fluffy

Network Archaeology tools for Unix
git clone https://git.woozle.org/neale/fluffy.git
pcat wrong order, pmerge no longer junks linktype
72945ca
Neale Pickett  ·  2020-09-21

pcap.h

 1#ifndef __PCAP_H__
 2#define __PCAP_H__
 3
 4#include <stdio.h>
 5#include <stdint.h>
 6#include <stdbool.h>
 7
 8#define MAGIC 0xa1b2c3d4
 9#define MAXFRAME 262144
10
11/*
12 * Described at http://www.tcpdump.org/linktypes.html
13 */
14#define LINKTYPE_ETHERNET 1
15#define LINKTYPE_RAW 101
16
17struct pcap_file {
18	FILE *f;
19	uint32_t linktype;
20	bool swap;
21};
22
23struct pcap_file_header {
24	uint32_t magic;
25	uint16_t version_major;
26	uint16_t version_minor;
27	int32_t thiszone;	/* gmt to local correction */
28	uint32_t sigfigs;	/* accuracy of timestamps */
29	int32_t snaplen;	/* max length saved portion of each pkt */
30	int32_t linktype;	/* data link type (LINKTYPE_*) */
31};
32
33struct pcap_pkthdr {
34	struct pcap_timeval {
35		uint32_t tv_sec;
36		uint32_t tv_usec;
37	} ts;			/* time stamp */
38	uint32_t caplen;	/* length of portion present */
39	uint32_t len;		/* length this packet (off wire) */
40};
41
42#ifndef max
43#define max(a, b) ((a)>(b)?(a):(b))
44#endif
45
46#ifndef min
47#define min(a, b) ((a)<(b)?(a):(b))
48#endif
49
50#define bswap32(i) (((i & 0xff000000) >> 030) | \
51                    ((i & 0x00ff0000) >> 010) | \
52                    ((i & 0x0000ff00) << 010) | \
53                    ((i & 0x000000ff) << 030))
54#define bswap16(i) (((i & 0xff00) >> 010) | \
55                    ((i & 0x00ff) << 010))
56
57
58/*
59 * Debugging help
60 */
61#define DUMPf(fmt, args...) fprintf(stderr, "%s:%s:%d " fmt "\n", __FILE__, __FUNCTION__, __LINE__, ##args)
62#define DUMP() DUMPf("")
63#define DUMP_d(v) DUMPf("%s = %d", #v, v)
64#define DUMP_u(v) DUMPf("%s = %u", #v, v)
65#define DUMP_x(v) DUMPf("%s = 0x%x", #v, v)
66#define DUMP_s(v) DUMPf("%s = %s", #v, v)
67#define DUMP_c(v) DUMPf("%s = %c", #v, v)
68#define DUMP_p(v) DUMPf("%s = %p", #v, v)
69
70int pcap_open_in(struct pcap_file *ctx, FILE * f);
71int pcap_open_out(struct pcap_file *ctx, FILE * f);
72int pcap_open_out_linktype(struct pcap_file *ctx, FILE * f, int32_t linktype);
73int pcap_read_pkthdr(struct pcap_file *ctx, struct pcap_pkthdr *hdr);
74int pcap_write_pkthdr(struct pcap_file *ctx, struct pcap_pkthdr *hdr);
75void pcap_close(struct pcap_file *ctx);
76
77#endif				/* __PCAP_H__ */