diff --git a/include/ppi.h b/include/ppi.h new file mode 100644 index 0000000..a206138 --- /dev/null +++ b/include/ppi.h @@ -0,0 +1,134 @@ +/* + * Copyright (c) 2012, Matias Fontanini + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef TINS_PPI_H +#define TINS_PPI_H + +#include "pdu.h" +#include "endianness.h" +#include "small_uint.h" + +namespace Tins { +/** + * \brief Represents a Per-Packet Information PDU. + * + * This PDU can only be constructed from a buffer, and + * cannot be serialized. Therefore, it is only useful while + * sniffing packets. + */ +class PPI : public PDU { +public: + /** + * This PDU's flag. + */ + static const PDU::PDUType pdu_flag = PDU::PPI; + + /** + * \brief Constructs an PPI object from a buffer and adds all + * identifiable PDUs found in the buffer as children of this + * one. + * + * If there is not enough size for an PPI header, a + * malformed_packet exception is thrown. + * + * \param buffer The buffer from which this PDU will be constructed. + * \param total_sz The total size of the buffer. + */ + PPI(const uint8_t *buffer, uint32_t total_sz); + + // Getters + + /** + * \brief Getter for the version field. + * \return The stored version field value. + */ + uint8_t version() const { + return Endian::le_to_host(_header.version); + } + + /** + * \brief Getter for the flags field. + * \return The stored flags field value. + */ + uint8_t flags() const { + return Endian::le_to_host(_header.flags); + } + + /** + * \brief Getter for the length field. + * \return The stored length field value. + */ + uint16_t length() const { + return Endian::le_to_host(_header.length); + } + + /** + * \brief Getter for the Data Link Type field. + * \return The stored Data Link Type field value. + */ + uint32_t dlt() const { + return Endian::le_to_host(_header.dlt); + } + + /** + * \brief Returns the header size. + * + * This metod overrides PDU::header_size. \sa PDU::header_size + */ + uint32_t header_size() const; + + /** + * \brief Getter for the PDU's type. + * \sa PDU::pdu_type + */ + PDUType pdu_type() const { return pdu_flag; } + + /** + * \brief Clones this PDU. + * + * \sa PDU::clone + */ + PPI *clone() const { + return new PPI(*this); + } +private: + void write_serialization(uint8_t *buffer, uint32_t total_sz, const PDU *); + + struct header { + uint8_t version, flags; + uint16_t length; + uint32_t dlt; + }; + + header _header; + byte_array _data; +}; +} + +#endif // TINS_PPI_H diff --git a/src/ppi.cpp b/src/ppi.cpp new file mode 100644 index 0000000..766d658 --- /dev/null +++ b/src/ppi.cpp @@ -0,0 +1,93 @@ +/* + * Copyright (c) 2012, Matias Fontanini + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifdef TINS_DEBUG + #include +#endif // TINS_DEBUG +#include +#include +#include +#include "dot11/dot11_base.h" +#include "dot3.h" +#include "ethernetII.h" +#include "radiotap.h" +#include "loopback.h" +#include "sll.h" +#include "ppi.h" +#include "internals.h" + +namespace Tins { +PPI::PPI(const uint8_t *buffer, uint32_t total_sz) { + if(total_sz < sizeof(_header)) + throw malformed_packet(); + std::memcpy(&_header, buffer, sizeof(_header)); + if(length() > total_sz) + throw malformed_packet(); + buffer += sizeof(_header); + total_sz -= sizeof(_header); + // There are some options + const size_t options_length = length() - sizeof(_header); + if(options_length > 0) { + _data.assign(buffer, buffer + options_length); + buffer += options_length; + total_sz -= options_length; + } + if(total_sz > 0) { + switch(dlt()) { + case DLT_IEEE802_11: + inner_pdu(Dot11::from_bytes(buffer, total_sz)); + break; + case DLT_EN10MB: + if(Internals::is_dot3(buffer, total_sz)) + inner_pdu(new Dot3(buffer, total_sz)); + else + inner_pdu(new EthernetII(buffer, total_sz)); + break; + case DLT_IEEE802_11_RADIO: + inner_pdu(new RadioTap(buffer, total_sz)); + break; + case DLT_NULL: + inner_pdu(new Loopback(buffer, total_sz)); + break; + case DLT_LINUX_SLL: + inner_pdu(new Tins::SLL(buffer, total_sz)); + break; + } + } +} + +uint32_t PPI::header_size() const { + return sizeof(_header) + _data.size(); +} + +void PPI::write_serialization(uint8_t *buffer, uint32_t total_sz, const PDU *) { + throw std::runtime_error("PPI serialization not supported"); +} + +} diff --git a/tests/src/ppi.cpp b/tests/src/ppi.cpp new file mode 100644 index 0000000..c2084c9 --- /dev/null +++ b/tests/src/ppi.cpp @@ -0,0 +1,38 @@ +#include +#include +#include +#include +#include "ppi.h" +#include "dot11/dot11_data.h" +#include "udp.h" + +using namespace Tins; + +class PPITest : public testing::Test { +public: + static const uint8_t packet1[]; +}; + +const uint8_t PPITest::packet1[] = { + 0, 0, 84, 0, 105, 0, 0, 0, 2, 0, 20, 0, 99, 126, 205, 243, 0, 0, 0, + 0, 1, 0, 88, 2, 118, 9, 192, 0, 0, 0, 200, 160, 4, 0, 48, 0, 6, 0, + 0, 0, 2, 0, 0, 0, 0, 15, 2, 40, 34, 34, 30, 255, 36, 39, 33, 255, + 138, 9, 192, 0, 194, 160, 194, 160, 190, 160, 128, 128, 22, 17, 19, + 29, 21, 17, 23, 22, 25, 18, 26, 22, 0, 0, 0, 0, 136, 1, 44, 0, 0, + 20, 165, 205, 116, 123, 0, 20, 165, 203, 110, 26, 0, 1, 2, 39, 249, + 178, 160, 237, 0, 0, 170, 170, 3, 0, 0, 0, 8, 0, 69, 0, 0, 59, 141, + 6, 0, 0, 128, 17, 41, 214, 192, 168, 1, 132, 192, 168, 1, 1, 4, 7, + 0, 53, 0, 39, 171, 21, 150, 193, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 3, + 119, 119, 119, 6, 112, 111, 108, 105, 116, 111, 2, 105, 116, 0, 0, + 1, 0, 1, 120, 128, 89, 55 +}; + +TEST_F(PPITest, ConstructorFromBuffer) { + PPI pdu(packet1, sizeof(packet1)); + EXPECT_EQ(0, pdu.version()); + EXPECT_EQ(0, pdu.flags()); + EXPECT_EQ(84, pdu.length()); + EXPECT_EQ(105, pdu.dlt()); + EXPECT_TRUE(pdu.find_pdu()); + EXPECT_TRUE(pdu.find_pdu()); +}