我正在尝试从有效负载打印sflow数据摘要。我已经为摘要细节定义了结构,并使用memcpy将数据从缓冲区复制到结构中。我发现我打印的值不是正确的值,因为它看起来像是打印了一些随机值。我试图查看偏移的概念,它指定缓冲区中每个结构细节的位置。但我仍然无法解决这个问题。我已经附上了下面的代码和输出。
#include<stdio.h> //For standard things
#include<stdlib.h> //malloc
#include<string.h> //memset
#include<netinet/ip_icmp.h> //Provides declarations for icmp header
#include<netinet/udp.h> //Provides declarations for udp header
#include<netinet/tcp.h> //Provides declarations for tcp header
#include<netinet/ip.h> //Provides declarations for ip header
#include<sys/socket.h>
#include<arpa/inet.h>
#include<net/ethernet.h>
#include<netinet/if_ether.h>
#include<fcntl.h>
#include<stddef.h>
#include<malloc.h>
#define PORT 6343 // define the port to connect
#define ETH_P_IP 0x0800
void Dataint (unsigned char* , int);
int sockt;
int i,j;
struct sockaddr_in source,dest;
typedef unsigned char mac[6];
typedef unsigned char ip_v4[4];
typedef unsigned char ip_v6[16];
typedef unsigned int header_protocol;
/* Packet header data */
const MAX_HEADER_SIZE = 256; /* The maximum sampled header size. */
struct sampled_header {
header_protocol protocol; /* Format of sampled header */
unsigned int frame_length; /* Original length of packet before
sampling */
//opaque header<MAX_HEADER_SIZE>; /* Header bytes */
}head;
/* Ethernet Frame Data */
/* opaque = flow_data; enterprise = 0; format = 2 */
struct sampled_ethernet {
unsigned int length; /* The length of the MAC packet received on the
network, excluding lower layer encapsulations
and framing bits but including FCS octets */
mac src_mac; /* Source MAC address */
mac dst_mac; /* Destination MAC address */
unsigned int type; /* Ethernet packet type */
}ether;
/* Packet IP version 4 data */
struct sampled_ipv4 {
unsigned int length; /* The length of the IP packet excluding
lower layer encapsulations */
unsigned int protocol; /* IP Protocol type
(for example, TCP = 6, UDP = 17) */
ip_v4 src_ip; /* Source IP Address */
ip_v4 dst_ip; /* Destination IP Address */
unsigned int src_port; /* TCP/UDP source port number or
equivalent */
unsigned int dst_port; /* TCP/UDP destination port number or
equivalent */
unsigned int tcp_flags; /* TCP flags */
unsigned int tos; /* IP type of service */
}ip4;
/* Packet IP version 6 data */
struct sampled_ipv6 {
unsigned int length; /* The length of the IP packet excluding
lower layer encapsulations */
unsigned int protocol; /* IP next header
(for example, TCP = 6, UDP = 17) */
ip_v6 src_ip; /* Source IP Address */
ip_v6 dst_ip; /* Destination IP Address */
unsigned int src_port; /* TCP/UDP source port number or
equivalent */
unsigned int dst_port; /* TCP/UDP destination port number or
equivalent */
unsigned int tcp_flags; /* TCP flags */
unsigned int priority; /* IP priority */
}ip6;
/* Extended switch data */
struct extended_switch {
unsigned int src_vlan; /* The 802.1Q VLAN id of incoming frame */
