netspy.h

Linux 上的socket嗅探器

/*
 *
 * Copyright (C) 2003 Xiangbin Lee <honeycombs@sina.com> <honeycombs@263.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software Foundation.
 */


#ifndef _NET_SPY_H_
#define _NET_SPY_H_
                   
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <netinet/in.h>
#include <netdb.h>
#include <string.h>
#include <linux/if.h>
#include <signal.h>
#include <sys/ioctl.h>
#include <stdio.h>
#include <arpa/inet.h>
#include <linux/sockios.h>
#include <linux/socket.h>
#include <linux/if_ether.h>
#include <sys/stat.h>
#include <fcntl.h>
          
#if 1
    #define GTK_INCLUDE
    #include <pthread.h>
#endif
/* ----------------------------------------------------------
//    IP,TCP,ICMP,UDP protocal struct
//
*/


/*
 * compute an IP header checksum.
 * don't modifiy the packet.
 */
u_short in_cksum(const u_short *addr, register u_int len, int csum);

/*
* Ether header  -------------------------------------------------------------------------------------
*/

#ifndef _LINUX_IF_ETHER_H
#define _LINUX_IF_ETHER_H

/*
 *    IEEE 802.3 Ethernet magic constants.  The frame sizes omit the preamble
 *    and FCS/CRC (frame check sequence).
 */

#define ETH_ALEN      6        /* Octets in one ethernet addr     */
#define ETH_HLEN      14       /* Total octets in header.     */
#define ETH_ZLEN      60       /* Min. octets in frame sans FCS */
#define ETH_DATA_LEN  1500     /* Max. octets in payload     */
#define ETH_FRAME_LEN 1514     /* Max. octets in frame sans FCS */

/*
 *    These are the defined Ethernet Protocol ID's.
 */

#define ETH_P_LOOP      0x0060        /* Ethernet Loopback packet    */
#define ETH_P_PUP       0x0200        /* Xerox PUP packet        */
#define ETH_P_PUPAT     0x0201        /* Xerox PUP Addr Trans packet    */
#define ETH_P_IP        0x0800        /* Internet Protocol packet    */
#define ETH_P_X25       0x0805        /* CCITT X.25            */
#define ETH_P_ARP       0x0806        /* Address Resolution packet    */
#define ETH_P_BPQ       0x08FF        /* G8BPQ AX.25 Ethernet Packet    [ NOT AN OFFICIALLY REGISTERED ID ] */
#define ETH_P_IEEEPUP   0x0a00        /* Xerox IEEE802.3 PUP packet */
#define ETH_P_IEEEPUPAT 0x0a01        /* Xerox IEEE802.3 PUP Addr Trans packet */
#define ETH_P_DEC       0x6000        /* DEC Assigned proto           */
#define ETH_P_DNA_DL    0x6001        /* DEC DNA Dump/Load            */
#define ETH_P_DNA_RC    0x6002        /* DEC DNA Remote Console       */
#define ETH_P_DNA_RT    0x6003        /* DEC DNA Routing              */
#define ETH_P_LAT       0x6004        /* DEC LAT                      */
#define ETH_P_DIAG      0x6005        /* DEC Diagnostics              */
#define ETH_P_CUST      0x6006        /* DEC Customer use             */
#define ETH_P_SCA       0x6007        /* DEC Systems Comms Arch       */
#define ETH_P_RARP      0x8035        /* Reverse Addr Res packet    */
#define ETH_P_ATALK     0x809B        /* Appletalk DDP        */
#define ETH_P_AARP      0x80F3        /* Appletalk AARP        */
#define ETH_P_IPX       0x8137        /* IPX over DIX            */
#define ETH_P_IPV6      0x86DD        /* IPv6 over bluebook        */
#define ETH_P_PPP_DISC  0x8863        /* PPPoE discovery messages     */
#define ETH_P_PPP_SES   0x8864        /* PPPoE session messages    */
#define ETH_P_ATMMPOA   0x884c        /* MultiProtocol Over ATM    */
#define ETH_P_ATMFATE   0x8884        /* Frame-based ATM Transport over Ethernet  */

/*
 *    Non DIX types. Won't clash for 1500 types.
 */

#define ETH_P_802_3     0x0001        /* Dummy type for 802.3 frames  */
#define ETH_P_AX25      0x0002        /* Dummy protocol id for AX.25  */
#define ETH_P_ALL       0x0003        /* Every packet (be careful!!!) */
#define ETH_P_802_2     0x0004        /* 802.2 frames         */
#define ETH_P_SNAP      0x0005        /* Internal only        */
#define ETH_P_DDCMP     0x0006        /* DEC DDCMP: Internal only     */
#define ETH_P_WAN_PPP   0x0007        /* Dummy type for WAN PPP frames*/
#define ETH_P_PPP_MP    0x0008        /* Dummy type for PPP MP frames */
#define ETH_P_LOCALTALK 0x0009        /* Localtalk pseudo type     */
#define ETH_P_PPPTALK   0x0010        /* Dummy type for Atalk over PPP*/
#define ETH_P_TR_802_2  0x0011        /* 802.2 frames         */
#define ETH_P_MOBITEX   0x0015        /* Mobitex (kaz@cafe.net)    */
#define ETH_P_CONTROL   0x0016        /* Card specific control frames */
#define ETH_P_IRDA      0x0017        /* Linux-IrDA            */
#define ETH_P_ECONET    0x0018        /* Acorn Econet            */

