Changeset d0f25d4 for lib/format_pcapng.c
- Timestamp:
- 01/23/19 13:02:54 (2 years ago)
- Branches:
- develop
- Children:
- 23741ec5
- Parents:
- 23d263a
- File:
-
- 1 edited
-
lib/format_pcapng.c (modified) (7 diffs)
Legend:
- Unmodified
- Added
- Removed
-
lib/format_pcapng.c
rb27ed21 rd0f25d4 40 40 #include <math.h> 41 41 42 typedef struct pcagng_section_header_t {43 uint32_t blocktype;44 uint32_t blocklen;45 uint32_t ordering;46 uint16_t majorversion;47 uint16_t minorversion;48 uint64_t sectionlen;49 } pcapng_sec_t;50 51 typedef struct pcapng_interface_header_t {52 uint32_t blocktype;53 uint32_t blocklen;54 uint16_t linktype;55 uint16_t reserved;56 uint32_t snaplen;57 } pcapng_int_t;58 59 typedef struct pcapng_nrb_header_t {60 uint32_t blocktype;61 uint32_t blocklen;62 } pcapng_nrb_t;63 64 typedef struct pcapng_enhanced_packet_t {65 uint32_t blocktype;66 uint32_t blocklen;67 uint32_t interfaceid;68 uint32_t timestamp_high;69 uint32_t timestamp_low;70 uint32_t caplen;71 uint32_t wlen;72 } pcapng_epkt_t;73 74 typedef struct pcapng_simple_packet_t {75 uint32_t blocktype;76 uint32_t blocklen;77 uint32_t wlen;78 } pcapng_spkt_t;79 80 typedef struct pcapng_old_packet_t {81 uint32_t blocktype;82 uint32_t blocklen;83 uint16_t interfaceid;84 uint16_t drops;85 uint32_t timestamp_high;86 uint32_t timestamp_low;87 uint32_t caplen;88 uint32_t wlen;89 } pcapng_opkt_t;90 91 typedef struct pcapng_stats_header_t {92 uint32_t blocktype;93 uint32_t blocklen;94 uint32_t interfaceid;95 uint32_t timestamp_high;96 uint32_t timestamp_low;97 } pcapng_stats_t;98 99 typedef struct pcapng_decryption_secrets_header_t {100 uint32_t blocktype;101 uint32_t blocklen;102 uint32_t secrets_type;103 uint32_t secrets_len;104 } pcapng_secrets_t;105 106 typedef struct pcapng_custom_header_t {107 uint32_t blocktype;108 uint32_t blocklen;109 uint32_t pen;110 } pcapng_custom_t;111 112 typedef struct pcapng_interface_t pcapng_interface_t;113 114 struct pcapng_timestamp {115 uint32_t timehigh;116 uint32_t timelow;117 };118 119 struct pcapng_interface_t {120 121 uint16_t id;122 libtrace_dlt_t linktype;123 uint32_t snaplen;124 uint32_t tsresol;125 126 uint64_t received;127 uint64_t dropped; /* as reported by interface stats */128 uint64_t dropcounter; /* as reported by packet records */129 uint64_t accepted;130 uint64_t osdropped;131 uint64_t laststats;132 133 };134 135 struct pcapng_format_data_t {136 bool started;137 bool realtime;138 bool discard_meta;139 140 /* Section data */141 bool byteswapped;142 143 /* Interface data */144 pcapng_interface_t **interfaces;145 uint16_t allocatedinterfaces;146 uint16_t nextintid;147 148 };149 150 struct pcapng_format_data_out_t {151 iow_t *file;152 int compress_level;153 int compress_type;154 int flag;155 156 /* Section data */157 uint16_t sechdr_count;158 bool byteswapped;159 160 /* Interface data */161 uint16_t nextintid;162 libtrace_linktype_t lastdlt;163 };164 165 struct pcapng_optheader {166 uint16_t optcode;167 uint16_t optlen;168 };169 170 struct pcapng_custom_optheader {171 uint16_t optcode;172 uint16_t optlen;173 uint32_t pen;174 };175 struct pcapng_nrb_record {176 uint16_t recordtype;177 uint16_t recordlen;178 };179 struct pcapng_peeker {180 uint32_t blocktype;181 uint32_t blocklen;182 };183 184 typedef struct pcapng_peeker pcapng_hdr_t;185 186 #define DATA(x) ((struct pcapng_format_data_t *)((x)->format_data))187 #define DATAOUT(x) ((struct pcapng_format_data_out_t*)((x)->format_data))188 189 42 static char *pcapng_parse_next_option(libtrace_t *libtrace, char **pktbuf, 190 43 uint16_t *code, uint16_t *length, pcapng_hdr_t *blockhdr); … … 856 709 static int pcapng_get_framing_length(const libtrace_packet_t *packet) { 857 710 858 711 switch(pcapng_get_record_type(packet)) { 859 712 case PCAPNG_SECTION_TYPE: 860 713 return sizeof(pcapng_sec_t); … … 872 725 return sizeof(pcapng_nrb_t); 873 726 case PCAPNG_CUSTOM_TYPE: 727 return sizeof(pcapng_custom_t); 874 728 case PCAPNG_CUSTOM_NONCOPY_TYPE: 875 729 return sizeof(pcapng_custom_t); 876 } 730 case PCAPNG_DECRYPTION_SECRETS_TYPE: 731 return sizeof(pcapng_secrets_t); 732 } 877 733 878 734 /* If we get here, we aren't a valid pcapng packet */ … … 1808 1664 static libtrace_direction_t pcapng_get_direction(const libtrace_packet_t 1809 1665 *packet) { 1666 libtrace_direction_t direction = -1; 1810 1667 1811 1668 /* Defined in format_helper.c */ 1812 return pcap_get_direction(packet); 1669 if (PACKET_IS_ENHANCED || PACKET_IS_SIMPLE || PACKET_IS_OLD) { 1670 direction = pcap_get_direction(packet); 1671 } 1672 1673 return direction; 1813 1674 } 1814 1675 … … 1910 1771 return ohdr->wlen; 1911 1772 } 1912 } 1773 } else if (PACKET_IS_SECTION || PACKET_IS_INTERFACE || PACKET_IS_NAME_RESOLUTION 1774 || PACKET_IS_INTERFACE_STATS || PACKET_IS_CUSTOM || 1775 PACKET_IS_CUSTOM_NONCOPY || PACKET_IS_DECRYPTION_SECRETS) { 1776 /* meta packet are not transmitted on the wire hence the 0 wirelen */ 1777 return 0; 1778 } 1913 1779 1914 1780 /* If we get here, we aren't a valid pcapng packet */ … … 1926 1792 if (baselen == -1) 1927 1793 return -1; 1794 1795 /* if packet was a meta packet baselen should be zero so return it */ 1796 if (baselen == 0) { 1797 return 0; 1798 } 1928 1799 1929 1800 /* Then, account for the vagaries of different DLTs */ … … 1991 1862 return ohdr->caplen; 1992 1863 } 1993 } 1864 } else if (PACKET_IS_SECTION || PACKET_IS_INTERFACE || PACKET_IS_NAME_RESOLUTION 1865 || PACKET_IS_INTERFACE_STATS || PACKET_IS_CUSTOM || 1866 PACKET_IS_CUSTOM_NONCOPY || PACKET_IS_DECRYPTION_SECRETS) { 1867 1868 struct pcapng_peeker *hdr = (struct pcapng_peeker *)packet->header; 1869 if (DATA(packet->trace)->byteswapped) { 1870 return byteswap32(hdr->blocklen) - trace_get_framing_length(packet); 1871 } else { 1872 return hdr->blocklen - trace_get_framing_length(packet); 1873 } 1874 } 1994 1875 1995 1876 /* If we get here, we aren't a valid pcapng packet */
Note: See TracChangeset
for help on using the changeset viewer.
