3. 协议分析器程序设计

3.1定义报文头部数据结构

3.1.1 UDP首部和伪首部结构体定义

/* UDP 首部*/

struct udphdr{ unsigned short u_src; unsigned short u_dst; unsigned short u_len; unsigned short u_cksum; };//UDP中校验使用的伪首部struct pseudo_header

{int srcIp;

int dstIp;

short udp_len;

char rsv;

char protocol;

unsigned short src_port; unsigned short dst_port; unsigned short len; unsigned short check_sum; char data[2];

};

3.1.2 IPv4基本定长首部结构体定义struct iphdr {

u_char Version_HLen;

u_char TOS; short Length;

short Flags_Offset;

u_char TTL;

u_char Protocol;

short Checksum;

unsigned int SourceAddr;

unsigned int DestinationAddr

};

3.1.3 以太网帧首部结构体定义

struct ethhdr {

unsigned char h_dest[6]; /* destination eth addr */

unsigned char h_source[6]; /* source ether addr */

unsigned short h_proto; /* packet type ID field */

};

3.1.4 网络通信5元组封装为结构体数据

struct socket_pair{

unsigned char proto_type; /*取值同IP头部字段的协议取值*/ unsigned short d_port; /*目的端口*/

unsigned short s_port; /*源端口*/

unsigned char d_ip[4]; /*目的IP地址*/

unsigned char s_ip[4]; /*源IP地址*/

};

3.2分析显示报文头部信息函数设计

3.2.1 以太网帧首部信息显示

int print_eth_frame(const unsigned char *frame_data, int len){ struct ethhdr * frame;

frame = (struct ethhdr *) frame _data;

if(type!=ETH_P_802_3)

eth->proto=htons(type);

else

eth->proto=htons(len);

if(!=sadder)

printf("\n该帧报类型ID为%H，", ntohs(frame->h_proto));

if(ntohs(frame->h_proto)==0x0800){

printf("上层协议为IP.\n");

return 0;

}

3.2.2 IPv4基本定长首部信息显示

int print_ip_pkt(const unsigned char *pkt_data,int len){

printf(“-----------ip首部信息----------\n”);

printf(“ip首部长度:%d”,pkt->ihI*4);

printf(“ip版本:%d”,pkt->version);

printf(“服务类型:%d”,pkt->tos);

printf(“8位生存事件%d”,pkt->ttl);

printf(“16位首部校验和:%d”,pkt->checksum);

printf(“8位协议:%d”,pkt->protocol);

printf(“总长度字节:%d”,ntohs(pkt->len));

printf(“16位标识:%d”,ntohs(pkt->id));

printf(“frag off:%d”,ntohs(pkt->frag_off));

printf(“32位源IP地址:%d”,inet_ntoa(*(struct in_addr*)(&pkt->sadder)));

printf(“32位目的IP地址:%d”,inet_ntoa(*(struct in_addr*)(*pkt->sadder)));

}

3.2.3 UDP首部信息显示

int print_ udp_pkt(const unsigned char *pkt_data,int len){

printf(“-----------UDP首部信息------------”);

printf(“16位源端口号：%d”,ntohs(pkt_data->sourse));

printf(“16位目的端口号：%d”,ntohs(pkt_data->dest));

printf(“16位UDP长度：%d”,ntohs(pkt_data->len));

Printf(“16位udp校验和：%d”,ntohs(pkt_data->checksum));

if(ntohs(pkt_data->len)!=sizeof(const unsigned