diff options
Diffstat (limited to 'tcpflow.c')
| -rw-r--r-- | tcpflow.c | 39 |
1 files changed, 13 insertions, 26 deletions
@@ -37,10 +37,10 @@ struct tcpflow tcp_seq initial_seq; unsigned int packet_count, bytes_count; int fd; - struct tcpflow *next; char ip_src_s[16]; char ip_dst_s[16]; - char session_fname[50]; + char session_fname[64]; + struct tcpflow *next; }; typedef struct tcpflow tcpflow_t; @@ -56,10 +56,6 @@ int check_session(tcpflow_t *list, struct in_addr ip_src, struct in_addr ip_dst, if (iter->ip_src.s_addr == ip_src.s_addr && iter->ip_dst.s_addr == ip_dst.s_addr && iter->src_port == src_port && iter->dst_port == dst_port) { -#if 0 - printf("same session detected, session = %s, packets = %u, bytes = %u\n", - iter->session_fname, iter->packet_count, iter->bytes_count); -#endif *session_ptr = iter; return 0; } @@ -88,14 +84,14 @@ int add_session(tcpflow_t **list, struct ip *ip_pkt, struct tcphdr *tcp_pkt) node->src_port = ntohs(tcp_pkt->th_sport); node->dst_port = ntohs(tcp_pkt->th_dport); node->initial_seq = ntohl(tcp_pkt->th_seq); - node->bytes_count += ((ntohs(ip_pkt->ip_len) - 20 - (tcp_pkt->th_off * 4))); /* calc payload */ + node->bytes_count += ((ntohs(ip_pkt->ip_len) - 20 - (tcp_pkt->th_off << 2))); /* calc payload */ strcpy(node->ip_src_s, inet_ntoa(ip_pkt->ip_src)); strcpy(node->ip_dst_s, inet_ntoa(ip_pkt->ip_dst)); - char buff[50] = { 0 }; + char buff[64] = { 0 }; sprintf(buff, "%s.%u-%s.%u.logs", node->ip_src_s, node->src_port, node->ip_dst_s, node->dst_port); - strncpy(node->session_fname, buff, 50); + strncpy(node->session_fname, buff, 64); /* open file for writing */ char fname[300] = { 0 }; @@ -103,13 +99,8 @@ int add_session(tcpflow_t **list, struct ip *ip_pkt, struct tcphdr *tcp_pkt) if ((node->fd = open(fname, O_WRONLY | O_CREAT, 0644)) == -1) perror("failed to create file for tcp session"); - if (!*list) - *list = node; - else - { - node->next = *list; - *list = node; - } + node->next = *list; + *list = node; } else { @@ -123,24 +114,21 @@ int add_session(tcpflow_t **list, struct ip *ip_pkt, struct tcphdr *tcp_pkt) int cont_session(tcpflow_t *curr_session, struct ip *ip_pkt, struct tcphdr *tcp_pkt) { /* calc payload */ - unsigned int payload = (ntohs(ip_pkt->ip_len) - 20 - (tcp_pkt->th_off * 4)); + unsigned int payload = (ntohs(ip_pkt->ip_len) - 20 - (tcp_pkt->th_off << 2)); if (!payload && (tcp_pkt->th_flags & TH_ACK)) /* silly to check for ACK flag? It's always set after handshake, eh */ { - fprintf(stderr, "%s is ACKing\n", curr_session->ip_src_s); /* or possibly finishing a 3-way handshake */ + /* or possibly finishing a 3-way handshake */ + fprintf(stderr, "%s is ACKing\n", curr_session->ip_src_s); return 0; } /* append payload, if any */ if (payload && curr_session->fd) { - void *payload_addr = ((char *) (tcp_pkt)) + tcp_pkt->th_off * 4; -#if 0 - printf("tcp header is at: %p\n", tcp_pkt); - printf("payload is at: %p and size = %u\n", payload_addr, payload); -#endif - - lseek(curr_session->fd, ntohl(tcp_pkt->th_seq) - curr_session->initial_seq, SEEK_SET); /* seek to some offset from beginning */ + void *payload_addr = ((char *) (tcp_pkt)) + (tcp_pkt->th_off << 2); + /* seek to some offset from beginning */ + lseek(curr_session->fd, ntohl(tcp_pkt->th_seq) - curr_session->initial_seq, SEEK_SET); write(curr_session->fd, payload_addr, payload); curr_session->bytes_count += payload; @@ -152,7 +140,6 @@ int cont_session(tcpflow_t *curr_session, struct ip *ip_pkt, struct tcphdr *tcp_ } curr_session->packet_count++; - return 0; } |