📄 ipexport.c
字号:
/*
*
* Copyright (C) 2003 Xiangbin Lee <honeycombs@sina.com> <honeycombs@263.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software Foundation.
*/
#include "ipexport.h"
#include "poport.h"
/* ---------------Export Packet functions ------------------------*/
Export_Function_Index ExportFun_ETH[]=
{
{ETH_P_IP, ExportTree_ETH_IP, "Internet Protocol packet"},
};
void ExportTree_ETH(
ACHETREE *lptree,
unsigned short curpos,
unsigned char *lpbuf, unsigned short buflen)
{
char itemsg[256];
ACHETREE *subsubitem, *subitem, *rootitem;
ETHHDR ethhdr;
BufGetETHhdr(ðhdr,lpbuf);
/* -------------------- ETHER ------------------------ */
sprintf(itemsg,"ETHER [length= %d]",buflen);
rootitem = AcheTreeInsertItem(lptree,itemsg,-1);
SetAcheTreeData(rootitem,ACHETREE_ITEMDATA(curpos,buflen));
{
/* -------------------- ETHER header ------------------------ */
sprintf(itemsg,"Head [length= %d]",ETH_HLEN);
subitem=AcheTreeInsertItem(rootitem,itemsg,-1);
SetAcheTreeData(subitem,ACHETREE_ITEMDATA(curpos,ETH_HLEN));
{
// dest MAC
sprintf(itemsg,"Destination ether addr= [%02X%02X%02X%02X%02X%02X]",
ethhdr.h_dest[0],ethhdr.h_dest[1],ethhdr.h_dest[2],
ethhdr.h_dest[3],ethhdr.h_dest[4],ethhdr.h_dest[5]);
subsubitem=AcheTreeInsertItem(subitem,itemsg,-1);
SetAcheTreeData(subsubitem,ACHETREE_ITEMDATA(curpos,ETH_ALEN));
// source MAC
sprintf(itemsg,"Source ether addr = [%02X%02X%02X%02X%02X%02X]",
ethhdr.h_source[0],ethhdr.h_source[1],ethhdr.h_source[2],
ethhdr.h_source[3],ethhdr.h_source[4],ethhdr.h_source[5]);
subsubitem=AcheTreeInsertItem(subitem,itemsg,-1);
SetAcheTreeData(subsubitem,ACHETREE_ITEMDATA(curpos+ETH_ALEN,ETH_ALEN));
// protocal
sprintf(itemsg,"Protocal= %d",ethhdr.h_proto);
subsubitem=AcheTreeInsertItem(subitem,itemsg,-1);
SetAcheTreeData(subsubitem,ACHETREE_ITEMDATA(curpos+ETH_ALEN+ETH_ALEN,2));
}// head
/* -------------------- ETHER data ------------------------ */
if(buflen>ETH_HLEN)
{
int freei;
sprintf(itemsg,"Data [length= %d]",buflen-ETH_HLEN);
for(freei=0;freei<MAX_ETHER_TYPE_NUM;freei++)
{
if(ethhdr.h_proto==eth_p_type[freei].type)
{
sprintf(itemsg,"%s [length= %d]",eth_p_type[freei].info,buflen-ETH_HLEN);
break;
}
}
subitem=AcheTreeInsertItem(rootitem,itemsg,-1);
SetAcheTreeData(subitem,ACHETREE_ITEMDATA(curpos+ETH_HLEN,buflen-ETH_HLEN));
}// ETHER data
}
/* -------------------- end of export ------------------------ */
if(buflen>ETH_HLEN)
{
int max_type_num, freei;
max_type_num=sizeof(ExportFun_ETH)/sizeof(Export_Function_Index);
for(freei=0;freei<max_type_num;freei++)
{
if(ethhdr.h_proto==ExportFun_ETH[freei].type)
{
ExportFun_ETH[freei].ExportTreeFun(lptree,curpos+ETH_HLEN,lpbuf+ETH_HLEN,buflen-ETH_HLEN);
break;
}
}
}
/* -------------------- next export ------------------------ */
}
Export_Function_Index ExportFun_ETH_IP[]=
{
