Main Page | Data Structures | File List | Data Fields | Globals | Related Pages

sniff.c File Reference

functions to aid in sniffing packets off the wire More...

#include "sniff.h"
#include "sniff_private.h"
#include "debug.h"
#include "util.h"
#include <string.h>
#include "nethelp.h"

Go to the source code of this file.

Functions

errorcode capture_peer_to_buddy_syn (peer_conn_info_t *info)
 finds a syn sent from the peer to the buddy, and puts it into the correct location in the peer_conn_info_t structure
errorcode capture_flooded_synack (peer_conn_info_t *info)
 finds a synack that was a part of a bday flood by the buddy
errorcode init_packet_capture (pcap_t **pcap_desc, char *device, int timeout, char *errbuf, long errbuf_len)
 initializes the pcap functions
errorcode find_tcp_packet (pcap_t *pcap_desc, tcp_packet_info_t *tcp_skeleton, flag_t *break_flag, unsigned char **payload, unsigned long *payload_len)
 finds a tcp packet, looping over all captured packets until the correct one is found
errorcode process_packet (unsigned char *packet, tcp_packet_info_t *tcp_skeleton, unsigned char **payload, unsigned long *payload_len)


Detailed Description

functions to aid in sniffing packets off the wire

Author:
Daniel Ferullo (ferullo@cmu.edu)

Definition in file sniff.c.


Function Documentation

errorcode capture_flooded_synack peer_conn_info_t info  ) 
 

finds a synack that was a part of a bday flood by the buddy

Parameters:
info a pointer to the peer_conn_info_t structure
Returns:
SUCCESS, errorcode on failure

Definition at line 62 of file sniff.c.

References tcp_packet_info::ack_flag, peer_conn_info::bday, bindSocket(), peer_conn_info::buddy, peer_sock_desc::buddy, CHECK_FAILED, CHECK_NOT_NULL, tcp_packet_info::d_addr, tcp_packet_info::d_port, DBG_BDAY, DEBUG, peer_conn_info::device, ERROR_1, ERROR_CALLED_FUNCTION, ERROR_NULL_ARG_1, errorcode, buddy_info::ext_ip, buddy_info::ext_port, find_tcp_packet(), init_packet_capture(), peer_info::ip, peer_conn_info::peer, peer_conn_info_t, bday_peer::port, bday_peer::port_set, tcp_packet_info::s_addr, tcp_packet_info::s_port, peer_conn_info::socks, bday_peer::stop_synack_find, tcp_packet_info::syn_flag, and tcp_packet_info_t.

Referenced by run_find_synack().

errorcode capture_peer_to_buddy_syn peer_conn_info_t info  ) 
 

finds a syn sent from the peer to the buddy, and puts it into the correct location in the peer_conn_info_t structure

Parameters:
info pointer to the peer_conn_info_t structure
Returns:
SUCCESS, errorcode on failure

Definition at line 32 of file sniff.c.

References tcp_packet_info::ack_flag, peer_conn_info::buddy, peer_conn_info::buddy_syn, CHECK_FAILED, CHECK_NOT_NULL, tcp_packet_info::d_addr, tcp_packet_info::d_port, peer_conn_info::device, peer_conn_info::direct_conn_status, ERROR_1, ERROR_NULL_ARG_1, errorcode, buddy_info::ext_ip, buddy_info::ext_port, find_tcp_packet(), init_packet_capture(), peer_info::ip, peer_conn_info::peer, peer_conn_info_t, peer_info::port, tcp_packet_info::s_addr, tcp_packet_info::s_port, and tcp_packet_info::syn_flag.

Referenced by peer_fsm_start_direct_conn().

errorcode find_tcp_packet pcap_t *  pcap_desc,
tcp_packet_info_t tcp_skeleton,
flag_t break_flag,
unsigned char **  payload,
unsigned long *  payload_len
 

finds a tcp packet, looping over all captured packets until the correct one is found

If the passed in flag takes on any value other than FLAG_UNSET then this function will return early

Parameters:
pcap_desc the pcap descriptor
tcp_skeleton the tcp skeleton to look for. source and destination ip/port pairs as well as SYN/ACK flags will be matched on, and the skeleton will have the seq_num, ack_num fields filled in if there is a match
break_flag if the flag value is ever anything except FLAG_UNSET then the function returns early
payload a pointer pointer to fill in with a pointer to the payload if NULL the the value is not set
payload_len a pointer to a place to put the payload length. Can be NULL
Returns:
SUCCESS, errorcode on failure

Definition at line 156 of file sniff.c.

References CHECK_NOT_NULL, DBG_SNIFF, DEBUG, ERROR_NULL_ARG_1, ERROR_NULL_ARG_2, ERROR_NULL_ARG_3, errorcode, FAILED, process_packet(), and tcp_packet_info_t.

Referenced by capture_flooded_synack(), and capture_peer_to_buddy_syn().

errorcode init_packet_capture pcap_t **  pcap_desc,
char *  device,
int  timeout,
char *  errbuf,
long  errbuf_len
 

initializes the pcap functions

Parameters:
pcap_desc pointer pointer to fill in with the pcap descriptor
device the network device to capture on
timeout timeout in ms to use when capturing packets, -1 = no timeout
errbuf the pcap error buffer to use
errbuf_len the length of the error buffer
Returns:
SUCCESS, errorcode on failure

Definition at line 110 of file sniff.c.

References CHECK_GREATER_THAN, CHECK_NOT_NULL, DBG_SNIFF, DEBUG, ERROR_ARG_5, ERROR_NULL_ARG_1, ERROR_NULL_ARG_2, ERROR_NULL_ARG_4, and errorcode.

Referenced by capture_flooded_synack(), and capture_peer_to_buddy_syn().

errorcode process_packet unsigned char *  packet,
tcp_packet_info_t tcp_skeleton,
unsigned char **  payload,
unsigned long *  payload_len
 

Parameters:
packet pointer the the start of the captured packet
tcp_skeleton pointer to a tcp_info_t will filled in source and destination ip/port pairs, along with SYN/ACK flags set/unset. If the s/d_ip/port fields are set the the respective unknown values then they will be ignored when matching against a sniffed packet. The seq_num, ack_num, and window fields will be filled in if a packet matches the other fields
payload a pointer pointer to fill in with a pointer to the payload. if NULL then the value is not set.
payload_len a pointer to a place to put the length the tcp header says the payload is. THIS IS NOT NECESSARILY THE LENGTH OF THE PAYLOAD RETURNED, SINCE PCAP MIGHT NOT RETURN THE ENTIRE PAYLOAD. This parameter can be NULL. The pointer points into a buffer allocated by libpcap, so the value may change in the buffer.
Returns:
SUCCESS, errorcode on failure

Definition at line 190 of file sniff.c.

References tcp_packet_info::ack_flag, tcp_packet_info::ack_num, BOOL_MATCH, CHECK_NOT_NULL, tcp_packet_info::d_addr, tcp_packet_info::d_port, DBG_IP, DBG_PORT, DBG_SNIFF, DEBUG, ERROR_NULL_ARG_1, ERROR_NULL_ARG_2, errorcode, FLAG_SET, tcp_packet_info::s_addr, tcp_packet_info::s_port, tcp_packet_info::seq_num, tcp_packet_info::syn_flag, tcp_packet_info_t, and tcp_packet_info::window.

Referenced by find_tcp_packet().


Generated on Wed Mar 30 23:20:48 2005 for NATBLASTER by  doxygen 1.3.9.1