static void dump_frame(u_char *data, int len, struct shared_dumper *output)
{
u_char *frame;
struct pcap_pkthdr ph;
if (!bonus_time && NULL == output)
return;
frame = malloc(len + nids_linkoffset);
memcpy(frame, nids_last_pcap_data, nids_linkoffset);
memcpy(frame + nids_linkoffset, data, len);
ph.ts = nids_last_pcap_header->ts;
ph.caplen = ph.len = len + nids_linkoffset;
if (NULL != output) {
if (NULL == output->filedesc) {
output->filedesc = pcap_dump_open(nids_params.pcap_desc, output->filename);
if (NULL == output->filedesc)
dumper_too_many_open_files(&output);
++dumper_fd_count;
}
pcap_dump((u_char *)output->filedesc, &ph, frame);
}
if (bonus_time)
pcap_dump((u_char *)global_dumper, &ph, frame);
free(frame);
}
void Pcap(TQueueItem* start, TQueueItem* stop, TQueueCallbackArgs args)
{
char* pcap_filename = get_config_value("pcap_filename");
if(pcap_filename==NULL)
return;
open_pcap(pcap_filename);
TQueueItem* item = start;
while(item != NULL)
{
TPacket* packet = item->packet;
uint8_t* packet_l2_start;
uint32_t packet_l2_length;
onep_dpss_pkt_get_l2_start((onep_dpss_paktype_t*)packet, &packet_l2_start, &packet_l2_length);
pcap_pkthdr_t x = {{(uint32_t)item->timestamp.tv_sec, (uint32_t)item->timestamp.tv_nsec / 1000}, packet_l2_length, packet_l2_length};
pcap_dump((u_char*)pcap_dumpfile, &x, packet_l2_start);
item = GetNextItem(item, stop);
}
pcap_dump_flush(pcap_dumpfile);
}
void
captop_handler(u_char *user, const struct pcap_pkthdr *h, const u_char *payload)
{
auto that = reinterpret_cast<capthread *>(user);
if (unlikely(global::stop.load(std::memory_order_relaxed)))
return;
if (likely(that != nullptr))
{
if (that->in)
{
that->atomic_stat.in_count.fetch_add(1, std::memory_order_relaxed);
that->atomic_stat.in_band.fetch_add(h->len, std::memory_order_relaxed);
}
if (that->out)
{
int ret = pcap_inject(that->out, payload, h->caplen);
if (ret != -1)
{
that->atomic_stat.out_count.fetch_add(1, std::memory_order_relaxed);
that->atomic_stat.out_band.fetch_add(h->len, std::memory_order_relaxed);
}
else {
that->atomic_stat.fail.fetch_add(1, std::memory_order_relaxed);
}
}
if (unlikely(that->dumper != nullptr))
pcap_dump(reinterpret_cast<u_char *>(that->dumper), h, payload);
}
}
static u_int32_t record_pkt (struct nfq_data *tb){
/*! create pcap specific header
*/
struct pcap_pkthdr phdr;
/*! init capture time
*/
static struct timeval t;
memset (&t, 0, sizeof(struct timeval));
gettimeofday(&t, NULL);
phdr.ts.tv_sec = t.tv_sec;
phdr.ts.tv_usec = t.tv_usec;
/*! populate pcap struct with packet headers
*/
char *nf_packet;
phdr.caplen = nfq_get_payload(tb,&nf_packet);
phdr.len = phdr.caplen;
/*! dump packet data to the file */
pcap_dump((u_char *)p_output, &phdr, (const u_char *)nf_packet);
return 0;
}
/*
* Class: org_jnetpcap_PcapDumper
* Method: dump1
* Signature: (JIILjava/nio/ByteBuffer;II)V
*/
JNIEXPORT void JNICALL Java_org_jnetpcap_PcapDumper_dump1
(JNIEnv *env, jobject obj, jlong jsec, jint jusec, jint wirelen, jobject jbytebuffer, jint position, jint limit) {
if (jbytebuffer == NULL) {
throwException(env, NULL_PTR_EXCEPTION, "buffer argument null");
return;
}
pcap_dumper_t *d = getPcapDumper(env, obj);
if (d == NULL) {
return; // Exception already thrown
}
jsize length = limit - position;
pcap_pkthdr hdr;
hdr.ts.tv_sec = (int)jsec;
hdr.ts.tv_usec = (int) jusec;
hdr.caplen = (int)length;
hdr.len = (int) wirelen;
const u_char *b = (u_char *)env->GetDirectBufferAddress(jbytebuffer);
if (b == NULL) {
throwException(env, NULL_PTR_EXCEPTION,
"Unable to retrieve native address from ByteBuffer object");
return;
}
b += position;
pcap_dump((u_char *)d, &hdr, b);
}
static int pktevent(struct dbgcl *event,void * arg,va_list v)
{
// is it better to define this static?
