Skip to content

Commit

Permalink
Merge pull request #43 from space-jam-/fix-extract-merge
Browse files Browse the repository at this point in the history
Fix extract merge
  • Loading branch information
space-jam- authored Mar 19, 2021
2 parents 35d73eb + ac0159a commit 9d40f4c
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 33 deletions.
28 changes: 19 additions & 9 deletions tools/data_structs/pcap_buff.c
Original file line number Diff line number Diff line change
Expand Up @@ -46,18 +46,11 @@ buff_error_t pcap_buff_from_file(pcap_buff_t* pcap_buff, char* filename)
return BUFF_ENONE;
}

pkt_info_t pcap_buff_next_packet(pcap_buff_t* pcap_buff)
pkt_info_t pcap_buff_get_info(pcap_buff_t* pcap_buff)
{
pcap_pkthdr_t* curr_hdr = pcap_buff->hdr;

if(curr_hdr == NULL){
if(pcap_buff->hdr == NULL){
pcap_buff->hdr = (pcap_pkthdr_t*)(pcap_buff->_buff->data + sizeof(pcap_file_header_t));
pcap_buff->idx = 0;
} else {
const int64_t curr_cap_len = curr_hdr->caplen;
pcap_pkthdr_t* next_hdr = (pcap_pkthdr_t*)((char*)(curr_hdr+1) + curr_cap_len);
pcap_buff->hdr = next_hdr;
pcap_buff->idx++;
}

pcap_buff->pkt = (char*)(pcap_buff->hdr + 1);
Expand Down Expand Up @@ -103,6 +96,23 @@ pkt_info_t pcap_buff_next_packet(pcap_buff_t* pcap_buff)
return PKT_OK;
}

pkt_info_t pcap_buff_next_packet(pcap_buff_t* pcap_buff)
{
pcap_pkthdr_t* curr_hdr = pcap_buff->hdr;

if(curr_hdr == NULL){
pcap_buff->hdr = (pcap_pkthdr_t*)(pcap_buff->_buff->data + sizeof(pcap_file_header_t));
pcap_buff->idx = 0;
} else {
const int64_t curr_cap_len = curr_hdr->caplen;
pcap_pkthdr_t* next_hdr = (pcap_pkthdr_t*)((char*)(curr_hdr+1) + curr_cap_len);
pcap_buff->hdr = next_hdr;
pcap_buff->idx++;
}

return pcap_buff_get_info(pcap_buff);
}

bool pcap_buff_eof(pcap_buff_t* pcap_buff)
{
buff_t* buff = pcap_buff->_buff;
Expand Down
5 changes: 4 additions & 1 deletion tools/data_structs/pcap_buff.h
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,10 @@ buff_error_t pcap_buff_init(char* filename, int64_t snaplen, int64_t max_filesiz
/* The underlying buff is read only */
buff_error_t pcap_buff_from_file(pcap_buff_t* pcap_buff, char* filename);

/* Adjust hdr, data, idx, ftr to point to the next packet */
/* Return information about the current packet */
pkt_info_t pcap_buff_get_info(pcap_buff_t* pcap_buff);

/* Adjust hdr, data, idx, ftr to point to the next packet and return packet information */
pkt_info_t pcap_buff_next_packet(pcap_buff_t* pcap_buff);

/* Get the filename used by the buff_t. */
Expand Down
38 changes: 15 additions & 23 deletions tools/exact-pcap-extract.c
Original file line number Diff line number Diff line change
Expand Up @@ -463,45 +463,29 @@ int main (int argc, char** argv)
i64 count = 0;
for(int i = 0; !lstop ; i++)
{
begin_loop:
ch_log_debug1("\n%i ######\n", i );

/* Check all the FD in case we've read everything */
ch_log_debug1("Checking for EOF\n");
bool all_eof = true;
for(int i = 0; i < rd_buffs_count; i++){
all_eof &= pcap_buff_eof(&rd_buffs[i]);
}
if(all_eof){
ch_log_info("All files empty, exiting now\n");
break;
}

int32_t eof_buffs = 0;
ch_log_debug1("Looking for minimum timestamp index on %i buffers\n",
rd_buffs_count);
/* Find the read buffer with the earliest timestamp */
int64_t min_idx = 0;
for(int buff_idx = 0; buff_idx < rd_buffs_count; buff_idx++ ){
if(pcap_buff_eof(&rd_buffs[buff_idx])){
if(min_idx == buff_idx){
min_idx = buff_idx+1;
}
continue;
}

pkt_info = pcap_buff_next_packet(&rd_buffs[buff_idx]);
pkt_info = pcap_buff_get_info(&rd_buffs[buff_idx]);
const char* cur_filename = pcap_buff_get_filename(&rd_buffs[buff_idx]);
const uint64_t pkt_idx = rd_buffs[buff_idx].idx;

switch(pkt_info){
case PKT_PADDING:
ch_log_debug1("Skipping over packet %i (buffer %i) because len=0\n", pkt_idx, buff_idx);
pcap_buff_next_packet(&rd_buffs[buff_idx]);
dropped_padding++;
buff_idx--;
continue;
case PKT_RUNT:
if(options.skip_runts){
ch_log_debug1("Skipping over runt frame %i (buffer %i) \n", pkt_idx, buff_idx);
pcap_buff_next_packet(&rd_buffs[buff_idx]);
dropped_runts++;
buff_idx--;
continue;
Expand All @@ -510,17 +494,23 @@ int main (int argc, char** argv)
case PKT_ERROR:
ch_log_debug1("Skipping over damaged packet %i (buffer %i) because flags = 0x%02x\n",
pkt_idx, buff_idx, rd_buffs[buff_idx].ftr->flags);
pcap_buff_next_packet(&rd_buffs[buff_idx]);
dropped_errors++;
buff_idx--;
continue;
case PKT_EOF:
ch_log_debug1("End of file \"%s\"\n", cur_filename);
goto begin_loop;
break;
eof_buffs++;

/* All buffers are EOF, exit main loop. */
if(eof_buffs == rd_buffs_count){
goto extract_done;
}
continue;
case PKT_OVER_SNAPLEN:
ch_log_fatal("Packet with index %d (%s) does not comply with snaplen: %d (data len is %d)\n",
pkt_idx, cur_filename, rd_buffs[buff_idx].snaplen, rd_buffs[buff_idx].hdr->len);
case PKT_SNAPPED:
case PKT_SNAPPED: // Fall through
if(options.verbose){
ch_log_warn("Packet has been snapped shorter (%d) than it's wire length (%d) [%s].\n",
rd_buffs[buff_idx].hdr->caplen, rd_buffs[buff_idx].hdr->len, cur_filename);
Expand Down Expand Up @@ -602,10 +592,12 @@ int main (int argc, char** argv)

packets_total++;
count++;
pcap_buff_next_packet(&rd_buffs[min_idx]);
if(options.max_count && count >= options.max_count){
break;
}
}
extract_done:

ch_log_info("Finished writing %li packets total (Runts=%li, Errors=%li, Padding=%li). Closing\n", packets_total, dropped_runts, dropped_errors, dropped_padding);

Expand Down

0 comments on commit 9d40f4c

Please sign in to comment.