From 8555b3e4a94e21b4e3990c64f35b4c31bbabee86 Mon Sep 17 00:00:00 2001 From: Laurent Ghigonis Date: Tue, 4 Dec 2012 16:00:15 +0100 Subject: factorise all ethernet handling in ether_handle() --- gg_sniff/pcap.c | 96 +++++++++++++++++++++------------------------------------ 1 file changed, 35 insertions(+), 61 deletions(-) (limited to 'gg_sniff/pcap.c') diff --git a/gg_sniff/pcap.c b/gg_sniff/pcap.c index c735f59..25e4a7c 100644 --- a/gg_sniff/pcap.c +++ b/gg_sniff/pcap.c @@ -65,6 +65,7 @@ struct _cap_t { static pcap_t *my_pcap_open_live(const char *, int, int, int, char *, u_int, u_int); static void ip_handle(struct ip *, const u_char *, u_int); +static void ether_handle(struct ether_header *, const u_char *, u_int); static pcap_handler lookup_phandler(int); static void phandler_ether(u_char *, const struct pcap_pkthdr *, const u_char *); @@ -487,6 +488,31 @@ ip_handle(struct ip *ip, const u_char *pend, u_int wirelen) } } +static void +ether_handle(struct ether_header *ether, const u_char *pend, u_int wirelen) +{ + struct ip *ip; + u_short ether_type; + + wirelen -= sizeof(struct ether_header); + + ether_type = ntohs(ether->ether_type); + if (ether_type <= ETHERMTU) + gg_log_tmp("llc packet !"); + else { + switch (ether_type) { + case ETHERTYPE_IP: + gg_log_tmp("loop family AF_LINK IP"); + ip = (struct ip *)((u_char *)ether + sizeof(struct ether_header)); + ip_handle(ip, pend, wirelen); + break; + default: + gg_log_tmp("loop non ip packet !"); + break; + } + } +} + static pcap_handler lookup_phandler(int type) { @@ -505,8 +531,6 @@ static void phandler_ether(u_char *user, const struct pcap_pkthdr *h, const u_char *p) { struct ether_header *ep; - struct ip *ip; - u_short ether_type; const u_char *pend; u_int len; @@ -519,21 +543,7 @@ phandler_ether(u_char *user, const struct pcap_pkthdr *h, const u_char *p) pend = p + h->caplen; len = h->len - sizeof(struct ether_header); - ether_type = ntohs(ep->ether_type); - if (ether_type <= ETHERMTU) - gg_log_tmp("llc packet !"); - else { - switch (ether_type) { - case ETHERTYPE_IP: - gg_log_tmp("ether IP"); - ip = (struct ip *)((u_char *)ep + sizeof(struct ether_header)); - ip_handle(ip, pend, len); - break; - default: - gg_log_tmp("non ip packet !"); - break; - } - } + ether_handle(ep, pend, len); } /* @@ -552,7 +562,6 @@ phandler_sll(u_char *user, const struct pcap_pkthdr *h, const u_char *p) { struct ip *ip; struct ether_header *ep; - u_short ether_type; u_int family; const u_char *pend; u_int len; @@ -563,38 +572,20 @@ phandler_sll(u_char *user, const struct pcap_pkthdr *h, const u_char *p) * be the case when using dump files, says tcpdump sources */ pend = p + h->caplen; - len = h->len; + len = h->len - SLL_HDR_LEN; family = ntohs(p[14]); if (family < 1536) { /* linux and wireshark are good for you */ switch (family) { case LINUX_SLL_P_ETHERNET: - ep = (struct ether_header *)(p + SLL_HDR_LEN); - // XXX call phandler_ether instead - ether_type = ntohs(ep->ether_type); - if (ether_type <= ETHERMTU) - gg_log_tmp("llc packet !"); - else { - switch (ether_type) { - case ETHERTYPE_IP: - gg_log_tmp("loop family AF_LINK IP"); - ip = (struct ip *)((u_char *)ep + sizeof(*ep)); - len -= SLL_HDR_LEN + sizeof(*ep); - ip_handle(ip, pend, len); - break; - default: - gg_log_tmp("loop non ip packet !"); - break; - } - } + ep = (struct ether_header *)((u_char *)p + SLL_HDR_LEN); + ether_handle(ep, pend, len); default: gg_log_tmp("unknown family %x !", family); break; } } else { - struct ip *ip; - ip = (struct ip *)((u_char *)p + SLL_HDR_LEN); - len -= SLL_HDR_LEN; + ip = (struct ip *)(p + SLL_HDR_LEN); ip_handle(ip, pend, len); } } @@ -611,7 +602,6 @@ phandler_loop(u_char *user, const struct pcap_pkthdr *h, const u_char *p) { struct ip *ip; struct ether_header *ep; - u_short ether_type; u_int family; const u_char *pend; u_int len; @@ -622,7 +612,7 @@ phandler_loop(u_char *user, const struct pcap_pkthdr *h, const u_char *p) * be the case when using dump files, says tcpdump sources */ pend = p + h->caplen; - len = h->len; + len = h->len - NULL_HDRLEN; memcpy((char *)&family, (char *)p, sizeof(family)); family = ntohl(family); @@ -630,28 +620,12 @@ phandler_loop(u_char *user, const struct pcap_pkthdr *h, const u_char *p) case AF_INET: gg_log_tmp("loop family AF_INET"); ip = (struct ip *)(p + NULL_HDRLEN); - len -= NULL_HDRLEN; ip_handle(ip, pend, len); break; case AF_LINK: - ep = (struct ether_header *)(p + NULL_HDRLEN); - // XXX call phandler_ether instead - ether_type = ntohs(ep->ether_type); - if (ether_type <= ETHERMTU) - gg_log_tmp("llc packet !"); - else { - switch (ether_type) { - case ETHERTYPE_IP: - gg_log_tmp("loop family AF_LINK IP"); - ip = (struct ip *)((u_char *)ep + sizeof(*ep)); - len -= NULL_HDRLEN + sizeof(*ep); - ip_handle(ip, pend, len); - break; - default: - gg_log_tmp("loop non ip packet !"); - break; - } - } + ep = (struct ether_header *)((u_char *)p + NULL_HDRLEN); + ether_handle(ep, pend, len); + break; default: gg_log_tmp("unknown family %x !", family); break; -- cgit v1.2.3-59-g8ed1b