{IPPROTO_IP, ExportTree_ETH_IP_IPDUM, "Dummy protocol for TCP"},
{IPPROTO_ICMP, ExportTree_ETH_IP_ICMP, "Internet Control Message Protocol"},
{IPPROTO_IGMP, ExportTree_ETH_IP_IGMP, "Internet Group Management Protocol"},
{IPPROTO_GGP, ExportTree_ETH_IP_GGP, "gateway^2 (deprecated)"},
{IPPROTO_IPIP, ExportTree_ETH_IP_IPIP, "IPIP tunnels (older KA9Q tunnels use 94)"},
{IPPROTO_TCP, ExportTree_ETH_IP_TCP, "Transmission Control Protocol"},
{IPPROTO_EGP, ExportTree_ETH_IP_EGP, "Exterior Gateway Protocol"},
{IPPROTO_PUP, ExportTree_ETH_IP_PUP, "PUP protocol."},
{IPPROTO_UDP, ExportTree_ETH_IP_UDP, "User Datagram Protocol"},
{IPPROTO_IDP, ExportTree_ETH_IP_IDP, "XNS IDP protocol"},
{IPPROTO_TP, ExportTree_ETH_IP_TP, "SO Transport Protocol Class 4"},
{IPPROTO_IPV6, ExportTree_ETH_IP_IPV6, "IPv6 header"},
{IPPROTO_ROUTING, ExportTree_ETH_IP_ROUTING, "IPv6 routing header"},
{IPPROTO_FRAGMENT, ExportTree_ETH_IP_FRAGMENT, "IPv6 fragmentation header"},
{IPPROTO_RSVP, ExportTree_ETH_IP_RSVP, "Reservation Protocol"},
{IPPROTO_GRE, ExportTree_ETH_IP_GRE, "General Routing Encapsulation"},
{IPPROTO_ESP, ExportTree_ETH_IP_ESP, "encapsulating security payload"},
{IPPROTO_AH, ExportTree_ETH_IP_AH, "authentication header"},
{IPPROTO_ICMPV6, ExportTree_ETH_IP_ICMPV6, "ICMPv6"},
{IPPROTO_NONE, ExportTree_ETH_IP_NONE, "IPv6 no next header"},
{IPPROTO_DSTOPTS, ExportTree_ETH_IP_DSTOPTS, "IPv6 destination options"},
{IPPROTO_ND, ExportTree_ETH_IP_ND, "UNOFFICIAL net disk proto"},
{IPPROTO_MTP, ExportTree_ETH_IP_MTP, "Multicast Transport Protocol"},
{IPPROTO_ENCAP, ExportTree_ETH_IP_ENCAP, "Encapsulation Header"},
{IPPROTO_PIM, ExportTree_ETH_IP_PIM, "Protocol Independent Multicast"},
{IPPROTO_COMP, ExportTree_ETH_IP_COMP, "Compression Header Protocol"},
{IPPROTO_RAW, ExportTree_ETH_IP_RAW, "Raw IP packets"},
{IPPROTO_MAX, ExportTree_ETH_IP_MAX, "IPPROTO_MAX"},
};
void ExportTree_ETH_IP(
ACHETREE *lptree,
unsigned short curpos,
unsigned char *lpbuf, unsigned short buflen)
{
int freei;
char itemsg[256];
ACHETREE *subsubitem, *subitem, *rootitem;
IPHDR iphdr;
BufGetIPhdr(&iphdr,lpbuf);
/* -----------------------IP ----------------------- */
sprintf(itemsg,"IP [length= %d]",buflen);
rootitem = AcheTreeInsertItem(lptree,itemsg,-1);
SetAcheTreeData(rootitem,ACHETREE_ITEMDATA(curpos,iphdr.packet_len));
{
/* -----------------------IP head length----------------------- */
sprintf(itemsg,"Head [length= %d]",iphdr.head_len*4);
subitem=AcheTreeInsertItem(rootitem,itemsg,-1);
SetAcheTreeData(subitem,ACHETREE_ITEMDATA(curpos,iphdr.head_len*4));
{
/* Version */
sprintf(itemsg,"Version = IPV%d",iphdr.version);
subsubitem=AcheTreeInsertItem(subitem,itemsg,-1);
SetAcheTreeData(subsubitem,ACHETREE_ITEMDATA(curpos,1));
/* IHL */
sprintf(itemsg,"IHL= %d",iphdr.head_len*4);
subsubitem=AcheTreeInsertItem(subitem,itemsg,-1);
