-
Notifications
You must be signed in to change notification settings - Fork 1
/
sr_dumper.h
executable file
·79 lines (63 loc) · 1.94 KB
/
sr_dumper.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
/**
* This header file defines data structures for logging packets in tcpdump
* format as well as a set of operations for logging.
*/
#ifdef _LINUX_
#include <stdint.h>
#endif /* _LINUX_ */
#ifdef _DARWIN_
#include <inttypes.h>
#endif /* _DARWIN_ */
#include <sys/time.h>
#define PCAP_VERSION_MAJOR 2
#define PCAP_VERSION_MINOR 4
#define PCAP_ETHA_LEN 6
#define PCAP_PROTO_LEN 2
#define TCPDUMP_MAGIC 0xa1b2c3d4
#define LINKTYPE_ETHERNET 1
#define min(a,b) ( (a) < (b) ? (a) : (b) )
/* file header */
struct pcap_file_header {
uint32_t magic; /* magic number */
uint16_t version_major; /* version number major */
uint16_t version_minor; /* version number minor */
int thiszone; /* gmt to local correction */
uint32_t sigfigs; /* accuracy of timestamps */
uint32_t snaplen; /* max length saved portion of each pkt */
uint32_t linktype; /* data link type (LINKTYPE_*) */
};
/* packet header */
struct pcap_pkthdr {
struct timeval ts; /* time stamp */
uint32_t caplen; /* length of portion present */
uint32_t len; /* length this packet (off wire) */
};
/*
* This is a timeval as stored in disk in a dumpfile.
* It has to use the same types everywhere, independent of the actual
* `struct timeval'
*/
struct pcap_timeval {
int tv_sec; /* seconds */
int tv_usec; /* microseconds */
};
/*
* How a `pcap_pkthdr' is actually stored in the dumpfile.
*/
struct pcap_sf_pkthdr {
struct pcap_timeval ts; /* time stamp */
uint32_t caplen; /* length of portion present */
uint32_t len; /* length this packet (off wire) */
};
/**
* Open a dump file and initialize the file.
*/
FILE* sr_dump_open(const char *fname, int thiszone, int snaplen);
/**
* Write data into the log file
*/
void sr_dump(FILE *fp, const struct pcap_pkthdr *h, const unsigned char *sp);
/**
* Close the file
*/
void sr_dump_close(FILE *fp);