ipdump.c

ARP表更新源程序.这个程序必须具有root权限才能执行,在不指定接口名称时,输入下面命令,netstat -in

  static char *arp_op_name[] = {
    "Undefine",
    "(ARP Request)",
    "(ARP Reply)",
    "(RARP Request)",
    "(RARP Reply)"
  };   /* 僆儁儗乕僔儑儞偺庬椶傪昞偡暥帤楍 */
#define ARP_OP_MAX (sizeof arp_op_name / sizeof arp_op_name[0])
  int op = ntohs(arp->ea_hdr.ar_op);  /* ARP僆儁儗乕僔儑儞 */

  if (op < 0 || ARP_OP_MAX < op)
    op = 0;

  printf("Protocol: ARP\n");
  printf("+-------------------------+-------------------------+\n");
  printf("| Hard Type: %2u%-11s| Protocol:0x%04x%-9s|\n",
         ntohs(arp->ea_hdr.ar_hrd),
         (ntohs(arp->ea_hdr.ar_hrd)==ARPHRD_ETHER)?"(Ethernet)":"(Not Ether)",
         ntohs(arp->ea_hdr.ar_pro),
         (ntohs(arp->ea_hdr.ar_pro)==ETHERTYPE_IP)?"(IP)":"(Not IP)");
  printf("+------------+------------+-------------------------+\n");
  printf("| HardLen:%3u| Addr Len:%2u| OP: %4d%16s|\n",
         arp->ea_hdr.ar_hln, arp->ea_hdr.ar_pln, ntohs(arp->ea_hdr.ar_op),
         arp_op_name[op]);
  printf("+------------+------------+-------------------------"
         "+-------------------------+\n");
  printf("| Source MAC Address:                               "
         "         %17s|\n", mac_ntoa(arp->arp_sha));
  printf("+---------------------------------------------------"
         "+-------------------------+\n");
  printf("| Source IP Address:                 %15s|\n",
         inet_ntoa(*(struct in_addr *) &arp->arp_spa));
  printf("+---------------------------------------------------"
         "+-------------------------+\n");
  printf("| Destination MAC Address:                          "
         "         %17s|\n", mac_ntoa(arp->arp_tha));
  printf("+---------------------------------------------------"
         "+-------------------------+\n");
  printf("| Destination IP Address:            %15s|\n",
         inet_ntoa(*(struct in_addr *) &arp->arp_tpa));
  printf("+---------------------------------------------------+\n");
}

/*
 * void print_ip(struct ip *ip);
 * 婡擻
 *     IP僿僢僟偺昞帵
 * 堷偒悢
 *     struct ip *ip;  IP僿僢僟峔憿懱傊偺億僀儞僞
 * 栠傝抣
 *     側偟
 */
void print_ip(struct ip *ip)
{
  printf("Protocol: IP\n");
  printf("+-----+------+------------+-------------------------+\n");
  printf("| IV:%1u| HL:%2u| T: %8s| Total Length: %10u|\n",
         ip->ip_v, ip->ip_hl, ip_ttoa(ip->ip_tos), ntohs(ip->ip_len));
  printf("+-----+------+------------+-------+-----------------+\n");
  printf("| Identifier:        %5u| FF:%3s| FO:        %5u|\n",
         ntohs(ip->ip_id), ip_ftoa(ntohs(ip->ip_off)),
         ntohs(ip->ip_off) &IP_OFFMASK);
  printf("+------------+------------+-------+-----------------+\n");
  printf("| TTL:    %3u| Pro:    %3u| Header Checksum:   %5u|\n",
         ip->ip_ttl, ip->ip_p, ntohs(ip->ip_sum));
  printf("+------------+------------+-------------------------+\n");
  printf("| Source IP Address:                 %15s|\n",
         inet_ntoa(*(struct in_addr *) &(ip->ip_src)));
  printf("+---------------------------------------------------+\n");
  printf("| Destination IP Address:            %15s|\n",
         inet_ntoa(*(struct in_addr *) &(ip->ip_dst)));
  printf("+---------------------------------------------------+\n");
}

/*
 * char *ip_ftoa(int flag);
 * 婡擻
 *     IP僿僢僟偺僼儔僌儊儞僩價僢僩傪暥帤楍偵曄姺
 *     static曄悢傪巊梡偟偰偄傞偨傔丄旕儕僄儞僩儔儞僩娭悢
 * 堷偒悢
 *     int flag;  僼儔僌儊儞僩僼傿乕儖僪偺抣
 * 栠傝抣
 *     char *     曄姺偝傟偨暥帤楍
 */
char *ip_ftoa(int flag)
{
  static int  f[] = {'R', 'D', 'M'};  /* 僼儔僌儊儞僩僼儔僌傪昞偡暥帤 */
#define IP_FLG_MAX (sizeof f / sizeof f[0])
  static char str[IP_FLG_MAX + 1];    /* 栠傝抣傪奿擺偡傞僶僢僼傽     */
  unsigned int mask = 0x8000;         /* 儅僗僋                       */
  int i;                              /* 儖乕僾曄                     */

  for (i = 0; i < IP_FLG_MAX; i++) {
    if (((flag << i) & mask) != 0)
      str[i] = f[i];
    else
      str[i] = '0';
  }
  str[i] = '\0';

  return str;
}

/*
 * char *ip_ttoa(int flag);
 * 婡擻
 *     IP僿僢僟偺TOS僼傿乕儖僪傪暥帤楍偵曄姺
 *     static曄悢傪巊梡偟偰偄傞偨傔丄旕儕僄儞僩儔儞僩娭悢
 * 堷偒悢
 *     int flag;  TOS僼傿乕儖僪偺抣
 * 栠傝抣
 *     char *     曄姺偝傟偨暥帤楍
 */
char *ip_ttoa(int flag)
{
  static int  f[] = {'1', '1', '1', 'D', 'T', 'R', 'C', 'X'}; 
                                 /* TOS僼傿乕儖僪傪昞偡暥帤       */
#define TOS_MAX (sizeof f / sizeof f[0])
  static char str[TOS_MAX + 1];  /* 栠傝抣傪奿擺偡傞僶僢僼傽      */
  unsigned int mask = 0x80;      /* TOS僼傿乕儖僪傪庢傝弌偡儅僗僋 */
  int i;                         /* 儖乕僾曄悢                    */

  for (i = 0; i < TOS_MAX; i++) {
    if (((flag << i) & mask) != 0)
      str[i] = f[i];
    else
      str[i] = '0';
  }
  str[i] = '\0';

  return str;
}

/*
 * void print_icmp(struct icmp *icmp);
 * 婡擻
 *     ICMP僿僢僟丒僨乕僞偺昞帵
 * 堷偒悢
 *     struct icmp *icmp;  ICMP僿僢僟峔憿懱
 * 栠傝抣
 *     側偟
 */
void print_icmp(struct icmp *icmp)
{
  static char *type_name[] = {
    "Echo Reply",               /* Type  0 */
    "Undefine",                 /* Type  1 */
    "Undefine",                 /* Type  2 */
    "Destination Unreachable",  /* Type  3 */
    "Source Quench",            /* Type  4 */
    "Redirect (change route)",  /* Type  5 */
    "Undefine",                 /* Type  6 */
    "Undefine",                 /* Type  7 */
    "Echo Request",             /* Type  8 */
    "Undefine",                 /* Type  9 */
    "Undefine",                 /* Type 10 */
    "Time Exceeded",            /* Type 11 */
    "Parameter Problem",        /* Type 12 */
    "Timestamp Request",        /* Type 13 */
    "Timestamp Reply",          /* Type 14 */
    "Information Request",      /* Type 15 */
    "Information Reply",        /* Type 16 */
    "Address Mask Request",     /* Type 17 */
    "Address Mask Reply",       /* Type 18 */
    "Unknown"                   /* Type 19 */
  };                            /* ICMP偺僞僀僾傪昞偡暥帤楍 */
#define ICMP_TYPE_MAX (sizeof type_name / sizeof type_name[0])
  int type = icmp->icmp_type;  /* ICMP僞僀僾 */

  if (type < 0 || ICMP_TYPE_MAX <= type)
    type = ICMP_TYPE_MAX - 1;

  printf("Protocol: ICMP (%s)\n", type_name[type]);

  printf("+------------+------------+-------------------------+\n");
  printf("| Type:   %3u| Code:   %3u| Checksum:          %5u|\n",
         icmp->icmp_type, icmp->icmp_code, ntohs(icmp->icmp_cksum));
  printf("+------------+------------+-------------------------+\n");

  if (icmp->icmp_type == 0 || icmp->icmp_type == 8) {
      printf("| Identification:    %5u| Sequence Number:   %5u|\n",
             ntohs(icmp->icmp_id), ntohs(icmp->icmp_seq));
      printf("+-------------------------+-------------------------+\n");
  } else if (icmp->icmp_type == 3) {
    if (icmp->icmp_code == 4) {
      printf("| void:          %5u| Next MTU:          %5u|\n",
             ntohs(icmp->icmp_pmvoid), ntohs(icmp->icmp_nextmtu));
      printf("+-------------------------+-------------------------+\n");
    } else {
      printf("| Unused:                                 %10lu|\n",
             (unsigned long) ntohl(icmp->icmp_void));
      printf("+-------------------------+-------------------------+\n");
    }
  } else if (icmp->icmp_type == 5) {
    printf("| Router IP Address:                 %15s|\n",
           inet_ntoa(*(struct in_addr *) &(icmp->icmp_gwaddr)));
    printf("+---------------------------------------------------+\n");
  } else if (icmp->icmp_type == 11) {
    printf("| Unused:                                 %10lu|\n",
           (unsigned long) ntohl(icmp->icmp_void));
    printf("+---------------------------------------------------+\n");
  }

  /* ICMP偺屻傠偵丄IP僿僢僟偲僩儔儞僗億乕僩僿僢僟偑懕偔応崌偺張棟 */
  if (icmp->icmp_type == 3 || icmp->icmp_type == 5 || icmp->icmp_type == 11) {
    struct ip *ip = (struct ip *) icmp->icmp_data;    /* IP僿僢僟             */
    char *p = (char *) ip + ((int) (ip->ip_hl) << 2); /* 僩儔儞僗億乕僩僿僢僟 */

    print_ip(ip);
    switch (ip->ip_p) {
      case IPPROTO_TCP:
        print_tcp_mini((struct tcphdr *) p);
        break;
      case IPPROTO_UDP:
        print_udp((struct udphdr *) p);
        break;
    }
  }
}

/*
 * void print_tcp_mini(struct tcphdr *tcp);
 * 婡擻
 *     TCP僿僢僟偺愭摢偺64價僢僩偺昞帵(ICMP偱曉憲偝傟傞晹暘)
 * 堷偒悢
 *     struct tcphdr *tcp;  TCP僿僢僟峔憿懱
 * 栠傝抣
 *     側偟
 */
void print_tcp_mini(struct tcphdr *tcp)
{
  printf("Protocol: TCP\n");
  printf("+-------------------------+-------------------------+\n");
  printf("| Source Port:       %5u| Destination Port:  %5u|\n",
         ntohs(tcp->th_sport), ntohs(tcp->th_dport));
  printf("+-------------------------+-------------------------+\n");
  printf("| Sequence Number:                        %10lu|\n",
         (unsigned long) ntohl(tcp->th_seq));
  printf("+---------------------------------------------------+\n");
}

