wanderer/fastnetmon-rewritten
1
0
Fork 0
mirror of https://github.com/pavel-odintsov/fastnetmon synced 2024-11-24 02:46:36 +01:00
Code Issues Releases Activity

Patch parser: add ability to detect fragmented tarffic

Browse Source
This commit is contained in:
Pavel Odintsov 2015-05-07 15:51:54 +03:00
parent 01969596d9
commit 22db346f18
2 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/fastnetmon_packet_parser.c
View File

@ -453,6 +453,23 @@ int fastnetmon_parse_pkt(unsigned char *pkt, struct pfring_pkthdr *hdr, u_int8_t
fragment_offset = ip->frag_off & htons(IP_OFFSET); /* fragment, but not the first */
ip_len = ip->ihl*4;
// Parse fragmentation info:
// Very good examples about IPv4 flags: http://lwn.net/Articles/136319/
hdr->extended_hdr.parsed_pkt.ip_fragmented = 0;
int fast_frag_off = ntohs(ip->frag_off);
int fast_offset = (fast_frag_off & IP_OFFSET);
if (fast_frag_off & IP_MF) {
//printf("Packet with MF flag\n");
hdr->extended_hdr.parsed_pkt.ip_fragmented = 1;
}
if (fast_offset != 0) {
//printf("Packet with non zero offset\n");
hdr->extended_hdr.parsed_pkt.ip_fragmented = 1;
}
} else if (hdr->extended_hdr.parsed_pkt.eth_type == 0x86DD /* IPv6 */) {
struct kcompact_ipv6_hdr *ipv6;
@ -698,6 +715,8 @@ int fastnetmon_print_parsed_pkt(char *buff, u_int buff_len, const u_char *p, con
}
}
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[ip_fragmented: %d]", h->extended_hdr.parsed_pkt.ip_fragmented);
buff_used += snprintf(&buff[buff_used], buff_len - buff_used,
"[hash=%u][tos=%d][tcp_seq_num=%u]",
h->extended_hdr.pkt_hash,

1
src/fastnetmon_packet_parser.h
View File

@ -48,6 +48,7 @@ struct pkt_parsing_info {
u_int16_t vlan_id; /* VLAN Id or NO_VLAN */
u_int8_t ip_version;
u_int8_t l3_proto, ip_tos; /* Layer 3 protocol/TOS */
u_int8_t ip_fragmented; /* Layer 3 fragmentation flag */
ip_addr ip_src, ip_dst; /* IPv4 src/dst IP addresses */
u_int16_t l4_src_port, l4_dst_port; /* Layer 4 src/dst ports */
struct {