pkt.c

Go to the documentation of this file.

/** \file pkt.c

  \brief Packet code
*/

#include "pkt.h"

/**AutomaticStart*************************************************************/

/*---------------------------------------------------------------------------*/
/* Static function prototypes                                                */
/*---------------------------------------------------------------------------*/


/**AutomaticEnd***************************************************************/


/**
  * \brief  Extract the Ip component from an Ethernet packet
  * 
  * No new memory is allocated, simply returning a pointer. Note that we're 
  * being careless with the difference between an actual packet,
  * and just the header.
  */

Pkt_IpHdr_t *
Pkt_EthernetExtractIp (Pkt_EthernetHdr_t * ethPkt)
{
  assert (ethPkt->type == Pkt_L3ProtIp_c);
  return (Pkt_IpHdr_t *) (((char *) ethPkt) + sizeof (Pkt_EthernetHdr_t));
}


/**
  * \brief  Return the length of the Ethernet packet, including header.
  *
  * Only IP suppored for now. Packet is assumed to be in network order.
  */

int
Pkt_EthernetPktHdrReadLengthNetworkOrder (Pkt_EthernetHdr_t * pkt)
{
  if (pkt->type != Pkt_L3ProtIp_c)
    {
      fprintf (stderr, "Trying to get the length of a frame that's not IP\n");
      assert (0);
    }

  Pkt_IpHdr_t *ipPkt = Pkt_EthernetExtractIp (pkt);
  u_int16_t length = ipPkt->length;
  u_int16_t trueLength = ntohs (length);
  return sizeof (Pkt_EthernetHdr_t) + trueLength;
}


/** \brief  Return the length of the Ethernet packet, including header.

Only IP suppored for now 
*/

int
Pkt_EthernetPktHdrReadLength (Pkt_EthernetHdr_t * pkt)
{
  if (pkt->type != Pkt_L3ProtIp_c)
    {
      fprintf (stderr, "Trying to get the length of a frame that's not IP\n");
      assert (0);
    }

  Pkt_IpHdr_t *ipPkt = Pkt_EthernetExtractIp (pkt);
  return sizeof (Pkt_EthernetHdr_t) + ipPkt->length;
}


/**
  * \brief  Free an Ethernet packet
  * 
  * Assumes packet was allocated by malloc
  */

int
Pkt_EthernetHdrFree (Pkt_EthernetHdr_t * pkt)
{
  free (pkt);
  return 0;
}


/**
  * \brief  Free an ProcessPkt structure. 
  * 
  *     Does not free the packet, but does free applicable rules.
  */

int
Pkt_ProcessPktFree (Pkt_ProcessPkt_t * pp)
{
  array_free (pp->applicableRules);
  free (pp);
  return 0;
}


/**
  * \brief  Extract the Icmp component from an Ip packet
  * 
  * No new memory is allocated, simply returning a pointer. Note that we're 
  * being careless with the difference between an actual packet,
  * and just the header. If the encapsulated packet is not ip
  * encapsualting icmp we return NIL.
  */

Pkt_IcmpHdr_t *
Pkt_IpExtractIcmp (Pkt_IpHdr_t * anIpPkt)
{
  if (anIpPkt->protocol != Pkt_L4ProtIcmp_c)
    {
      return NIL (Pkt_IcmpHdr_t);
    }
  else
    {
      return (Pkt_IcmpHdr_t *) Pkt_IpExtractPayload (anIpPkt);
    }
}


/**
  * \brief  Extract the Udp component from an Ip packet
  * 
  * No new memory is allocated, simply returning a pointer.
  */

Pkt_UdpHdr_t *
Pkt_IpExtractUdp (Pkt_IpHdr_t * anIpPkt)
{
  if (anIpPkt->protocol != Pkt_L4ProtUdp_c)
    {
      return NIL (Pkt_UdpHdr_t);
    }
  else
    {
      return (Pkt_UdpHdr_t *) Pkt_IpExtractPayload (anIpPkt);
    }
}


/**
  * \brief  Extract the Tcp component from an Ip packet
  * 
  * No new memory is allocated, simply returning a pointer.
  */

Pkt_TcpHdr_t *
Pkt_IpExtractTcp (Pkt_IpHdr_t * anIpPkt)
{
  assert (anIpPkt->protocol == Pkt_L4ProtTcp_c);

  return (Pkt_TcpHdr_t *) Pkt_IpExtractPayload (anIpPkt);
}


/**
  * \brief  Extract the payload component from an Ip packet
  * 
  * No new memory is allocated, simply returning a pointer.
  */

char *
Pkt_IpExtractPayload (Pkt_IpHdr_t * anIpPkt)
{
  // the header length is in multiples of 4 bytes
  int headerLength = anIpPkt->ihl * 4;

  return (char *) (((char *) anIpPkt) + headerLength);
}


/**
  * \brief  Extract the Tcp component from an Ethernet packet
  * 
  * No new memory is allocated, simply returning a pointer.
  */

Pkt_UdpHdr_t *
Pkt_EthernetExtractUdp (Pkt_EthernetHdr_t * aEthernetPkt)
{
  assert (aEthernetPkt->type == Pkt_L4ProtUdp_c);
  Pkt_IpHdr_t *anIpPkt = Pkt_EthernetExtractIp (aEthernetPkt);
  return Pkt_IpExtractUdp (anIpPkt);
}


/**
  * \brief  Extract the Tcp component from an Ethernet packet
  * 
  * No new memory is allocated, simply returning a pointer.
  */

Pkt_TcpHdr_t *
Pkt_EthernetExtractTcp (Pkt_EthernetHdr_t * aEthernetPkt)
{
  assert (aEthernetPkt->type == Pkt_L3ProtIp_c);
  Pkt_IpHdr_t *anIpPkt = Pkt_EthernetExtractIp (aEthernetPkt);
  return Pkt_IpExtractTcp (anIpPkt);
}


/**
  * \brief  Extract the Icmp component from an Ethernet packet
  * 
  * No new memory is allocated, simply returning a pointer.
  */

Pkt_IcmpHdr_t *
Pkt_EthernetExtractIcmp (Pkt_EthernetHdr_t * aEthernetPkt)
{
  assert (aEthernetPkt->type == Pkt_L3ProtIp_c);
  Pkt_IpHdr_t *anIpPkt = Pkt_EthernetExtractIp (aEthernetPkt);
  return Pkt_IpExtractIcmp (anIpPkt);
}


/**
  * \brief  Returns a pointer to the payload of a UDP packet.
  */


char *
Pkt_UdpHdrReadPayload (Pkt_UdpHdr_t * aUdpPkt)
{
  char *result = ((char *) aUdpPkt) + sizeof (Pkt_UdpHdr_t);
  return result;
}


/**
  * \brief  Returns a pointer to the payload of a TCP packet.
  */

char *
Pkt_TcpHdrReadPayload (Pkt_TcpHdr_t * aTcpPkt)
{
  char *result = ((char *) aTcpPkt) + (aTcpPkt->doff * 4);
  return result;
}


/**
  * \brief  Compare two src ip flows
  * Returns -1, 0, 1 a la strcmp
  *
  *     \sa st_init_table
  */

int
Pkt_SrcIpFlowCmp (Pkt_EthernetHdr_t * pkt1, Pkt_EthernetHdr_t * pkt2)
{
  Pkt_IpHdr_t *ipPkt1 = Pkt_EthernetExtractIp (pkt1);
  Pkt_IpHdr_t *ipPkt2 = Pkt_EthernetExtractIp (pkt2);

  if (ipPkt1->sourceIp < ipPkt2->sourceIp)
    {
      return -1;
    }
  else if (ipPkt1->sourceIp > ipPkt2->sourceIp)
    {
      return 1;
    }

  return 0;
}


/**
  * \brief  Compare two dest ip flows
  * Returns -1, 0 , 1
  */

int
Pkt_DestIpFlowCmp (Pkt_EthernetHdr_t * pkt1, Pkt_EthernetHdr_t * pkt2)
{
  Pkt_IpHdr_t *ipPkt1 = Pkt_EthernetExtractIp (pkt1);
  Pkt_IpHdr_t *ipPkt2 = Pkt_EthernetExtractIp (pkt2);

  if (ipPkt1->destIp < ipPkt2->destIp)
    {
      return -1;
    }
  else if (ipPkt1->destIp > ipPkt2->destIp)
    {
      return 1;
    }
  return 0;
}


