Update tcpdump.c:830 增加greedy数据拷贝越界检查
This commit is contained in:
杨威
137
tcpdump.c
137
tcpdump.c
@@ -26,35 +26,35 @@
|
||||
*/
|
||||
|
||||
/* 2016-11-29 lijia add,
|
||||
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>FTP<EFBFBD><EFBFBD>ʽ, TCP<43><50><EFBFBD>Ӵ<EFBFBD><D3B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, UDP<44><50><EFBFBD>Ӵ<EFBFBD><D3B4><EFBFBD>ʵ<EFBFBD>ʲ<EFBFBD><CAB2><EFBFBD>.
|
||||
1-<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>UDPδ<EFBFBD>ö˿<EFBFBD>, Ĭ<><C4AC>12345, <20>类ռ<E7B1BB><D5BC>, ˳<><CBB3><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;
|
||||
2-<EFBFBD><EFBFBD>sapp<EFBFBD><EFBFBD><EFBFBD><EFBFBD>TCP<EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD>ͱ<EFBFBD><CDB1><EFBFBD>UDP<44><50><EFBFBD><EFBFBD><EFBFBD>˿<EFBFBD>;
|
||||
3-<EFBFBD><EFBFBD>sapp<EFBFBD><EFBFBD><EFBFBD>Ͳ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD>BPF-filter<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ַ<EFBFBD><EFBFBD><EFBFBD>,
|
||||
类似FTP方式, TCP连接传输命令, UDP连接传输实际捕包.
|
||||
1-随机打开本端UDP未用端口, 默认12345, 如被占用, 顺序后延;
|
||||
2-与sapp建立TCP连接, 发送本端UDP监听端口;
|
||||
3-给sapp发送捕包控制命令, 传输BPF-filter过滤字符串,
|
||||
|
||||
4-<EFBFBD><EFBFBD>UDP<EFBFBD>˿ڶ<EFBFBD>ȡsapp<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD>;
|
||||
5-<EFBFBD><EFBFBD><EFBFBD><EFBFBD>tcpdumpԭ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ӡ<EFBFBD><D3A1>д<EFBFBD>ļ<EFBFBD><C4BC><EFBFBD>
|
||||
4-从UDP端口读取sapp捕获的数据包;
|
||||
5-调用tcpdump原版流程, 解析打印或写文件。
|
||||
|
||||
2018-01-19 lijia add,
|
||||
1-<EFBFBD><EFBFBD><EFBFBD><EFBFBD>tcpdump_mesaͬʱ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ӻ<EFBFBD><D3BB><EFBFBD>ռ<EFBFBD><D5BC>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD>ӵ<EFBFBD><D3B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><>ʹ<EFBFBD>õ<EFBFBD>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD>ӵĹ<D3B5><C4B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
|
||||
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>TCP<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ӵ<EFBFBD>ȷ<EFBFBD>ϻ<EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD>sapp<70><70><EFBFBD>ظ<EFBFBD>ȷ<EFBFBD>ϰ<EFBFBD>, tcpdump_mesa<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
|
||||
1-多个tcpdump_mesa同时启动时, 后续的连接会抢占第一个连接的数据流, 但使用第一个连接的过滤条件,
|
||||
增加TCP命令连接的确认机制, 如果sapp不回复确认包, tcpdump_mesa不启动捕包.
|
||||
|
||||
2-<EFBFBD><EFBFBD><EFBFBD>Ӷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD>ʹ<EFBFBD><CAB9>-a<><61><EFBFBD><EFBFBD>ָ<EFBFBD><D6B8>perceptiveģʽ, sapp<EFBFBD>ڷ<EFBFBD><EFBFBD>Ͱ<EFBFBD>ʱ, <20><>ԴMAC<41><43>ַ<EFBFBD>ϴ<EFBFBD><CFB4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
|
||||
tcpdump_mesa<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><>ȷ<EFBFBD><C8B7><EFBFBD>м<EFBFBD><D0BC>Ƿ<EFBFBD><C7B7>ж<EFBFBD><D0B6><EFBFBD>, <20><><EFBFBD>˼<EFBFBD><CBBC><EFBFBD><EFBFBD><EFBFBD>.
|
||||
2-增加丢包计数, 如果使用-a参数指定perceptive模式, sapp在发送包时, 在源MAC地址上打上序号,
|
||||
tcpdump_mesa检查序号是否连续, 以确认中间是否有丢包, 丢了几个包.
