tcpdump mailing list archives
Content of two packets is mixed up in payload on libpcap-FreeBSD
From: "Patel" <vijayppatel () hotpop com>
Date: Mon, 7 Apr 2003 18:25:46 +0530
Hello,
I am using libpcap on freebsd 4.7. My problem is packet captured using following loop is are overwritten by next
packet in a queue.
while(1) {
while((packet = (char *) pcap_next(handle, &header)) == NULL);
got_incoming_packet("", &header,packet);
//free(packet);
}
So when i try to print content of packet in got_incoming_packet using following command it is showing me content
mixture of two packets.
packet = (u_char *) malloc(header->len);
memset (packet, 0, header->len);
memcpy(packet, packet1, header->len);
//Extra code for Pointing to payload part in packet.
fwrite(payload,len_payload,1,stderr);
I am watching what is getting printed by freebsd machine & i am comparing it with packet captured in same LAN through
Ethereal. There i found that packet shown on freebsd machine is a mixture of payload part of two packets.
One more help pls... if anyone having proper working code of basic sample libpcap application for freebsd, it would be
great help too.
Thank you.
Vijay.
-------------------------------------------------
#define _BSD_SOURCE 1
#include <stdio.h>
#include <pcap.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/socket.h>
#include <sys/types.h>
//#include <asm/types.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
//#include <net/ethernet.h>
#include <arpa/inet.h>
#include <libnet.h>
#define ETHER_ADDR_LEN 6
struct ether_header {
u_char ether_dhost[ETHER_ADDR_LEN];
u_char ether_shost[ETHER_ADDR_LEN];
u_short ether_type;
};
void got_incoming_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet);
//void send_incoming_packet(int len_packet, struct ip *ip_hdr, struct tcphdr *tcp_hdr, u_char *payload, int
len_payload);
void send_incoming_packet(struct ip *ip_hdr, int size_tcp, int len_payload);
void send_incoming_packet(struct ip *ip_hdr, int size_tcp, int len_payload){
int network, c;
//u_char *packet;
//char *ptr_buffer,*ptr_src;
char ptr_dest[] = "172.16.2.2";
struct in_addr new_saddr;
//u_long src_ip,dest_ip;
int len_packet = LIBNET_IP_H + size_tcp+ len_payload;
//Step 1: Memory initialization (interchangable with step 2).
/*libnet_init_packet(len_packet, &packet);
if (packet == NULL) {
libnet_error(LIBNET_ERR_FATAL, "libnet_init_packet failed\n");
}*/
//Step 2: Network initialization (interchangable with step 1).
network = libnet_open_raw_sock(IPPROTO_RAW);
if (network == -1) {
libnet_error(LIBNET_ERR_FATAL, "Can't open network.\n");
}
/*ptr_buffer = inet_ntoa(ip_hdr->ip_src);
ptr_src = (char *) malloc(strlen(ptr_buffer)+1);
strcpy(ptr_src,ptr_buffer);
if (!(src_ip = libnet_name_resolve(ptr_src, LIBNET_RESOLVE))) {
libnet_error(LIBNET_ERR_FATAL, "Bad source IP address: %s\n", ptr_src);
}
if (!(dest_ip = libnet_name_resolve(ptr_dest, LIBNET_RESOLVE))) {
libnet_error(LIBNET_ERR_FATAL, "Bad source IP address: %s\n", ptr_dest);
}*/
/*if(inet_pton(AF_INET,ptr_dest,ip_hdr->ip_dst)<=0){
printf("IP Conversion Error");
}*/
new_saddr.s_addr = inet_addr(ptr_dest);
ip_hdr->ip_dst = new_saddr;
/* libnet_build_ip(LIBNET_TCP_H+len_payload,
ip_hdr->ip_tos,
ntohs(ip_hdr->ip_id),
ntohs(ip_hdr->ip_off),
ip_hdr->ip_ttl,
ip_hdr->ip_p,
src_ip,
dest_ip,
NULL,
0,
packet);*/
//Step 3: Packet construction (TCP header).
/* libnet_build_tcp(ntohs(tcp_hdr->th_sport),
ntohs(tcp_hdr->th_dport),
ntohl(tcp_hdr->th_seq),
ntohl(tcp_hdr->th_ack),
tcp_hdr->th_flags,
ntohs(tcp_hdr->th_win),
ntohs(tcp_hdr->th_urp),
payload,
len_payload,
packet+LIBNET_IP_H); */
//Step 4: Packet checksums (TCP header only).
if (libnet_do_checksum((u_char *)ip_hdr,IPPROTO_TCP, size_tcp+len_payload) == -1) {
libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n");
}
//Step 5: Packet injection.
c = libnet_write_ip(network, (u_char *)ip_hdr, len_packet);
if (c < len_packet) {
libnet_error(LN_ERR_WARNING, "libnet_write_ip only wrote %d bytes\n", c);
} else {
//printf("construction and injection completed, wrote all %d bytes\n", c);
}
//Shut down the interface.
if (libnet_close_raw_sock(network) == -1) {
libnet_error(LN_ERR_WARNING, "libnet_close_raw_sock couldn't close the interface");
}
//Free packet memory.
