Hi,
Attached is the code for editpcap.c.
It shows how to read a capture file and in this case simply drop frames.
I should be fixed up to do a few more things.
It also exposes the need to fix some aspects of wiretap, like moving some
record definitions out of .c files into header files.
#include <stdio.h>
#include <glib.h>
#include <sys/time.h>
#include <timebits.h>
#include "wtap.h"
/* "libpcap" file header (minus magic number). */
struct pcap_hdr {
guint16 version_major; /* major version number */
guint16 version_minor; /* minor version number */
gint32 thiszone; /* GMT to local correction */
guint32 sigfigs; /* accuracy of timestamps */
guint32 snaplen; /* max length of captured packets, in octets */
guint32 network; /* data link type */
};
/* "libpcap" record header. */
struct pcaprec_hdr {
guint32 ts_sec; /* timestamp seconds */
guint32 ts_usec; /* timestamp microseconds */
guint32 incl_len; /* number of octets of packet saved in file */
guint32 orig_len; /* actual length of packet */
};
int delete[100], max_delete = -1;
/* Can we delete the record? */
int deleteit(int recno)
{
int i = 0;
for (i = 0; i<= max_delete; i++) {
if (recno == delete[i]) return 1;
}
return 0;
}
FILE *wfh;
struct pcaprec_hdr rec_hdr;
int count = 1;
static void
edit_callback(u_char *user, const struct wtap_pkthdr *phdr, int offset, const u_char *buf)
{
if (!deleteit(count)) {
printf("Record: %u\n", count);
rec_hdr.ts_sec = phdr -> ts.tv_sec;
rec_hdr.ts_usec = phdr -> ts.tv_usec;
rec_hdr.incl_len = phdr -> caplen;
rec_hdr.orig_len = phdr -> len;
fwrite(&rec_hdr, 1, sizeof(rec_hdr), wfh);
fwrite(buf, 1, rec_hdr.incl_len, wfh);
}
count++;
}
int main(int argc, char *argv[])
{
guint32 magic = 0xa1b2c3d4;
struct pcap_hdr hdr;
struct pcaprec_hdr rec_hdr;
wtap *wth;
int read_bytes, pcnt = 0, i, err;
char buf[65536];
if (argc < 3) {
fprintf(stderr, "Usage: editpcap <infile> <outfile> <record#> ...\n");
exit(1);
}
wth = wtap_open_offline(argv[1], &err);
if (!wth) {
perror("Opening input file");
exit(1);
}
hdr.version_major = 2;
hdr.version_minor = 0;
hdr.thiszone = 0;
hdr.sigfigs = 0;
hdr.snaplen = wth->snapshot_length;
hdr.network = WTAP_FILE_WTAP;
wfh = fopen(argv[2], "w");
if (!wfh) {
perror("Opening output file");
exit(1);
}
if (argc < 3) {
fprintf(stderr, "Not enough arguments\n");
exit(1);
}
for (i = 3; i < argc; i++)
delete[++max_delete] = atoi(argv[i]);
/* Now write the magic and the header */
fwrite(&magic, 1, sizeof(magic), wfh);
fwrite(&hdr, 1, sizeof(hdr), wfh);
wtap_loop(wth, 0, edit_callback, buf, &err);
fclose(wfh);
}
Regards
-------
Richard Sharpe, sharpe@xxxxxxxxxx, Master Linux Administrator :-),
Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
Co-author, SAMS Teach Yourself Samba in 24 Hours
Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course
