Differential D24358 Diff 67178 plugins/process/network/helper/Packet.cpp

Changeset View

Standalone View

plugins/process/network/helper/Packet.cpp

Show All 27 Lines
28	#include <netinet/ip.h>	28		#include <netinet/ip.h>
29	#include <netinet/ip6.h>	29		#include <netinet/ip6.h>
30	#include <netinet/tcp.h>	30		#include <netinet/tcp.h>
31	#include <netinet/udp.h>	31		#include <netinet/udp.h>
32		32
33	#include <pcap/pcap.h>	33		#include <pcap/pcap.h>
34	#include <pcap/sll.h>	34		#include <pcap/sll.h>
35		35
		36		uint32_t u8Tou32(uint8_t first, uint8_t second, uint8_t third, uint8_t fourth)
		37		{
		38		return uint32_t(first) << 24 \| uint32_t(second) << 16 \| uint32_t(third) << 8 \| uint32_t(fourth);
		39		}
		40
36	Packet::Packet()	41		Packet::Packet()
37	{	42		{
38	}	43		}
39		44
40	Packet::Packet(const TimeStamp::MicroSeconds &timeStamp, const uint8_t *data, uint32_t dataLength, uint32_t packetSize)	45		Packet::Packet(const TimeStamp::MicroSeconds &timeStamp, const uint8_t *data, uint32_t dataLength, uint32_t packetSize)
41	{	46		{
42	m_timeStamp = timeStamp;	47		m_timeStamp = timeStamp;
43	m_size = packetSize;	48		m_size = packetSize;
44		49
45	const sll_header header = reinterpret_cast<const sll_header >(data);	50		const sll_header header = reinterpret_cast<const sll_header >(data);
46	switch (ntohs(header->sll_protocol)) {	51		switch (ntohs(header->sll_protocol)) {
47	case ETHERTYPE_IP:	52		case ETHERTYPE_IP:
48	m_networkProtocol = NetworkProtocolType::IPv4;	53		m_networkProtocol = NetworkProtocolType::IPv4;
49	if (sizeof(sll_header) <= dataLength) {	54		if (sizeof(sll_header) <= dataLength) {
50	parseIPv4(data + sizeof(sll_header));	55		parseIPv4(data + sizeof(sll_header), dataLength - sizeof(sll_header));
51	}	56		}
52	break;	57		break;
53	case ETHERTYPE_IPV6:	58		case ETHERTYPE_IPV6:
54	m_networkProtocol = NetworkProtocolType::IPv6;	59		m_networkProtocol = NetworkProtocolType::IPv6;
55	if (sizeof(sll_header) <= dataLength) {	60		if (sizeof(sll_header) <= dataLength) {
56	parseIPv6(data + sizeof(sll_header));	61		parseIPv6(data + sizeof(sll_header), dataLength - sizeof(sll_header));
57	}	62		}
58	break;	63		break;
59	default:	64		default:
60	m_networkProtocol = NetworkProtocolType::Unknown;	65		m_networkProtocol = NetworkProtocolType::Unknown;
61	break;	66		break;
62	}	67		}
63	}	68		}
64		69
Show All 26 Lines		95	{
91	return m_sourceAddress;	96		return m_sourceAddress;
92	}	97		}
93		98
94	Packet::Address Packet::destinationAddress() const	99		Packet::Address Packet::destinationAddress() const
95	{	100		{
96	return m_destinationAddress;	101		return m_destinationAddress;
97	}	102		}
98		103
99	void Packet::parseIPv4(const uint8_t *data)	104		void Packet::parseIPv4(const uint8_t *data, int32_t dataLength)
100	{	105		{
		106		if (dataLength < int32_t(sizeof(ip))) {
		107		return;
		108		}
		109
101	const ip header = reinterpret_cast<const ip >(data);	110		const ip header = reinterpret_cast<const ip >(data);
102		111
103	m_sourceAddress.address[3] = header->ip_src.s_addr;	112		m_sourceAddress.address[3] = header->ip_src.s_addr;
104	m_destinationAddress.address[3] = header->ip_dst.s_addr;	113		m_destinationAddress.address[3] = header->ip_dst.s_addr;
105		114
106	parseTransport(header->ip_p, data + sizeof(ip));	115		parseTransport(header->ip_p, data + sizeof(ip), dataLength - sizeof(ip));
107	}	116		}
108		117
109	void Packet::parseIPv6(const uint8_t *data)	118		void Packet::parseIPv6(const uint8_t *data, int32_t dataLength)
110	{	119		{
		120		if (dataLength < int32_t(sizeof(ip6_hdr))) {
		121		return;
		122		}
		123
111	const ip6_hdr header = reinterpret_cast<const ip6_hdr >(data);	124		const ip6_hdr header = reinterpret_cast<const ip6_hdr >(data);
112		125
113	m_sourceAddress.address = {	126		m_sourceAddress.address = {
114	uint32_t(header->ip6_src.s6_addr[0] << 24 & header->ip6_src.s6_addr[1] << 16 & header->ip6_src.s6_addr[2] << 8 & header->ip6_src.s6_addr[3]),	127		u8Tou32(header->ip6_src.s6_addr[0], header->ip6_src.s6_addr[1], header->ip6_src.s6_addr[2], header->ip6_src.s6_addr[3]),
