Resending append feature patch yet again

["Mikhail Manuylov" <mikhail.manuilov () gmail com>]

Hello,

Recently I've browsed tcpdump-workers mailist archives and didn't found my
patch that brings append functionality to tcpdump world.
So I resending it one more time, now in mail body ( not as attachment).
If someone needs more information about the code, I'll give it.

--- savefile.c.orig Tue Aug 30 01:05:45 2005
+++ savefile.c Mon Feb 27 17:18:17 2006
@@ -42,6 +42,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <sys/stat.h>

#include "pcap-int.h"

@@ -1180,10 +1181,87 @@
(void)fwrite((char *)sp, h->caplen, 1, f);
}

+/*
+ * Stolen from pflogd ( OpenBSD packet filter logger daemon )
+ *
+ * Must read the file, compare the header against our new
+ * options (in particular, snaplen) and adjust our options so
+ * that we generate a correct file. Furthermore, check the file
+ * for consistency so that we can append safely.
+ *
+ * XXX this may take a long time for large dumps.
+*/
+int
+pcap_scan_dump(pcap_t *p, int linktype, FILE *f, off_t size, const char
*fname)
+{
+ struct pcap_file_header hdr;
+ struct pcap_sf_pkthdr ph;
+ off_t pos;
+
+ (void) fseek(f, 0L, SEEK_SET);
+
+ if (fread((char *)&hdr, sizeof(hdr), 1, f) != 1) {
+ snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
+ "Error: File %s has short file header",
+     fname);
+ return (1);
+ }
+
+ if (hdr.magic != TCPDUMP_MAGIC ||
+     hdr.version_major != PCAP_VERSION_MAJOR ||
+     hdr.version_minor != PCAP_VERSION_MINOR ||
+     hdr.linktype != linktype ||
+     hdr.snaplen > 65535) {
+ snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
+ "%s: Invalid/incompatible dump file, move it away",
+     fname);
+ return (1);
+ }
+
+ pos = sizeof(hdr);
+
+ while (!feof(f)) {
+ off_t len = fread((char *)&ph, 1, sizeof(ph), f);
+ if (len == 0)
+ break;
+
+ if (len != sizeof(ph))
+ goto error;
+ if (ph.caplen > hdr.snaplen || ph.caplen > 65535)
+ goto error;
+ pos += sizeof(ph) + ph.caplen;
+ if (pos > size)
+ goto error;
+ fseek(f, ph.caplen, SEEK_CUR);
+ }
+
+ if (pos != size)
+ goto error;
+
+ if (hdr.snaplen != p->snapshot) {
+
+ /* FIXME XXX Change snaplen to stored in header
+ * "%s: Existing file has different snaplen %u, using it",
+ */
+
+ snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
+ "%s: Existing file snaplen %u differs from supplied %u",
+     fname, hdr.snaplen, p->snapshot);
+ return (1);
+ }
+
+ return (0);
+
+ error:
+ snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s: Corrupted log file.", fname);
+ return (1);
+}
+
static pcap_dumper_t *
pcap_setup_dump(pcap_t *p, int linktype, FILE *f, const char *fname)
{
-
+ struct stat st;
+
#if defined(WIN32) || defined(MSDOS)
/*
* If we're writing to the standard output, put it in binary
@@ -1197,13 +1275,30 @@
else
setbuf(f, NULL);
#endif
- if (sf_write_header(f, linktype, p->tzoff, p->snapshot) == -1) {
- snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "Can't write to %s: %s",
-     fname, pcap_strerror(errno));
+
+ if (fstat(fileno(f), &st) == -1) {
+ snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "Can't obtain status of %s: %s",
+ fname, strerror(errno));
+ if (f != stdout)
+ (void)fclose(f);
+ return (NULL);
+ }
+
+ if (st.st_size == 0) {
+ if (sf_write_header(f, linktype, p->tzoff, p->snapshot) == -1) {
+ snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "Can't write to %s: %s",
+     fname, pcap_strerror(errno));
+ if (f != stdout)
+ (void)fclose(f);
+ return (NULL);
+ }
+ } else if (pcap_scan_dump(p, linktype, f, st.st_size, fname)) {
if (f != stdout)
(void)fclose(f);
+ /* XXX move file and continue? */
return (NULL);
}
+
return ((pcap_dumper_t *)f);
}

@@ -1229,9 +1324,9 @@
fname = "standard output";
} else {
#if !defined(WIN32) && !defined(MSDOS)
- f = fopen(fname, "w");
+ f = fopen(fname, "a+");
#else
- f = fopen(fname, "wb");
+ f = fopen(fname, "a+b");
#endif
if (f == NULL) {
snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s: %s",


--
Truly yours, Mikhail Manuilov
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.