Date: Tue, 3 Jun 2008 14:24:50 GMT From: Rui Paulo <rpaulo@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 142812 for review Message-ID: <200806031424.m53EOoV8062310@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=142812 Change 142812 by rpaulo@rpaulo_epsilon on 2008/06/03 14:24:24 Complete pcap file dumping. Affected files ... .. //depot/projects/soc2008/rpaulo-tcpad/dumper.c#2 edit .. //depot/projects/soc2008/rpaulo-tcpad/dumper.h#2 edit .. //depot/projects/soc2008/rpaulo-tcpad/handler.c#5 edit .. //depot/projects/soc2008/rpaulo-tcpad/main.c#5 edit .. //depot/projects/soc2008/rpaulo-tcpad/tcpad.h#5 edit Differences ... ==== //depot/projects/soc2008/rpaulo-tcpad/dumper.c#2 (text+ko) ==== @@ -23,9 +23,11 @@ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/soc2008/rpaulo-tcpad/dumper.c#1 $ + * $P4: //depot/projects/soc2008/rpaulo-tcpad/dumper.c#2 $ */ +#include <string.h> +#include <stdlib.h> #include <sys/queue.h> #include <pcap.h> @@ -35,28 +37,29 @@ * Adds a packet to a pool of packets pertinent to this connection. */ void -dumper_addpkt(struct dumppkth *head, struct pcap_pkthdr *ph, unsigned char *headers) +dumper_addpkt(struct dumppkth *head, const struct pcap_pkthdr *ph, + const unsigned char *headers) { struct dumppkt *dp; dp = malloc(sizeof(*dp)); - memcpy(&dp.pheader, ph, sizeof(dp.pheader)); - memcpy(&dp.headers, headers, sizeof(dp.headers)); + memcpy(&dp->pheader, ph, sizeof(struct pcap_pkthdr)); + memcpy(&dp->headers, headers, 127); /* XXX */ /* XXX: honour the size of this list */ - TAILQ_INSERT_TAIL(dhead, dp, entries); + TAILQ_INSERT_TAIL(head, dp, entries); } /** * An error occured. Dump the packet list to a file. */ void -dumper_error(pcap_t *p, const char *path, struct dumppkt *head) +dumper_error(pcap_t *p, const char *path, struct dumppkth *head) { pcap_dumper_t *pd; struct dumppkt *dp; pd = pcap_dump_open(p, path); TAILQ_FOREACH(dp, head, entries) - pcap_dump(pd, dp->pheader, dp->headers); + pcap_dump(pd, &dp->pheader, dp->headers); pcap_dump_close(pd); } ==== //depot/projects/soc2008/rpaulo-tcpad/dumper.h#2 (text+ko) ==== @@ -23,7 +23,7 @@ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/soc2008/rpaulo-tcpad/dumper.h#1 $ + * $P4: //depot/projects/soc2008/rpaulo-tcpad/dumper.h#2 $ */ #ifndef _DUMPER_H_ @@ -34,13 +34,14 @@ struct dumppkt { TAILQ_ENTRY(dumppkt) entries; struct pcap_pkthdr pheader; - unsigned char headers[50]; /* Enough for IP/IPv6 + TCP */ + unsigned char headers[128]; /* Enough for IP/IPv6 + TCP */ }; TAILQ_HEAD(dumppkth, entry); -void -dumper_addpkt(struct dumppkth *head, struct pcap_pkthdr *ph, - unsigned char *headers); +void dumper_addpkt(struct dumppkth *head, const struct pcap_pkthdr *ph, + const unsigned char *headers); +void dumper_error(pcap_t *p, const char *path, struct dumppkth *head); + #endif /* _DUMPER_H_ */ ==== //depot/projects/soc2008/rpaulo-tcpad/handler.c#5 (text+ko) ==== @@ -23,7 +23,7 @@ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/soc2008/rpaulo-tcpad/handler.c#4 $ + * $P4: //depot/projects/soc2008/rpaulo-tcpad/handler.c#5 $ */ #include <stdio.h> @@ -92,7 +92,7 @@ LIST_INSERT_HEAD(&chead, cp, entries); print_packet(bytes, linkhlen); TAILQ_INIT(&cp->pktshead); - dumper_addpkt(ph, bytes); + dumper_addpkt(&cp->pktshead, ph, bytes); } else if ((tcp->th_flags & TH_FLAGS) == (TH_SYN|TH_ACK)) { if (cp) { DPRINTF("connection already being tracked!\n"); @@ -112,9 +112,12 @@ DPRINTF("%s\n",inet_ntoa(cp->dv4addr)); LIST_INSERT_HEAD(&chead, cp, entries); print_packet(bytes, linkhlen); + TAILQ_INIT(&cp->pktshead); + dumper_addpkt(&cp->pktshead, ph, bytes); } else if ((tcp->th_flags & TH_FLAGS) == TH_ACK) { if (cp) { + dumper_addpkt(&cp->pktshead, ph, bytes); if (cp->tcpstate == TCPS_SYN_SENT || cp->tcpstate == TCPS_SYN_RECEIVED) { cp->tcpstate = TCPS_ESTABLISHED; @@ -130,11 +133,13 @@ } } else if ((tcp->th_flags & TH_FLAGS) == (TH_FIN|TH_ACK)) { if (cp) { + dumper_addpkt(&cp->pktshead, ph, bytes); if (cp->tcpstate == TCPS_ESTABLISHED) { cp->tcpstate = TCPS_FIN_WAIT_1; rcp->tcpstate = TCPS_CLOSE_WAIT; DPRINTF("fin_wait_1\n"); print_packet(bytes, linkhlen); + dumper_error(p, "test.cap", &cp->pktshead); } } } else if ((tcp->th_flags & TH_FLAGS) == (TH_RST|TH_ACK)) { ==== //depot/projects/soc2008/rpaulo-tcpad/main.c#5 (text+ko) ==== @@ -23,7 +23,7 @@ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/soc2008/rpaulo-tcpad/main.c#4 $ + * $P4: //depot/projects/soc2008/rpaulo-tcpad/main.c#5 $ */ #include <err.h> @@ -33,6 +33,7 @@ #include <pcap.h> #include <sys/queue.h> +#include "dumper.h" #include "tcpad.h" #include "device.h" #include "linkhdr.h" @@ -55,7 +56,6 @@ int ch; char *interface; char errbuf[PCAP_ERRBUF_SIZE]; - pcap_t *p; struct bpf_program fp; char filter[] = "ip proto \\tcp"; int linkhlen; ==== //depot/projects/soc2008/rpaulo-tcpad/tcpad.h#5 (text+ko) ==== @@ -23,7 +23,7 @@ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/soc2008/rpaulo-tcpad/tcpad.h#4 $ + * $P4: //depot/projects/soc2008/rpaulo-tcpad/tcpad.h#5 $ */ #ifndef _TCPAD_H_ @@ -31,6 +31,8 @@ #include <netinet/in.h> +pcap_t *p; + typedef struct _conn_t { LIST_ENTRY(_conn_t) entries; struct in_addr sv4addr;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200806031424.m53EOoV8062310>