/*
 * void print_tcp(struct tcphdr *tcp);
 * 婡擻
 *     TCP僿僢僟偺昞帵
 * 堷偒悢
 *     struct tcphdr *tcp;  TCP僿僢僟峔憿懱
 * 栠傝抣
 *     側偟
 */
void print_tcp(struct tcphdr *tcp)
{
  printf("Protocol: TCP\n");
  printf("+-------------------------+-------------------------+\n");
  printf("| Source Port:       %5u| Destination Port:  %5u|\n",
         ntohs(tcp->th_sport), ntohs(tcp->th_dport));
  printf("+-------------------------+-------------------------+\n");
  printf("| Sequence Number:                        %10lu|\n",
         (unsigned long) ntohl(tcp->th_seq));
  printf("+---------------------------------------------------+\n");
  printf("| Acknowledgement Number:                 %10lu|\n",
         (unsigned long) ntohl(tcp->th_ack));
  printf("+------+---------+--------+-------------------------+\n");
  printf("| DO:%2u| Reserved|F:%6s| Window Size:       %5u|\n",
         tcp->th_off, tcp_ftoa(tcp->th_flags), ntohs(tcp->th_win));
  printf("+------+---------+--------+-------------------------+\n");
  printf("| Checksum:          %5u| Urgent Pointer:    %5u|\n",
         ntohs(tcp->th_sum), ntohs(tcp->th_urp));
  printf("+-------------------------+-------------------------+\n");
}

/*
 * char *tcp_ftoa(int flag);
 * 婡擻
 *     TCP僿僢僟偺僐儞僩儘乕儖僼儔僌傪暥帤楍偵曄姺
 * 堷偒悢
 *     int flag;      TCP偺僐儞僩儘乕儖僼儔僌
 * 栠傝抣
 *     char *         曄姺偝傟偨暥帤楍
 */
char *tcp_ftoa(int flag)
{
  static int  f[] = {'U', 'A', 'P', 'R', 'S', 'F'}; /* TCP僼儔僌傪昞偡暥帤  */
#define TCP_FLG_MAX (sizeof f / sizeof f[0])
  static char str[TCP_FLG_MAX + 1];            /* 栠傝抣傪奿擺偡傞僶僢僼傽  */
  unsigned int mask = 1 << (TCP_FLG_MAX - 1);  /* 僼儔僌傪庢傝弌偡儅僗僋    */
  int i;                                       /* 儖乕僾曄悢                */

  for (i = 0; i < TCP_FLG_MAX; i++) {
    if (((flag << i) & mask) != 0)
      str[i] = f[i];
    else
      str[i] = '0';
  }
  str[i] = '\0';

  return str;
}

/*
 * void print_udp(struct udphdr *udp);
 * 婡擻
 *     UDP僿僢僟傪昞帵
 * 堷偒悢
 *     struct udphdr *udp;  UDP僿僢僟峔憿懱傊偺億僀儞僞
 * 栠傝抣
 *     側偟
 */
void print_udp(struct udphdr *udp)
{
  printf("Protocol: UDP\n");
  printf("+-------------------------+-------------------------+\n");
  printf("| Source Port:       %5u| Destination Port:  %5u|\n",
         ntohs(udp->uh_sport), ntohs(udp->uh_dport));
  printf("+-------------------------+-------------------------+\n");
  printf("| Length:            %5u| Checksum:          %5u|\n",
         ntohs(udp->uh_ulen), ntohs(udp->uh_sum));
  printf("+-------------------------+-------------------------+\n");
}

/*
 * void dump_packet(unsigned char *buff, int len);
 * 婡擻
 *     Ethernet僼儗乕儉愭摢偐傜16恑悢僟儞僾(傾僗僉乕暥帤昞帵)
 * 堷偒悢
 *     unsigned char *buff;  僟儞僾偡傞僨乕僞偺愭摢傾僪儗僗
 *     int len;              僟儞僾偡傞僶僀僩悢
 * 栠傝抣
 *     側偟
 */
void dump_packet(unsigned char *buff, int len)
{
  int i, j;  /* 儖乕僾曄悢 */

  printf("Frame Dump:\n");
  for (i = 0; i < len; i += 16) {
    /* 16恑悢僟儞僾 */
    for (j = i; j < i + 16 && j < len; j++) {
      printf("%02x", buff[j]);
      if (j % 2)
        printf(" ");
    }

