Changeset d0f25d4
- Timestamp:
- 01/23/19 13:02:54 (4 years ago)
- Branches:
- develop
- Children:
- 23741ec5
- Parents:
- 23d263a
- Files:
-
- 2 added
- 8 edited
-
lib/format_pcapng.c (modified) (7 diffs)
-
lib/format_pcapng.h (modified) (3 diffs)
-
lib/format_pktmeta.c (modified) (1 diff)
-
lib/libtrace.h.in (modified) (3 diffs)
-
lib/trace.c (modified) (1 diff)
-
libpacketdump/Makefile.am (modified) (2 diffs)
-
libpacketdump/libpacketdump.cc (modified) (6 diffs)
-
libpacketdump/libpacketdump.h (modified) (1 diff)
-
libpacketdump/link_21.c (added)
-
libpacketdump/link_23.c (added)
Legend:
- Unmodified
- Added
- Removed
-
lib/format_pcapng.c
rb27ed21 rd0f25d4 40 40 #include <math.h> 41 41 42 typedef struct pcagng_section_header_t {43 uint32_t blocktype;44 uint32_t blocklen;45 uint32_t ordering;46 uint16_t majorversion;47 uint16_t minorversion;48 uint64_t sectionlen;49 } pcapng_sec_t;50 51 typedef struct pcapng_interface_header_t {52 uint32_t blocktype;53 uint32_t blocklen;54 uint16_t linktype;55 uint16_t reserved;56 uint32_t snaplen;57 } pcapng_int_t;58 59 typedef struct pcapng_nrb_header_t {60 uint32_t blocktype;61 uint32_t blocklen;62 } pcapng_nrb_t;63 64 typedef struct pcapng_enhanced_packet_t {65 uint32_t blocktype;66 uint32_t blocklen;67 uint32_t interfaceid;68 uint32_t timestamp_high;69 uint32_t timestamp_low;70 uint32_t caplen;71 uint32_t wlen;72 } pcapng_epkt_t;73 74 typedef struct pcapng_simple_packet_t {75 uint32_t blocktype;76 uint32_t blocklen;77 uint32_t wlen;78 } pcapng_spkt_t;79 80 typedef struct pcapng_old_packet_t {81 uint32_t blocktype;82 uint32_t blocklen;83 uint16_t interfaceid;84 uint16_t drops;85 uint32_t timestamp_high;86 uint32_t timestamp_low;87 uint32_t caplen;88 uint32_t wlen;89 } pcapng_opkt_t;90 91 typedef struct pcapng_stats_header_t {92 uint32_t blocktype;93 uint32_t blocklen;94 uint32_t interfaceid;95 uint32_t timestamp_high;96 uint32_t timestamp_low;97 } pcapng_stats_t;98 99 typedef struct pcapng_decryption_secrets_header_t {100 uint32_t blocktype;101 uint32_t blocklen;102 uint32_t secrets_type;103 uint32_t secrets_len;104 } pcapng_secrets_t;105 106 typedef struct pcapng_custom_header_t {107 uint32_t blocktype;108 uint32_t blocklen;109 uint32_t pen;110 } pcapng_custom_t;111 112 typedef struct pcapng_interface_t pcapng_interface_t;113 114 struct pcapng_timestamp {115 uint32_t timehigh;116 uint32_t timelow;117 };118 119 struct pcapng_interface_t {120 121 uint16_t id;122 libtrace_dlt_t linktype;123 uint32_t snaplen;124 uint32_t tsresol;125 126 uint64_t received;127 uint64_t dropped; /* as reported by interface stats */128 uint64_t dropcounter; /* as reported by packet records */129 uint64_t accepted;130 uint64_t osdropped;131 uint64_t laststats;132 133 };134 135 struct pcapng_format_data_t {136 bool started;137 bool realtime;138 bool discard_meta;139 140 /* Section data */141 bool byteswapped;142 143 /* Interface data */144 pcapng_interface_t **interfaces;145 