summaryrefslogtreecommitdiff
authormickeyl <mickeyl>2003-05-04 20:38:24 (UTC)
committer mickeyl <mickeyl>2003-05-04 20:38:24 (UTC)
commit09dceae91b14a4b2d936ebfc6c7c276686c2b98c (patch) (side-by-side diff)
treeb8ebc6f92ca0008a90ef036c3c5ba873a2f59670
parent8409a251d52b59585889e1bcaa278a6b847db2fc (diff)
downloadopie-09dceae91b14a4b2d936ebfc6c7c276686c2b98c.zip
opie-09dceae91b14a4b2d936ebfc6c7c276686c2b98c.tar.gz
opie-09dceae91b14a4b2d936ebfc6c7c276686c2b98c.tar.bz2
add parsing of ARP packets
Diffstat (more/less context) (show whitespace changes)
-rw-r--r--libopie2/opienet/802_11_user.h47
-rw-r--r--libopie2/opienet/opcap.cpp65
-rw-r--r--libopie2/opienet/opcap.h24
3 files changed, 110 insertions, 26 deletions
diff --git a/libopie2/opienet/802_11_user.h b/libopie2/opienet/802_11_user.h
index cd98503..ad84514 100644
--- a/libopie2/opienet/802_11_user.h
+++ b/libopie2/opienet/802_11_user.h
@@ -55,27 +55,6 @@ struct ieee_802_3_header {
#define P80211_OUI_LEN 3
-struct ieee_802_11_snap_header {
-
- u_int8_t dsap; /* always 0xAA */
- u_int8_t ssap; /* always 0xAA */
- u_int8_t ctrl; /* always 0x03 */
- u_int8_t oui[P80211_OUI_LEN]; /* organizational universal id */
-
-} __attribute__ ((packed));
-
-#define P80211_LLC_OUI_LEN 3
-
-struct ieee_802_11_802_1H_header {
-
- u_int8_t dsap;
- u_int8_t ssap; /* always 0xAA */
- u_int8_t ctrl; /* always 0x03 */
- u_int8_t oui[P80211_OUI_LEN]; /* organizational universal id */
- u_int16_t unknown1; /* packet type ID fields */
- u_int16_t unknown2; /* here is something like length in some cases */
-} __attribute__ ((packed));
-
struct ieee_802_11_802_2_header {
u_int8_t dsap;
@@ -83,9 +62,31 @@ struct ieee_802_11_802_2_header {
u_int8_t ctrl; /* always 0x03 */
u_int8_t oui[P80211_OUI_LEN]; /* organizational universal id */
u_int16_t type; /* packet type ID field */
+};
-} __attribute__ ((packed));
-
+/* See RFC 826 for protocol description. ARP packets are variable
+ in size; the arphdr structure defines the fixed-length portion.
+ Protocol type values are the same as those for 10 Mb/s Ethernet.
+ It is followed by the variable-sized fields ar_sha, arp_spa,
+ arp_tha and arp_tpa in that order, according to the lengths
+ specified. Field names used correspond to RFC 826. */
+
+#define ETH_ALEN 6
+
+struct myarphdr
+{
+ unsigned short int ar_hrd; /* Format of hardware address. */
+ unsigned short int ar_pro; /* Format of protocol address. */
+ unsigned char ar_hln; /* Length of hardware address. */
+ unsigned char ar_pln; /* Length of protocol address. */
+ unsigned short int ar_op; /* ARP opcode (command). */
+ /* Ethernet looks like this : This bit is variable sized
+ however... */
+ unsigned char ar_sha[ETH_ALEN]; /* Sender hardware address. */
+ unsigned char ar_sip[4]; /* Sender IP address. */
+ unsigned char ar_tha[ETH_ALEN]; /* Target hardware address. */
+ unsigned char ar_tip[4]; /* Target IP address. */
+};
// following is incoplete and may be incorrect and need reorganization
diff --git a/libopie2/opienet/opcap.cpp b/libopie2/opienet/opcap.cpp
index 675818e..e2ab6d7 100644
--- a/libopie2/opienet/opcap.cpp
+++ b/libopie2/opienet/opcap.cpp
@@ -158,7 +158,6 @@ int OPacket::len() const
OEthernetPacket::OEthernetPacket( const unsigned char* end, const struct ether_header* data, QObject* parent )
:QObject( parent, "Ethernet" ), _ether( data )
-
{
qDebug( "Source = %s", (const char*) sourceAddress().toString() );
@@ -209,7 +208,6 @@ int OEthernetPacket::type() const
OIPPacket::OIPPacket( const unsigned char* end, const struct iphdr* data, QObject* parent )