    /* 嵟屻偺峴偺抂悢傪惍楍 */
    if (j == len && len % 16 != 0)
      for (j = 0; j < 40 - (len % 16) * 2.5; j++)
        printf(" ");
    printf(": ");

    /* 傾僗僉乕暥帤昞帵 */
    for (j = i; j < i + 16 && j < len; j++) {
      if ((buff[j] >= 0x20) && (buff[j] <= 0x7e))
        putchar(buff[j]);
      else
        printf(".");
    }

    printf("\n");
  }
  fflush(stdout);
}

#ifndef __linux
/*
 * int open_bpf(char *ifname, int *bufsize);
 * 婡擻
 *     BPF傪僆乕僾儞偡傞
 * 堷偒悢
 *     char *ifname;  僀儞僞僼僃乕僗柤
 *     int *bufsize;  BPF撪晹偺僶僢僼傽僒僀僘
 * 栠傝抣
 *     int            僼傽僀儖僨傿僗僋儕僾僞
 */
int open_bpf(char *ifname, int *bufsize)
{
  char buf[CMAX];    /* 暥帤楍奿擺梡              */
  int bpfd;          /* 僼傽僀儖僨傿僗僋儕僾僞    */
  struct ifreq ifr;  /* 僀儞僞僼僃乕僗懏惈峔憿懱  */
  int i;             /* 儖乕僾曄悢                */

  /* BPF僨僶僀僗僼傽僀儖偺僆乕僾儞 */
  for (i = 0; i < 4; i++) { 
    snprintf(buf, CMAX, "/dev/bpf%d", i);
    if ((bpfd = open(buf, O_RDWR, 0)) > 0)
      break;
  }

  if (i >= 5) {
    fprintf(stderr, "cannot open BPF\n");
    return -1;
  }

  /* BPF撪晹偺僶僢僼傽僒僀僘偺愝掕 */
  *bufsize = MAXSIZE;
  if (ioctl(bpfd, BIOCSBLEN, bufsize) < 0) {
    snprintf(buf, CMAX, "ioctl(BIOCSBLEN, %d)", *bufsize);
    perror(buf);
    return -1;
  }

  /* 僀儞僞僼僃乕僗柤偺愝掕 */
  snprintf(ifr.ifr_name, CMAX, "%s", ifname);
  if (ioctl(bpfd, BIOCSETIF, &ifr) < 0) {
    snprintf(buf, CMAX, "ioctl(BIOCSETIF, '%s')", ifname);
    perror(buf);
    return -1;
  }
  fprintf(stderr, "BPF read from '%s' (%s)\n", ifr.ifr_name, buf);

  /* promiscuous儌乕僪 */
  if (ioctl(bpfd, BIOCPROMISC, NULL) < 0) {
    perror("ioctl(BIOCPROMISC)");
    return -1;
  }

  /* 懄帪儌乕僪 */
  i = 1;
  if (ioctl(bpfd, BIOCIMMEDIATE, &i) < 0) {
    perror("ioctl(BIOCIMMEDIATE)");
    return -1;
  }

  return bpfd;
}
#endif

void help(char *cmd)
{
  fprintf(stderr, "usage: %s [-aedht] [-i ifname] [-p protocols] [-f filters]\n", cmd);
  fprintf(stderr, "protocols: arp ip icmp tcp udp other\n");
  fprintf(stderr, "filters: ip <ip addr> port <port number>\n");
#ifdef __linux
  fprintf(stderr, "default: %s -p arp ip icmp tcp udp\n", cmd);
#else
  fprintf(stderr, "default: %s -i %s -p arp ip icmp tcp udp\n", cmd, DEF_IF);
#endif
}