c - libpcap 源地址和目标地址在捕获的 ipheader 中始终为 NULL。

Question

我编写了一个小程序来玩转 libpcap。 问题是我捕获的 header 的源地址和目标地址字段似乎总是空值。

代码:

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <linux/if_ether.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#include <pcap.h>
#include <arpa/inet.h>

#define BUFFERSIZE 65535

char errbuf[PCAP_ERRBUF_SIZE];

void sniffloop(u_char *, const struct pcap_pkthdr *, const u_char *);

void usage(char *name){
    fprintf(stderr, "usage: %s <interface> <secret>", name);
    exit(1);
}

int main(int argc, char **argv){
    pcap_t *sniffsess;
    struct bpf_program filter;

    if(argc<3){
        usage(argv[0]);
        return 1;
    }

    if(!(sniffsess=pcap_open_live(argv[1], BUFFERSIZE, 0, 1000, errbuf))){
        fprintf(stderr, "%s: couldn't open devices for sniffing: %s\n", argv[0], errbuf);
        return 1;
    }

    if(pcap_datalink(sniffsess)!=DLT_EN10MB){
        fprintf(stderr, "%s: %s not an ethernet device", argv[0], argv[1]);
        return 1;
    }

    if(pcap_compile(sniffsess, &filter, "icmp", 0, 0)==-1){
        fprintf(stderr, "%s: couldn't parse icmp filter", argv[0]);
        return 1;
    }

    if(pcap_setfilter(sniffsess, &filter)==-1){
        fprintf(stderr, "%s: couldn't set icmp filter", argv[0]);
        return 1;
    }

    // daemonize here.
    pcap_loop(sniffsess, -1, sniffloop, NULL);
}

void sniffloop(u_char *args, const struct pcap_pkthdr *hdr, const u_char *pkt){
    struct ethhdr *ehdr=(struct ethhdr *)pkt;
    struct iphdr *ipheader=(struct iphdr *)pkt+sizeof(struct ethhdr);
    struct icmphdr *icmpheader=(struct icmphdr*)pkt+sizeof(structethhdr)+ipheader->ihl*4;
    char *data=(char *)pkt+sizeof(struct ethhdr)+ipheader->ihl*4+sizeof(struct icmphdr);
    struct in_addr source,destination;
    source.s_addr=ipheader->saddr;
    destination.s_addr=ipheader->daddr;

    printf("sourceaddress is %p\ndestinationaddess is %p\n", ipheader->saddr, ipheader->daddr);
}

输出:

spongebob code # ./icmpexec br0 foo
sourceaddress is (nil)
destinationaddess is (nil)
sourceaddress is (nil)
destinationaddess is (nil)

我已经搜索了答案，但没有找到任何东西。 我认为很可能是我在协议(protocol) header 中得到了一些错误的偏移量。

感谢您的关注! :D

Answer 1

你所有的地址计算都是错误的。例如:

struct iphdr *ipheader=(struct iphdr *)pkt+sizeof(struct ethhdr);

需要:

struct iphdr *ipheader=(struct iphdr *)(pkt+sizeof(struct ethhdr));