From 72945ca4eaaca260194eafd1f7aa082f39906cbd Mon Sep 17 00:00:00 2001
From: Neale Pickett <neale@lanl.gov>
Date: Mon, 21 Sep 2020 14:52:53 -0600
Subject: [PATCH] pcat wrong order, pmerge no longer junks linktype

---
 README.md | 2 +-
 pcap.c    | 7 ++++++-
 pcap.h    | 1 +
 pcat.c    | 2 +-
 pmerge.c  | 9 ++++++++-
 5 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 878de6b..0f2ac69 100644
--- a/README.md
+++ b/README.md
@@ -127,7 +127,7 @@ such as sed, awk, cut, grep, or head.
 
 Output is tab-separated, of the format:
 
-    timestamp protocol options src dst payload
+    timestamp protocol src dst options payload
 
 Frequently you are only interested in the payload,
 so you can run pcat like:
diff --git a/pcap.c b/pcap.c
index 2c8d8b9..bc64ba8 100644
--- a/pcap.c
+++ b/pcap.c
@@ -38,7 +38,12 @@ pcap_open_in(struct pcap_file *ctx, FILE * f)
 int
 pcap_open_out(struct pcap_file *ctx, FILE * f)
 {
-	struct pcap_file_header h = { MAGIC, 2, 4, 0, 0, MAXFRAME, 1 };
+	return pcap_open_out_linktype(ctx, f, 1);
+}
+
+int
+pcap_open_out_linktype(struct pcap_file *ctx, FILE *f, int32_t linktype) {
+	struct pcap_file_header h = { MAGIC, 2, 4, 0, 0, MAXFRAME, linktype };
 
 	if (1 != fwrite(&h, sizeof(h), 1, f)) {
 		return -1;
diff --git a/pcap.h b/pcap.h
index e5d4c2a..f792045 100644
--- a/pcap.h
+++ b/pcap.h
@@ -69,6 +69,7 @@ struct pcap_pkthdr {
 
 int pcap_open_in(struct pcap_file *ctx, FILE * f);
 int pcap_open_out(struct pcap_file *ctx, FILE * f);
+int pcap_open_out_linktype(struct pcap_file *ctx, FILE * f, int32_t linktype);
 int pcap_read_pkthdr(struct pcap_file *ctx, struct pcap_pkthdr *hdr);
 int pcap_write_pkthdr(struct pcap_file *ctx, struct pcap_pkthdr *hdr);
 void pcap_close(struct pcap_file *ctx);
diff --git a/pcat.c b/pcat.c
index c54f742..b96da1e 100644
--- a/pcat.c
+++ b/pcat.c
@@ -99,7 +99,7 @@ process_icmp(struct stream *s, char *saddr_s, char *daddr_s)
 	uint8_t code = read_uint8(s);
 	uint16_t checksum = read_uint16(s);
 	
-	printf("ICMP\t%d,%d\t%s\t%s\t", type, code, saddr_s, daddr_s);
+	printf("ICMP\t%s\t%s\t%d,%d\t", saddr_s, daddr_s, type, code);
 }
 
 void
diff --git a/pmerge.c b/pmerge.c
index 5699237..6e0f28c 100644
--- a/pmerge.c
+++ b/pmerge.c
@@ -50,6 +50,7 @@ main(int argc, char *argv[])
 	/*
 	 * Open input files 
 	 */
+	int32_t linktype = 0;
 	for (i = 0; i < argc - 1; i += 1) {
 		char *fn = argv[i + 1];
 		struct input_file *cur = &files[nfiles];
@@ -68,6 +69,12 @@ main(int argc, char *argv[])
 			fprintf(stderr, "%s: unable to process\n", fn);
 			return EX_IOERR;
 		}
+		if (i == 0) {
+			linktype = cur->p.linktype;
+		} else if (linktype != cur->p.linktype) {
+			fprintf(stderr, "%s: incompatible linktype with first file\n", fn);
+			return EX_IOERR;
+		}
 		cur->active = 1;
 
 		if (0 == read_next(cur)) {
@@ -75,7 +82,7 @@ main(int argc, char *argv[])
 		}
 	}
 
-	if (-1 == pcap_open_out(&out, stdout)) {
+	if (-1 == pcap_open_out_linktype(&out, stdout, linktype)) {
 		perror("writing header");
 		return EX_IOERR;
 	}