summaryrefslogtreecommitdiff
authormickeyl <mickeyl>2003-05-04 20:38:24 (UTC)
committer mickeyl <mickeyl>2003-05-04 20:38:24 (UTC)
commit09dceae91b14a4b2d936ebfc6c7c276686c2b98c (patch) (side-by-side diff)
treeb8ebc6f92ca0008a90ef036c3c5ba873a2f59670
parent8409a251d52b59585889e1bcaa278a6b847db2fc (diff)
downloadopie-09dceae91b14a4b2d936ebfc6c7c276686c2b98c.zip
opie-09dceae91b14a4b2d936ebfc6c7c276686c2b98c.tar.gz
opie-09dceae91b14a4b2d936ebfc6c7c276686c2b98c.tar.bz2
add parsing of ARP packets
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--libopie2/opienet/802_11_user.h47
-rw-r--r--libopie2/opienet/opcap.cpp65
-rw-r--r--libopie2/opienet/opcap.h24
3 files changed, 110 insertions, 26 deletions
diff --git a/libopie2/opienet/802_11_user.h b/libopie2/opienet/802_11_user.h
index cd98503..ad84514 100644
--- a/libopie2/opienet/802_11_user.h
+++ b/libopie2/opienet/802_11_user.h
@@ -10,127 +10,128 @@ enum ieee_802_11_link_status_failure_reason {
Sender_Quits_BSS,
Association_requester_not_authenticated,
Reserved10
};
#define IEEE_802_11_LINK_STATUS_FAILURE_REASON_STRINGS \
{ \
{reserved0, 0xff," Reserved reason "},\
{Unspecified, 0xff," Unspecified Reason "},\
{Previous_not_valid, 0xff," Previous Authentication no longer valid "},\
{Sender_Quits_ESS_or_IBSS,0xff," Deauthenticated because sending station is leaving (has left) IBSS or ESS "},\
{Due_Inactivity, 0xff," Disassociated due to inactivity "},\
{AP_Overload, 0xff," Disassociated because AP is unable to handle all currently associated stations "},\
{Class_2_from_NonAuth, 0xff," Class 2 frame received from non-Authenticated station"},\
{Class_3_from_NonAuth, 0xff," Class 3 frame received from non­Associated station"},\
{Sender_Quits_BSS, 0xff," Disassociated because sending station is leaving (has left) BSS"},\
{Association_requester_not_authenticated,0xff," Station requesting (Re)Association is not Authenticated with responding station"},\
{Reserved10, 0xff," Reserved"},\
{0,0,NULL}\
};
struct ieee_802_11_header {
u_int16_t frame_control;// needs to be subtyped
u_int16_t duration;
u_int8_t mac1[6];
u_int8_t mac2[6];
u_int8_t mac3[6];
u_int16_t SeqCtl;
u_int8_t mac4[6];
// u_int16_t gapLen;
// u_int8_t gap[8];
};
struct ieee_802_3_header {
u_int16_t status;
u_int16_t payload_length;
u_int8_t dst_mac[6];
u_int8_t src_mac[6];
};
#define P80211_OUI_LEN 3
-struct ieee_802_11_snap_header {
-
- u_int8_t dsap; /* always 0xAA */
- u_int8_t ssap; /* always 0xAA */
- u_int8_t ctrl; /* always 0x03 */
- u_int8_t oui[P80211_OUI_LEN]; /* organizational universal id */
-
-} __attribute__ ((packed));
-
-#define P80211_LLC_OUI_LEN 3
-
-struct ieee_802_11_802_1H_header {
-
- u_int8_t dsap;
- u_int8_t ssap; /* always 0xAA */
- u_int8_t ctrl; /* always 0x03 */
- u_int8_t oui[P80211_OUI_LEN]; /* organizational universal id */
- u_int16_t unknown1; /* packet type ID fields */
- u_int16_t unknown2; /* here is something like length in some cases */
-} __attribute__ ((packed));
-
struct ieee_802_11_802_2_header {
u_int8_t dsap;
u_int8_t ssap; /* always 0xAA */
u_int8_t ctrl; /* always 0x03 */
u_int8_t oui[P80211_OUI_LEN]; /* organizational universal id */
u_int16_t type; /* packet type ID field */
+};
-} __attribute__ ((packed));
-
+/* See RFC 826 for protocol description. ARP packets are variable
+ in size; the arphdr structure defines the fixed-length portion.
