예제 #1
0
static void opd_26_init(void)
{
	size_t i;
	size_t opd_buf_size;

	opd_create_vmlinux(vmlinux, kernel_range);

	opd_buf_size = opd_read_fs_int("/dev/oprofile/", "buffer_size", 1);
	kernel_pointer_size = opd_read_fs_int("/dev/oprofile/", "pointer_size", 1);

	s_buf_bytesize = opd_buf_size * kernel_pointer_size;

	sbuf = xmalloc(s_buf_bytesize);

	opd_reread_module_info();

	for (i = 0; i < OPD_MAX_STATS; i++)
		opd_stats[i] = 0;

	perfmon_init();

	cookie_init();
	sfile_init();
	anon_init();

	/* must be /after/ perfmon_init() at least */
	if (atexit(clean_exit)) {
		perfmon_exit();
		perror("oprofiled: couldn't set exit cleanup: ");
		exit(EXIT_FAILURE);
	}
}
예제 #2
0
파일: anon.c 프로젝트: CornSoiliml/joy
int anon_unit_test() {
  struct in_addr inp;
  extern FILE *anon_info;

  anon_init("internal.net", stderr);

  if (inet_aton("64.104.192.129", &inp) == 0) {
    fprintf(anon_info, "error: could not convert address\n");
  }  
  if (ipv4_addr_needs_anonymization(&inp) != 1) {
    fprintf(anon_info, "error in anon_unit_test\n");
  } else {
    fprintf(anon_info, "passed\n");
  }

  return ok;
}
예제 #3
0
파일: kmain.c 프로젝트: lygood2007/Weenix
/**
 * This is the first real C function ever called. It performs a lot of
 * hardware-specific initialization, then creates a pseudo-context to
 * execute the bootstrap function in.
 */
void
kmain()
{
        GDB_CALL_HOOK(boot);

        dbg_init();
        dbgq(DBG_CORE, "Kernel binary:\n");
        dbgq(DBG_CORE, "  text: 0x%p-0x%p\n", &kernel_start_text, &kernel_end_text);
        dbgq(DBG_CORE, "  data: 0x%p-0x%p\n", &kernel_start_data, &kernel_end_data);
        dbgq(DBG_CORE, "  bss:  0x%p-0x%p\n", &kernel_start_bss, &kernel_end_bss);

        page_init();

        pt_init();
        slab_init();
        pframe_init();

        acpi_init();
        apic_init();
	      pci_init();
        intr_init();

        gdt_init();

        /* initialize slab allocators */
#ifdef __VM__
        anon_init();
        shadow_init();
#endif
        vmmap_init();
        proc_init();
        kthread_init();

#ifdef __DRIVERS__
        bytedev_init();
        blockdev_init();
#endif

        void *bstack = page_alloc();
        pagedir_t *bpdir = pt_get();
        KASSERT(NULL != bstack && "Ran out of memory while booting.");
        context_setup(&bootstrap_context, bootstrap, 0, NULL, bstack, PAGE_SIZE, bpdir);
        context_make_active(&bootstrap_context);

        panic("\nReturned to kmain()!!!\n");
}
예제 #4
0
static void opd_26_init(void)
{
	size_t i;
	size_t opd_buf_size;
	unsigned long long start_time = 0ULL;
	struct timeval tv;

	opd_create_vmlinux(vmlinux, kernel_range);
	opd_create_xen(xenimage, xen_range);

	opd_buf_size = opd_read_fs_int("/dev/oprofile/", "buffer_size", 1);
	kernel_pointer_size = opd_read_fs_int("/dev/oprofile/", "pointer_size", 1);

	s_buf_bytesize = opd_buf_size * kernel_pointer_size;

	sbuf = xmalloc(s_buf_bytesize);

	opd_reread_module_info();

	for (i = 0; i < OPD_MAX_STATS; i++)
		opd_stats[i] = 0;

	perfmon_init();

	cookie_init();
	sfile_init();
	anon_init();

	/* must be /after/ perfmon_init() at least */
	if (atexit(clean_exit)) {
		perfmon_exit();
		perror("oprofiled: couldn't set exit cleanup: ");
		exit(EXIT_FAILURE);
	}

	/* trigger kernel module setup before returning control to opcontrol */
	opd_open_files();
	gettimeofday(&tv, NULL);
	start_time = 0ULL;
	start_time = tv.tv_sec;
	sprintf(start_time_str, "%llu", start_time);
		  
}
예제 #5
0
파일: kmain.c 프로젝트: Alicehang/bubble
/**
 * This is the first real C function ever called. It performs a lot of
 * hardware-specific initialization, then creates a pseudo-context to
 * execute the bootstrap function in.
 */
void
kmain()
{
        GDB_CALL_HOOK(boot);

        dbg_init();
        dbgq(DBG_CORE, "Kernel binary:\n");
        dbgq(DBG_CORE, "  text: 0x%p-0x%p\n", &kernel_start_text, &kernel_end_text);
        dbgq(DBG_CORE, "  data: 0x%p-0x%p\n", &kernel_start_data, &kernel_end_data);
        dbgq(DBG_CORE, "  bss:  0x%p-0x%p\n", &kernel_start_bss, &kernel_end_bss);

        page_init();

        pt_init();
        slab_init();
        pframe_init();

        acpi_init();
        apic_init();
	      pci_init();
        intr_init();

        gdt_init();

        /* initialize slab allocators */
#ifdef __VM__
        anon_init();
        shadow_init();
#endif
        vmmap_init();
        proc_init();
        kthread_init();

#ifdef __DRIVERS__
        bytedev_init();
        blockdev_init();
#endif

        void *bstack = page_alloc();
        pagedir_t *bpdir = pt_get();
        KASSERT(NULL != bstack && "Ran out of memory while booting.");
        /* This little loop gives gdb a place to synch up with weenix.  In the
         * past the weenix command started qemu was started with -S which
         * allowed gdb to connect and start before the boot loader ran, but
         * since then a bug has appeared where breakpoints fail if gdb connects
         * before the boot loader runs.  See
         *
         * https://bugs.launchpad.net/qemu/+bug/526653
         *
         * This loop (along with an additional command in init.gdb setting
         * gdb_wait to 0) sticks weenix at a known place so gdb can join a
         * running weenix, set gdb_wait to zero  and catch the breakpoint in
         * bootstrap below.  See Config.mk for how to set GDBWAIT correctly.
         *
         * DANGER: if GDBWAIT != 0, and gdb is not running, this loop will never
         * exit and weenix will not run.  Make SURE the GDBWAIT is set the way
         * you expect.
         */
        while (gdb_wait) ;
        context_setup(&bootstrap_context, bootstrap, 0, NULL, bstack, PAGE_SIZE, bpdir);
        context_make_active(&bootstrap_context);

        panic("\nReturned to kmain()!!!\n");
}
예제 #6
0
파일: pcap2flow.c 프로젝트: 0x0mar/joy
int main(int argc, char **argv) {
  char errbuf[PCAP_ERRBUF_SIZE]; 
  bpf_u_int32 net = PCAP_NETMASK_UNKNOWN;		
  char *filter_exp = "ip";	
  struct bpf_program fp;	
  int i;
  int c;
  int opt_count = 0;
  int tmp_ret;
  char *ifile = NULL;
  unsigned int file_count = 0;
  char filename[MAX_FILENAME_LEN];   /* output file */
  char pcap_filename[MAX_FILENAME_LEN*2];   /* output file */
  char *cli_interface = NULL; 
  char *cli_filename = NULL; 
  char *config_file = NULL;
  struct interface ifl[IFL_MAX];
  int num_interfaces;
  char *capture_if;
  unsigned int file_base_len = 0;
  unsigned int num_cmds = 0;
  unsigned int done_with_options = 0;
  struct stat sb;
  DIR *dir;
  struct dirent *ent;
  enum operating_mode mode = mode_none;

  /* sanity check sizeof() expectations */
  if (data_sanity_check() != ok) {
    fprintf(stderr, "error: failed data size sanity check\n");
  }

  /* sanity check arguments */
  for (i=1; i<argc; i++) {
    if (strchr(argv[i], '=')) { 
      if (done_with_options) {
	fprintf(stderr, "error: option (%s) found after filename (%s)\n", argv[i], argv[i-1]);
	exit(EXIT_FAILURE);
      }
    } else {
      done_with_options = 1;
    }
  }
  
  /*
   * set "info" to stderr; this output stream is used for
   * debug/info/warnings/errors.  setting it here is actually
   * defensive coding, just in case some function that writes to
   * "info" gets invoked before info gets set below (if we are in
   * online mode, it will be set to a log file)
   */
  info = stderr;

  /* in debug mode, turn off output buffering */
#if P2F_DEBUG
  setvbuf(stderr, NULL, _IONBF, 0); 
  setbuf(stdout, NULL);
#endif

  /*
   * set configuration from command line arguments that contain
   * LHS=RHS commands, then update argv/argc so that those arguments
   * are not subjected to any further processing
   */
  num_cmds = config_set_from_argv(&config, argv, argc);
  argv += num_cmds;
  argc -= num_cmds;

  /* process command line options */
  while (1) {
    int option_index = 0;
    struct option long_options[] = {
      {"help",  no_argument,         0, 'h' },
      {"xconfig", required_argument, 0, 'x' },
      {0,         0,                 0,  0  }
    };

    c = getopt_long(argc, argv, "hx:",
		    long_options, &option_index);
    if (c == -1)
      break;
    switch (c) {
    case 'x':
      config_file = optarg;
      opt_count++;
      break;
    case 'h':
    default:
      return usage(argv[0]);
    }
    opt_count++;
  }

  if (config_file) {
    /*
     * read in configuration from file; note that if we don't read in
     * a file, then the config structure will use the static defaults
     * set when it was declared
     */
    config_set_from_file(&config, config_file);
  } 
  if (config_file || (num_cmds != 0)) {
    /*
     * set global variables as needed, if we got some configuration
     * commands from the config_file or from command line arguments
     */
    bidir = config.bidir;
    include_zeroes = config.include_zeroes;
    byte_distribution = config.byte_distribution;
    report_entropy = config.report_entropy;
    report_wht = config.report_wht;
    report_hd = config.report_hd;
    include_tls = config.include_tls;
    include_classifier = config.include_classifier;
    output_level = config.output_level;
    report_idp = config.idp;
    report_dns = config.dns;
    salt_algo = config.type;
    nfv9_capture_port = config.nfv9_capture_port;
    if (config.bpf_filter_exp) {
      filter_exp = config.bpf_filter_exp;
    }
  }
  
  /*
   * allow some command line variables to override the config file
   */
  if (cli_filename) {
    /*
     * output filename provided on command line supersedes that
     * provided in the config file
     */
    config.filename = cli_filename;
  } 
  if (cli_interface) {
    /*
     * interface provided on command line supersedes that provided
     * in the config file
     */
    config.interface = cli_interface;
  }
  if (config.filename) {
    strncpy(filename, config.filename, MAX_FILENAME_LEN);
  }

  /*
   * set the operating mode to online or offline 
   */
  if (config.interface != NULL && strcmp(config.interface, NULL_KEYWORD)) {
    mode = mode_online;
  } else {
    mode = mode_offline;
  }
    
  /*
   * if we are doing a live capture, get interface list, and set "info"
   * output stream to log file
   */
  if (mode == mode_online) {

    if (config.logfile && strcmp(config.logfile, NULL_KEYWORD)) {
      info = fopen(config.logfile, "a");
      if (info == NULL) {
	fprintf(stderr, "error: could not open log file %s\n", config.logfile);
	return -1;
      }
      fprintf(stderr, "writing errors/warnings/info/debug output to %s\n", config.logfile);
    }
    
    /*
     * cheerful message to indicate the start of a new run of the
     * daemon
     */
    fprintf(info, "--- %s initialization ---\n", argv[0]);
    flocap_stats_output(info);

    num_interfaces = interface_list_get(ifl);
    if (num_interfaces == 0) {
      fprintf(info, "warning: could not obtain inferface information\n");    
    } else {
      for(i=0; i<num_interfaces; i++) {
	unsigned char *a = ifl[i].mac_addr;
	fprintf(info, "interface: %8s\tstatus: %s\t%02x%02x%02x%02x%02x%02x\n", 
		ifl[i].name, (ifl[i].active ? "up" : "down"), 
		a[0], a[1], a[2], a[3], a[4], a[5]); 
      }
    }    
  } else {
    info = stderr;
  }

  /*
   * report on running configuration (which may depend on the command
   * line, the config file, or both)
   */
  config_print(info, &config);

  /*
   * configure labeled subnets (which uses a radix trie to identify
   * addresses that match subnets associated with labels)
   */  
  if (config.num_subnets > 0) {
    attr_flags subnet_flag;
    enum status err;

    rt = radix_trie_alloc();
    if (rt == NULL) {
      fprintf(info, "could not allocate memory\n");
    }
    err = radix_trie_init(rt);
    if (err != ok) {
      fprintf(stderr, "error: could not initialize subnet labels (radix_trie)\n");
    }
    for (i=0; i<config.num_subnets; i++) {
      char label[LINEMAX], subnet_file[LINEMAX];
      int num;
      
      num = sscanf(config.subnet[i], "%[^=:]:%[^=:\n#]", label, subnet_file);
      if (num != 2) {
	fprintf(info, "error: could not parse command \"%s\" into form label:subnet\n", config.subnet[i]);
	exit(1);
      }
      
      subnet_flag = radix_trie_add_attr_label(rt, label);
      if (subnet_flag == 0) {
	fprintf(info, "error: count not add subnet label %s to radix_trie\n", label);
	exit(1);
      }
      
      err = radix_trie_add_subnets_from_file(rt, subnet_file, subnet_flag, info);
      if (err != ok) {
	fprintf(info, "error: could not add labeled subnets from file %s\n", subnet_file);
	exit(1);
      }
    }
    fprintf(info, "configured labeled subnets (radix_trie), using %u bytes of memory\n", get_rt_mem_usage());
    
  }

  if (config.anon_addrs_file != NULL) {
    if (anon_init(config.anon_addrs_file, info) == failure) {
      fprintf(info, "error: could not initialize anonymization subnets from file %s\n", 
	      config.anon_addrs_file); 
      return -1;
    }
  }

  if (config.filename != NULL) {
    char *outputdir;
    
    /*
     * set output directory 
     */
    if (config.outputdir) {
      outputdir = config.outputdir;
    } else {
      outputdir = ".";
    }

    /*
     * generate an "auto" output file name, based on the MAC address
     * and the current time, if we are "auto" configured
     */
    if (strncmp(config.filename, "auto", strlen("auto")) == 0) {

      if (mode == mode_online) {
	unsigned char *addr = ifl[0].mac_addr;
	time_t now = time(0);   
	struct tm *t = localtime(&now);
	
	snprintf(filename,  MAX_FILENAME_LEN, "%s/flocap-%02x%02x%02x%02x%02x%02x-h%d-m%d-s%d-D%d-M%d-Y%d-%s-", 
		 outputdir, addr[0], addr[1], addr[2], addr[3], addr[4], addr[5], 
		 t->tm_hour, t->tm_min, t->tm_sec, t->tm_mday, t->tm_mon, t->tm_year + 1900, t->tm_zone);
      } else {
	fprintf(info, "error: cannot use \"output = auto\" with no interface specified; use -o or -l options\n");
	return usage(argv[0]);
      }
      fprintf(info, "auto generated output filename: %s\n", filename);
      
    } else {    
      /* set output file based on command line or config file */
      
      if (cli_filename) {
	strncpy(filename, config.filename, MAX_FILENAME_LEN);
      } else {
	char tmp_filename[MAX_FILENAME_LEN];
	
	strncpy(tmp_filename, filename, MAX_FILENAME_LEN);
	snprintf(filename,  MAX_FILENAME_LEN, "%s/%s", outputdir, tmp_filename);
      }
    }
    file_base_len = strlen(filename);
    if (config.max_records != 0) {
      snprintf(filename + file_base_len, MAX_FILENAME_LEN - file_base_len, "%d", file_count);
    }
    output = fopen(filename, "w");
    if (output == NULL) {
      fprintf(info, "error: could not open output file %s (%s)\n", filename, strerror(errno));
      return -1;
    }
  } else {
    output = stdout;
  }
  
  if (ifile != NULL) {
    opt_count--;
    argv[1+opt_count] = ifile; 
  }

  if (mode == mode_online) {   /* live capture */
    int linktype;

    /*
     * sanity check: we can't be in both offline mode and online mode
     * simultaneously
     */
    if ((argc-opt_count > 1) || (ifile != NULL)) {
      fprintf(info, "error: both interface (%s) and pcap input file (%s) specified\n",
	      config.interface, argv[1+opt_count]);
      return usage(argv[0]);
    }

    anon_print_subnets(info);
    
    signal(SIGINT, sig_close);     /* Ctl-C causes graceful shutdown */
    signal(SIGTERM, sig_close);
    // signal(SIGHUP, sig_reload);
    // signal(SIGTSTP, sig_reload);
    signal(SIGQUIT, sig_reload);   /* Ctl-\ causes an info dump      */

    /*
     * set capture interface as needed
     */
    if (strncmp(config.interface, "auto", strlen("auto")) == 0) {
      capture_if = ifl[0].name;
      fprintf(info, "starting capture on interface %s\n", ifl[0].name);
    } else {
      capture_if = config.interface;
    }

    errbuf[0] = 0;
    handle = pcap_open_live(capture_if, 65535, config.promisc, 10000, errbuf);
    if (handle == NULL) {
      fprintf(info, "could not open device %s: %s\n", capture_if, errbuf);
      return -1;
    }
    if (errbuf[0] != 0) {
      fprintf(stderr, "warning: %s\n", errbuf);
    }

    /* verify that we can handle the link layer headers */
    linktype = pcap_datalink(handle);
    if (linktype != DLT_EN10MB) {
      fprintf(info, "device %s has unsupported linktype (%d)\n", 
	      capture_if, linktype);
      return -2;
    }
    
    if (filter_exp) {

      /* compile the filter expression */
      if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
	fprintf(info, "error: could not parse filter %s: %s\n",
		filter_exp, pcap_geterr(handle));
	return -3;
      }
      
      /* apply the compiled filter */
      if (pcap_setfilter(handle, &fp) == -1) {
	fprintf(info, "error: could not install filter %s: %s\n",
		filter_exp, pcap_geterr(handle));
	return -4;
      }

    }

    /*
     * run as daemon, if so configured, without closing stderr and
     * stdout, and without changing the working directory
     */
    if (config.daemon) {
      daemon(1, 1);  
    }
    
    /*
     * flush "info" output stream to ensure log file accuracy
     */
    fflush(info);

    /* 
     * write out JSON preamble
     */ 
    fprintf(output, "{\n");
    config_print_json(output, &config);
    fprintf(output, "\"appflows\": [\n");

    while(1) {
      struct timeval time_of_day, inactive_flow_cutoff;

      /* loop over packets captured from interface */
      pcap_loop(handle, NUM_PACKETS_IN_LOOP, process_packet, NULL);
      
      if (output_level > none) { 
	fprintf(output, "# pcap processing loop done\n");
      }

      if (config.report_exe) {
	/*
	 * periodically obtain host/process flow data
	 */ 
	if (get_host_flow_data() != 0) {
	  fprintf(info, "warning: could not obtain host/process flow data\n");
	}
      }

      /*
       * periodically report on progress
       */
      if ((flocap_stats_get_num_packets() % NUM_PACKETS_BETWEEN_STATS_OUTPUT) == 0) {
	flocap_stats_output(info);
      }

      /* print out inactive flows */
      gettimeofday(&time_of_day, NULL);
      timer_sub(&time_of_day, &time_window, &inactive_flow_cutoff);

      flow_record_list_print_json(&inactive_flow_cutoff);

      if (config.filename) {
	
	/* rotate output file if needed */
	if (config.max_records && (records_in_file > config.max_records)) {

	  /*
	   * write JSON postamble
	   */
	  fprintf(output, "\n] }\n");

	  fclose(output);
	  if (config.upload_servername) {
	    upload_file(filename, config.upload_servername, config.upload_key, config.retain_local);
	  }

