decode.h

来自「基于linux下的故障录波前置程序」· C头文件 代码 · 共 1,172 行 · 第 1/3 页

#define SET_IP_HLEN(iph, value)  ((iph)->ip_verhl = (((iph)->ip_verhl & 0xf0) | (value & 0x0f)))

typedef struct _IPHdr
{
    u_int8_t ip_verhl;      /* version & header length */
    u_int8_t ip_tos;        /* type of service */
    u_int16_t ip_len;       /* datagram length */
    u_int16_t ip_id;        /* identification  */
    u_int16_t ip_off;       /* fragment offset */
    u_int8_t ip_ttl;        /* time to live field */
    u_int8_t ip_proto;      /* datagram protocol */
    u_int16_t ip_csum;      /* checksum */
    struct in_addr ip_src;  /* source IP */
    struct in_addr ip_dst;  /* dest IP */
}      IPHdr;
#ifdef WIN32
  /* Visual C++ pragma to enable warning messages about nonstandard bit field type */
  #pragma warning( default : 4214 )
#endif


/* Can't add any fields not in the real header here 
   because of how the decoder uses structure overlaying */
#ifdef WIN32
  /* Visual C++ pragma to disable warning 
   * messages about nonstandard bit field type 
   */
  #pragma warning( disable : 4214 )  
#endif


/* more macros for TCP offset */
#define TCP_OFFSET(tcph)	(((tcph)->th_offx2 & 0xf0) >> 4)
#define TCP_X2(tcph)	((tcph)->th_offx2 & 0x0f)

/* we need to change them as well as get them */
#define SET_TCP_OFFSET(tcph, value)  ((tcph)->th_offx2 = (((tcph)->th_offx2 & 0x0f) | (value << 4)))
#define SET_TCP_X2(tcph, value)  ((tcph)->th_offx2 = (((tcph)->th_offx2 & 0xf0) | (value & 0x0f)))

typedef struct _TCPHdr
{
    u_int16_t th_sport;     /* source port */
    u_int16_t th_dport;     /* destination port */
    u_int32_t th_seq;       /* sequence number */
    u_int32_t th_ack;       /* acknowledgement number */
    u_int8_t th_offx2;     /* offset and reserved */
    u_int8_t th_flags;
    u_int16_t th_win;       /* window */
    u_int16_t th_sum;       /* checksum */
    u_int16_t th_urp;       /* urgent pointer */

}       TCPHdr;
#ifdef WIN32
  /* Visual C++ pragma to enable warning messages 
   * about nonstandard bit field type 
   */
  #pragma warning( default : 4214 )
#endif


typedef struct _UDPHdr
{
    u_int16_t uh_sport;
    u_int16_t uh_dport;
    u_int16_t uh_len;
    u_int16_t uh_chk;

}       UDPHdr;


typedef struct _ICMPHdr
{
    u_int8_t type;
    u_int8_t code;
    u_int16_t csum;
    union
    {
        u_int8_t pptr;

        struct in_addr gwaddr;

        struct idseq
        {
            u_int16_t id;
            u_int16_t seq;
        } idseq;

        int sih_void;

        struct pmtu 
        {
            u_int16_t ipm_void;
            u_int16_t nextmtu;
        } pmtu;

        struct rtradv 
        {
            u_int8_t num_addrs;
            u_int8_t wpa;
            u_int16_t lifetime;
        } rtradv;
    } icmp_hun;

#define s_icmp_pptr       icmp_hun.pptr
#define s_icmp_gwaddr     icmp_hun.gwaddr
#define s_icmp_id         icmp_hun.idseq.id
#define s_icmp_seq        icmp_hun.idseq.seq
#define s_icmp_void       icmp_hun.sih_void
#define s_icmp_pmvoid     icmp_hun.pmtu.ipm_void
#define s_icmp_nextmtu    icmp_hun.pmtu.nextmtu
#define s_icmp_num_addrs  icmp_hun.rtradv.num_addrs
#define s_icmp_wpa        icmp_hun.rtradv.wpa
#define s_icmp_lifetime   icmp_hun.rtradv.lifetime

    union 
    {
        /* timestamp */
        struct ts 
        {
            u_int32_t otime;
            u_int32_t rtime;
            u_int32_t ttime;
        } ts;
        
        /* IP header for unreach */
        struct ih_ip  
        {
            IPHdr *ip;
            /* options and then 64 bits of data */
        } ip;
        
        struct ra_addr 
        {
            u_int32_t addr;
            u_int32_t preference;
        } radv;

        u_int32_t mask;

        char    data[1];

    } icmp_dun;
#define s_icmp_otime      icmp_dun.ts.otime
#define s_icmp_rtime      icmp_dun.ts.rtime
#define s_icmp_ttime      icmp_dun.ts.ttime
#define s_icmp_ip         icmp_dun.ih_ip
#define s_icmp_radv       icmp_dun.radv
#define s_icmp_mask       icmp_dun.mask
#define s_icmp_data       icmp_dun.data