unsigned int src_priority; /* The 802.1p priority of incoming
frame */
unsigned int dst_vlan; /* The 802.1Q VLAN id of outgoing frame */
unsigned int dst_priority; /* The 802.1p priority of outgoing
frame */
}swh;
int main(int argc, char *argv[])
{
int myaddr_size,data_size, datasize;
struct sockaddr_in myaddr;
struct sockaddr_in daddr;
struct in_addr addr;
unsigned char* buffer = (unsigned char *)malloc(65536); // Its Big ! Malloc allocates a block of size bytes of memory,returning a pointer to the begining of the block
//Create a socket
sockt = socket(AF_INET ,SOCK_DGRAM ,IPPROTO_UDP);
if(sockt < 0)
{
printf("Socket Error\n");
return 1;
}
memset((char *)&myaddr,0,sizeof(myaddr));
memset((char *)&daddr,0,sizeof(daddr));
//prepare the sockaddr_in structure
daddr.sin_family = AF_INET;
daddr.sin_addr.s_addr = htons(INADDR_ANY);
daddr.sin_port = htons(PORT);
//Bind the socket
if(bind(sockt,(struct sockaddr *)&daddr, sizeof(daddr))<0)
{
printf("bind failed");
return 1;
}
printf("bind done");
while(1)
{
myaddr_size = sizeof myaddr;
printf(" waiting for data...\n");
//Receive a packet
datasize = recvfrom(sockt , buffer ,65536 , 0 , (struct sockaddr*) &myaddr , (socklen_t*)&myaddr_size);
data_size = recvfrom(sockt , buffer ,65536 , 0 , NULL , NULL);
if(data_size <0)
{
printf("Packets not recieved \n");
return 1;
}
printf("Packets arrived from %d \n",ntohs(daddr.sin_port));
printf("packet recieved : %lu bytes\n", datasize);
printf("Agent IP address : %s\n", inet_ntoa(myaddr.sin_addr));
printf("Source Port : %d\n",ntohs(myaddr.sin_port));
printf("Destination Port : %d\n",ntohs(daddr.sin_port));
// copy the buffer data into struct and print the sflow details
memcpy(&head.protocol,&buffer[4],4);
memcpy(&head.frame_length,&buffer[4],4);
//printf("offsets: protocol=%zd, frame_length=%zd\n", offsetof(struct sampled_header, protocol),offsetof(struct sampled_header,frame_length));
printf("---------------------------------------------\n");
printf(" Sampled Header \n");
printf("---------------------------------------------\n");
printf("ethernet protocol : %d\n",head.protocol);
printf("Frame Length : %u\n", htonl(head.frame_length));
memcpy(ðer,&buffer[sizeof(head)],sizeof (ether));
printf("offsets: length=%zd, src_mac=%zd, dst_mac=%zd, type=%zd\n", offsetof(struct sampled_ethernet, length), offsetof(struct sampled_ethernet, src_mac), offsetof(struct sampled_ethernet, dst_mac), offsetof(struct sampled_ethernet, type));
printf("---------------------------------------------\n");
printf(" Sampled Ethernet \n");
printf("---------------------------------------------\n");
printf("Ethernet Length : %u bytes\n",ntohl(ether.length));
printf("Source MAC : %.2X-%.2X-%.2X-%.2X-%.2X-%.2X\n", ether.src_mac[0], ether.src_mac[1], ether.src_mac[2], ether.src_mac[3], ether.src_mac[4], ether.src_mac[5]);
