Writing a packet decoder in C

This is a discussion on Writing a packet decoder in C within the C Programming forums, part of the General Programming Boards category; Hey all. This is definitely a homework assignment, I'll say that up front. I've got the code written, but I'm ...

  1. #1
    Registered User
    Join Date
    Feb 2011
    Posts
    5

    Writing a packet decoder in C

    Hey all. This is definitely a homework assignment, I'll say that up front. I've got the code written, but I'm having a compile problem. Basically, we have to pull packets in off the wire then decode them, one layer at a time. This problem is with the Ethernet header when I check to see if it is a broadcast packet. When I compile, I get the following errors:
    * warning: comparison is always false due to limited range of data type
    - This warning references the part of my code where I'm checking for broadcast packets. Look for " if ((eth_destination[0] == 0xFF ) " in my code.
    * netdump.c:323: error: expected declaration or statement at end of input
    - This error is referencing the end of my raw_print routine. Am I missing some syntax here?

    So, what am I doing wrong?
    Here's the code for the whole subroutine that does the work:
    Code:
    void raw_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
    {                                                                                                                                           {
            u_int length = h->len;
            u_int caplen = h->caplen;
    
            /* At this point we start extracting data from the packet, with the var idx keeping up with where we are in the packet */
    
            // Print total packet size
            printf("\nPacket Length\t%d bytes", h->len);
    
                    // Decode Ethernet (Layer 2) Header Info
                            int idx;                         // counter variable for indexing through packet
                            char eth_destination[6]; // var to store the ethernet destination address
                            char eth_source[6];      // var to store the ethernet source address
                            short eth_type;                  // var to store the ethernet type value
                            char eth_payload[10];    // string array to store payload description
                            char eth_bcast[6] = "0xFF";
    
                            // Extract Ethernet Destination Address (1st 6 bytes)
                            for ( idx = 0; idx < 6; idx++)
                            {
                                    eth_destination[idx] = p[idx];
                            }
                            // Extract Ethernet Source Address (2nd 6 bytes)
                            for ( idx = 6; idx < 12; idx++)
                            {
                                    eth_source[idx-6] = p[idx];
                            }
                            // Combine two byte Ethernet Type/Length field into one value
                            eth_type = p[12] * 256 + p[13];
                            // Check the packet type and increment related counter
                            if ( eth_type >= 0x600) {
                                    switch ( eth_type )
                                    {
                                            case 0x800: // Check to see if the type indicates that the packet is IP
                                                    ctrIP++;
                                                    strcpy(eth_payload, "IP");
                                                    break;
                                            case 0x806: // Check to see if the type indicates that the packet is ARP
                                                    ctrARP++;
                                                    strcpy(eth_payload, "ARP");
                                                    break;
                                            default:
                                                    break;
                                    }
                            }
                            // Check to see if the destination was a broadcast packet and increment related counter
                            /*
                            if ((eth_destination[0] == 0xFF ) && (eth_destination[1] == 0xFF ) && (eth_destination[2] == 0xFF ) && (eth_destination[3] == 0xFF ) && (eth_destination[4] == 0xFF ) && (eth_destination[5] == 0xFF )) {
                                    ctrBCAST++;
                            }
                            */
    
                            // Print Ethernet (Layer 2) Header Info
                                    printf("Layer\tField\tValue\n");
                                    printf("ETHERNET\tDestination\t%02x:%02x:%02x:%02x:%02x:%02x\n", eth_destination[0],eth_destination[1],eth_destination[2],eth_destination[3],eth_destination[4],eth_destination[5]);
                                    printf("\t\tSource\t%02x:%02x:%02x:%02x:%02x:%02x\n", eth_source[0],eth_source[1],eth_source[2],eth_source[3],eth_source[4],eth_source[5]);
                                    printf("\t\tType\t0x%02x\n", eth_type);
                                    printf("\t\tPayload\t%s\n", eth_payload);
    
                    // All packets will have ethernet info (decoded and printed above).
                    // At this point we have to determine what kind of data is at the next layer up (layer 3) and decode/print the data accordingly.
                    // This is done based on the eth_type variable.
                    if ( eth_type >= 0x600) {
                            switch ( eth_type )
                            {
                                    case 0x800: // IP Packet
                                            // insert code to decode and print IP (should this be a separate sub-routine?
                                            break;
                                    case 0x806: // ARP Packet
                                            // insert code to decode and print ARP
                                            break;
                                    default:
                                            break;
                            }
                    }
                    exit(0);
    }
    Any ideas?

