-
Notifications
You must be signed in to change notification settings - Fork 494
/
ec_packet.h
126 lines (98 loc) · 4.13 KB
/
ec_packet.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
#ifndef ETTERCAP_PACKET_H
#define ETTERCAP_PACKET_H
#include <ec_proto.h>
#include <ec_profiles.h>
#include <ec_fingerprint.h>
#include <ec_inet.h>
#include <ec_session.h>
#include <sys/time.h>
struct packet_object {
/* timestamp of the packet */
struct timeval ts;
struct L2 {
u_int8 proto;
u_char * header;
u_int len;
u_int8 src[MEDIA_ADDR_LEN];
u_int8 dst[MEDIA_ADDR_LEN];
u_int8 flags;
#define PO_L2_FCS 0x01
} L2;
struct L3 {
u_int16 proto;
u_char * header;
u_char * options;
u_int len;
size_t payload_len;
size_t optlen;
struct ip_addr src;
struct ip_addr dst;
u_int8 ttl;
} L3;
struct L4 {
u_int8 proto;
u_int8 flags;
u_char * header;
u_char * options;
u_int len;
size_t optlen;
u_int16 src;
u_int16 dst;
u_int32 seq;
u_int32 ack;
} L4;
struct data {
u_char * data;
u_int len;
/*
* buffer containing the data to be displayed.
* some dissector decripts the traffic, but the packet must be forwarded as
* is, so the decripted data must be placed in a different buffer.
* this is that buffer and it is malloced by tcp or udp dissector.
*/
size_t disp_len;
u_char * disp_data;
/* for modified packet this is the delta for the length */
int delta;
size_t inject_len; /* len of the injection */
u_char *inject; /* the buffer used for injection */
} DATA;
u_int fwd_len; /* length of the packet to be forwarded */
u_char * fwd_packet; /* the pointer to the buffer to be forwarded */
u_int len; /* total length of the packet */
u_char * packet; /* the buffer containing the real packet */
/* Trace current session for injector chain */
struct ec_session *session;
u_int16 flags; /* flags relative to the packet */
#define PO_IGNORE ((u_int16)(1)) /* this packet should not be processed (e.g. sniffing TARGETS didn't match it) */
#define PO_DONT_DISSECT ((u_int16)(1<<1)) /* this packet should not be processed by dissector (used during the arp scan) */
#define PO_FORWARDABLE ((u_int16)(1<<2)) /* the packet has our MAC address, by the IP is not ours */
#define PO_FORWARDED ((u_int16)(1<<3)) /* the packet was forwarded by us */
#define PO_FROMIFACE ((u_int16)(1<<4)) /* this packet comes from the primary interface */
#define PO_FROMBRIDGE ((u_int16)(1<<5)) /* this packet comes form the bridged interface */
#define PO_MODIFIED ((u_int16)(1<<6)) /* it needs checksum recalculation before forwarding */
#define PO_DROPPED ((u_int16)(1<<7)) /* the packet has to be dropped */
#define PO_DUP ((u_int16)(1<<8)) /* the packet is a duplicate we have to free the buffer on destroy */
#define PO_FORGED ((u_int16)(1<<9)) /* the packet is created by ourselves */
#define PO_EOF ((u_int16)(1<<10)) /* we are reading from a file and this is the last packet */
#define PO_FROMSSL ((u_int16)(1<<11)) /* the packet is coming from a ssl wrapper */
#define PO_SSLSTART ((u_int16)(1<<12)) /* ssl wrapper has to enter SSL state */
/*
* here are stored the user and pass collected by dissectors
* the "char *" are malloc(ed) by dissectors
*/
struct dissector_info DISSECTOR;
/* the struct for passive identification */
struct passive_info PASSIVE;
};
EC_API_EXTERN struct packet_object* packet_allocate_object(u_char *data, u_int len);
EC_API_EXTERN int packet_create_object(struct packet_object *po, u_char * buf, u_int len);
EC_API_EXTERN int packet_destroy_object(struct packet_object *po);
EC_API_EXTERN int packet_disp_data(struct packet_object *po, u_char *buf, u_int len);
EC_API_EXTERN struct packet_object * packet_dup(struct packet_object *po, u_char flag);
/* Do we want to duplicate data? */
#define PO_DUP_NONE 0
#define PO_DUP_PACKET 1
#endif
/* EOF */
// vim:ts=3:expandtab