📄 tcpip.cc
字号:
/* Returns a buffer of ASCII information about a packet that may look like "TCP 127.0.0.1:50923 > 127.0.0.1:3 S ttl=61 id=39516 iplen=40 seq=625950769" or "ICMP PING (0/1) ttl=61 id=39516 iplen=40". Since this is a static buffer, don't use threads or call twice within (say) printf(). And certainly don't try to free() it! The returned buffer is NUL-terminated */static const char *ippackethdrinfo(const u8 *packet, u32 len) { static char protoinfo[512]; struct ip *ip = (struct ip *) packet; struct tcphdr *tcp; udphdr_bsd *udp; char ipinfo[512]; char srchost[INET6_ADDRSTRLEN], dsthost[INET6_ADDRSTRLEN]; char *p; struct in_addr saddr, daddr; int frag_off = 0, more_fragments = 0; char fragnfo[64] = ""; if (ip->ip_v != 4) return "BOGUS! IP Version in packet is not 4"; if (len < sizeof(struct ip)) return "BOGUS! Packet too short."; saddr.s_addr = ip->ip_src.s_addr; daddr.s_addr = ip->ip_dst.s_addr; inet_ntop(AF_INET, &saddr, srchost, sizeof(srchost)); inet_ntop(AF_INET, &daddr, dsthost, sizeof(dsthost)); frag_off = 8 * (ntohs(ip->ip_off) & 8191) /* 2^13 - 1 */; more_fragments = ntohs(ip->ip_off) & IP_MF; if (frag_off || more_fragments) { snprintf(fragnfo, sizeof(fragnfo), " frag offset=%d%s", frag_off, more_fragments ? "+" : ""); } snprintf(ipinfo, sizeof(ipinfo), "ttl=%d id=%d iplen=%d%s %s%s%s", ip->ip_ttl, ntohs(ip->ip_id), ntohs(ip->ip_len), fragnfo, ip->ip_hl==5?"":"ipopts={", ip->ip_hl==5?"":print_ip_options((u8*)ip + sizeof(struct ip), MIN((ip->ip_hl-5)*4,len-sizeof(struct ip))), ip->ip_hl==5?"":"}"); if (ip->ip_p == IPPROTO_TCP) { char tflags[10]; char tcpinfo[64] = ""; char buf[32]; char tcpoptinfo[256] = ""; tcp = (struct tcphdr *) (packet + ip->ip_hl * 4); if (frag_off > 8 || len < (u32) ip->ip_hl * 4 + 8) snprintf(protoinfo, sizeof(protoinfo), "TCP %s:?? > %s:?? ?? %s (incomplete)", srchost, dsthost, ipinfo); else if (frag_off == 8) {// at least we can get TCP flags and ACKn tcp = (struct tcphdr *)((u8 *) tcp - frag_off); // ugly? p = tflags; /* These are basically in tcpdump order */ if (tcp->th_flags & TH_SYN) *p++ = 'S'; if (tcp->th_flags & TH_FIN) *p++ = 'F'; if (tcp->th_flags & TH_RST) *p++ = 'R'; if (tcp->th_flags & TH_PUSH) *p++ = 'P'; if (tcp->th_flags & TH_ACK) { *p++ = 'A'; snprintf(tcpinfo, sizeof(tcpinfo), " ack=%lu", (unsigned long) ntohl(tcp->th_ack)); } if (tcp->th_flags & TH_URG) *p++ = 'U'; if (tcp->th_flags & TH_ECE) *p++ = 'E'; /* rfc 2481/3168 */ if (tcp->th_flags & TH_CWR) *p++ = 'C'; /* rfc 2481/3168 */ *p++ = '\0'; if((u32) tcp->th_off * 4 > sizeof(struct tcphdr)) { // tcp options if(len < (u32) ip->ip_hl * 4 + (u32) tcp->th_off * 4 - frag_off) { snprintf(tcpoptinfo, sizeof(tcpoptinfo), "option incomplete"); } else { tcppacketoptinfo((u8*) tcp + sizeof(struct tcphdr), tcp->th_off*4 - sizeof(struct tcphdr), tcpoptinfo, sizeof(tcpoptinfo)); } } snprintf(protoinfo, sizeof(protoinfo), "TCP %s:?? > %s:?? %s %s %s %s", srchost, dsthost, tflags, ipinfo, tcpinfo, tcpoptinfo); } else if (len < (u32) ip->ip_hl * 4 + 16) { // we can get ports and seq snprintf(tcpinfo, sizeof(tcpinfo), "seq=%lu (incomplete)", (unsigned long) ntohl(tcp->th_seq)); snprintf(protoinfo, sizeof(protoinfo), "TCP %s:%d > %s:%d ?? %s %s", srchost, ntohs(tcp->th_sport), dsthost, ntohs(tcp->th_dport), ipinfo, tcpinfo); } else { // at least first 16 bytes of TCP header are there snprintf(tcpinfo, sizeof(tcpinfo), "seq=%lu win=%hu", (unsigned long) ntohl(tcp->th_seq), ntohs(tcp->th_win)); p = tflags; /* These are basically in tcpdump order */ if (tcp->th_flags & TH_SYN) *p++ = 'S'; if (tcp->th_flags & TH_FIN) *p++ = 'F'; if (tcp->th_flags & TH_RST) *p++ = 'R'; if (tcp->th_flags & TH_PUSH) *p++ = 'P'; if (tcp->th_flags & TH_ACK) { *p++ = 'A'; snprintf(buf, sizeof(buf), " ack=%lu", (unsigned long) ntohl(tcp->th_ack)); strncat(tcpinfo, buf, sizeof(tcpinfo) - strlen(tcpinfo) - 1); } if (tcp->th_flags & TH_URG) *p++ = 'U'; if (tcp->th_flags & TH_ECE) *p++ = 'E'; /* rfc 2481/3168 */ if (tcp->th_flags & TH_CWR) *p++ = 'C'; /* rfc 2481/3168 */ *p++ = '\0'; if((u32) tcp->th_off * 4 > sizeof(struct tcphdr)) { // tcp options if(len < (u32) ip->ip_hl * 4 + (u32) tcp->th_off * 4) { snprintf(tcpoptinfo, sizeof(tcpoptinfo), "option incomplete"); } else { tcppacketoptinfo((u8*) tcp + sizeof(struct tcphdr), tcp->th_off*4 - sizeof(struct tcphdr), tcpoptinfo, sizeof(tcpoptinfo)); } } snprintf(protoinfo, sizeof(protoinfo), "TCP %s:%d > %s:%d %s %s %s %s", srchost, ntohs(tcp->th_sport), dsthost, ntohs(tcp->th_dport), tflags, ipinfo, tcpinfo, tcpoptinfo); } } else if (ip->ip_p == IPPROTO_UDP && frag_off) { snprintf(protoinfo, sizeof(protoinfo), "UDP %s:?? > %s:?? fragment %s (incomplete)", srchost, dsthost, ipinfo); } else if (ip->ip_p == IPPROTO_UDP) { udp = (udphdr_bsd *) (packet + sizeof(struct ip)); snprintf(protoinfo, sizeof(protoinfo), "UDP %s:%d > %s:%d %s", srchost, ntohs(udp->uh_sport), dsthost, ntohs(udp->uh_dport), ipinfo); } else if (ip->ip_p == IPPROTO_ICMP && frag_off) { snprintf(protoinfo, sizeof(protoinfo), "ICMP %s > %s fragment %s (incomplete)", srchost, dsthost, ipinfo); } else if (ip->ip_p == IPPROTO_ICMP) { char icmptype[128]; struct ppkt { unsigned char type; unsigned char code; unsigned short checksum; unsigned short id; unsigned short seq; } *ping; ping = (struct ppkt *) ((ip->ip_hl * 4) + (char *) ip); switch(ping->type) { case 0: strcpy(icmptype, "Echo reply"); break; case 3: switch (ping->code) { case 0: strcpy(icmptype, "network unreachable"); break; case 1: strcpy(icmptype, "host unreachable"); break; case 2: strcpy(icmptype, "protocol unreachable"); break; case 3: strcpy(icmptype, "port unreachable"); break; case 4: strcpy(icmptype, "fragmentation required"); break; case 5: strcpy(icmptype, "source route failed"); break; case 6: strcpy(icmptype, "destination network unknown"); break; case 7: strcpy(icmptype, "destination host unknown"); break; case 8: strcpy(icmptype, "source host isolated"); break; case 9: strcpy(icmptype, "destination network administratively prohibited"); break; case 10: strcpy(icmptype, "destination host administratively prohibited"); break; case 11: strcpy(icmptype, "network unreachable for TOS"); break; case 12: strcpy(icmptype, "host unreachable for TOS"); break; case 13: strcpy(icmptype, "communication administratively prohibited by filtering"); break; case 14: strcpy(icmptype, "host precedence violation"); break; case 15: strcpy(icmptype, "precedence cutoff in effect"); break; default: strcpy(icmptype, "unknown unreachable code"); break; } break; case 4: strcpy(icmptype, "source quench"); break; case 5: if (ping->code == 0) strcpy(icmptype, "network redirect"); else if (ping->code == 1) strcpy(icmptype, "host redirect"); else strcpy(icmptype, "unknown redirect"); break; case 8: strcpy(icmptype, "Echo request"); break; case 11: if (ping->code == 0) strcpy(icmptype, "TTL=0 during transit"); else if (ping->code == 1) strcpy(icmptype, "TTL=0 during reassembly"); else strcpy(icmptype, "TTL exceeded (unknown code)"); break; case 12: if (ping->code == 0) strcpy(icmptype, "IP header bad"); else strcpy(icmptype, "Misc. parameter problem"); break; case 13: strcpy(icmptype, "Timestamp request"); break; case 14: strcpy(icmptype, "Timestamp reply"); break; case 15: strcpy(icmptype, "Information request"); break; case 16: strcpy(icmptype, "Information reply"); break; case 17: strcpy(icmptype, "Address mask request"); break; case 18: strcpy(icmptype, "Address mask reply"); break; case 30: strcpy(icmptype, "Traceroute"); break; case 37: strcpy(icmptype, "Domain name request"); break; case 38: strcpy(icmptype, "Domain name reply"); break; case 40: strcpy(icmptype, "Security failures"); /* rfc 2521 */ break; default: strcpy(icmptype, "Unknown type"); break; break; } snprintf(protoinfo, sizeof(protoinfo), "ICMP %s > %s %s (type=%d/code=%d) %s", srchost, dsthost, icmptype, ping->type, ping->code, ipinfo); } else { snprintf(protoinfo, sizeof(protoinfo), "Unknown protocol (%d): %s", ip->ip_p, ipinfo); } return protoinfo;} /* Takes an IP PACKET and prints it if packet tracing is enabled. 'packet' must point to the IPv4 header. The direction must be PacketTrace::SENT or PacketTrace::RCVD . Optional 'now' argument makes this function slightly more efficient by avoiding a gettimeofday() call. */void PacketTrace::trace(pdirection pdir, const u8 *packet, u32 len, struct timeval *now) { struct timeval tv; if (pdir == SENT) { PktCt.sendPackets++; PktCt.sendBytes += len; } else { PktCt.recvPackets++; PktCt.recvBytes += len; } if (!o.packetTrace()) return; if (now) tv = *now; else gettimeofday(&tv, NULL); if (len < 20) { error("Packet tracer: tiny packet encountered"); return; } log_write(LOG_STDOUT|LOG_NORMAL, "%s (%.4fs) %s\n", (pdir == SENT)? "SENT" : "RCVD", o.TimeSinceStartMS(&tv) / 1000.0, ippackethdrinfo(packet, len)); return;}/* Adds a trace entry when a connect() is attempted if packet tracing is enabled. Pass IPPROTO_TCP or IPPROTO_UDP as the protocol. The sock may be a sockaddr_in or sockaddr_in6. The return code of connect is passed in connectrc. If the return code is -1, get the errno and pass that as connect_errno. */void PacketTrace::traceConnect(u8 proto, const struct sockaddr *sock, int socklen, int connectrc, int connect_errno, const