- 论坛徽章:
- 0
|
 做了下第二题。只是处理了ip数据帧,传输层。
- #include <unistd.h>
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
- #include <netdb.h>
- #include <sys/ioctl.h>
- #include <sys/types.h>
- #include <sys/socket.h>
- #include <netinet/ip.h>
- #include <netinet/in.h>
- #include <netinet/tcp.h>
- #include <netinet/udp.h>
- #include <netpacket/packet.h>
- #include <net/ethernet.h>
- #include <net/if.h>
- #include <arpa/inet.h>
- #include <errno.h>
- #include <vector>
- using namespace std;
- /* 接收缓冲区大小 */
- #define RCV_BUF_SIZE 1024 * 5
- /* 接收缓冲区 */
- static int g_iRecvBufSize = RCV_BUF_SIZE;
- static char g_acRecvBuf[RCV_BUF_SIZE] = {0};
- /* 物理网卡接口,需要根据具体情况修改 */
- static const char *g_szIfName = "eth0";
- struct packetInfo
- {
- char * sip;
- char * desip;
- short int sport;
- short int desport;
- char *protocol;
- int count;
- };
- /* 物理网卡混杂模式属性操作 */
- static int ethdump_setPromisc(const char *pcIfName, int fd, int iFlags)
- {
- int iRet = -1;
- struct ifreq stIfr;
- /* 获取接口属性标志位 */
- strcpy(stIfr.ifr_name, pcIfName);
- iRet = ioctl(fd, SIOCGIFFLAGS, &stIfr);
- if (0 > iRet)
- {
- perror("[Error]Get Interface Flags");
- return -1;
- }
- if (0 == iFlags)
- {
- /* 取消混杂模式 */
- stIfr.ifr_flags &= ~IFF_PROMISC;
- }
- else
- {
- /* 设置为混杂模式 */
- stIfr.ifr_flags |= IFF_PROMISC;
- }
- iRet = ioctl(fd, SIOCSIFFLAGS, &stIfr);
- if (0 > iRet)
- {
- perror("[Error]Set Interface Flags");
- return -1;
- }
- return 0;
- }
- /* Init L2 Socket */
- static int ethdump_initSocket()
- {
- int iRet = -1;
- int fd = -1;
- struct ifreq stIf;
- struct sockaddr_ll stLocal = {0};
- /* 创建SOCKET */
- fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
- if (0 > fd)
- {
- perror("[Error]Initinate L2 raw socket");
- return -1;
- }
- /* 网卡混杂模式设置 */
- ethdump_setPromisc(g_szIfName, fd, 1);
- /* 设置SOCKET选项 */
- iRet = setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &g_iRecvBufSize,sizeof(int));
- if (0 > iRet)
- {
- perror("[Error]Set socket option");
- close(fd);
- return -1;
- }
- /* 获取物理网卡接口索引 */
- strcpy(stIf.ifr_name, g_szIfName);
- iRet = ioctl(fd, SIOCGIFINDEX, &stIf);
- if (0 > iRet)
- {
- perror("[Error]Ioctl operation");
- close(fd);
- return -1;
- }
- /* 绑定物理网卡 */
- stLocal.sll_family = PF_PACKET;
- stLocal.sll_ifindex = stIf.ifr_ifindex;
- stLocal.sll_protocol = htons(ETH_P_ALL);
- iRet = bind(fd, (struct sockaddr *)&stLocal, sizeof(stLocal));
- if (0 > iRet)
- {
- perror("[Error]Bind the interface");
- close(fd);
- return -1;
- }
- return fd;
- }
- /* 捕获网卡数据帧 */
- static void ethdump_startCapture(const int fd)
- {
- packetInfo DataPacketInfo;
- vector<packetInfo> v_PacketInfo;
- int iRet = -1;
- socklen_t stFromLen = 0;
- /* 循环监听 */
- while(1)
- {
