packet_decoder.h

Go to the documentation of this file.

 
#ifndef PACKET_DECODER_H
#define PACKET_DECODER_H
 
#include <net/if.h>
#include <pcap.h>
 
#include <utarray.h>
#include "../../../utils/allocs.h"
#include "../../../utils/attributes.h"
#include "../../../utils/net.h"
#include "../../../utils/os.h"
 
#define MAX_QUESTION_LEN 255
 
typedef enum packet_types {
  PACKET_NONE = 0,
  PACKET_ETHERNET,
  PACKET_ARP,
  PACKET_IP4,
  PACKET_IP6,
  PACKET_TCP,
  PACKET_UDP,
  PACKET_ICMP4,
  PACKET_ICMP6,
  PACKET_DNS,
  PACKET_MDNS,
  PACKET_DHCP
} PACKET_TYPES;
 
struct tuple_packet {
  uint8_t *packet;   
  PACKET_TYPES type; 
};
 
struct eth_schema {
  uint64_t timestamp;           
  char id[MAX_RANDOM_UUID_LEN]; 
  uint32_t caplen;              
  uint32_t length;              
  char ifname[IF_NAMESIZE];     
  char ether_dhost[MACSTR_LEN]; 
  char ether_shost[MACSTR_LEN]; 
  uint16_t ether_type;          
};
 
struct arp_schema {
  char id[MAX_RANDOM_UUID_LEN];     
  uint16_t ar_hrd;                  
  uint16_t ar_pro;                  
  uint8_t ar_hln;                   
  uint8_t ar_pln;                   
  uint16_t ar_op;                   
  char arp_sha[MACSTR_LEN];         
  char arp_spa[OS_INET_ADDRSTRLEN]; 
  char arp_tha[MACSTR_LEN];         
  char arp_tpa[OS_INET_ADDRSTRLEN]; 
};
 
struct ip4_schema {
  char id[MAX_RANDOM_UUID_LEN];    
  char ip_src[OS_INET_ADDRSTRLEN]; 
  char ip_dst[OS_INET_ADDRSTRLEN]; 
  uint8_t ip_hl;   
  uint8_t ip_v;    
  uint8_t ip_tos;  
  uint16_t ip_len; 
  uint16_t ip_id;  
  uint16_t ip_off; 
  uint8_t ip_ttl;  
  uint8_t ip_p;    
  uint16_t ip_sum; 
};
 
struct ip6_schema {
  char id[MAX_RANDOM_UUID_LEN]; 
  uint32_t
      ip6_un1_flow; 
  uint16_t ip6_un1_plen; 
  uint8_t ip6_un1_nxt;   
  uint8_t ip6_un1_hlim;  
  uint8_t ip6_un2_vfc;   
  char ip6_src[OS_INET6_ADDRSTRLEN]; 
  char ip6_dst[OS_INET6_ADDRSTRLEN]; 
};
 
struct tcp_schema {
  char id[MAX_RANDOM_UUID_LEN]; 
  uint16_t source;              
  uint16_t dest;                
  uint32_t seq;                 
  uint32_t ack_seq;             
  uint16_t res1;                
  uint16_t doff;                
  uint16_t fin;                 
  uint16_t syn;                 
  uint16_t rst;                 
  uint16_t psh;                 
  uint16_t ack;                 
  uint16_t urg;                 
  uint16_t window;              
  uint16_t check_p;             
  uint16_t urg_ptr;             
};
 
struct udp_schema {
  char id[MAX_RANDOM_UUID_LEN]; 
  uint16_t source;              
  uint16_t dest;                
  uint16_t len;                 
  uint16_t check_p;             
};
 
struct icmp4_schema {
  char id[MAX_RANDOM_UUID_LEN]; 
  uint8_t type;                 
  uint8_t code;                 
  uint16_t checksum;            
  uint32_t gateway;             
};
 