struct pcap_pkthdr hdr;
if( (desc == NULL) || (dumper == NULL) ){
return 0;
}
switch (event->tag) {
case D_PACKET|D_OUT:
case D_PACKET|D_IN: {
va_arg(v,int); /* port */
unsigned char *buf=va_arg(v,unsigned char *);
int len=va_arg(v,int);
gettimeofday(&hdr.ts, NULL);
hdr.caplen = len;
hdr.len = len;
pcap_dump((u_char *)dumper, &hdr, buf);
if (!buffered_dump)
pcap_dump_flush(dumper);
}
}
return 0;
}
static void capture_handler(u_char* dumper, const struct pcap_pkthdr * ph, const u_char* buf) {
dprintf(4,"capture handler invoked dumping=%d\n",dumping);
if (dumping) {
captured++;
pcap_dump(dumper, ph, buf);
}
}
/*
* This is the callback function that gets called on each
* packet. Originally, I had this as a nested function within
* filter_loop(), so that it could refer to the sink object by lexical
* scoping; but alas, Apple broke the nested function implementation
* in their version of gcc. Fortunately, pcap provides for a
* user-specified (u_char *) pointer (called 'user') to be passed to
* do_pkt, which I use to sneak a struct pcap_plumbing into this
* function. Bad Apple.
*/
static void do_pkt(u_char *user,
const struct pcap_pkthdr *hdr,
const u_char *pkt)
{
struct pcap_plumbing *plumbing = (struct pcap_plumbing *) user;
struct pcap_pkthdr new_hdr;
u_char out[PCAP_MAX_PKT_SZ];
assert(plumbing->source);
/* We need to make a copy of hdr because it is const. */
memcpy(&new_hdr, hdr, sizeof(*hdr));
/* The filter function is defined in the compiled Piffle code. It
* takes packets as arrays of the Piffle "u8" type, which
* corresponds to C "uint8_t". I'm pretty sure it's safe to assume
* that we can cast (u_char *) to (uint8_t *). */
new_hdr.caplen =
filter((uint8_t *) pkt, hdr->caplen, (uint8_t *) out,
PCAP_MAX_PKT_SZ);
/* If there is a pcap dump file handle for us to dump the
* processed packet to, do so. XXX I could eliminate the flush
* call for speed, but in that case, I would need code to make
* sure a flush happens when the process is killed by a SIGINT. */
if ( plumbing->sink && new_hdr.caplen ) {
pcap_dump( (u_char *) plumbing->sink, &new_hdr, out);
pcap_dump_flush(plumbing->sink);
}
/* Dump packet if requested, but don't dump empty packets. */
if ( opt_verbose && new_hdr.caplen )
pp_pkt(hdr->ts, new_hdr.caplen, out);
}
/**
* @brief Stop data capturing
*/
void DPDKPort::stopCapture()
{
if(rxState != XTS_RUN)
{
qWarning("Receiver already stopped");
return;
}
quint32 captureDataSize;
dpdk_stop_rx(portId, &captureDataSize);
uint32_t offset = 0;
struct pcap_pkthdr *pHdr = NULL;
u_char *data = NULL;
while (offset < captureDataSize)
{
pHdr = (struct pcap_pkthdr *)(captureBuffer + offset);
offset += sizeof(struct pcap_pkthdr);
data = (u_char *)(captureBuffer + offset);
offset += pHdr->len;
pcap_dump((u_char*)pDumper, pHdr, data);
}
pcap_dump_close(pDumper);
pcap_close(pHandle);
rxState = XTS_DONE;
}
void GPcapFileWriter::write(GPacket* packet) {
struct pcap_pkthdr pkthdr;
pkthdr.ts = packet->ts_;
pkthdr.caplen = pkthdr.len = (bpf_u_int32)packet->buf_.size_;
pcap_dump((u_char*)pcap_dumper_, &pkthdr, packet->buf_.data_);
emit written(packet);
}
UINT Cappacketlivethread(LPVOID pParam)//抓包线程函数
{
//CMainFrame *p_frame=(CMainFrame*)AfxGetMainWnd();
//int m_exsn=p_frame->m_myprosheet.m_page2.m_thread_num;
//int m_stoptime=p_frame->m_myprosheet.m_page2.m_stoptime;
//int m_thread_index=0;
for(int i=0;i<m_mystruct.m_packetlimit;i++)//线程数目
{
if (::WaitForSingleObject(m_stoptimeup,0)==WAIT_OBJECT_0)
{
//m_thread_index=i;
m_mystruct.m_count=i;
break;
}
pcap_next_ex(m_mystruct.pcap_handle,&m_mystruct.protocol_header,&m_mystruct.pkt_data);//句柄,协议头,数据包
if ((m_mystruct.protocol_header->len)>m_mystruct.m_pl)//判断是否在规定长度以内
{
i--;
continue;
}
pcap_dump((u_char*)m_mystruct.dumpfile,m_mystruct.protocol_header,m_mystruct.pkt_data);
m_mystruct.m_count=i;
}
m_eventEnd.SetEvent();
return 0;
}
int
lell_pcap_append_packet(lell_pcap_handle * h, const uint64_t ns,
const int8_t sigdbm, const int8_t noisedbm,
const uint32_t refAA, const lell_packet *pkt)
{
if (h && h->dumper &&
(h->dlt == DLT_BLUETOOTH_LE_LL_WITH_PHDR)) {
uint16_t flags = LE_DEWHITENED | LE_AA_OFFENSES_VALID |
LE_SIGPOWER_VALID |
((noisedbm < sigdbm) ? LE_NOISEPOWER_VALID : 0) |
(lell_packet_is_data(pkt) ? 0 : LE_REF_AA_VALID);
pcap_le_packet pcap_pkt;
assemble_pcapng_le_packet( &pcap_pkt,
0,
ns,
9+pkt->length,
pkt->channel_k,
sigdbm,
noisedbm,
pkt->access_address_offenses,
refAA,
flags,
&pkt->symbols[0] );
pcap_dump((u_char *)h->dumper, &pcap_pkt.pcap_header, (u_char *)&pcap_pkt.le_ll_header);
return 0;
}
return -PCAP_INVALID_HANDLE;
}
/* TODO store the snaplen in dumper's environment, so we can check it here */
static int lpcap_dump(lua_State* L)
{
pcap_dumper_t* dumper = checkdumper(L);
const char* pkt;
size_t caplen;
size_t wirelen;
struct pcap_pkthdr hdr;
/* first check if we are echoing the nil,emsg from cap:next()
* before checking our argument types
*/
if(lua_isnil(L, 2) && lua_type(L, 3) == LUA_TSTRING) {
return 2;
}
pkt = luaL_checklstring(L, 2, &caplen);
opttimeval(L, 3, &hdr.ts);
wirelen = luaL_optint(L, 4, caplen);
luaL_argcheck(L, wirelen >= caplen, 4, "original wirelen cannot be less than current pkt length");
hdr.caplen = caplen;
hdr.len = wirelen;
/* Note odd type signature for dumper, its because pcap_dump() is
* designed to be called from a pcap_handler, where the dumper
* is received as the user data.
*/
pcap_dump((u_char*) dumper, &hdr, (u_char*)pkt);
/* clear the stack above self, and return self */
lua_settop(L, 1);
return 1;
}
main(int argc, char **argv)
{
struct uld *uld;
struct sk_buff *skb;
int i;
pcap_t *p;
pcap_dumper_t *pd;
struct pcap_pkthdr ph;
char *ifname;
ifname = NULL;
if (argc == 2) {
ifname = argv[1];
}
uld = uld_open(ifname, 0, 0, 0, 0);
if (uld == NULL)
exit(1);
p = pcap_open_dead(DLT_EN10MB, 65535);
if (!p) fprintf(stderr, "pcap_open_dead failed\n");
pd = pcap_dump_open(p, "-");
if (!pd) fprintf(stderr, "pcap_dump_open failed\n");
for(;;) {
skb = uld_skb_read(uld, 1);
if (skb == NULL)
continue;
ph.ts.tv_sec = skb->tstamp.tv_sec;
ph.ts.tv_usec = skb->tstamp.tv_nsec/1000;
ph.len = ph.caplen = skb->len;
pcap_dump((void *)pd, &ph, skb->data);
pcap_dump_flush(pd);
skb_free(skb);
}
}
void
dump_packet(pcap_dumper_t *pd, const struct pcap_pkthdr *header, const u_char *packet)
{
if (!pd)
return;
pcap_dump((u_char*) pd, header, packet);
pcap_dump_flush(pd);
}
void PCAPExporterModule::receive(Packet* packet)
{
static struct pcap_pkthdr packetHeader;
packetHeader.ts = packet->timestamp;
packetHeader.caplen = packet->data_length;
packetHeader.len = packet->pcapPacketLength;
pcap_dump((unsigned char*)dumper, &packetHeader, packet->data);
packet->removeReference();
}
void
PcapFileOut::writePacket(const char* data, unsigned length) {
struct pcap_pkthdr pkt_header;
memset(&pkt_header, 0, sizeof(pkt_header));
gettimeofday(&pkt_header.ts, NULL);
pkt_header.caplen = length;
pkt_header.len = length;
pcap_dump((unsigned char*)dumper, &pkt_header, (unsigned char*) data);
pcap_dump_flush(dumper);
}
void
PcapFileOut::writePacket(const char *data, unsigned length) {
struct pcap_pkthdr pkt_header;
memset(&pkt_header, 0, sizeof(pkt_header));
gettimeofday(&pkt_header.ts, NULL);
pkt_header.caplen = length;
pkt_header.len = length;
pcap_dump(reinterpret_cast<unsigned char *>(dumper), &pkt_header,
reinterpret_cast<const unsigned char *>(data));
pcap_dump_flush(dumper);
}
static void
dump_packet(const uint8_t *pkt, size_t len, struct timespec *ts) {
struct pcap_pkthdr pkthdr;
pkthdr.ts.tv_sec = ts->tv_sec;
pkthdr.ts.tv_usec = ((double) ts->tv_nsec) / 1000.0;
pkthdr.caplen = len;
pkthdr.len = len;
pcap_dump((u_char *) output_dumper, &pkthdr, pkt);
}
static void
pcap_sink_write_pkt(struct rte_port_sink *port, struct rte_mbuf *mbuf)
{
uint8_t *pcap_dumper = (port->dumper);
struct pcap_pkthdr pcap_hdr;
uint8_t jumbo_pkt_buf[ETHER_MAX_JUMBO_FRAME_LEN];
uint8_t *pkt;
/* Maximum num packets already reached */
if (port->dump_finish)
return;
pkt = rte_pktmbuf_mtod(mbuf, uint8_t *);
pcap_hdr.len = mbuf->pkt_len;
pcap_hdr.caplen = pcap_hdr.len;
gettimeofday(&(pcap_hdr.ts), NULL);
if (mbuf->nb_segs > 1) {
struct rte_mbuf *jumbo_mbuf;
uint32_t pkt_index = 0;
/* if packet size longer than ETHER_MAX_JUMBO_FRAME_LEN,
* ignore it.
*/
if (mbuf->pkt_len > ETHER_MAX_JUMBO_FRAME_LEN)
return;
for (jumbo_mbuf = mbuf; jumbo_mbuf != NULL;
jumbo_mbuf = jumbo_mbuf->next) {
rte_memcpy(&jumbo_pkt_buf[pkt_index],
rte_pktmbuf_mtod(jumbo_mbuf, uint8_t *),
jumbo_mbuf->data_len);
pkt_index += jumbo_mbuf->data_len;
}
jumbo_pkt_buf[pkt_index] = '\0';
pkt = jumbo_pkt_buf;
}
pcap_dump(pcap_dumper, &pcap_hdr, pkt);
port->pkt_index++;
if ((port->max_pkts != 0) && (port->pkt_index >= port->max_pkts)) {
port->dump_finish = 1;
RTE_LOG(INFO, PORT, "Dumped %u packets to file\n",
port->pkt_index);
}
}
void
dump_packet(pcap_dumper_t *pd, const packet_t *packet)
{
if (!pd || !packet)
return;
vector_iter_t it = vector_iterator(packet->frames);
frame_t *frame;
while ((frame = vector_iterator_next(&it))) {
pcap_dump((u_char*) pd, frame->header, frame->data);
}
pcap_dump_flush(pd);
}
/* capture the next packet */
void Pcap::pcap_next_(u_char *pd, const struct pcap_pkthdr* pkthdr, const u_char* packetBuf)
{
if(process_packet != NULL)
{
Packet* pkt = (Packet *)new Packet(packetBuf + dataLinkOffset, pkthdr->len - dataLinkOffset, tv2ts(pkthdr->ts));
(*process_packet)(pkt);
// save the packets into the dump file.
if(pd)
{
pcap_dump(pd, pkthdr, packetBuf);
}
}
}
// pcap_loop 捕获到一个包后将包数据复制一份 并 发出WM_TCATCH消息
static void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
{
struct pcap_pkthdr *new_header = new struct pcap_pkthdr;
u_char *new_data = new u_char[header->len];
if(param) // param 不是 NULL, 就存入文件
pcap_dump(param, header, pkt_data);
// 复制数据, 发出消息
*new_header = *header;
memcpy(new_data, pkt_data, header->len);
::PostMessage(theApp.m_display, WM_TCATCH, (WPARAM)new_header, (LPARAM)new_data);
}
void operator()(struct nflog_data *nfa)
{
//struct nfulnl_msg_packet_hdr *ph = nflog_get_msg_packet_hdr(nfa);
char *prefix = nflog_get_prefix(nfa);
char *payload = 0;
int payload_len = nflog_get_payload(nfa, &payload);
struct timeval tv;
memset(&tv, 0, sizeof(tv));
nflog_get_timestamp(nfa, &tv);
std::cout
<< (unsigned)tv.tv_sec << "."
<< tv.tv_usec;
std::cout << "\t" << nflog_get_indev(nfa);
std::cout << "\t" << nflog_get_outdev(nfa);
std::cout << "\t" << payload_len;
if (payload_len > 0)
handle_packet(payload, payload_len);
if (prefix && strlen(prefix)) {
std::cout << "\t\"" << prefix << "\"";
}
std::cout << std::endl;
// write a pcap file here if required
if (pcap_writer) {
const size_t pcap_len = payload_len+sizeof(ether_header);
pcap_pkthdr head;
memset(&head, 0, sizeof(head));
head.ts = tv;
head.caplen = pcap_len;
head.len = pcap_len;
// make pcap header
unsigned char tbuf[pcap_len];
ether_header* ehead = reinterpret_cast<ether_header*>(&tbuf[0]);
memset(ehead, 0, sizeof(ehead));
ehead->ether_dhost[0]=0xFA; ehead->ether_dhost[1]=0xCE;
ehead->ether_shost[0]=0xFA; ehead->ether_shost[1]=0xCE;
*reinterpret_cast<u_int32_t*>(&ehead->ether_dhost[2]) = nflog_get_outdev(nfa);
*reinterpret_cast<u_int32_t*>(&ehead->ether_shost[2]) = nflog_get_indev(nfa);
ehead->ether_type=htons(ETHERTYPE_IP);
// copy payload and dump
memcpy(tbuf+sizeof(ether_header), payload, payload_len);
pcap_dump(reinterpret_cast<u_char*>(pcap_writer), &head, reinterpret_cast<const u_char*>(tbuf));
}
}
void write_pcap_captured(struct wlantest *wt, const u8 *buf, size_t len)
{
struct pcap_pkthdr h;
if (!wt->write_pcap_dumper)
return;
os_memset(&h, 0, sizeof(h));
gettimeofday(&wt->write_pcap_time, NULL);
h.ts = wt->write_pcap_time;
h.caplen = len;
h.len = len;
pcap_dump(wt->write_pcap_dumper, &h, buf);
}
void parse_packet(uint8_t *notused, const struct pcap_pkthdr *phdr, const uint8_t *packet) {
size_t pk_len=0;
int pk_layer=0;
extern pcap_dumper_t *pdump;
if (packet == NULL || phdr == NULL) {
ERR("%s is null", packet == NULL ? "packet" : "pcap header");
return;
}
/* when you forget to put this here, it makes for really dull pcap log files */
if (s->pcap_dumpfile) {
pcap_dump((uint8_t *)pdump, phdr, packet);
}
pk_len=phdr->caplen;
if (pk_len <= s->ss->header_len) {
ERR("this packet is too short " STFMT ", header length is %u", pk_len, s->ss->header_len);
return;
}
if (ISDBG(M_PKT) || GET_SNIFF()) {
INF("got packet with length %u (cap %u) with header length at %u", phdr->len, phdr->caplen, s->ss->header_len);
}
pk_len -= s->ss->header_len;
