best way for proper icmp-packet decoding (pcap+libnet)

["Kifah A." <kifah () prz tu-berlin de>]

hi everyone,

i am writing some code to decode some icmp packet on a pseudo interface 
(gif0), and injecting them on fxp1 (with libnet)after altering the 
payload part.
I am pasting some relevant code here, and asking for any hints or tips 
on improving performance:



u_short libnet_icmp_sum = icmp->icmp_cksum;
u_short libnet_icmp_id = (unsigned)ntohs(icmp->icmp_hun.ih_idseq.icd_id);
u_short libnet_icmp_seq = (unsigned)ntohs(icmp->icmp_hun.ih_idseq.icd_seq);
u_char *libnet_icmp_payload = icmp_payload;
u_long libnet_icmp_payload_s = strlen(icmp_payload);
u_long libnet_icmp_payload_s_2 = strlen(icmp->icmp_dun.id_data);
.
.
.
.
case IPPROTO_ICMP:

ip_options = ip->ip_hl;

ip_options -= 5;
ip_options *= 4;
//how much do we shift, until the ICMP payload starts
icmp = (struct icmp *)(packet + IP_SIZE + ip_options);
icmp_payload = (u_char *)(packet+IP_SIZE+ip_options+8);



/**********Here we print the different headers for debugging**********/
printf("Different ip fields");

//show IP source
printf("\tFrom: %s", inet_ntoa(ip->ip_src));
//show IP destination
printf("\tTo: %s\n", inet_ntoa(ip->ip_dst));
//show IP Header Length
printf("\tHeader Length:%d", ip->ip_hl );
//show IP Header Version
printf("\tVersion:%d", ip->ip_v );
//show IP TOS
printf("\tTOS:%d", ip->ip_tos );
//show ip_len
printf("\tip_len:%d", ip->ip_len );
//show ip_id
printf("\tip_id:%d", ip->ip_id );
//show ip_off
printf("\tip_off:%d", ip->ip_off );
//show ip_ttl
printf("\tip_ttl:%d", ip->ip_ttl );
//show ip_protocol
printf("\tip_protocol:%d", ip->ip_p );
//show ip_checksum
printf("\tip_checksum:%d\n", ip->ip_sum );

printf("Different ICMP Fields\n");
//show type
printf("\tICMP_Type: %d\n", icmp->icmp_type);
//show code
printf("\tICMP_Code: %d\n", icmp->icmp_code);
//show checksum
printf("\tICMP_Checksum: %d\n", libnet_icmp_sum);
//ICMP ID
printf("\tICMP ID: %u\n", libnet_icmp_id);
//ICMP SEQ
printf("\tICMP SEQ: %u\n",libnet_icmp_seq);
//ICMP Data
printf("\tICMP DATA: %s\n", libnet_icmp_payload);
printf("\tICMP Payload Length: %d\n", libnet_icmp_payload_s);
printf("\tICMP DATA-version2: %s\n", icmp->icmp_dun.id_data);
printf("\tICMP Payload Length2: %d\n",libnet_icmp_payload_s_2);
////////////////////////////////


I noticed once i start the proggie,i get wrong values for some fields 
(libnet_icmp_payload,payload length) does it has to do with some wrong 
buffering or something`?
example:

-bash-2.05b# ./plogd
Different ip fields From: 10.10.10.11 To: 10.10.10.10
Header Length:5 Version:4 TOS:0 ip_len:15360 ip_id:64880 ip_off:0 
ip_ttl:32 ip_protocol:1 ip_checksum:39937
Different ICMP Fields
ICMP_Type: 8
ICMP_Code: 0
ICMP_Checksum: 15360
ICMP ID: 240
ICMP SEQ: 60
ICMP DATA: D???
ICMP Payload Length: 6
ICMP DATA-version2: abcdefghijklmnopqrstuvwabcdefghi
ICMP Payload Length2: 2
Different ip fields From: 10.10.10.11 To: 10.10.10.10
Header Length:5 Version:4 TOS:0 ip_len:15360 ip_id:64881 ip_off:0 
ip_ttl:32 ip_protocol:1 ip_checksum:39936
Different ICMP Fields
ICMP_Type: 8
ICMP_Code: 0
ICMP_Checksum: 54659
ICMP ID: 256
ICMP SEQ: 51334
ICMP DATA: abcdefghijklmnopqrstuvwabcdefghi
ICMP Payload Length: 32
ICMP DATA-version2: abcdefghijklmnopqrstuvwabcdefghi
ICMP Payload Length2: 32
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe