author | mickeyl <mickeyl> | 2003-04-10 17:25:24 (UTC) |
---|---|---|
committer | mickeyl <mickeyl> | 2003-04-10 17:25:24 (UTC) |
commit | 1064aea74c5dd7b3d4f87e483bd85f3fac0cf03c (patch) (side-by-side diff) | |
tree | 63e2cb70dbc76e8ac911fbbbb50625e4cc89705b | |
parent | 4e8e3741dca909782e15bb197e5b6a78750536c2 (diff) | |
download | opie-1064aea74c5dd7b3d4f87e483bd85f3fac0cf03c.zip opie-1064aea74c5dd7b3d4f87e483bd85f3fac0cf03c.tar.gz opie-1064aea74c5dd7b3d4f87e483bd85f3fac0cf03c.tar.bz2 |
OPacketCapturer is now able to write captured packages in the standard tcpdump-compatible format
-rw-r--r-- | libopie2/opienet/opcap.cpp | 47 | ||||
-rw-r--r-- | libopie2/opienet/opcap.h | 4 |
2 files changed, 34 insertions, 17 deletions
diff --git a/libopie2/opienet/opcap.cpp b/libopie2/opienet/opcap.cpp index 30f6208..04b1bb1 100644 --- a/libopie2/opienet/opcap.cpp +++ b/libopie2/opienet/opcap.cpp @@ -641,311 +641,326 @@ OWaveLanManagementIBSS::OWaveLanManagementIBSS( const unsigned char* end, const } OWaveLanManagementIBSS::~OWaveLanManagementIBSS() { } /*====================================================================================== * OWaveLanManagementChallenge *======================================================================================*/ OWaveLanManagementChallenge::OWaveLanManagementChallenge( const unsigned char* end, const struct challenge_t* data, QObject* parent ) :QObject( parent, "802.11 Challenge" ), _data( data ) { qDebug( "OWaveLanManagementChallenge()" ); } OWaveLanManagementChallenge::~OWaveLanManagementChallenge() { } /*====================================================================================== * OWaveLanDataPacket *======================================================================================*/ OWaveLanDataPacket::OWaveLanDataPacket( const unsigned char* end, const struct ieee_802_11_data_header* data, OWaveLanPacket* parent ) :QObject( parent, "802.11 Data" ), _header( data ) { qDebug( "OWaveLanDataPacket::OWaveLanDataPacket(): decoding frame..." ); const unsigned char* payload = (const unsigned char*) data + sizeof( struct ieee_802_11_data_header ); #warning The next line works for most cases, but can not be correct generally! if (!( ( (OWaveLanPacket*) this->parent())->duration() )) payload -= 6; // compensation for missing last address new OLLCPacket( end, (const struct ieee_802_11_802_2_header*) payload, this ); } OWaveLanDataPacket::~OWaveLanDataPacket() { } /*====================================================================================== * OLLCPacket *======================================================================================*/ OLLCPacket::OLLCPacket( const unsigned char* end, const struct ieee_802_11_802_2_header* data, QObject* parent ) :QObject( parent, "802.11 LLC" ), _header( data ) { qDebug( "OLLCPacket::OLLCPacket(): decoding frame..." ); if ( !(_header->oui[0] || _header->oui[1] || _header->oui[2]) ) { qDebug( "OLLCPacket::OLLCPacket(): contains an encapsulated Ethernet frame (type=%04X)", EXTRACT_16BITS( &_header->type ) ); switch ( EXTRACT_16BITS( &_header->type ) ) // defined in linux/if_ether.h { case ETH_P_IP: new OIPPacket( end, (const struct iphdr*) (data+1), this ); break; default: qDebug( "OLLCPacket::OLLCPacket(): Unknown Encapsulation Type" ); } } } OLLCPacket::~OLLCPacket() { } /*====================================================================================== * OWaveLanControlPacket *======================================================================================*/ OWaveLanControlPacket::OWaveLanControlPacket( const unsigned char* end, const struct ieee_802_11_control_header* data, OWaveLanPacket* parent ) :QObject( parent, "802.11 Data" ), _header( data ) { qDebug( "OWaveLanControlPacket::OWaveLanDataControl(): decoding frame..." ); //TODO: Implement this } OWaveLanControlPacket::~OWaveLanControlPacket() { } /*====================================================================================== * OPacketCapturer *======================================================================================*/ OPacketCapturer::OPacketCapturer( QObject* parent, const char* name ) :QObject( parent, name ), _name( QString::null ), _open( false ), - _pch( 0 ), _sn( 0 ) + _pch( 0 ), _pcd( 0 ), _sn( 0 ) { } OPacketCapturer::~OPacketCapturer() { if ( _open ) { qDebug( "OPacketCapturer::~OPacketCapturer(): pcap still open, autoclosing." ); close(); } } void OPacketCapturer::setBlocking( bool b ) { if ( pcap_setnonblock( _pch, 1-b, _errbuf ) != -1 ) { qDebug( "OPacketCapturer::setBlocking(): blocking mode changed successfully." ); } else { qDebug( "OPacketCapturer::setBlocking(): can't change blocking mode: %s", _errbuf ); } } bool OPacketCapturer::blocking() const { int b = pcap_getnonblock( _pch, _errbuf ); if ( b == -1 ) { qDebug( "OPacketCapturer::blocking(): can't get blocking mode: %s", _errbuf ); return -1; } return !b; } void OPacketCapturer::close() { if ( _open ) { if ( _sn ) { _sn->disconnect( SIGNAL( activated(int) ), this, SLOT( readyToReceive() ) ); delete _sn; } + if ( _pcd ) + { + pcap_dump_close( _pcd ); + _pcd = 0; + } pcap_close( _pch ); _open = false; } qDebug( "OPacketCapturer::close() --- dumping capturing statistics..." ); qDebug( "--------------------------------------------------" ); for( QMap<QString,int>::Iterator it = _stats.begin(); it != _stats.end(); ++it ) qDebug( "%s : %d", (const char*) it.key(), it.data() ); qDebug( "--------------------------------------------------" ); } int OPacketCapturer::dataLink() const { return pcap_datalink( _pch ); } int OPacketCapturer::fileno() const { if ( _open ) { return pcap_fileno( _pch ); } else { return -1; } } OPacket* OPacketCapturer::next() { packetheaderstruct header; qDebug( "==> OPacketCapturer::next()" ); const unsigned char* pdata = pcap_next( _pch, &header ); qDebug( "<== OPacketCapturer::next()" ); + if ( _pcd ) + pcap_dump( (u_char*) _pcd, &header, pdata ); if ( header.len ) { OPacket* p = new OPacket( dataLink(), header, pdata, 0 ); // packets shouldn't be inserted in the QObject child-parent hierarchy, // because due to memory constraints they will be deleted as soon // as possible - that is right after they have been processed // by emit() [ see below ] //TODO: make gathering statistics optional, because it takes time p->updateStats( _stats, const_cast<QObjectList*>( p->children() ) ); return p; } else { return 0; } } -bool OPacketCapturer::open( const QString& name ) +bool OPacketCapturer::open( const QString& name, const QString& filename ) { if ( _open ) { if ( name == _name ) // ignore opening an already openend device { return true; } else // close the last opened device { close(); } } _name = name; + // open libpcap pcap_t* handle = pcap_open_live( const_cast<char*>( (const char*) name ), 1024, 0, 0, &_errbuf[0] ); - if ( handle ) + if ( !handle ) { - qDebug( "OPacketCapturer::open(): libpcap opened successfully." ); - _pch = handle; - _open = true; - _stats.clear(); + qWarning( "OPacketCapturer::open(): can't open libpcap with '%s': %s", (const char*) name, _errbuf ); + return false; + } - // in case we have an application object, create a socket notifier - if ( qApp ) - { - _sn = new QSocketNotifier( fileno(), QSocketNotifier::Read ); - connect( _sn, SIGNAL( activated(int) ), this, SLOT( readyToReceive() ) ); - } + qDebug( "OPacketCapturer::open(): libpcap [%s] opened successfully.", (const char*) name ); + _pch = handle; + _open = true; + _stats.clear(); - return true; + // in case we have an application object, create a socket notifier + if ( qApp ) //TODO: I don't like this here... + { + _sn = new QSocketNotifier( fileno(), QSocketNotifier::Read ); + connect( _sn, SIGNAL( activated(int) ), this, SLOT( readyToReceive() ) ); } - else + + // if requested, open a dump + pcap_dumper_t* dump = pcap_dump_open( _pch, const_cast<char*>( (const char*) filename ) ); + if ( !dump ) { - qDebug( "OPacketCapturer::open(): can't open libpcap with '%s': %s", (const char*) name, _errbuf ); + qWarning( "OPacketCapturer::open(): can't open dump with '%s': %s", (const char*) filename, _errbuf ); return false; } + qDebug( "OPacketCapturer::open(): dump [%s] opened successfully.", (const char*) filename ); + _pcd = dump; + return true; } bool OPacketCapturer::open( const QFile& file ) { QString name = file.name(); if ( _open ) { close(); if ( name == _name ) // ignore opening an already openend device { return true; } else // close the last opened device { close(); } } _name = name; pcap_t* handle = pcap_open_offline( const_cast<char*>( (const char*) name ), &_errbuf[0] ); if ( handle ) { qDebug( "OPacketCapturer::open(): libpcap