rewind a capture file

[rixed () happyleptic org]

I'd like to be able to read a pcap in a loop.

There are two options I know of:

- either close the pcap_handle when the pcap_dispatch/pcap_next function
  returns the error-code for signaling end of file, and reopen it.

- or retrieve the pcap FILE* with pcap_file(), and rewind by hand (ie. seek
  after end of the global pcap header at offset 24, or getpos at first packet
  and setpos later to rewind).

It's inconvenient for me to simulate looping by closing/reopening the pcap
file so I implemented the alternative (reset the file handle position), but it
seams a little odd to do this kind of things by hand, and does not seams
particularly future-proof since it assumes that the file current offset is set
to next packet position, and that the file is actually not already closed when
the end of file error code is returned.

Is there a better way to do this? Is there a proper way to find out the file
header's size? Also, out of curiosity, what was the intended use of
pcap_file() in the first place?

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.