+gboolean
+libpcap_write_session_header_block(FILE *fp,
+ const char *appname,
+ long *bytes_written,
+ int *err)
+{
+ struct shb shb;
+ struct option option;
+ guint32 block_total_length;
+ const guint32 padding = 0;
+
+ block_total_length = sizeof(struct shb) +
+ sizeof(guint32);
+ if ((strlen(appname) > 0) && (strlen(appname) < G_MAXUINT16)) {
+ block_total_length += 2 * sizeof(struct option) +
+ (guint16)(ADD_PADDING(strlen(appname) + 1));
+ }
+ /* write shb header */
+ shb.block_type = SECTION_HEADER_BLOCK_TYPE;
+ shb.block_total_length = block_total_length;
+ shb.byte_order_magic = PCAPNG_MAGIC;
+ shb.major_version = PCAPNG_MAJOR_VERSION;
+ shb.minor_version = PCAPNG_MINOR_VERSION;
+ shb.section_length = -1;
+ WRITE_DATA(fp, &shb, sizeof(struct shb), *bytes_written, err);
+
+ if ((strlen(appname) > 0) && (strlen(appname) < G_MAXUINT16)) {
+ /* write shb_userappl options */
+ option.type = SHB_USERAPPL;
+ option.value_length = (guint16)(strlen(appname) + 1);
+ WRITE_DATA(fp, &option, sizeof(struct option), *bytes_written, err);
+ WRITE_DATA(fp, appname, strlen(appname) + 1, *bytes_written, err);
+ if ((strlen(appname) + 1) % 4) {
+ WRITE_DATA(fp, &padding, 4 - (strlen(appname) + 1) % 4, *bytes_written, err);
+ }
+ /* write last option */
+ option.type = OPT_ENDOFOPT;
+ option.value_length = 0;
+ WRITE_DATA(fp, &option, sizeof(struct option), *bytes_written, err);
+ }
+ /* write the trailing block total length */
+ WRITE_DATA(fp, &block_total_length, sizeof(guint32), *bytes_written, err);
+ return TRUE;
+}
+
+gboolean
+libpcap_write_interface_description_block(FILE *fp,
+ const char *name,
+ const char *filter,
+ int link_type,
+ int snap_len,
+ long *bytes_written,
+ int *err)
+{
+ struct idb idb;
+ struct option option;
+ guint32 block_total_length;
+ const guint32 padding = 0;
+
+ block_total_length = sizeof(struct idb) + sizeof(guint32);
+ if ((strlen(name) > 0) && (strlen(name) < G_MAXUINT16)) {
+ block_total_length += sizeof(struct option) +
+ (guint16)(ADD_PADDING(strlen(name) + 1));
+ }
+ if ((strlen(filter) > 0) && (strlen(filter) < G_MAXUINT16)) {
+ block_total_length += sizeof(struct option) +
+ (guint16)(ADD_PADDING(strlen(filter) + 1));
+ }
+ if (((strlen(name) > 0) && (strlen(name) < G_MAXUINT16)) ||
+ ((strlen(filter) > 0) && (strlen(filter) < G_MAXUINT16))) {
+ block_total_length += sizeof(struct option);
+ }
+ /* write block header */
+ idb.block_type = INTERFACE_DESCRIPTION_BLOCK_TYPE;
+ idb.block_total_length = block_total_length;
+ idb.link_type = link_type;
+ idb.reserved = 0;
+ idb.snap_len = snap_len;
+ WRITE_DATA(fp, &idb, sizeof(struct idb), *bytes_written, err);
+ /* write interface name string if applicable */
+ if ((strlen(name) > 0) && (strlen(name) < G_MAXUINT16)) {
+ option.type = IDB_NAME;
+ option.value_length = (guint16)(strlen(name) + 1);
+ WRITE_DATA(fp, &option, sizeof(struct option), *bytes_written, err);
+ WRITE_DATA(fp, name, strlen(name) + 1, *bytes_written, err);
+ if ((strlen(name) + 1) % 4) {
+ WRITE_DATA(fp, &padding, 4 - (strlen(name) + 1) % 4 , *bytes_written, err);
+ }
+ }
+ /* write filter string if applicable */
+ if ((strlen(filter) > 0) && (strlen(filter) < G_MAXUINT16)) {
+ option.type = IDB_FILTER;
+ option.value_length = (guint16)(strlen(filter) + 1);
+ WRITE_DATA(fp, &option, sizeof(struct option), *bytes_written, err);
+ WRITE_DATA(fp, filter, strlen(filter) + 1, *bytes_written, err);
+ if ((strlen(filter) + 1) % 4) {
+ WRITE_DATA(fp, &padding, 4 - (strlen(filter) + 1) % 4 , *bytes_written, err);
+ }
+ }
+ /* write endofopt option if there were any options */
+ if (((strlen(name) > 0) && (strlen(name) < G_MAXUINT16)) ||
+ ((strlen(filter) > 0) && (strlen(filter) < G_MAXUINT16))) {
+ option.type = OPT_ENDOFOPT;
+ option.value_length = 0;
+ WRITE_DATA(fp, &option, sizeof(struct option), *bytes_written, err);
+ }
+ /* write the trailing Block Total Length */
+ WRITE_DATA(fp, &block_total_length, sizeof(guint32), *bytes_written, err);
+ return TRUE;
+}
+
+/* Write a record for a packet to a dump file.
