Update 24/11/2011 11:18

2011-11-24 11:18:24 +01:00 · 2011-11-24 11:18:24 +01:00 · d09fddf1cb
commit d09fddf1cb
parent 931c01b1a8
4 changed files with 58 additions and 26 deletions
--- a/Cigarette.cpp
+++ b/Cigarette.cpp
@ -40,7 +40,9 @@ int main(int argc, char **argv) {
 	}

 	header_ethernet etherhead;
-	header_arp arphead;
+	
+	void (*dumper)(std::string);
+	if(vm.count("dump")) dumper=decDump; else dumper=rawDump;

 	while(1)
 	{
@ -51,6 +53,7 @@ int main(int argc, char **argv) {
 		
 		int flag = 0;
 		
+		// TODO Da ottimizzare, magari sotto un unico parametro.
 		if(vm.count("arp") || vm.count("ipv4") || vm.count("ipv6"))
 		{
 			if(vm.count("arp") && etherhead.ether_type == ETHER_TYPE_ARP) flag = 1;
@ -58,28 +61,7 @@ int main(int argc, char **argv) {
 			if(vm.count("ipv6") && etherhead.ether_type == ETHER_TYPE_IPV6) flag = 1;
 		} else flag = 1;
 		
-		if(flag)
-		{
-			if(vm.count("dump"))
-			{
-				cout<<"---- Packet ("<<dec<<line.length()<<" byte)"<<endl;
-				cout<<"EtherAddr | "<<etherhead.mac_src<<" --> "<<etherhead.mac_dst<<endl;
-				cout<<"EtherType | 0x"<<hex<<etherhead.ether_type<<" ("<<ether_type_decode(etherhead.ether_type)<<")"<<endl;
-				
-				if(etherhead.ether_type == ETHER_TYPE_ARP)
-				{
-					arphead = parseArp(line);
-					cout<<"ARP       | "<<arphead.mac_src<<" ("<<arphead.ip_src<<") --> "<<arphead.mac_dst<<" ("<<arphead.ip_dst<<")"<<endl;
-				}
-			}
-			else
-			{
-				cout<<line;
-			}
-			
-			cout<<endl;
-			
-		}
+		if(flag) dumper(line);
 	}

 	return EXIT_SUCCESS;
--- a/Riddle.cpp
+++ b/Riddle.cpp
@ -28,6 +28,7 @@ int main(int argc, char **argv) {
 		("dump", "enable dump mode")
 		("iface", value<string>(), "interface to sniff from")
 		("limit", value<int>(), "set max number of packet")
+		("filter", value<string>(), "use to filter packet")
 	;

 	variables_map vm;
@ -53,8 +54,6 @@ int main(int argc, char **argv) {
 		else pcap_fatal("pcap_lookupdev", error_buffer);
 	}

-	cerr<<"Sniffing on device "<<pcap_device<<endl;
-
 	pcap_t *pcap_handle;

 	// Apre il device in mod promiscua
@ -62,7 +61,29 @@ int main(int argc, char **argv) {
 	if(pcap_handle == NULL){
 		pcap_fatal("pcap_open_live", error_buffer);
 	}
-
+	
+	cerr<<"Sniffing on device "<<pcap_device<<endl;
+	
+	if(vm.count("filter"))
+	{
+		string filter = vm["filter"].as<string>();
+		struct bpf_program fp;
+		bpf_u_int32 net;
+		
+		cerr<<"Filtering with '"<<filter<<"'"<<endl;
+		
+		if (pcap_compile(pcap_handle, &fp, filter.c_str(), 0, net) == -1) 
+		{
+			cerr<< "Couldn't parse filter "<<filter<<": "<<pcap_geterr(pcap_handle)<<endl;
+			return(2);
+		}
+		
+		if (pcap_setfilter(pcap_handle, &fp) == -1) {
+			cerr<< "Couldn't install filter "<<filter<<": "<<pcap_geterr(pcap_handle)<<endl;
+			return(2);
+		}
+	}
+		
 	int maxpacket = numeric_limits<int>::max();

 	if(vm.count("limit"))
--- a/libCigarette.cpp
+++ b/libCigarette.cpp
@ -150,4 +150,31 @@ std::string ether_type_decode(int start)
 		}
 	}
 	else return "Ethernet IEEE 802.3";
+}
+
+void decDump(std::string line)
+{
+	header_ethernet etherhead;
+	header_arp arphead;
+	
+	etherhead = parseEthernet(line);
+	std::cout<<"---- Packet ("<<std::dec<<line.length()<<" byte)"<<std::endl;
+	std::cout<<"EtherAddr | "<<etherhead.mac_src<<" --> "<<etherhead.mac_dst<<std::endl;
+	std::cout<<"EtherType | 0x"<<std::hex<<etherhead.ether_type<<" ("<<ether_type_decode(etherhead.ether_type)<<")"<<std::endl;
+	
+	if(etherhead.ether_type == ETHER_TYPE_ARP)
+	{
+		arphead = parseArp(line);
+		std::cout<<"ARP       | "<<arphead.mac_src<<" ("<<arphead.ip_src<<") --> "<<arphead.mac_dst<<" ("<<arphead.ip_dst<<")"<<std::endl;
+	}
+	
+	std::cout<<std::endl;
+	
+	return;
+}
+
+void rawDump(std::string line)
+{
+	std::cout<<line<<std::endl;
+	return;
 }
--- a/libCigarette.h
+++ b/libCigarette.h
@ -42,5 +42,7 @@ struct header_arp
 header_ethernet parseEthernet(std::string start);
 header_arp parseArp(std::string start);
 std::string ether_type_decode(int start);
+void decDump(std::string);
+void rawDump(std::string);

 #endif //LIBCIGARETTE_H