|
||||
*/
|
||||
#define MESA_DUMP (1)
|
||||
#if MESA_DUMP
|
||||
#include "mesa_pkt_dump.h"
|
||||
const int tcpdump_mesa_version_VERSION_20181114 = 20181114;
|
||||
int tcpdump_data_offset = 0; /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ijЩ<EFBFBD>ײ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><>vxlan, <20><><EFBFBD><EFBFBD>ֱ<EFBFBD>ӻ<EFBFBD>ȡ<EFBFBD><C8A1><EFBFBD><EFBFBD><EFBFBD>ù<EFBFBD><C3B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>vxlan<61><6E><EFBFBD>ڲ<EFBFBD><DAB2><EFBFBD><EFBFBD>ݰ<EFBFBD><DDB0><EFBFBD><EFBFBD><EFBFBD> */
|
||||
unsigned char tcpdump_thread_index_array[64]; /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>߳<EFBFBD>id<EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD>Ⱦ<EFBFBD><C8BE><EFBFBD>id<69><64><EFBFBD><EFBFBD>, ÿ<><C3BF>ռ1<D5BC>ֽ<EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֧<EFBFBD>ֶ<EFBFBD><D6B6>ŷָ<C5B7> */
|
||||
int tcpdump_data_offset = 0; /* 用于跳过某些底层数据, 如vxlan, 可以直接获取或设置过滤条件看vxlan的内层数据包内容 */
|
||||
unsigned char tcpdump_thread_index_array[64]; /* 开启捕包线程id数组, 靠长度决定id数量, 每个占1字节, 命令行输入支持逗号分隔 */
|
||||
int tcpdump_thread_index_array_num = 0;
|
||||
const char *tcpdump_thread_index_str;
|
||||
int tcpdump_perceptive_flag = 0;
|
||||
unsigned int perceptive_pkt_seq[256]; /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD>֧<EFBFBD><EFBFBD>256<EFBFBD><EFBFBD><EFBFBD>߳<EFBFBD> */
|
||||
static int greedy_seek_flag = 0; /* ƫ<EFBFBD>Ƶ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڲ<EFBFBD>IP, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ģʽ<C4A3>²<EFBFBD><C2B2><EFBFBD>BUG */
|
||||
static int dump_to_file_flag = 0; /* <EFBFBD>Ƿ<EFBFBD><EFBFBD><EFBFBD>-w <20><><EFBFBD><EFBFBD>, ԭ<>б<EFBFBD><EFBFBD><D7BC>WFileName<6D><65><EFBFBD><EFBFBD><EFBFBD><EFBFBD>main()<29>ľֲ<C4BE><D6B2><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʹ<EFBFBD><CAB9>, ʹ<>ô˱<C3B4><CBB1><EFBFBD><EFBFBD><EFBFBD>ʾ<EFBFBD>Ƿ<EFBFBD>д<EFBFBD>ļ<EFBFBD> */
|
||||
static int has_device_flag = 0; /* <EFBFBD>Ƿ<EFBFBD><EFBFBD><EFBFBD>-i, -r<EFBFBD><EFBFBD><EFBFBD><EFBFBD>, ԭ<>б<EFBFBD><EFBFBD><D7BC>device<63><65><EFBFBD><EFBFBD><EFBFBD><EFBFBD>main()<29>ľֲ<C4BE><D6B2><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʹ<EFBFBD><CAB9>, ʹ<>ô˱<C3B4><CBB1><EFBFBD><EFBFBD><EFBFBD>ʾ<EFBFBD>Ƿ<EFBFBD><C7B7><EFBFBD>ij<EFBFBD><C4B3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
|
||||
static int has_bpf_filter_flag = 0; /* <EFBFBD>Ƿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȷ<EFBFBD><EFBFBD>BPF<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
|
||||
unsigned int perceptive_pkt_seq[256]; /* 最大支持256个线程 */
|
||||
static int greedy_seek_flag = 0; /* 偏移到最内层IP, 便于隧道模式下查找BUG */
|
||||
static int dump_to_file_flag = 0; /* 是否有-w 参数, 原有标准的WFileName变量是main()的局部变量, 不方便使用, 使用此变量表示是否写文件 */
|
||||
static int has_device_flag = 0; /* 是否有-i, -r参数, 原有标准的device变量是main()的局部变量, 不方便使用, 使用此变量表示是否从某个网卡捕包 */
|
||||
static int has_bpf_filter_flag = 0; /* 是否有正确的BPF过滤条件 */
|
||||
extern int treat_vlan_as_mac_in_mac_sw;
|
||||
|
||||
#endif
|
||||
@@ -495,7 +495,7 @@ show_devices_and_exit (void)
|
||||
#define Q_FLAG
|
||||
#endif
|
||||
|
||||