+ Returns TRUE on success, FALSE on failure. */
+gboolean
+libpcap_write_enhanced_packet_block(FILE *fp,
+ const struct pcap_pkthdr *phdr,
+ guint32 interface_id,
+ const u_char *pd,
+ long *bytes_written,
+ int *err)
+{
+ struct epb epb;
+ guint32 block_total_length;
+ guint64 timestamp;
+ const guint32 padding = 0;
+
+ block_total_length = sizeof(struct epb) +
+ ADD_PADDING(phdr->caplen) +
+ sizeof(guint32);
+ timestamp = (guint64)(phdr->ts.tv_sec) * 1000000 +
+ (guint64)(phdr->ts.tv_usec);
+ epb.block_type = ENHANCED_PACKET_BLOCK_TYPE;
+ epb.block_total_length = block_total_length;
+ epb.interface_id = interface_id;
+ epb.timestamp_high = (guint32)((timestamp>>32) & 0xffffffff);
+ epb.timestamp_low = (guint32)(timestamp & 0xffffffff);
+ epb.captured_len = phdr->caplen;
+ epb.packet_len = phdr->len;
+ WRITE_DATA(fp, &epb, sizeof(struct epb), *bytes_written, err);
+ WRITE_DATA(fp, pd, phdr->caplen, *bytes_written, err);
+ if (phdr->caplen % 4) {
+ WRITE_DATA(fp, &padding, 4 - phdr->caplen % 4, *bytes_written, err);
+ }
+ WRITE_DATA(fp, &block_total_length, sizeof(guint32), *bytes_written, err);
+ return TRUE;
+}
+
+gboolean
+libpcap_write_interface_statistics_block(FILE *fp,
+ guint32 interface_id,
+ pcap_t *pd,
+ long *bytes_written,
+ int *err)
+{
+ struct isb isb;
+#ifdef _WIN32
+ FILETIME now;
+#else
+ struct timeval now;
+#endif
+ struct option option;
+ struct pcap_stat stats;
+ guint32 block_total_length;
+ guint64 timestamp;
+ guint64 counter;
+ gboolean stats_retrieved;
+
+#ifdef _WIN32
+ /*
+ * Current time, represented as 100-nanosecond intervals since
+ * January 1, 1601, 00:00:00 UTC.
+ *
+ * I think DWORD might be signed, so cast both parts of "now"
+ * to guint32 so that the sign bit doesn't get treated specially.
+ */
+ GetSystemTimeAsFileTime(&now);
+ timestamp = (((guint64)(guint32)now.dwHighDateTime) << 32) +
+ (guint32)now.dwLowDateTime;
+
+ /*
+ * Convert to same thing but as 1-microsecond, i.e. 1000-nanosecond,
+ * intervals.
+ */
+ timestamp /= 10;
+
+ /*
+ * Subtract difference, in microseconds, between January 1, 1601
+ * 00:00:00 UTC and January 1, 1970, 00:00:00 UTC.
+ */
+ timestamp -= G_GINT64_CONSTANT(11644473600000000U);
+#else
+ /*
+ * Current time, represented as seconds and microseconds since
+ * January 1, 1970, 00:00:00 UTC.
+ */
+ gettimeofday(&now, NULL);
+
+ /*
+ * Convert to delta in microseconds.
+ */
+ timestamp = (guint64)(now.tv_sec) * 1000000 +
+ (guint64)(now.tv_usec);
+#endif
+ if (pcap_stats(pd, &stats) < 0) {
+ stats_retrieved = FALSE;
+ g_warning("pcap_stats() failed.");
+ } else {
+ stats_retrieved = TRUE;
+ }
+ block_total_length = sizeof(struct isb) +
+ sizeof(guint32);
+ if (stats_retrieved) {
+ block_total_length += 3 * sizeof(struct option) + 2 * sizeof(guint64);
+ }
+ isb.block_type = INTERFACE_STATISTICS_BLOCK_TYPE;
+ isb.block_total_length = block_total_length;
+ isb.interface_id = interface_id;
+ isb.timestamp_high = (guint32)((timestamp>>32) & 0xffffffff);
+ isb.timestamp_low = (guint32)(timestamp & 0xffffffff);
+ WRITE_DATA(fp, &isb, sizeof(struct isb), *bytes_written, err);
+ if (stats_retrieved) {
+ /* */
+ option.type = ISB_IFRECV;
+ option.value_length = sizeof(guint64);
+ counter = stats.ps_recv;
+ WRITE_DATA(fp, &option, sizeof(struct option), *bytes_written, err);
+ WRITE_DATA(fp, &counter, sizeof(guint64), *bytes_written, err);
+ /* */
+ option.type = ISB_IFDROP;
+ option.value_length = sizeof(guint64);
+ counter = stats.ps_drop;
+ WRITE_DATA(fp, &option, sizeof(struct option), *bytes_written, err);
+ WRITE_DATA(fp, &counter, sizeof(guint64), *bytes_written, err);
+ /* last option */
+ option.type = OPT_ENDOFOPT;
+ option.value_length = 0;
+ WRITE_DATA(fp, &option, sizeof(struct option), *bytes_written, err);
+ }
+ WRITE_DATA(fp, &block_total_length, sizeof(guint32), *bytes_written, err);
+
+ return TRUE;
+}
+
git.samba.org / obnox / wireshark / wip.git / blobdiff