当接收到原始数据包后,为了不用指针定位所需要的字段,LINUX其实定义好了几个常用的结构。暂时先记录下来。
1,IP数据包的分析: #include <netinet/ip.h>
struct
#if
#endif
#if
#endif
#define
#define
#define
#define
2,ICMP 数据包的分析:#include <netinet/ip_icmp.h>
struct icmp
{
char icmp_type;
char icmp_code;
unsigned short icmp_cksum;
unsigned short icmp_id;
unsigned short icmp_seq;
char icmp_data[20];
};
TCP数据包分析: #include <netinet/tcp.h>
struct tcphdr
{
u_int16_t source;
u_int16_t dest;
u_int32_t seq;
u_int32_t ack_seq;
# if __BYTE_ORDER == __LITTLE_ENDIAN
u_int16_t res1:4;
u_int16_t doff:4;
u_int16_t fin:1;
u_int16_t syn:1;
u_int16_t rst:1;
u_int16_t psh:1;
u_int16_t ack:1;
u_int16_t urg:1;
u_int16_t res2:2;
# elif __BYTE_ORDER == __BIG_ENDIAN
u_int16_t doff:4;
u_int16_t res1:4;
u_int16_t res2:2;
u_int16_t urg:1;
u_int16_t ack:1;
u_int16_t psh:1;
u_int16_t rst:1;
u_int16_t syn:1;
u_int16_t fin:1;
# else
# error "Adjust your <bits/endian.h> defines"
# endif
u_int16_t window;
u_int16_t check;
u_int16_t urg_ptr;
};
UDP数据包分析: #include<netinet/udp.h>
struct udphdr
{
u_int16_t source;
u_int16_t dest;
u_int16_t len;
u_int16_t check;
};