#if MESA_DUMP /* lijia add, <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>g, k, o, P */
|
||||
#if MESA_DUMP /* lijia add, 新增参数g, k, o, P */
|
||||
#define SHORTOPTS "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:gG:hHi:" I_FLAG j_FLAG J_FLAG "k:KlLm:M:nNo:OP:pq" Q_FLAG "r:s:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:#"
|
||||
#else
|
||||
#define SHORTOPTS "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpq" Q_FLAG "r:s:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:#"
|
||||
@@ -526,7 +526,7 @@ show_devices_and_exit (void)
|
||||
#define OPTION_IMMEDIATE_MODE 130
|
||||
|
||||
#if MESA_DUMP
|
||||
#define OPTION_VLAN_AS_MAC_IN_MAC 131 /* <EFBFBD>̲<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD>ӳ<EFBFBD><D3B3><EFBFBD><EFBFBD><EFBFBD> */
|
||||
#define OPTION_VLAN_AS_MAC_IN_MAC 131 /* 短参数不够用了, 增加长参数 */
|
||||
#endif
|
||||
|
||||
static const struct option longopts[] = {
|
||||
@@ -825,21 +825,24 @@ static int MESA_dump_seek_to_inner(char *pkt_buf, int pktlen)
|
||||
ip4hdr_greedy = (struct mesa_ip4_hdr *)MESA_net_jump_to_layer_greedy(pkt_buf, ADDR_TYPE_MAC, __ADDR_TYPE_IP_PAIR_V4);
|
||||
if(ip4hdr_greedy){
|
||||
if((char *)ip4hdr_greedy == first_ip_layer){
|
||||
bpf_match_pkt_len = pktlen; /* <EFBFBD><EFBFBD><EFBFBD>ڲ<EFBFBD><EFBFBD>͵<EFBFBD>һ<EFBFBD><EFBFBD>IPһ<EFBFBD><EFBFBD>, ˵<><CBB5><EFBFBD>Ƿdz<C7B7><C7B3><EFBFBD><EFBFBD><D7BC>ethernet->IPv4<76><34>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD>memmove<EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
|
||||
bpf_match_pkt_len = pktlen; /* 最内层和第一层IP一样, 说明是非常标准的ethernet->IPv4包, 且无隧道, 无需memmove操作 */
|
||||
}else{
|
||||
if(pktlen - ((char *)ip4hdr_greedy - pkt_buf) > 0)
|
||||
{
|
||||
memmove(pkt_buf + sizeof(struct mesa_ethernet_hdr),
|
||||
ip4hdr_greedy,
|
||||
pktlen - ((char *)ip4hdr_greedy - pkt_buf));
|
||||
bpf_match_pkt_len = pktlen - ((char *)ip4hdr_greedy - pkt_buf) + sizeof(struct mesa_ethernet_hdr);
|
||||
ehdr->ether_type = htons(ETHERTYPE_IP); /* <EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ܲ<EFBFBD><EFBFBD><EFBFBD>IPV4, <EFBFBD><EFBFBD><EFBFBD><EFBFBD>MPLS, VLAN<EFBFBD><EFBFBD>, <20><>Ҫ<EFBFBD>ij<EFBFBD>IP, <20>Ա<EFBFBD>bpf<70><66><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȷִ<C8B7><D6B4> */
|
||||
ehdr->ether_type = htons(ETHERTYPE_IP); /* 第一层可能不是IPV4, 比如MPLS, VLAN等, 需要改成IP, 以便bpf过滤器能正确执行 */
|
||||
}
|
||||
}
|
||||
|
||||
if(bpf_match_pkt_len <= 0){
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȷ<EFBFBD>Ĺ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><>֤<EFBFBD><D6A4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȫ, <20><><EFBFBD>ϵ<EFBFBD><CFB5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͼ;
|
||||
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>û<EFBFBD>й<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><>ȫ<EFBFBD><C8AB><EFBFBD><EFBFBD>ģʽ, Ϊ<>˾<EFBFBD><CBBE><EFBFBD><EFBFBD><EFBFBD>Ӱ<EFBFBD><D3B0><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>߳<EFBFBD>, <20><><EFBFBD>ݲ<EFBFBD><DDB2><EFBFBD><EFBFBD><EFBFBD>ֻ<EFBFBD><D6BB>һ<EFBFBD><D2BB><EFBFBD>ְ<EFBFBD>.
|
||||
/* 如果有正确的过滤条件, 不设采样率, 保证捕包尽量全, 符合调用者意图;
|
||||
如果没有过滤条件, 即全捕包模式, 为了尽量不影响包处理线程, 根据采样率只捕一部分包.
