#define NFLOG_IFNAME "nflog"
-typedef struct {
- u_int32_t ts[4];
-} nflog_timestamp_s;
-
//LCOV_EXCL_START
static GHashTable *g_pcap_tables = NULL;
static bool g_pcap_start_fm = false;
return fraction;
}
-static void __pcap_ntp_info(const u_char **packet)
+static void __pcap_ntp_info(const u_char **packet, uint32_t *pktlen)
{
ntp_t *ntp_h = (ntp_t *)*packet;
char refid[BUFF_SIZE_ID];
__pcap_ntp_time_info(ntp_h->rectime.second, rectime);
__pcap_ntp_time_info(ntp_h->xmttime.second, xmttime);
- if (STC_PCAP_LOG)
+ if (STC_PCAP_LOG) {
+ STC_LOGD(HR_SINGLE);
STC_LOGD("Flags[0x%02x] Stratum[%u] Poll[%u:%us] Precision[%u] "
"Root delay[%u.%06us] Root dispersion[%u.%06us] Ref ID[%s]",
ntp_h->flags, ntp_h->stratum, ntp_h->poll,
ntohs(ntp_h->rootdisp.second),
__pcap_ntp_fraction_info(ntp_h->rootdisp.fraction),
refid);
-
- if (STC_PCAP_LOG)
STC_LOGD("Reference[%s] Origin[%s] Receive[%s] Transmit[%s]",
reftime, orgtime, rectime, xmttime);
+ STC_LOGD(HR_SINGLE);
+ }
}
static const char *__pcap_dhcp_client_id_info(uint8_t data)
if (STC_PCAP_LOG)
STC_LOGD("Magic cookie[DHCP]");
- while(len > 0) {
+ while (len > 0) {
uint8_t tag = opt[0];
uint8_t length = opt[1];
uint8_t *data = &opt[2];
ether_ntoa((const struct ether_addr *)bootp_h->chaddr),
sizeof(chaddr));
- if (STC_PCAP_LOG)
+ if (STC_PCAP_LOG) {
+ STC_LOGD(HR_SINGLE);
STC_LOGD("Message type[%u:%s] HW type[0x%02x] HW len[%u] Hops[%u] "
"Transaction ID[0x%08x] Seconds elapsed[%u] Flags[0x%04x]",
bootp_h->op, __pcap_bootp_op_info(bootp_h->op),
bootp_h->htype, bootp_h->hlen, bootp_h->hops,
ntohl(bootp_h->xid), ntohs(bootp_h->secs), ntohs(bootp_h->flags));
-
- if (STC_PCAP_LOG)
STC_LOGD("Client[%s] Your(client)[%s] Next server[%s] "
"Relay agent[%s] Client MAC[%s]",
ciaddr, yiaddr, siaddr, giaddr, chaddr);
+ }
__pcap_bootp_magic_info(bootp_h->magic, bootp_h->moption, len);
+
+ if (STC_PCAP_LOG)
+ STC_LOGD(HR_SINGLE);
}
static char *__pcap_dns_type_info(uint16_t type)
break;
}
- if (dname - name + *sec + 1 > BUFF_SIZE_NAME - 1) {
+ if (dname + *sec >= name + BUFF_SIZE_NAME) {
*name = '\0';
return NULL;
}
return (uint8_t *)nxt;
}
-static void __pcap_dns_data_info(const u_char **packet, dns_t *dns_h)
+static void __pcap_dns_data_info(const u_char **packet, dns_t *dns_h, uint32_t *pktlen)
{
uint8_t *data = (uint8_t *)*packet;
uint16_t qdcount = ntohs(dns_h->questions);
}
}
-static void __pcap_dns_info(const u_char **packet)
+static void __pcap_dns_info(const u_char **packet, uint32_t *pktlen)
{
dns_t *dns_h = (dns_t *)*packet;
- if (STC_PCAP_LOG)
+ if (STC_PCAP_LOG) {
+ STC_LOGD(HR_SINGLE);
STC_LOGD("Transaction ID[0x%x] Flags[0x%x] Questions[%u] "
"Answer RRs[%u] Authority RRs[%u] Additional RRs[%u]",