}        ICMPHdr;


typedef struct _echoext
{
    u_int16_t id;
    u_int16_t seqno;

}        echoext;

typedef struct _ARPHdr
{
    u_int16_t ar_hrd;       /* format of hardware address   */
    u_int16_t ar_pro;       /* format of protocol address   */
    u_int8_t ar_hln;        /* length of hardware address   */
    u_int8_t ar_pln;        /* length of protocol address   */
    u_int16_t ar_op;        /* ARP opcode (command)         */
}       ARPHdr;



typedef struct _EtherARP
{
    ARPHdr ea_hdr;      /* fixed-size header */
    u_int8_t arp_sha[6];    /* sender hardware address */
    u_int8_t arp_spa[4];    /* sender protocol address */
    u_int8_t arp_tha[6];    /* target hardware address */
    u_int8_t arp_tpa[4];    /* target protocol address */
}         EtherARP;


typedef struct _EtherEapol
{
    u_int8_t  version;  /* EAPOL proto version */
    u_int8_t  eaptype;  /* EAPOL Packet type */
    u_int16_t len;  /* Packet body length */
}         EtherEapol;

typedef struct _EAPHdr
{
    u_int8_t code;
    u_int8_t id;
    u_int16_t len;
}         EAPHdr;

typedef struct _EapolKey
{
  u_int8_t type;
  u_int8_t length[2];
  u_int8_t counter[8];
  u_int8_t iv[16];
  u_int8_t index;
  u_int8_t sig[16];
}       EapolKey;

typedef struct _Options
{
    u_int8_t code;
    u_int8_t len; /* length of the data section */
    u_int8_t *data;
}        Options;

/* PPPoEHdr Header; EtherHdr plus the PPPoE Header */
typedef struct _PPPoEHdr
{
    EtherHdr ethhdr;            /* ethernet header */
    unsigned char ver_type;     /* pppoe version/type */
    unsigned char code;         /* pppoe code CODE_* */
    unsigned short session;     /* session id */
    unsigned short length;      /* payload length */
                                /* payload follows */
} PPPoEHdr;

/* PPPoE tag; the payload is a sequence of these */
typedef struct _PPPoE_Tag
{
    unsigned short type;    /* tag type TAG_* */
    unsigned short length;    /* tag length */
                            /* payload follows */
} PPPoE_Tag;

#define DECODE_BLEN 65535

/* Max Number of HTTP/1.1 requests in a single segment */
#define URI_COUNT        5

#define HTTPURI_PIPELINE_REQ 0x01
typedef struct _HttpUri
{
    u_int8_t *uri;  /* static buffer for uri length */
    u_int16_t length;
    u_int32_t decode_flags; 
} HttpUri;

typedef struct _Packet
{
    struct pcap_pkthdr *pkth;   /* BPF data */
    u_int8_t *pkt;              /* base pointer to the raw packet data */

    Fddi_hdr *fddihdr;          /* FDDI support headers */
    Fddi_llc_saps *fddisaps;
    Fddi_llc_sna *fddisna;
    Fddi_llc_iparp *fddiiparp;    
    Fddi_llc_other *fddiother;

    Trh_hdr *trh;               /* Token Ring support headers */
    Trh_llc *trhllc;
    Trh_mr *trhmr;

    SLLHdr *sllh;               /* Linux cooked sockets header */

    PflogHdr *pfh;              /* OpenBSD pflog interface header */

    EtherHdr *eh;               /* standard TCP/IP/Ethernet/ARP headers */
    VlanTagHdr *vh;
    EthLlc   *ehllc;
    EthLlcOther *ehllcother;
    
    WifiHdr *wifih;         /* wireless LAN header */

    EtherARP *ah;

    EtherEapol *eplh;       /* 802.1x EAPOL header */
    EAPHdr *eaph;
    u_int8_t *eaptype;
    EapolKey *eapolk;

    IPHdr *iph, *orig_iph;   /* and orig. headers for ICMP_*_UNREACH family */
    u_int32_t ip_options_len;
    u_int8_t *ip_options_data;

    TCPHdr *tcph, *orig_tcph;
    u_int32_t tcp_options_len;
    u_int8_t *tcp_options_data;

    UDPHdr *udph, *orig_udph;
    ICMPHdr *icmph, *orig_icmph;

    echoext *ext;           /* ICMP echo extension struct */

    u_int8_t *data;         /* packet payload pointer */
    u_int16_t dsize;        /* packet payload size */
    u_int16_t alt_dsize;    /* the dsize of a packet before munging
                            (used for log)*/

    u_int8_t frag_flag;     /* flag to indicate a fragmented packet */
    u_int16_t frag_offset;  /* fragment offset number */
    u_int8_t mf;            /* more fragments flag */
    u_int8_t df;            /* don't fragment flag */
    u_int8_t rf;                  /* IP reserved bit */

    u_int16_t sp;           /* source port (TCP/UDP) */
    u_int16_t dp;           /* dest port (TCP/UDP) */
    u_int16_t orig_sp;      /* source port (TCP/UDP) of original datagram */
    u_int16_t orig_dp;      /* dest port (TCP/UDP) of original datagram */
    u_int32_t caplen;

    u_int8_t uri_count;     /* number of URIs in this packet */

    void *ssnptr;           /* for tcp session tracking info... */
    void *flow;             /* for flow info */
    void *streamptr;        /* for tcp pkt dump */
    