uint16_t allocatedinterfaces;146 uint16_t nextintid;147 148 };149 150 struct pcapng_format_data_out_t {151 iow_t *file;152 int compress_level;153 int compress_type;154 int flag;155 156 /* Section data */157 uint16_t sechdr_count;158 bool byteswapped;159 160 /* Interface data */161 uint16_t nextintid;162 libtrace_linktype_t lastdlt;163 };164 165 struct pcapng_optheader {166 uint16_t optcode;167 uint16_t optlen;168 };169 170 struct pcapng_custom_optheader {171 uint16_t optcode;172 uint16_t optlen;173 uint32_t pen;174 };175 struct pcapng_nrb_record {176 uint16_t recordtype;177 uint16_t recordlen;178 };179 struct pcapng_peeker {180 uint32_t blocktype;181 uint32_t blocklen;182 };183 184 typedef struct pcapng_peeker pcapng_hdr_t;185 186 #define DATA(x) ((struct pcapng_format_data_t *)((x)->format_data))187 #define DATAOUT(x) ((struct pcapng_format_data_out_t*)((x)->format_data))188 189 42 static char *pcapng_parse_next_option(libtrace_t *libtrace, char **pktbuf, 190 43 uint16_t *code, uint16_t *length, pcapng_hdr_t *blockhdr); … … 856 709 static int pcapng_get_framing_length(const libtrace_packet_t *packet) { 857 710 858 711 switch(pcapng_get_record_type(packet)) { 859 712 case PCAPNG_SECTION_TYPE: 860 713 return sizeof(pcapng_sec_t); … … 872 725 return sizeof(pcapng_nrb_t); 873 726 case PCAPNG_CUSTOM_TYPE: 727 return sizeof(pcapng_custom_t); 874 728 case PCAPNG_CUSTOM_NONCOPY_TYPE: 875 729 return sizeof(pcapng_custom_t); 876 } 730 case PCAPNG_DECRYPTION_SECRETS_TYPE: 731 return sizeof(pcapng_secrets_t); 732 } 877 733 878 734 /* If we get here, we aren't a valid pcapng packet */ … … 1808 1664 static libtrace_direction_t pcapng_get_direction(const libtrace_packet_t 1809 1665 *packet) { 1666 libtrace_direction_t direction = -1; 1810 1667 1811 1668 /* Defined in format_helper.c */ 1812 return pcap_get_direction(packet); 1669 if (PACKET_IS_ENHANCED || PACKET_IS_SIMPLE || PACKET_IS_OLD) { 1670 direction = pcap_get_direction(packet); 1671 } 1672 1673 return direction; 1813 1674 } 1814 1675 … … 1910 1771 return ohdr->wlen; 1911 1772 } 1912 } 1773 } else if (PACKET_IS_SECTION || PACKET_IS_INTERFACE || PACKET_IS_NAME_RESOLUTION 1774 || PACKET_IS_INTERFACE_STATS || PACKET_IS_CUSTOM || 1775 PACKET_IS_CUSTOM_NONCOPY || PACKET_IS_DECRYPTION_SECRETS) { 1776 /* meta packet are not transmitted on the wire hence the 0 wirelen */ 1777 return 0; 1778 } 1913 1779 1914 1780 /* If we get here, we aren't a valid pcapng packet */ … … 1926 1792 if (baselen == -1) 1927 1793 return -1; 1794 1795 /* if packet was a meta packet baselen should be zero so return it */ 1796 if (baselen == 0) { 1797 return 0; 1798 } 1928 1799 1929 1800 /* Then, account for the vagaries of different DLTs */ … … 1991 1862 return ohdr->caplen; 1992 1863 } 1993 } 1864 } else if (PACKET_IS_SECTION || PACKET_IS_INTERFACE || PACKET_IS_NAME_RESOLUTION 1865 || PACKET_IS_INTERFACE_STATS || PACKET_IS_CUSTOM || 1866 PACKET_IS_CUSTOM_NONCOPY || PACKET_IS_DECRYPTION_SECRETS) { 1867 1868 struct pcapng_peeker *hdr = (struct pcapng_peeker *)packet->header; 1869 if (DATA(packet->trace)->byteswapped) { 1870 return byteswap32(hdr->blocklen) - trace_get_framing_length(packet); 1871 } else { 1872 return hdr->blocklen - trace_get_framing_length(packet); 1873 } 1874 } 1994 1875 1995 1876 /* If we get here, we aren't a valid pcapng packet */ -
lib/format_pcapng.h
r23d263a rd0f25d4 1 2 1 #define PCAPNG_SECTION_TYPE 0x0A0D0D0A 3 2 #define PCAPNG_INTERFACE_TYPE 0x00000001 … … 34 33 #define PCAPNG_OPTION_CUSTOM_4 19373 35 34 36 #define PACKET_IS_SECTION (pcapng_get_record_type(packet) == PCAPNG_SECTION_ _TYPE)35 #define PACKET_IS_SECTION (pcapng_get_record_type(packet) == PCAPNG_SECTION_TYPE) 37 36 #define PACKET_IS_INTERFACE (pcapng_get_record_type(packet) == PCAPNG_INTERFACE_TYPE) 38 37 #define PACKET_IS_OLD (pcapng_get_record_type(packet) == PCAPNG_OLD_PACKET_TYPE) 39 38 #define PACKET_IS_SIMPLE (pcapng_get_record_type(packet) == PCAPNG_SIMPLE_PACKET_TYPE) 40 39 #define PACKET_IS_NAME_RESOLUTION (pcapng_get_record_type(packet) == PCAPNG_NAME_RESOLUTION_TYPE) 41 #define PACKET_IS_INTERFACE_STATS _TYPE(pcapng_get_record_type(packet) == PCAPNG_INTERFACE_STATS_TYPE)40 #define PACKET_IS_INTERFACE_STATS (pcapng_get_record_type(packet) == PCAPNG_INTERFACE_STATS_TYPE) 42 41 #define PACKET_IS_ENHANCED (pcapng_get_record_type(packet) == PCAPNG_ENHANCED_PACKET_TYPE) 43 #define PACKET_IS_CUSTOM _TYPE(pcapng_get_record_type(packet) == PCAPNG_CUSTOM_TYPE)44 #define P CAPNG_IS_CUSTOM_NONCOPY_TYPE(pcapng_get_record_type(packet) == PCAPNG_CUSTOM_NONCOPY_TYPE)45 #define P CAPNG_DECRYPTION_SECRETS_TYPE(pcapng_get_record_type(packet) == PCAPNG_DECRYPTION_SECRETS_TYPE)42 #define PACKET_IS_CUSTOM (pcapng_get_record_type(packet) == PCAPNG_CUSTOM_TYPE) 43 #define PACKET_IS_CUSTOM_NONCOPY (pcapng_get_record_type(packet) == PCAPNG_CUSTOM_NONCOPY_TYPE) 44 #define PACKET_IS_DECRYPTION_SECRETS (pcapng_get_record_type(packet) == PCAPNG_DECRYPTION_SECRETS_TYPE) 46 45 47 46 #define PCAPNG_IFOPT_TSRESOL 9 … … 96 95 #define PCAPNG_META_ISB_OSDROP 7 97 96 #define PCAPNG_META_ISB_USRDELIV 8 97 /* Old packet type */ 98 #define PCAPNG_META_OLD_FLAGS 2 99 #define PCAPNG_META_OLD_HASH 3 100 101 #define DATA(x) ((struct pcapng_format_data_t *)((x)->format_data)) 102 #define DATAOUT(x) ((struct pcapng_format_data_out_t*)((x)->format_data)) 103 104 typedef struct pcagng_section_header_t { 105 uint32_t blocktype; 106 uint32_t blocklen; 107 uint32_t ordering; 108 uint16_t majorversion; 109 uint16_t minorversion; 110 uint64_t sectionlen; 111 } pcapng_sec_t; 112 113 typedef struct pcapng_interface_header_t { 114 uint32_t blocktype; 115 uint32_t blocklen; 116 uint16_t linktype; 117 uint16_t reserved; 118 uint32_t snaplen; 119 } pcapng_int_t; 120 121 typedef struct pcapng_nrb_header_t { 122 uint32_t blocktype; 123 uint32_t blocklen; 124 } pcapng_nrb_t; 125 126 typedef struct pcapng_enhanced_packet_t { 127 uint32_t blocktype; 128 uint32_t blocklen; 129 uint32_t interfaceid; 130 uint32_t timestamp_high; 131 uint32_t timestamp_low; 132 uint32_t caplen; 133 uint32_t wlen; 134 } pcapng_epkt_t; 135 136 typedef struct pcapng_simple_packet_t { 137 uint32_t blocktype; 138 uint32_t blocklen; 139 uint32_t wlen; 140 } pcapng_spkt_t; 141 142 typedef struct pcapng_old_packet_t { 143 uint32_t blocktype; 144 uint32_t blocklen; 145 uint16_t interfaceid; 146 uint16_t drops; 147 uint32_t timestamp_high; 148 uint32_t timestamp_low; 149 uint32_t caplen; 150 uint32_t wlen; 151 } pcapng_opkt_t; 152 153 typedef struct pcapng_stats_header_t { 154 uint32_t blocktype; 155 uint32_t blocklen; 156 uint32_t interfaceid; 157 uint32_t timestamp_high; 158 uint32_t timestamp_low; 159 } pcapng_stats_t; 160 161 typedef struct pcapng_decryption_secrets_header_t { 162 uint32_t blocktype; 163 uint32_t blocklen; 164 uint32_t secrets_type; 165 uint32_t secrets_len; 166 } pcapng_secrets_t; 167 168 typedef struct pcapng_custom_header_t { 169 uint32_t blocktype; 170 uint32_t blocklen; 171 uint32_t pen; 172 } pcapng_custom_t; 173 174 typedef struct pcapng_interface_t pcapng_interface_t; 175 176 struct pcapng_timestamp { 177 uint32_t timehigh; 178 uint32_t timelow; 179 }; 180 181 struct pcapng_interface_t { 182 183 uint16_t id; 184 libtrace_dlt_t linktype; 185 uint32_t snaplen; 186 uint32_t tsresol; 187 188 uint64_t received; 189 uint64_t dropped; /* as reported by interface stats */ 190 uint64_t dropcounter; /* as reported by packet records */ 191 uint64_t accepted; 192 uint64_t osdropped; 193 uint64_t laststats; 194 195 }; 196 197 struct pcapng_format_data_t { 198 bool started; 199 bool realtime; 200 bool discard_meta; 201 202 /* Section data */ 203 bool byteswapped; 204 205 /* Interface data */ 206 pcapng_interface_t **interfaces; 207 uint16_t allocatedinterfaces; 208 uint16_t nextintid; 209 210 }; 211 212 struct pcapng_format_data_out_t { 213 iow_t *file; 214 int compress_level; 215 int compress_type; 216 int flag; 217 218 /* Section data */ 219 uint16_t sechdr_count; 220 bool byteswapped; 221 222 /* Interface data */ 223 uint16_t nextintid; 224 libtrace_linktype_t lastdlt; 225 }; 226 227 struct pcapng_optheader { 228 uint16_t optcode; 229 uint16_t optlen; 230 }; 231 232 struct pcapng_custom_optheader { 233 uint16_t optcode; 234 uint16_t optlen; 235 uint32_t pen; 236 }; 237 struct pcapng_nrb_record { 238 uint16_t recordtype; 239 uint16_t recordlen; 240 }; 241 struct pcapng_peeker { 242 uint32_t blocktype; 243 uint32_t blocklen; 244 }; 245 246 typedef struct pcapng_peeker pcapng_hdr_t; 98 247 99 248 void *pcapng_get_meta_section(libtrace_packet_t *packet, uint32_t section); -
lib/format_pktmeta.c
rddad48c rd0f25d4 639 639 } 640 640 641 642 643 641 /* ERF specific function */ 644 642 /* Get the DAG card model from a meta packet. -
lib/libtrace.h.in
rb27ed21 rd0f25d4 595 595 } libtrace_meta_result_t; 596 596 597 typedef struct libtrace_meta_ section_item {597 typedef struct libtrace_meta_item { 598 598 uint16_t option; 599 599 uint16_t len; … … 607 607 libtrace_meta_item_t *items; 608 608 } libtrace_meta_t; 609 610 typedef struct libtrace_meta {611 char *interface_name; /**< Interface name packet was captured on */612 void *interface_mac; /**< Interface MAC address packet was captured on */613 uint64_t interface_speed; /**< Interface speed packet was captured on */614 uint32_t interface_ipv4; /**< Interface IP4 address packet was captured on */615 void *interface_ipv6; /**< Interface IP6 address packet was captured on */616 char *interface_description; /**< Interface description */617 uint32_t interface_num; /**< Interface number */618 char *host_os; /**< Host OS the packet was captured on */619 uint32_t interface_fcslen; /**< Frame check sequence length for the interface */620 char *interface_hardware_desc; /**< Interface hardware description string */621 char *interface_comment; /**< Interface comment */622 char *capture_application; /**< Name of the capturing application */623 } libtrace_meta_tt;624 609 625 610 typedef struct libtrace_packet_cache { … … 659 644 int refcount; /**< Reference counter */ 660 645 int which_trace_start; /**< Used to match packet to a started instance of the parent trace */ 661 662 libtrace_meta_tt meta; /**< Meta data for the packet */663 646 } libtrace_packet_t; 664 647 -
lib/trace.c
rd4eed70 rd0f25d4 952 952 * if this packet is ever reused 953 953 */ 954 /* free meta fields */955 if (packet->meta.interface_name != NULL)956 free(packet->meta.interface_name);957 if (packet->meta.interface_description != NULL)958 free(packet->meta.interface_description);959 if (packet->meta.host_os != NULL)960 free(packet->meta.host_os);961 if (packet->meta.interface_hardware_desc != NULL)962 free(packet->meta.interface_hardware_desc);963 if (packet->meta.interface_comment != NULL)964 free(packet->meta.interface_comment);965 if (packet->meta.capture_application != NULL)966 free(packet->meta.capture_application);967 968 954 free(packet); 969 955 } -
libpacketdump/Makefile.am
r055a2c9 rd0f25d4 61 61 TXT_PROTOCOLS+=link_17.protocol 62 62 63 #22: ERF META 64 BIN_PROTOCOLS+=link_21.la 65 63 66 # 22: ETSI LI 64 67 if HAVE_WANDDER 65 68 BIN_PROTOCOLS+=link_22.la 66 69 endif 70 71 #23: PCAPNG 72 BIN_PROTOCOLS+=link_23.la 67 73 68 74 # Decoders for various ethertypes (in decimal) … … 140 146 link_11_la_LDFLAGS=$(modflags) 141 147 link_15_la_LDFLAGS=$(modflags) 148 link_21_la_LDFLAGS=$(modflags) 142 149 if HAVE_WANDDER 143 150 link_22_la_LDFLAGS=$(modflags) 144 151 endif 152 link_23_la_LDFLAGS=$(modflags) 145 153 eth_0_la_LDFLAGS=$(modflags) 146 154 eth_2048_la_LDFLAGS=$(modflags) -
libpacketdump/libpacketdump.cc
r8b49230 rd0f25d4 41 41 #ifdef HAVE_NETINET_IF_ETHER_H 42 42 # include <netinet/if_ether.h> 43 #endif 43 #endif 44 44 #include <dlfcn.h> 45 45 #include <map> … … 57 57 58 58 typedef void (*decode_norm_t)(uint16_t type,const char *packet,int len); 59 typedef void (*decode_norm_meta)(uint16_t type,const char *packet,int len,libtrace_packet_t *p); 59 60 typedef void (*decode_parser_t)(uint16_t type,const char *packet,int len, element_t* el); 61 62 libtrace_packet_t *p; 60 63 61 64 typedef union decode_funcs { 62 65 decode_norm_t decode_n; 66 decode_norm_meta decode_meta; 63 67 decode_parser_t decode_p; 64 68 } decode_funcs_t; … … 130 134 (int)trace_get_wire_length(packet), 131 135 (int)trace_get_direction(packet)); 132 133 136 134 137 formatted_hexdump(pkt_ptr, (int)length); … … 138 141 void trace_dump_packet(struct libtrace_packet_t *packet) 139 142 { 143 p = packet; 144 140 145 time_t sec = (time_t)trace_get_seconds(packet); 141 146 libtrace_linktype_t linktype; 142 147 uint32_t length; 143 148 const char *link=(char *)trace_get_packet_buffer(packet,&linktype,NULL); 144 149 145 150 length = trace_get_capture_length(packet); 146 147 printf("\n%s",ctime(&sec)); 148 printf(" Capture: Packet Length: %i/%i Direction Value: %i\n", 151 fprintf(stderr, "\n%s",ctime(&sec)); 152 fprintf(stderr, " Capture: Packet Length: %i/%i Direction Value: %i\n", 149 153 (int)length, 150 154 (int)trace_get_wire_length(packet), 151 155 (int)trace_get_direction(packet)); 156 152 157 if (!link) 153 158 printf(" [No link layer available]\n"); 154 159 else 155 decode_next(link,length, "link", 156 linktype); 160 decode_next(link,length, "link", linktype); 157 161 } 158 162 … … 223 227 hdl = open_so_decoder(sname.c_str(),type); 224 228 if (hdl) { 225 void *s=dlsym(hdl,"decode"); 229 230 /* PCAPNG format requires the libtrace_packet_t structure in order 231 * to determine the byte ordering */ 232 void *s; 233 if (type == TRACE_TYPE_PCAPNG_META || type == TRACE_TYPE_ERF_META) { 234 s=dlsym(hdl,"decode_meta"); 235 if (s) { func->decode_meta = (decode_norm_meta)s; } 236 } else { 237 s=dlsym(hdl,"decode"); 238 if (s) { func->decode_n = (decode_norm_t)s; } 239 } 240 226 241 if (s) { 227 // use the shared library228 func->decode_n = (decode_norm_t)s;229 242 dec.style = DECODE_NORMAL; 230 243 dec.el = NULL; … … 294 307 { 295 308 case DECODE_NORMAL: 296 decoders[sname][type].func->decode_n(type,packet,len); 309 /* If this is a pcapng packet call the correct function and pass the 310 * libtrace_packet_t structure. We need this to determine the byte ordering */ 311 if (type == TRACE_TYPE_PCAPNG_META || type == TRACE_TYPE_ERF_META) { 312 decoders[sname][type].func->decode_meta(type,packet,len,p); 313 } else { 314 decoders[sname][type].func->decode_n(type,packet,len); 315 } 297 316 break; 298 317 -
libpacketdump/libpacketdump.h
r6654714 rd0f25d4 55 55 56 56 void decode(int link_type, const char *pkt, unsigned len); 57 void decode_meta(int link_type, const char *pkt, unsigned len, libtrace_packet_t *p); 57 58 58 59 #ifdef __cplusplus
Note: See TracChangeset
for help on using the changeset viewer.