/**
  * \brief  Compare two src-dest ip flows
  * Returns -1,0,1 a la strcmp
  */

int
Pkt_SrcDestIpFlowCmp (Pkt_EthernetHdr_t * pkt1, Pkt_EthernetHdr_t * pkt2)
{

  Pkt_IpHdr_t *ipPkt1 = Pkt_EthernetExtractIp (pkt1);
  Pkt_IpHdr_t *ipPkt2 = Pkt_EthernetExtractIp (pkt2);

  if (ipPkt1->sourceIp < ipPkt2->sourceIp)
    {
      return -1;
    }
  else if (ipPkt1->sourceIp > ipPkt2->sourceIp)
    {
      return 1;
    }
  else if (ipPkt1->destIp < ipPkt2->destIp)
    {
      return -1;
    }
  else if (ipPkt1->destIp > ipPkt2->destIp)
    {
      return 1;
    }
  return 0;
}


/**
  * \brief  Compare two dest tcp-Ip flows.
  * Returns -1, 0, 1 a la strcmp
  */

int
Pkt_DestTcpIpFlowCmp (Pkt_EthernetHdr_t * pkt1, Pkt_EthernetHdr_t * pkt2)
{

  Pkt_IpHdr_t *ipPkt1 = Pkt_EthernetExtractIp (pkt1);
  Pkt_IpHdr_t *ipPkt2 = Pkt_EthernetExtractIp (pkt2);

  Pkt_TcpHdr_t *tcpPkt1 = Pkt_IpExtractTcp (ipPkt1);
  Pkt_TcpHdr_t *tcpPkt2 = Pkt_IpExtractTcp (ipPkt2);

  if (ipPkt1->destIp < ipPkt2->destIp)
    {
      return -1;
    }
  else if (ipPkt1->destIp > ipPkt2->destIp)
    {
      return 1;
    }
  else if (tcpPkt1->destPort < tcpPkt2->destPort)
    {
      return -1;
    }
  else if (tcpPkt1->destPort > tcpPkt2->destPort)
    {
      return 1;
    }
  return 0;
}


/**
  * \brief  Hash a src-ip flow
  *
  * \arg modulus - the number of buckets in the hashtable
  * 
  */

int
Pkt_SrcIpFlowHash (Pkt_EthernetHdr_t * pkt1, int modulus)
{
  Pkt_IpHdr_t *ipPkt1 = Pkt_EthernetExtractIp (pkt1);

  u_int32_t sourceIp = ipPkt1->sourceIp;

  u_int32_t hashcode = 8191 * sourceIp;

  return (hashcode % modulus);

}


/**
  * \brief  Hash a dest-ip
  * 
  * \arg modulus - the number of buckets in the hashtable
  */

int
Pkt_DestIpFlowHash (Pkt_EthernetHdr_t * pkt1, int modulus)
{
  Pkt_IpHdr_t *ipPkt1 = Pkt_EthernetExtractIp (pkt1);

  u_int32_t destIp = ipPkt1->destIp;

  u_int32_t hashcode = 65521 * destIp;

  return (hashcode % modulus);
}


/**
  * \brief  Hash a src-dest ip flow
  * 
  * \arg modulus - the number of buckets in the hashtable
  */

int
Pkt_SrcDestIpFlowHash (Pkt_EthernetHdr_t * pkt1, int modulus)
{
  Pkt_IpHdr_t *ipPkt1 = Pkt_EthernetExtractIp (pkt1);

  u_int32_t sourceIp = ipPkt1->sourceIp;
  u_int32_t destIp = ipPkt1->destIp;

  u_int32_t hashcode = 8191 * sourceIp + 65521 * destIp;

  return (hashcode % modulus);
}


/**
  * \brief  Hash a dest tcp-Ip flow
  * 
  * \arg modulus - the number of buckets in the hashtable
  */