    Options ip_options[40]; /* ip options decode structure */
    u_int32_t ip_option_count;  /* number of options in this packet */
    u_char ip_lastopt_bad;  /* flag to indicate that option decoding was
                               halted due to a bad option */
    Options tcp_options[TCP_OPTLENMAX];    /* tcp options decode struct */
    u_int32_t tcp_option_count;
    u_char tcp_lastopt_bad;  /* flag to indicate that option decoding was
                                halted due to a bad option */

    u_int8_t csum_flags;        /* checksum flags */
    u_int32_t packet_flags;     /* special flags for the packet */
    int preprocessors;          /* flags for preprocessors to check */
} Packet;

/* Default classification for decoder alerts */
#define DECODE_CLASS 25 

typedef struct _DecoderFlags
{
    char decode_alerts;   /* if decode.c alerts are going to be enabled */
    char tcpopt_experiment;  /* TcpOptions Decoder */
    char tcpopt_obsolete;    /* Alert on obsolete TCP options */
    char tcpopt_ttcp;        /* Alert on T/TCP options */
    char tcpopt_decode;      /* alert on decoder inconsistencies */
    char ipopt_decode;      /* alert on decoder inconsistencies */
} DecoderFlags;

#define        ALERTMSG_LENGTH 256


/*  P R O T O T Y P E S  ******************************************************/
void InitDecoderFlags(void);
void DecodeTRPkt(Packet *, struct pcap_pkthdr *, u_int8_t *);
void DecodeFDDIPkt(Packet *, struct pcap_pkthdr *, u_int8_t *);
void DecodeLinuxSLLPkt(Packet *, struct pcap_pkthdr *, u_int8_t *);
void DecodeEthPkt(Packet *, struct pcap_pkthdr *, u_int8_t *);
void DecodeIEEE80211Pkt(Packet *, struct pcap_pkthdr *, u_int8_t *);
void DecodeVlan(u_int8_t *, const u_int32_t, Packet *);
void DecodePppPkt(Packet *, struct pcap_pkthdr *, u_int8_t *);
void DecodePppSerialPkt(Packet *, struct pcap_pkthdr *, u_int8_t *);
void DecodePppPktEncapsulated(Packet *, const u_int32_t, u_int8_t *);
void DecodeSlipPkt(Packet *, struct pcap_pkthdr *, u_int8_t *);
void DecodeNullPkt(Packet *, struct pcap_pkthdr *, u_int8_t *);
void DecodeRawPkt(Packet *, struct pcap_pkthdr *, u_int8_t *);
void DecodeI4LRawIPPkt(Packet *, struct pcap_pkthdr *, u_int8_t *);
void DecodeI4LCiscoIPPkt(Packet *, struct pcap_pkthdr *, u_int8_t *);
void DecodeChdlcPkt(Packet *, struct pcap_pkthdr *, u_int8_t *);
void DecodePflog(Packet *, struct pcap_pkthdr *, u_int8_t *);
void DecodeIP(u_int8_t *, const u_int32_t, Packet *);
void DecodeARP(u_int8_t *, u_int32_t, Packet *);
void DecodeEapol(u_int8_t *, u_int32_t, Packet *);
void DecodeEapolKey(u_int8_t *, u_int32_t, Packet *);
void DecodeIPV6(u_int8_t *, u_int32_t);
void DecodeIPX(u_int8_t *, u_int32_t);
void DecodeTCP(u_int8_t *, const u_int32_t, Packet *);
void DecodeUDP(u_int8_t *, const u_int32_t, Packet *);
void DecodeEAP(u_int8_t *, const u_int32_t, Packet *);
void DecodeICMP(u_int8_t *, const u_int32_t, Packet *);
void DecodeIPOptions(u_int8_t *, u_int32_t, Packet *);
void DecodeTCPOptions(u_int8_t *, u_int32_t, Packet *);
void DecodeIPOptions(u_int8_t *, u_int32_t, Packet *);
void DecodePPPoEPkt(Packet *, struct pcap_pkthdr *, u_int8_t *);
#if defined(WORDS_MUSTALIGN) && !defined(__GNUC__)
u_int32_t EXTRACT_32BITS (u_char *);
#endif /* WORDS_MUSTALIGN && !__GNUC__ */

/* XXX not sure where this guy needs to live at the moment */
typedef struct _PortList
{
    int ports[32];   /* 32 is kind of arbitrary */

    int num_entries;

} PortList;

#endif                /* __DECODE_H__ */