diff options
| author |   Laurent Ghigonis <laurent@p1sec.com> | 2012-12-11 21:19:01 +0100 |
|---|---|---|
| committer | Laurent Ghigonis <laurent@p1sec.com> | 2012-12-11 21:19:01 +0100 |
| commit | 8aa586f75cff47db6fe408713f7b2eb8aedaedce (patch) | |
| tree | dffaf0d775f7d18f50b6499485f45d608b8e16ac | |
| parent | correctly encode packet size and response type (diff) | |
| download | glouglou-8aa586f75cff47db6fe408713f7b2eb8aedaedce.tar.xz glouglou-8aa586f75cff47db6fe408713f7b2eb8aedaedce.zip | |
better packet encode / decode and size display, and colorisation of blobs
depending on connection id.
| -rw-r--r-- | gg_map/gg_map.c | 21 | ||||
| -rw-r--r-- | gg_sniff/pcap.c | 9 | ||||
| -rw-r--r-- | libglouglou/libglouglou.h | 6 |
3 files changed, 25 insertions, 11 deletions
diff --git a/gg_map/gg_map.c b/gg_map/gg_map.c index d91859f..7a08b28 100644 --- a/gg_map/gg_map.c +++ b/gg_map/gg_map.c @@ -49,12 +49,17 @@ _node_to_vertice(struct ggnet_node *n) } static void -_conn_add(u_int id, u_int src, u_int dst, u_int proto, u_int size) +_conn_add(u_int id, u_int src, u_int dst, u_int proto, u_int8_t pktsize) { struct ggnet_conn *conn; Egraph_Vertice *a, *b; Egraph_Edge *e; struct in_addr srcaddr, dstaddr; + int size, response; + + GG_PKTDATA_SIZE_DECODE(pktsize, size, response); + if (response > 0) /* cannot have a new connection that is a response */ + return; srcaddr.s_addr = src; dstaddr.s_addr = dst; @@ -91,24 +96,26 @@ _conn_del(int id) { } static void -_conn_data(int id, u_int8_t size) { +_conn_data(int id, u_int8_t pktsize) { struct ggnet_conn *conn; Egraph_Vertice *a, *b, *tmp; - int response; + int size, response; + u_int32_t color; conn = ggnet_conn_find_by_id(_ggnet, id); if (!conn) return; - response = size >> 7; - size = size & 0xe; - a = ggnet_node_usrdata_get(ggnet_conn_src_get(conn)); b = ggnet_node_usrdata_get(ggnet_conn_dst_get(conn)); + + GG_PKTDATA_SIZE_DECODE(pktsize, size, response); if (response) { tmp = a; a = b; b = tmp; } - egraph_vertice_send_blob(_egraph, a, b, 8 + size * 2, 0xFF000000); + size = log(size) * 2; + color = (id * 0x98765400) % 0xFFFFFF00; + egraph_vertice_send_blob(_egraph, a, b, size, color); } int diff --git a/gg_sniff/pcap.c b/gg_sniff/pcap.c index 0f95dad..8485eff 100644 --- a/gg_sniff/pcap.c +++ b/gg_sniff/pcap.c @@ -463,9 +463,9 @@ ip_handle(struct ip *ip, const u_char *pend, u_int wirelen) if (!close) { pkt.type = PACKET_DATA; pkt.data_connid = conn->id; - pkt.data_size = size / GG_PKTDATA_SIZE_FACTOR | (response << 7); + GG_PKTDATA_SIZE_ENCODE(pkt.data_size, ip->ip_len, response); gg_client_send(_cap.ggcli, &pkt); - ggnet_conn_data(_cap.net, conn, size, response); + ggnet_conn_data(_cap.net, conn, ip->ip_len, response); } else { pkt.type = PACKET_DELCONN; pkt.delconn_id = conn->id; @@ -474,13 +474,14 @@ ip_handle(struct ip *ip, const u_char *pend, u_int wirelen) } } else { if (!close) { - conn = ggnet_conn_add(_cap.net, &src, src_port, &dst, dst_port, proto, size, -1); + conn = ggnet_conn_add(_cap.net, &src, src_port, &dst, dst_port, proto, + ip->ip_len, -1); pkt.type = PACKET_NEWCONN; pkt.newconn_id = conn->id; pkt.newconn_src = src.s_addr; pkt.newconn_dst = dst.s_addr; pkt.newconn_proto = proto; - pkt.newconn_size = size << 8; + GG_PKTDATA_SIZE_ENCODE(pkt.newconn_size, ip->ip_len, response); gg_client_send(_cap.ggcli, &pkt); } else { gg_log_warn("user: captured connection close w/o open !"); diff --git a/libglouglou/libglouglou.h b/libglouglou/libglouglou.h index e1d7152..b3e42d0 100644 --- a/libglouglou/libglouglou.h +++ b/libglouglou/libglouglou.h @@ -19,7 +19,13 @@ #define PACKET_BUFFER_SIZE 16384 #define PACKET_SNDBUF_MAX 500 #define GG_PKTARG_MAX 30 + #define GG_PKTDATA_SIZE_FACTOR 20 +#define GG_PKTDATA_SIZE_ENCODE(pktsize, size, response) \ + (pktsize = ((size / GG_PKTDATA_SIZE_FACTOR) & 0x7f) | (response << 7)) +#define GG_PKTDATA_SIZE_DECODE(pktsize, size, response) { \ + response = pktsize >> 7; size = (pktsize & 0x7f) * GG_PKTDATA_SIZE_FACTOR; \ +} #define PACKET_HEADER_SIZE 2 #define PACKET_TYPE_MIN 0x00 |