packet += s->ss->header_len;
pk_layer++;
switch (s->ss->mode) {
case MODE_ARPSCAN:
report_init(REPORT_TYPE_ARP, &phdr->ts);
packet_init(packet, pk_len);
decode_arp(packet, pk_len, pk_layer); /* the pcap filter should be arp only */
break;
case MODE_TCPSCAN:
case MODE_UDPSCAN:
case MODE_ICMPSCAN:
case MODE_IPSCAN:
report_init(REPORT_TYPE_IP, &phdr->ts);
packet_init(packet, pk_len);
decode_ip(packet, pk_len, pk_layer); /* the pcap filter should be ip only */
break;
}
return;
}
int pcap_io_recv_blocking(void* packet, int max_len)
{
int res;
struct pcap_pkthdr *header;
const u_char *pkt_data;
if(pcap_io_running<=0)
return -1;
if((res = pcap_next_ex(adhandle, &header, &pkt_data)) > 0)
{
ethernet_header *ph=(ethernet_header*)pkt_data;
if((mac_compare(ph->dst,virtual_mac)!=0)&&(mac_compare(ph->dst,broadcast_mac)!=0))
{
return 0;
}
memcpy(packet,pkt_data,header->len);
if(dump_pcap)
pcap_dump((u_char*)dump_pcap,header,(u_char*)packet);
if(packet_log)
{
int i=0;
int n=0;
int plen=header->len;
fprintf(packet_log,"PACKET RECV: %d BYTES\n",plen);
for(i=0,n=0;i<plen;i++)
{
fprintf(packet_log,"%02x",((unsigned char*)packet)[i]);
n++;
if(n==16)
{
fprintf(packet_log,"\n");
n=0;
}
else
fprintf(packet_log," ");
}
fprintf(packet_log,"\n");
}
return header->len;
}
return -1;
}
int main(int argc, char *argv[])
{
pcap_t *pcap;
const unsigned char *packet;
char errbuf[PCAP_ERRBUF_SIZE];
struct pcap_pkthdr header;
int pkt_count = 0;
pcap_t *adhandle;
pcap_dumper_t *dumpfile;
/* We expect exactly one argument, the name of the file to dump. */
if (argc != 4)
{
fprintf(stderr, "Usage: %s rule.txt in.pcap out.pcap\n", argv[0]);
exit(1);
}
parse_rule_file(argv[1]); // success or die
pcap = pcap_open_offline(argv[2], errbuf);
if (pcap == NULL)
{
fprintf(stderr, "error reading pcap file: %s\n", errbuf);
exit(1);
}
dumpfile = pcap_dump_open(pcap, argv[3]);
if(dumpfile==NULL)
{
fprintf(stderr,"\nError opening output file\n");
return -1;
}
/* Now just loop through extracting packets as long as we have
* some to read.
*/
while ((packet = pcap_next(pcap, &header)) != NULL){
int res = packet_filter(packet, header.ts, header.caplen);
// printf("Processing %d packet, result: %s\n", pkt_count, res ? "accept" : "reject");
pkt_count++;
if (res)
pcap_dump((unsigned char *) dumpfile, &header, packet);
}
// terminate
return 0;
}
void CaptureCore::dumpFile(const char *filename){
pcap_dumper_t *dumpfile = pcap_dump_open(openedAdapter_,filename);
if(dumpfile== NULL){
//err
return ;
}
std::vector<PacketInfo *>::iterator it_ = allCapturedPacketBuf_.begin();
for (;it_!= allCapturedPacketBuf_.end(); it_++){
pcap_dump((unsigned char *)dumpfile,&((*it_)->header_),(*it_)->pureData_);
}
pcap_dump_flush(dumpfile);
}
static void dump_pcap(struct pcap_dump *pcap, struct nfqueue_packet *pkt)
{
if (pcap->pf) {
struct pcap_pkthdr hdr;
mutex_lock(&pcap->mutex);
hdr.caplen = hdr.len = pkt->length;
hdr.ts.tv_sec = pkt->timestamp / 1000000;
hdr.ts.tv_usec = pkt->timestamp % 1000000;
pcap_dump((u_char *)pcap->pf, &hdr, pkt->data);
mutex_unlock(&pcap->mutex);
}
}