[英]Writing sflow data from port 6343 into csv file in Scientific Linux using C Programming
[英]UDP header length field is zero always while capturing sflow data from port 6343
我試圖從端口6343捕獲UDP流數據。我試圖捕獲UDP標頭信息,該信息提供源端口,目標端口,UDP標頭長度和校驗和。 我可以看到捕獲的端口,但是UDP和Checksum字段分別為0和1,這意味着不計算UDP長度,也不計算校驗和。 我是否在這里缺少UDP標頭長度和校驗和計算的內容? 以下是我使用的代碼:
#include<stdio.h> //For standard things
#include<stdlib.h> //malloc
#include<string.h> //memset
#include<netinet/ip_icmp.h> //Provides declarations for icmp header
#include<netinet/udp.h> //Provides declarations for udp header
#include<netinet/tcp.h> //Provides declarations for tcp header
#include<netinet/ip.h> //Provides declarations for ip header
#include<sys/socket.h>
#include<arpa/inet.h>
#define PORT 6343
#define PCKT_LEN 65536
void handlepacket(unsigned char *, int);
int sockt;
int i,j;
struct sockaddr_in source,dest;
int main()
{
int saddr_size,data_size;
struct sockaddr_in daddr;
struct sockaddr_in saddr;
//struct in_addr in;
unsigned char *buffer = (unsigned char *)malloc(65536); // Its Big ! Malloc allocates a block of size bytes of memory,returning a pointer to the begining of the block
struct udphdr *udph = (struct udphdr*)(buffer + sizeof(struct iphdr));
printf("Starting...\n");
//Create a raw socket that shall sniff
sockt = socket(AF_INET ,SOCK_DGRAM ,0);
if(sockt < 0)
{
printf("Socket Error\n");
return 1;
}
memset((char *)&daddr,0,sizeof(daddr));
//prepare the sockaddr_in structure
daddr.sin_family = AF_INET;
daddr.sin_addr.s_addr = INADDR_ANY;
daddr.sin_port = htons(PORT);
//Bind
if(bind(sockt,(struct sockaddr *)&daddr, sizeof(daddr))<0)
{
printf("bind failed");
return 1;
}
printf("bind done");
while(1)
{
saddr_size = sizeof saddr;
printf("waiting for data...");
//Receive a packet
data_size = recvfrom(sockt , buffer ,65536 , 0 , (struct sockaddr*) &saddr , (socklen_t*)&saddr_size);
if(data_size <0)
{
printf("Packets not recieved \n");
return 1;
}
//Now process the packet
handlepacket(buffer , data_size);
printf("Packets arrived from %d \n",ntohs(daddr.sin_port));
printf("Source Port : %d , Destination Port : %d \n", ntohs(udph->source), ntohs(udph->dest));
}
close(sockt);
printf("Finished");
return 0;
}
void handlepacket(unsigned char *buffer, int data_size)
{
//IP header length
struct iphdr *iph = (struct iphdr *)buffer;
unsigned short iphdrlen = iph->ihl*4;
// UDP header length
struct udphdr *udph = (struct udphdr*)(buffer + iphdrlen);
memset(&source,0,sizeof(source));
source.sin_addr.s_addr = iph ->saddr;
memset(&dest,0,sizeof(dest));
dest.sin_addr.s_addr = iph->daddr;
printf("UDP Length : %d , UDP checksum : %d \n",ntohs(udph->len), ntohs(udph->check));
}
當使用創建類型為AF_INET
/ SOCK_DGRAM
的套接字時,操作系統會處理IP和UDP標頭並將其剝離,然后再將它們傳遞給您。 您在buffer
看到的是緊隨UDP標頭之后的內容。
您通過第五個參數將源IP和端口傳遞回recvfrom
函數,並且有效載荷長度作為返回值傳遞回。 如果UDP校驗和存在問題,則操作系統將丟棄該數據包,而您的應用程序代碼將永遠看不到它,因此您通常不必在應用程序級別上擔心它。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.