proto_tcp.c

   1 /*
   2  * netsniff-ng - the packet sniffing beast
   3  * Copyright 2009, 2010 Daniel Borkmann.
   4  * Subject to the GPL, version 2.
   5  */
   6
   7 #include <stdio.h>
   8 #include <stdint.h>
   9 #include <endian.h>
  10 #include <netinet/in.h>    /* for ntohs() */
  11 #include <asm/byteorder.h>
  12
  13 #include "proto.h"
  14 #include "protos.h"
  15 #include "lookup.h"
  16 #include "built_in.h"
  17 #include "pkt_buff.h"
  18
  19 struct tcphdr {
  20         uint16_t source;
  21         uint16_t dest;
  22         uint32_t seq;
  23         uint32_t ack_seq;
  24 #if defined(__LITTLE_ENDIAN_BITFIELD)
  25         __extension__ uint16_t res1:4,
  26                                doff:4,
  27                                fin:1,
  28                                syn:1,
  29                                rst:1,
  30                                psh:1,
  31                                ack:1,
  32                                urg:1,
  33                                ece:1,
  34                                cwr:1;
  35 #elif defined(__BIG_ENDIAN_BITFIELD)
  36         __extension__ uint16_t doff:4,
  37                                res1:4,
  38                                cwr:1,
  39                                ece:1,
  40                                urg:1,
  41                                ack:1,
  42                                psh:1,
  43                                rst:1,
  44                                syn:1,
  45                                fin:1;
  46 #else
  47 # error  "Adjust your <asm/byteorder.h> defines"
  48 #endif
  49         uint16_t window;
  50         uint16_t check;
  51         uint16_t urg_ptr;
  52 } __packed;
  53
  54 #define tprintf_flag(flag, str, prev)   ({              \
  55         bool __r = false;                                       \
  56         if (flag) {                                     \
  57                 tprintf("%s%s", (prev) ? " " : "", str);        \
  58                 __r = true;                                     \
  59         }                                                       \
  60         __r;                                                    \
  61 })
  62
  63 static void tcp(struct pkt_buff *pkt)
  64 {
  65         struct tcphdr *tcp = (struct tcphdr *) pkt_pull(pkt, sizeof(*tcp));
  66         uint16_t src, dest;
  67         const char *src_name, *dest_name;
  68         bool v = false;
  69
  70         if (tcp == NULL)
  71                 return;
  72
  73         src = ntohs(tcp->source);
  74         dest = ntohs(tcp->dest);
  75
  76         src_name = lookup_port_tcp(src);
  77         dest_name = lookup_port_tcp(dest);
  78
  79         tprintf(" [ TCP ");
  80         tprintf("Port (%u", src);
  81         if (src_name)
  82                 tprintf(" (%s%s%s)", colorize_start(bold), src_name,
  83                         colorize_end());
  84         tprintf(" => %u", dest);
  85         if (dest_name)
  86                 tprintf(" (%s%s%s)", colorize_start(bold), dest_name,
  87                         colorize_end());
  88         tprintf("), ");
  89         tprintf("SN (0x%x), ", ntohl(tcp->seq));
  90         tprintf("AN (0x%x), ", ntohl(tcp->ack_seq));
  91         tprintf("DataOff (%u), ", tcp->doff);
  92         tprintf("Res (%u), ", tcp->res1);
  93         tprintf("Flags (");
  94         v = tprintf_flag(tcp->fin, "FIN", v);
  95         v = tprintf_flag(tcp->syn, "SYN", v);
  96         v = tprintf_flag(tcp->rst, "RST", v);
  97         v = tprintf_flag(tcp->psh, "PSH", v);
  98         v = tprintf_flag(tcp->ack, "ACK", v);
  99         v = tprintf_flag(tcp->urg, "URG", v);
 100         v = tprintf_flag(tcp->ece, "ECE", v);
 101         v = tprintf_flag(tcp->cwr, "CWR", v);
 102         tprintf("), ");
 103         tprintf("Window (%u), ", ntohs(tcp->window));
 104         tprintf("CSum (0x%.4x), ", ntohs(tcp->check));
 105         tprintf("UrgPtr (%u)", ntohs(tcp->urg_ptr));
 106         tprintf(" ]\n");
 107 }
 108
 109 static void tcp_less(struct pkt_buff *pkt)
 110 {
 111         struct tcphdr *tcp = (struct tcphdr *) pkt_pull(pkt, sizeof(*tcp));
 112         uint16_t src, dest;
 113         const char *src_name, *dest_name;
 114
 115         if (tcp == NULL)
 116                 return;
 117
 118         src = ntohs(tcp->source);
 119         dest = ntohs(tcp->dest);
 120
 121         src_name = lookup_port_tcp(src);
 122         dest_name = lookup_port_tcp(dest);
 123
 124         tprintf(" TCP %u", src);
 125         if(src_name)
 126                 tprintf("(%s%s%s)", colorize_start(bold), src_name,
 127                         colorize_end());
 128         tprintf("/%u", dest);
 129         if(dest_name)
 130                 tprintf("(%s%s%s)", colorize_start(bold), dest_name,
 131                         colorize_end());
 132         tprintf(" F%s",colorize_start(bold));
 133         if (tcp->fin)
 134                 tprintf(" FIN");
 135         if (tcp->syn)
 136                 tprintf(" SYN");
 137         if (tcp->rst)
 138                 tprintf(" RST");
 139         if (tcp->psh)
 140                 tprintf(" PSH");
 141         if (tcp->ack)
 142                 tprintf(" ACK");
 143         if (tcp->urg)
 144                 tprintf(" URG");
 145         if (tcp->ece)
 146                 tprintf(" ECE");
 147         if (tcp->cwr)
 148                 tprintf(" CWR");
 149         tprintf("%s Win %u S/A 0x%x/0x%x", colorize_end(),
 150                 ntohs(tcp->window), ntohl(tcp->seq), ntohl(tcp->ack_seq));
 151 }
 152
 153 struct protocol tcp_ops = {
 154         .key = 0x06,
 155         .print_full = tcp,
 156         .print_less = tcp_less,
 157 };