Page 1 of 1

Getting IP data

Posted: 25 Jul 2019, 13:36
by david
Hi, great work!

I need to analyze the IP data, and having a hard time finding the relevant part of the code that handles that. I thought there might be a raw socket that is being written to, and I can get the buffer there and analyze it, but I can't seem to find such a thing (maybe I missed it though..)
The only place I found the PPP_IP protocol symbol is in ifcfg.c, but it only configures the file descriptor there using ppp_ioctl..

Can you point me to the part of the code that handles IP data?
I would prefer of course if the IP packets will be separated somehow, so I don't have to build a parser..

Thanks in advance :)

Re: Getting IP data

Posted: 25 Jul 2019, 22:06
by dimka88
Hello, can you more explain about this? Did you look accel-pppd/ppp/ppp.c file?

Re: Getting IP data

Posted: 29 Jul 2019, 08:23
by david
Hi, thanks for the quick reply!
Sure, I'll explain more.

I want to get for every TCP connection over the PPP tunnel, the source address, source port, destination address and destination port.
For this I need the raw IP data. For example I can catch the first SYN packet, and get the data I need.
So for that I need the raw IP data, so that I can extract the data I need. Preferably, if there is some place in the code where this IP data is divided into packets,
it will be much more convenient, since I won't have to divide it into packets myself.

I looked in accel-pppd/ppp/ppp.c, but I see that it just calls the lcp, ccp, auth, ipcp and ip6cp handlers.
Couldn't find anywhere in ppp.c where the raw data is being handled.. But maybe I missed it ;)

Do you have somewhere to point me to?

Thanks, David.