  2. #2
    Registered User
    Join Date
    Feb 2011
    Posts
    5
    Crap, Ok, so once I posted I saw that I had an extra '{' at the top of my routine. This fixed my second error from above. I commented out the code for checking broadcasts just to see if it would compile. It did, but now I get the following:
    Code:
    $ gcc -o netdump netdump.c
    /var/tmp//ccMZnQJf.o(.text+0x102): In function `main':
    : undefined reference to `copy_argv'
    /var/tmp//ccMZnQJf.o(.text+0x123): In function `main':
    : undefined reference to `pcap_lookupdev'
    /var/tmp//ccMZnQJf.o(.text+0x144): In function `main':
    : undefined reference to `error'
    /var/tmp//ccMZnQJf.o(.text+0x167): In function `main':
    : undefined reference to `pcap_open_live'
    /var/tmp//ccMZnQJf.o(.text+0x190): In function `main':
    : undefined reference to `error'
    /var/tmp//ccMZnQJf.o(.text+0x19c): In function `main':
    : undefined reference to `pcap_snapshot'
    /var/tmp//ccMZnQJf.o(.text+0x1c2): In function `main':
    : undefined reference to `warning'
    /var/tmp//ccMZnQJf.o(.text+0x1e3): In function `main':
    : undefined reference to `pcap_lookupnet'
    /var/tmp//ccMZnQJf.o(.text+0x217): In function `main':
    : undefined reference to `warning'
    /var/tmp//ccMZnQJf.o(.text+0x242): In function `main':
    : undefined reference to `pcap_compile'
    /var/tmp//ccMZnQJf.o(.text+0x252): In function `main':
    : undefined reference to `pcap_geterr'
    /var/tmp//ccMZnQJf.o(.text+0x264): In function `main':
    : undefined reference to `error'
    /var/tmp//ccMZnQJf.o(.text+0x273): In function `main':
    : undefined reference to `setsignal'
    /var/tmp//ccMZnQJf.o(.text+0x282): In function `main':
    : undefined reference to `setsignal'
    /var/tmp//ccMZnQJf.o(.text+0x291): In function `main':
    : undefined reference to `setsignal'
    /var/tmp//ccMZnQJf.o(.text+0x2aa): In function `main':
    : undefined reference to `setsignal'
    /var/tmp//ccMZnQJf.o(.text+0x2ba): In function `main':
    : undefined reference to `pcap_setfilter'
    /var/tmp//ccMZnQJf.o(.text+0x2ca): In function `main':
    : undefined reference to `pcap_geterr'
    /var/tmp//ccMZnQJf.o(.text+0x2dc): In function `main':
    : undefined reference to `error'
    /var/tmp//ccMZnQJf.o(.text+0x3c3): In function `main':
    : undefined reference to `pcap_loop'
    /var/tmp//ccMZnQJf.o(.text+0x3d3): In function `main':
    : undefined reference to `pcap_geterr'
    /var/tmp//ccMZnQJf.o(.text+0x409): In function `main':
    : undefined reference to `pcap_close'
    /var/tmp//ccMZnQJf.o(.text+0x4c3): In function `program_ending':
    : undefined reference to `pcap_file'
    /var/tmp//ccMZnQJf.o(.text+0x516): In function `program_ending':
    : undefined reference to `pcap_stats'
    /var/tmp//ccMZnQJf.o(.text+0x526): In function `program_ending':
    : undefined reference to `pcap_geterr'
    What the heck am I doing wrong? All my includes should be correct...

  3. #3
    Registered User
    Join Date
    Mar 2011
    Posts
    261
    Your errors are being found in main().

    So.. where's main?

  4. #4
    Banned
    Join Date
    Aug 2010
    Location
    Ontario Canada
    Posts
    9,547
    Quote Originally Posted by bosque View Post
    Crap, Ok, so once I posted I saw that I had an extra '{' at the top of my routine. This fixed my second error from above. I commented out the code for checking broadcasts just to see if it would compile. It did, but now I get the following:
    What the heck am I doing wrong? All my includes should be correct...
    Are you linking against the proper libraries?
    Those look like linker errors.

  5. #5
    Registered User
    Join Date
    Nov 2010
    Location
    Long Beach, CA
    Posts
    5,324
    Try something like this to actually link the functions from the pcap library:
    Code:
    gcc -o netdump netdump.c -lpcap

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Mpeg2 decoder
    By thangdc01_02 in forum C Programming
    Replies: 6
    Last Post: 11-21-2010, 03:09 PM
  2. decoder
    By jalenamichelle in forum C++ Programming
    Replies: 1
    Last Post: 11-03-2010, 06:24 AM
  3. Replies: 4
    Last Post: 05-05-2009, 05:35 AM
  4. MP3 Decoder
    By Pete in forum Projects and Job Recruitment
    Replies: 4
    Last Post: 05-02-2005, 08:35 AM
  5. LOWEST level packet writing
    By skacy in forum C++ Programming
    Replies: 8
    Last Post: 05-04-2002, 02:51 PM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21