forked from NachtZ/pcapDumper
-
Notifications
You must be signed in to change notification settings - Fork 1
/
pcap_dump.h
90 lines (82 loc) · 2.69 KB
/
pcap_dump.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
/**
* pcap_dump aims to provide some basic functions to write a packet data into a pcap file
*/
#ifndef PCAP_DUMP_H_
#define PCAP_DUMP_H_
#include <stdint.h>
struct pd_timeval {
uint32_t tv_sec; /* seconds */
uint32_t tv_usec; /* microseconds */
};
struct pd_pcap_file_header {
uint32_t magic;
uint16_t version_major;
uint16_t version_minor;
int32_t thiszone; /* gmt to local correction */
uint32_t sigfigs; /* accuracy of timestamps */
uint32_t snaplen; /* max length saved portion of each pkt */
uint32_t linktype; /* data link type (LINKTYPE_*) */
};
struct pd_pcap_pkthdr {
struct pd_timeval ts; /* time stamp using 32 bits fields */
uint32_t caplen; /* length of portion present */
uint32_t len; /* length this packet (off wire) */
};
static inline uint16_t bswap16(uint16_t x) {
return (uint16_t)(((x & 0x00ffU) << 8) |
((x & 0xff00U) >> 8));
}
static inline uint32_t bswap32(uint32_t x) {
return ((x & 0x000000ffUL) << 24) |
((x & 0x0000ff00UL) << 8) |
((x & 0x00ff0000UL) >> 8) |
((x & 0xff000000UL) >> 24);
}
static inline uint64_t bswap64(uint64_t x) {
return ((x & 0x00000000000000ffULL) << 56) |
((x & 0x000000000000ff00ULL) << 40) |
((x & 0x0000000000ff0000ULL) << 24) |
((x & 0x00000000ff000000ULL) << 8) |
((x & 0x000000ff00000000ULL) >> 8) |
((x & 0x0000ff0000000000ULL) >> 24) |
((x & 0x00ff000000000000ULL) >> 40) |
((x & 0xff00000000000000ULL) >> 56);
}
/**
* Create a new pcap file and write pcap file with the default configuration:
* - linktype : DLT_EN10MB,
* - timezone : 0
* - snaplen : 65535
*
* If the pcap file already exists then open and points to the end of the file to continue writting data
*
* @param path path to the pcap file
* @return pointer points to the file
*/
int pd_open(const char * path);
/**
* Create a new pcap file with given linktype, timezone and snaplen
* - write a pcap header to a new file. Called by openPcapFile. Shouldn't be used outside pcap_dump.c
* @param path path to the pcap file
* @param linktype link type
* @param thiszone timezone
* @param snaplen snaplen
* @return pointer points to the file
*/
int pd_create(const char * path, int linktype, int thiszone, int snaplen);
/**
* Write a buffer into a pcap file with given timestamp
*
* @param fd points to the pcap file
* @param buf packet data
* @param len length of packet
* @param tv timestamp
* @return
*/
int pd_write(int fd, char * buf, int len, struct timeval tv);
/**
* Close a pcap file after finish writing
* @param fd points to pcap file
*/
void pd_close(int fd);
#endif //end of pcap_dump.h