+ Protocol type values are the same as those for 10 Mb/s Ethernet.
+ It is followed by the variable-sized fields ar_sha, arp_spa,
+ arp_tha and arp_tpa in that order, according to the lengths
+ specified. Field names used correspond to RFC 826. */
+
+#define ETH_ALEN 6
+
+struct myarphdr
+{
+ unsigned short int ar_hrd; /* Format of hardware address. */
+ unsigned short int ar_pro; /* Format of protocol address. */
+ unsigned char ar_hln; /* Length of hardware address. */
+ unsigned char ar_pln; /* Length of protocol address. */
+ unsigned short int ar_op; /* ARP opcode (command). */
+ /* Ethernet looks like this : This bit is variable sized
+ however... */
+ unsigned char ar_sha[ETH_ALEN]; /* Sender hardware address. */
+ unsigned char ar_sip[4]; /* Sender IP address. */
+ unsigned char ar_tha[ETH_ALEN]; /* Target hardware address. */
+ unsigned char ar_tip[4]; /* Target IP address. */
+};
// following is incoplete and may be incorrect and need reorganization
#define ieee_802_11_frame_type_Management 0x00
#define ieee_802_11_frame_type_Control 0x01
#define ieee_802_11_frame_type_Data 0x10
#define ieee_802_11_frame_type_Reserved 0x11
#define ieee_802_11_frame_subtype_Association_Req 0x0 // Association Request
#define ieee_802_11_frame_subtype_Association_Resp 0x1 // Association Response
#define ieee_802_11_frame_subtype_Reassociation_Req 0x2 // Reassociation Request
#define ieee_802_11_frame_subtype_Reassociation_Resp 0x3 // Reassociation Response
#define ieee_802_11_frame_subtype_Probe_Req 0x4 // Probe Request
#define ieee_802_11_frame_subtype_Probe_Resp 0x5 // Probe Response
#define ieee_802_11_frame_subtype_Beacon 0x8 // Beacon
#define ieee_802_11_frame_subtype_ATIM 0x9 // ATIM
#define ieee_802_11_frame_subtype_Disassociation 0xA // Disassociation
#define ieee_802_11_frame_subtype_Authentication 0xB // Authentication
#define ieee_802_11_frame_subtype_Deauthentication 0xC // Deauthentication
#define ieee_802_11_frame_subtype_PS_Poll 0xA // PS-Poll
#define ieee_802_11_frame_subtype_RTS 0xB // RTS
#define ieee_802_11_frame_subtype_CTS 0xC // CTS
#define ieee_802_11_frame_subtype_ACK 0xD // ACK
#define ieee_802_11_frame_subtype_CFEnd 0xE // CF-End
#define ieee_802_11_frame_subtype_CFEnd_CFAck 0xF // CF-End + CF-Ack
#define ieee_802_11_frame_subtype_Data 0x0 // Data
#define ieee_802_11_frame_subtype_Data_CFAck 0x1 // Data + CF-Ack
#define ieee_802_11_frame_subtype_Data_CF_Poll 0x2 // Data + CF-Poll
#define ieee_802_11_frame_subtype_Data_CF_AckCF_Poll 0x3 // Data + CF-Ack + CF-Poll
#define ieee_802_11_frame_subtype_NullFunction 0x4 // Null Function (no data)
#define ieee_802_11_frame_subtype_CF_Ack 0x5 // CF-Ack (no data)
#define ieee_802_11_frame_subtype_CF_Poll 0x6 // CF-Poll (no data)
#define ieee_802_11_frame_subtype_CF_AckCF_Poll 0x7 // CF-Ack + CF-Poll (no data)
#define ieee_802_11_frame_subtype_strings {\
{ ieee_802_11_frame_subtype_Association_Req, 0xF,"f Association Request"},\
{ ieee_802_11_frame_subtype_Association_Resp, 0xF,"1 Association Response"},\
{ ieee_802_11_frame_subtype_Reassociation_Req, 0xF,"2 Reassociation Request"},\
{ ieee_802_11_frame_subtype_Reassociation_Resp, 0xF,"3 Reassociation Response"},\
{ ieee_802_11_frame_subtype_Probe_Req , 0xF,"4 Probe Request"},\
{ ieee_802_11_frame_subtype_Probe_Resp , 0xF,"5 Probe Response"},\
{ ieee_802_11_frame_subtype_Beacon , 0xF,"8 Beacon"},\
{ ieee_802_11_frame_subtype_ATIM , 0xF,"9 ATIM"},\
{ ieee_802_11_frame_subtype_Disassociation, 0xF,"A Disassociation"},\
{ ieee_802_11_frame_subtype_Authentication, 0xF,"B Authentication"},\
{ ieee_802_11_frame_subtype_Deauthentication, 0xF,"C Deauthentication"},\
diff --git a/libopie2/opienet/opcap.cpp b/libopie2/opienet/opcap.cpp
index 675818e..e2ab6d7 100644
--- a/libopie2/opienet/opcap.cpp
+++ b/libopie2/opienet/opcap.cpp
@@ -113,225 +113,283 @@ QString OPacket::dump( int bpl ) const
int len = _hdr.caplen;
QString str;
str.sprintf( "\n<----- Packet #%04d Len = 0x%X (%d) ----->\n\n", index, len, len );
str.append( "0000: " );
QString tmp;
QString bytes;
QString chars;
for ( int i = 0; i < len; ++i )
{
tmp.sprintf( "%02X ", _data[i] ); bytes.append( tmp );
if ( (_data[i] > 31) && (_data[i]<128) ) chars.append( _data[i] );
else chars.append( '.' );
if ( !((i+1) % bpl) )
{
str.append( bytes );
str.append( ' ' );
str.append( chars );
str.append( '\n' );
tmp.sprintf( "%04X: ", i+1 ); str.append( tmp );
bytes = "";
chars = "";
}
}
if ( (len % bpl) )
{
str.append( bytes.leftJustify( 1 + 3*bpl ) );
str.append( chars );
}
str.append( '\n' );
return str;
}
int OPacket::len() const
{
return _hdr.len;
}
/*======================================================================================
* OEthernetPacket
*======================================================================================*/
OEthernetPacket::OEthernetPacket( const unsigned char* end, const struct ether_header* data, QObject* parent )
:QObject( parent, "Ethernet" ), _ether( data )
-
{
qDebug( "Source = %s", (const char*) sourceAddress().toString() );
qDebug( "Destination = %s", (const char*) destinationAddress().toString() );
if ( sourceAddress() == OMacAddress::broadcast )
qDebug( "Source is broadcast address" );
if ( destinationAddress() == OMacAddress::broadcast )
qDebug( "Destination is broadcast address" );
switch ( type() )
{
case ETHERTYPE_IP: new OIPPacket( end, (const struct iphdr*) (data+1), this ); break;
case ETHERTYPE_ARP: { qDebug( "OPacket::OPacket(): Received Ethernet Packet : Type = ARP" ); break; }
case ETHERTYPE_REVARP: { qDebug( "OPacket::OPacket(): Received Ethernet Packet : Type = RARP" ); break; }
default: qDebug( "OPacket::OPacket(): Received Ethernet Packet : Type = UNKNOWN" );
}
}
OEthernetPacket::~OEthernetPacket()
{
}
OMacAddress OEthernetPacket::sourceAddress() const
{
return OMacAddress( _ether->ether_shost );
}
OMacAddress OEthernetPacket::destinationAddress() const
{
return OMacAddress( _ether->ether_dhost );
}
int OEthernetPacket::type() const
{
return ntohs( _ether->ether_type );
}
/*======================================================================================
* OIPPacket
*======================================================================================*/
OIPPacket::OIPPacket( const unsigned char* end, const struct iphdr* data, QObject* parent )
:QObject( parent, "IP" ), _iphdr( data )
-
{
qDebug( "OIPPacket::OIPPacket(): decoding IP header..." );
//qDebug( "FromAddress: %s", (const char*) inet_ntoa( *src ) );
//qDebug( " ToAddress: %s", (const char*) inet_ntoa( *dst ) );
qDebug( "FromAddress: %s", (const char*) fromIPAddress().toString() );
qDebug( " toAddress: %s", (const char*) toIPAddress().toString() );
switch ( protocol() )
{
case IPPROTO_UDP: new OUDPPacket( end, (const struct udphdr*) (data+1), this ); break;
case IPPROTO_TCP: new OTCPPacket( end, (const struct tcphdr*) (data+1), this ); break;