SetAcheTreeData(subsubitem,ACHETREE_ITEMDATA(curpos,1));
/* Type of service */
sprintf(itemsg,"Type of service= %d",iphdr.tos);
subsubitem=AcheTreeInsertItem(subitem,itemsg,-1);
SetAcheTreeData(subsubitem,ACHETREE_ITEMDATA(curpos+1,1));
/* Total Length */
sprintf(itemsg,"Total Length= %d",iphdr.packet_len);
subsubitem=AcheTreeInsertItem(subitem,itemsg,-1);
SetAcheTreeData(subsubitem,ACHETREE_ITEMDATA(curpos+2,2));
/* Identification */
sprintf(itemsg,"Identification= %d",iphdr.ip_id);
subsubitem=AcheTreeInsertItem(subitem,itemsg,-1);
SetAcheTreeData(subsubitem,ACHETREE_ITEMDATA(curpos+4,2));
/* fragment offset field */
sprintf(itemsg,"fragment offset field = %d", iphdr.frag_off);
subsubitem=AcheTreeInsertItem(subitem,itemsg,-1);
SetAcheTreeData(subsubitem,ACHETREE_ITEMDATA(curpos+6,2));
{
ACHETREE *ssitem=0;
/*DF*/
sprintf(itemsg,"DF= %d", iphdr.ip_off.DF);
ssitem=AcheTreeInsertItem(subsubitem,itemsg,-1);
SetAcheTreeData(ssitem,ACHETREE_ITEMDATA(curpos+6,1));
/*MF*/
sprintf(itemsg,"MF= %d", iphdr.ip_off.MF);
ssitem=AcheTreeInsertItem(subsubitem,itemsg,-1);
SetAcheTreeData(ssitem,ACHETREE_ITEMDATA(curpos+6,1));
/*OFF*/
sprintf(itemsg,"OFF= %d", iphdr.ip_off.off);
ssitem=AcheTreeInsertItem(subsubitem,itemsg,-1);
SetAcheTreeData(ssitem,ACHETREE_ITEMDATA(curpos+7,1));
}
/* Time to Live */
sprintf(itemsg,"Time to Live= %d",iphdr.ttl);
subsubitem=AcheTreeInsertItem(subitem,itemsg,-1);
SetAcheTreeData(subsubitem,ACHETREE_ITEMDATA(curpos+8,1));
/* Protocol */
itemsg[0]=0;
sprintf(itemsg,"Protocol= %d",iphdr.protocol);
for(freei=0;freei<MAX_IPPROTOCOL_NUM;freei++)
{
if(iphdr.protocol==ip_p_type[freei].type)
{
sprintf(itemsg,"Protocol= %d (%s)",iphdr.protocol,ip_p_type[freei].name);
break;
}
}
subsubitem=AcheTreeInsertItem(subitem,itemsg,-1);
SetAcheTreeData(subsubitem,ACHETREE_ITEMDATA(curpos+9,1));
/* Header Checksum */
sprintf(itemsg,"Header Checksum= %d",iphdr.checksum);
subsubitem=AcheTreeInsertItem(subitem,itemsg,-1);
SetAcheTreeData(subsubitem,ACHETREE_ITEMDATA(curpos+10,2));
/* Source IP */
sprintf(itemsg,"Source IP= %u (%d.%d.%d.%d)",
(unsigned int)iphdr.sourceIP,
(int)((iphdr.sourceIP>>24)&0xFF),
(int)((iphdr.sourceIP>>16)&0xFF),
(int)((iphdr.sourceIP>>8)&0xFF),
(int)((iphdr.sourceIP)&0xFF)
);
subsubitem=AcheTreeInsertItem(subitem,itemsg,-1);
SetAcheTreeData(subsubitem,ACHETREE_ITEMDATA(curpos+12,4));
/* Dest IP */
sprintf(itemsg,"Dest IP= %u (%d.%d.%d.%d)",
(unsigned int)iphdr.destIP,
(int)((iphdr.destIP>>24)&0xFF),
(int)((iphdr.destIP>>16)&0xFF),
(int)((iphdr.destIP>>8)&0xFF),
(int)((iphdr.destIP)&0xFF)
);
subsubitem=AcheTreeInsertItem(subitem,itemsg,-1);
SetAcheTreeData(subsubitem,ACHETREE_ITEMDATA(curpos+16,4));
};// IP head
/* -----------------------IP data----------------------- */
if(iphdr.packet_len-iphdr.head_len*4>0)
{
