File containing the implementation of the packet decoder utilities. More...

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/icmp6.h>
#include <netinet/if_ether.h>
#include <netinet/ip.h>
#include <netinet/ip6.h>
#include <netinet/ip_icmp.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <pcap.h>
#include "../../../utils/allocs.h"
#include "../../../utils/hash.h"
#include "../../../utils/log.h"
#include "../../../utils/net.h"
#include "../../../utils/os.h"
#include "dns_decoder.h"
#include "mdns_decoder.h"
#include "packet_decoder.h"

Include dependency graph for packet_decoder.c:

Macros
#define	_GNU_SOURCE

#define	LINKTYPE_LINUX_SLL "LINUX_SLL"

#define	LINKTYPE_ETHERNET "EN10MB"

#define	IPV6_VERSION 0x60

#define	IPV6_VERSION_MASK 0xf0

#define	DNS_PORT 53

#define	MDNS_PORT 5353

#define	DHCP_CLIENT_PORT 68

#define	DHCP_SERVER_PORT 67

#define	MAX_PACKET_TYPES 10

Functions
bool	decode_dhcp_packet (struct capture_packet *cpac)

bool	decode_udp_packet (struct capture_packet *cpac)

bool	decode_tcp_packet (struct capture_packet *cpac)

bool	decode_icmp4_packet (struct capture_packet *cpac)

bool	decode_icmp6_packet (struct capture_packet *cpac)

bool	decode_ip4_packet (struct capture_packet *cpac)

bool	decode_ip6_packet (struct capture_packet *cpac)

bool	decode_arp_packet (struct capture_packet *cpac)

bool	decode_eth_packet (const struct pcap_pkthdr header, const uint8_t packet, struct capture_packet *cpac)

int	decode_packet (const struct pcap_pkthdr header, const uint8_t packet, struct capture_packet *cpac)

int	extract_packets (const char ltype, const struct pcap_pkthdr header, const uint8_t packet, char interface, UT_array *tp_array)
	Extract packets from pcap packet data. More...

Detailed Description

File containing the implementation of the packet decoder utilities.

Author: Alexandru Mereacre

Date: 2021

Copyright: SPDX-FileCopyrightText: © 2021 NQMCyber Ltd and edgesec contributors SPDX-License-Identifier: LGPL-3.0-or-later

Macro Definition Documentation

◆ _GNU_SOURCE

#define _GNU_SOURCE

◆ DHCP_CLIENT_PORT

#define DHCP_CLIENT_PORT 68

◆ DHCP_SERVER_PORT

#define DHCP_SERVER_PORT 67

◆ DNS_PORT

#define DNS_PORT 53

◆ IPV6_VERSION

#define IPV6_VERSION 0x60

◆ IPV6_VERSION_MASK

#define IPV6_VERSION_MASK 0xf0

◆ LINKTYPE_ETHERNET

#define LINKTYPE_ETHERNET "EN10MB"

◆ LINKTYPE_LINUX_SLL

#define LINKTYPE_LINUX_SLL "LINUX_SLL"

◆ MAX_PACKET_TYPES

#define MAX_PACKET_TYPES 10

◆ MDNS_PORT

#define MDNS_PORT 5353

Function Documentation

◆ decode_arp_packet()

bool decode_arp_packet ( struct capture_packet * cpac )

◆ decode_dhcp_packet()

bool decode_dhcp_packet ( struct capture_packet * cpac )

◆ decode_eth_packet()

bool decode_eth_packet	(	const struct pcap_pkthdr *	header,
		const uint8_t *	packet,
		struct capture_packet *	cpac
	)

◆ decode_icmp4_packet()

bool decode_icmp4_packet ( struct capture_packet * cpac )

◆ decode_icmp6_packet()

bool decode_icmp6_packet ( struct capture_packet * cpac )

◆ decode_ip4_packet()

bool decode_ip4_packet ( struct capture_packet * cpac )

◆ decode_ip6_packet()

bool decode_ip6_packet ( struct capture_packet * cpac )

◆ decode_packet()

int decode_packet	(	const struct pcap_pkthdr *	header,
		const uint8_t *	packet,
		struct capture_packet *	cpac
	)

◆ decode_tcp_packet()

bool decode_tcp_packet ( struct capture_packet * cpac )

◆ decode_udp_packet()

bool decode_udp_packet ( struct capture_packet * cpac )

◆ extract_packets()

int extract_packets	(	const char *	ltype,
		const struct pcap_pkthdr *	header,
		const uint8_t *	packet,
		char *	interface,
		UT_array *	tp_array
	)

Extract packets from pcap packet data.

Parameters

ltype	The link type
header	The packet header as per pcap
packet	The packet data
interface	The packet interface
tp_array	The array of returned packet tuples

Returns: int Total count of packet tuples

Macros

Functions