default: qDebug( "OIPPacket::OIPPacket(): unknown IP protocol type = %d", protocol() );
}
}
OIPPacket::~OIPPacket()
{
}
QHostAddress OIPPacket::fromIPAddress() const
{
return EXTRACT_32BITS( &_iphdr->saddr );
}
QHostAddress OIPPacket::toIPAddress() const
{
return EXTRACT_32BITS( &_iphdr->saddr );
}
int OIPPacket::tos() const
{
return _iphdr->tos;
}
int OIPPacket::len() const
{
return EXTRACT_16BITS( &_iphdr->tot_len );
}
int OIPPacket::id() const
{
return EXTRACT_16BITS( &_iphdr->id );
}
int OIPPacket::offset() const
{
return EXTRACT_16BITS( &_iphdr->frag_off );
}
int OIPPacket::ttl() const
{
return _iphdr->ttl;
}
int OIPPacket::protocol() const
{
return _iphdr->protocol;
}
int OIPPacket::checksum() const
{
return EXTRACT_16BITS( &_iphdr->check );
}
/*======================================================================================
+ * OARPPacket
+ *======================================================================================*/
+
+
+OARPPacket::OARPPacket( const unsigned char* end, const struct myarphdr* data, QObject* parent )
+ :QObject( parent, "ARP" ), _arphdr( data )
+{
+ qDebug( "OARPPacket::OARPPacket(): decoding ARP header..." );
+ qDebug( "ARP type seems to be %02d - '%s'", EXTRACT_16BITS( &_arphdr->ar_op ), (const char*) type() );
+ qDebug( "Sender: MAC %s = IP %s", (const char*) senderMacAddress().toString(), (const char*) senderIPV4Address().toString() );
+ qDebug( "Target: MAC %s = IP %s", (const char*) targetMacAddress().toString(), (const char*) targetIPV4Address().toString() );
+}
+
+
+OARPPacket::~OARPPacket()
+{
+}
+
+
+QString OARPPacket::type() const
+{
+ switch ( EXTRACT_16BITS( &_arphdr->ar_op ) )
+ {
+ case 1: return "REQUEST";
+ case 2: return "REPLY";
+ case 3: return "RREQUEST";
+ case 4: return "RREPLY";
+ case 8: return "InREQUEST";
+ case 9: return "InREPLY";
+ case 10: return "NAK";
+ default: qWarning( "OARPPacket::type(): invalid ARP type!" ); return "<unknown>";
+ }
+}
+
+
+QHostAddress OARPPacket::senderIPV4Address() const
+{
+ return EXTRACT_32BITS( &_arphdr->ar_sip );
+}
+
+
+QHostAddress OARPPacket::targetIPV4Address() const
+{
+ return EXTRACT_32BITS( &_arphdr->ar_tip );
+}
+
+
+OMacAddress OARPPacket::senderMacAddress() const
+{
+ return OMacAddress( _arphdr->ar_sha );
+}
+
+
+OMacAddress OARPPacket::targetMacAddress() const
+{
+ return OMacAddress( _arphdr->ar_tha );
+}
+
+
+/*======================================================================================
* OUDPPacket
*======================================================================================*/
OUDPPacket::OUDPPacket( const unsigned char* end, const struct udphdr* data, QObject* parent )
:QObject( parent, "UDP" ), _udphdr( data )
{
qDebug( "OUDPPacket::OUDPPacket(): decoding UDP header..." );
}
OUDPPacket::~OUDPPacket()
{
}
/*======================================================================================
* OTCPPacket
*======================================================================================*/
OTCPPacket::OTCPPacket( const unsigned char* end, const struct tcphdr* data, QObject* parent )
:QObject( parent, "TCP" ), _tcphdr( data )
{
qDebug( "OTCPPacket::OTCPPacket(): decoding TCP header..." );
}
OTCPPacket::~OTCPPacket()
{
}
/*======================================================================================
* OPrismHeaderPacket
*======================================================================================*/
