diff options
-rw-r--r-- | doc/editcap.pod | 8 | ||||
-rw-r--r-- | editcap.c | 38 |
2 files changed, 43 insertions, 3 deletions
diff --git a/doc/editcap.pod b/doc/editcap.pod index f8efcb774d..bd5ea6913a 100644 --- a/doc/editcap.pod +++ b/doc/editcap.pod @@ -30,6 +30,7 @@ S< B<-d> > | S< B<-D> E<lt>dup windowE<gt> > | S< B<-w> E<lt>dup time windowE<gt> > S<[ B<-v> ]> +S<[ B<-I> E<lt>bytes to ignoreE<gt> ]> I<infile> I<outfile> @@ -165,6 +166,13 @@ be created with a suffix -nnnnn, starting with 00000. If packets for the specifi time interval are written to the output file, the next output file is opened. The default is to use a single output file. +=item -I E<lt>bytes to ignoreE<gt> + +Ignore the specified bytes number at the beginning of the frame during MD5 hash calculation +Useful to remove duplicated packets taken on several routers(differents mac addresses for example) +e.g. -I 26 in case of Ether/IP/ will ignore ether(14) and IP header(20 - 4(src ip) - 4(dst ip)). +The default value is 0. + =item -L Adjust the original frame length accordingly when chopping and/or snapping @@ -121,6 +121,8 @@ static fd_hash_t fd_hash[MAX_DUP_DEPTH]; static int dup_window = DEFAULT_DUP_DEPTH; static int cur_dup_entry = 0; +static int ignored_bytes = 0; /* Used with -I */ + #define ONE_MILLION 1000000 #define ONE_BILLION 1000000000 @@ -540,13 +542,20 @@ is_duplicate(guint8* fd, guint32 len) { int i; md5_state_t ms; + /*Hint to ignore some bytes at the start of the frame for the digest calculation(-I option) */ + guint32 new_len; + guint8 *new_fd; + + new_fd = &fd[ignored_bytes]; + new_len = len - (ignored_bytes); + cur_dup_entry++; if (cur_dup_entry >= dup_window) cur_dup_entry = 0; /* Calculate our digest */ md5_init(&ms); - md5_append(&ms, fd, len); + md5_append(&ms, new_fd, new_len); md5_finish(&ms, fd_hash[cur_dup_entry].digest); fd_hash[cur_dup_entry].len = len; @@ -570,13 +579,20 @@ is_duplicate_rel_time(guint8* fd, guint32 len, const nstime_t *current) { int i; md5_state_t ms; + /*Hint to ignore some bytes at the start of the frame for the digest calculation(-I option) */ + guint32 new_len; + guint8 *new_fd; + + new_fd = &fd[ignored_bytes]; + new_len = len - (ignored_bytes); + cur_dup_entry++; if (cur_dup_entry >= dup_window) cur_dup_entry = 0; /* Calculate our digest */ md5_init(&ms); - md5_append(&ms, fd, len); + md5_append(&ms, new_fd, new_len); md5_finish(&ms, fd_hash[cur_dup_entry].digest); fd_hash[cur_dup_entry].len = len; @@ -710,6 +726,14 @@ print_usage(FILE *output) fprintf(output, " A <dup time window> is specified in relative seconds\n"); fprintf(output, " (e.g. 0.000001).\n"); fprintf(output, "\n"); + fprintf(output, " -I <bytes to ignore> ignore the specified bytes at the beginning of\n"); + fprintf(output, " the frame during MD5 hash calculation\n"); + fprintf(output, " Useful to remove duplicated packets taken on\n"); + fprintf(output, " several routers(differents mac addresses for \n"); + fprintf(output, " example)\n"); + fprintf(output, " e.g. -I 26 in case of Ether/IP/ will ignore \n"); + fprintf(output, " ether(14) and IP header(20 - 4(src ip) - 4(dst ip)).\n"); + fprintf(output, "\n"); fprintf(output, " NOTE: The use of the 'Duplicate packet removal' options with\n"); fprintf(output, " other editcap options except -v may not always work as expected.\n"); fprintf(output, " Specifically the -r, -t or -S options will very likely NOT have the\n"); @@ -960,7 +984,7 @@ main(int argc, char *argv[]) #endif /* Process the options */ - while ((opt = getopt_long(argc, argv, "A:B:c:C:dD:E:F:hi:Lrs:S:t:T:vVw:", long_options, NULL)) != -1) { + while ((opt = getopt_long(argc, argv, "A:B:c:C:dD:E:F:hi:I:Lrs:S:t:T:vVw:", long_options, NULL)) != -1) { switch (opt) { case 'A': { @@ -1108,6 +1132,14 @@ main(int argc, char *argv[]) } break; + case 'I': /* ignored_bytes at the beginning of the frame for duplications removal */ + ignored_bytes = atoi(optarg); + if(ignored_bytes <= 0) { + fprintf(stderr, "editcap: \"%s\" isn't a valid number of bytes to ignore\n", optarg); + exit(1); + } + break; + case 'L': adjlen = TRUE; break; |