summaryrefslogtreecommitdiff
authormickeyl <mickeyl>2003-04-10 17:25:24 (UTC)
committer mickeyl <mickeyl>2003-04-10 17:25:24 (UTC)
commit1064aea74c5dd7b3d4f87e483bd85f3fac0cf03c (patch) (side-by-side diff)
tree63e2cb70dbc76e8ac911fbbbb50625e4cc89705b
parent4e8e3741dca909782e15bb197e5b6a78750536c2 (diff)
downloadopie-1064aea74c5dd7b3d4f87e483bd85f3fac0cf03c.zip
opie-1064aea74c5dd7b3d4f87e483bd85f3fac0cf03c.tar.gz
opie-1064aea74c5dd7b3d4f87e483bd85f3fac0cf03c.tar.bz2
OPacketCapturer is now able to write captured packages in the standard tcpdump-compatible format
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--libopie2/opienet/opcap.cpp47
-rw-r--r--libopie2/opienet/opcap.h4
2 files changed, 34 insertions, 17 deletions
diff --git a/libopie2/opienet/opcap.cpp b/libopie2/opienet/opcap.cpp
index 30f6208..04b1bb1 100644
--- a/libopie2/opienet/opcap.cpp
+++ b/libopie2/opienet/opcap.cpp
@@ -641,311 +641,326 @@ OWaveLanManagementIBSS::OWaveLanManagementIBSS( const unsigned char* end, const
}
OWaveLanManagementIBSS::~OWaveLanManagementIBSS()
{
}
/*======================================================================================
* OWaveLanManagementChallenge
*======================================================================================*/
OWaveLanManagementChallenge::OWaveLanManagementChallenge( const unsigned char* end, const struct challenge_t* data, QObject* parent )
:QObject( parent, "802.11 Challenge" ), _data( data )
{
qDebug( "OWaveLanManagementChallenge()" );
}
OWaveLanManagementChallenge::~OWaveLanManagementChallenge()
{
}
/*======================================================================================
* OWaveLanDataPacket
*======================================================================================*/
OWaveLanDataPacket::OWaveLanDataPacket( const unsigned char* end, const struct ieee_802_11_data_header* data, OWaveLanPacket* parent )
:QObject( parent, "802.11 Data" ), _header( data )
{
qDebug( "OWaveLanDataPacket::OWaveLanDataPacket(): decoding frame..." );
const unsigned char* payload = (const unsigned char*) data + sizeof( struct ieee_802_11_data_header );
#warning The next line works for most cases, but can not be correct generally!
if (!( ( (OWaveLanPacket*) this->parent())->duration() )) payload -= 6; // compensation for missing last address
new OLLCPacket( end, (const struct ieee_802_11_802_2_header*) payload, this );
}
OWaveLanDataPacket::~OWaveLanDataPacket()
{
}
/*======================================================================================
* OLLCPacket
*======================================================================================*/
OLLCPacket::OLLCPacket( const unsigned char* end, const struct ieee_802_11_802_2_header* data, QObject* parent )
:QObject( parent, "802.11 LLC" ), _header( data )
{
qDebug( "OLLCPacket::OLLCPacket(): decoding frame..." );
if ( !(_header->oui[0] || _header->oui[1] || _header->oui[2]) )
{
qDebug( "OLLCPacket::OLLCPacket(): contains an encapsulated Ethernet frame (type=%04X)", EXTRACT_16BITS( &_header->type ) );
switch ( EXTRACT_16BITS( &_header->type ) ) // defined in linux/if_ether.h
{
case ETH_P_IP: new OIPPacket( end, (const struct iphdr*) (data+1), this ); break;
default: qDebug( "OLLCPacket::OLLCPacket(): Unknown Encapsulation Type" );
}
}
}
OLLCPacket::~OLLCPacket()
{
}
/*======================================================================================
* OWaveLanControlPacket
*======================================================================================*/
OWaveLanControlPacket::OWaveLanControlPacket( const unsigned char* end, const struct ieee_802_11_control_header* data, OWaveLanPacket* parent )
:QObject( parent, "802.11 Data" ), _header( data )
{
qDebug( "OWaveLanControlPacket::OWaveLanDataControl(): decoding frame..." );
