/* darkstat 3
- * copyright (c) 2001-2008 Emil Mikulic.
+ * copyright (c) 2001-2009 Emil Mikulic.
*
* cap.c: interface to libpcap.
*
#include <string.h>
#include <unistd.h>
-extern int want_pppoe, want_macs;
+extern int want_pppoe, want_macs, want_hexdump;
/* The cap process life-cycle:
*
errbuf[0] = '\0'; /* zero length string */
pcap = pcap_open_live(
tmp_device,
- caplen, /* snaplen */
+ caplen,
promisc,
CAP_TIMEOUT,
errbuf);
pkts_drop = ps.ps_drop;
}
+/*
+ * Print hexdump of received packet.
+ */
+static void
+hexdump(const u_char *buf, const uint32_t len)
+{
+ uint32_t i, col;
+
+ printf("packet of %u bytes:\n", len);
+ col = 0;
+ for (i=0, col=0; i<len; i++) {
+ if (col == 0) printf(" ");
+ printf("%02x", buf[i]);
+ if (i+1 == linkhdr->hdrlen)
+ printf("[");
+ else if (i+1 == linkhdr->hdrlen + IP_HDR_LEN)
+ printf("]");
+ else printf(" ");
+ col += 3;
+ if (col >= 72) {
+ printf("\n");
+ col = 0;
+ }
+ }
+ if (col != 0) printf("\n");
+ printf("\n");
+}
+
+/*
+ * Callback function for pcap_dispatch() which chains to the decoder specified
+ * in linkhdr struct.
+ */
+static void
+callback(u_char *user, const struct pcap_pkthdr *h, const u_char *bytes)
+{
+ if (want_hexdump) hexdump(bytes, h->caplen);
+ linkhdr->handler(user, h, bytes);
+}
/*
* Process any packets currently in the capture buffer.
ret = pcap_dispatch(
pcap,
-1, /* count, -1 = entire buffer */
- linkhdr->handler, /* callback func from decode.c */
+ callback,
NULL); /* user */
if (ret < 0) {
ret = pcap_dispatch(
pcap,
-1, /* count, -1 = entire buffer */
- linkhdr->handler, /* callback func from decode.c */
+ callback,
NULL); /* user */
if (ret < 0)
.\"
.\" darkstat 3
-.\" Copyright 2001-2008, Emil Mikulic.
+.\" Copyright 2001-2009, Emil Mikulic.
.\"
.\" You may use, modify and redistribute this file under the terms of the
.\" GNU General Public License version 2. (see COPYING.GPL)
.BI \-\-ports\-keep " count"
] [
.BI \-\-highest\-port " port"
+] [
+.BI \-\-hexdump
]
.\"
.SH DESCRIPTION
This can be used to hide ephemeral ports.
By default, all ports are tracked.
.\"
+.TP
+.BI \-\-hexdump
+Show hex dumps of received traffic.
+This is only for debugging, and implies \-\-verbose and \-\-no\-daemon.
+.\"
.\" --------------------------------------------------------------------
.SH USAGE EXAMPLES
To gather statistics on the
static void cb_highest_port(const char *arg)
{ highest_port = parsenum(arg, 65535); }
+int want_hexdump = 0;
+static void cb_hexdump(const char *arg _unused_) { want_hexdump = 1; }
+
/* --- */
struct cmdline_arg {
{"--ports-max", "count", cb_ports_max, 0},
{"--ports-keep", "count", cb_ports_keep, 0},
{"--highest-port", "port", cb_highest_port, 0},
+ {"--hexdump", NULL, cb_hexdump, 0},
{NULL, NULL, NULL, 0}
};
}
verbosef("max %u ports per host, cutting down to %u when exceeded",
ports_max, ports_keep);
+
+ if (want_hexdump && !want_verbose) {
+ want_verbose = 1;
+ verbosef("--hexdump implies --verbose");
+ }
+
+ if (want_hexdump && want_daemonize) {
+ want_daemonize = 0;
+ verbosef("--hexdump implies --no-daemon");
+ }
}
static void
/* darkstat 3
- * copyright (c) 2001-2007 Emil Mikulic.
+ * copyright (c) 2001-2009 Emil Mikulic.
*
* decode.c: packet decoding.
*
/* darkstat 3
- * copyright (c) 2001-2007 Emil Mikulic.
+ * copyright (c) 2001-2009 Emil Mikulic.
*
* decode.h: packet decoding.
*
typedef struct {
int linktype;
- int hdrlen;
+ unsigned int hdrlen;
pcap_handler handler;
} linkhdr_t;
projects / darkstat / commitdiff