int
Pkt_DestTcpIpFlowHash (Pkt_EthernetHdr_t * pkt1, int modulus)
{
  Pkt_IpHdr_t *ipPkt1 = Pkt_EthernetExtractIp (pkt1);
  Pkt_TcpHdr_t *tcpPkt1 = Pkt_IpExtractTcp (ipPkt1);

  u_int32_t destIp = ipPkt1->destIp;

  u_int16_t destPort = tcpPkt1->destPort;

  u_int32_t hashcode = 65521 * destIp + 4093 * destPort;

  return (hashcode % modulus);
}


/**
  * \brief  Hash a tcp-Ip flow
  * 
  * \arg modulus - the number of buckets in the hashtable
  */

int
Pkt_SrcDestTcpIpFlowHash (Pkt_EthernetHdr_t * pkt1, int modulus)
{
  Pkt_IpHdr_t *ipPkt1 = Pkt_EthernetExtractIp (pkt1);
  Pkt_TcpHdr_t *tcpPkt1 = Pkt_IpExtractTcp (ipPkt1);

  u_int32_t sourceIp = ipPkt1->sourceIp;
  u_int32_t destIp = ipPkt1->destIp;

  u_int16_t srcPort = tcpPkt1->srcPort;
  u_int16_t destPort = tcpPkt1->destPort;

  u_int32_t hashcode =
    8191 * sourceIp + 65521 * (destIp + 1021 * (srcPort + 4093 * destPort));

  return (hashcode % modulus);
}


/**
  * \brief  Compare two Tcp-Ip flows.
  * Returns -1, 0, 1 a la strcmp
  * 
  */

int
Pkt_SrcDestTcpIpFlowCmp (Pkt_EthernetHdr_t * pkt1, Pkt_EthernetHdr_t * pkt2)
{

  Pkt_IpHdr_t *ipPkt1 = Pkt_EthernetExtractIp (pkt1);
  Pkt_IpHdr_t *ipPkt2 = Pkt_EthernetExtractIp (pkt2);

  Pkt_TcpHdr_t *tcpPkt1 = Pkt_IpExtractTcp (ipPkt1);
  Pkt_TcpHdr_t *tcpPkt2 = Pkt_IpExtractTcp (ipPkt2);

  if (ipPkt1->sourceIp < ipPkt2->sourceIp)
    {
      return -1;
    }
  else if (ipPkt1->sourceIp > ipPkt2->sourceIp)
    {
      return 1;
    }
  else if (ipPkt1->destIp < ipPkt2->destIp)
    {
      return -1;
    }
  else if (ipPkt1->destIp > ipPkt2->destIp)
    {
      return 1;
    }
  else if (tcpPkt1->srcPort < tcpPkt2->srcPort)
    {
      return -1;
    }
  else if (tcpPkt1->srcPort > tcpPkt2->srcPort)
    {
      return 1;
    }
  else if (tcpPkt1->destPort < tcpPkt2->destPort)
    {
      return -1;
    }
  else if (tcpPkt1->destPort > tcpPkt2->destPort)
    {
      return 1;
    }
  return 0;
}


/**
  * \brief  Compare function for an L4 flow struct for the st package,
  * returns 0 for equal, 1 for unequal
  */

int
Pkt_L4FlowCompareForSt (Pkt_L4Flow_t * foo, Pkt_L4Flow_t * bar)
{
  int result = (foo->srcIp == bar->srcIp) &&
    (foo->destIp == bar->destIp) &&
    (foo->srcPort == bar->srcPort) &&
    (foo->destPort == bar->destPort) ? 0 : 1;

  return result;
}


/**
  * \brief  Compare function for an L4 flow struct - 1 for equal, 0 for unequal
  */

int
Pkt_L4FlowCompare (Pkt_L4Flow_t * foo, Pkt_L4Flow_t * bar)
{
  int result = (foo->srcIp == bar->srcIp) &&
    (foo->destIp == bar->destIp) &&
    (foo->srcPort == bar->srcPort) &&
    (foo->destPort == bar->destPort) ? 1 : 0;

  return result;
}


/**
  * \brief  Hash function for an L4 flow struct with modulus argument
  */

int
Pkt_L4FlowHashForSt (Pkt_L4Flow_t * anL4FlowStruct, int modulus)
{
  int hashValue;
  unsigned int result;

  hashValue = Pkt_L4FlowHash (anL4FlowStruct);

  result = hashValue % modulus;

  return (int) result;
}


/**
  * \brief  Hash function for an L4 flow struct
  * \sa st_strhash
  */

unsigned int
Pkt_L4FlowHash (Pkt_L4Flow_t * anL4FlowStruct)
{
  unsigned int result;

  result =
    997 + 997 * (anL4FlowStruct->srcIp +
         997 * (anL4FlowStruct->destIp * +997 *
            (anL4FlowStruct->srcPort +
             997 * anL4FlowStruct->destPort)));

  return result;
}


/**
  * \brief  Create a L4 flow structure from an Ethernet packet.
  */

Pkt_L4Flow_t *
Pkt_EthPktToL4Flow (Pkt_EthernetHdr_t * anEthPkt)
{
  Pkt_IpHdr_t *anIpPkt = Pkt_EthernetExtractIp (anEthPkt);
  Pkt_L4Flow_t *result = Pkt_IpPktToL4Flow (anIpPkt);

  return result;
}


/**
  * \brief  Create a L4 flow structure from an Ip packet.
  */

Pkt_L4Flow_t *
Pkt_IpPktToL4Flow (Pkt_IpHdr_t * anIpPkt)
{

  Pkt_TcpHdr_t *aTcpPkt = Pkt_IpExtractTcp (anIpPkt);

  Pkt_L4Flow_t *result = (Pkt_L4Flow_t *) malloc (sizeof (Pkt_L4Flow_t));

  result->srcIp = anIpPkt->sourceIp;
  result->destIp = anIpPkt->destIp;

  result->srcPort = aTcpPkt->srcPort;
  result->destPort = aTcpPkt->destPort;

  return result;
}


/**
  * \brief  Return the L3 type of an ethernet packet
  *
  *     Promotes a short to an int in the process.
  */

int
Pkt_EthernetReadL3Type (Pkt_EthernetHdr_t * anEth)
{
  return anEth->type;
}


/**
  * \brief  Print an Ethernet packet
  *
  *  Packet is assumed to be in network format.
  */

int
Pkt_PrintEthernet (Pkt_EthernetHdr_t * anEthPkt, int length)
{
  char *packet = (char *) anEthPkt;

  printf ("dest mac = %x%x%x%x%x%x ; src mac = %x%x%x%x%x%x \n",
      anEthPkt->dhost[0],
      anEthPkt->dhost[1],
      anEthPkt->dhost[2],
      anEthPkt->dhost[3],
      anEthPkt->dhost[4],
      anEthPkt->dhost[5],
      anEthPkt->shost[0],
      anEthPkt->shost[1],
      anEthPkt->shost[2],
      anEthPkt->shost[3], anEthPkt->shost[4], anEthPkt->shost[5]);
  printf ("type = Ox%x (decimal = %d)\n", ntohs (anEthPkt->type),
      ntohs (anEthPkt->type));

  if (ntohs (anEthPkt->type) == Pkt_L3ProtIp_c)
    {
      printf ("Encapsulated Ethernet packet is IP, printing IP\n");
      Pkt_IpHdr_t *anIpPkt = Pkt_EthernetExtractIp (anEthPkt);
      Pkt_PrintIp (anIpPkt);
    }

  printf ("Raw bytes in eth payload:\n");
  int i;
  for (i = sizeof (Pkt_EthernetHdr_t) + 1; i < length; i++)
    {
      printf ("%c",
          (isalnum (packet[i]) || isgraph (packet[i])
           || isspace (packet[i])) ? packet[i] : ',');
    }
  printf ("\nend raw bytes\n\n");

  return 0;
}


/**
  * \brief  Print a Wifi packet
  */

int
Pkt_PrintWifi (Pkt_WifiHdr_t * aWifiPkt)
{
  printf ("frame control = %x\n", aWifiPkt->frame_control);
  printf ("duration_id = %d\n", aWifiPkt->duration_id);
  printf ("seq_control = %d\n", aWifiPkt->seq_control);

