factorise all ethernet handling in ether_handle()

author: Laurent Ghigonis <laurent@p1sec.com> 2012-12-04 16:00:15 +0100
committer: Laurent Ghigonis <laurent@p1sec.com> 2012-12-04 16:00:15 +0100
commit: 8555b3e4a94e21b4e3990c64f35b4c31bbabee86 (patch)
tree: 7caf605ce83d740d157baad4446daedc991de1f6
parent: remove useless ifdef OpenBSD, as we are already in an OpenBSD ifdef (diff)
download: glouglou-8555b3e4a94e21b4e3990c64f35b4c31bbabee86.tar.xz
glouglou-8555b3e4a94e21b4e3990c64f35b4c31bbabee86.zip
1 files changed, 35 insertions, 61 deletions
diff --git a/gg_sniff/pcap.c b/gg_sniff/pcap.c
index c735f59..25e4a7c 100644
--- a/gg_sniff/pcap.c
+++ b/gg_sniff/pcap.c
@@ -65,6 +65,7 @@ struct _cap_t {
 static pcap_t *my_pcap_open_live(const char *, int, int, int,
                                  char *, u_int, u_int);
 static void	 ip_handle(struct ip *, const u_char *, u_int);
+static void  ether_handle(struct ether_header *, const u_char *, u_int);
 static pcap_handler	lookup_phandler(int);
 static void		phandler_ether(u_char *,
                              const struct pcap_pkthdr *, const u_char *);
@@ -487,6 +488,31 @@ ip_handle(struct ip *ip, const u_char *pend, u_int wirelen)
 	}
 }
 
+static void
+ether_handle(struct ether_header *ether, const u_char *pend, u_int wirelen)
+{
+  struct ip *ip;
+	u_short ether_type;
+
+  wirelen -= sizeof(struct ether_header);
+
+  ether_type = ntohs(ether->ether_type);
+  if (ether_type <= ETHERMTU)
+    gg_log_tmp("llc packet !");
+  else {
+    switch (ether_type) {
+    case ETHERTYPE_IP:
+      gg_log_tmp("loop family AF_LINK IP");
+      ip = (struct ip *)((u_char *)ether + sizeof(struct ether_header));
+      ip_handle(ip, pend, wirelen);
+      break;
+    default:
+      gg_log_tmp("loop non ip packet !");
+      break;
+    }
+  }
+}
+
 static pcap_handler
 lookup_phandler(int type)
 {
@@ -505,8 +531,6 @@ static void
 phandler_ether(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
 {
 	struct ether_header *ep;
-	struct ip *ip;
-	u_short ether_type;
 	const u_char *pend;
 	u_int	len;
 
@@ -519,21 +543,7 @@ phandler_ether(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
 	pend = p + h->caplen;
 	len = h->len - sizeof(struct ether_header);
 
-	ether_type = ntohs(ep->ether_type);
-	if (ether_type <= ETHERMTU)
-		gg_log_tmp("llc packet !");
-	else {
-		switch (ether_type) {
-		case ETHERTYPE_IP:
-			gg_log_tmp("ether IP");
-			ip = (struct ip *)((u_char *)ep + sizeof(struct ether_header));
-			ip_handle(ip, pend, len);
-			break;
-		default:
-			gg_log_tmp("non ip packet !");
-			break;
-		}
-	}
+  ether_handle(ep, pend, len);
 }
 
 /*
@@ -552,7 +562,6 @@ phandler_sll(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
 {
 	struct ip *ip;
 	struct ether_header *ep;
-	u_short ether_type;
 	u_int family;
 	const u_char *pend;
 	u_int	len;
@@ -563,38 +572,20 @@ phandler_sll(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
 	 * be the case when using dump files, says tcpdump sources */
 
 	pend = p + h->caplen;
-	len = h->len;
+	len = h->len - SLL_HDR_LEN;
 
   family = ntohs(p[14]);
   if (family < 1536) { /* linux and wireshark are good for you */
     switch (family) {
     case LINUX_SLL_P_ETHERNET:
-      ep = (struct ether_header *)(p + SLL_HDR_LEN);
-      // XXX call phandler_ether instead
-      ether_type = ntohs(ep->ether_type);
-      if (ether_type <= ETHERMTU)
-        gg_log_tmp("llc packet !");
-      else {
-        switch (ether_type) {
-        case ETHERTYPE_IP:
-          gg_log_tmp("loop family AF_LINK IP");
-          ip = (struct ip *)((u_char *)ep + sizeof(*ep));
-          len -= SLL_HDR_LEN + sizeof(*ep);
-          ip_handle(ip, pend, len);
-          break;
-        default:
-          gg_log_tmp("loop non ip packet !");
-          break;
-        }
-      }
+      ep = (struct ether_header *)((u_char *)p + SLL_HDR_LEN);
+      ether_handle(ep, pend, len);
     default:
       gg_log_tmp("unknown family %x !", family);
       break;
     }
   } else {
-    struct ip *ip;
-    ip = (struct ip *)((u_char *)p + SLL_HDR_LEN);
-    len -= SLL_HDR_LEN;
+    ip = (struct ip *)(p + SLL_HDR_LEN);
     ip_handle(ip, pend, len);
   }
 }
@@ -611,7 +602,6 @@ phandler_loop(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
 {
 	struct ip *ip;
 	struct ether_header *ep;
-	u_short ether_type;
 	u_int family;
 	const u_char *pend;
 	u_int	len;
@@ -622,7 +612,7 @@ phandler_loop(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
 	 * be the case when using dump files, says tcpdump sources */
 
 	pend = p + h->caplen;
-	len = h->len;
+	len = h->len - NULL_HDRLEN;
 
 	memcpy((char *)&family, (char *)p, sizeof(family));
 	family = ntohl(family);
@@ -630,28 +620,12 @@ phandler_loop(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
 	case AF_INET:
 		gg_log_tmp("loop family AF_INET");
 		ip = (struct ip *)(p + NULL_HDRLEN);
-		len -= NULL_HDRLEN;
 		ip_handle(ip, pend, len);
 		break;
 	case AF_LINK:
-		ep = (struct ether_header *)(p + NULL_HDRLEN);
-    // XXX call phandler_ether instead
-		ether_type = ntohs(ep->ether_type);
-		if (ether_type <= ETHERMTU)
-			gg_log_tmp("llc packet !");
-		else {
-			switch (ether_type) {
-			case ETHERTYPE_IP:
-				gg_log_tmp("loop family AF_LINK IP");
-				ip = (struct ip *)((u_char *)ep + sizeof(*ep));
-				len -= NULL_HDRLEN + sizeof(*ep);
-				ip_handle(ip, pend, len);
-				break;
-			default:
-				gg_log_tmp("loop non ip packet !");
-				break;
-			}
-		}
+		ep = (struct ether_header *)((u_char *)p + NULL_HDRLEN);
+		ether_handle(ep, pend, len);
+    break;
 	default:
 		gg_log_tmp("unknown family %x !", family);
 		break;
author	Laurent Ghigonis <laurent@p1sec.com>	2012-12-04 16:00:15 +0100
committer	Laurent Ghigonis <laurent@p1sec.com>	2012-12-04 16:00:15 +0100
commit	8555b3e4a94e21b4e3990c64f35b4c31bbabee86 (patch)
tree	7caf605ce83d740d157baad4446daedc991de1f6
parent	remove useless ifdef OpenBSD, as we are already in an OpenBSD ifdef (diff)
download	glouglou-8555b3e4a94e21b4e3990c64f35b4c31bbabee86.tar.xz glouglou-8555b3e4a94e21b4e3990c64f35b4c31bbabee86.zip