neale
/
fluffy
mirror of https://github.com/dirtbags/fluffy.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

pcat wrong order, pmerge no longer junks linktype

This commit is contained in:
Neale Pickett 2020-09-21 14:52:53 -06:00
parent 4d9d840ab3
commit 72945ca4ea
5 changed files with 17 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -127,7 +127,7 @@ such as sed, awk, cut, grep, or head.
Output is tab-separated, of the format:
timestamp protocol options src dst payload
timestamp protocol src dst options payload
Frequently you are only interested in the payload,
so you can run pcat like:

7
pcap.c
View File

@ -38,7 +38,12 @@ pcap_open_in(struct pcap_file *ctx, FILE * f)
int
pcap_open_out(struct pcap_file *ctx, FILE * f)
{
struct pcap_file_header h = { MAGIC, 2, 4, 0, 0, MAXFRAME, 1 };
return pcap_open_out_linktype(ctx, f, 1);
}
int
pcap_open_out_linktype(struct pcap_file *ctx, FILE *f, int32_t linktype) {
struct pcap_file_header h = { MAGIC, 2, 4, 0, 0, MAXFRAME, linktype };
if (1 != fwrite(&h, sizeof(h), 1, f)) {
return -1;

1
pcap.h
View File

@ -69,6 +69,7 @@ struct pcap_pkthdr {
int pcap_open_in(struct pcap_file *ctx, FILE * f);
int pcap_open_out(struct pcap_file *ctx, FILE * f);
int pcap_open_out_linktype(struct pcap_file *ctx, FILE * f, int32_t linktype);
int pcap_read_pkthdr(struct pcap_file *ctx, struct pcap_pkthdr *hdr);
int pcap_write_pkthdr(struct pcap_file *ctx, struct pcap_pkthdr *hdr);
void pcap_close(struct pcap_file *ctx);

2
pcat.c
View File

@ -99,7 +99,7 @@ process_icmp(struct stream *s, char *saddr_s, char *daddr_s)
uint8_t code = read_uint8(s);
uint16_t checksum = read_uint16(s);
printf("ICMP\t%d,%d\t%s\t%s\t", type, code, saddr_s, daddr_s);
printf("ICMP\t%s\t%s\t%d,%d\t", saddr_s, daddr_s, type, code);
}
void

9
pmerge.c
View File

@ -50,6 +50,7 @@ main(int argc, char *argv[])
/*
* Open input files
*/
int32_t linktype = 0;
for (i = 0; i < argc - 1; i += 1) {
char *fn = argv[i + 1];
struct input_file *cur = &files[nfiles];
@ -68,6 +69,12 @@ main(int argc, char *argv[])
fprintf(stderr, "%s: unable to process\n", fn);
return EX_IOERR;
}
if (i == 0) {
linktype = cur->p.linktype;
} else if (linktype != cur->p.linktype) {
fprintf(stderr, "%s: incompatible linktype with first file\n", fn);
return EX_IOERR;
}
cur->active = 1;
if (0 == read_next(cur)) {
@ -75,7 +82,7 @@ main(int argc, char *argv[])
}
}
if (-1 == pcap_open_out(&out, stdout)) {
if (-1 == pcap_open_out_linktype(&out, stdout, linktype)) {
perror("writing header");
return EX_IOERR;
}