Add -I option in editcap to extend Duplicate packet removal

Description: Ignore the specified bytes number at the beginning of the frame during MD5 hash calculation. Useful to remove duplicated packets taken on several routers or SW(differents mac addresses for example). e.g. -I 26 in case of Ether/IP/ will ignore ether(14) and IP header(20 - 4(src ip) - 4(dst ip)). The default value is 0. This option is only relevant when used with -d|-D|-w Bug: 8511 Change-Id: I009a09d32778a182b2d88f372651f658a4938882 Reviewed-on: https://code.wireshark.org/review/4104 Tested-by: Evan Huus <eapache@gmail.com> Reviewed-by: Evan Huus <eapache@gmail.com>
author: kardam <netkardam@gmail.com> 2014-09-14 03:01:05 +0200
committer: Evan Huus <eapache@gmail.com> 2014-09-20 18:11:35 +0000
commit: ba8617f0400efe47931495fc3f2502f24161dd4b (patch)
tree: e0c870ee0e9e911b67dd22f3250ea2e120e6d46b
parent: 2154e2346ed6dcbf5c7e270dbcc0f4a9a727b7a0 (diff)
2 files changed, 43 insertions, 3 deletions
diff --git a/doc/editcap.pod b/doc/editcap.pod
index f8efcb774d..bd5ea6913a 100644
--- a/doc/editcap.pod
+++ b/doc/editcap.pod
@@ -30,6 +30,7 @@ S< B<-d> > |
 S< B<-D> E<lt>dup windowE<gt> > |
 S< B<-w> E<lt>dup time windowE<gt> >
 S<[ B<-v> ]>
+S<[ B<-I> E<lt>bytes to ignoreE<gt> ]>
 I<infile>
 I<outfile>
 
@@ -165,6 +166,13 @@ be created with a suffix -nnnnn, starting with 00000. If packets for the specifi
 time interval are written to the output file, the next output file is
 opened. The default is to use a single output file.
 
+=item -I  E<lt>bytes to ignoreE<gt>
+
+Ignore the specified bytes number at the beginning of the frame during MD5 hash calculation
+Useful to remove duplicated packets taken on several routers(differents mac addresses for example)
+e.g. -I 26 in case of Ether/IP/ will ignore ether(14) and IP header(20 - 4(src ip) - 4(dst ip)).
+The default value is 0.
+
 =item -L
 
 Adjust the original frame length accordingly when chopping and/or snapping
diff --git a/editcap.c b/editcap.c
index 7d0381cdcc..2c7ca66128 100644
--- a/editcap.c
+++ b/editcap.c
@@ -121,6 +121,8 @@ static fd_hash_t fd_hash[MAX_DUP_DEPTH];
 static int       dup_window    = DEFAULT_DUP_DEPTH;
 static int       cur_dup_entry = 0;
 
+static int       ignored_bytes  = 0;  /* Used with -I */
+
 #define ONE_MILLION    1000000
 #define ONE_BILLION 1000000000
 
@@ -540,13 +542,20 @@ is_duplicate(guint8* fd, guint32 len) {
     int i;
     md5_state_t ms;
 
+    /*Hint to ignore some bytes at the start of the frame for the digest calculation(-I option) */
+    guint32 new_len;
+    guint8 *new_fd;
+
+    new_fd  = &fd[ignored_bytes];
+    new_len = len - (ignored_bytes);
+
     cur_dup_entry++;
     if (cur_dup_entry >= dup_window)
         cur_dup_entry = 0;
 
     /* Calculate our digest */
     md5_init(&ms);
-    md5_append(&ms, fd, len);
+    md5_append(&ms, new_fd, new_len);
     md5_finish(&ms, fd_hash[cur_dup_entry].digest);
 
     fd_hash[cur_dup_entry].len = len;
@@ -570,13 +579,20 @@ is_duplicate_rel_time(guint8* fd, guint32 len, const nstime_t *current) {
     int i;
     md5_state_t ms;
 
+    /*Hint to ignore some bytes at the start of the frame for the digest calculation(-I option) */
+    guint32 new_len;
+    guint8 *new_fd;
+
+    new_fd  = &fd[ignored_bytes];
+    new_len = len - (ignored_bytes);
+
     cur_dup_entry++;
     if (cur_dup_entry >= dup_window)
         cur_dup_entry = 0;
 
     /* Calculate our digest */
     md5_init(&ms);
-    md5_append(&ms, fd, len);
+    md5_append(&ms, new_fd, new_len);
     md5_finish(&ms, fd_hash[cur_dup_entry].digest);
 
     fd_hash[cur_dup_entry].len = len;
@@ -710,6 +726,14 @@ print_usage(FILE *output)
     fprintf(output, "                         A <dup time window> is specified in relative seconds\n");
     fprintf(output, "                         (e.g. 0.000001).\n");
     fprintf(output, "\n");
+    fprintf(output, "  -I <bytes to ignore>   ignore the specified bytes at the beginning of\n");
+    fprintf(output, "                         the frame during MD5 hash calculation\n");
+    fprintf(output, "                         Useful to remove duplicated packets taken on\n");
+    fprintf(output, "                         several routers(differents mac addresses for \n");
+    fprintf(output, "                         example)\n");
+    fprintf(output, "                         e.g. -I 26 in case of Ether/IP/ will ignore \n");
+    fprintf(output, "                         ether(14) and IP header(20 - 4(src ip) - 4(dst ip)).\n");
+    fprintf(output, "\n");
     fprintf(output, "           NOTE: The use of the 'Duplicate packet removal' options with\n");
     fprintf(output, "           other editcap options except -v may not always work as expected.\n");
     fprintf(output, "           Specifically the -r, -t or -S options will very likely NOT have the\n");
@@ -960,7 +984,7 @@ main(int argc, char *argv[])
 #endif
 
     /* Process the options */
-    while ((opt = getopt_long(argc, argv, "A:B:c:C:dD:E:F:hi:Lrs:S:t:T:vVw:", long_options, NULL)) != -1) {
+    while ((opt = getopt_long(argc, argv, "A:B:c:C:dD:E:F:hi:I:Lrs:S:t:T:vVw:", long_options, NULL)) != -1) {
         switch (opt) {
         case 'A':
         {
@@ -1108,6 +1132,14 @@ main(int argc, char *argv[])
             }
             break;
 
+        case 'I': /* ignored_bytes at the beginning of the frame for duplications removal */
+            ignored_bytes = atoi(optarg);
+            if(ignored_bytes <= 0) {
+                fprintf(stderr, "editcap: \"%s\" isn't a valid number of bytes to ignore\n", optarg);
+                exit(1);
+            }
+            break;
+
         case 'L':
             adjlen = TRUE;
             break;
author	kardam <netkardam@gmail.com>	2014-09-14 03:01:05 +0200
committer	Evan Huus <eapache@gmail.com>	2014-09-20 18:11:35 +0000
commit	ba8617f0400efe47931495fc3f2502f24161dd4b (patch)
tree	e0c870ee0e9e911b67dd22f3250ea2e120e6d46b
parent	2154e2346ed6dcbf5c7e270dbcc0f4a9a727b7a0 (diff)