mysniffer.c

filter kerner 过滤ip的模块编程

#include <stdio.h>
#include <unistd.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h> 
#include <netinet/ip.h> 
#include <string.h>
#include <netdb.h>	
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <stdlib.h> 
#include <unistd.h> 
#include <signal.h> 
#include <net/if.h> 
#include <sys/ioctl.h>
#include <sys/stat.h> 
#include <fcntl.h>
#include <linux/if_ether.h>
#define MYSNIFFERLOG "mySniffer.log"

char buf[2*32767]; 
FILE *fp = NULL;
unsigned int total=0,totaltcp=0,totaludp=0,totalicmp=0,totaligmp=0,totalunknow=0;
void cleanup(int sig)
{
	//--做退出程序前的处理--
	char temp[128];
	sprintf(temp,"totalTcp:%d\n",totaltcp);
	printf("%s",temp);
	fprintf(fp,temp);

	sprintf(temp,"totalUdp:%d\n",totaludp);
	printf("%s",temp);
	fprintf(fp,temp);

	sprintf(temp,"totalIcmp:%d\n",totalicmp);
	printf("%s",temp);
	fprintf(fp,temp);

	sprintf(temp,"totalIgmp:%d\n",totaligmp);
	printf("%s",temp);
	fprintf(fp,temp);

	sprintf(temp,"totalUnknow:%d\n",totalunknow);
	printf("%s",temp);
	fprintf(fp,temp);

	sprintf(temp,"Total:%d\n",total);
	printf("%s",temp);
	fprintf(fp,temp);

	fclose(fp);
	exit(0);

}

void die(char *why,	int	n) 
{ 
  perror(why); 
  exit(n); 
} 


int	do_promisc(char	*nif, int sock ) //--初始化socket..
{ 
	struct ifreq ifr; 
	
	strncpy(ifr.ifr_name, nif,strlen(nif)+1); 
	if((ioctl(sock,	SIOCGIFFLAGS, &ifr)	== -1))	
	{		 
		die("ioctl", 2); 
	} 
	ifr.ifr_flags |= IFF_PROMISC; 
	
	if(ioctl(sock, SIOCSIFFLAGS, &ifr) == -1 ) 
	{ 
	  die("ioctl", 3); 
	} 
	printf("init socket	is ok\n");

} 


main() 
{ 
	
	struct sockaddr_in addr;
	struct ethhdr *peth;
	struct iphdr *pip;																						
	struct tcphdr *ptcp;
	struct udphdr *pudp;
	/*add more protocol	head here....*/
	
	int	sock, r, len;																						
	char *data;
	char *ptemp;
	
	char ss[32], dd[32];	 
	int	i;
	fp = fopen(MYSNIFFERLOG,"at");
	if(fp == NULL)
		die("open file:",1);
	signal(SIGHUP,SIG_IGN);
	signal(SIGINT,cleanup);
	signal(SIGTERM,cleanup);
	signal(SIGKILL,cleanup);
	signal(SIGQUIT,cleanup);
	if((sock = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL))) == -1)//ETH_P_ALL = 0x0003--创建socket--类型为PF_PACKET--2层的socket--
		die("socket", 1); 
	printf("create packet socket is	ok\n");
	do_promisc("eth0", sock); 
  
	for(;;)	
	{ 
			len	= sizeof(addr);	
			r =	recvfrom(sock,(char	*)buf,sizeof(buf), 0, (struct sockaddr *)&addr,&len); 
			buf[r] = 0;	
		ptemp =	buf;
		/*which	can	get	source mac address and destnation address, and which network packet, here is OSI-2,	link layer*/
		peth = (struct ethhdr *)ptemp;//--保存 link layer的包
		
		ptemp += sizeof(struct ethhdr);//--去掉eth的头--
		/*which	get	IP layer informations, includes	which transport	protocol, source and destnation	IP address...*/		
			pip	= (struct iphdr	*)ptemp;//--保存ip包--

		/*	
		  *	which can get transport	layer informations,	such as: transport socket port,	transport layer	includes
		  *	TCP, UDP, ICMP,	IGMP......,	can	get	which transport	protocol from IP header
		  */
		ptemp += sizeof(struct iphdr);//--去掉ip头后的指针--
		total++;
		switch(pip->protocol)
		{
			case IPPROTO_TCP:
				ptcp = (struct tcphdr *)ptemp;

				//printf("TCP	pkt:\n");
				totaltcp++;
				/*
				  *	and	your service code....
				  */
			break;

			case IPPROTO_UDP:
				pudp = (struct udphdr *)ptemp;
			totaludp++;
			/*
					printf("UDP	pkt:\n len:%d payload len:%d from %s:%d	to %s:%d\n", 
							r, 
							ntohs(pudp->len),
							strcpy(ss, inet_ntoa(*(struct in_addr*)&(pip->saddr))),
							ntohs(pudp->source),
							strcpy(dd, inet_ntoa(*(struct in_addr*)&(pip->daddr))),
							ntohs(pudp->dest)
				); 
				*/
				/*
				  *	and	your service code....
				  */
			break;

			case IPPROTO_ICMP:
				//printf("ICMP pkt:\n");
			totalicmp++;
			break;
				
			case IPPROTO_IGMP:
				 //printf("IGMP pkt:\n");
			totaligmp++;
			break;

			/*
			  .
			  .
			  .
			  .
			  .
			  */
			default:
				//printf("Unkown pkt,	protocl:%d\n", pip->protocol);
			totalunknow++;
			break;
		}
	}	
}