//TODO: Implement this
}
OWaveLanControlPacket::~OWaveLanControlPacket()
{
}
/*======================================================================================
* OPacketCapturer
*======================================================================================*/
OPacketCapturer::OPacketCapturer( QObject* parent, const char* name )
:QObject( parent, name ), _name( QString::null ), _open( false ),
- _pch( 0 ), _sn( 0 )
+ _pch( 0 ), _pcd( 0 ), _sn( 0 )
{
}
OPacketCapturer::~OPacketCapturer()
{
if ( _open )
{
qDebug( "OPacketCapturer::~OPacketCapturer(): pcap still open, autoclosing." );
close();
}
}
void OPacketCapturer::setBlocking( bool b )
{
if ( pcap_setnonblock( _pch, 1-b, _errbuf ) != -1 )
{
qDebug( "OPacketCapturer::setBlocking(): blocking mode changed successfully." );
}
else
{
qDebug( "OPacketCapturer::setBlocking(): can't change blocking mode: %s", _errbuf );
}
}
bool OPacketCapturer::blocking() const
{
int b = pcap_getnonblock( _pch, _errbuf );
if ( b == -1 )
{
qDebug( "OPacketCapturer::blocking(): can't get blocking mode: %s", _errbuf );
return -1;
}
return !b;
}
void OPacketCapturer::close()
{
if ( _open )
{
if ( _sn )
{
_sn->disconnect( SIGNAL( activated(int) ), this, SLOT( readyToReceive() ) );
delete _sn;
}
+ if ( _pcd )
+ {
+ pcap_dump_close( _pcd );
+ _pcd = 0;
+ }
pcap_close( _pch );
_open = false;
}
qDebug( "OPacketCapturer::close() --- dumping capturing statistics..." );
qDebug( "--------------------------------------------------" );
for( QMap<QString,int>::Iterator it = _stats.begin(); it != _stats.end(); ++it )
qDebug( "%s : %d", (const char*) it.key(), it.data() );
qDebug( "--------------------------------------------------" );
}
int OPacketCapturer::dataLink() const
{
return pcap_datalink( _pch );
}
int OPacketCapturer::fileno() const
{
if ( _open )
{
return pcap_fileno( _pch );
}
else
{
return -1;
}
}
OPacket* OPacketCapturer::next()
{
packetheaderstruct header;
qDebug( "==> OPacketCapturer::next()" );
const unsigned char* pdata = pcap_next( _pch, &header );
qDebug( "<== OPacketCapturer::next()" );
+ if ( _pcd )
+ pcap_dump( (u_char*) _pcd, &header, pdata );
if ( header.len )
{
OPacket* p = new OPacket( dataLink(), header, pdata, 0 );
// packets shouldn't be inserted in the QObject child-parent hierarchy,
// because due to memory constraints they will be deleted as soon
// as possible - that is right after they have been processed
// by emit() [ see below ]
//TODO: make gathering statistics optional, because it takes time
p->updateStats( _stats, const_cast<QObjectList*>( p->children() ) );
return p;
}
else
{
return 0;
}
}
-bool OPacketCapturer::open( const QString& name )
+bool OPacketCapturer::open( const QString& name, const QString& filename )
{
if ( _open )
{
if ( name == _name ) // ignore opening an already openend device
{
return true;
}
else // close the last opened device
{
close();
}
}
_name = name;
+ // open libpcap
pcap_t* handle = pcap_open_live( const_cast<char*>( (const char*) name ), 1024, 0, 0, &_errbuf[0] );
- if ( handle )
+ if ( !handle )
{
- qDebug( "OPacketCapturer::open(): libpcap opened successfully." );
- _pch = handle;
- _open = true;
- _stats.clear();
+ qWarning( "OPacketCapturer::open(): can't open libpcap with '%s': %s", (const char*) name, _errbuf );
+ return false;
+ }
- // in case we have an application object, create a socket notifier
- if ( qApp )
- {
- _sn = new QSocketNotifier( fileno(), QSocketNotifier::Read );
- connect( _sn, SIGNAL( activated(int) ), this, SLOT( readyToReceive() ) );
- }
+ qDebug( "OPacketCapturer::open(): libpcap [%s] opened successfully.", (const char*) name );
+ _pch = handle;
+ _open = true;
+ _stats.clear();
- return true;
+ // in case we have an application object, create a socket notifier
+ if ( qApp ) //TODO: I don't like this here...
+ {
+ _sn = new QSocketNotifier( fileno(), QSocketNotifier::Read );
+ connect( _sn, SIGNAL( activated(int) ), this, SLOT( readyToReceive() ) );
}
- else
+
+ // if requested, open a dump
+ pcap_dumper_t* dump = pcap_dump_open( _pch, const_cast<char*>( (const char*) filename ) );
+ if ( !dump )
{
- qDebug( "OPacketCapturer::open(): can't open libpcap with '%s': %s", (const char*) name, _errbuf );
+ qWarning( "OPacketCapturer::open(): can't open dump with '%s': %s", (const char*) filename, _errbuf );
return false;
}
+ qDebug( "OPacketCapturer::open(): dump [%s] opened successfully.", (const char*) filename );
+ _pcd = dump;
+ return true;
}
bool OPacketCapturer::open( const QFile& file )
{
QString name = file.name();
if ( _open )
{
close();
if ( name == _name ) // ignore opening an already openend device
{
return true;
}
else // close the last opened device
{
close();
}
}
_name = name;
pcap_t* handle = pcap_open_offline( const_cast<char*>( (const char*) name ), &_errbuf[0] );
if ( handle )
{
qDebug( "OPacketCapturer::open(): libpcap opened successfully." );
_pch = handle;
_open = true;
// in case we have an application object, create a socket notifier
if ( qApp )
{
_sn = new QSocketNotifier( fileno(), QSocketNotifier::Read );
connect( _sn, SIGNAL( activated(int) ), this, SLOT( readyToReceive() ) );
}
return true;
}
else
{
qDebug( "OPacketCapturer::open(): can't open libpcap with '%s': %s", (const char*) name, _errbuf );
return false;
}
}
bool OPacketCapturer::isOpen() const
{
return _open;
}
void OPacketCapturer::readyToReceive()
{
qDebug( "OPacketCapturer::readyToReceive(): about to emit 'receivePacket(p)'" );
OPacket* p = next();
emit receivedPacket( p );
// emit is synchronous - packet has been dealt with, now it's safe to delete
delete p;
}
const QMap<QString,int>& OPacketCapturer::statistics() const
{
return _stats;
}
diff --git a/libopie2/opienet/opcap.h b/libopie2/opienet/opcap.h
index 6c3ac6d..99631ba 100644
--- a/libopie2/opienet/opcap.h
+++ b/libopie2/opienet/opcap.h
@@ -377,129 +377,131 @@ class OIPPacket : public QObject
private:
const struct iphdr* _iphdr;
};
/*======================================================================================
* OUDPPacket
*======================================================================================*/
class OUDPPacket : public QObject
{
Q_OBJECT
public:
OUDPPacket( const unsigned char*, const struct udphdr*, QObject* parent = 0 );
virtual ~OUDPPacket();
int fromPort() const;
int toPort() const;
private:
const struct udphdr* _udphdr;
};
/*======================================================================================
* OTCPPacket
*======================================================================================*/
class OTCPPacket : public QObject
{
Q_OBJECT
public:
OTCPPacket( const unsigned char*, const struct tcphdr*, QObject* parent = 0 );
virtual ~OTCPPacket();
int fromPort() const;
int toPort() const;
private:
const struct tcphdr* _tcphdr;
};
/*======================================================================================
* OPacketCapturer
*======================================================================================*/
/**
* @brief A class based wrapper for network packet capturing.
*
* This class is the base of a high-level interface to the well known packet capturing
* library libpcap. ...
*/
class OPacketCapturer : public QObject
{
Q_OBJECT
public:
/**
* Constructor.
*/
OPacketCapturer( QObject* parent = 0, const char* name = 0 );
/**
* Destructor.
*/
~OPacketCapturer();
/**
* Setting the packet capturer to use blocking IO calls can be useful when
* not using the socket notifier, e.g. without an application object.
*/
void setBlocking( bool );
/**
* @returns true if the packet capturer uses blocking IO calls.
*/
bool blocking() const;
/**
* Closes the packet capturer. This is automatically done in the destructor.
*/
void close();
/**
* @returns the data link type.
* @see <pcap.h> for possible values.
*/
int dataLink() const;
/**
* @returns the filedescriptor of the packet capturer. This is only useful, if
* not using the socket notifier, e.g. without an application object.
*/
int fileno() const;
/**
* @returns the next @ref OPacket from the packet capturer.
* @note If blocking mode is true then this call might block.
*/
OPacket* next();
/**
* Open the packet capturer to capture packets in live-mode from @a interface.
+ * If a @a filename is given, all captured packets are output to a tcpdump-compatible capture file.
*/
- bool open( const QString& interface );
+ bool open( const QString& interface, const QString& filename = QString::null );
/**
* Open the packet capturer to capture packets in offline-mode from @a file.
*/
bool open( const QFile& file );
/**
* @returns true if the packet capturer is open
*/
bool isOpen() const;
const QMap<QString,int>& statistics() const;
signals:
/**
* This signal is emitted, when a packet has been received.
*/
void receivedPacket( OPacket* );
protected slots:
void readyToReceive();
protected:
QString _name; // devicename
bool _open; // check this before doing pcap calls
pcap_t* _pch; // pcap library handle
+ pcap_dumper_t* _pcd; // pcap dumper handle
QSocketNotifier* _sn; // socket notifier for main loop
mutable char _errbuf[PCAP_ERRBUF_SIZE]; // holds error strings from libpcap
QMap<QString, int> _stats; // statistics;
};
#endif // OPCAP_H