tcpdump mailing list archives
Resending append feature patch yet again
From: "Mikhail Manuylov" <mikhail.manuilov () gmail com>
Date: Fri, 17 Mar 2006 15:31:28 +0300
Hello, Recently I've browsed tcpdump-workers mailist archives and didn't found my patch that brings append functionality to tcpdump world. So I resending it one more time, now in mail body ( not as attachment). If someone needs more information about the code, I'll give it. --- savefile.c.orig Tue Aug 30 01:05:45 2005 +++ savefile.c Mon Feb 27 17:18:17 2006 @@ -42,6 +42,7 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <sys/stat.h> #include "pcap-int.h" @@ -1180,10 +1181,87 @@ (void)fwrite((char *)sp, h->caplen, 1, f); } +/* + * Stolen from pflogd ( OpenBSD packet filter logger daemon ) + * + * Must read the file, compare the header against our new + * options (in particular, snaplen) and adjust our options so + * that we generate a correct file. Furthermore, check the file + * for consistency so that we can append safely. + * + * XXX this may take a long time for large dumps. +*/ +int +pcap_scan_dump(pcap_t *p, int linktype, FILE *f, off_t size, const char *fname) +{ + struct pcap_file_header hdr; + struct pcap_sf_pkthdr ph; + off_t pos; + + (void) fseek(f, 0L, SEEK_SET); + + if (fread((char *)&hdr, sizeof(hdr), 1, f) != 1) { + snprintf(p->errbuf, PCAP_ERRBUF_SIZE, + "Error: File %s has short file header", + fname); + return (1); + } + + if (hdr.magic != TCPDUMP_MAGIC || + hdr.version_major != PCAP_VERSION_MAJOR || + hdr.version_minor != PCAP_VERSION_MINOR || + hdr.linktype != linktype || + hdr.snaplen > 65535) { + snprintf(p->errbuf, PCAP_ERRBUF_SIZE, + "%s: Invalid/incompatible dump file, move it away", + fname); + return (1); + } + + pos = sizeof(hdr); + + while (!feof(f)) { + off_t len = fread((char *)&ph, 1, sizeof(ph), f); + if (len == 0) + break; + + if (len != sizeof(ph)) + goto error; + if (ph.caplen > hdr.snaplen || ph.caplen > 65535) + goto error; + pos += sizeof(ph) + ph.caplen; + if (pos > size) + goto error; + fseek(f, ph.caplen, SEEK_CUR); + } + + if (pos != size) + goto error; + + if (hdr.snaplen != p->snapshot) { + + /* FIXME XXX Change snaplen to stored in header + * "%s: Existing file has different snaplen %u, using it", + */ + + snprintf(p->errbuf, PCAP_ERRBUF_SIZE, + "%s: Existing file snaplen %u differs from supplied %u", + fname, hdr.snaplen, p->snapshot); + return (1); + } + + return (0); + + error: + snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s: Corrupted log file.", fname); + return (1); +} + static pcap_dumper_t * pcap_setup_dump(pcap_t *p, int linktype, FILE *f, const char *fname) { - + struct stat st; + #if defined(WIN32) || defined(MSDOS) /* * If we're writing to the standard output, put it in binary @@ -1197,13 +1275,30 @@ else setbuf(f, NULL); #endif - if (sf_write_header(f, linktype, p->tzoff, p->snapshot) == -1) { - snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "Can't write to %s: %s", - fname, pcap_strerror(errno)); + + if (fstat(fileno(f), &st) == -1) { + snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "Can't obtain status of %s: %s", + fname, strerror(errno)); + if (f != stdout) + (void)fclose(f); + return (NULL); + } + + if (st.st_size == 0) { + if (sf_write_header(f, linktype, p->tzoff, p->snapshot) == -1) { + snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "Can't write to %s: %s", + fname, pcap_strerror(errno)); + if (f != stdout) + (void)fclose(f); + return (NULL); + } + } else if (pcap_scan_dump(p, linktype, f, st.st_size, fname)) { if (f != stdout) (void)fclose(f); + /* XXX move file and continue? */ return (NULL); } + return ((pcap_dumper_t *)f); } @@ -1229,9 +1324,9 @@ fname = "standard output"; } else { #if !defined(WIN32) && !defined(MSDOS) - f = fopen(fname, "w"); + f = fopen(fname, "a+"); #else - f = fopen(fname, "wb"); + f = fopen(fname, "a+b"); #endif if (f == NULL) { snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s: %s", -- Truly yours, Mikhail Manuilov - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- Resending append feature patch yet again Mikhail Manuylov (Mar 17)