struct icmp6_schema {
  char id[MAX_RANDOM_UUID_LEN]; 
  uint8_t icmp6_type;           
  uint8_t icmp6_code;           
  uint16_t icmp6_cksum;         
  uint32_t icmp6_un_data32;     
};
 
struct dns_schema {
  char id[MAX_RANDOM_UUID_LEN]; 
  uint16_t tid;                 
  uint16_t flags;               
  uint16_t nqueries;            
  uint16_t nanswers;            
  uint16_t nauth;               
  uint16_t nother;              
  char qname[MAX_QUESTION_LEN]; 
};
 
struct mdns_schema {
  char id[MAX_RANDOM_UUID_LEN]; 
  uint16_t tid;                 
  uint16_t flags;               
  uint16_t nqueries;            
  uint16_t nanswers;            
  uint16_t nauth;               
  uint16_t nother;              
  char qname[MAX_QUESTION_LEN]; 
};
 
struct dhcp_schema {
  char id[MAX_RANDOM_UUID_LEN]; 
  uint8_t op;                   
  uint8_t htype; 
  uint8_t hlen;  
  uint8_t hops;  
  uint32_t
      xid; 
  uint16_t secs;                   
  uint16_t flags;                  
  char ciaddr[OS_INET_ADDRSTRLEN]; 
  char yiaddr[OS_INET_ADDRSTRLEN]; 
  char siaddr[OS_INET_ADDRSTRLEN]; 
  char giaddr[OS_INET_ADDRSTRLEN]; 
  char chaddr[MACSTR_LEN];         
};
 
struct dns_header {
  uint16_t tid;      
  uint16_t flags;    
  uint16_t nqueries; 
  uint16_t nanswers; 
  uint16_t nauth;    
  uint16_t nother;   
};
 
struct mdns_header {
  uint16_t tid;      
  uint16_t flags;    
  uint16_t nqueries; 
  uint16_t nanswers; 
  uint16_t nauth;    
  uint16_t nother;   
};
 
struct mdns_query_meta {
  uint16_t qtype; 
  uint16_t uresponse : 1; 
  uint16_t qclass : 15;   
} STRUCT_PACKED;
 
struct mdns_answer_meta {
  uint16_t rrtype;       
  uint16_t cflush : 1;   
  uint16_t rrclass : 15; 
  uint32_t ttl; 
  uint16_t rdlength; 
} STRUCT_PACKED;
 
struct dhcp_header {
  uint8_t op; 
  uint8_t
      htype; 
  uint8_t hlen;    
  uint8_t hops;    
  uint32_t xid;    
  uint16_t secs;   
  uint16_t flags;  
  uint32_t ciaddr; 
  uint32_t
      yiaddr; 
  uint32_t siaddr;     
  uint32_t giaddr;     
  uint8_t chaddr[16];  
  uint8_t legacy[192]; 
} STRUCT_PACKED;
 
struct capture_packet {
  struct ether_header *ethh; 
  struct ether_arp *arph;    
  struct ip *ip4h;
  struct ip6_hdr *ip6h;
  struct tcphdr *tcph;
  struct udphdr *udph;
  struct icmp *icmp4h;
  struct icmp6_hdr *icmp6h;
  struct dns_header *dnsh;
  struct mdns_header *mdnsh;
  struct dhcp_header *dhcph;
  struct eth_schema eths;
  struct arp_schema arps;
  struct ip4_schema ip4s;
  struct ip6_schema ip6s;
  struct tcp_schema tcps;
  struct udp_schema udps;
  struct icmp4_schema icmp4s;
  struct icmp6_schema icmp6s;
  struct dns_schema dnss;
  struct mdns_schema mdnss;
  struct dhcp_schema dhcps;
  uint64_t timestamp;
  uint32_t caplen;
  uint32_t length;
  char ifname[IF_NAMESIZE];
  char id[MAX_RANDOM_UUID_LEN];
};
 
int extract_packets(const char *ltype, const struct pcap_pkthdr *header,
                    const uint8_t *packet, char *interface, UT_array *tp_array);
 
#endif