Adding editcap.c. This is an example of a simple wiretap editing program.

Will need new functions in wiretap before I can do more. Should perhaps be moved into an examples directory and have other bots added. svn path=/trunk/; revision=1206
author: Richard Sharpe <sharpe@ns.aus.com> 1999-12-04 12:53:52 +0000
committer: Richard Sharpe <sharpe@ns.aus.com> 1999-12-04 12:53:52 +0000
commit: ad33fe84a7c15b1dadfb57cbc5a6588dd9033a1f (patch)
tree: ca4f8b95fc8b6eb87525e9ca0b82a28d41d1b8c5 /editcap.c
parent: aef39cc00fbb22e3182d7dec9d29de501fea0e38 (diff)
1 files changed, 174 insertions, 0 deletions
diff --git a/editcap.c b/editcap.c
new file mode 100644
index 0000000000..264c915138
--- /dev/null
+++ b/editcap.c
@@ -0,0 +1,174 @@
+/* Edit capture files.  We can delete records, or simply convert from one 
+ * format to another format (at the moment, only output format is libpcap)
+ *
+ * Originally written by Richard Sharpe.
+ * Improved by Guy Harris.
+ */
+
+#include <stdio.h>
+#include <glib.h>
+#include <unistd.h>
+#include <sys/time.h>
+#include "wtap.h"
+
+/*
+ * Some globals so we can pass things to various routines
+ */
+
+int selectfrm[100], max_selected = -1;
+static int count = 1;
+static int keep_em = 0;
+static int out_file_type = WTAP_FILE_PCAP;
+static int out_frame_type = -2;   /* Leave frame type alone */
+
+/* Was the record selected? */
+
+int selected(int recno)
+{
+  int i = 0;
+
+  for (i = 0; i<= max_selected; i++) {
+
+    if (recno == selectfrm[i]) return 1;
+
+  }
+
+  return 0;
+
+}
+
+/* An argument to the callback routine */
+
+typedef struct {
+	char	*filename;
+	wtap_dumper *pdh;
+} callback_arg;
+
+/*
+ *The callback routine that is called for each frame in the input file
+ */
+
+static void
+edit_callback(u_char *user, const struct wtap_pkthdr *phdr, int offset,
+    const u_char *buf) 
+{
+  callback_arg *argp = (callback_arg *)user;
+  int err;
+
+  if ((!selected(count) && !keep_em) ||
+      (selected(count) && keep_em)) {
+
+    printf("Record: %u\n", count);
+
+    /* We simply write it, we could do other things, like modify it */
+
+    if (!wtap_dump(argp->pdh, phdr, buf, &err)) {
+
+      fprintf(stderr, "editpcap: Error writing to %s: %s\n", argp->filename,
+        wtap_strerror(err));
+      exit(1);
+
+    }
+
+  }
+
+  count++;
+
+}
+
+void usage()
+{
+
+  fprintf(stderr, "Usage: editpcap [-r] [-T <encap type>] [-F <capture type>]  <infile> <outfile>\\\n");
+  fprintf(stderr, "                [ <record#> ... ]\n");
+  fprintf(stderr, "  where\t-r specifies that the records specified should be kept, not deleted, \n");
+  fprintf(stderr, "                           default is to delete\n");
+  fprintf(stderr, "       \t-T <encap type> specified the encapsulation type\n");
+  fprintf(stderr, "       \t-F <capture type> specifies the capture file type\n");
+}
+
+int main(int argc, char *argv[])
+
+{
+  wtap *wth;
+  int read_bytes, pcnt = 0, i, err;
+  callback_arg args;
+  extern char *optarg;
+  extern int optind, opterr, optopt;
+  char opt;
+
+  /* Process the options first */
+
+  while ((opt = getopt(argc, argv, "T:F:r")) != EOF) {
+
+    switch (opt) {
+
+    case 'T':
+      out_frame_type = atoi(optarg);
+      break;
+      
+    case 'F':
+      out_file_type = atoi(optarg);
+      break;
+
+    case 'r':
+      keep_em = !keep_em;  /* Just invert */
+      break;
+
+    case '?':              /* Bad options if GNU getopt */
+      usage();
+      exit(1);
+      break;
+
+    }
+
+  }
+
+  printf("Optind = %i, argc = %i\n", optind, argc);
+
+  if ((argc - optind) < 2) {
+
+    usage();
+    exit(1);
+
+  }
+
+  wth = wtap_open_offline(argv[optind], &err);
+
+  if (!wth) {
+
+    fprintf(stderr, "editpcap: Can't open %s: %s\n", argv[optind],
+        wtap_strerror(err));
+    exit(1);
+
+  }
+
+  args.filename = argv[optind + 1];
+  if (out_frame_type == -2)
+    out_frame_type = wtap_file_encap(wth);
+
+  args.pdh = wtap_dump_open(argv[optind + 1], out_file_type,
+		out_frame_type, wtap_snapshot_length(wth), &err);
+  if (args.pdh == NULL) {
+
+    fprintf(stderr, "editpcap: Can't open or create %s: %s\n", argv[optind+1],
+        wtap_strerror(err));
+    exit(1);
+
+  }
+
+  for (i = optind + 2; i < argc; i++)
+    selectfrm[++max_selected] = atoi(argv[i]);
+
+  wtap_loop(wth, 0, edit_callback, (char *)&args, &err);
+
+  if (!wtap_dump_close(args.pdh, &err)) {
+
+    fprintf(stderr, "editpcap: Error writing to %s: %s\n", argv[2],
+        wtap_strerror(err));
+    exit(1);
+
+  }
+  exit(0);
+}
+
author	Richard Sharpe <sharpe@ns.aus.com>	1999-12-04 12:53:52 +0000
committer	Richard Sharpe <sharpe@ns.aus.com>	1999-12-04 12:53:52 +0000
commit	ad33fe84a7c15b1dadfb57cbc5a6588dd9033a1f (patch)
tree	ca4f8b95fc8b6eb87525e9ca0b82a28d41d1b8c5 /editcap.c
parent	aef39cc00fbb22e3182d7dec9d29de501fea0e38 (diff)