summaryrefslogtreecommitdiff
path: root/libopie2/opienet
authormickeyl <mickeyl>2003-04-10 15:47:23 (UTC)
committer mickeyl <mickeyl>2003-04-10 15:47:23 (UTC)
commit3733471135ea180709fcf4695607cce0c5fc7fb5 (patch) (unidiff)
tree792c96ad5351b9396a0c129738b5cff9e2b00614 /libopie2/opienet
parent101e039ba53d4ccbe5b46575bb56c07f6f544db6 (diff)
downloadopie-3733471135ea180709fcf4695607cce0c5fc7fb5.zip
opie-3733471135ea180709fcf4695607cce0c5fc7fb5.tar.gz
opie-3733471135ea180709fcf4695607cce0c5fc7fb5.tar.bz2
add support for working with capture files (e.g. from tcpdump, ethereal, et.al.)
Diffstat (limited to 'libopie2/opienet') (more/less context) (ignore whitespace changes)
-rw-r--r--libopie2/opienet/opcap.cpp48
-rw-r--r--libopie2/opienet/opcap.h64
2 files changed, 101 insertions, 11 deletions
diff --git a/libopie2/opienet/opcap.cpp b/libopie2/opienet/opcap.cpp
index 6a3dc26..30f6208 100644
--- a/libopie2/opienet/opcap.cpp
+++ b/libopie2/opienet/opcap.cpp
@@ -767,141 +767,185 @@ bool OPacketCapturer::blocking() const
767 int b = pcap_getnonblock( _pch, _errbuf ); 767 int b = pcap_getnonblock( _pch, _errbuf );
768 if ( b == -1 ) 768 if ( b == -1 )
769 { 769 {
770 qDebug( "OPacketCapturer::blocking(): can't get blocking mode: %s", _errbuf ); 770 qDebug( "OPacketCapturer::blocking(): can't get blocking mode: %s", _errbuf );
771 return -1; 771 return -1;
772 } 772 }
773 return !b; 773 return !b;
774} 774}
775 775
776 776
777void OPacketCapturer::close() 777void OPacketCapturer::close()
778{ 778{
779 if ( _open ) 779 if ( _open )
780 { 780 {
781 if ( _sn ) 781 if ( _sn )
782 { 782 {
783 _sn->disconnect( SIGNAL( activated(int) ), this, SLOT( readyToReceive() ) ); 783 _sn->disconnect( SIGNAL( activated(int) ), this, SLOT( readyToReceive() ) );
784 delete _sn; 784 delete _sn;
785 } 785 }
786 pcap_close( _pch ); 786 pcap_close( _pch );
787 _open = false; 787 _open = false;
788 } 788 }
789 789
790 qDebug( "OPacketCapturer::close() --- dumping capturing statistics..." ); 790 qDebug( "OPacketCapturer::close() --- dumping capturing statistics..." );
791 qDebug( "--------------------------------------------------" ); 791 qDebug( "--------------------------------------------------" );
792 for( QMap<QString,int>::Iterator it = _stats.begin(); it != _stats.end(); ++it ) 792 for( QMap<QString,int>::Iterator it = _stats.begin(); it != _stats.end(); ++it )
793 qDebug( "%s : %d", (const char*) it.key(), it.data() ); 793 qDebug( "%s : %d", (const char*) it.key(), it.data() );
794 qDebug( "--------------------------------------------------" ); 794 qDebug( "--------------------------------------------------" );
795 795
796} 796}
797 797
798 798
799int OPacketCapturer::dataLink() const 799int OPacketCapturer::dataLink() const
800{ 800{
801 return pcap_datalink( _pch ); 801 return pcap_datalink( _pch );
802} 802}
803 803
804 804
805int OPacketCapturer::fileno() const 805int OPacketCapturer::fileno() const
806{ 806{
807 if ( _open ) 807 if ( _open )
808 { 808 {
809 return pcap_fileno( _pch ); 809 return pcap_fileno( _pch );
810 } 810 }
811 else 811 else
812 { 812 {
813 return -1; 813 return -1;
814 } 814 }
815} 815}
816 816
817OPacket* OPacketCapturer::next() 817OPacket* OPacketCapturer::next()
818{ 818{
819 packetheaderstruct header; 819 packetheaderstruct header;
820 qDebug( "==> OPacketCapturer::next()" ); 820 qDebug( "==> OPacketCapturer::next()" );
821 const unsigned char* pdata = pcap_next( _pch, &header ); 821 const unsigned char* pdata = pcap_next( _pch, &header );
822 qDebug( "<== OPacketCapturer::next()" ); 822 qDebug( "<== OPacketCapturer::next()" );
823 823
824 if ( header.len ) 824 if ( header.len )
825 { 825 {
826 OPacket* p = new OPacket( dataLink(), header, pdata, 0 ); 826 OPacket* p = new OPacket( dataLink(), header, pdata, 0 );
827 // packets shouldn't be inserted in the QObject child-parent hierarchy, 827 // packets shouldn't be inserted in the QObject child-parent hierarchy,
828 // because due to memory constraints they will be deleted as soon 828 // because due to memory constraints they will be deleted as soon
829 // as possible - that is right after they have been processed 829 // as possible - that is right after they have been processed
830 // by emit() [ see below ] 830 // by emit() [ see below ]
831
832 //TODO: make gathering statistics optional, because it takes time 831 //TODO: make gathering statistics optional, because it takes time
833 p->updateStats( _stats, const_cast<QObjectList*>( p->children() ) ); 832 p->updateStats( _stats, const_cast<QObjectList*>( p->children() ) );
834 833
835 return p; 834 return p;
836 } 835 }
837 else 836 else
838 { 837 {
839 return 0; 838 return 0;
840 } 839 }
841} 840}
842 841
843 842
844bool OPacketCapturer::open( const QString& name ) 843bool OPacketCapturer::open( const QString& name )
845{ 844{
846 if ( _open ) 845 if ( _open )
847 { 846 {
848 if ( name == _name ) // ignore opening an already openend device 847 if ( name == _name ) // ignore opening an already openend device
849 { 848 {
850 return true; 849 return true;
851 } 850 }
852 else // close the last opened device 851 else // close the last opened device
853 { 852 {
854 close(); 853 close();
855 } 854 }
856 } 855 }
857 856
858 _name = name; 857 _name = name;
859 858
860 pcap_t* handle = pcap_open_live( const_cast<char*>( (const char*) name ), 1024, 0, 0, &_errbuf[0] ); 859 pcap_t* handle = pcap_open_live( const_cast<char*>( (const char*) name ), 1024, 0, 0, &_errbuf[0] );
861 860
862 if ( handle ) 861 if ( handle )
863 { 862 {
864 qDebug( "OPacketCapturer::open(): libpcap opened successfully." ); 863 qDebug( "OPacketCapturer::open(): libpcap opened successfully." );
865 _pch = handle; 864 _pch = handle;
866 _open = true; 865 _open = true;
867 _stats.clear(); 866 _stats.clear();
868 867
869 // in case we have an application object, create a socket notifier 868 // in case we have an application object, create a socket notifier
870 if ( qApp ) 869 if ( qApp )
871 { 870 {
872 _sn = new QSocketNotifier( fileno(), QSocketNotifier::Read ); 871 _sn = new QSocketNotifier( fileno(), QSocketNotifier::Read );
873 connect( _sn, SIGNAL( activated(int) ), this, SLOT( readyToReceive() ) ); 872 connect( _sn, SIGNAL( activated(int) ), this, SLOT( readyToReceive() ) );
874 } 873 }
875 874
876 return true; 875 return true;
877 } 876 }
878 else 877 else
879 { 878 {
880 qDebug( "OPacketCapturer::open(): can't open libpcap: %s", _errbuf ); 879 qDebug( "OPacketCapturer::open(): can't open libpcap with '%s': %s", (const char*) name, _errbuf );
880 return false;
881 }
882
883}
884
885
886bool OPacketCapturer::open( const QFile& file )
887{
888 QString name = file.name();
889
890 if ( _open )
891 {
892 close();
893 if ( name == _name ) // ignore opening an already openend device
894 {
895 return true;
896 }
897 else // close the last opened device
898 {
899 close();
900 }
901 }
902
903 _name = name;
904
905 pcap_t* handle = pcap_open_offline( const_cast<char*>( (const char*) name ), &_errbuf[0] );
906
907 if ( handle )
908 {
909 qDebug( "OPacketCapturer::open(): libpcap opened successfully." );
910 _pch = handle;
911 _open = true;
912
913 // in case we have an application object, create a socket notifier
914 if ( qApp )
915 {
916 _sn = new QSocketNotifier( fileno(), QSocketNotifier::Read );
917 connect( _sn, SIGNAL( activated(int) ), this, SLOT( readyToReceive() ) );
918 }
919
920 return true;
921 }
922 else
923 {
924 qDebug( "OPacketCapturer::open(): can't open libpcap with '%s': %s", (const char*) name, _errbuf );
881 return false; 925 return false;
882 } 926 }
883 927
884} 928}
885 929
886 930
887bool OPacketCapturer::isOpen() const 931bool OPacketCapturer::isOpen() const
888{ 932{
889 return _open; 933 return _open;
890} 934}
891 935
892 936
893void OPacketCapturer::readyToReceive() 937void OPacketCapturer::readyToReceive()
894{ 938{
895 qDebug( "OPacketCapturer::readyToReceive(): about to emit 'receivePacket(p)'" ); 939 qDebug( "OPacketCapturer::readyToReceive(): about to emit 'receivePacket(p)'" );
896 OPacket* p = next(); 940 OPacket* p = next();
897 emit receivedPacket( p ); 941 emit receivedPacket( p );
898 // emit is synchronous - packet has been dealt with, now it's safe to delete 942 // emit is synchronous - packet has been dealt with, now it's safe to delete
899 delete p; 943 delete p;
900} 944}
901 945
902 946
903const QMap<QString,int>& OPacketCapturer::statistics() const 947const QMap<QString,int>& OPacketCapturer::statistics() const
904{ 948{
905 return _stats; 949 return _stats;
906} 950}
907 951
diff --git a/libopie2/opienet/opcap.h b/libopie2/opienet/opcap.h
index c9b0624..6c3ac6d 100644
--- a/libopie2/opienet/opcap.h
+++ b/libopie2/opienet/opcap.h
@@ -1,113 +1,114 @@
1/* 1/*
2                 This file is part of the Opie Project 2                 This file is part of the Opie Project
3              Copyright (C) 2003 by the Wellenreiter team: 3              Copyright (C) 2003 by the Wellenreiter team:
4 Martin J. Muench <mjm@remote-exploit.org> 4 Martin J. Muench <mjm@remote-exploit.org>
5 Max Moser <mmo@remote-exploit.org 5 Max Moser <mmo@remote-exploit.org
6 Michael 'Mickey' Lauer <mickey@tm.informatik.uni-frankfurt.de> 6 Michael 'Mickey' Lauer <mickey@tm.informatik.uni-frankfurt.de>
7 =. 7 =.
8 .=l. 8 .=l.
9           .>+-= 9           .>+-=
10 _;:,     .>    :=|. This program is free software; you can 10 _;:,     .>    :=|. This program is free software; you can
11.> <`_,   >  .   <= redistribute it and/or modify it under 11.> <`_,   >  .   <= redistribute it and/or modify it under
12:`=1 )Y*s>-.--   : the terms of the GNU Library General Public 12:`=1 )Y*s>-.--   : the terms of the GNU Library General Public
13.="- .-=="i,     .._ License as published by the Free Software 13.="- .-=="i,     .._ License as published by the Free Software
14 - .   .-<_>     .<> Foundation; either version 2 of the License, 14 - .   .-<_>     .<> Foundation; either version 2 of the License,
15     ._= =}       : or (at your option) any later version. 15     ._= =}       : or (at your option) any later version.
16    .%`+i>       _;_. 16    .%`+i>       _;_.
17    .i_,=:_.      -<s. This program is distributed in the hope that 17    .i_,=:_.      -<s. This program is distributed in the hope that
18     +  .  -:.       = it will be useful, but WITHOUT ANY WARRANTY; 18     +  .  -:.       = it will be useful, but WITHOUT ANY WARRANTY;
19    : ..    .:,     . . . without even the implied warranty of 19    : ..    .:,     . . . without even the implied warranty of
20    =_        +     =;=|` MERCHANTABILITY or FITNESS FOR A 20    =_        +     =;=|` MERCHANTABILITY or FITNESS FOR A
21  _.=:.       :    :=>`: PARTICULAR PURPOSE. See the GNU 21  _.=:.       :    :=>`: PARTICULAR PURPOSE. See the GNU
22..}^=.=       =       ; Library General Public License for more 22..}^=.=       =       ; Library General Public License for more
23++=   -.     .`     .: details. 23++=   -.     .`     .: details.
24 :     =  ...= . :.=- 24 :     =  ...= . :.=-
25 -.   .:....=;==+<; You should have received a copy of the GNU 25 -.   .:....=;==+<; You should have received a copy of the GNU
26  -_. . .   )=.  = Library General Public License along with 26  -_. . .   )=.  = Library General Public License along with
27    --        :-=` this library; see the file COPYING.LIB. 27    --        :-=` this library; see the file COPYING.LIB.
28 If not, write to the Free Software Foundation, 28 If not, write to the Free Software Foundation,
29 Inc., 59 Temple Place - Suite 330, 29 Inc., 59 Temple Place - Suite 330,
30 Boston, MA 02111-1307, USA. 30 Boston, MA 02111-1307, USA.
31 31
32*/ 32*/
33 33
34#ifndef OPCAP_H 34#ifndef OPCAP_H
35#define OPCAP_H 35#define OPCAP_H
36 36
37/* LINUX */ 37/* LINUX */
38extern "C" // work around a bpf/pcap conflict in recent headers 38extern "C" // work around a bpf/pcap conflict in recent headers
39{ 39{
40 #include <pcap.h> 40 #include <pcap.h>
41} 41}
42#include <netinet/ether.h> 42#include <netinet/ether.h>
43#include <netinet/ip.h> 43#include <netinet/ip.h>
44#include <netinet/udp.h> 44#include <netinet/udp.h>
45#include <netinet/tcp.h> 45#include <netinet/tcp.h>
46#include <time.h> 46#include <time.h>
47 47
48/* QT */ 48/* QT */
49#include <qevent.h> 49#include <qevent.h>
50#include <qfile.h>
50#include <qhostaddress.h> 51#include <qhostaddress.h>
51#include <qobject.h> 52#include <qobject.h>
52#include <qstring.h> 53#include <qstring.h>
53#include <qmap.h> 54#include <qmap.h>
54 55
55/* OPIE */ 56/* OPIE */
56#include <opie2/onetutils.h> 57#include <opie2/onetutils.h>
57#include "802_11_user.h" 58#include "802_11_user.h"
58 59
59/* TYPEDEFS */ 60/* TYPEDEFS */
60typedef struct timeval timevalstruct; 61typedef struct timeval timevalstruct;
61typedef struct pcap_pkthdr packetheaderstruct; 62typedef struct pcap_pkthdr packetheaderstruct;
62 63
63/* FORWARDS */ 64/* FORWARDS */
64class OPacketCapturer; 65class OPacketCapturer;
65class QSocketNotifier; 66class QSocketNotifier;
66 67
67/*====================================================================================== 68/*======================================================================================
68 * OPacket - A frame on the wire 69 * OPacket - A frame on the wire
69 *======================================================================================*/ 70 *======================================================================================*/
70 71
71class OPacket : public QObject 72class OPacket : public QObject
72{ 73{
73 Q_OBJECT 74 Q_OBJECT
74 75
75 public: 76 public:
76 OPacket( int datalink, packetheaderstruct, const unsigned char*, QObject* parent ); 77 OPacket( int datalink, packetheaderstruct, const unsigned char*, QObject* parent );
77 virtual ~OPacket(); 78 virtual ~OPacket();
78 79
79 timevalstruct timeval() const; 80 timevalstruct timeval() const;
80 81
81 int caplen() const; 82 int caplen() const;
82 int len() const; 83 int len() const;
83 QString dump( int = 32 ) const; 84 QString dump( int = 32 ) const;
84 85
85 void updateStats( QMap<QString,int>&, QObjectList* ); 86 void updateStats( QMap<QString,int>&, QObjectList* );
86 87
87 private: 88 private:
88 const packetheaderstruct _hdr; // pcap packet header 89 const packetheaderstruct _hdr; // pcap packet header
89 const unsigned char* _data; // pcap packet data 90 const unsigned char* _data; // pcap packet data
90 const unsigned char* _end; // end of pcap packet data 91 const unsigned char* _end; // end of pcap packet data
91}; 92};
92 93
93/*====================================================================================== 94/*======================================================================================
94 * OEthernetPacket - DLT_EN10MB frame 95 * OEthernetPacket - DLT_EN10MB frame
95 *======================================================================================*/ 96 *======================================================================================*/
96 97
97class OEthernetPacket : public QObject 98class OEthernetPacket : public QObject
98{ 99{
99 Q_OBJECT 100 Q_OBJECT
100 101
101 public: 102 public:
102 OEthernetPacket( const unsigned char*, const struct ether_header*, QObject* parent = 0 ); 103 OEthernetPacket( const unsigned char*, const struct ether_header*, QObject* parent = 0 );
103 virtual ~OEthernetPacket(); 104 virtual ~OEthernetPacket();
104 105
105 OMacAddress sourceAddress() const; 106 OMacAddress sourceAddress() const;
106 OMacAddress destinationAddress() const; 107 OMacAddress destinationAddress() const;
107 int type() const; 108 int type() const;
108 109
109 private: 110 private:
110 const struct ether_header* _ether; 111 const struct ether_header* _ether;
111}; 112};
112 113
113 114
@@ -359,101 +360,146 @@ class OIPPacket : public QObject
359 Q_OBJECT 360 Q_OBJECT
360 361
361 public: 362 public:
362 OIPPacket( const unsigned char*, const struct iphdr*, QObject* parent = 0 ); 363 OIPPacket( const unsigned char*, const struct iphdr*, QObject* parent = 0 );
363 virtual ~OIPPacket(); 364 virtual ~OIPPacket();
364 365
365 QHostAddress fromIPAddress() const; 366 QHostAddress fromIPAddress() const;
366 QHostAddress toIPAddress() const; 367 QHostAddress toIPAddress() const;
367 368
368 int tos() const; 369 int tos() const;
369 int len() const; 370 int len() const;
370 int id() const; 371 int id() const;
371 int offset() const; 372 int offset() const;
372 int ttl() const; 373 int ttl() const;
373 int protocol() const; 374 int protocol() const;
374 int checksum() const; 375 int checksum() const;
375 376
376 private: 377 private:
377 const struct iphdr* _iphdr; 378 const struct iphdr* _iphdr;
378}; 379};
379 380
380/*====================================================================================== 381/*======================================================================================
381 * OUDPPacket 382 * OUDPPacket
382 *======================================================================================*/ 383 *======================================================================================*/
383 384
384class OUDPPacket : public QObject 385class OUDPPacket : public QObject
385{ 386{
386 Q_OBJECT 387 Q_OBJECT
387 388
388 public: 389 public:
389 OUDPPacket( const unsigned char*, const struct udphdr*, QObject* parent = 0 ); 390 OUDPPacket( const unsigned char*, const struct udphdr*, QObject* parent = 0 );
390 virtual ~OUDPPacket(); 391 virtual ~OUDPPacket();
391 392
392 int fromPort() const; 393 int fromPort() const;
393 int toPort() const; 394 int toPort() const;
394 395
395 private: 396 private:
396 const struct udphdr* _udphdr; 397 const struct udphdr* _udphdr;
397}; 398};
398 399
399/*====================================================================================== 400/*======================================================================================
400 * OTCPPacket 401 * OTCPPacket
401 *======================================================================================*/ 402 *======================================================================================*/
402 403
403class OTCPPacket : public QObject 404class OTCPPacket : public QObject
404{ 405{
405 Q_OBJECT 406 Q_OBJECT
406 407
407 public: 408 public:
408 OTCPPacket( const unsigned char*, const struct tcphdr*, QObject* parent = 0 ); 409 OTCPPacket( const unsigned char*, const struct tcphdr*, QObject* parent = 0 );
409 virtual ~OTCPPacket(); 410 virtual ~OTCPPacket();
410 411
411 int fromPort() const; 412 int fromPort() const;
412 int toPort() const; 413 int toPort() const;
413 414
414 private: 415 private:
415 const struct tcphdr* _tcphdr; 416 const struct tcphdr* _tcphdr;
416}; 417};
417 418
418 419
419/*====================================================================================== 420/*======================================================================================
420 * OPacketCapturer 421 * OPacketCapturer
421 *======================================================================================*/ 422 *======================================================================================*/
422 423
424/**
425 * @brief A class based wrapper for network packet capturing.
426 *
427 * This class is the base of a high-level interface to the well known packet capturing
428 * library libpcap. ...
429 */
423class OPacketCapturer : public QObject 430class OPacketCapturer : public QObject
424{ 431{
425 Q_OBJECT 432 Q_OBJECT
426 433
427 public: 434 public:
435 /**
436 * Constructor.
437 */
428 OPacketCapturer( QObject* parent = 0, const char* name = 0 ); 438 OPacketCapturer( QObject* parent = 0, const char* name = 0 );
439 /**
440 * Destructor.
441 */
429 ~OPacketCapturer(); 442 ~OPacketCapturer();
430 443 /**
444 * Setting the packet capturer to use blocking IO calls can be useful when
445 * not using the socket notifier, e.g. without an application object.
446 */
431 void setBlocking( bool ); 447 void setBlocking( bool );
448 /**
449 * @returns true if the packet capturer uses blocking IO calls.
450 */
432 bool blocking() const; 451 bool blocking() const;
433 452 /**
453 * Closes the packet capturer. This is automatically done in the destructor.
454 */
434 void close(); 455 void close();
456 /**
457 * @returns the data link type.
458 * @see <pcap.h> for possible values.
459 */
435 int dataLink() const; 460 int dataLink() const;
461 /**
462 * @returns the filedescriptor of the packet capturer. This is only useful, if
463 * not using the socket notifier, e.g. without an application object.
464 */
436 int fileno() const; 465 int fileno() const;
466 /**
467 * @returns the next @ref OPacket from the packet capturer.
468 * @note If blocking mode is true then this call might block.
469 */
437 OPacket* next(); 470 OPacket* next();
438 bool open( const QString& name ); 471 /**
472 * Open the packet capturer to capture packets in live-mode from @a interface.
473 */
474 bool open( const QString& interface );
475 /**
476 * Open the packet capturer to capture packets in offline-mode from @a file.
477 */
478 bool open( const QFile& file );
479 /**
480 * @returns true if the packet capturer is open
481 */
439 bool isOpen() const; 482 bool isOpen() const;
440 483
441 const QMap<QString,int>& statistics() const; 484 const QMap<QString,int>& statistics() const;
442 485
443 signals: 486 signals:
487 /**
488 * This signal is emitted, when a packet has been received.
489 */
444 void receivedPacket( OPacket* ); 490 void receivedPacket( OPacket* );
445 491
446 protected slots: 492 protected slots:
447 void readyToReceive(); 493 void readyToReceive();
448 494
449 protected: 495 protected:
450 QString _name; // devicename 496 QString _name; // devicename
451 bool _open; // check this before doing pcap calls 497 bool _open; // check this before doing pcap calls
452 pcap_t* _pch; // pcap library handle 498 pcap_t* _pch; // pcap library handle
453 QSocketNotifier* _sn; // socket notifier for main loop 499 QSocketNotifier* _sn; // socket notifier for main loop
454 mutable char _errbuf[PCAP_ERRBUF_SIZE]; 500 mutable char _errbuf[PCAP_ERRBUF_SIZE]; // holds error strings from libpcap
455 QMap<QString, int> _stats; // statistics; 501 QMap<QString, int> _stats; // statistics;
456}; 502};
457 503
458#endif // OPCAP_H 504#endif // OPCAP_H
459 505