|
||||
*/
|
||||
|
||||
bpf_match_ipv4 = 1;
|
||||
@@ -850,13 +853,13 @@ static int MESA_dump_seek_to_inner(char *pkt_buf, int pktlen)
|
||||
ip6hdr_greedy = (struct mesa_ip6_hdr *)MESA_net_jump_to_layer_greedy(pkt_buf, ADDR_TYPE_MAC, __ADDR_TYPE_IP_PAIR_V6);
|
||||
if(ip6hdr_greedy){
|
||||
if((char *)ip6hdr_greedy == first_ip_layer){
|
||||
bpf_match_pkt_len = pktlen; /* <EFBFBD><EFBFBD><EFBFBD>ڲ<EFBFBD><EFBFBD>͵<EFBFBD>һ<EFBFBD><EFBFBD>IPһ<EFBFBD><EFBFBD>, ˵<><CBB5><EFBFBD>Ƿdz<C7B7><C7B3><EFBFBD><EFBFBD><D7BC>ethernet->IPv6<76><36>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD>memmove<EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
|
||||
bpf_match_pkt_len = pktlen; /* 最内层和第一层IP一样, 说明是非常标准的ethernet->IPv6包, 且无隧道, 无需memmove操作 */
|
||||
}else{
|
||||
memmove(pkt_buf + sizeof(struct mesa_ethernet_hdr),
|
||||
ip6hdr_greedy,
|
||||
pktlen - ((char *)ip6hdr_greedy - pkt_buf));
|
||||
bpf_match_pkt_len = pktlen - ((char *)ip4hdr_greedy - pkt_buf) + sizeof(struct mesa_ethernet_hdr);
|
||||
ehdr->ether_type = htons(ETHERTYPE_IPv6); /* <EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ܲ<EFBFBD><EFBFBD><EFBFBD>IPV6, <EFBFBD><EFBFBD><EFBFBD><EFBFBD>MPLS, VLAN<EFBFBD><EFBFBD>,<2C><>Ҫ<EFBFBD>ij<EFBFBD>IP,<2C>Ա<EFBFBD>bpf<70><66><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȷִ<C8B7><D6B4> */
|
||||
ehdr->ether_type = htons(ETHERTYPE_IPv6); /* 第一层可能不是IPV6, 比如MPLS, VLAN等,需要改成IP,以便bpf过滤器能正确执行 */
|
||||
}
|
||||
|
||||
if(bpf_match_pkt_len <= 0){
|
||||
@@ -865,8 +868,8 @@ static int MESA_dump_seek_to_inner(char *pkt_buf, int pktlen)
|
||||
}
|
||||
|
||||
|
||||
/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȷ<EFBFBD>Ĺ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><>֤<EFBFBD><D6A4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȫ, <20><><EFBFBD>ϵ<EFBFBD><CFB5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͼ;
|
||||
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>û<EFBFBD>й<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><>ȫ<EFBFBD><C8AB><EFBFBD><EFBFBD>ģʽ, Ϊ<>˾<EFBFBD><CBBE><EFBFBD><EFBFBD><EFBFBD>Ӱ<EFBFBD><D3B0><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>߳<EFBFBD>, <20><><EFBFBD>ݲ<EFBFBD><DDB2><EFBFBD><EFBFBD><EFBFBD>ֻ<EFBFBD><D6BB>һ<EFBFBD><D2BB><EFBFBD>ְ<EFBFBD>.
|
||||
/* 如果有正确的过滤条件, 不设采样率, 保证捕包尽量全, 符合调用者意图;
|
||||
如果没有过滤条件, 即全捕包模式, 为了尽量不影响包处理线程, 根据采样率只捕一部分包.
|
||||
*/
|
||||
bpf_match_ipv6 = 1;
|
||||
}else{
|
||||
@@ -874,14 +877,14 @@ static int MESA_dump_seek_to_inner(char *pkt_buf, int pktlen)
|
||||
}
|
||||
|
||||
if(bpf_match_ipv4 || bpf_match_ipv6){
|
||||
return bpf_match_pkt_len; /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>м<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
|
||||
return bpf_match_pkt_len; /* 任意头部命中即可输出 */
|
||||
}
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
/* <EFBFBD><EFBFBD>֧<EFBFBD>ֶ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>߳<EFBFBD>, <20>ö<EFBFBD><C3B6>ŷָ<C5B7>"1,3,5,7" */
|
||||
/* 可支持多个线程, 用逗号分隔"1,3,5,7" */
|
||||
static int MESA_dump_thread_index_convert(const char *raw_index_str)
|
||||
{
|
||||
char *index_str = strdup(raw_index_str);
|
||||
@@ -889,7 +892,7 @@ static int MESA_dump_thread_index_convert(const char *raw_index_str)
|
||||
char *save_ptr, *section;
|
||||
int index = 0;
|
||||
|
||||
if(NULL == memchr(index_str, ',', strlen(raw_index_str))){ /* <EFBFBD><EFBFBD><EFBFBD>ŷָ<EFBFBD>, <20><><EFBFBD><EFBFBD>һ<EFBFBD><D2BB>, <20><EFBFBD><DEB6>߳<EFBFBD> */
|
||||
if(NULL == memchr(index_str, ',', strlen(raw_index_str))){ /* 无逗号分隔, 仅有一个, 无多线程 */
|
||||
tcpdump_thread_index_array[0] = atoi(raw_index_str);
|
||||
if(tcpdump_thread_index_array[0] >= 64){
|
||||
goto err;
|
||||
@@ -975,8 +978,8 @@ static int pkt_dump_recv_ack(int connfd)
|
||||
|
||||
#include <pthread.h>
|
||||
/*
|
||||
<EFBFBD><EFBFBD><EFBFBD>߳<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڼ<EFBFBD><EFBFBD><EFBFBD>sapp<EFBFBD>Ŀ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD>sapp<70>˳<EFBFBD><CBB3><EFBFBD>,
|
||||
tcpdump_mesaҲӦ<EFBFBD><EFBFBD><EFBFBD>˳<EFBFBD>.
|
||||
此线程用于监测sapp的控制连接是否存活, 如果sapp退出了,
|
||||
tcpdump_mesa也应该退出.
