/* gcc -Wall -pedantic af.c -lpcap -o af */ #include "waf.h" u_int16_t handle_ethernet(u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* packet); u_char* handle_IP(u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* packet); void errsys(char msg[50]) { /*syslog(LOG_ERR,msg);*/ printf("msg"); } void my_callback(u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* packet) { u_int16_t type = handle_ethernet(args,pkthdr,packet); if(type == ETHERTYPE_IP) {/* handle IP packet */ handle_IP(args,pkthdr,packet); }else if(type == ETHERTYPE_ARP) {/* handle arp packet */ } else if(type == ETHERTYPE_REVARP) {/* handle reverse arp packet */ } } u_char* handle_IP (u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* packet) { const struct my_ip* ip; u_int length = pkthdr->len; u_int hlen,off,version; unsigned long int ipb,ipx; int len; int is,id,i,gasit; /* jump pass the ethernet header */ ip = (struct my_ip*)(packet + sizeof(struct ether_header)); length -= sizeof(struct ether_header); /* check to see we have a packet of valid length */ if (length < sizeof(struct my_ip)) { printf("truncated ip %d",length); return NULL; } len = ntohs(ip->ip_len); hlen = IP_HL(ip); /* header length */ version = IP_V(ip);/* ip version */ /* if(((ip->ip_src.s_addr)!=locip) && ((ip->ip_dst.s_addr)!=locip))*/ /* Aici se pune numaratoarea */ } /* handle ethernet packets, much of this code gleaned from * print-ether.c from tcpdump source */ u_int16_t handle_ethernet(u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* packet) { u_int caplen = pkthdr->caplen; /* u_int length = pkthdr->len;*/ struct ether_header *eptr; /* net/ethernet.h */ u_short ether_type; if (caplen < ETHER_HDRLEN) { fprintf(stdout,"Packet length less than ethernet header length\n"); return -1; } /* lets start with the ether header... */ eptr = (struct ether_header *) packet; ether_type = ntohs(eptr->ether_type); /* Lets print SOURCE DEST TYPE LENGTH */ /*fprintf(stdout,"ETH: "); fprintf(stdout,"%s ",ether_ntoa((struct ether_addr*)eptr->ether_shost)); fprintf(stdout,"%s ",ether_ntoa((struct ether_addr*)eptr->ether_dhost)); */ /* check to see if we have an ip packet */ if (ether_type == ETHERTYPE_IP) { /* fprintf(stdout,"(IP)");*/ }else if (ether_type == ETHERTYPE_ARP) { /* fprintf(stdout,"(ARP)");*/ }else if (eptr->ether_type == ETHERTYPE_REVARP) { /* fprintf(stdout,"(RARP)");*/ }else { /* fprintf(stdout,"(?)");*/ } /* fprintf(stdout," %d\n",length);*/ return ether_type; } int main(int argc,char *argv[]) { char *dev; char errbuf[PCAP_ERRBUF_SIZE]; pcap_t* descr; struct bpf_program fp; /* hold compiled program */ bpf_u_int32 maskp; /* subnet mask */ bpf_u_int32 netp; /* ip */ u_char* args = NULL; int k,j; struct in_addr adrc; struct itimerval del; pid_t pid, sid; char *pcap_filter; struct bpf_program filter; dev = pcap_lookupdev(errbuf); strcpy(dev,DEVICE); if((pcap_filter = (char *) malloc(200)) == NULL) printf("malloc error"); memset(pcap_filter, 0, 200); strcat(pcap_filter, argv[1]); printf("%s",pcap_filter); if(dev == NULL) { printf("zero%s\n",errbuf); exit(1); } /* ask pcap for the network address and mask of the device */ pcap_lookupnet(dev,&netp,&maskp,errbuf); /* open device for reading. NOTE: defaulting to * promiscuous mode*/ descr = pcap_open_live(dev,BUFSIZ,0,0,errbuf); if(descr == NULL) { printf("pcap_open_live(): qqqqqqqqqq%s\n",errbuf); exit(1); } if (pcap_compile(descr, &filter, pcap_filter, 0, netp) < 0) error("unu%s", pcap_geterr(descr)); if (pcap_setfilter(descr, &filter) < 0) error("doi%s", pcap_geterr(descr)); /* fprintf(stdout,"IP src, Ip dst, len, proto\n" );*/ /* ... and loop */ /* pcap_loop(descr,-1,my_callback,args); */ return 0; }