  printf ("addr1 = %x:%x:%x:%x:%x:%x\n",
      aWifiPkt->addr1[0], aWifiPkt->addr1[1], aWifiPkt->addr1[2],
      aWifiPkt->addr1[3], aWifiPkt->addr1[4], aWifiPkt->addr1[5]);
  printf ("addr2 = %x:%x:%x:%x:%x:%x\n",
      aWifiPkt->addr2[0], aWifiPkt->addr2[1], aWifiPkt->addr2[2],
      aWifiPkt->addr2[3], aWifiPkt->addr2[4], aWifiPkt->addr2[5]);
  printf ("addr3 = %x:%x:%x:%x:%x:%x\n",
      aWifiPkt->addr2[0], aWifiPkt->addr2[1], aWifiPkt->addr2[2],
      aWifiPkt->addr2[3], aWifiPkt->addr2[4], aWifiPkt->addr2[5]);
  printf ("addr4 = %x:%x:%x:%x:%x:%x\n",
      aWifiPkt->addr3[0], aWifiPkt->addr3[1], aWifiPkt->addr3[2],
      aWifiPkt->addr3[3], aWifiPkt->addr3[4], aWifiPkt->addr3[5]);

  printf ("Treating encapsulated packet as IP, printing IP\n");
  Pkt_IpHdr_t *anIpPkt =
    (Pkt_IpHdr_t *) ((char *) aWifiPkt) + sizeof (Pkt_WifiHdr_t);
  Pkt_PrintIp (anIpPkt);

  return 0;
}


/**
  * \brief  Print an Ip Pkt, given in network order
  */

int
Pkt_PrintIp (Pkt_IpHdr_t * anIpPkt)
{
  printf ("Version = %x\t", anIpPkt->version);
  printf ("Header length = %x\t", anIpPkt->ihl);
  printf ("TOS = %d\n", anIpPkt->TOS);
  printf ("Length = %d\t", ntohs (anIpPkt->length));
  printf ("Ident = %x\t", ntohs (anIpPkt->id));
  printf ("Flags MF= %x DF= %x RB= %x\n",
      anIpPkt->MF, anIpPkt->DF, anIpPkt->RB);
  printf ("Offset= %x\t", anIpPkt->offset);
  printf ("TTL = %d\t", anIpPkt->TTL);
  printf ("protocol = %d\t", anIpPkt->protocol);
  printf ("checksum = %d\n", ntohs (anIpPkt->checksum));
  printf ("srcIp = %x ", ntohl (anIpPkt->sourceIp));
  Pkt_PrintIpAddressDotted (ntohl (anIpPkt->sourceIp));
  printf ("destIp = %x ", ntohl (anIpPkt->destIp));
  Pkt_PrintIpAddressDotted (ntohl (anIpPkt->destIp));

  return 0;
}


/**
  * \brief  Print an Ip address in 1.2.3.4 format
  */

void
Pkt_PrintIpAddressDotted( u_int32_t aNumIp)
{
  Pkt_PrintIpAddressDottedGeneral ( NIL(char), aNumIp); 
}

/**
  * \brief  Print an Ip address in 1.2.3.4 format
  */

void
Pkt_PrintIpAddressDottedGeneral ( char * buf, u_int32_t aNumIp)
{
  u_int32_t mask = 0377;    // start with 0 means octal

  int a1, a2, a3, a4;

  a1 = aNumIp & mask;
  a2 = (aNumIp >> 8) & mask;
  a3 = (aNumIp >> 16) & mask;
  a4 = (aNumIp >> 24) & mask;

  if ( buf == NIL( char ) ) {
    printf ("%u.%u.%u.%u\n", a4, a3, a2, a1);
  }
  else {
    sprintf ( buf, "%u.%u.%u.%u", a4, a3, a2, a1);
  }
}


/**
  * \brief  Allocate a process-packet structure
  * 
  */

Pkt_ProcessPkt_t *
Pkt_AllocateProcessPacket (Pkt_EthernetHdr_t * pkt, array_t * applicableRules)
{
  Pkt_ProcessPkt_t *result =
    (Pkt_ProcessPkt_t *) malloc (sizeof (Pkt_ProcessPkt_t));

  result->pkt = pkt;
  result->applicableRules = applicableRules;
  result->currentRule = 0;
  return result;
}