
609 | if (remaining) { |
---|
610 | if (*remaining < size) { |
---|
611 | *remaining = 0; |
---|
612 | return NULL; |
---|
613 | } |
---|
614 | *remaining -= size; |
---|
615 | } |
---|
616 | return (char*)gre+size; |
---|
617 | } |
---|