c - 是否有任何库来解析 C 中的 TCP/IP/UDP header

Question

我正在使用一个应用程序，该应用程序为我提供数据包的 IP、TCP 或 UDP header 信息。现在我正在寻找一个可以解析这些 header 并返回有关它的信息(例如端口和 IP 地址)的库。

是否有任何书面或内置的方式来做到这一点？还是我应该自己写一个解析器？

谢谢。

Answer 1

Linux 头文件中有 C 结构定义。 (Windows/OSX 可能有类似的 header ，但您可以只修改 Linux header 。)

例如/usr/include/netinet/ip.h:

struct iphdr
  {
#if __BYTE_ORDER == __LITTLE_ENDIAN
    unsigned int ihl:4;
    unsigned int version:4;
#elif __BYTE_ORDER == __BIG_ENDIAN
    unsigned int version:4;
    unsigned int ihl:4;
#else
# error "Please fix <bits/endian.h>"
#endif
    u_int8_t tos;
    u_int16_t tot_len;
    u_int16_t id;
    u_int16_t frag_off;
    u_int8_t ttl;
    u_int8_t protocol;
    u_int16_t check;
    u_int32_t saddr;
    u_int32_t daddr;
    /*The options start here. */
  };

/usr/include/netinet/udp.h:

/* UDP header as specified by RFC 768, August 1980. */

struct udphdr
{
  __extension__ union
  {
    struct
    {
      u_int16_t uh_sport;               /* source port */
      u_int16_t uh_dport;               /* destination port */
      u_int16_t uh_ulen;                /* udp length */
      u_int16_t uh_sum;         /* udp checksum */
    };
    struct
    {
      u_int16_t source;
      u_int16_t dest;
      u_int16_t len;
      u_int16_t check;
    };
  };
};

/usr/include/netinet/tcp.h:

/*
 * TCP header.
 * Per RFC 793, September, 1981.
 */
struct tcphdr
  {
    __extension__ union
    {
      struct
      {
        u_int16_t th_sport;             /* source port */
        u_int16_t th_dport;             /* destination port */
        tcp_seq th_seq;         /* sequence number */
        tcp_seq th_ack;         /* acknowledgement number */
# if __BYTE_ORDER == __LITTLE_ENDIAN
        u_int8_t th_x2:4;               /* (unused) */
        u_int8_t th_off:4;              /* data offset */
# endif
# if __BYTE_ORDER == __BIG_ENDIAN
        u_int8_t th_off:4;              /* data offset */
        u_int8_t th_x2:4;               /* (unused) */
# endif
        u_int8_t th_flags;
# define TH_FIN 0x01
# define TH_SYN 0x02
# define TH_RST 0x04
# define TH_PUSH        0x08
# define TH_ACK 0x10
# define TH_URG 0x20
        u_int16_t th_win;               /* window */
        u_int16_t th_sum;               /* checksum */
        u_int16_t th_urp;               /* urgent pointer */
      };
      struct
      {
        u_int16_t source;
        u_int16_t dest;
        u_int32_t seq;
        u_int32_t ack_seq;
# if __BYTE_ORDER == __LITTLE_ENDIAN
        u_int16_t res1:4;
        u_int16_t doff:4;
        u_int16_t fin:1;
        u_int16_t syn:1;
        u_int16_t rst:1;
        u_int16_t psh:1;
        u_int16_t ack:1;
        u_int16_t urg:1;
        u_int16_t res2:2;
# elif __BYTE_ORDER == __BIG_ENDIAN
        u_int16_t doff:4;
        u_int16_t res1:4;
        u_int16_t res2:2;
        u_int16_t urg:1;
        u_int16_t ack:1;
        u_int16_t psh:1;
        u_int16_t rst:1;
        u_int16_t syn:1;
        u_int16_t fin:1;
# else
#  error "Adjust your <bits/endian.h> defines"
# endif
        u_int16_t window;
        u_int16_t check;
        u_int16_t urg_ptr;
      };
    };
};