-
Notifications
You must be signed in to change notification settings - Fork 11
/
pcapfile.c
45 lines (41 loc) · 1.37 KB
/
pcapfile.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
/* simple pcap file writer (C) 2018 rofl0r */
#include <unistd.h>
#include <pcap/pcap.h>
#include "endianness.h"
#ifdef SWITCH_ENDIAN
/* if defined allows to use the opposite endian format for testing */
# define SWAP_IF_SWITCHED(X) end_bswap32(X)
# define NOT_IF_SWITCHED !
#else
# define SWAP_IF_SWITCHED(X) X
# define NOT_IF_SWITCHED
#endif
static void pcapfile_write_header_be(int outfd) {
write(outfd, "\xA1\xB2\xC3\xD4" "\x00\x02\x00\x04"
"\x00\x00\x00\x00" "\x00\x00\x00\x00"
"\x00\x04\x00\x00" "\x00\x00\x00\x7F", 24);
}
static void pcapfile_write_header_le(int outfd) {
write(outfd, "\xD4\xC3\xB2\xA1" "\x02\x00\x04\x00"
"\x00\x00\x00\x00" "\x00\x00\x00\x00"
"\x00\x00\x04\x00" "\x7F\x00\x00\x00", 24);
}
void pcapfile_write_header(int outfd) {
if (NOT_IF_SWITCHED ENDIANNESS_BE) pcapfile_write_header_be(outfd);
else pcapfile_write_header_le(outfd);
}
void pcapfile_write_packet(int outfd, struct pcap_pkthdr *h_out, const unsigned char* data) {
struct pcap_file_pkthdr {
unsigned sec_epoch;
unsigned ms_sec;
unsigned caplen;
unsigned len;
} hdr_out = {
.sec_epoch = SWAP_IF_SWITCHED(h_out->ts.tv_sec),
.ms_sec = SWAP_IF_SWITCHED(h_out->ts.tv_usec),
.caplen = SWAP_IF_SWITCHED(h_out->caplen),
.len = SWAP_IF_SWITCHED(h_out->len),
};
write(outfd, &hdr_out, sizeof hdr_out);
write(outfd, data, h_out->len);
}