获取ARP数据包的大小

Question

我目前正在将一个数据包分解成几个头文件。

这里是我当前的代码：

void analyse(struct pcap_pkthdr *header, const unsigned char *packet, int verbose) { 


    // Define headers and payload 
    const struct ether_header *ethernet = NULL; 
    const struct ether_arp *arp = NULL; 
    const struct ip *ip = NULL; 
    const struct tcphdr *tcp = NULL; 
    const char *payload = NULL; 

    /* Ethernet header is the first data block of packet **/ 
    ethernet = (struct ether_header*) packet; 

    // ARP packet following 
    if(ntohs(ethernet->ether_type) == ETHERTYPE_ARP) { 

     arp = (struct ether_arp*) (packet + ETH_HLEN); 

     // If the operation performed by the sender is a reply, we increment the ARP Response Counter 
     if(ntohs(arp->ea_hdr.ar_op) == 2) { 

      arpResponsesCounter++; 

     } 

    } else { // IP packet following 

     ip = (struct ip*) (packet + ETH_HLEN); 

    } 

    // ARP header and IP header don't have the same size 
    if(arp == NULL) { 

     u_int shift_size = (ip->ip_hl)*4; 

    } else { 


    } 


} 

根据http://unix.superglobalmegacorp.com/BSD4.4/newsrc/netinet/ip.h.html和http://unix.superglobalmegacorp.com/Net2/newsrc/netinet/if_ether.h.html，IP报头的大小由(ip->ip_hl)*4;给出，但我无法弄清楚如何获得ARP头的大小。 我需要它来正确定义TCP头指针。

谢谢

Answer 1

我觉得你很困惑。 ARP包是的ARP包头。 ARP本身就是一个协议，它不像IP那样包含其他协议作为其数据包中的有效载荷。在ICMP是网络层协议的方式中，它恰当地是链路层协议。两者都是顶层协议，并且都不承载其他协议。

可以确定网络上的ARP分组的大小，如果你知道第2层和第3层地址的网络的大小（用于以太网48个比特和32个比特对于IPv4）。

Hardware Type is two octets 
Protocol Type is two octets 
Hardware Address Length is one octet 
Protocol Address Length is one octet 
Operation is two octets 
Sender Hardware Address is Hardware Address Length octets 
Sender Protocol Address is Protocol Address Length octets 
Destination Hardware Address is Hardware Address Length octets 
Destination Protocol Address is Protocol Address Length octets 

基本上，你有八个八位字节，加上两倍的硬件地址长度，再加上两倍的协议地址长度。

对于以太网上的IPv4，这意味着(8 + (2 * 6) + (2 * 4)) = 28。