获取 Npcap IPv6 源地址和目标地址 [英] Getting Npcap IPv6 source and destination addresses
问题描述
我正在尝试使用 npcap SDK (https://nmap.org/npcap/) 在 Windows 中.它适用于 IPv4,但它为 IPv6 地址的源和目标返回相同的地址.这是我的 packet_handler 回调函数的代码:
I'm trying to get the source and destination addresses for all packets using the npcap SDK (https://nmap.org/npcap/) in Windows. It works for IPv4, but it is returning the same address for the source and destination for IPv6 addresses. Here is the code for my packet_handler callback function:
void packet_handler(u_char* param, const struct pcap_pkthdr* header, const u_char* pkt_data)
{
u_int ip_len;
u_short eth_type;
const sniff_ip* iph;
const in6_addr* orig_saddr6;
const in6_addr* orig_daddr6;
in6_addr swapped_saddr;
in6_addr swapped_daddr;
const struct sniff_ethernet* ethernet; /* The ethernet header */
ip_len = header->len;
ethernet = (struct sniff_ethernet*)(pkt_data);
eth_type = ntohs(ethernet->ether_type);
iph = (sniff_ip*)(pkt_data +
14); //length of ethernet header
if (eth_type == 0x0800) {
char str_saddr[INET_ADDRSTRLEN];
inet_ntop(AF_INET, &(iph->ip_src), str_saddr, INET_ADDRSTRLEN);
char str_daddr[INET_ADDRSTRLEN];
inet_ntop(AF_INET, &(iph->ip_dst), str_daddr, INET_ADDRSTRLEN);
printf("%s %s\n", str_saddr, str_daddr);
}
else if (eth_type == 0x86DD)
{
char str_saddr[INET6_ADDRSTRLEN];
orig_saddr6 = (const in6_addr*)&(iph->ip_src);
ipv6_sbyteswap(orig_saddr6, &swapped_saddr);
inet_ntop(AF_INET6, &swapped_saddr, str_saddr, INET6_ADDRSTRLEN);
char str_daddr[INET6_ADDRSTRLEN];
orig_daddr6 = (const in6_addr*)&(iph->ip_dst);
ipv6_dbyteswap(orig_daddr6, &swapped_daddr);
inet_ntop(AF_INET6, &swapped_daddr, str_daddr, INET6_ADDRSTRLEN);
printf("%s %s\n", str_saddr, str_daddr);
}
}
我看到的问题是当 eth_type 用于 IPv6 数据包时,saddr 和 daddr 是相同的 IP 地址(例如 eth_type == 0x86DD),除了字节的顺序不同.我已经对代码进行了两倍和三倍的检查,但是当我检查 iph->ip_src 和 iph->ip_dst 时,我看到了相同的类型,因此看起来 npcap 库返回了相同的地址.我看不出我可以做些什么来改变这种行为.有人遇到过这种情况吗?
The problem I am seeing is that the saddr and daddr are the same IP address when the eth_type is for IPv6 packets (e.g. eth_type == 0x86DD), except the bytes are in a different order. I've doubled and tripled check the code, but when I check the iph->ip_src and iph->ip_dst I see the same types, so it looks like the npcap library is returning the same address. I don't see anything I can do to change the behavior. Has anyone ran into this?
推荐答案
要解决此问题,您必须使用适当的 IPv6 结构强制转换 IP 标头.这是工作代码:
To resolve the problem, you have to cast the IP header using the appropriate IPv6 structure. Here is the working code:
/* IPv4 header */
typedef struct ip4_header {
u_char ver_ihl; // Version (4 bits) + Internet header length (4 bits)
u_char tos; // Type of service
u_short tlen; // Total length
u_short identification; // Identification
u_short flags_fo; // Flags (3 bits) + Fragment offset (13 bits)
u_char ttl; // Time to live
u_char proto; // Protocol
u_short crc; // Header checksum
ip_address saddr; // Source address
ip_address daddr; // Destination address
u_int op_pad; // Option + Padding
}ip4_header;
/* IPv6 header */
typedef struct ipv6_header
{
unsigned int
version : 4,
traffic_class : 8,
flow_label : 20;
uint16_t length;
uint8_t next_header;
uint8_t hop_limit;
struct in6_addr saddr;
struct in6_addr daddr;
} ipv6_header;
/* Process IPv6 packets*/
void ipv6_handler(const u_char* pkt_data) {
const ipv6_header* iph;
iph = (ipv6_header*)(pkt_data + ETHERNET_HEADER_LEN);
char str_saddr[INET6_ADDRSTRLEN];
memset(str_saddr, 0, sizeof(str_saddr));
inet_ntop(AF_INET6, &iph->saddr, str_saddr, INET6_ADDRSTRLEN);
char str_daddr[INET6_ADDRSTRLEN];
memset(str_daddr, 0, sizeof(str_saddr));
inet_ntop(AF_INET6, &iph->daddr, str_daddr, INET6_ADDRSTRLEN);
printf("%s %s\n", str_saddr, str_daddr);
}
void packet_handler2(u_char* param, const struct pcap_pkthdr* header, const u_char* pkt_data)
{
const struct sniff_ethernet* ethernet; /* The ethernet header */
u_short eth_type;
ethernet = (struct sniff_ethernet*)(pkt_data);
eth_type = ntohs(ethernet->ether_type);
if (eth_type == ETHERNET_TYPE_IPv4) {
ipv4_handler(pkt_data);
}
else if (eth_type == ETHERNET_TYPE_IPv6)
{
ipv6_handler(pkt_data);
}
}
这篇关于获取 Npcap IPv6 源地址和目标地址的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!