解码数据包 - 广播或多播
在查找多播和广播数据包的数据包解码后,我在创建决策逻辑时遇到了一些困难。根据我使用wireshark阅读和观察的内容(并查看了它的一些源代码),我发现了以下内容:
广播:
- 0.0.0.0 或更确切地说 dst addr 255.255.255.255 的特殊情况
- 本地广播,其中dst addr 的 IG 和 LG 位设置为 1
- 我无法知道数据包来自哪个子网,因此由于自定义子网,我无法确定特定的广播地址。
- 我应该测试并查看 dest addr 是否可能是合法的广播地址(即猜测 cidr?)
这是否足够?
多播:
- IG 位设置为 1,LG 位设置为 0
- 目的地地址为 224 - 239 子网(第一个八位字节)
到目前为止我有什么?
/*
* Is packet destined for a multicast address?
*/
int is_multicast(CONNECTION temp)
{
char *save;
save = strtok(inet_ntoa(temp.ip_dst), ".");
int firstOct = 0;
firstOct = atoi(save);
if((temp.ether_dhost[0] == 1 ) &&
(temp.ether_dhost[1] == 0 ) &&
((firstOct >= 224) &&
(firstOct <= 239)))
{
return 1;
}
return 0;
}
/*
* Is packet destined for a broadcast address?
*/
int is_broadcast(CONNECTION temp)
{
if ((temp.ether_dhost[0] == 0xFF) &&
(temp.ether_dhost[1] == 0xFF) &&
(temp.ether_dhost[2] == 0xFF) &&
(temp.ether_dhost[3] == 0xFF) &&
(temp.ether_dhost[4] == 0xFF) &&
(temp.ether_dhost[5] == 0xFF)) {
return 1; // DHCP or ARP
} else if ((temp.ether_dhost[0] == 0xFF) &&
(temp.ether_dhost[1] == 0xFF))
&& (temp.ether_dhost[2] != 0xFF) {
return 1; // Other local broadcast
}
return 0;
}
有什么想法吗?
After looking up packet decoding for multicast and broadcast packets, I am having some difficulties in creating the decision logic. From what I have read and observed using wireshark (and looked at some of its source) here is what I have found:
Broadcasts:
- Special case for 0.0.0.0 or rather dst addr 255.255.255.255
- Local broadcast where IG and LG bits for dst addr are set to 1
- I cannot know what subnet a packet is from and so I cannot determine specific broadcast addresses due to custom sub-netting.
- Should I test and see if dest addr might be a legit broadcast address (i.e. guess cidr?)
Is this sufficient?
Multicasts:
- IG bit set to 1, and LG bit set to 0
- dst address destined to 224 - 239 subnet (first octet)
What I have so far?
/*
* Is packet destined for a multicast address?
*/
int is_multicast(CONNECTION temp)
{
char *save;
save = strtok(inet_ntoa(temp.ip_dst), ".");
int firstOct = 0;
firstOct = atoi(save);
if((temp.ether_dhost[0] == 1 ) &&
(temp.ether_dhost[1] == 0 ) &&
((firstOct >= 224) &&
(firstOct <= 239)))
{
return 1;
}
return 0;
}
/*
* Is packet destined for a broadcast address?
*/
int is_broadcast(CONNECTION temp)
{
if ((temp.ether_dhost[0] == 0xFF) &&
(temp.ether_dhost[1] == 0xFF) &&
(temp.ether_dhost[2] == 0xFF) &&
(temp.ether_dhost[3] == 0xFF) &&
(temp.ether_dhost[4] == 0xFF) &&
(temp.ether_dhost[5] == 0xFF)) {
return 1; // DHCP or ARP
} else if ((temp.ether_dhost[0] == 0xFF) &&
(temp.ether_dhost[1] == 0xFF))
&& (temp.ether_dhost[2] != 0xFF) {
return 1; // Other local broadcast
}
return 0;
}
Any thoughts?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
对于 IPv4,为了检查多播,第一个八位字节的测试应该足够了。
对于广播,我不理解代码中的
else if()循环。第一个if()循环应该给出所需的结果。In case of IPv4, for checking multicast, the test for first octect should be sufficient.
For broadcast, I did not understand the
else if()loop in your code. The firstif()loop should give desired results.