sprintf(itemsg,"UNKNOW [length= %d]",iphdr.packet_len-iphdr.head_len*4);
for(freei=0;freei<MAX_IPPROTOCOL_NUM;freei++)
{
if(iphdr.protocol==ip_p_type[freei].type)
{
sprintf(itemsg,"%s [length= %d]",ip_p_type[freei].info,iphdr.packet_len-iphdr.head_len*4);
break;
}
}
subitem=AcheTreeInsertItem(rootitem,itemsg,-1);
SetAcheTreeData(subitem,ACHETREE_ITEMDATA((curpos+iphdr.head_len*4),(iphdr.packet_len-iphdr.head_len*4)));
}// IP data
}// IP
/* -------------------- end of export ------------------------ */
if(iphdr.packet_len-iphdr.head_len*4>0)
{
int max_type_num, freei;
max_type_num=sizeof(ExportFun_ETH_IP)/sizeof(Export_Function_Index);
for(freei=0;freei<max_type_num;freei++)
{
if(iphdr.protocol==ExportFun_ETH_IP[freei].type)
{
ExportFun_ETH_IP[freei].ExportTreeFun(lptree,
curpos+iphdr.head_len*4,lpbuf+iphdr.head_len*4,
iphdr.packet_len-iphdr.head_len*4);
break;
}
}
}
/* -------------------- next export ------------------------ */
}
void ExportTree_ETH_IP_IPDUM(
ACHETREE *lptree,
unsigned short curpos,
unsigned char *lpbuf, unsigned short buflen) // 0 , dummy for IP
{
}
void ExportTree_ETH_IP_ICMP(
ACHETREE *lptree,
unsigned short curpos,
unsigned char *lpbuf, unsigned short buflen)
{
char itemsg[256];
ACHETREE *subsubitem, *subitem, *rootitem;
ICMPHDR icmphdr;
BufGetICMPhdr(&icmphdr,lpbuf);
/* -------------------- ICMP ------------------------ */
sprintf(itemsg,"ICMP [length= %d]",buflen);
rootitem = AcheTreeInsertItem(lptree,itemsg,-1);
SetAcheTreeData(rootitem,ACHETREE_ITEMDATA(curpos,buflen));
{
/* -------------------- ICMP header ------------------------ */
sprintf(itemsg,"Head [length= %d]",4);
subitem= AcheTreeInsertItem(rootitem,itemsg,-1);
SetAcheTreeData(subitem,ACHETREE_ITEMDATA(curpos,4));
{
// type
switch(icmphdr.type)
{
case 0: // Echo Reply
sprintf(itemsg,"Type= %d (Echo Reply)",icmphdr.type);
break;
case 3: // Destination Unreachable
sprintf(itemsg,"Type= %d (Destination Unreachable)",icmphdr.type);
break;
case 4: // Source Quench
sprintf(itemsg,"Type= %d (Source Quench)",icmphdr.type);
break;
case 5: // Redirect
sprintf(itemsg,"Type= %d (Redirect)",icmphdr.type);
break;
case 8: // Echo
sprintf(itemsg,"Type= %d (Echo)",icmphdr.type);
break;
case 11: // Time Exceeded
sprintf(itemsg,"Type= %d (Time Exceeded)",icmphdr.type);
break;
case 12: // Parameter Problem
sprintf(itemsg,"Type= %d (Parameter Problem)",icmphdr.type);
break;
case 13: // Timestamp
sprintf(itemsg,"Type= %d (Timestamp)",icmphdr.type);
break;
case 14: // Timestamp Reply
sprintf(itemsg,"Type= %d (Timestamp Reply)",icmphdr.type);
break;
case 15: // Information Request
sprintf(itemsg,"Type= %d (Information Request)",icmphdr.type);
break;
case 16: // Information Reply
sprintf(itemsg,"Type= %d (Information Reply)",icmphdr.type);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -