📄 decode.c
字号:
* Arguments: pkt => ptr to the packet data
* len => length from here to the end of the packet
*
* Returns: void function
*
****************************************************************************/
void DecodeTCP(u_char *pkt, const int len, Packet *p)
{
int hlen; /* TCP header length */
/* lay TCP on top of the data */
p->tcph = (TCPHdr *) pkt;
#ifdef DEBUG
printf("tcp header starts at: %p\n", p->tcph);
#endif
/* multiply the payload offset value by 4 */
hlen = p->tcph->th_off << 2;
/* if options are present, decode them */
if(hlen > 20)
{
#ifdef DEBUG
printf("%d bytes of tcp options....\n", hlen - 20);
#endif
DecodeTCPOptions((u_char *)(pkt+20), (hlen - 20), p);
}
else if(hlen < 20)
{
if(pv.verbose_flag)
ErrorMessage("[!] WARNING: Truncated TCP header (%d bytes)\n", hlen);
p->tcph = NULL;
return;
}
else
{
p->tcp_option_count=0;
}
/* stuff more data into the printout data struct */
p->sp = ntohs(p->tcph->th_sport);
p->dp = ntohs(p->tcph->th_dport);
/* set the data pointer and size */
p->data = (u_char *)(pkt + hlen);
if (hlen < len)
{
p->dsize = len - hlen;
}
else
{
p->dsize = 0;
}
}
/****************************************************************************
*
* Function: DecodeUDP(u_char *, int)
*
* Purpose: Decode the UDP transport layer
*
* Arguments: pkt => ptr to the packet data
* len => length from here to the end of the packet
*
* Returns: void function
*
****************************************************************************/
void DecodeUDP(u_char *pkt, const int len, Packet *p)
{
if(len < 8)
{
if(pv.verbose_flag)
ErrorMessage("[!] WARNING: Truncated UDP header (%d bytes)\n", len);
p->udph = NULL;
return;
}
/* set the ptr to the start of the UDP header */
p->udph = (UDPHdr *) pkt;
#ifdef DEBUG
printf("UDP header starts at: %p\n", p->udph);
#endif
/* fill in the printout data structs */
p->sp = ntohs(p->udph->uh_sport);
p->dp = ntohs(p->udph->uh_dport);
p->data = (u_char *)(pkt + UDP_HEADER_LEN);
if ((len - UDP_HEADER_LEN) > 0)
{
p->dsize = len - UDP_HEADER_LEN;
}
else
{
p->dsize = 0;
}
}
/****************************************************************************
*
* Function: DecodeICMP(u_char *, int)
*
* Purpose: Decode the ICMP transport layer
*
* Arguments: pkt => ptr to the packet data
* len => length from here to the end of the packet
*
* Returns: void function
*
****************************************************************************/
void DecodeICMP(u_char *pkt, const int len, Packet *p)
{
/* set the header ptr first */
p->icmph = (ICMPHdr *) pkt;
if(len < 4)
{
if(pv.verbose_flag)
ErrorMessage("[!] WARNING: Truncated ICMP header (%d bytes)\n", len);
p->icmph = NULL;
return;
}
p->dsize = len - ICMP_HEADER_LEN;
p->data = pkt + ICMP_HEADER_LEN;
#ifdef DEBUG
printf("ICMP type: %d code: %d\n", p->icmph->code, p->icmph->type);
#endif
switch (p->icmph->type)
{
case ICMP_ECHOREPLY:
#ifdef DEBUG
printf("raw ICMP ECHOREPLY id: 0x%X seq: 0x%X\n", p->icmph->ih_id, p->icmph->ih_seq);
#endif
/* setup the pkt id ans seq numbers */
p->dsize -= 4;
p->data += 4;
break;
case ICMP_ECHO:
#ifdef DEBUG
printf("ICMP ECHO id: %d seq: %d\n", ntohs(p->icmph->ih_id),
ntohs(p->icmph->ih_seq));
#endif
/* setup the pkt id ans seq numbers */
p->dsize -= 4; /* add the size of the echo ext to
the data ptr and subtract it from
the data size */
p->data += 4;
break;
}
return;
}
/****************************************************************************
*
* Function: DecodeARP(u_char *, int)
*
* Purpose: Decode ARP stuff
*
* Arguments: pkt => ptr to the packet data
* len => length from here to the end of the packet
* caplen => unused...
*
* Returns: void function
*
****************************************************************************/
void DecodeARP(u_char *pkt, int len, Packet *p)
{
p->ah = (EtherARP *) pkt;
if (len < sizeof(EtherARP))
{
if (pv.verbose_flag)
printf("Truncated packet\n");
return;
}
return;
}
/****************************************************************************
*
* Function: DecodeIPV6(u_char *, int)
*
* Purpose: Just like IPX, it's just for counting.
*
* Arguments: pkt => ptr to the packet data
* len => length from here to the end of the packet
*
* Returns: void function
*
****************************************************************************/
void DecodeIPV6(u_char *pkt, int len)
{
if (pv.verbose_flag)
{
puts("IPV6 packet");
}
return;
}
/****************************************************************************
*
* Function: DecodeIPX(u_char *, int)
*
* Purpose: Well, it doesn't do much of anything right now...
*
* Arguments: pkt => ptr to the packet data
* len => length from here to the end of the packet
*
* Returns: void function
*
****************************************************************************/
void DecodeIPX(u_char *pkt, int len)
{
if (pv.verbose_flag)
{
puts("IPX packet");
}
return;
}
/****************************************************************************
*
* Function: DecodeTCPOptions(u_char *, int)
*
* Purpose: Fairly self explainatory name, don't you think?
*
* Arguments: o_list => ptr to the option list
* o_len => length of the option list
*
* Returns: void function
*
****************************************************************************/
void DecodeTCPOptions(u_char *o_list, int o_len, Packet *p)
{
u_char *option_ptr;
int bytes_processed;
int current_option;
option_ptr = o_list;
bytes_processed = 0;
current_option = 0;
while ((bytes_processed < o_len) && (current_option < 40))
{
p->tcp_options[current_option].code = *option_ptr;
switch (*option_ptr)
{
case TCPOPT_NOP:
case TCPOPT_EOL:
p->tcp_options[current_option].len = 0;
p->tcp_options[current_option].data = NULL;
bytes_processed++;
current_option++;
option_ptr++;
break;
case TCPOPT_SACKOK:
p->tcp_options[current_option].len = 0;
p->tcp_options[current_option].data = NULL;
bytes_processed+=2;
option_ptr+=2;
current_option++;
break;
case TCPOPT_WSCALE:
p->tcp_options[current_option].len = 3;
p->tcp_options[current_option].data = option_ptr+2;
option_ptr+=3;
bytes_processed+=3;
current_option++;
break;
default:
p->tcp_options[current_option].len = *(option_ptr+1);
if (p->tcp_options[current_option].len > 40)
{
p->tcp_options[current_option].len = 40;
}
p->tcp_options[current_option].data = option_ptr+2;
option_ptr+= p->tcp_options[current_option].len;
bytes_processed+= p->tcp_options[current_option].len;
current_option++;
break;
}
}
if (bytes_processed > o_len)
{
p->tcp_options[current_option].len =
p->tcp_options[current_option].len - (bytes_processed - o_len);
/* in reality shouldn't happen until we got the option type
* and len on the packet header boundary.. then we
* just drop last option (as it is corrupted anyway).
*/
if (p->tcp_options[current_option].len < 0)
current_option--;
}
p->tcp_option_count = current_option;
}
/****************************************************************************
*
* Function: DecodeIPOptions(u_char *, int)
*
* Purpose: Once again, a fairly self-explainatory name
*
* Arguments: o_list => ptr to the option list
* o_len => length of the option list
*
* Returns: void function
*
****************************************************************************/
void DecodeIPOptions(u_char *o_list, int o_len, Packet *p)
{
u_char *option_ptr;
int bytes_processed;
int current_option;
option_ptr = o_list;
bytes_processed = 0;
current_option = 0;
while ((bytes_processed < o_len) && (current_option < 40))
{
p->ip_options[current_option].code = *option_ptr;
switch (*option_ptr)
{
case IPOPT_NOP:
case IPOPT_EOL:
p->ip_options[current_option].len = 0;
p->ip_options[current_option].data = NULL;
bytes_processed++;
current_option++;
option_ptr++;
break;
default:
p->ip_options[current_option].len = *(option_ptr+1);
if (p->ip_options[current_option].len > 40)
{
p->ip_options[current_option].len = 40;
}
p->ip_options[current_option].data = option_ptr+2;
option_ptr+= p->ip_options[current_option].len;
bytes_processed+= p->ip_options[current_option].len;
current_option++;
break;
}
}
if (bytes_processed > o_len)
{
p->ip_options[current_option].len =
p->ip_options[current_option].len - (bytes_processed - o_len);
/* in reality shouldn't happen until we got the option type
* and len on the packet header boundary.. then we
* just drop last option (as it is corrupted anyway).
*/
if (p->ip_options[current_option].len < 0) current_option--;
}
p->ip_option_count = current_option;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -