| -rw-r--r-- | libopie2/opienet/opcap.cpp | 82 | ||||
| -rw-r--r-- | libopie2/opienet/opcap.h | 10 |
2 files changed, 92 insertions, 0 deletions
diff --git a/libopie2/opienet/opcap.cpp b/libopie2/opienet/opcap.cpp index f1f2b4b..7a6f61b 100644 --- a/libopie2/opienet/opcap.cpp +++ b/libopie2/opienet/opcap.cpp @@ -284,264 +284,346 @@ int OIPPacket::protocol() const int OIPPacket::checksum() const { return EXTRACT_16BITS( &_iphdr->check ); } /*====================================================================================== * OARPPacket *======================================================================================*/ OARPPacket::OARPPacket( const unsigned char* end, const struct myarphdr* data, QObject* parent ) :QObject( parent, "ARP" ), _arphdr( data ) { qDebug( "OARPPacket::OARPPacket(): decoding ARP header..." ); qDebug( "ARP type seems to be %02d - '%s'", EXTRACT_16BITS( &_arphdr->ar_op ), (const char*) type() ); qDebug( "Sender: MAC %s = IP %s", (const char*) senderMacAddress().toString(), (const char*) senderIPV4Address().toString() ); qDebug( "Target: MAC %s = IP %s", (const char*) targetMacAddress().toString(), (const char*) targetIPV4Address().toString() ); } OARPPacket::~OARPPacket() { } QString OARPPacket::type() const { switch ( EXTRACT_16BITS( &_arphdr->ar_op ) ) { case 1: return "REQUEST"; case 2: return "REPLY"; case 3: return "RREQUEST"; case 4: return "RREPLY"; case 8: return "InREQUEST"; case 9: return "InREPLY"; case 10: return "NAK"; default: qWarning( "OARPPacket::type(): invalid ARP type!" ); return "<unknown>"; } } QHostAddress OARPPacket::senderIPV4Address() const { return EXTRACT_32BITS( &_arphdr->ar_sip ); } QHostAddress OARPPacket::targetIPV4Address() const { return EXTRACT_32BITS( &_arphdr->ar_tip ); } OMacAddress OARPPacket::senderMacAddress() const { return OMacAddress( _arphdr->ar_sha ); } OMacAddress OARPPacket::targetMacAddress() const { return OMacAddress( _arphdr->ar_tha ); } /*====================================================================================== * OUDPPacket *======================================================================================*/ OUDPPacket::OUDPPacket( const unsigned char* end, const struct udphdr* data, QObject* parent ) :QObject( parent, "UDP" ), _udphdr( data ) { qDebug( "OUDPPacket::OUDPPacket(): decoding UDP header..." ); qDebug( "fromPort = %d", fromPort() ); qDebug( " toPort = %d", toPort() ); // TODO: Make this a case or a hash if we know more udp protocols if ( fromPort() == UDP_PORT_BOOTPS || fromPort() == UDP_PORT_BOOTPC || toPort() == UDP_PORT_BOOTPS || toPort() == UDP_PORT_BOOTPC ) { qDebug( "seems to be part of a DHCP conversation => creating DHCP packet." ); new ODHCPPacket( end, (const struct dhcp_packet*) (data+1), this ); } } OUDPPacket::~OUDPPacket() { } int OUDPPacket::fromPort() const { return EXTRACT_16BITS( &_udphdr->source ); } int OUDPPacket::toPort() const { return EXTRACT_16BITS( &_udphdr->dest ); } int OUDPPacket::length() const { return EXTRACT_16BITS( &_udphdr->len ); } int OUDPPacket::checksum() const { return EXTRACT_16BITS( &_udphdr->check ); } /*====================================================================================== * ODHCPPacket *======================================================================================*/ ODHCPPacket::ODHCPPacket( const unsigned char* end, const struct dhcp_packet* data, QObject* parent ) :QObject( parent, "DHCP" ), _dhcphdr( data ) { qDebug( "ODHCPPacket::ODHCPPacket(): decoding DHCP information..." ); + qDebug( "DHCP opcode seems to be %02d - '%s'", _dhcphdr->op, isRequest() ? "REQUEST" : "REPLY" ); + qDebug( "clientAddress: %s", (const char*) clientAddress().toString() ); + qDebug( " yourAddress: %s", (const char*) yourAddress().toString() ); + qDebug( "serverAddress: %s", (const char*) serverAddress().toString() ); + qDebug( " relayAddress: %s", (const char*) relayAddress().toString() ); + qDebug( "parsing DHCP options..." ); + + _type = 0; + + const unsigned char* option = &_dhcphdr->options[4]; + char tag = -1; + char len = -1; + + while ( ( tag = *option++ ) != -1 /* end of option field */ ) + { + len = *option++; + qDebug( "recognized DHCP option #%d, length %d", tag, len ); + + if ( tag == DHO_DHCP_MESSAGE_TYPE ) + _type = *option; + + option += len; + if ( option >= end ) + { + qWarning( "DHCP parsing ERROR: sanity check says the packet is at its end!" ); + break; + } + } + + qDebug( "DHCP type seems to be '%s'", (const char*) type() ); } ODHCPPacket::~ODHCPPacket() { } +bool ODHCPPacket::isRequest() const +{ + return ( _dhcphdr->op == 01 ); +} + + +bool ODHCPPacket::isReply() const +{ + return ( _dhcphdr->op == 02 ); +} + + +QString ODHCPPacket::type() const +{ + switch ( _type ) + { + case 1: return "DISCOVER"; + case 2: return "OFFER"; + case 3: return "REQUEST"; + case 4: return "DECLINE"; + case 5: return "ACK"; + case 6: return "NAK"; + case 7: return "RELEASE"; + case 8: return "INFORM"; + default: qWarning( "ODHCPPacket::type(): invalid DHCP type (%d) !", _dhcphdr->op ); return "<unknown>"; + } +} + + +QHostAddress ODHCPPacket::clientAddress() const +{ + return EXTRACT_32BITS( &_dhcphdr->ciaddr ); +} + + +QHostAddress ODHCPPacket::yourAddress() const +{ + return EXTRACT_32BITS( &_dhcphdr->yiaddr ); +} + + +QHostAddress ODHCPPacket::serverAddress() const +{ + return EXTRACT_32BITS( &_dhcphdr->siaddr ); +} + + +QHostAddress ODHCPPacket::relayAddress() const +{ + return EXTRACT_32BITS( &_dhcphdr->giaddr ); +} + /*====================================================================================== * OTCPPacket *======================================================================================*/ OTCPPacket::OTCPPacket( const unsigned char* end, const struct tcphdr* data, QObject* parent ) :QObject( parent, "TCP" ), _tcphdr( data ) { qDebug( "OTCPPacket::OTCPPacket(): decoding TCP header..." ); } OTCPPacket::~OTCPPacket() { } int OTCPPacket::fromPort() const { return EXTRACT_16BITS( &_tcphdr->source ); } int OTCPPacket::toPort() const { return EXTRACT_16BITS( &_tcphdr->dest ); } int OTCPPacket::seq() const { return EXTRACT_16BITS( &_tcphdr->seq ); } int OTCPPacket::ack() const { return EXTRACT_16BITS( &_tcphdr->ack_seq ); } int OTCPPacket::window() const { return EXTRACT_16BITS( &_tcphdr->window ); } int OTCPPacket::checksum() const { return EXTRACT_16BITS( &_tcphdr->check ); } /*====================================================================================== * OPrismHeaderPacket *======================================================================================*/ OPrismHeaderPacket::OPrismHeaderPacket( const unsigned char* end, const struct prism_hdr* data, QObject* parent ) :QObject( parent, "Prism" ), _header( data ) { qDebug( "OPrismHeaderPacket::OPrismHeaderPacket(): decoding PRISM header..." ); qDebug( "Signal Strength = %d", data->signal.data ); new OWaveLanPacket( end, (const struct ieee_802_11_header*) (data+1), this ); } OPrismHeaderPacket::~OPrismHeaderPacket() { } unsigned int OPrismHeaderPacket::signalStrength() const { return _header->signal.data; } /*====================================================================================== * OWaveLanPacket *======================================================================================*/ OWaveLanPacket::OWaveLanPacket( const unsigned char* end, const struct ieee_802_11_header* data, QObject* parent ) :QObject( parent, "802.11" ), _wlanhdr( data ) { qDebug( "OWaveLanPacket::OWaveLanPacket(): decoding IEEE 802.11 header..." ); qDebug( "type: %0X", type() ); qDebug( "subType: %0X", subType() ); qDebug( "duration: %d", duration() ); qDebug( "powermanagement: %d", usesPowerManagement() ); qDebug( "payload is encrypted: %s", usesWep() ? "yes" : "no" ); qDebug( "MAC1: %s", (const char*) macAddress1().toString() ); qDebug( "MAC2: %s", (const char*) macAddress2().toString() ); qDebug( "MAC3: %s", (const char*) macAddress3().toString() ); qDebug( "MAC4: %s", (const char*) macAddress4().toString() ); switch ( type() ) { case T_MGMT: new OWaveLanManagementPacket( end, (const struct ieee_802_11_mgmt_header*) data, this ); break; case T_DATA: new OWaveLanDataPacket( end, (const struct ieee_802_11_data_header*) data, this ); break; case T_CTRL: new OWaveLanControlPacket( end, (const struct ieee_802_11_control_header*) data, this ); break; default: qDebug( "OWaveLanPacket::OWaveLanPacket(): Warning: Unknown major type '%d'!", type() ); } } OWaveLanPacket::~OWaveLanPacket() { } int OWaveLanPacket::duration() const { return _wlanhdr->duration; } OMacAddress OWaveLanPacket::macAddress1() const { return OMacAddress( _wlanhdr->mac1 ); } OMacAddress OWaveLanPacket::macAddress2() const { return OMacAddress( _wlanhdr->mac2 ); diff --git a/libopie2/opienet/opcap.h b/libopie2/opienet/opcap.h index 0c9e7da..a031dd1 100644 --- a/libopie2/opienet/opcap.h +++ b/libopie2/opienet/opcap.h @@ -374,258 +374,268 @@ class OWaveLanManagementChallenge : public QObject class OWaveLanDataPacket : public QObject { Q_OBJECT public: OWaveLanDataPacket( const unsigned char*, const struct ieee_802_11_data_header*, OWaveLanPacket* parent = 0 ); virtual ~OWaveLanDataPacket(); private: const struct ieee_802_11_data_header* _header; }; /*====================================================================================== * OWaveLanControlPacket - type: control (T_CTRL) *======================================================================================*/ class OWaveLanControlPacket : public QObject { Q_OBJECT public: OWaveLanControlPacket( const unsigned char*, const struct ieee_802_11_control_header*, OWaveLanPacket* parent = 0 ); virtual ~OWaveLanControlPacket(); private: const struct ieee_802_11_control_header* _header; }; /*====================================================================================== * OLLCPacket - IEEE 802.2 Link Level Control *======================================================================================*/ class OLLCPacket : public QObject { Q_OBJECT public: OLLCPacket( const unsigned char*, const struct ieee_802_11_802_2_header* data, QObject* parent = 0 ); virtual ~OLLCPacket(); private: const struct ieee_802_11_802_2_header* _header; }; /*====================================================================================== * OIPPacket *======================================================================================*/ class OIPPacket : public QObject { Q_OBJECT public: OIPPacket( const unsigned char*, const struct iphdr*, QObject* parent = 0 ); virtual ~OIPPacket(); QHostAddress fromIPAddress() const; QHostAddress toIPAddress() const; int tos() const; int len() const; int id() const; int offset() const; int ttl() const; int protocol() const; int checksum() const; private: const struct iphdr* _iphdr; }; /*====================================================================================== * OARPPacket *======================================================================================*/ class OARPPacket : public QObject { Q_OBJECT public: OARPPacket( const unsigned char*, const struct myarphdr*, QObject* parent = 0 ); virtual ~OARPPacket(); QHostAddress senderIPV4Address() const; OMacAddress senderMacAddress() const; QHostAddress targetIPV4Address() const; OMacAddress targetMacAddress() const; //int type() const; QString type() const; private: const struct myarphdr* _arphdr; }; /*====================================================================================== * OUDPPacket *======================================================================================*/ class OUDPPacket : public QObject { Q_OBJECT public: OUDPPacket( const unsigned