Permalink
Browse files

Introduce ability to decapsulate/decode Linux cooked (-i any) pcaps

  • Loading branch information...
1 parent cb8b526 commit c7c7ec4d44b6727c7c3c4016c5796b2391818d25 @laf0rge laf0rge committed with Mar 7, 2011
Showing with 39 additions and 0 deletions.
  1. +11 −0 include/pkt.hrl
  2. +28 −0 src/pkt.erl
View
@@ -15,6 +15,9 @@
-define(ARPOP_InREPLY, 9). % InARP reply
-define(ARPOP_NAK, 10). % (ATM)ARP NAK
+-define(DLT_EN10MB, 1). % Ethernet
+-define(DLT_LINUX_SLL, 113). % Linux cooked sockets fake hdr
+
-define(IPPROTO_IP, 0).
-define(IPPROTO_ICMP, 1).
-define(IPPROTO_TCP, 6).
@@ -47,6 +50,14 @@
-define(ICMP_ADDRESS, 17).
-define(ICMP_ADDRESSREPLY, 18).
+-record(linux_cooked, {
+ packet_type,
+ hrd = ?ARPHRD_ETHER,
+ ll_len = 0,
+ ll_bytes = <<>>,
+ pro = ?ETH_P_IP
+ }).
+
-record(ether, {
dhost = <<0,0,0,0,0,0>>,
shost = <<0,0,0,0,0,0>>,
View
@@ -42,6 +42,7 @@
-export([
checksum/1,
decapsulate/1,
+ decapsulate_dlt/2,
makesum/1,
valid/1,
ether/1,
@@ -59,10 +60,16 @@
decapsulate(Data) ->
decapsulate({ether, Data}, []).
+decapsulate_dlt(Dlt, Data) ->
+ decapsulate({dlt_atom(Dlt), Data}, []).
+
decapsulate(stop, Packet) ->
lists:reverse(Packet);
decapsulate({unsupported, Data}, Packet) ->
decapsulate(stop, [{unsupported, Data}|Packet]);
+decapsulate({linux_cooked, Data}, Packet) when byte_size(Data) >= 16 ->
+ {Hdr, Payload} = linux_cooked(Data),
+ decapsulate({ether_type(Hdr#linux_cooked.pro), Payload}, [Hdr|Packet]);
decapsulate({ether, Data}, Packet) when byte_size(Data) >= ?ETHERHDRLEN ->
{Hdr, Payload} = ether(Data),
decapsulate({ether_type(Hdr#ether.type), Payload}, [Hdr|Packet]);
@@ -95,12 +102,33 @@ ether_type(?ETH_P_IPV6) -> ipv6;
ether_type(?ETH_P_ARP) -> arp;
ether_type(_) -> unsupported.
+dlt_atom(?DLT_EN10MB) -> ether;
+dlt_atom(?DLT_LINUX_SLL) -> linux_cooked.
+
+
proto(?IPPROTO_ICMP) -> icmp;
proto(?IPPROTO_TCP) -> tcp;
proto(?IPPROTO_UDP) -> udp;
proto(?IPPROTO_SCTP) -> sctp;
proto(_) -> unsupported.
+%%
+%% Linux cooked capture ("-i any") - DLT_LINUX_SLL
+%%
+linux_cooked(<<Ptype:16/big, Hrd:16/big, Ll_len:16/big,
+ Ll_hdr:8/bytes, Pro:16, Payload/binary>>) ->
+ {#linux_cooked{
+ packet_type = Ptype, hrd = Hrd,
+ ll_len = Ll_len, ll_bytes = Ll_hdr,
+ pro = Pro
+ }, Payload};
+linux_cooked(#linux_cooked{
+ packet_type = Ptype, hrd = Hrd,
+ ll_len = Ll_len, ll_bytes = Ll_hdr,
+ pro = Pro
+ }) ->
+ <<Ptype:16/big, Hrd:16/big, Ll_len:16/big,
+ Ll_hdr:8/bytes, Pro:16>>.
%%
%% Ethernet

0 comments on commit c7c7ec4

Please sign in to comment.