struct timeval *now) { struct sockaddr_in *sin = (struct sockaddr_in *) sock;#if HAVE_IPV6 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) sock;#endif struct timeval tv; char errbuf[64] = ""; char targetipstr[INET6_ADDRSTRLEN] = ""; u16 targetport = 0; if (!o.packetTrace()) return; if (now) tv = *now; else gettimeofday(&tv, NULL); assert(proto == IPPROTO_TCP || proto == IPPROTO_UDP); if (connectrc == 0) Strncpy(errbuf, "Connected", sizeof(errbuf)); else { snprintf(errbuf, sizeof(errbuf), "%s", strerror(connect_errno)); } if (sin->sin_family == AF_INET) { if (inet_ntop(sin->sin_family, (char *) &sin->sin_addr, targetipstr, sizeof(targetipstr)) == NULL) fatal("Failed to convert target IPv4 address to presentation format!?!"); targetport = ntohs(sin->sin_port); } else {#if HAVE_IPV6 assert(sin->sin_family == AF_INET6); if (inet_ntop(sin->sin_family, (char *) &sin6->sin6_addr, targetipstr, sizeof(targetipstr)) == NULL) fatal("Failed to convert target IPv6 address to presentation format!?!"); targetport = ntohs(sin6->sin6_port);#else assert(0);#endif } log_write(LOG_STDOUT|LOG_NORMAL, "CONN (%.4fs) %s localhost > %s:%d => %s\n", o.TimeSinceStartMS(&tv) / 1000.0, (proto == IPPROTO_TCP)? "TCP" : "UDP", targetipstr, targetport, errbuf);}/* Converts an IP address given in a sockaddr_storage to an IPv4 or IPv6 IP address string. Since a static buffer is returned, this is not thread-safe and can only be used once in calls like printf() */const char *inet_socktop(struct sockaddr_storage *ss) { static char buf[INET6_ADDRSTRLEN]; struct sockaddr_in *sin = (struct sockaddr_in *) ss;#if HAVE_IPV6 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) ss;#endif if (inet_ntop(sin->sin_family, (sin->sin_family == AF_INET)? (char *) &sin->sin_addr : #if HAVE_IPV6 (char *) &sin6->sin6_addr, #else (char *) NULL,#endif /* HAVE_IPV6 */ buf, sizeof(buf)) == NULL) { fatal("Failed to convert target address to presentation format in inet_socktop!?! Error: %s", strerror(socket_errno())); } return buf;}/* Tries to resolve the given name (or literal IP) into a sockaddr structure. The af should be PF_INET (for IPv4) or PF_INET6. Returns 0 if hostname cannot be resolved. It is OK to pass in a sockaddr_in or sockaddr_in6 casted to a sockaddr_storage as long as you use the matching pf.*/int resolve(char *hostname, struct sockaddr_storage *ss, size_t *sslen, int pf) { struct addrinfo hints; struct addrinfo *result; int rc; assert(ss); assert(sslen); memset(&hints, 0, sizeof(hints)); hints.ai_family = pf; rc = getaddrinfo(hostname, NULL, &hints, &result); if (rc != 0) return 0; assert(result->ai_addrlen > 0 && result->ai_addrlen <= (int) sizeof(struct sockaddr_storage)); *sslen = result->ai_addrlen; memcpy(ss, result->ai_addr, *sslen); freeaddrinfo(result); return 1;}int islocalhost(const struct in_addr * const addr) {char dev[128]; /* If it is 0.0.0.0 or starts with 127 then it is probably localhost */ if ((addr->s_addr & htonl(0xFF000000)) == htonl(0x7F000000)) return 1; if (!addr->s_addr) return 1;⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -