3 * Copyright August 2007 TJ <linux@tjworld.net>
5 * Checks that network packets seen by libpcap are seen at the netfilters
6 * level and haven't been silently discarded by the kernel.
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program in the file LICENSE-GPLv3.txt;
20 * if not, you can view it online at http://www.gnu.org/copyleft/gpl.html
27 #include <netinet/ether.h>
28 #include <netinet/ip.h>
29 #include <netinet/tcp.h>
31 // reporting of packets seen at each level in the network stack
32 void headers_print(void);
33 int packet_pcap(int count, const struct ether_header *ethernet, const struct iphdr *ip, const struct tcphdr *tcp, u_int32_t skb_len);
34 int packet_netf(int count, const struct iphdr *ip, const struct tcphdr *tcp);
35 char *print_time(time_t *timestamp);
37 // copy of packet as seen at pcap, and flags for following its progress
39 unsigned char *packet; // raw packet (result of malloc(), target of free()
40 struct ether_header *ether; // structured data pointers
43 unsigned char *payload;
44 u_int32_t checksum; // combines IP and TCP packet checksums (IP in high-word, TCP in low-word)
45 u_int32_t skb_len; // socket buffer length (skb->len from net/ipv4/ip_input.c::rcv() via libpcap pkthdr->len)
47 int pcap:1; // flag when pcap see's packet
48 int netf:1; // flag when netfilters see's packet
49 int allocated:1; // flag if this slot is in use
50 int simulation:1; // when set, indicates this packet should not be removed from the tracker. Used in simulation mode
54 enum tcp_flags { CWNR=0x80, ECN=0x40, URG=0x20, ACK=0x10, PUSH=0x08, RST=0x04, SYN=0x02, FIN=0x01 };
55 #define TCP_FLAGS_MAX 8
58 struct in_addr_filter {
59 struct in_addr ip_addr;
60 struct in_addr_filter *next;
64 struct packet_headers {
65 struct ether_header *ether;
68 unsigned char *payload;
69 unsigned int ether_len;
72 unsigned int headers_len;
73 unsigned int payload_len;
78 #endif /*PACKETEER_H_*/