Problem gelöst;
Die Variable off darf nicht komplett zurückgegeben werden; Statt off ist (off & 0x1fff) bzw. (off & IP_OFFMASK) zu verwenden, da die ersten 13 Bit die Offset-Flag enthalten.
Code:
void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
{
const struct sniff_ethernet *ethernet;
const struct sniff_ip *ip;
u_int size_ip;
ethernet = (struct sniff_ethernet*)(packet);
ip = (struct sniff_ip*)(packet + SIZE_ETHERNET);
size_ip = IP_HL(ip)*4;
u_int len = ntohs(ip->ip_len);
u_int hlen = IP_HL(ip); /* header length */
u_int version = IP_V(ip);/* ip version */
u_int off = ntohs(ip->ip_off);
fprintf(stdout,"src:%s ",
inet_ntoa(ip->ip_src));
fprintf(stdout,"dst:%s hlen:%d version:%d len:%d id:%u offset:%u ",
inet_ntoa(ip->ip_dst),
hlen*4,version,len,ip->ip_id,(off & 0x1fff));
fprintf(stdout, "proto:%u", ip->ip_p);
}
Lesezeichen