|
||||
*/
|
||||
static void *detect_sapp_alive_thread(void *arg)
|
||||
{
|
||||
@@ -1002,7 +1005,7 @@ static int MESA_dump_start(unsigned short udp_rcv_port, unsigned short sapp_cmd_
|
||||
unsigned short filter_len = 0;
|
||||
struct sockaddr_in sockadd;
|
||||
struct pkt_dump_handshake pkt_hdr;
|
||||
unsigned int opt_num = 1; /* <EFBFBD><EFBFBD><EFBFBD>˽<EFBFBD><EFBFBD>ն˿<EFBFBD>Ϊ<EFBFBD><EFBFBD>ѡ<EFBFBD><EFBFBD> */
|
||||
unsigned int opt_num = 1; /* 本端接收端口为必选项 */
|
||||
struct pkt_dump_opt opt;
|
||||
pthread_t pid;
|
||||
|
||||
@@ -1049,7 +1052,7 @@ static int MESA_dump_start(unsigned short udp_rcv_port, unsigned short sapp_cmd_
|
||||
|
||||
/************** pkt handshake *************/
|
||||
pkt_hdr.magic = htonl(PKT_DUMP_HDR_MAGIC);
|
||||
pkt_hdr.version = htonl(20180119); /* ֮ǰsapp<EFBFBD><EFBFBD>20180119<EFBFBD>汾<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϸ<EFBFBD>У<EFBFBD><EFBFBD>, <20>˴<EFBFBD><CBB4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20>ȹ̶<C8B9><CCB6>ô<EFBFBD>ֵ, <20>Ժ<EFBFBD><D4BA><EFBFBD><EFBFBD><EFBFBD>sapp<70><70>, <20><><EFBFBD><EFBFBD>У<EFBFBD><D0A3><EFBFBD>汾 */
|
||||
pkt_hdr.version = htonl(20180119); /* 之前sapp对20180119版本做了严格校验, 此处向后兼容, 先固定用此值, 以后更新sapp后, 不再校验版本 */
|
||||
pkt_hdr.opt_num = htonl(opt_num);
|
||||
ret = write(tcp_cmd_fd, &pkt_hdr, sizeof(pkt_hdr));
|
||||
if(ret < 0){
|
||||
@@ -1169,7 +1172,7 @@ static void pkt_dump_signal_cb(int signo)
|
||||
return;
|
||||
}
|
||||
|
||||
/* <EFBFBD><EFBFBD><EFBFBD>ٶ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʾ<EFBFBD>澯<EFBFBD><EFBFBD>Ϣ<EFBFBD><EFBFBD> */
|
||||
/* 虚假丢包显示告警信息包 */
|
||||
static const char _perceptive_pkt_data[] =
|
||||
{
|
||||
|
||||
@@ -1198,12 +1201,12 @@ static void _build_perceptive_pkt(pcap_handler callback, u_char *pcap_userdata,
|
||||
perceptive_pcap_hdr.len = 79;
|
||||
perceptive_pcap_hdr.caplen = 79;
|
||||
gettimeofday(&perceptive_pcap_hdr.ts, NULL);
|
||||
callback(pcap_userdata, &perceptive_pcap_hdr, _perceptive_pkt_data); /* ˢ<EFBFBD><EFBFBD>ģʽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>print_packet(); <EFBFBD><EFBFBD><EFBFBD><EFBFBD>ģʽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>: dump_packet() */
|
||||
callback(pcap_userdata, &perceptive_pcap_hdr, _perceptive_pkt_data); /* 刷屏模式调用print_packet(); 捕包模式调用: dump_packet() */
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
<EFBFBD><EFBFBD>sapp<EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD>DZ<EFBFBD>tcpdump<6D><70><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
|
||||
从sapp捕包, 而非标准tcpdump从网卡捕包.
|
||||
*/
|
||||
static void MESA_dump(pcap_handler callback, u_char *pcap_userdata, char *filter,
|
||||
int tot_pkt, unsigned short sapp_cmd_port )
|
||||
@@ -1233,12 +1236,12 @@ static void MESA_dump(pcap_handler callback, u_char *pcap_userdata, char *filter
|
||||
|
||||
udp_rcv_fd = socket(AF_INET, SOCK_DGRAM, 0);
|
||||
|
||||
/* UDP<EFBFBD><EFBFBD><EFBFBD>ܿ<EFBFBD><EFBFBD><EFBFBD>SO_REUSEADDR, <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͬʱ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD>˿<EFBFBD>.
|
||||
/* UDP不能开启SO_REUSEADDR, 否则多个进程能同时监听一个端口.
