o5r/plan9port
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

read pcap

Browse source
This commit is contained in:
rsc 2007-05-02 19:58:17 +00:00
parent b510decf42
commit 53f56329be
1 changed files with 67 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

105
src/cmd/ip/snoopy/main.c
View file

@ -37,7 +37,14 @@ Filter* compile(Filter *f);
void printfilter(Filter *f, char *tag); void printfilter(Filter *f, char *tag);
void printhelp(char*); void printhelp(char*);
void tracepkt(uchar*, int); void tracepkt(uchar*, int);
void pcaphdr(void); void pcaphdr(int);
struct pcap_pkthdr {
u64int ts; /* time stamp */
u32int caplen; /* length of portion present */
u32int len; /* length this packet (off wire) */
};
void void
printusage(void) printusage(void)
@ -116,6 +123,10 @@ main(int argc, char **argv)
case 't': case 't':
tiflag = 1; tiflag = 1;
break; break;
case 'T':
tiflag = 1;
pcap = 1;
break;
case 'C': case 'C':
Cflag = 1; Cflag = 1;
break; break;
@ -124,9 +135,6 @@ main(int argc, char **argv)
break; break;
}ARGEND; }ARGEND;
if(pcap)
pcaphdr();
if(argc > 1) if(argc > 1)
usage(); usage();
@ -149,19 +157,32 @@ main(int argc, char **argv)
if(root == nil) if(root == nil)
root = &ether; root = &ether;
if(pcap)
pcaphdr(fd);
filter = compile(filter); filter = compile(filter);
if(tiflag){ if(tiflag){
/* read a trace file */ /* read a trace file */
for(;;){ for(;;){
n = read(fd, pkt, 10); if(pcap){
if(n != 10) struct pcap_pkthdr *goo;
break; n = read(fd, pkt, 16);
pkttime = NetL(pkt+2); if(n != 16)
pkttime = (pkttime<<32) | NetL(pkt+6); break;
if(starttime == 0LL) goo = (struct pcap_pkthdr*)pkt;
starttime = pkttime; pkttime = goo->ts;
n = NetS(pkt); n = goo->caplen;
}else{
n = read(fd, pkt, 10);
if(n != 10)
break;
pkttime = NetL(pkt+2);
pkttime = (pkttime<<32) | NetL(pkt+6);
if(starttime == 0LL)
starttime = pkttime;
n = NetS(pkt);
}
if(readn(fd, pkt, n) != n) if(readn(fd, pkt, n) != n)
break; break;
if(filterpkt(filter, pkt, pkt+n, root, 1)) if(filterpkt(filter, pkt, pkt+n, root, 1))
@ -259,39 +280,47 @@ filterpkt(Filter *f, uchar *ps, uchar *pe, Proto *pr, int needroot)
#define TCPDUMP_MAGIC 0xa1b2c3d4 #define TCPDUMP_MAGIC 0xa1b2c3d4
struct pcap_file_header { struct pcap_file_header {
ulong magic; u32int magic;
ushort version_major; u16int version_major;
ushort version_minor; u16int version_minor;
long thiszone; /* gmt to local correction */ s32int thiszone; /* gmt to local correction */
ulong sigfigs; /* accuracy of timestamps */ u32int sigfigs; /* accuracy of timestamps */
ulong snaplen; /* max length saved portion of each pkt */ u32int snaplen; /* max length saved portion of each pkt */
ulong linktype; /* data link type (DLT_*) */ u32int linktype; /* data link type (DLT_*) */
};
struct pcap_pkthdr {
uvlong ts; /* time stamp */
ulong caplen; /* length of portion present */
ulong len; /* length this packet (off wire) */
}; };
/* /*
* pcap trace header * pcap trace header
*/ */
void void
pcaphdr(void) pcaphdr(int fd)
{ {
struct pcap_file_header hdr; if(tiflag){
struct pcap_file_header hdr;
hdr.magic = TCPDUMP_MAGIC;
hdr.version_major = PCAP_VERSION_MAJOR; if(readn(fd, &hdr, sizeof hdr) != sizeof hdr)
hdr.version_minor = PCAP_VERSION_MINOR; sysfatal("short header");
if(hdr.magic != TCPDUMP_MAGIC)
hdr.thiszone = 0; sysfatal("packet header %ux != %ux", hdr.magic, TCPDUMP_MAGIC);
hdr.snaplen = 1500; if(hdr.version_major != PCAP_VERSION_MAJOR || hdr.version_minor != PCAP_VERSION_MINOR)
hdr.sigfigs = 0; sysfatal("version %d.%d != %d.%d", hdr.version_major, hdr.version_minor, PCAP_VERSION_MAJOR, PCAP_VERSION_MINOR);
hdr.linktype = 1; if(hdr.linktype != 1)
sysfatal("unknown linktype %d != 1 (ethernet)", hdr.linktype);
write(1, &hdr, sizeof(hdr)); }
if(toflag){
struct pcap_file_header hdr;
hdr.magic = TCPDUMP_MAGIC;
hdr.version_major = PCAP_VERSION_MAJOR;
hdr.version_minor = PCAP_VERSION_MINOR;
hdr.thiszone = 0;
hdr.snaplen = 1500;
hdr.sigfigs = 0;
hdr.linktype = 1;
write(1, &hdr, sizeof(hdr));
}
} }
/* /*