- struct protoent *pstIpProto = NULL;
- /*Ethnet帧头结构体*/
- struct ether_header *pstEthHead = NULL;
- /*IP数据包包头结构体*/
- struct ip *pstIpHead = NULL;
- /* 清空接收缓冲区 */
- memset(g_acRecvBuf, 0, RCV_BUF_SIZE);
- /* 接收数据帧 */
- iRet = recvfrom(fd, g_acRecvBuf, g_iRecvBufSize, 0, NULL, &stFromLen);
- if (0 > iRet)
- {
- continue;
- }
- /*获得Ethnet帧分装的数据包协议类型*/
- unsigned short usEthPktType;
- pstEthHead=(ether_header*)g_acRecvBuf;
- if (NULL == pstEthHead)
- {
- exit(-1);
- }
- /* 协议类型、源MAC、目的MAC */
- usEthPktType = ntohs(pstEthHead->ether_type);
- printf(">>> Eth-Pkt-Type:0x%04x ", usEthPktType);
- if(usEthPktType==0x0800)
- {
- /*去除Ethnet帧头,获得IP数据包头的开始位置*/
- pstIpHead=(ip*)(pstEthHead+1);
- DataPacketInfo.count=1;
- if (NULL == pstIpHead)
- {
- exit(-1);
- }
- /* 传输层协议类型、源IP地址、目的IP地址 */
- pstIpProto = getprotobynumber(pstIpHead->ip_p);
- if(NULL != pstIpProto)
- {
- DataPacketInfo.protocol=pstIpProto->p_name;
- printf(" IP-Pkt-Type:%d(%s) ", pstIpHead->ip_p, pstIpProto->p_name);
- }
- else
- {
- printf(" IP-Pkt-Type:%d(%s) ", pstIpHead->ip_p, "None");
- }
- DataPacketInfo.sip=inet_ntoa(pstIpHead->ip_src);
- DataPacketInfo.desip=inet_ntoa(pstIpHead->ip_dst);
- if(6==pstIpHead->ip_p)//如果传输层协议为TCP
- {
- struct tcphdr *ptcphdr=NULL;
- ptcphdr=(tcphdr *)(pstIpHead+1);
- if (NULL == ptcphdr)
- {
- exit(-1);
- }
- printf("TCP SPort=[%d] ", ntohs(ptcphdr->source));
- printf("TCP DPort=[%d]\n ",ntohs(ptcphdr->dest));
- DataPacketInfo.sport= ntohs(ptcphdr->source);
- DataPacketInfo.desport=ntohs(ptcphdr->dest);
- }
- else if(17==pstIpHead->ip_p)
- {
- struct udphdr* pudphdr=NULL;
- pudphdr=(udphdr*)(pstIpHead+1);
- if (NULL == pudphdr)
- {
- exit(-1);
- }
- printf("UDP SPort=[%d] ", pudphdr->source);
- printf("UDP DPort=[%d]\n ",pudphdr->dest);
- DataPacketInfo.sport= ntohs(pudphdr->source);
- DataPacketInfo.desport=ntohs(pudphdr->dest);
- }
- else
- {
- printf("UNKOWN PROTOCOL\n");
- }
- bool flag(0);
- for(int i=0;i++;i<v_PacketInfo.size())
- {
- if (DataPacketInfo.sip==v_PacketInfo[i].sip&&DataPacketInfo.desip==v_PacketInfo[i].desip&&
- DataPacketInfo.sport==v_PacketInfo[i].sport&&DataPacketInfo.desport==v_PacketInfo[i].desport&&
- DataPacketInfo.protocol==v_PacketInfo[i].protocol)
- {
- v_PacketInfo[i].count++;
- flag=1;
- break;
- }
-
- }
- if(!flag)
- {
- v_PacketInfo.push_back(DataPacketInfo);
- }
- }
- else
- {
- printf("NOT IP PROTOCOL\n");
- }
- }
- }
- /* Main */
- int main(int argc, char *argv[])
- {
- int iRet = -1;
- int fd = -1;
- /* 初始化SOCKET */
- fd = ethdump_initSocket();
- if(0 > fd)
- {
- return -1;
- }
- /* 捕获数据包 */
- ethdump_startCapture(fd);
- /* 关闭SOCKET */
- close(fd);
- return 0;
- }
|
|
免费注册
楼主: send_linux
发表于 2011-02-13 16:08