115	uint32_t(header->ip6_src.s6_addr[4] << 24 & header->ip6_src.s6_addr[5] << 16 & header->ip6_src.s6_addr[6] << 8 & header->ip6_src.s6_addr[7]),	128		u8Tou32(header->ip6_src.s6_addr[4], header->ip6_src.s6_addr[5], header->ip6_src.s6_addr[6], header->ip6_src.s6_addr[7]),
116	uint32_t(header->ip6_src.s6_addr[8] << 24 & header->ip6_src.s6_addr[9] << 16 & header->ip6_src.s6_addr[10] << 8 & header->ip6_src.s6_addr[11]),	129		u8Tou32(header->ip6_src.s6_addr[8], header->ip6_src.s6_addr[9], header->ip6_src.s6_addr[10], header->ip6_src.s6_addr[11]),
117	uint32_t(header->ip6_src.s6_addr[12] << 24 & header->ip6_src.s6_addr[13] << 16 & header->ip6_src.s6_addr[14] << 8 & header->ip6_src.s6_addr[15])	130		u8Tou32(header->ip6_src.s6_addr[12], header->ip6_src.s6_addr[13], header->ip6_src.s6_addr[14], header->ip6_src.s6_addr[15])
118	};	131		};
119	m_destinationAddress.address = {	132		m_destinationAddress.address = {
120	uint32_t(header->ip6_dst.s6_addr[0] << 24 & header->ip6_dst.s6_addr[1] << 16 & header->ip6_dst.s6_addr[2] << 8 & header->ip6_dst.s6_addr[3]),	133		u8Tou32(header->ip6_dst.s6_addr[0], header->ip6_dst.s6_addr[1], header->ip6_dst.s6_addr[2], header->ip6_dst.s6_addr[3]),
121	uint32_t(header->ip6_dst.s6_addr[4] << 24 & header->ip6_dst.s6_addr[5] << 16 & header->ip6_dst.s6_addr[6] << 8 & header->ip6_dst.s6_addr[7]),	134		u8Tou32(header->ip6_dst.s6_addr[4], header->ip6_dst.s6_addr[5], header->ip6_dst.s6_addr[6], header->ip6_dst.s6_addr[7]),
122	uint32_t(header->ip6_dst.s6_addr[8] << 24 & header->ip6_dst.s6_addr[9] << 16 & header->ip6_dst.s6_addr[10] << 8 & header->ip6_dst.s6_addr[11]),	135		u8Tou32(header->ip6_dst.s6_addr[8], header->ip6_dst.s6_addr[9], header->ip6_dst.s6_addr[10], header->ip6_dst.s6_addr[11]),
123	uint32_t(header->ip6_dst.s6_addr[12] << 24 & header->ip6_dst.s6_addr[13] << 16 & header->ip6_dst.s6_addr[14] << 8 & header->ip6_dst.s6_addr[15])	136		u8Tou32(header->ip6_dst.s6_addr[12], header->ip6_dst.s6_addr[13], header->ip6_dst.s6_addr[14], header->ip6_dst.s6_addr[15])
124	};	137		};
125		138
126	parseTransport(header->ip6_nxt, data + sizeof(ip6_hdr));	139		parseTransport(header->ip6_nxt, data + sizeof(ip6_hdr), dataLength - sizeof(ip6_hdr));
127	}	140		}
128		141
129	void Packet::parseTransport(uint8_t type, const uint8_t *data)	142		void Packet::parseTransport(uint8_t type, const uint8_t *data, int32_t dataLength)
130	{	143		{
131	switch (type) {	144		switch (type) {
132	case IPPROTO_TCP: {	145		case IPPROTO_TCP: {
133	m_transportProtocol = TransportProtocolType::Tcp;	146		m_transportProtocol = TransportProtocolType::Tcp;
		147		if (dataLength >= int32_t(sizeof(tcphdr))) {
134	const tcphdr tcpHeader = reinterpret_cast<const tcphdr >(data);	148		const tcphdr tcpHeader = reinterpret_cast<const tcphdr >(data);
135	m_sourceAddress.port = ntohs(tcpHeader->th_sport);	149		m_sourceAddress.port = ntohs(tcpHeader->th_sport);
136	m_destinationAddress.port = ntohs(tcpHeader->th_dport);	150		m_destinationAddress.port = ntohs(tcpHeader->th_dport);
		151		}
137	break;	152		break;
138	}	153		}
139	case IPPROTO_UDP: {	154		case IPPROTO_UDP: {
140	m_transportProtocol = TransportProtocolType::Udp;	155		m_transportProtocol = TransportProtocolType::Udp;
		156		if (dataLength >= int32_t(sizeof(udphdr))) {
141	const udphdr udpHeader = reinterpret_cast<const udphdr >(data);	157		const udphdr udpHeader = reinterpret_cast<const udphdr >(data);
142	m_sourceAddress.port = ntohs(udpHeader->uh_sport);	158		m_sourceAddress.port = ntohs(udpHeader->uh_sport);
143	m_destinationAddress.port = ntohs(udpHeader->uh_dport);	159		m_destinationAddress.port = ntohs(udpHeader->uh_dport);
		160		}
144	break;	161		break;
145	}	162		}
146	default:	163		default:
147	m_transportProtocol = TransportProtocolType::Unknown;	164		m_transportProtocol = TransportProtocolType::Unknown;
148	break;	165		break;
149	}	166		}
150	}	167		}