/* follow.c
*
- * $Id: follow.c,v 1.17 1999/11/18 21:04:53 guy Exp $
+ * $Id: follow.c,v 1.18 1999/11/28 03:35:09 gerald Exp $
*
* Copyright 1998 Mike Hall <mlh@io.com>
*
static guint32 ip_address[2];
static u_int tcp_port[2];
-static int check_fragments( int );
-static void write_packet_data( const char *, int );
+static int check_fragments( int, tcp_stream_chunk * );
+static void write_packet_data( tcp_stream_chunk *, const char * );
/* this will build libpcap filter text that will only
pass the packets related to the stream. There is a
void
reassemble_tcp( u_long sequence, u_long length, const char* data,
u_long data_length, int synflag, address *net_src,
- address *net_dst, u_int srcport, u_int dstport ) {
+ address *net_dst, u_int srcport, u_int dstport,
+ guint32 secs, guint32 usecs) {
guint32 srcx, dstx;
int src_index, j, first = 0;
u_long newseq;
tcp_frag *tmp_frag;
+ tcp_stream_chunk sc;
+
src_index = -1;
-
+
/* first check if this packet should be processed */
if (net_src->type != AT_IPv4 || net_dst->type != AT_IPv4)
return;
(dstport != tcp_port[0] && dstport != tcp_port[1]))
return;
+ /* Initialize our stream chunk. This data gets written to disk. */
+ sc.src_addr = srcx;
+ sc.src_port = srcport;
+ sc.secs = secs;
+ sc.usecs = usecs;
+ sc.dlen = data_length;
+
/* first we check to see if we have seen this src ip before. */
for( j=0; j<2; j++ ) {
if( src[j] == srcx ) {
seq[src_index]++;
}
/* write out the packet data */
- write_packet_data( data, data_length );
+ write_packet_data( &sc, data );
return;
}
/* if we are here, we have already seen this src, let's
seq[src_index] += length;
if( synflag ) seq[src_index]++;
if( data ) {
- write_packet_data( data, data_length );
+ write_packet_data( &sc, data );
}
/* done with the packet, see if it caused a fragment to fit */
- while( check_fragments( src_index ) )
+ while( check_fragments( src_index, &sc ) )
;
}
else {
/* here we search through all the frag we have collected to see if
one fits */
static int
-check_fragments( int index ) {
+check_fragments( int index, tcp_stream_chunk *sc ) {
tcp_frag *prev = NULL;
tcp_frag *current;
current = frags[index];
if( current->seq == seq[index] ) {
/* this fragment fits the stream */
if( current->data ) {
- write_packet_data( current->data, current->data_len );
+ sc->dlen = current->data_len;
+ write_packet_data( sc, current->data );
}
seq[index] += current->len;
if( prev ) {
}
static void
-write_packet_data( const char* data, int length ) {
- fwrite( data, 1, length, data_out_file );
+write_packet_data( tcp_stream_chunk *sc, const char *data ) {
+ if (sc->dlen == 0)
+ return;
+ fwrite( sc, 1, sizeof(tcp_stream_chunk), data_out_file );
+ fwrite( data, 1, sc->dlen, data_out_file );
}