OPrismHeaderPacket::OPrismHeaderPacket( const unsigned char* end, const struct prism_hdr* data, QObject* parent )
:QObject( parent, "Prism" ), _header( data )
{
qDebug( "OPrismHeaderPacket::OPrismHeaderPacket(): decoding PRISM header..." );
qDebug( "Signal Strength = %d", data->signal.data );
new OWaveLanPacket( end, (const struct ieee_802_11_header*) (data+1), this );
}
@@ -685,97 +743,98 @@ OWaveLanManagementChallenge::OWaveLanManagementChallenge( const unsigned char* e
{
qDebug( "OWaveLanManagementChallenge()" );
}
OWaveLanManagementChallenge::~OWaveLanManagementChallenge()
{
}
/*======================================================================================
* OWaveLanDataPacket
*======================================================================================*/
OWaveLanDataPacket::OWaveLanDataPacket( const unsigned char* end, const struct ieee_802_11_data_header* data, OWaveLanPacket* parent )
:QObject( parent, "802.11 Data" ), _header( data )
{
qDebug( "OWaveLanDataPacket::OWaveLanDataPacket(): decoding frame..." );
const unsigned char* payload = (const unsigned char*) data + sizeof( struct ieee_802_11_data_header );
#warning The next line works for most cases, but can not be correct generally!
if (!( ( (OWaveLanPacket*) this->parent())->duration() )) payload -= 6; // compensation for missing last address
new OLLCPacket( end, (const struct ieee_802_11_802_2_header*) payload, this );
}
OWaveLanDataPacket::~OWaveLanDataPacket()
{
}
/*======================================================================================
* OLLCPacket
*======================================================================================*/
OLLCPacket::OLLCPacket( const unsigned char* end, const struct ieee_802_11_802_2_header* data, QObject* parent )
:QObject( parent, "802.11 LLC" ), _header( data )
{
qDebug( "OLLCPacket::OLLCPacket(): decoding frame..." );
if ( !(_header->oui[0] || _header->oui[1] || _header->oui[2]) )
{
qDebug( "OLLCPacket::OLLCPacket(): contains an encapsulated Ethernet frame (type=%04X)", EXTRACT_16BITS( &_header->type ) );
switch ( EXTRACT_16BITS( &_header->type ) ) // defined in linux/if_ether.h
{
case ETH_P_IP: new OIPPacket( end, (const struct iphdr*) (data+1), this ); break;
- default: qDebug( "OLLCPacket::OLLCPacket(): Unknown Encapsulation Type" );
+ case ETH_P_ARP: new OARPPacket( end, (const struct myarphdr*) (data+1), this ); break;
+ default: qWarning( "OLLCPacket::OLLCPacket(): Unknown Encapsulation (type=%04X)", EXTRACT_16BITS( &_header->type ) );
}
}
}
OLLCPacket::~OLLCPacket()
{
}
/*======================================================================================
* OWaveLanControlPacket
*======================================================================================*/
OWaveLanControlPacket::OWaveLanControlPacket( const unsigned char* end, const struct ieee_802_11_control_header* data, OWaveLanPacket* parent )
:QObject( parent, "802.11 Data" ), _header( data )
{
qDebug( "OWaveLanControlPacket::OWaveLanDataControl(): decoding frame..." );
//TODO: Implement this
}
OWaveLanControlPacket::~OWaveLanControlPacket()
{
}
/*======================================================================================
* OPacketCapturer
*======================================================================================*/
OPacketCapturer::OPacketCapturer( QObject* parent, const char* name )
:QObject( parent, name ), _name( QString::null ), _open( false ),