|
||||
opt = 1;
|
||||
setsockopt(udp_rcv_fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(int));
|
||||
*/
|
||||
|
||||
/* <EFBFBD><EFBFBD>udp_default_port<EFBFBD><EFBFBD>ʼ, ѡ<><D1A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD>ö˿<C3B6>, <20><>ֹ<EFBFBD><D6B9><EFBFBD>˿ڱ<CBBF><DAB1><EFBFBD><EFBFBD><EFBFBD>Ӧ<EFBFBD><D3A6>ռ<EFBFBD>ö<EFBFBD><C3B6><EFBFBD><DEB7><EFBFBD><EFBFBD><EFBFBD> */
|
||||
/* 从udp_default_port开始, 选择后续第一个可用端口, 防止因端口被其他应用占用而无法启动 */
|
||||
while(bind(udp_rcv_fd, (struct sockaddr *) &sockadd, sizeof(sockadd)) < 0){
|
||||
usleep(1000);
|
||||
udp_default_port++;
|
||||
@@ -1250,7 +1253,7 @@ static void MESA_dump(pcap_handler callback, u_char *pcap_userdata, char *filter
|
||||
goto done;
|
||||
}
|
||||
|
||||
pperceptive = (const struct perceptive_info *)&pkt_buf[6]; /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD>Դmac<EFBFBD><EFBFBD>ַ */
|
||||
pperceptive = (const struct perceptive_info *)&pkt_buf[6]; /* 存于源mac地址 */
|
||||
|
||||
while((-1 == tot_pkt) || (actual_rcv_pkt_num < tot_pkt)){
|
||||
pkt_len = recv(udp_rcv_fd, pkt_buf, 65536, 0);
|
||||
@@ -1263,8 +1266,8 @@ static void MESA_dump(pcap_handler callback, u_char *pcap_userdata, char *filter
|
||||
perceptive_pkt_seq[pperceptive->thread_id] = cur_pkt_seq;
|
||||
}
|
||||
|
||||
/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>-g<><67><EFBFBD><EFBFBD>, <20><>д<EFBFBD><D0B4>-w, <20><><EFBFBD><EFBFBD>Ҫ<EFBFBD><D2AA><EFBFBD><EFBFBD>ԭʼ<D4AD><CABC><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>, <20><EFBFBD><F2B2BBBD><EFBFBD>seek<65><6B><EFBFBD><EFBFBD>,
|
||||
ֻ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>û<EFBFBD><EFBFBD>-w <20><><EFBFBD><EFBFBD>ʱ, <20><>tcpdump<6D>ܴ<EFBFBD>ӡ<EFBFBD><D3A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ, <20>Ž<EFBFBD><C5BD><EFBFBD>seek<65><6B><EFBFBD><EFBFBD>.
|
||||
/* 如果有-g参数, 且写了-w, 即需要保存原始包到文件, 则不进行seek操作,
|
||||
只是在没有-w 参数时, 让tcpdump能打印出包的信息, 才进行seek操作.
|
||||
*/
|
||||
if((greedy_seek_flag != 0) && (dump_to_file_flag == 0)){
|
||||
inner_pkt_len = MESA_dump_seek_to_inner(pkt_buf, pkt_len);
|
||||
@@ -1279,7 +1282,7 @@ static void MESA_dump(pcap_handler callback, u_char *pcap_userdata, char *filter
|
||||
}
|
||||
gettimeofday(&phony_pcap_hdr.ts, NULL);
|
||||
|
||||
callback(pcap_userdata, &phony_pcap_hdr, pkt_buf); /* NOTE: ˢ<EFBFBD><EFBFBD>ģʽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>print_packet(); <EFBFBD><EFBFBD><EFBFBD><EFBFBD>ģʽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>: dump_packet() */
|
||||
callback(pcap_userdata, &phony_pcap_hdr, pkt_buf); /* NOTE: 刷屏模式调用print_packet(); 捕包模式调用: dump_packet() */
|
||||
actual_rcv_pkt_num++;
|
||||
}
|
||||
}
|
||||
@@ -1298,7 +1301,7 @@ done:
|
||||
}
|
||||
#endif
|
||||
|
||||
static struct bpf_program fcode; /* lijia modify, <EFBFBD><EFBFBD>Ϊȫ<EFBFBD>ֱ<EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD><D0B5><EFBFBD> */
|
||||
static struct bpf_program fcode; /* lijia modify, 做为全局变量, 其他函数中调用 */
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
@@ -1394,16 +1397,16 @@ main(int argc, char **argv)
|
||||
case 'a':
|
||||
/* compatibility for old -a */
|
||||
#if MESA_DUMP
|
||||
/* liji add, for perceptive, <EFBFBD><EFBFBD>tcpdump_mesa<EFBFBD>ܸ<EFBFBD>֪<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
|
||||
/* liji add, for perceptive, 让tcpdump_mesa能感知丢包的情况,
|
||||
|
||||
ʹ<EFBFBD>ô˲<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD>ָ<EFBFBD><D6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
|
||||
sapp<EFBFBD><EFBFBD><EFBFBD>յ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ѡ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20>Ƚ<EFBFBD>ԭʼ<D4AD><CABC>copy<70><79><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
|
||||
Ȼ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ÿ<EFBFBD><EFBFBD><EFBFBD>̵߳İ<EFBFBD>ͳ<EFBFBD>Ƽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>¼<EFBFBD><EFBFBD>ԴMAC<EFBFBD><EFBFBD>ַ<EFBFBD>з<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
|
||||
使用此参数后, 必须指定过滤条件,
|
||||
sapp接收到此命令选项后, 先将原始包copy到临时缓冲区,
|
||||
然后将每个线程的包统计计数记录到源MAC地址中发送过来,
|
||||
|
||||
tcpdump_mesa<EFBFBD><EFBFBD><EFBFBD>μ<EFBFBD><EFBFBD><EFBFBD>ÿ<EFBFBD><EFBFBD><EFBFBD>̵߳ļ<EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, ˵<><CBB5><EFBFBD>м䶪<D0BC><E4B6AA><EFBFBD><EFBFBD>,
|
||||
Ϊ<EFBFBD><EFBFBD><EFBFBD>ò<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ܿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
|
||||
ÿ<EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>, ƾ<><C6BE><EFBFBD><EFBFBD>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD><DDB0><EFBFBD><EFBFBD><EFBFBD>,
|
||||
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>wireshark<EFBFBD>Ͽ<EFBFBD><EFBFBD>Կ<EFBFBD><EFBFBD><EFBFBD>ij<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><EFBFBD>ж<EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD>˼<EFBFBD><CBBC><EFBFBD><EFBFBD><EFBFBD>, <20><>Ȼ<EFBFBD><C8BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʲô.
|
||||
tcpdump_mesa依次检查每个线程的计数, 如果不连续, 说明中间丢包了,
|
||||
为了让捕包者能看到这个情况,
|
||||
每丢一个包, 凭空造一个虚假数据包出来,
|
||||
这样在wireshark上可以看到某个阶段是否有丢包, 丢了几个包, 当然看不到丢的是什么.
|
||||
*/
|
||||
tcpdump_perceptive_flag = 1;
|
||||
#endif
|
||||
@@ -1626,7 +1629,7 @@ main(int argc, char **argv)
|
||||
break;
|
||||
|
||||
#if MESA_DUMP
|
||||
case 'o': /* vxlanƫ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD>м<EFBFBD>ijЩ<C4B3>ֽ<EFBFBD> */
|
||||
case 'o': /* vxlan偏移量, 跳过中间某些字节 */
|
||||
tcpdump_data_offset = atoi(optarg);
|
||||
if(tcpdump_data_offset < 0 || tcpdump_data_offset > 1514){
|
||||
printf("args [-o offset] is invalid: %s\n", optarg);
|
||||
@@ -1644,7 +1647,7 @@ main(int argc, char **argv)
|
||||
break;
|
||||
|
||||
#if MESA_DUMP
|
||||
case 'P': /* sapp<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ն˿<EFBFBD> */
|
||||
case 'P': /* sapp命令接收端口 */
|
||||
{
|
||||
int tmp_int_val = atoi(optarg);
|
||||
if((tmp_int_val <= 0) || (tmp_int_val > 65535)){
|
||||
@@ -1840,7 +1843,7 @@ main(int argc, char **argv)
|
||||
/**************************** cmd line parse end *************************************/
|
||||
|
||||
#if MESA_DUMP
|
||||
device = "lo"; /* tcpdump_mesa<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ָ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, Ĭ<><C4AC>lo */
|
||||
device = "lo"; /* tcpdump_mesa不用指定网卡名, 默认lo */
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_PCAP_FINDALLDEVS
|
||||
@@ -2177,7 +2180,7 @@ main(int argc, char **argv)
|
||||
if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0){
|
||||
error("%s", pcap_geterr(pd));
|
||||
}else{
|
||||
/* <EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>bpf filter, <EFBFBD>˴<EFBFBD><EFBFBD>ж<EFBFBD>һ<EFBFBD><EFBFBD> */
|
||||
/* 不一定有bpf filter, 此处判断一下 */
|
||||
if(cmdbuf){
|
||||
has_bpf_filter_flag = 1;
|
||||
}
|
||||
@@ -2258,11 +2261,11 @@ main(int argc, char **argv)
|
||||
|
||||
#if MESA_DUMP
|
||||
/*
|
||||
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʹ<EFBFBD><EFBFBD><EFBFBD><EFBFBD> -g<><67><EFBFBD><EFBFBD>, <20><>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD><EFBFBD>ڲ<EFBFBD><DAB2><EFBFBD>IP,PORT<52><54>Ϊ<EFBFBD><CEAA><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD>ֱ<EFBFBD>ӽ<EFBFBD>bpfӦ<66>õ<EFBFBD>pcap<61><70><EFBFBD><EFBFBD>,
|
||||
<EFBFBD><EFBFBD>Ϊ<EFBFBD>ǻ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, һ<><D2BB><EFBFBD><EFBFBD>Ҳ<EFBFBD><D2B2><EFBFBD>˲<EFBFBD><CBB2><EFBFBD>.
|
||||
如果使用了 -g参数, 表示用最内层的IP,PORT做为过滤条件, 不能直接将bpf应用到pcap句柄,
|
||||
因为那还是用最外层过滤, 如果是隧道, 一个包也过滤不到.
|
||||
|
||||
<EFBFBD>˴<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ܼӹ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>յ<EFBFBD><D5B5><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>bpf_filter()<EFBFBD>ټ<EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD>,
|
||||
<EFBFBD><EFBFBD>ֱ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>pcap<EFBFBD>ײ<EFBFBD>Ӧ<EFBFBD><EFBFBD>bpfЧ<EFBFBD><EFBFBD><EFBFBD>е<EFBFBD><EFBFBD><EFBFBD>.
