File: ethernet.c

package info (click to toggle)
ipgrab 0.5-3
  • links: PTS
  • area: main
  • in suites: slink
  • size: 268 kB
  • ctags: 169
  • sloc: sh: 1,507; ansic: 1,234; makefile: 56
file content (130 lines) | stat: -rw-r--r-- 2,780 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
 
/**************************************************************************** 
** File: ethernet.c
**
** Author: Mike Borella
**
** Comments: Dump ethernet packets
**
*****************************************************************************/

#include <stdio.h>
#include <unistd.h>
#include <pcap.h>
#include <netinet/in.h>
#include "ethernet.h"
#include "config.h"

u_char *packet_ptr;
u_char *packet_end;

extern struct arg_t *my_args;

/*----------------------------------------------------------------------------
**
** dump_ethernet()
**
** Process packets from the DLT_EN10MB interface type
**
**----------------------------------------------------------------------------
*/

void dump_ethernet(u_char *user, const struct pcap_pkthdr *h, u_char *p)
{
  int length; 
  int caplen;
  int ether_type;
  EtherHdr *ep;
  void dump_ip(u_char *, int);
  void dump_arp(u_char *, int, int);
  char *etheraddr_string(u_char *);
  char *etherproto_string(u_short);


  /*
   * Get total packet length and length of the captured section
   */

  length = h->len;
  caplen = h->caplen;

  /*
   * Dump header announcement
   */

  printf("==========================================================\n");
  printf("                        Ethernet Header(%u.%06u)\n",
	 (u_int32_t) h->ts.tv_sec, (u_int32_t) h->ts.tv_usec);
  printf("----------------------------------------------------------\n");

  /*
   * Check for truncated header 
   */

  if (caplen < sizeof(EtherHdr)) 
    {
      printf("Ethernet header too short! (%d bytes)\n", length);
      return;
    }


  /*
   * Dump header fields
   */

  ep = (EtherHdr *) p;  
  ether_type = ntohs(ep->ether_type);

  if (!my_args->l)
    {
      printf("Hardware source:        %s\n", 
	     etheraddr_string(ep->ether_src));
      printf("Hardware destination:   %s\n", 
	     etheraddr_string(ep->ether_dst));
      printf("Protocol type:          %xH (%s)\n", ether_type, 
	     etherproto_string(ep->ether_type));
      printf("Length:                 %d\n", length+4); /* add FCS */
    }

 
  /*
   * Some printers want to get back at the link level addresses,
   * and/or check that they're not walking off the end of the packet.
   * Rather than pass them all the way down, we set these globals.
   */
   
  packet_ptr = p;
  packet_end = p + caplen;


  /*
   * Check for IEEE 802 (LLC) encapsulation.  If not, assume regular ethernet
   */

  p += sizeof(EtherHdr);

  if (ether_type <= ETHERMTU) 
    {
      /* XXX do something intelligent with LLC */
    }
  else 
    {
      switch (ether_type)
	{
        case ETHERTYPE_IP:
	  dump_ip(p, length);
	  return;

	case ETHERTYPE_ARP:
        case ETHERTYPE_REVARP:
	  dump_arp(p, length, caplen);
	  return;

        default:
	  return;
	  
	}

    } /* else */

}