From ad33fe84a7c15b1dadfb57cbc5a6588dd9033a1f Mon Sep 17 00:00:00 2001 From: Richard Sharpe Date: Sat, 4 Dec 1999 12:53:52 +0000 Subject: Adding editcap.c. This is an example of a simple wiretap editing program. Will need new functions in wiretap before I can do more. Should perhaps be moved into an examples directory and have other bots added. svn path=/trunk/; revision=1206 --- editcap.c | 174 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 174 insertions(+) create mode 100644 editcap.c (limited to 'editcap.c') diff --git a/editcap.c b/editcap.c new file mode 100644 index 0000000000..264c915138 --- /dev/null +++ b/editcap.c @@ -0,0 +1,174 @@ +/* Edit capture files. We can delete records, or simply convert from one + * format to another format (at the moment, only output format is libpcap) + * + * Originally written by Richard Sharpe. + * Improved by Guy Harris. + */ + +#include +#include +#include +#include +#include "wtap.h" + +/* + * Some globals so we can pass things to various routines + */ + +int selectfrm[100], max_selected = -1; +static int count = 1; +static int keep_em = 0; +static int out_file_type = WTAP_FILE_PCAP; +static int out_frame_type = -2; /* Leave frame type alone */ + +/* Was the record selected? */ + +int selected(int recno) +{ + int i = 0; + + for (i = 0; i<= max_selected; i++) { + + if (recno == selectfrm[i]) return 1; + + } + + return 0; + +} + +/* An argument to the callback routine */ + +typedef struct { + char *filename; + wtap_dumper *pdh; +} callback_arg; + +/* + *The callback routine that is called for each frame in the input file + */ + +static void +edit_callback(u_char *user, const struct wtap_pkthdr *phdr, int offset, + const u_char *buf) +{ + callback_arg *argp = (callback_arg *)user; + int err; + + if ((!selected(count) && !keep_em) || + (selected(count) && keep_em)) { + + printf("Record: %u\n", count); + + /* We simply write it, we could do other things, like modify it */ + + if (!wtap_dump(argp->pdh, phdr, buf, &err)) { + + fprintf(stderr, "editpcap: Error writing to %s: %s\n", argp->filename, + wtap_strerror(err)); + exit(1); + + } + + } + + count++; + +} + +void usage() +{ + + fprintf(stderr, "Usage: editpcap [-r] [-T ] [-F ] \\\n"); + fprintf(stderr, " [ ... ]\n"); + fprintf(stderr, " where\t-r specifies that the records specified should be kept, not deleted, \n"); + fprintf(stderr, " default is to delete\n"); + fprintf(stderr, " \t-T specified the encapsulation type\n"); + fprintf(stderr, " \t-F specifies the capture file type\n"); +} + +int main(int argc, char *argv[]) + +{ + wtap *wth; + int read_bytes, pcnt = 0, i, err; + callback_arg args; + extern char *optarg; + extern int optind, opterr, optopt; + char opt; + + /* Process the options first */ + + while ((opt = getopt(argc, argv, "T:F:r")) != EOF) { + + switch (opt) { + + case 'T': + out_frame_type = atoi(optarg); + break; + + case 'F': + out_file_type = atoi(optarg); + break; + + case 'r': + keep_em = !keep_em; /* Just invert */ + break; + + case '?': /* Bad options if GNU getopt */ + usage(); + exit(1); + break; + + } + + } + + printf("Optind = %i, argc = %i\n", optind, argc); + + if ((argc - optind) < 2) { + + usage(); + exit(1); + + } + + wth = wtap_open_offline(argv[optind], &err); + + if (!wth) { + + fprintf(stderr, "editpcap: Can't open %s: %s\n", argv[optind], + wtap_strerror(err)); + exit(1); + + } + + args.filename = argv[optind + 1]; + if (out_frame_type == -2) + out_frame_type = wtap_file_encap(wth); + + args.pdh = wtap_dump_open(argv[optind + 1], out_file_type, + out_frame_type, wtap_snapshot_length(wth), &err); + if (args.pdh == NULL) { + + fprintf(stderr, "editpcap: Can't open or create %s: %s\n", argv[optind+1], + wtap_strerror(err)); + exit(1); + + } + + for (i = optind + 2; i < argc; i++) + selectfrm[++max_selected] = atoi(argv[i]); + + wtap_loop(wth, 0, edit_callback, (char *)&args, &err); + + if (!wtap_dump_close(args.pdh, &err)) { + + fprintf(stderr, "editpcap: Error writing to %s: %s\n", argv[2], + wtap_strerror(err)); + exit(1); + + } + exit(0); +} + -- cgit v1.2.3