char*, const struct udphdr*, QObject* parent = 0 ); virtual ~OUDPPacket(); int fromPort() const; int toPort() const; int length() const; int checksum() const; private: const struct udphdr* _udphdr; }; /*====================================================================================== * ODHCPPacket *======================================================================================*/ class ODHCPPacket : public QObject { Q_OBJECT public: ODHCPPacket( const unsigned char*, const struct dhcp_packet*, QObject* parent = 0 ); virtual ~ODHCPPacket(); + QHostAddress clientAddress() const; + QHostAddress yourAddress() const; + QHostAddress serverAddress() const; + QHostAddress relayAddress() const; + + bool isRequest() const; + bool isReply() const; + QString type() const; + private: const struct dhcp_packet* _dhcphdr; + unsigned char _type; }; /*====================================================================================== * OTCPPacket *======================================================================================*/ class OTCPPacket : public QObject { Q_OBJECT public: OTCPPacket( const unsigned char*, const struct tcphdr*, QObject* parent = 0 ); virtual ~OTCPPacket(); int fromPort() const; int toPort() const; int seq() const; int ack() const; int window() const; int checksum() const; private: const struct tcphdr* _tcphdr; }; /*====================================================================================== * OPacketCapturer *======================================================================================*/ /** * @brief A class based wrapper for network packet capturing. * * This class is the base of a high-level interface to the well known packet capturing * library libpcap. * @see http://tcpdump.org */ class OPacketCapturer : public QObject { Q_OBJECT public: /** * Constructor. */ OPacketCapturer( QObject* parent = 0, const char* name = 0 ); /** * Destructor. */ ~OPacketCapturer(); /** * Set the packet capturer to use blocking or non-blocking IO. This can be useful when * not using the socket notifier, e.g. without an application object. */ void setBlocking( bool ); /** * @returns true if the packet capturer uses blocking IO calls. */ bool blocking() const; /** * Close the packet capturer. This is automatically done in the destructor. */ void close(); /** * Close the output capture file. */ void closeDumpFile(); /** * @returns the data link type. * @see <pcap.h> for possible values. */ int dataLink() const; /** * Dump a packet to the output capture file. */ void dump( OPacket* ); /** * @returns the file descriptor of the packet capturer. This is only useful, if * not using the socket notifier, e.g. without an application object. */ int fileno() const; /** * @returns the next @ref OPacket from the packet capturer. * @note If blocking mode is true then this call might block. */ OPacket* next(); /** * Open the packet capturer to capture packets in live-mode from @a interface. */ bool open( const QString& interface ); /** * Open the packet capturer to capture packets in offline-mode from @a file. */ bool open( const QFile& file ); /** * Open a prerecorded tcpdump compatible capture file for use with @ref dump() */ bool openDumpFile( const QString& filename ); /** * @returns true if the packet capturer is open */ bool isOpen() const; /** * @returns the snapshot length of this packet capturer */ int snapShot() const; /** * @returns true if the input capture file has a different byte-order * than the byte-order of the running system. */ bool swapped() const; /** * @returns the libpcap version string used to write the input capture file. */ QString version() const; /** * @returns the packet statistic database. * @see QMap */ const QMap<QString,int>& statistics() const; signals: /** * This signal is emitted, when a packet has been received. */ void receivedPacket( OPacket* ); protected slots: |