printf("Destination MAC : %.2X-%.2X-%.2X-%.2X-%.2X-%.2X\n", ether.dst_mac[0], ether.dst_mac[1], ether.dst_mac[2], ether.dst_mac[3], ether.dst_mac[4], ether.dst_mac[5]);
printf(" Ethernet Type : %d\n",htons(ether.type)); memcpy(&ip4,&buffer[sizeof(head)+sizeof(ether)],sizeof(ip4));printf("offsets: length=%zd, protocol=%zd, src_ip=%zd, dst_ip=%zd, src_port=%zd, dst_port=%zd, tcp_flags=%zd, tos=%zd\n", offsetof(struct sampled_ipv4, length), offsetof(struct sampled_ipv4, protocol), offsetof(struct sampled_ipv4, src_ip), offsetof(struct sampled_ipv4, dst_ip), offsetof(struct sampled_ipv4, src_port), offsetof(struct sampled_ipv4, dst_port), offsetof(struct sampled_ipv4, tcp_flags), offsetof(struct sampled_ipv4, tos));
printf("---------------------------------------------\n");
printf(" Sampled IPv4 \n");
printf("---------------------------------------------\n");
printf("IPv4 Length : %u\n", ip4.length);
printf("IP Protocol : %d\n", ntohl(ip4.protocol));
printf("Source IP Address : %d.%d.%d.%d\n",ip4.src_ip[0],ip4.src_ip[1],ip4.src_ip[2],ip4.src_ip[3]);
printf("Destination IP Address : %d.%d.%d.%d\n",ip4.dst_ip[0],ip4.dst_ip[1],ip4.dst_ip[2],ip4.dst_ip[3]);
printf("Source Port : %d\n",ip4.src_port);
printf("Destination Port : %d\n",ip4.dst_port);
printf("TCP flags : %d\n",(unsigned int)ip4.tcp_flags);
printf("Type of Service : %d\n",htons(ip4.tos));
/*memcpy(&ip6,&buffer[sizeof(head)+ sizeof(ether)+ sizeof(ip4)],sizeof ip6);
printf("offsets: length=%zd, protocol=%zd, src_ip=%zd, dst_ip=%zd, src_port=%zd, dst_port=%zd, tcp_flags=%zd, priority=%zd\n", offsetof(struct sampled_ipv6, length), offsetof(struct sampled_ipv6, protocol), offsetof(struct sampled_ipv6, src_ip), offsetof(struct sampled_ipv6, dst_ip), offsetof(struct sampled_ipv6, src_port), offsetof(struct sampled_ipv6, dst_port), offsetof(struct sampled_ipv6, tcp_flags), offsetof(struct sampled_ipv6, priority));
printf("---------------------------------------------\n");
printf(" Sampled IPv6 \n");
printf("---------------------------------------------\n");
printf("IPv4 Length : %d\n", sizeof(ip6.length));
printf("IP Protocol : %d\n", ntohl(ip6.protocol));
printf("Source IP Address : %d.%d.%d.%d\n",ip6.src_ip[0],ip6.src_ip[1],ip6.src_ip[2],ip6.src_ip[3]);
printf("Destination IP Address : %d.%d.%d.%d\n",ip6.dst_ip[0],ip6.dst_ip[1],ip6.dst_ip[2],ip6.dst_ip[3]);
printf("Source Port : %d\n",ntohs(myaddr.sin_port));
printf("Destination Port : %d\n",ntohs(daddr.sin_port));
printf("TCP flags : %d\n",(unsigned int)ip6.tcp_flags);
printf("Priority : %d\n",ip6.priority);*/
memcpy(&swh,&buffer[sizeof(head)+ sizeof(ether)+ sizeof(ip4)],sizeof swh);
printf("offsets: src_vlan=%zd, src_priority=%zd, dst_vlan=%zd, dst_priority=%zd\n", offsetof(struct extended_switch, src_vlan), offsetof(struct extended_switch, src_priority), offsetof(struct extended_switch, dst_vlan), offsetof(struct extended_switch, dst_priority));
printf("---------------------------------------------\n");
printf(" Extended Switch \n");
printf("---------------------------------------------\n");
printf("Source VLAN : %d\n",swh.src_vlan);
printf("Source Priority : %d\n",swh.src_priority);
printf("Destination VLAN : %lu\n",swh.dst_vlan);
printf("Destination Priority : %lu\n",swh.src_priority);
Dataint(buffer,data_size);
}
close(sockt);
printf("Finished");
return 0;
}
void Dataint (unsigned char* data , int len)
{
int i,j;
i=0;
for(i=0 ; i <= len ; i++)
{
if( i!=0 && i%8==0) // prints every hex line with a space
{
printf(" ");
}
// prints entire data in integer
if(i%16==0)
printf(" "); // prints the first element of hex line
printf(" %d",(unsigned int)data[i]);
//print the last spaces
if( i==len-1)
{
for(j=0;j<16-i%16;j++)
printf(" ");
}
}
}
输出以及我收到的偏移值如下:
Packets arrived from 6343
packet recieved : 1324 bytes
Agent IP address : 147.188.195.6
Source Port : 61842
Destination Port : 6343
---------------------------------------------
Sampled Header
--------------------------------------------- offsets: protocol=0, frame_length=4
ethernet protocol : 16777216
Frame Length : 1
---------------------------------------------
Sampled Ethernet
--------------------------------------------- offsets: length=0, src_mac=4, dst_mac=10, type=16
Ethernet Length : 2478620678 bytes
Source MAC : 0- 0- 0- 0- 0-36
Destination MAC : 1E-9B-32-84-AA-C2
Ethernet Type : 0
---------------------------------------------
Sampled IPv4
--------------------------------------------- offsets: length=0, protocol=4, src_ip=8, dst_ip=12, src_port=16, dst_port=20, tcp_flags=24, tos=28
IPv4 Length : 83886080
IP Protocol : 1520500736
Source IP Address : 0.0.0.208
Destination IP Address : 0.0.1.0
Source Port : 0
Destination Port : 0
TCP flags : 0
Type of Service : 0
---------------------------------------------
Extended Switch
--------------------------------------------- offsets: src_vlan=0, src_priority=4, dst_vlan=8, dst_priority=12
Source VLAN : 486539264
Source Priority : 33554432
Destination VLAN : 16777216
Destination Priority : 33554432
数据有效负载:0 0 0 5 0 0 0 1 147 188 192 6 0 0 0 0 0 54 44 126 50 224 228 124 0 0 0 6 0 0 0 1 0 0 0 208 1 50 160 35 0 0 0 29 0 0 1 0 1 157 88 85 0 22 166 165 0 0 0 29 0 0 0 0 0 0 0 2 0 0 0 1 0 0 0 144 0 0 0 1 0 0 5 238 0 0 0 4 0 0 0 128 240 146 28 72 194 0 0 14 12 48 199 199 8 0 69 0 5 220 176 240 0 0 51 6 194 93 64 15 119 81 147 188 195 177 0 80 15 105 3 108 27 58 205 169 158 110 80 16 0 239 135 97 0 0 10 186 230 180 163 132 153 187 46 104 70 126 109 217 29 196 92 63 8 24 204 255 131 109 60 137 167 141 247 31 227 55 242 178 122 129 253 93 200 255 46 21 24 48 109 130 213 95 161 9 125 90 129 99 166 247 75 246 52 185 27 152 127 19 138 146 225 108 45 99 246 230 25 251 0 0 3 233 0 0 0 16 0 0 0 3 0 0 0 2 0 0 0 5 255 255 255 255 0 0 0 1 0 0 0 208 1 50 160 36 0 0 0 29 0 0 1 0 1 157 90 94 0 22 166 165 0 0 0 29 0 0 0 0 0 0 0 2 0 0 0 1 0 0 0 144 0 0 0 1 0 0 5 238 0 0 0 4 0 0 0 128 240 146 28 72 194 0 0 14 12 48 199 199 8 0 69 0 5 220 178 82 0 0 51 6 192 251 64 15 119 81 147 188 195 177 0 80 15 105 3 115 225 158 205 169 158 110 80 16 0 239 118 126 0 0 59 254 170 184 227 67 248 86 191 227 85 214 128 13 127 11 27 202 144 207 244 34 228 207 203 12 246 161 229 218 73 184 240 205 101 63 75 175 182 203 229 232 87 30 141 242 132 214 192 254 176 92 123 207 21 174 130 56 203 169 182 157 8 157 114 162 151 123 30 228 250 49 124 95 0 0 3 233 0 0 0 16 0 0 0 3 0 0 0 2 0 0 0 5 255 255 255 255 0 0 0 1 0 0 0 140 1 50 160 37 0 0 0 29 0 0 1 0 1 157 90 115 0 22 166 165 0 0 0 0 0 0 0 29 0 0 0 2 0 0 0 1 0 0 0 76 0 0 0 1 0 0 0 64 0 0 0 4 0 0 0 60 0 14 12 48 199 199 240 146 28 72 194 0 8 0 69 0 0 40 9 88 64 0 127 6 227 169 147 188 195 177 64 15 119 81 15 105 0 80 205 169 158 110 3 116 20 242 80 16 1 0 11 207 0 0 0 0 0 0 0 0 0 0 3 233 0 0 0 16 255 255 255 255 0 0 0 0 0 0 0 3 255 255 255 255 0 0 0 1 0 0 0 208 1 50 160 38 0 0 0 29 0 0 1 0 1 157 91 47 0 22 166 165 0 0 0 29 0 0 0 0 0 0 0 2 0 0 0 1 0 0 0 144 0 0 0 1 0 0 5 238 0 0 0 4 0 0 0 128 240 146 28 72 194 0 0 14 12 48 199 199 8 0 69 0 5 220 178 216 0 0 51 6 192 117 64 15 119 81 147 188 195 177 0 80 15 105 3 118 210 110 205 169 158 110 80 24 0 239 183 68 0 0 88 129 223 184 230 223 53 102 122 246 1 77 205 249 189 7 88 71 27 157 249 169 195 61 224 97 241 150 205 73 255 63 222 86 124 18 123 51 189 252 143 233 59 210 167 247 97 250 218 244 233 220 35 40 255 167 79 47 192 244 165 233 211 43 48 125 65 250 244 122 76 191 46 125 0 0 3 233 0 0 0 16 0 0 0 3 0 0 0 2 0 0 0 5 255 255 255 255 0 0 0 1 0 0 0 208 1 50 160 39 0 0 0 29 0 0 1 0 1 157 92 80 0 22 166 165 0 0 0 29 0 0 0 0 0 0 0 2 0 0 0 1 0 0 0 144 0 0 0 1 0 0 5 238 0 0 0 4 0 0 0 128 240 146 28 72 194 0 0 14 12 48 199 199 8 0 69 0 5 220 179 162 0 0 51 6 191 171 64 15 119 81 147 188 195 177 0 80 15 105 3 123 65 90 205 169 158 110 80 16 0 239 63 87 0 0 40 242 64 127 26 235 137 150 44 212 109 245 48 2 91 24 89 198 98 17 198 188 250 158 160 123 5 244 171 63 159 196 242 241 222 140 233 42 247 64 64 73 108 130 49 239 241 217 27 243 93 172 191 131 171 43 95 186 205 120 110 18 211 203 236 243 122 191 73 63 232 232 149 112 0 0 3 233 0 0 0 16 0 0 0 3 0 0 0 2 0 0 0 5 255 255 255 255 0 0 0 1 0 0 0 148 1 50 160 40 0 0 0 29 0 0 1 0 1 157 92 92 0 22 166 165 0 0 0 0 0 0 0 29 0 0 0 2 0 0 0 1 0 0 0 84 0 0 0 1 0 0 0 70 0 0 0 4 0 0 0 68 0 14 12 48 199 199 240 146 28 72 194 0 8 0 69 0 0 52 122 136 64 0 62 6 81 67 147 188 202 13 94 100 180 202 238 166 1 187 102 178 253 255 82 53 99 117 128 16 255 255 241 78 0 0 1 1 8 10 159 45 37 133 10 227 58 33 0 0 0 0 3 233 0 0 0 16 255 255 255 255 0 0 0 0 0 0 0 3 255 255 255 255
这里的问题是在所有字段中打印的随机值。我不确定printf语句在打印值时是否出错,或者我的memcpy实际上并没有指向缓冲区的正确位置。我需要帮助解决这个问题,并了解我的错误。此外,我很想知道是否可以在不使用任何可用库的情况下解决此问题?此问题与use of memcpy to store data from buffer into struct有关。
答案 0 :(得分:0)
正如我在this answer中提到的以及随后的评论,您并没有抓住正确的消息抵消。
包内容如下:
struct sample_datagram_v5 第一个样本包含:
data_format(在本例中为流量样本)struct flow_sample 第一个样本中的第一个流程:
data_format(在本例中为原始数据包样本,因此......)struct sampled_header sampled_header.stripped 第一个样本中的第二个流程:
data_format(在本例中为扩展交换机数据)struct extended_switch 以下是您如何阅读这些字段的示例。我没有使用memcpy,而是直接使用指向相关结构的指针直接进入相关缓冲区。
// main header
int *sflow_version = (int *)buffer;
int *val1 = (int *)(buffer + sizeof(*sflow_version ));
struct sample_datagram_v5 *sdv5 = (struct sample_datagram_v5 *)((char *)val1 + sizeof(*val1));
int *num_samples = (int *)((char *)sdv5 + sizeof(*sdv5));
// first sample
data_format *sample1_type = (data_format *)((char *)num_samples + sizeof(*num_samples));
int *sample1_len = (int *)((char *)sample1_type + sizeof(*sample1_type));
// read *sample1_type to determine that this sample is a flow sample
struct flow_sample *sample1 = (struct flow_sample *)((char *)sample1_len + sizeof(*sample1_len));
int *sample1_count = (int *)((char *)sample1 + sizeof(*sample1));
// first sample, first flow
data_format *s1flow1_type = (data_format *)((char *)sample1_count + sizeof(*sample1_count));
// read *s1flow1_type to determine that this flow is a raw packet
int *s1flow1_len = (int *)((char *)s1flow1_type + sizeof(*s1flow1_type));
struct sampled_header *s1flow1_sheader = (struct sampled_header *)((char *)s1flow1_len + sizeof(*s1flow1_len));
// raw data from first sample, first flow
struct ether_header *ether1 = (struct ether_header *)((char *)sampled_header + sizeof(*sampled_header) + ntohl(s1flow1_sheader->stripped)); // struct from <net/ethernet.h>
struct iphdr *ip1 = (struct iphdr *)((char *)ether1 + sizeof(*ether1)); // struct from <netinet/ip.h>
struct udphdr *udp1 = (struct udphdr *)((char *)ip1 + sizeof(*ip1)); // struct from <netinet/ip.h>
// plus application data
// first sample, second flow
data_format *s1flow2_type = (data_format *)((char *)s1flow1_len + sizeof(*s1flow1_len) + ntohl(*s1flow1_len));
// read *s1flow2_type to determine that this flow is extended switch data
int *s1flow2_len = (int *)((char *)s1flow2_type + sizeof(*s1flow2_type));
struct extended_switch *s1flow2_sheader = (struct sampled_header *)((char *)s1flow2_len + sizeof(*s1flow2_len));
// second sample
data_format *sample2_type = (data_format *)((char *)sample1_len + sizeof(*sample1_len) + ntohl(*sample1_len));
// and so forth...
我们在这里做的是根据前一个字段的偏移量找到每个字段的偏移量。在大多数情况下,前一个字段是单个字段,但在其他情况下,前一个字段是复合字段。例如,要在第一个样本中找到第二个流的偏移量,我们从指定第一个流的长度的字段开始,然后添加该字段的大小加上先前流的长度(恰好是在这种情况下该字段的内容。)
因为我们提前发现了使用Wireshark这个特定数据包的样子,所以这段代码片段并不麻烦地检查每个样本的类型,每个样本中的流的类型以及每个样本的总数。 。在阅读真实数据包时,您需要检查每个字段以了解您接下来要阅读的内容。
另外,请不要忘记使用ntohl和ntohs将32位和16位字段分别转换为正确的字节顺序,以便正确读取它们。