ntohs(dns_h->id), ntohs(dns_h->flags),
ntohs(dns_h->questions), ntohs(dns_h->answerRR),
ntohs(dns_h->authorityRR), ntohs(dns_h->additionalRR));
+ }
*packet += SIZE_DNS_HEADER;
+ *pktlen -= SIZE_DNS_HEADER;
+
+ __pcap_dns_data_info(packet, dns_h, pktlen);
- __pcap_dns_data_info(packet, dns_h);
+ if (STC_PCAP_LOG)
+ STC_LOGD(HR_SINGLE);
}
static const char *__pcap_icmp_code_info(u_int8_t type, u_int8_t code)
return info;
}
-static void __pcap_icmp_info(const u_char **packet)
+static void __pcap_icmp_info(const u_char **packet, uint32_t *pktlen)
{
icmp_t *icmp_h = (icmp_t *)*packet;
icmp_h->type, __pcap_icmp_type_info(icmp_h->type),
icmp_h->code, __pcap_icmp_code_info(icmp_h->type, icmp_h->code),
ntohs(icmp_h->checksum));
+
+ *packet += SIZE_ICMP_HEADER;
+ *pktlen -= SIZE_ICMP_HEADER;
}
-static void __pcap_tcp_info(const u_char **packet)
+static void __pcap_http_info(const u_char **packet, uint32_t *pktlen)
+{
+ GString *value;
+ gsize value_len;
+ u_char *value_pos = NULL;
+ gchar *value_str = NULL;
+
+ value_len = *pktlen;
+ value = g_string_sized_new(value_len);
+ if (value) {
+ value_pos = (u_char *)*packet;
+ while (value_len--)
+ g_string_append_printf(value, "%c", *(value_pos++));
+ value_str = g_string_free(value, FALSE);
+ }
+
+ if (STC_PCAP_LOG) {
+ STC_LOGD(HR_SINGLE "\n%s", value_str);
+ STC_LOGD(HR_SINGLE);
+ }
+
+ FREE(value_str);
+}
+
+static void __pcap_tcp_info(const u_char **packet, uint32_t *pktlen)
{
tcp_t *tcp_h = (tcp_t *)*packet;
u_int16_t source = ntohs(tcp_h->source);
tcp_h->urg, tcp_h->ack, tcp_h->psh,
tcp_h->rst, tcp_h->syn, tcp_h->fin);
- *packet += SIZE_TCP_HEADER;
+ *packet += (tcp_h->th_off * 4);
+ *pktlen -= (tcp_h->th_off * 4);
- if (IS_SRC_OR_DST_PORT(PORT_DNS))
- __pcap_dns_info(packet);
+ if (*pktlen > 0) {
+ if (IS_SRC_OR_DST_PORT(PORT_DNS))
+ __pcap_dns_info(packet, pktlen);
+ else if (IS_SRC_OR_DST_PORT(PORT_HTTP) ||
+ IS_SRC_OR_DST_PORT(PORT_HTTP_ALT))
+ __pcap_http_info(packet, pktlen);
+ }
}
-static void __pcap_udp_info(const u_char **packet)
+static void __pcap_udp_info(const u_char **packet, uint32_t *pktlen)
{
udp_t *udp_h = (udp_t *)*packet;
u_int16_t source = ntohs(udp_h->source);
source, dest, len, ntohs(udp_h->check));
*packet += SIZE_UDP_HEADER;
-
- if (IS_SRC_OR_DST_PORT(PORT_DNS))
- __pcap_dns_info(packet);
- else if (IS_SRC_OR_DST_PORT(PORT_BOOTP_C) ||
- IS_SRC_OR_DST_PORT(PORT_BOOTP_S))
- __pcap_bootp_info(packet, len);
- else if (IS_SRC_OR_DST_PORT(PORT_NTP))
- __pcap_ntp_info(packet);
+ *pktlen -= SIZE_UDP_HEADER;
+
+ if (*pktlen > 0) {
+ if (IS_SRC_OR_DST_PORT(PORT_DNS))
+ __pcap_dns_info(packet, pktlen);
+ else if (IS_SRC_OR_DST_PORT(PORT_BOOTP_C) ||
+ IS_SRC_OR_DST_PORT(PORT_BOOTP_S))
