From 306f0c6264b563ae1499b3b5cd074a7257016da4 Mon Sep 17 00:00:00 2001
From: Neale Pickett <neale@lanl.gov>
Date: Mon, 11 Feb 2013 15:50:30 -0700
Subject: [PATCH] handle icmp

---
 Makefile |  2 +-
 pcap.c   | 22 +++++++++++++++-------
 pcap.h   |  8 +++++++-
 pcat.c   | 41 ++++++++++++++++++++++++++---------------
 4 files changed, 49 insertions(+), 24 deletions(-)

diff --git a/Makefile b/Makefile
index d035b8c..2fe1142 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-CFLAGS = -Wall -Werror
+CFLAGS = -Wall -Werror -Wno-unused-variable
 TARGETS = pmerge puniq p4split pcat 
 TARGETS += hd pyesc printfesc xor unhex 
 
diff --git a/pcap.c b/pcap.c
index cf9bef3..2c8d8b9 100644
--- a/pcap.c
+++ b/pcap.c
@@ -19,13 +19,17 @@ pcap_open_in(struct pcap_file *ctx, FILE * f)
 	} else {
 		return -1;
 	}
-	if ((h.version_major != 2) || (h.version_minor != 4))
+	if ((h.version_major != 2) || (h.version_minor != 4)) {
 		return -1;
+	}
 
-	if (ctx->swap)
+	if (ctx->swap) {
 		h.snaplen = bswap32(h.snaplen);
-	if (h.snaplen > MAXFRAME)
+	}
+	if (h.snaplen > MAXFRAME) {
 		return -1;
+	}
+	ctx->linktype = h.linktype;
 
 	ctx->f = f;
 	return 0;
@@ -36,8 +40,9 @@ pcap_open_out(struct pcap_file *ctx, FILE * f)
 {
 	struct pcap_file_header h = { MAGIC, 2, 4, 0, 0, MAXFRAME, 1 };
 
-	if (1 != fwrite(&h, sizeof(h), 1, f))
+	if (1 != fwrite(&h, sizeof(h), 1, f)) {
 		return -1;
+	}
 	ctx->f = f;
 	ctx->swap = 0;
 
@@ -58,8 +63,9 @@ pcap_read_pkthdr(struct pcap_file *ctx, struct pcap_pkthdr *hdr)
 		hdr->len = bswap32(hdr->len);
 	}
 
-	if (hdr->caplen > MAXFRAME)
+	if (hdr->caplen > MAXFRAME) {
 		return -1;
+	}
 
 	return 0;
 }
@@ -76,11 +82,13 @@ pcap_write_pkthdr(struct pcap_file *ctx, struct pcap_pkthdr *hdr)
 		hdr->caplen = bswap32(hdr->caplen);
 		hdr->len = bswap32(hdr->len);
 
-		if (1 != fwrite(&ohdr, sizeof(ohdr), 1, ctx->f))
+		if (1 != fwrite(&ohdr, sizeof(ohdr), 1, ctx->f)) {
 			return -1;
+		}
 	} else {
-		if (1 != fwrite(hdr, sizeof(*hdr), 1, ctx->f))
+		if (1 != fwrite(hdr, sizeof(*hdr), 1, ctx->f)) {
 			return -1;
+		}
 	}
 
 	return 0;
diff --git a/pcap.h b/pcap.h
index c70b33f..2db5e38 100644
--- a/pcap.h
+++ b/pcap.h
@@ -3,13 +3,19 @@
 
 #include <stdio.h>
 #include <stdint.h>
+#include <stdbool.h>
 
 #define MAGIC 0xa1b2c3d4
 #define MAXFRAME 9000
 
+/* Described at http://www.tcpdump.org/linktypes.html */
+#define LINKTYPE_ETHERNET 1
+#define LINKTYPE_RAW 101
+
 struct pcap_file {
 	FILE *f;
-	int swap;
+	uint32_t linktype;
+	bool swap;
 };
 
 struct pcap_file_header {
diff --git a/pcat.c b/pcat.c
index 09298ee..28ea284 100644
--- a/pcat.c
+++ b/pcat.c
@@ -5,6 +5,8 @@
 
 #define IPPROTO_TCP 6
 #define IPPROTO_UDP 17
+#define IPPROTO_ICMP 1
+
 #define TH_FIN 0x01
 #define TH_SYN 0x02
 #define TH_RST 0x04
@@ -44,10 +46,7 @@ process_tcp(struct stream *s, char *saddr_s, char *daddr_s)
 		printf("!");
 	}
 
-	printf("TCP4 %s,%u,%u %s,%u,%u ", saddr_s, sport, seq, daddr_s, dport, ack);
-
-	// shut the compiler up
-	if (false && urgent && chksum && window && flags && ack && seq && false);
+	printf("TCP %s,%u,%u %s,%u,%u ", saddr_s, sport, seq, daddr_s, dport, ack);
 }
 
 void
@@ -58,10 +57,17 @@ process_udp(struct stream *s, char *saddr_s, char *daddr_s)
 	uint16_t len = read_uint16be(s);
 	uint16_t chksum = read_uint16be(s);
 
-	printf("UDP4 %s,%u %s,%u ", saddr_s, sport, daddr_s, dport);
+	printf("UDP %s,%u %s,%u ", saddr_s, sport, daddr_s, dport);
+}
 
-	// Now, do some shit!
-	if (false && len && chksum && false);
+void
+process_icmp(struct stream *s, char *saddr_s, char *daddr_s)
+{
+	uint8_t type = read_uint8(s);
+	uint8_t code = read_uint8(s);
+	uint16_t checksum = read_uint16be(s);
+	
+	printf("ICMP %s %s %d ", saddr_s, daddr_s, code);
 }
 
 void
@@ -98,17 +104,15 @@ process_ip4(struct stream *s)
 		case IPPROTO_UDP:
 			process_udp(s, saddr_s, daddr_s);
 			break;
+		case IPPROTO_ICMP:
+			process_icmp(s, saddr_s, daddr_s);
+			break;
 		default:
 			printf("P%d %s %s ", proto, saddr_s, daddr_s);
 			break;
 	}
 
 	print_payload(s);
-
-	/*
-	 * Placate compiler 
-	 */
-	if (false && chksum && id && tos && ttl && off && false);
 }
 
 
@@ -137,14 +141,21 @@ print_ethernet(struct stream *s)
 }
 
 void
-print_frame(struct pcap_pkthdr *hdr, char const *frame)
+print_frame(struct pcap_file *p, struct pcap_pkthdr *hdr, char const *frame)
 {
 	struct stream streambuf;
 	struct stream *s = &streambuf;
 
 	sinit(s, frame, hdr->caplen);
 	printf("%u.%u ", hdr->ts.tv_sec, hdr->ts.tv_usec);
-	print_ethernet(s);
+	switch (p->linktype) {
+		case LINKTYPE_ETHERNET:
+			print_ethernet(s);
+			break;
+		case LINKTYPE_RAW:
+			process_ip4(s);
+			break;
+	}
 	printf("\n");
 }
 
@@ -168,7 +179,7 @@ pcat(FILE * f)
 			break;
 		}
 
-		print_frame(&hdr, frame);
+		print_frame(&p, &hdr, frame);
 	}
 }