wm: dnsparser

ref: 824bfaa30889ec9b56e9ab9704bce616a5129f0a
dir: /tcp.c/

View raw version
#include <stdio.h>
#include <stdint.h>
#include <pcap.h>
#include "common.h"

int
parseTcp(const u_char *pkt, Tcp *tcp)
{
	int pos = 0;
	
	tcp->srcport = get2(pkt + pos);
	pos += TCP_SRCPORT;
	
	tcp->dstport = get2(pkt + pos);
	pos += TCP_DSTPORT;

	tcp->seqnum = get4(pkt + pos);
	pos += TCP_SEQNUM;
	
	tcp->acknum = get4(pkt + pos);
	pos += TCP_ACKNUM;
	
	/* offsets are multiplies of 4 (32-bit) values */
	tcp->offset = (pkt[pos] >> 4) * 4;
	pos += TCP_OFFSET;
	
	tcp->flags = pkt[pos];
	pos += TCP_FLAGS;
	
	tcp->winsize = get2(pkt + pos);
	pos += TCP_WINSIZE;
	
	tcp->sum = pkt[pos];
	pos += TCP_SUM;
	
	tcp->urgentptr = get2(pkt + pos);
	pos += TCP_URGPTR;
	return 1;
}

void
printTcp(Tcp tcp)
{
		printf("tcp pkt:\n"
		"\tsrcport: %d\tdstport: %d\n"
		"\tseqnum: %d\tacknum: %d\n"
		"\toffset: %d\tflags: %b (%x)\n"
		"\twinsize: %d (%x)\tsum: %d\n",
		
		tcp.srcport, tcp.dstport,
		tcp.seqnum, tcp.acknum,
		tcp.offset, tcp.flags, tcp.flags,
		tcp.winsize, tcp.winsize, tcp.sum);
}

Parser tcpParser = {
	.parse = parseTcp,
	.print = printTcp,
};