+ __pcap_bootp_info(packet, len);
+ else if (IS_SRC_OR_DST_PORT(PORT_NTP))
+ __pcap_ntp_info(packet, pktlen);
+ }
}
static const char *__pcap_eth_type_info(u_int16_t type)
return info;
}
+static void __pcap_eapol_info(const u_char **packet, uint32_t *pktlen)
+{
+}
+
static const char *__pcap_arp_opcode_info(u_int16_t opcode)
{
char *info = NULL;
return info;
}
-static void __pcap_arp_info(const u_char **packet)
+static void __pcap_arp_info(const u_char **packet, uint32_t *pktlen)
{
arp_t *arp_h = (arp_t *)*packet;
u_int8_t *sha = (u_int8_t *)(*packet + SIZE_ARP_HEADER);
STC_LOGD("Sender MAC[%s] Sender IP[%s] "
"Target MAC[%s] Target IP[%s]",
sma, sia, tma, tia);
+
+ *packet += SIZE_ARP_HEADER;
+ *pktlen -= SIZE_ARP_HEADER;
}
static const char *__pcap_ip_protocol_info(u_int8_t p)
return info;
}
-static void __pcap_ipv6_info(const u_char **packet)
+static void __pcap_ipv6_info(const u_char **packet, uint32_t *pktlen)
{
ip6_t *ip6_h = (ip6_t *)*packet;
char ip6_src[BUFF_SIZE_IP6];
ip6_h->ip6_nxt, __pcap_ip_protocol_info(ip6_h->ip6_nxt),
ip6_h->ip6_hlim, ip6_src, ip6_dst);
+ *packet += SIZE_IP6_HEADER;
+ *pktlen -= SIZE_IP6_HEADER;
+
switch (ip6_h->ip6_nxt) {
- case IPPROTO_IP:
- break;
- case IPPROTO_ICMP:
- break;
- case IPPROTO_IPIP:
- break;
case IPPROTO_TCP:
+ __pcap_tcp_info(packet, pktlen);
break;
case IPPROTO_UDP:
- break;
- case IPPROTO_IPV6:
+ __pcap_udp_info(packet, pktlen);
break;
case IPPROTO_ICMPV6:
+ __pcap_icmp_info(packet, pktlen);
break;
default:
break;
}
}
-static void __pcap_ip_info(const u_char **packet)
+static void __pcap_ip_info(const u_char **packet, uint32_t *pktlen)
{
ip_t *ip_h = (ip_t *)*packet;
char ip_src[BUFF_SIZE_IP];
ntohs(ip_h->ip_sum), ip_src, ip_dst);
*packet += SIZE_IP_HEADER;
+ *pktlen -= SIZE_IP_HEADER;
switch (ip_h->ip_p) {
case IPPROTO_ICMP:
- __pcap_icmp_info(packet);
+ __pcap_icmp_info(packet, pktlen);
break;
case IPPROTO_TCP:
- __pcap_tcp_info(packet);
+ __pcap_tcp_info(packet, pktlen);
break;
case IPPROTO_UDP:
- __pcap_udp_info(packet);
+ __pcap_udp_info(packet, pktlen);
break;
default:
break;
}
}
-static void __pcap_eth_info(const u_char **packet)
+static void __pcap_eth_info(const u_char **packet, uint32_t *pktlen)
{
eth_t *eth_h = (eth_t *)*packet;
u_int8_t *eth_shost = eth_h->ether_shost;
shost, dhost, ether_type, __pcap_eth_type_info(ether_type));
*packet += SIZE_ETHER_HEADER;
+ *pktlen -= SIZE_ETHER_HEADER;
}
static const char *__pcap_family_info(u_int8_t family)
}
static void __pcap_nflog_tlv_info(const u_char **packet,
- u_int32_t length, u_int32_t caplen)
+ u_int32_t *pktlen)
{
nflog_tlv_t *tlv_h;
u_int16_t tlv_length;
u_char *value_pos = NULL;
gchar *value_str = NULL;
- length -= SIZE_NFLOG_HDR;
