1 /******************************************************************************
2 Utility to convert a LTP flow to a TCP flow for LTP analysis via tcptrace.
3 Declarations of encapsulation functions for ltp2tcp
5 Copyright (C) 2013 Samuel Jero <sj323707@ohio.edu>
7 This program is free software: you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation, either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 Author: Samuel Jero <sj323707@ohio.edu>
24 1)Only handles one LTP "connection". There isn't a good way to separate
25 different LTP "connections" from new sessions of the same "connection".
26 Use Tcpdump filters to separate connections. Libpcap filtering could also
28 2)Uses some special types from Linux (u_char, u_int32_t)
29 ******************************************************************************/
32 #include <netinet/if_ether.h>
33 #include <netinet/ip.h>
40 /* Encapsulation Operations*/
42 /* Handle all headers up to LTP:
43 * h is the libpcap header. It should be returned with the Link+IP length in it.
44 * odata is the packet being processed starting at the Link header. It should be returned starting at the LTP header.
45 * ndata is the new packet. It should be returned with a Link+IP header in it.
46 * olength is the length of the packet being processed. It should be returned as the length of the LTP segment.
47 * nlength is the remaining length of the new packet. The Link+IP headers should be subtracted from it.
50 * 1)IP must say that TCP is next header
51 * 2)Initialize encapsulation private data as needed (typically store h and Link+IP header for fin() method)
53 int (*pre)(struct pcap_pkthdr *h, const u_char **odata, u_char **ndata, int* olength, int* nlength);
55 * Do any needed post processing on packet:
56 * tlen is the length of the TCP segment (data+header)
57 * data is the new packet starting at the link header
59 * Typically update IP length
61 int (*post)(int tlen, u_char *data);
63 * Add a TCP initial Threeway handshake to the connection:
64 * h is the libpcap header of the current packet.
66 * This means create three packets:
67 * SYN in current Direction (SEQ=0,ACK=0)
68 * SYN,ACK in opposite Direction (SEQ=0,ACK=1)
69 * ACK in current Direction (SEQ=1,ACK=1)
71 * You typically need Link+IP header from private data
72 * Output packets to state.out
74 int (*handshake)(struct pcap_pkthdr *h);
76 * Add TCP closing handshake:
77 * This means create three packets:
78 * FIN,ACK in current Direction (SEQ=state.seq_num+1, ACK=state.ack_num)
79 * FIN,ACK in opposite Direction (SEQ=state.ack_num, ACK=state.seq_num+2)
80 * ACK in current Direction (SEQ=state.seq_num+2,ACK=state.ack_num+1)
82 * You typically need the libpcap header and the Link+IP header from private data
83 * Output packets to state.out
89 /*Encapsulation Operations Structures*/
90 extern struct encap_ops udp_encap;
91 extern struct encap_ops dccp_encap;
92 extern struct encap_ops sll_encap;
95 /*Encapsulation Selector*/
96 void encap_sel(char* string);
98 /*Standard Ethernet, IP encapsulation structures and functions*/
100 struct pcap_pkthdr header;
101 u_char od[sizeof(struct ether_header)+sizeof(struct iphdr)];
104 int fill_eip4_encap(struct eip4_en_p *eip, const u_char* data, int dlen, struct pcap_pkthdr *h);
105 int eip4_post(struct eip4_en_p *eip, int tlen, u_char* data);
106 int eip4_handshake(struct eip4_en_p *eip, struct pcap_pkthdr *h);
107 int eip4_fin(struct eip4_en_p *eip);
109 #endif /* ENCAP_H_ */
projects / ltp2tcp / blob