decoders/decode_arp.c

Go to the documentation of this file.
00001 #include "decode_arp.h"
00002 #include "decode_ethernet.h"
00003 #include "../packets/packet.h"
00004 #include "../engine/hlbr.h"
00005 #include <stdio.h>
00006 #include <stdlib.h>
00007 #include <netinet/in.h>
00008 #include <arpa/inet.h>
00009 
00010 //#define DEBUG
00011 
00012 extern GlobalVars       Globals;
00013 
00014 int     EthernetDecoderID;
00015 
00019 void* DecodeARP(int PacketSlot)
00020 {
00021         ARPData*        data;
00022         EthernetData*   edata;
00023         unsigned short  etype;
00024         PacketRec*      p;
00025         
00026         DEBUGPATH;
00027 
00028         p = &Globals.Packets[PacketSlot];
00029 
00030         if (!GetDataByID(PacketSlot, EthernetDecoderID, (void**)&edata)) {
00031                 DBG( PRINTERROR1("Ethernet decoder ID is %i\n", EthernetDecoderID) );
00032                 DBG( PRINTERROR("Failed to get Ethernet header data\n") );
00033                 return NULL;
00034         }
00035 
00036         etype = ntohs(edata->Header->Type);
00037         
00038         if (etype != ETHERNET_TYPE_ARP) {
00039                 DBG( PRINTERROR1("Ethernet doesn't think this is an ARP packet %04x\n",etype) );
00040                 return NULL;
00041         }
00042                 
00043         data = MALLOC(sizeof(ARPData));
00044         data->Header = (ARPHdr*)(p->RawPacket+p->BeginData);
00045         p->BeginData += sizeof(ARPHdr);
00046 
00047         if (ntohs(data->Header->Operation) == ARP_OP_REQUEST) {
00048                 DBG( PRINTERROR("ARP Request:\n") );
00049                 data->EthernetARPHeader = (ARPEtherIP*)(p->RawPacket+p->BeginData);             
00050                 p->BeginData += sizeof(ARPEtherIP);
00051 
00052                 DBG( PRINTERROR6("%02X:%02X:%02X:%02X:%02X:%02X",
00053                         data->EthernetARPHeader->SenderMac[0],
00054                         data->EthernetARPHeader->SenderMac[1],
00055                         data->EthernetARPHeader->SenderMac[2],
00056                         data->EthernetARPHeader->SenderMac[3],
00057                         data->EthernetARPHeader->SenderMac[4],
00058                         data->EthernetARPHeader->SenderMac[5]) );
00059                 DBG( PRINTERROR1("(%s)\nWho has?\n",inet_ntoa(*(struct in_addr*)&data->EthernetARPHeader->SenderIP[0])) );
00060                 DBG( PRINTERROR6("%02X:%02X:%02X:%02X:%02X:%02X",
00061                         data->EthernetARPHeader->TargetMac[0],
00062                         data->EthernetARPHeader->TargetMac[1],
00063                         data->EthernetARPHeader->TargetMac[2],
00064                         data->EthernetARPHeader->TargetMac[3],
00065                         data->EthernetARPHeader->TargetMac[4],
00066                         data->EthernetARPHeader->TargetMac[5]) );
00067                 DBG( PRINTERROR1("(%s)\n",inet_ntoa(*(struct in_addr*)&data->EthernetARPHeader->TargetIP[0])) );
00068 
00069         } else if (ntohs(data->Header->Operation) == ARP_OP_REPLY) {
00070                 DBG( PRINTERROR("ARP Reply:\n") );
00071                 data->EthernetARPHeader = (ARPEtherIP*)(p->RawPacket+p->BeginData);             
00072                 p->BeginData += sizeof(ARPEtherIP);
00073 
00074                 DBG( PRINTERROR6("%02X:%02X:%02X:%02X:%02X:%02X",
00075                         data->EthernetARPHeader->SenderMac[0],
00076                         data->EthernetARPHeader->SenderMac[1],
00077                         data->EthernetARPHeader->SenderMac[2],
00078                         data->EthernetARPHeader->SenderMac[3],
00079                         data->EthernetARPHeader->SenderMac[4],
00080                         data->EthernetARPHeader->SenderMac[5]) );
00081                 DBG( PRINTERROR1("(%s)\nis at?\n",inet_ntoa(*(struct in_addr*)&data->EthernetARPHeader->SenderIP[0])) );
00082                 DBG( PRINTERROR6("%02X:%02X:%02X:%02X:%02X:%02X",
00083                         data->EthernetARPHeader->TargetMac[0],
00084                         data->EthernetARPHeader->TargetMac[1],
00085                         data->EthernetARPHeader->TargetMac[2],
00086                         data->EthernetARPHeader->TargetMac[3],
00087                         data->EthernetARPHeader->TargetMac[4],
00088                         data->EthernetARPHeader->TargetMac[5]) );
00089                 DBG( PRINTERROR1("(%s)\n",inet_ntoa(*(struct in_addr*)&data->EthernetARPHeader->TargetIP[0])) );
00090 
00091         } else {
00092                 PRINTERROR1("Unknown ARP Operation %04x\n", ntohs(data->Header->Operation));
00093         }
00094 
00095         return data;
00096 }
00097 
00098 
00102 int InitDecoderARP()
00103 {
00104         int DecoderID;
00105 
00106         DEBUGPATH;
00107         
00108         if ((DecoderID = CreateDecoder("ARP")) == DECODER_NONE) {
00109                 PRINTERROR("Couldn't Allocate ARP Decoder\n");
00110                 return FALSE;
00111         }
00112         
00113         Globals.Decoders[DecoderID].DecodeFunc = DecodeARP;
00114         if (!DecoderAddDecoder(GetDecoderByName("Ethernet"), DecoderID)) {
00115                 PRINTERROR("Failed to Bind ARP Decoder to Ethernet Decoder\n");
00116                 return FALSE;
00117         }
00118 
00119         EthernetDecoderID = GetDecoderByName("Ethernet");
00120 
00121         /* for testing */
00122         Globals.Decoders[DecoderID].Active = TRUE;
00123         /* end testing */
00124 
00125         return TRUE;
00126 }
Generated on Sat Jul 7 23:33:10 2007 for HLBR by  doxygen 1.5.2