"Linux Network Development Required Course" 9_Application Protocol Analysis Module (Part 1)

Question: How to encapsulate protocol details at the code level? How to parse the data in the receive buffer into a Message?

Deep thinking

Can the data be parsed into a Message?

• enough data

  • Is it possible to parse more than one Message if the amount of data is sufficient?
  • How to handle the remaining data (belonging to the next Message)

• Insufficient amount of data

  • Has the protocol minimum length (12 bytes) been reached?
  • How to handle the case where the amount of data exceeds the minimum length, but is not enough to create a Message?

preliminary solution

• Define a module for parsing Messages from byte streams
• Can be read and parsed from the specified memory or from the specified file descriptor

• Start parsing when there are at least 12 bytes

  • First parse the header information and data area length (length) in the protocol
  • Continue to read data (payload) from the byte stream according to the length of the data area
  • When the protocol data parsing is complete, create a Message and return, otherwise, return NULL

Preliminary Design of Protocol Analysis Module

Parser interface definition

 typedef void MParser;
MParser *MParser_New();
Message *MParser_ReadMem(MParser *parser, unsigned char *mem, unsigned int length);
Message *MParser_ReadFd(MParser *parser, int fd);
void MParser_Reset(MParser *parser);
void MParser_Del(MParser *parser);

Parser data structure

 typedef struct msg_parser {
    Message cache;    // 缓存已解析的消息头
    int header;        // 标识消息头是否解析成功
    int need;        // 标识还剩多少字节才能完成解析
    Message *msg;    // 解析中的协议消息（半成品）
}MsgParser;

Condition: Memory length is at least 12 consecutive bytes

 memcpy(&p->cache, mem, p->need);

p->cache.type   = ntohs(p->cache.type);  // 从网络字节序转换为本机字节序
p->cache.cmd    = ntohs(p->cache.cmd);
p->cache.index  = ntohs(p->cache.index);
p->cache.total  = ntohs(p->cache.total);
p->cache.length = ntohs(p->cache.length);

mem += p->need;
length -= p->need;

p->header = 1;
p->need = p->cache.length;

Read the data in the payload from memory (can be read multiple times)

 if (!p->msg) {  // 成功创建消息头之后， 创建 Message
    p->msg = malloc(sizeof(p->cache) + p->need);

    if (p->msg) {
        *p->msg = p->cache;
    }
}

if (p->msg) {
    unsigned int len = (p->need < length) > p->need : length;
    unsigned int offset = p->msg->length - p->need;

    memcpy(p->msg->payload + offset, mem, len);

    p->need -= len;
}

Programming experiment: preliminary design of protocol analysis module

msg_parser.h

 #ifndef MSG_PARSER_H
#define MSG_PARSER_H

#include "message.h"

typedef void MParser;

MParser *MParser_New();
Message *MParser_ReadMem(MParser *parser, unsigned char *mem, unsigned int length);
Message *MParser_ReadFd(MParser *parser, int fd);
void MParser_Reset(MParser *parse);
void MParser_Del(MParser *parse);

#endif

msg_parser.c

 #include <malloc.h>
#include <string.h>
#include <arpa/inet.h>
#include <unistd.h>

#include "msg_parser.h"

typedef struct msg_parser {
    Message cache;
    int header;
    int need;
    Message *msg;
}MsgParser;

MParser *MParser_New()
{
    MsgParser *ret = calloc(1, sizeof(MsgParser));

    MParser_Reset(ret);

    return ret;
}

Message *MParser_ReadMem(MParser *parser, unsigned char *mem, unsigned int length)
{
    Message *ret = NULL;
    MsgParser *p = (MsgParser*)parser;

    if (!p || !mem || !length) {
        return ret;
    }

    if (!p->header) {
        if (p->need <= length) {
            memcpy(&p->cache, mem, p->need);
            p->cache.type = ntohs(p->cache.type);
            p->cache.cmd = ntohs(p->cache.cmd);
            p->cache.index = ntohs(p->cache.index);
            p->cache.total = ntohs(p->cache.total);
            p->cache.length = ntohl(p->cache.length);

            mem += p->need;
            length -= p->need;

            p->header = 1;
            p->need = p->cache.length;

            ret = MParser_ReadMem(parser, mem, length);
        }
    } else {
        if (!p->msg) {
            p->msg = malloc(sizeof(p->cache) + p->need);

            if (p->msg) {
                *p->msg = p->cache;
            }
        }

        if (p->msg) {
            unsigned int len = (p->need < length) ? p->need : length;
            unsigned int offset = p->msg->length - p->need;

            memcpy(p->msg->payload, mem, len);

            p->need -= len;
        }

        if (!p->need) {
            ret = p->msg;
            p->msg = NULL;
            MParser_Reset(p);
        }
    }

    return ret;
}

Message *MParser_ReadFd(MParser *parser, int fd)
{
    Message *ret = NULL;

    return ret;
}

void MParser_Reset(MParser *parse)
{
    MsgParser *p = (MsgParser*)parse;

    if (p) {
        p->header = 0;
        p->need = sizeof(p->cache);

        free(p->msg);

        p->msg = NULL;
    }
}

void MParser_Del(MParser *parse)
{
    MsgParser *p = (MsgParser*)parse;

    if (p) {
        free(p->msg);
        free(p);
    }
}

test.c

 #include <stdio.h>
#include <unistd.h>
#include <stdlib.h>

#include "msg_parser.h"

int main()
{   
    MParser *p = MParser_New();
    char buf[] = {0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04, 0x00, 0x00, 0x00, 0x04};
    char data[] = {0x11, 0x12, 0x13, 0x14};
    Message *m = MParser_ReadMem(p, buf, sizeof(buf));
    int i = 0;

    if (!m) {
        printf("parse again...\n");

        m = MParser_ReadMem(p, data, sizeof(data));
    }

    printf("m = %p\n", m);

    if (m) {
        printf("type = %d\n", m->type);
        printf("cmd = %d\n", m->cmd);
        printf("index = %d\n", m->index);
        printf("total = %d\n", m->total);
        printf("length = %d\n", m->length);

        for (i=0; i<m->length; ++i) {
            printf("0x%02x ", m->payload[i]);
        }

        printf("\n");

        free(m);
    }

    MParser_Del(p);

    return 0;    
}

Thinking: How to parse the protocol data in real time through the socket file descriptor?