我有以下代码来获取TOS和ICMP有效载荷:
typedef struct eth_hdr{
u_char dst_mac[6];
u_char src_mac[6];
u_short eth_type;
}eth_hdr;
eth_hdr *ethernet;
typedef struct ip_hdr{
int version:4;
int header_len:4;
u_char tos:8;
int total_len:16;
int ident:16;
int flags:16;
u_char ttl:8;
u_char protocol:8;
int checksum:16;
u_char sourceIP[4];
u_char destIP[4];
}ip_hdr;
ip_hdr *ip;
typedef struct icmp_header{
u_int8_t icmp_type;
u_int8_t icmp_code;
u_int16_t icmp_checksum;
u_int16_t icmp_id_j;
u_int16_t icmp_sequence;
} icmp_header;
icmp_header *icmp_protocol;
void pcap_callback(unsigned char * arg,const struct pcap_pkthdr *packet_header,const unsigned char *packet_content){
u_int eth_len=sizeof(struct eth_hdr);
u_int ip_len=sizeof(struct ip_hdr);
u_int icmp_len = sizeof(struct icmp_header);
ethernet=(eth_hdr *)packet_content;
if(ntohs(ethernet->eth_type)==0x0800){//ipv4
ip=(ip_hdr*)(packet_content+eth_len);
printf("--IP TOS:%s\n",ip->tos);
if(ip->protocol==1){//icmp
printf("icmp is used:\n");
icmp_protocol = (icmp_header*)(packet_content+eth_len+ip_len);
printf("ICMP Type:%c\n",icmp_protocol->icmp_type);
printf("ICMP Code:%d\n",icmp_protocol->icmp_code);
}else {
printf("other transport protocol is used %d\n",ip->protocol);
}
u_char *payload = (u_char *)(packet_content+eth_len+ip_len+icmp_len);
printf("--Print Payload:%s\n",payload);
}else {
printf("ipv6 is used\n");
}
}
int main(int argc, char *argv[]){
char *dev,errbuf[1024];
dev="bond0";
pcap_t *pcap_handle=pcap_open_live(dev,65535,1,0,errbuf);
ipcap_loop(pcap_handle,-1,pcap_callback,NULL);
pcap_close(pcap_handle);
return 0;
}
我可以很好地获得SrcIP和DstIP,但是TOS总是空的(我确定路由器确实设置了Tos),而且我也无法获得ICMP有效负载数据。