一.概述
以太網的arp數據包結構:
arp結構op操作參數:1為請求,2為應答。
常用的數據結構如下:
1.物理地址結構位於netpacket/packet.h
1 struct sockaddr_ll 2 { 3 unsigned short int sll_family; 4 unsigned short int sll_protocol; 5 int sll_ifindex; 6 unsigned short int sll_hatype; 7 unsigned char sll_pkttype; 8 unsigned char sll_halen; 9 unsigned char sll_addr[8]; 10 };
sll_ifindex是網絡(網卡)接口索引,代表從這個接口收發數據包
2.網絡(網卡)接口數據結構位於net/if.h
1 struct ifreq 2 { 3 # define IFHWADDRLEN 6 4 # define IFNAMSIZ IF_NAMESIZE 5 union 6 { 7 char ifrn_name[IFNAMSIZ]; /* Interface name, e.g. "en0". */ 8 } ifr_ifrn; 9 10 union 11 { 12 struct sockaddr ifru_addr; 13 struct sockaddr ifru_dstaddr; 14 struct sockaddr ifru_broadaddr; 15 struct sockaddr ifru_netmask; 16 struct sockaddr ifru_hwaddr; 17 short int ifru_flags; 18 int ifru_ivalue; 19 int ifru_mtu; 20 struct ifmap ifru_map; 21 char ifru_slave[IFNAMSIZ]; /* Just fits the size */ 22 char ifru_newname[IFNAMSIZ]; 23 __caddr_t ifru_data; 24 } ifr_ifru; 25 };
該結構裡面包含2個union,第一個是接口名,如:eth0,wlan0等。可以通過ioctl()函數來獲取對應的接口信息,ip地址,mac地址,接口索引等。
3.以太網首部結構位於net/ethernet.h
1 struct ether_header 2 { 3 u_int8_t ether_dhost[ETH_ALEN]; /* destination eth addr */ 4 u_int8_t ether_shost[ETH_ALEN]; /* source ether addr */ 5 u_int16_t ether_type; /* packet type ID field */ 6 } __attribute__ ((__packed__));
ether_type幀類型:常見的有IP,ARP,RARP,都有對應的宏定義。
4.arp包結構位於netinet/if_ether.h
1 struct ether_arp { 2 struct arphdr ea_hdr; /* fixed-size header */ 3 u_int8_t arp_sha[ETH_ALEN]; /* sender hardware address */ 4 u_int8_t arp_spa[4]; /* sender protocol address */ 5 u_int8_t arp_tha[ETH_ALEN]; /* target hardware address */ 6 u_int8_t arp_tpa[4]; /* target protocol address */ 7 }; 8 #define arp_hrd ea_hdr.ar_hrd 9 #define arp_pro ea_hdr.ar_pro 10 #define arp_hln ea_hdr.ar_hln 11 #define arp_pln ea_hdr.ar_pln 12 #define arp_op ea_hdr.ar_op
上面的ether_arp結構還包含一個arp首部,位於net/if_arp.h
1 struct arphdr 2 { 3 unsigned short int ar_hrd; /* Format of hardware address. */ 4 unsigned short int ar_pro; /* Format of protocol address. */ 5 unsigned char ar_hln; /* Length of hardware address. */ 6 unsigned char ar_pln; /* Length of protocol address. */ 7 unsigned short int ar_op; /* ARP opcode (command). */ 8 }
二.arp請求代碼
1 /** 2 * @file arp_request.c 3 */ 4 5 #include <stdio.h> 6 #include <stdlib.h> 7 #include <string.h> 8 #include <unistd.h> 9 #include <sys/ioctl.h> 10 #include <sys/socket.h> 11 #include <arpa/inet.h> 12 #include <netinet/in.h> 13 #include <netinet/if_ether.h> 14 #include <net/ethernet.h> 15 #include <net/if_arp.h> 16 #include <net/if.h> 17 #include <netpacket/packet.h> 18 19 /* 以太網幀首部長度 */ 20 #define ETHER_HEADER_LEN sizeof(struct ether_header) 21 /* 整個arp結構長度 */ 22 #define ETHER_ARP_LEN sizeof(struct ether_arp) 23 /* 以太網 + 整個arp結構長度 */ 24 #define ETHER_ARP_PACKET_LEN ETHER_HEADER_LEN + ETHER_ARP_LEN 