Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Introduce ability to decapsulate/decode Linux cooked (-i any) pcaps

  • Loading branch information...
commit 3d82ba63b3c5608ecb9ba0de2614128f8c91ccff 1 parent 4bb76b8
@laf0rge laf0rge authored committed
Showing with 39 additions and 0 deletions.
  1. +11 −0 include/epcap_net.hrl
  2. +28 −0 src/epcap_net.erl
View
11 include/epcap_net.hrl
@@ -18,6 +18,9 @@
-define(ARPOP_InREPLY, 9). % InARP reply
-define(ARPOP_NAK, 10). % (ATM)ARP NAK
+-define(DLT_EN10MB, 1). % Ethernet
+-define(DLT_LINUX_SLL, 113). % Linux cooked sockets fake hdr
+
-define(IPPROTO_IP, 0).
-define(IPPROTO_ICMP, 1).
-define(IPPROTO_TCP, 6).
@@ -50,6 +53,14 @@
-define(ICMP_ADDRESS, 17).
-define(ICMP_ADDRESSREPLY, 18).
+-record(linux_cooked, {
+ packet_type,
+ hrd = ?ARPHRD_ETHER,
+ ll_len = 0,
+ ll_bytes = <<>>,
+ pro = ?ETH_P_IP
+ }).
+
-record(ether, {
dhost = <<0,0,0,0,0,0>>,
shost = <<0,0,0,0,0,0>>,
View
28 src/epcap_net.erl
@@ -46,6 +46,7 @@
-export([
checksum/1,
decapsulate/1,
+ decapsulate_dlt/2,
makesum/1,
valid/1,
ether/1,
@@ -68,10 +69,16 @@
decapsulate(Data) ->
decapsulate({ether, Data}, []).
+decapsulate_dlt(Dlt, Data) ->
+ decapsulate({dlt_atom(Dlt), Data}, []).
+
decapsulate(stop, Packet) ->
lists:reverse(Packet);
decapsulate({unsupported, Data}, Packet) ->
decapsulate(stop, [{unsupported, Data}|Packet]);
+decapsulate({linux_cooked, Data}, Packet) when byte_size(Data) >= 16 ->
+ {Hdr, Payload} = linux_cooked(Data),
+ decapsulate({ether_type(Hdr#linux_cooked.pro), Payload}, [Hdr|Packet]);
decapsulate({ether, Data}, Packet) when byte_size(Data) >= ?ETHERHDRLEN ->
{Hdr, Payload} = ether(Data),
decapsulate({ether_type(Hdr#ether.type), Payload}, [Hdr|Packet]);
@@ -104,12 +111,33 @@ ether_type(?ETH_P_IPV6) -> ipv6;
ether_type(?ETH_P_ARP) -> arp;
ether_type(_) -> unsupported.
+dlt_atom(?DLT_EN10MB) -> ether;
+dlt_atom(?DLT_LINUX_SLL) -> linux_cooked.
+
+
proto(?IPPROTO_ICMP) -> icmp;
proto(?IPPROTO_TCP) -> tcp;
proto(?IPPROTO_UDP) -> udp;
proto(?IPPROTO_SCTP) -> sctp;
proto(_) -> unsupported.
+%%
+%% Linux cooked capture ("-i any") - DLT_LINUX_SLL
+%%
+linux_cooked(<<Ptype:16/big, Hrd:16/big, Ll_len:16/big,
+ Ll_hdr:8/bytes, Pro:16, Payload/binary>>) ->
+ {#linux_cooked{
+ packet_type = Ptype, hrd = Hrd,
+ ll_len = Ll_len, ll_bytes = Ll_hdr,
+ pro = Pro
+ }, Payload};
+linux_cooked(#linux_cooked{
+ packet_type = Ptype, hrd = Hrd,
+ ll_len = Ll_len, ll_bytes = Ll_hdr,
+ pro = Pro
+ }) ->
+ <<Ptype:16/big, Hrd:16/big, Ll_len:16/big,
+ Ll_hdr:8/bytes, Pro:16>>.
%%
%% Ethernet
Please sign in to comment.
Something went wrong with that request. Please try again.