WIP: Parse & write mac addr; compiles!

ctwardy · ctwardy · commit ab8eceb91a2d · 2022-08-23T19:57:31.000-05:00
diff --git a/src/include/p2f.h b/src/include/p2f.h
@@ -116,6 +116,10 @@ typedef struct tcp_retrans_ {
     uint16_t len;
 } tcp_retrans_t;
 
+typedef struct mac_addr_ {
+    unsigned char bytes[6];
+} mac_addr_t;
+
 #include "procwatch.h"
 #include "config.h"
 
@@ -141,6 +145,10 @@ typedef struct flow_record_ {
     uint8_t np;                           /*!< number of packets                   */
     uint8_t op;                           /*!< number of packets (w/nonzero data)  */
     uint16_t ob;                          /*!< number of bytes of application data */
+
+    mac_addr_t src_mac;                   /*!< Source MAC address                  */
+    mac_addr_t dst_mac;                   /*!< Destination MAC address             */
+
     struct timeval start;                 /*!< start time                          */ 
     struct timeval end;                   /*!< end time                            */
     uint16_t last_pkt_len;                /*!< last observed appdata length        */
@@ -153,7 +161,7 @@ typedef struct flow_record_ {
     double bd_mean;
     double bd_variance;
     header_description_t hd;              /*!< header description (proto ident)    */
-    bool idp_packet;                   /*!< determines if packet is used for IDP */
+    bool idp_packet;                      /*!< determines if packet is used for IDP */
     int32_t idp_seq_num;                  /*!< marks the SYN packet for IDP determination */
     void *idp;
     uint16_t idp_len;
diff --git a/src/p2f.c b/src/p2f.c
@@ -1345,6 +1345,12 @@ static void flow_record_print_json
      */
     zprintf(ctx->output, "{");
 
+    /* New: Print the MAC addresses */
+    unsigned char *sm = (unsigned char *)&(rec->src_mac);
+    unsigned char *dm = (unsigned char *)&(rec->dst_mac);
+    zprintf(ctx->output, "\"sm\":\"%02x:%02x:%02x:%02x:%02x:%02x\",", sm[0], sm[1], sm[2], sm[3], sm[4], sm[5]);
+    zprintf(ctx->output, "\"dm\":\"%02x:%02x:%02x:%02x:%02x:%02x\",", dm[0], dm[1], dm[2], dm[3], dm[4], dm[5]);
+
     if (rec->ip_type == ETH_TYPE_IPV6) {
         inet_ntop(AF_INET6, &rec->key.sa.v6_sa, ipv6_addr, INET6_ADDRSTRLEN);
         zprintf(ctx->output, "\"sa\":\"%s\",", ipv6_addr);
@@ -2134,4 +2140,3 @@ int upload_file (char *filename) {
 
     return 0;
 }
-
diff --git a/src/pkt_proc.c b/src/pkt_proc.c
@@ -971,6 +971,10 @@ void* process_packet (unsigned char *ctx_ptr,
     const struct pcap_pkthdr *header =  pkt_header;
     struct pcap_pkthdr *dyn_header = NULL;
 
+    /* initialize MAC addresses */
+    mac_addr_t src_mac = {0x00};
+    mac_addr_t dst_mac = {0x00};
+
     /* declare pointers to packet headers */
     ip_hdr_t *ip = NULL;
     ip_hdrv6_t *ipv6 = NULL;
@@ -995,7 +999,16 @@ void* process_packet (unsigned char *ctx_ptr,
     joy_log_info("++++++++++ Packet %lu ++++++++++", ctx->stats.num_packets);
     //  packet_count++;
 
+    // Ethernet Type II Header: [[Dest MAC][Source MAC][ETH_TYPE]]
+    //                             6bytes     6bytes     2bytes
     // ethernet = (struct ethernet_hdr*)(packet);
+    unsigned char *sm = (unsigned char *)&(src_mac);
+    unsigned char *dm = (unsigned char *)&(dst_mac);
+    for (int i = 0; i < 6; i++)
+    {
+        *(sm + i) = packet[i];
+        *(dm + i) = packet[i + 6];
+    }
     ether_type = ntohs(*(const uint16_t *)(packet + 12));//Offset to get ETH_TYPE
     ctx->curr_pkt_type = 0;
     /* Support for both normal ethernet, 802.1q and 802.1ad. Distinguish between 
@@ -1203,13 +1216,19 @@ void* process_packet (unsigned char *ctx_ptr,
             joy_log_info("Source IPv6: %s", ipv6_addr);
             inet_ntop(AF_INET6, &ipv6->ip_dst, ipv6_addr, INET6_ADDRSTRLEN);
             joy_log_info("Dest IP: %s", ipv6_addr);
+
+            joy_log_info("Source MAC: %02x:%02x:%02x:%02x:%02x:%02x:", *sm, *(sm + 1), *(sm + 2), *(sm + 3), *(sm + 4), *(sm + 5));
+            joy_log_info("Dest MAC: %02x:%02x:%02x:%02x:%02x:%02x:", *dm, *(dm + 1), *(dm + 2), *(dm + 3), *(dm + 4), *(dm + 5));
             joy_log_info("Len: %u", ip_len);
             joy_log_debug("IPv6 header len: %u", (ip_hdr_len + (ipv6_ext_hdrs * 8)));
         } else {
             inet_ntop(AF_INET, &ip->ip_src, ipv4_addr, INET_ADDRSTRLEN);
             joy_log_info("Source IP: %s", ipv4_addr);
             inet_ntop(AF_INET, &ip->ip_dst, ipv4_addr, INET_ADDRSTRLEN);
             joy_log_info("Dest IP: %s", ipv4_addr);
+
+            joy_log_info("Source MAC: %02x:%02x:%02x:%02x:%02x:%02x:", *sm, *(sm + 1), *(sm + 2), *(sm + 3), *(sm + 4), *(sm + 5));
+            joy_log_info("Dest MAC: %02x:%02x:%02x:%02x:%02x:%02x:", *dm, *(dm + 1), *(dm + 2), *(dm + 3), *(dm + 4), *(dm + 5));
             joy_log_info("Len: %u", ip_len);
             joy_log_debug("IP header len: %u", ip_hdr_len);
         }
@@ -1305,6 +1324,10 @@ void* process_packet (unsigned char *ctx_ptr,
     }
     record->ip_type = ctx->curr_pkt_type;
 
+    /* Add the MAC addresses */
+    record->src_mac = src_mac;
+    record->dst_mac = dst_mac;
+
     /*
      * Get IP ID
      */
