ref: e7d315db2f32145030007b4d9431e5aa128f8f16
dir: /common.h/
#define debug 0
enum
{
/* sizes and stuff */
ETHER_LEN = 14,
ETHER_ADDR_LEN = 6,
UDP_SIZE = 8,
/* sizes of each field in header */
ETHER_DST = ETHER_ADDR_LEN,
ETHER_SRC = ETHER_ADDR_LEN,
ETHER_TYPE = 2,
PKT_VHL = 2,
PKT_LEN = 2,
PKT_ID = 4,
PKT_TTL = 1,
PKT_PROTO = 1,
PKT_SUM = 2,
PKT_SRC = 4,
PKT_DST = 4,
/* udp stuff */
UDP_SRCPORT = 2,
UDP_DSTPORT = 2,
UDP_LEN = 2,
UDP_SUM = 2,
/* tcp stuff */
TCP_SRCPORT = 2,
TCP_DSTPORT = 2,
TCP_SEQNUM = 4,
TCP_ACKNUM = 4,
TCP_OFFSET = 1, /* half a byte is used */
TCP_FLAGS = 1,
TCP_WINSIZE = 2,
TCP_SUM = 2,
TCP_URGPTR = 2,
TCP_OPTS = 2,
/* tcp flags @ 13 */
TCP_FLAG_ACK = 0x010,
TCP_FLAG_PSH = 0x008,
TCP_FLAG_SYN = 0x002,
TCP_FLAG_FIN = 0x001,
/* dns */
DNS_ID = 2,
DNS_FLAGS = 2,
DNS_COUNT_QUERIES = 2,
DNS_COUNT_ANSWERS = 2,
DNS_COUNT_AUTH_RR = 2,
DNS_COUNT_ADD_RR = 2,
DNS_TYPE = 2,
DNS_CLASS = 2,
DNS_BACKREF = 2, /* that c0 ff thingi which back references */
DNS_TTL = 4,
DNS_LEN = 2,
/* dns flags bits @ 2 */
DNS_ISRESP = 0x8000,
DNS_OPCODE = 0x7800,
DNS_FLAGS_OPCODE_QUERY = 0x4000,
DNS_FLAGS_OPCODE_IQUERY = 0x2000,
DNS_FLAGS_OPCODE_STATUS = 0x1000, /* 2 bits */
DNS_FLAGS_OPCODE_NOTIFY = 0x0800,
DNS_AUTH = 0x0400,
DNS_TRUNCATED = 0x0200,
DNS_RD = 0x0100,
DNS_RA = 0x0080,
DNS_Z = 0x0040,
DNS_AD = 0x0020,
DNS_CD = 0x0010,
DNS_RCODE = 0x000F,
/* tls record */
TLS_RECORD_CONTENTTYPE = 1,
TLS_RECORD_VERSION = 1,
TLS_RECORD_LEN = 2,
/* tls 1.2 handshake */
TLS_HANDSHAKE_TYPE = 1,
TLS_HANDSHAKE_LEN = 3,
TLS_HANDSHAKE_VERSION = 2,
TLS_HANDSHAKE_RANDOM = 32,
TLS_HANDSHAKE_SESSIONID_LEN = 1,
TLS_HANDSHAKE_SESSIONID = 32,
TLS_HANDSHAKE_CIPHERS_LEN = 2,
TLS_HANDSHAKE_CIPHERS = 54,
TLS_HANDSHAKE_COMP_LEN = 1,
TLS_HANDSHAKE_COMPS = 1,
TLS_HANDSHAKE_EXTS_LEN = 2, /* number of all extensions */
TLS_HANDSHAKE_EXT_TYPE = 2,
TLS_HANDSHAKE_EXT_LEN = 2, /* (data) length of a specfic extension */
/* ether types */
ETHER_IP4 = 0x800,
ETHER_IP6 = 0x86dd,
/* packet types */
PKT_TCP = 6,
PKT_UDP = 17,
/* dns types */
DNS_TYPE_A = 1,
DNS_TYPE_CNAME = 5,
DNS_TYPE_MX = 15,
DNS_TYPE_TXT = 16,
DNS_TYPE_AAAA = 28,
/* dns classes */
DNS_CLASS_IN = 1, /* lonely :( */
/* tls handshake types */
TLS_HELLO_REQ = 0,
TLS_CLIENT_HELLO = 1,
TLS_SERVER_HELLO = 2,
TLS_NEW_TICKET = 4,
TLS_END_OF_EARLY_DATA = 5,
TLS_CERT = 11,
TLS_CERT_REQ = 13,
TLS_FINISHED = 20,
/* tls content types */
TLS_ALERT = 21,
TLS_HANDSHAKE = 22,
TLS_APPLICATION_DATA = 23,
TLS_HEARTBEAT = 24,
TLS_CID = 25, /* ? */
TLS_ACK = 26,
TLS_RTC = 27, /* ? */
};
/*
* each parser have at least these two
* they may have more functions internally and externally
*/
typedef struct
{
int (*parse)();
void (*print)();
}Parser;
extern pcap_t *handle;
extern struct bpf_program dnsfilter;
/* common.c */
uint16_t get2(const u_char *octet);
uint32_t get4(const u_char *octet);
void err(int fatal, char *fmt, ...);
/* ether.c */
typedef struct
{
uint8_t dst[ETHER_ADDR_LEN];
uint8_t src[ETHER_ADDR_LEN];
int type;
}Ether;
char* etherTypeToStr(uint16_t frame);
int parseEther(const u_char *pkt, Ether *e);
void printEther(Ether e);
extern Parser etherParser;
/* (ipv4) pkt.c */
typedef struct
{
uint8_t version;
uint8_t headerlen;
uint8_t len;
uint8_t ttl;
uint8_t proto; /* UDP, TCP */
uint16_t sum; /* checksum of packet */
uint32_t srcip;
uint32_t dstip;
}Pkt;
#define IP4_HL(octet) (octet & 0x0f)
#define IP4_V(octet) (octet >> 4)
int parsePkt(const u_char *pkt, Pkt *p);
char* pktTypeToStr(const u_char pkt);
void printPkt(Pkt p);
extern Parser pktParser;
/* udp.c */
typedef struct
{
uint16_t srcport;
uint16_t dstport;
uint16_t len;
uint16_t sum;
}Udp;
int parseUdp(const u_char *pkt, Udp *udp);
void printUdp(Udp udp);
extern Parser udpParser;
/* tcp.c */
typedef struct
{
uint16_t srcport;
uint16_t dstport;
uint32_t seqnum;
uint32_t acknum;
uint16_t offset;
uint16_t flags;
uint16_t winsize;
uint8_t sum;
uint16_t urgentptr;
/* we don't care about options */
}Tcp;
int parseTcp(const u_char *pkt, Tcp *tcp);
void printTcp(Tcp tcp);
extern Parser tcpParser;
/*
* dns.c
* a maximum size of 255 for strings is assumed
*/
typedef struct
{
/* is it response or request */
uint16_t id;
uint16_t flags;
/* count(s) */
uint16_t nQueries;
uint16_t nAnswers;
uint16_t nAuthRR;
uint16_t nAddRR;
char domain[255];
uint8_t type;
uint8_t class;
uint32_t ttl;
uint32_t len;
union
{
/* A */
uint8_t ip[4];
/* AAAA */
uint16_t ip6[8];
/* CNAME */
u_char cname[255];
};
}Dns;
int parseDnsCname(const u_char *pkt, u_char cname[255], uint pos, uint len);
int parseDns(const u_char *pkt, Dns *dns);
char* dnsClassToStr(uint16_t class);
char* dnsTypeToStr(uint16_t type);
void printDns(Dns dns);
extern Parser dnsParser;
/* tls.c */
typedef struct
{
uint16_t srcport;
uint16_t dstport;
uint32_t seqnum;
uint32_t acknum;
uint16_t offset;
uint16_t flags;
uint16_t winsize;
uint8_t sum;
uint16_t urgentptr;
/* we don't care about options */
}Tls;
extern Parser tlsParser;