/*
 *    This is an Ethernet frame header.
 */

struct ethhdr
{
    unsigned char    h_dest[ETH_ALEN];    /* destination eth addr    */
    unsigned char    h_source[ETH_ALEN];    /* source ether addr    */
    unsigned short   h_proto;        /* packet type ID field    */
};

#endif    /* _LINUX_IF_ETHER_H ----------------------------------------------------------------------------*/




/* ==========================================================================================*/


typedef struct _ethertype
{
   char name[60];
   unsigned short type;
   char info[80];
}ETH_P_TYPE,*LPETH_P_TYPE;


#define MAX_ETHER_TYPE_NUM  26
extern  ETH_P_TYPE  eth_p_type[MAX_ETHER_TYPE_NUM];


typedef struct ethhdr ETHHDR, *LPETHHDR;

void BufGetETHhdr(ETHHDR *lphdr, unsigned char *lpbuf);

/*
* IP header RFC 791
*/


/* Standard well-defined IP protocols.  */
#ifndef _NETINET_IN_H

enum
{
    IPPROTO_IP = 0,	   /* Dummy protocol for TCP.  */
#define IPPROTO_IP		IPPROTO_IP
    IPPROTO_HOPOPTS = 0,   /* IPv6 Hop-by-Hop options.  */
#define IPPROTO_HOPOPTS		IPPROTO_HOPOPTS
    IPPROTO_ICMP = 1,	   /* Internet Control Message Protocol.  */
#define IPPROTO_ICMP		IPPROTO_ICMP
    IPPROTO_IGMP = 2,	   /* Internet Group Management Protocol. */
#define IPPROTO_IGMP		IPPROTO_IGMP
    IPPROTO_GGP = 3,	   /* gateway^2 (deprecated) */
#define IPPROTO_GGP		IPPROTO_GGP
    IPPROTO_IPIP = 4,	   /* IPIP tunnels (older KA9Q tunnels use 94).  */
#define IPPROTO_IPIP		IPPROTO_IPIP
    IPPROTO_TCP = 6,	   /* Transmission Control Protocol.  */
#define IPPROTO_TCP		IPPROTO_TCP
    IPPROTO_EGP = 8,	   /* Exterior Gateway Protocol.  */
#define IPPROTO_EGP		IPPROTO_EGP
    IPPROTO_PUP = 12,	   /* PUP protocol.  */
#define IPPROTO_PUP		IPPROTO_PUP
    IPPROTO_UDP = 17,	   /* User Datagram Protocol.  */
#define IPPROTO_UDP		IPPROTO_UDP
    IPPROTO_IDP = 22,	   /* XNS IDP protocol.  */
#define IPPROTO_IDP		IPPROTO_IDP
    IPPROTO_TP = 29,	   /* SO Transport Protocol Class 4.  */
#define IPPROTO_TP		IPPROTO_TP
    IPPROTO_IPV6 = 41,     /* IPv6 header.  */
#define IPPROTO_IPV6		IPPROTO_IPV6
    IPPROTO_ROUTING = 43,  /* IPv6 routing header.  */
#define IPPROTO_ROUTING		IPPROTO_ROUTING
    IPPROTO_FRAGMENT = 44, /* IPv6 fragmentation header.  */
#define IPPROTO_FRAGMENT	IPPROTO_FRAGMENT
    IPPROTO_RSVP = 46,	   /* Reservation Protocol.  */
#define IPPROTO_RSVP		IPPROTO_RSVP
    IPPROTO_GRE = 47,	   /* General Routing Encapsulation.  */
#define IPPROTO_GRE		IPPROTO_GRE
    IPPROTO_ESP = 50,      /* encapsulating security payload.  */
#define IPPROTO_ESP		IPPROTO_ESP
    IPPROTO_AH = 51,       /* authentication header.  */
#define IPPROTO_AH		IPPROTO_AH
    IPPROTO_ICMPV6 = 58,   /* ICMPv6.  */
#define IPPROTO_ICMPV6		IPPROTO_ICMPV6
    IPPROTO_NONE = 59,     /* IPv6 no next header.  */
#define IPPROTO_NONE		IPPROTO_NONE
    IPPROTO_DSTOPTS = 60,  /* IPv6 destination options.  */
#define IPPROTO_DSTOPTS		IPPROTO_DSTOPTS
    IPPROTO_ND = 77,  /* UNOFFICIAL net disk proto */
#define IPPROTO_ND		IPPROTO_ND
    IPPROTO_MTP = 92,	   /* Multicast Transport Protocol.  */
#define IPPROTO_MTP		IPPROTO_MTP
    IPPROTO_ENCAP = 98,	   /* Encapsulation Header.  */
#define IPPROTO_ENCAP		IPPROTO_ENCAP
    IPPROTO_PIM = 103,	   /* Protocol Independent Multicast.  */
#define IPPROTO_PIM		IPPROTO_PIM
    IPPROTO_COMP = 108,	   /* Compression Header Protocol.  */
#define IPPROTO_COMP		IPPROTO_COMP
    IPPROTO_RAW = 255,	   /* Raw IP packets.  */
#define IPPROTO_RAW		IPPROTO_RAW
    IPPROTO_MAX
};