25 /* IP地址長度 */ 26 #define IP_ADDR_LEN 4 27 /* 廣播地址 */ 28 #define BROADCAST_ADDR {0xff, 0xff, 0xff, 0xff, 0xff, 0xff} 29 30 void err_exit(const char *err_msg) 31 { 32 perror(err_msg); 33 exit(1); 34 } 35 36 /* 填充arp包 */ 37 struct ether_arp *fill_arp_packet(const unsigned char *src_mac_addr, const char *src_ip, const char *dst_ip) 38 { 39 struct ether_arp *arp_packet; 40 struct in_addr src_in_addr, dst_in_addr; 41 unsigned char dst_mac_addr[ETH_ALEN] = BROADCAST_ADDR; 42 43 /* 轉換成網絡字節序 */ 44 inet_pton(AF_INET, src_ip, &src_in_addr); 45 inet_pton(AF_INET, dst_ip, &dst_in_addr); 46 47 /* 整個arp包 */ 48 arp_packet = (struct ether_arp *)malloc(ETHER_ARP_LEN); 49 arp_packet->arp_hrd = htons(ARPHRD_ETHER); 50 arp_packet->arp_pro = htons(ETHERTYPE_IP); 51 arp_packet->arp_hln = ETH_ALEN; 52 arp_packet->arp_pln = IP_ADDR_LEN; 53 arp_packet->arp_op = htons(ARPOP_REQUEST); 54 memcpy(arp_packet->arp_sha, src_mac_addr, ETH_ALEN); 55 memcpy(arp_packet->arp_tha, dst_mac_addr, ETH_ALEN); 56 memcpy(arp_packet->arp_spa, &src_in_addr, IP_ADDR_LEN); 57 memcpy(arp_packet->arp_tpa, &dst_in_addr, IP_ADDR_LEN); 58 59 return arp_packet; 60 } 61 62 /* arp請求 */ 63 void arp_request(const char *if_name, const char *dst_ip) 64 { 65 struct sockaddr_ll saddr_ll; 66 struct ether_header *eth_header; 67 struct ether_arp *arp_packet; 68 struct ifreq ifr; 69 char buf[ETHER_ARP_PACKET_LEN]; 70 unsigned char src_mac_addr[ETH_ALEN]; 71 unsigned char dst_mac_addr[ETH_ALEN] = BROADCAST_ADDR; 72 char *src_ip; 73 int sock_raw_fd, ret_len, i; 74 75 if ((sock_raw_fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ARP))) == -1) 76 err_exit("socket()"); 77 78 bzero(&saddr_ll, sizeof(struct sockaddr_ll)); 79 bzero(&ifr, sizeof(struct ifreq)); 80 /* 網卡接口名 */ 81 memcpy(ifr.ifr_name, if_name, strlen(if_name)); 82 83 /* 獲取網卡接口索引 */ 84 if (ioctl(sock_raw_fd, SIOCGIFINDEX, &ifr) == -1) 85 err_exit("ioctl() get ifindex"); 86 saddr_ll.sll_ifindex = ifr.ifr_ifindex; 87 saddr_ll.sll_family = PF_PACKET; 88 89 /* 獲取網卡接口IP */ 90 if (ioctl(sock_raw_fd, SIOCGIFADDR, &ifr) == -1) 91 err_exit("ioctl() get ip"); 92 src_ip = inet_ntoa(((struct sockaddr_in *)&(ifr.ifr_addr))->sin_addr); 93 printf("local ip:%s\n", src_ip); 94 95 /* 獲取網卡接口MAC地址 */ 96 if (ioctl(sock_raw_fd, SIOCGIFHWADDR, &ifr)) 97 err_exit("ioctl() get mac"); 98 memcpy(src_mac_addr, ifr.ifr_hwaddr.sa_data, ETH_ALEN); 99 printf("local mac"); 100 for (i = 0; i < ETH_ALEN; i++) 101 printf(":%02x", src_mac_addr[i]); 102 printf("\n"); 103 104 bzero(buf, ETHER_ARP_PACKET_LEN); 105 /* 填充以太首部 */ 106 eth_header = (struct ether_header *)buf; 107 memcpy(eth_header->ether_shost, src_mac_addr, ETH_ALEN); 108 memcpy(eth_header->ether_dhost, dst_mac_addr, ETH_ALEN); 109 eth_header->ether_type = htons(ETHERTYPE_ARP); 110 /* arp包 */ 111 arp_packet = fill_arp_packet(src_mac_addr, src_ip, dst_ip); 112 memcpy(buf + ETHER_HEADER_LEN, arp_packet, ETHER_ARP_LEN); 113 114 /* 發送請求 */ 115 ret_len = sendto(sock_raw_fd, buf, ETHER_ARP_PACKET_LEN, 0, (struct sockaddr *)&saddr_ll, sizeof(struct sockaddr_ll)); 116 if ( ret_len > 0) 117 printf("sendto() ok!!!