opened successfully." ); _pch = handle; _open = true; // in case we have an application object, create a socket notifier if ( qApp ) { _sn = new QSocketNotifier( fileno(), QSocketNotifier::Read ); connect( _sn, SIGNAL( activated(int) ), this, SLOT( readyToReceive() ) ); } return true; } else { qDebug( "OPacketCapturer::open(): can't open libpcap with '%s': %s", (const char*) name, _errbuf ); return false; } } bool OPacketCapturer::isOpen() const { return _open; } void OPacketCapturer::readyToReceive() { qDebug( "OPacketCapturer::readyToReceive(): about to emit 'receivePacket(p)'" ); OPacket* p = next(); emit receivedPacket( p ); // emit is synchronous - packet has been dealt with, now it's safe to delete delete p; } const QMap<QString,int>& OPacketCapturer::statistics() const { return _stats; } diff --git a/libopie2/opienet/opcap.h b/libopie2/opienet/opcap.h index 6c3ac6d..99631ba 100644 --- a/libopie2/opienet/opcap.h +++ b/libopie2/opienet/opcap.h @@ -377,129 +377,131 @@ class OIPPacket : public QObject private: const struct iphdr* _iphdr; }; /*====================================================================================== * OUDPPacket *======================================================================================*/ class OUDPPacket : public QObject { Q_OBJECT public: OUDPPacket( const unsigned char*, const struct udphdr*, QObject* parent = 0 ); virtual ~OUDPPacket(); int fromPort() const; int toPort() const; private: const struct udphdr* _udphdr; }; /*====================================================================================== * OTCPPacket *======================================================================================*/ class OTCPPacket : public QObject { Q_OBJECT public: OTCPPacket( const unsigned char*, const struct tcphdr*, QObject* parent = 0 ); virtual ~OTCPPacket(); int fromPort() const; int toPort() const; private: const struct tcphdr* _tcphdr; }; /*====================================================================================== * OPacketCapturer *======================================================================================*/ /** * @brief A class based wrapper for network packet capturing. * * This class is the base of a high-level interface to the well known packet capturing * library libpcap. ... */ class OPacketCapturer : public QObject { Q_OBJECT public: /** * Constructor. */ OPacketCapturer( QObject* parent = 0, const char* name = 0 ); /** * Destructor. */ ~OPacketCapturer(); /** * Setting the packet capturer to use blocking IO calls can be useful when * not using the socket notifier, e.g. without an application object. */ void setBlocking( bool ); /** * @returns true if the packet capturer uses blocking IO calls. */ bool blocking() const; /** * Closes the packet capturer. This is automatically done in the destructor. */ void close(); /** * @returns the data link type. * @see <pcap.h> for possible values. */ int dataLink() const; /** * @returns the filedescriptor of the packet capturer. This is only useful, if * not using the socket notifier, e.g. without an application object. */ int fileno() const; /** * @returns the next @ref OPacket from the packet capturer. * @note If blocking mode is true then this call might block. */ OPacket* next(); /** * Open the packet capturer to capture packets in live-mode from @a interface. + * If a @a filename is given, all captured packets are output to a tcpdump-compatible capture file. */ - bool open( const QString& interface ); + bool open( const QString& interface, const QString& filename = QString::null ); /** * Open the packet capturer to capture packets in offline-mode from @a file. */ bool open( const QFile& file ); /** * @returns true if the packet capturer is open */ bool isOpen() const; const QMap<QString,int>& statistics() const; signals: /** * This signal is emitted, when a packet has been received. */ void receivedPacket( OPacket* ); protected slots: void readyToReceive(); protected: QString _name; // devicename bool _open; // check this before doing pcap calls pcap_t* _pch; // pcap library handle + pcap_dumper_t* _pcd; // pcap dumper handle QSocketNotifier* _sn; // socket notifier for main loop mutable char _errbuf[PCAP_ERRBUF_SIZE]; // holds error strings from libpcap QMap<QString, int> _stats; // statistics; }; #endif // OPCAP_H |