_pch( 0 ), _pcd( 0 ), _sn( 0 )
{
}
OPacketCapturer::~OPacketCapturer()
{
if ( _open )
{
qDebug( "OPacketCapturer::~OPacketCapturer(): pcap still open, autoclosing." );
close();
}
}
diff --git a/libopie2/opienet/opcap.h b/libopie2/opienet/opcap.h
index bee0ca0..5a50d9b 100644
--- a/libopie2/opienet/opcap.h
+++ b/libopie2/opienet/opcap.h
@@ -393,96 +393,120 @@ class OWaveLanControlPacket : public QObject
private:
const struct ieee_802_11_control_header* _header;
};
/*======================================================================================
* OLLCPacket - IEEE 802.2 Link Level Control
*======================================================================================*/
class OLLCPacket : public QObject
{
Q_OBJECT
public:
OLLCPacket( const unsigned char*, const struct ieee_802_11_802_2_header* data, QObject* parent = 0 );
virtual ~OLLCPacket();
private:
const struct ieee_802_11_802_2_header* _header;
};
/*======================================================================================
* OIPPacket
*======================================================================================*/
class OIPPacket : public QObject
{
Q_OBJECT
public:
OIPPacket( const unsigned char*, const struct iphdr*, QObject* parent = 0 );
virtual ~OIPPacket();
QHostAddress fromIPAddress() const;
QHostAddress toIPAddress() const;
int tos() const;
int len() const;
int id() const;
int offset() const;
int ttl() const;
int protocol() const;
int checksum() const;
private:
const struct iphdr* _iphdr;
};
/*======================================================================================
+ * OARPPacket
+ *======================================================================================*/
+
+class OARPPacket : public QObject
+{
+ Q_OBJECT
+
+ public:
+ OARPPacket( const unsigned char*, const struct myarphdr*, QObject* parent = 0 );
+ virtual ~OARPPacket();
+
+ QHostAddress senderIPV4Address() const;
+ OMacAddress senderMacAddress() const;
+ QHostAddress targetIPV4Address() const;
+ OMacAddress targetMacAddress() const;
+
+ //int type() const;
+ QString type() const;
+
+ private:
+ const struct myarphdr* _arphdr;
+};
+
+/*======================================================================================
* OUDPPacket
*======================================================================================*/
class OUDPPacket : public QObject
{
Q_OBJECT
public:
OUDPPacket( const unsigned char*, const struct udphdr*, QObject* parent = 0 );
virtual ~OUDPPacket();
int fromPort() const;
int toPort() const;
private:
const struct udphdr* _udphdr;
};
/*======================================================================================
* OTCPPacket
*======================================================================================*/
class OTCPPacket : public QObject
{
Q_OBJECT
public:
OTCPPacket( const unsigned char*, const struct tcphdr*, QObject* parent = 0 );
virtual ~OTCPPacket();
int fromPort() const;
int toPort() const;
private:
const struct tcphdr* _tcphdr;
};
/*======================================================================================
* OPacketCapturer
*======================================================================================*/
/**
* @brief A class based wrapper for network packet capturing.
*
* This class is the base of a high-level interface to the well known packet capturing
* library libpcap. ...
*/