|
||||
此处不能加过滤条件, 而是在收到包后, 主动调用bpf_filter()再检测一遍,
|
||||
比直接在pcap底层应用bpf效率有点低.
|
||||
*/
|
||||
if(0 == greedy_seek_flag){
|
||||
if (pcap_setfilter(pd, &fcode) < 0)
|
||||
@@ -2356,9 +2359,9 @@ main(int argc, char **argv)
|
||||
} else {
|
||||
callback = dump_packet;
|
||||
#if MESA_DUMP
|
||||
/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>趨<EFBFBD><EFBFBD>greedyѡ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>BPF<EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><>Ҫ<EFBFBD><D2AA><EFBFBD><EFBFBD>MESA_dump_packet(), ƫ<EFBFBD>Ƶ<EFBFBD><EFBFBD>ڲ<EFBFBD>IP<EFBFBD>ٱ<EFBFBD><EFBFBD><EFBFBD> */
|
||||
/* 如果设定了greedy选项且有BPF规则, 需要调用MESA_dump_packet(), 偏移到内层IP再保存 */
|
||||
if((greedy_seek_flag != 0) && (has_bpf_filter_flag != 0)){
|
||||
callback = MESA_dump_packet; /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD>callbackָ<EFBFBD><EFBFBD> */
|
||||
callback = MESA_dump_packet; /* 更新callback指针 */
|
||||
}
|
||||
#endif
|
||||
pcap_userdata = (u_char *)p;
|
||||
@@ -2372,9 +2375,9 @@ main(int argc, char **argv)
|
||||
ndo->ndo_if_printer = get_if_printer(ndo, dlt);
|
||||
callback = print_packet;
|
||||
#if MESA_DUMP
|
||||
/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>趨<EFBFBD><EFBFBD>greedyѡ<EFBFBD><EFBFBD>, <20><>Ҫ<EFBFBD><D2AA><EFBFBD><EFBFBD>MESA_dump_print_packet(), ƫ<EFBFBD>Ƶ<EFBFBD><EFBFBD>ڲ<EFBFBD>IP<EFBFBD>ٴ<EFBFBD><EFBFBD><EFBFBD> */
|
||||
/* 如果设定了greedy选项, 需要调用MESA_dump_print_packet(), 偏移到内层IP再处理 */
|
||||
if(greedy_seek_flag != 0){
|
||||
callback = MESA_dump_print_packet; /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD>callbackָ<EFBFBD><EFBFBD> */
|
||||
callback = MESA_dump_print_packet; /* 更新callback指针 */
|
||||
}
|
||||
#endif
|
||||
pcap_userdata = (u_char *)ndo;
|
||||
@@ -2960,7 +2963,7 @@ MESA_dump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *raw_pk
|
||||
}
|
||||
}
|
||||
|
||||
/* -w<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD>洢<EFBFBD><EFBFBD>, ʵ<>ʴ洢<CAB4>İ<EFBFBD><C4B0><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ԭʼ<D4AD><CABC><EFBFBD><EFBFBD>, ֻ<><D6BB>BPF<50><46><EFBFBD>ڲ<EFBFBD><DAB2><EFBFBD><EFBFBD><EFBFBD> */
|
||||
/* -w参数要存储包, 实际存储的包还是用原始报文, 只是BPF用内层过滤 */
|
||||
pcap_dump(user, h, raw_pkt);
|
||||
#ifdef HAVE_PCAP_DUMP_FLUSH
|
||||
if (Uflag)
|
||||
@@ -2993,7 +2996,7 @@ MESA_dump_print_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *
|
||||
{
|
||||
int inner_pkt_len;
|
||||
|
||||
/* <EFBFBD>˺<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>tcpdump<EFBFBD><EFBFBD>Ļ<EFBFBD><EFBFBD>ӡ, ֱ<><D6B1><EFBFBD><EFBFBD>pktԭʼ<D4AD><CABC>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>copyһ<79><D2BB>, <20><>Լ<EFBFBD><D4BC>CPU */
|
||||
/* 此函数仅用于tcpdump屏幕打印, 直接修改pkt原始包, 避免再copy一次, 节约点CPU */
|
||||
inner_pkt_len = MESA_dump_seek_to_inner(pkt, h->caplen);
|
||||
if(inner_pkt_len < 0){
|
||||
return;
|
||||
@@ -3006,7 +3009,7 @@ MESA_dump_print_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *
|
||||
}
|
||||
}
|
||||
|
||||
/* <EFBFBD><EFBFBD>Ϊ<EFBFBD>µ<EFBFBD><EFBFBD>ĺ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
|
||||
/* 改为新的修改后的数据包长度 */
|
||||
((struct pcap_pkthdr *)h)->caplen = (unsigned int)inner_pkt_len;
|
||||
((struct pcap_pkthdr *)h)->len = (unsigned int)inner_pkt_len;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user