Changeset 585
- Timestamp:
- 07/08/06 16:51:56 (3 years ago)
- Files:
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
nepenthes/trunk/modules/module-honeytrap/module-honeytrap.cpp
r582 r585 28 28 /* $Id$ */ 29 29 30 #include <stdint.h> 30 31 #include <sys/types.h> 31 32 #include <sys/socket.h> 32 33 #include <arpa/inet.h> 33 //#include <netpacket/packet.h> 34 #include <net/ethernet.h> /* the L2 protocols */ 35 #include <netinet/in.h> 34 36 35 37 36 … … 432 431 } 433 432 434 int dll = pcap_datalink(m_RawListener); 435 switch( dll ) 436 { 433 m_PcapDataLinkType = pcap_datalink(m_RawListener); 434 435 switch ( m_PcapDataLinkType ) 436 { 437 case DLT_NULL: 438 case DLT_EN10MB: 439 case DLT_PPP: 440 case DLT_RAW: 441 case DLT_PPP_ETHER: 442 443 #ifdef DLT_LINUX_SLL 437 444 case DLT_LINUX_SLL: 438 logInfo("DataLinkLayer %s %s\n",pcap_datalink_val_to_name(dll),pcap_datalink_val_to_description(dll)); 439 m_LinkLayerHeaderLength = 16; 440 break; 441 442 443 case DLT_EN10MB: 444 logInfo("DataLinkLayer %s %s\n",pcap_datalink_val_to_name(dll),pcap_datalink_val_to_description(dll)); 445 m_LinkLayerHeaderLength = 14; 446 break; 447 445 #endif 446 logInfo("DataLinkLayer %s %s\n", 447 pcap_datalink_val_to_name(m_PcapDataLinkType), 448 pcap_datalink_val_to_description(m_PcapDataLinkType)); 449 break; 450 448 451 default: 449 logCrit("DataLink %i %s %s unknown, please file a bug\n",dll,pcap_datalink_val_to_name(dll),pcap_datalink_val_to_description(dll)); 450 return false; 451 } 452 452 logCrit("DataLinkLayer %s %s not supported\n", 453 pcap_datalink_val_to_name(m_PcapDataLinkType), 454 pcap_datalink_val_to_description(m_PcapDataLinkType)); 455 return false; 456 } 457 458 459 460 453 461 return true; 454 462 #else … … 587 595 { 588 596 // g_Nepenthes->getUtilities()->hexdump((byte *)pkt_data,52); 589 590 591 struct libnet_ipv4_hdr *ip = (struct libnet_ipv4_hdr *) (pkt_data + m_LinkLayerHeaderLength); 592 struct libnet_tcp_hdr *tcp = (struct libnet_tcp_hdr *) (pkt_data + m_LinkLayerHeaderLength + ip->ip_hl * 4); 597 598 int offset=0; 599 600 switch ( m_PcapDataLinkType ) 601 { 602 603 case DLT_NULL: 604 offset = 4; 605 break; 606 607 case DLT_EN10MB: 608 offset = 14; 609 break; 610 611 612 case DLT_PPP: 613 /* PPP; if the first 2 bytes are 0xff and 0x03, 614 * it's PPP in HDLC-like framing, with the PPP header following those two bytes, 615 * otherwise it's PPP without framing, and the packet begins with the PPP header. 616 */ 617 offset = 4; 618 static char hldc_frame[] = { 0xff, 0x03 }; 619 if (memcmp(pkt_data,hldc_frame,2) == 0) 620 offset += 2; 621 break; 622 623 624 case DLT_RAW: 625 offset = 0; 626 break; 627 628 629 case DLT_PPP_ETHER: 630 offset = 6; 631 break; 632 633 #ifdef DLT_LINUX_SLL 634 case DLT_LINUX_SLL: 635 offset = 16; 636 break; 637 #endif 638 } 639 640 struct libnet_ipv4_hdr *ip = (struct libnet_ipv4_hdr *) (pkt_data + offset); 641 struct libnet_tcp_hdr *tcp = (struct libnet_tcp_hdr *) (pkt_data + offset + ip->ip_hl * 4); 593 642 594 643 /* new connections are welcome */ … … 798 847 unsigned long rxq, txq, time_len, retr, inode; 799 848 int num, local_port, rem_port, d, state, uid, timer_run, timeout; 800 char rem_addr[128], local_addr[128], more[51 2];849 char rem_addr[128], local_addr[128], more[513]; 801 850 char line[512]; 802 851 struct sockaddr_in localaddr; //, remaddr; … … 932 981 } 933 982 983 984 985 986 nepenthes/trunk/modules/module-honeytrap/module-honeytrap.hpp
r581 r585 73 73 #define LIBNET_LIL_ENDIAN 1 74 74 75 #ifndef ETHERTYPE_IP 76 #define ETHERTYPE_IP 0x0800 /* IP protocol */ 77 #endif 75 78 76 79 … … 252 255 #ifdef HAVE_PCAP 253 256 pcap_t *m_RawListener; 254 int m_LinkLayerHeaderLength;255 257 string m_PcapDevice; 258 int m_PcapDataLinkType; 256 259 #endif 257 260