#endif


#define MAX_IPPROTOCOL_NUM  27
extern  ETH_P_TYPE  ip_p_type[MAX_IPPROTOCOL_NUM];


typedef struct _iphdr {
    unsigned char version:4;    /* Version of IP  */
    unsigned char head_len:4;   /* length of the header    */
    unsigned char tos;          /* Type of service          */
    unsigned short packet_len;  /* total length of the packet  */     
    unsigned short ip_id;       /*  identification   */
    union
    {
      struct{
        unsigned short off:13;
        unsigned char MF:1;
        unsigned char DF:1;
        unsigned char unused:1;
        }ip_off;      /* fragment offset field      */
      unsigned short frag_off;
     };
    
    unsigned char  ttl;
    unsigned char protocol;     /* protocol (TCP, UDP etc)   */
    unsigned short checksum;    /* IP checksum      */
    unsigned long sourceIP;      /* Source IP      */
    unsigned long destIP;        /* Dest IP        */
}IPHDR, *LPIPHDR;

void BufGetIPhdr(IPHDR *lphdr, unsigned char *lpbuf);
int BufSetIPhdr(IPHDR *lphdr, unsigned char *lpbuf);

/*
* ICMP header RFC 792
*/

typedef struct _icmphdr{
    unsigned char type;
    unsigned char code;
    unsigned short checksum;
    union
    {
        unsigned char pointer;  /* For parameter problem */
        unsigned int gateway;
        struct
        {
            unsigned short id;
            unsigned short sequence;
        }echo;
        unsigned int unused;
        unsigned int reserved;
    };
    unsigned int OTm_stamp ;
    unsigned int RTm_stamp;
    unsigned int TTm_stamp;
}ICMPHDR, *LPICMPHDR;

void BufGetICMPhdr(ICMPHDR *lphdr, unsigned char *lpbuf);
int BufSetICMPhdr(ICMPHDR *lphdr, unsigned char *lpbuf);

/*
* IGMP header, RFC 1112
*/

typedef struct _igmphdr
{
    unsigned char version:4;
    unsigned char type:4;
    unsigned char unused;
    unsigned short checksum;
    unsigned long ip4;
}IGMPHDR, *LPIGMPHDR;

void BufGetIGMPhdr(IGMPHDR *lphdr, unsigned char *lpbuf);
int BufSetIGMPhdr(IGMPHDR *lphdr, unsigned char *lpbuf);

/*
* GGP header , RFC 823
*/


/* TCP flags masks */

#define TCP_FLAGMASK_URG  0x20
#define TCP_FLAGMASK_ACK  0x10
#define TCP_FLAGMASK_PSH  0x08
#define TCP_FLAGMASK_RST  0x04
#define TCP_FLAGMASK_SYN  0x02
#define TCP_FLAGMASK_FIN  0x01

/*
* TCP header RFC 793
*/

typedef struct _tcphdr{
    unsigned short sport;  /* Source port            */
    unsigned short dport;  /* Destination port       */
    unsigned int seq;    /* Sequence number        */
    unsigned int ack;    /* Acknowledgement number */
    struct{
        unsigned char Offset:4; /* Offset */
        unsigned char Reserved:6;/* Reserved */
        unsigned char URG:1;/* URG */
        unsigned char ACK:1;/* ACK */
        unsigned char PSH:1;/* PSH */
        unsigned char RST:1;/* RST */
        unsigned char SYN:1;/* SYN */
        unsigned char FIN:1;/* FIN */
    }doflag;     /* Data offset + reserved */
    unsigned short winsize;    /* Window size            */
    unsigned short chksum;    /* Checksum               */
    unsigned short urgp;    /* Urgent pointer         */
}TCPHDR, *LPTCPHDR;


void BufGetTCPhdr(TCPHDR *lphdr, unsigned char *lpbuf);
/*
* UDP header RFC 768
*/

typedef struct _udphdr {
    unsigned short source;
    unsigned short dest;
    unsigned short len;
    unsigned short check;
}UDPHDR, *LPUDPHDR;

void BufGetUDPhdr(UDPHDR *lphdr, unsigned char *lpbuf);


/* ---------------   IP packet Spy functions  ----------------  */


int IpspySocket(char *device, int pflag);

int IpspySocketRecv(int sock, unsigned char *lpbuf, int maxlen);

#endif //_NET_SPY_H_