\n"); 118 119 close(sock_raw_fd); 120 } 121 122 int main(int argc, const char *argv[]) 123 { 124 if (argc != 3) 125 { 126 printf("usage:%s device_name dst_ip\n", argv[0]); 127 exit(1); 128 } 129 130 arp_request(argv[1], argv[2]); 131 132 return 0; 133 }
流程:命令行接收網卡接口名和要請求的目標IP地址,傳入arp_request()函數。用PF_PACKET選項創建ARP類型的原始套接字。用ioctl()函數通過網卡接口名來獲取該接口對應的mac地址,ip地址,接口索引。接口索引填充到物理地址sockaddr_ll裡面。然後填充以太首部,源地址對應剛剛的網卡接口mac地址,目標地址填廣播地址(第28行定義的宏)。以太首部幀類型是ETHERTYPE_ARP,代表arp類型。接著填充arp數據包結構,同樣要填充源/目標的ip地址和mac地址,arp包的操作選項填寫ARPOP_REQUEST,代表請求操作。填充完成後發送到剛剛的物理地址sockaddr_ll。
三.接收arp數據包
1 /** 2 * @file arp_recv.c 3 */ 4 5 #include <stdio.h> 6 #include <stdlib.h> 7 #include <string.h> 8 #include <unistd.h> 9 #include <sys/socket.h> 10 #include <arpa/inet.h> 11 #include <netinet/in.h> 12 #include <netinet/if_ether.h> 13 #include <net/if_arp.h> 14 #include <net/ethernet.h> 15 16 /* 以太網幀首部長度 */ 17 #define ETHER_HEADER_LEN sizeof(struct ether_header) 18 /* 整個arp結構長度 */ 19 #define ETHER_ARP_LEN sizeof(struct ether_arp) 20 /* 以太網 + 整個arp結構長度 */ 21 #define ETHER_ARP_PACKET_LEN ETHER_HEADER_LEN + ETHER_ARP_LEN 22 /* IP地址長度 */ 23 #define IP_ADDR_LEN 4 24 25 void err_exit(const char *err_msg) 26 { 27 perror(err_msg); 28 exit(1); 29 } 30 31 int main(void) 32 { 33 struct ether_arp *arp_packet; 34 char buf[ETHER_ARP_PACKET_LEN]; 35 int sock_raw_fd, ret_len, i; 36 37 if ((sock_raw_fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ARP))) == -1) 38 err_exit("socket()"); 39 40 while (1) 41 { 42 bzero(buf, ETHER_ARP_PACKET_LEN); 43 ret_len = recv(sock_raw_fd, buf, ETHER_ARP_PACKET_LEN, 0); 44 if (ret_len > 0) 45 { 46 /* 剝去以太頭部 */ 47 arp_packet = (struct ether_arp *)(buf + ETHER_HEADER_LEN); 48 /* arp操作碼為2代表arp應答 */ 49 if (ntohs(arp_packet->arp_op) == 2) 50 { 51 printf("==========================arp replay======================\n"); 52 printf("from ip:"); 53 for (i = 0; i < IP_ADDR_LEN; i++) 54 printf(".%u", arp_packet->arp_spa[i]); 55 printf("\nfrom mac"); 56 for (i = 0; i < ETH_ALEN; i++) 57 printf(":%02x", arp_packet->arp_sha[i]); 58 printf("\n"); 59 } 60 } 61 } 62 63 close(sock_raw_fd); 64 return 0; 65 }
流程:創建ARP類型的原始套接字。直接調用接收函數,會收到網卡接收的arp數據包,判斷收到的arp包操作是arp應答,操作碼是2。然後剝去以太首部,取出源mac地址和ip地址!!!
四.實驗
為了更直觀,我們打開wireshark一起觀察,我這裡是wlan環境,監聽wlan0。原始套接字要以root身份運行,先運行arp_recv,然後運行arp_request發送arp請求:
wireshark結果:
上面可以看到,第一條數據包詢問誰是192.168.0.1,然後第二條數據包發送了一個回復,可以看到wireshark裡面Opcode:reply(2)。源ip和mac地址跟我們自己的接收程序一樣。
更多詳情見請繼續閱讀下一頁的精彩內容: http://www.linuxidc.com/Linux/2016-01/127963p2.htm