//libnet_destroy_packet(&ip_hdr);
}
void got_incoming_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet1) {
struct ether_header *eth_hdr;
struct ip *ip_hdr;
struct tcphdr *tcp_hdr;
u_char *payload; /* Packet payload */
int size_ethernet = sizeof(struct ether_header);
int size_ip = sizeof(struct ip);
int size_tcp = sizeof(struct tcphdr);
int len_payload=0;
char *ptr_src1,*ptr_dest1,*ptr_buffer;
u_int16_t src_port1,dest_port1;
char test_src1[] = "202.54.1.30";
char test_dest1[] = "192.168.0.9";
//u_char packet[header->len];
u_char *packet;
static int count = 1; /* Just a counter of how many packets we've had */
struct in_addr addr1;
packet = (u_char *) malloc(header->len);
memset (packet, 0, header->len);
memcpy(packet, packet1, header->len);
/* -- Define our packet's attributes -- */
eth_hdr = (struct ether_header *)(packet);
ip_hdr = (struct ip*)(packet + size_ethernet);
tcp_hdr = (struct tcphdr*)(packet + size_ethernet + size_ip);
//size_tcp = 0;
size_tcp = (tcp_hdr->th_off)*4;
payload = (u_char *)(packet + size_ethernet + size_ip + size_tcp);
len_payload = ntohs(ip_hdr->ip_len) - size_ip - size_tcp;
if(ip_hdr->ip_p == IPPROTO_TCP) {
addr1 = ip_hdr->ip_src;
ptr_buffer = inet_ntoa(addr1);
ptr_src1 = (char *) malloc(strlen(ptr_buffer)+1);
strcpy(ptr_src1,ptr_buffer);
src_port1 = ntohs(tcp_hdr->th_sport);
addr1 = ip_hdr->ip_dst;
ptr_buffer = inet_ntoa(addr1);
ptr_dest1 = (char *) malloc(strlen(ptr_buffer)+1);
strcpy(ptr_dest1,ptr_buffer);
dest_port1 = ntohs(tcp_hdr->th_dport);
//Discards packets of ssh.
if(src_port1 ==22 || dest_port1 ==22) {
free(ptr_src1);
free(ptr_dest1);
count++;
return;
}
//printf("%d\t%s:%d\t%s:%d\t%ld\t%ld\n", count, ptr_src1, src_port1, ptr_dest1, dest_port1,
ntohl(tcp_hdr->th_seq),ntohl(tcp_hdr->th_ack));
if((strcmp(ptr_src1,test_src1) ==0)) {
if((strcmp(ptr_dest1,test_dest1) ==0)) {
printf("incoming : %d\t%s:%d\t%s:%d\t%ld\t%ld\n", count, ptr_src1, src_port1, ptr_dest1, dest_port1,
ntohl(tcp_hdr->th_seq),ntohl(tcp_hdr->th_ack));
fwrite(payload,len_payload,1,stderr);
//fflush(fp);
send_incoming_packet(ip_hdr,size_tcp,len_payload);
//send_incoming_packet(ip_hdr,tcp_hdr,payload,len_payload);
//send_packet(packet,ip_hdr,tcp,header->len,len);
}
}
free(ptr_src1);
free(ptr_dest1);
}
free(packet);
count++;
}
int main_incoming()
{
char dev[] = "rl0";
bpf_u_int32 mask;
bpf_u_int32 net;
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t *handle;
struct pcap_pkthdr header;
const u_char *packet;
struct bpf_program filter;
char filter_app[] = "";
int datalink; /* Type of datalink SLIP/PPP/Ethernet */
//dev = pcap_lookupdev(errbuf);
//printf("Device : %s\n", dev);
pcap_lookupnet(dev,&net,&mask,errbuf);
if((handle = pcap_open_live(dev, BUFSIZ, 0, 2000, errbuf))== NULL) {
printf("Error opening device: %s", errbuf);
}
if((datalink = pcap_datalink(handle)) < 0 ) {
printf("Datalink error : %s", pcap_geterr(handle));
}
//printf("Datalink = %d\n", datalink);
if( pcap_compile(handle, &filter, filter_app, 0, net) == -1) {
printf("pcap_compile borqed\n");
exit(1);
}
if (pcap_setfilter(handle, &filter) == -1) {
printf("pcap_setfilter said 'eat shit'\n");
exit(1);
}
//pcap_loop(handle, -1, got_packet, NULL);
while(1) {
while((packet = (char *) pcap_next(handle, &header)) == NULL);
got_incoming_packet("", &header,packet);
//free(packet);
}
pcap_close(handle);
return(0);
}
--------------------------------------------------
Current thread:
- Content of two packets is mixed up in payload on libpcap-FreeBSD Patel (Apr 07)
- Re: Content of two packets is mixed up in payload on libpcap-FreeBSD Guy Harris (Apr 07)