- caplen -= SIZE_NFLOG_HDR;
+ *pktlen -= SIZE_NFLOG_HDR;
- while (length > 0) {
- if (caplen < SIZE_NFLOG_TLV || length < SIZE_NFLOG_TLV)
+ while (*pktlen > 0) {
+ if (*pktlen < SIZE_NFLOG_TLV)
break;
tlv_h = (nflog_tlv_t *)*packet;
if (tlv_length < SIZE_NFLOG_TLV)
break;
- if (caplen < tlv_length || length < tlv_length)
+ if (*pktlen < tlv_length)
break;
if (STC_PCAP_LOG) {
if (tlv_type == NFULA_PAYLOAD) {
*packet += SIZE_NFLOG_TLV;
+ *pktlen -= SIZE_NFLOG_TLV;
break;
}
*packet += tlv_length;
- length -= tlv_length;
- caplen -= tlv_length;
+ *pktlen -= tlv_length;
}
}
-static void __pcap_nflog_hdr_info(const u_char **packet)
+static void __pcap_nflog_hdr_info(const u_char **packet, uint32_t *pktlen)
{
nflog_hdr_t *hdr_h = (nflog_hdr_t *)*packet;
u_int8_t family = hdr_h->nflog_family;
__pcap_family_info(family), family, version, resource_id);
*packet += SIZE_NFLOG_HDR;
+ *pktlen -= SIZE_NFLOG_HDR;
}
static void __pcap_fm_info(const struct pcap_pkthdr *pkthdr)
static void __pcap_handler(u_char *param,
const struct pcap_pkthdr *pkthdr,
const u_char *packet) {
- /* int len = pkthdr->len; */
+ uint32_t pktlen = pkthdr->len;
stc_pcap_data_s *pcap_data = (stc_pcap_data_s *)param;
eth_t *eth_h;
- u_int16_t eth_type;
+ uint16_t eth_type;
nflog_hdr_t *nflog_h;
- u_int8_t nflog_family;
+ uint8_t nflog_family;
+
+ STC_LOGD(HR_DOUBLE);
__pcap_fm_info(pkthdr);
eth_h = (eth_t *)packet;
eth_type = ntohs(eth_h->ether_type);
- __pcap_eth_info(&packet);
+ __pcap_eth_info(&packet, &pktlen);
switch (eth_type) {
case ETHERTYPE_IP:
- __pcap_ip_info(&packet);
- /* __pcap_data_info(pcaket, len); */
+ __pcap_ip_info(&packet, &pktlen);
+ /* __pcap_data_info(pcaket, pktlen); */
break;
case ETHERTYPE_IPV6:
- __pcap_ipv6_info(&packet);
+ __pcap_ipv6_info(&packet, &pktlen);
break;
case ETHERTYPE_ARP:
case ETHERTYPE_REVARP:
- __pcap_arp_info(&packet);
+ __pcap_arp_info(&packet, &pktlen);
break;
case ETHERTYPE_LOOPBACK:
break;
+ case ETHERTYPE_EAPOL:
+ __pcap_eapol_info(&packet, &pktlen);
+ break;
default:
break;
}
nflog_h = (nflog_hdr_t *)packet;
nflog_family = nflog_h->nflog_family;
- __pcap_nflog_hdr_info(&packet);
- __pcap_nflog_tlv_info(&packet, pkthdr->len, pkthdr->caplen);
+ __pcap_nflog_hdr_info(&packet, &pktlen);
+ __pcap_nflog_tlv_info(&packet, &pktlen);
switch (nflog_family) {
case AF_INET:
- __pcap_ip_info(&packet);
+ __pcap_ip_info(&packet, &pktlen);
break;
case AF_INET6:
- __pcap_ipv6_info(&packet);
+ __pcap_ipv6_info(&packet, &pktlen);
break;
default:
break;
default:
break;
}
+
+ STC_LOGD(HR_DOUBLE);
}
static gboolean __pcap_thread_source_func(gpointer data)
pcap_data->encap_type = ENCAPTYPE_ETHERNET;
}
break;
- }
+ }
}
pcap_freealldevs(alldevs);