:QObject( parent, "IP" ), _iphdr( data )
-
{
qDebug( "OIPPacket::OIPPacket(): decoding IP header..." );
@@ -287,6 +285,66 @@ int OIPPacket::checksum() const
}
/*======================================================================================
+ * OARPPacket
+ *======================================================================================*/
+
+
+OARPPacket::OARPPacket( const unsigned char* end, const struct myarphdr* data, QObject* parent )
+ :QObject( parent, "ARP" ), _arphdr( data )
+{
+ qDebug( "OARPPacket::OARPPacket(): decoding ARP header..." );
+ qDebug( "ARP type seems to be %02d - '%s'", EXTRACT_16BITS( &_arphdr->ar_op ), (const char*) type() );
+ qDebug( "Sender: MAC %s = IP %s", (const char*) senderMacAddress().toString(), (const char*) senderIPV4Address().toString() );
+ qDebug( "Target: MAC %s = IP %s", (const char*) targetMacAddress().toString(), (const char*) targetIPV4Address().toString() );
+}
+
+
+OARPPacket::~OARPPacket()
+{
+}
+
+
+QString OARPPacket::type() const
+{
+ switch ( EXTRACT_16BITS( &_arphdr->ar_op ) )
+ {
+ case 1: return "REQUEST";
+ case 2: return "REPLY";
+ case 3: return "RREQUEST";
+ case 4: return "RREPLY";
+ case 8: return "InREQUEST";
+ case 9: return "InREPLY";
+ case 10: return "NAK";
+ default: qWarning( "OARPPacket::type(): invalid ARP type!" ); return "<unknown>";
+ }
+}
+
+
+QHostAddress OARPPacket::senderIPV4Address() const
+{
+ return EXTRACT_32BITS( &_arphdr->ar_sip );
+}
+
+
+QHostAddress OARPPacket::targetIPV4Address() const
+{
+ return EXTRACT_32BITS( &_arphdr->ar_tip );
+}
+
+
+OMacAddress OARPPacket::senderMacAddress() const
+{
+ return OMacAddress( _arphdr->ar_sha );
+}
+
+
+OMacAddress OARPPacket::targetMacAddress() const
+{
+ return OMacAddress( _arphdr->ar_tha );
+}
+
+
+/*======================================================================================
* OUDPPacket
*======================================================================================*/
@@ -730,7 +788,8 @@ OLLCPacket::OLLCPacket( const unsigned char* end, const struct ieee_802_11_802_2
switch ( EXTRACT_16BITS( &_header->type ) ) // defined in linux/if_ether.h
{
case ETH_P_IP: new OIPPacket( end, (const struct iphdr*) (data+1), this ); break;
- default: qDebug( "OLLCPacket::OLLCPacket(): Unknown Encapsulation Type" );
+ case ETH_P_ARP: new OARPPacket( end, (const struct myarphdr*) (data+1), this ); break;
+ default: qWarning( "OLLCPacket::OLLCPacket(): Unknown Encapsulation (type=%04X)", EXTRACT_16BITS( &_header->type ) );
}
}
diff --git a/libopie2/opienet/opcap.h b/libopie2/opienet/opcap.h
index bee0ca0..5a50d9b 100644
--- a/libopie2/opienet/opcap.h
+++ b/libopie2/opienet/opcap.h
@@ -438,6 +438,30 @@ class OIPPacket : public QObject
};
/*======================================================================================
+ * OARPPacket
+ *======================================================================================*/
+
+class OARPPacket : public QObject
+{
+ Q_OBJECT
+
+ public:
+ OARPPacket( const unsigned char*, const struct myarphdr*, QObject* parent = 0 );
+ virtual ~OARPPacket();
+
+ QHostAddress senderIPV4Address() const;
+ OMacAddress senderMacAddress() const;
+ QHostAddress targetIPV4Address() const;
+ OMacAddress targetMacAddress() const;
+
+ //int type() const;
+ QString type() const;
+
+ private:
+ const struct myarphdr* _arphdr;
+};
+
+/*======================================================================================
* OUDPPacket
*======================================================================================*/