	  // printf("records: %d\tmax_records: %d\n", records_in_file, config.max_records);
	  file_count++;
	  if (config.max_records != 0) {
	    snprintf(filename + file_base_len, MAX_FILENAME_LEN - file_base_len, "%d", file_count);
	  }
	  output = fopen(filename, "w");
	  if (output == NULL) {
	    perror("error: could not open output file");
	    return -1;
	  }
	  records_in_file = 0;
	  fprintf(output, "{ \"appflows\": [\n");
	}
      
	/*
	 * flush out buffered debug/info/log messages on the "info" stream
	 */
	fflush(info);
      }

      // fflush(output);
    }

    fprintf(output, "\n] }\n");
    
    if (filter_exp) {
      pcap_freecode(&fp);
    }

    pcap_close(handle);
 

  } else { /* mode = mode_offline */

    if ((argc-opt_count <= 1) && (ifile == NULL)) {
      fprintf(stderr, "error: missing pcap file name(s)\n");
      return usage(argv[0]);
    }

    fprintf(output, "{\n");
    config_print_json(output, &config);
    fprintf(output, "\"appflows\": [\n");

    flow_record_list_init();
    flocap_stats_timer_init();

    for (i=1+opt_count; i<argc; i++) {
    
      if (stat(argv[i], &sb) == 0 && S_ISDIR(sb.st_mode)) {
	if ((dir = opendir(argv[i])) != NULL) {

	  while ((ent = readdir(dir)) != NULL) {
	    if (strcmp(ent->d_name, ".") && strcmp(ent->d_name, "..")) {
	      strcpy(pcap_filename, argv[i]);
	      if (pcap_filename[strlen(pcap_filename)-1] != '/') {
		strcat(pcap_filename, "/");
	      }
	      strcat(pcap_filename, ent->d_name);
	      tmp_ret = process_pcap_file(pcap_filename, filter_exp, &net, &fp);
	      if (tmp_ret < 0) {
		return tmp_ret;
	      }
	    }
	  }

	  closedir(dir);
	} else {
	  /* error opening directory*/
	  printf("Error opening directory: %s\n", argv[i]);
	  return -1;
	}

      } else {
	tmp_ret = process_pcap_file(argv[i], filter_exp, &net, &fp);
	if (tmp_ret < 0) {
	  return tmp_ret;
	}
      }
    }
    
    fprintf(output, "\n]");
    fprintf(output, "\n}\n");
    
  }

  flocap_stats_output(info);
  // config_print(info, &config);

  return 0;
}
예제 #7
0
파일: pcappriv.c 프로젝트: sora/pcappriv
/*
 * main
 */
int main(int argc, char *argv[])
{
	struct pcap_hdr_s pcap_ghdr;
	unsigned char ibuf[PKT_SIZE_MAX];
	struct pcap_pkt *pkt = (struct pcap_pkt *)&ibuf[0];
	int ret, pkt_count = 0;
	FILE *ifp, *ofp = NULL;
	char fname[0xFF];
	struct anon_keys anon;
	u_int16_t ethtype;

	strcpy(anon.passphase, "hoge");

	if (argc != 2) {
		pr_err("Usage: ./pcappriv ./recv.pcap: argc=%d", argc);
		exit(EXIT_FAILURE);
	}

	ifp = fopen(argv[1], "rb");
	if (ifp == NULL) {
		pr_err("cannot open pcap file: %s", argv[1]);
		exit(EXIT_FAILURE);
	}

	// check global pcap header
	ret = fread(ibuf, sizeof(struct pcap_hdr_s), 1, ifp);
	if (ret < 1) {
		pr_err("size of fread is too short: pcap_hdr_s");
		exit(EXIT_FAILURE);
	}

	set_global_pcaphdr(&pcap_ghdr, (char *)ibuf);
	if ((pcap_ghdr.magic_number != PCAP_MAGIC)          ||
	    (pcap_ghdr.version_major != PCAP_VERSION_MAJOR) ||
	    (pcap_ghdr.version_minor != PCAP_VERSION_MINOR)) {
		pr_err("unsupported pcap format:\n"
		       "\tpcap_ghdr.magic_number=%X\n"
		       "\tpcap_ghdr.version_major=%X\n"
		       "\tpcap_ghdr.version_minor=%X",
		       (int)pcap_ghdr.magic_number, (int)pcap_ghdr.version_major,
		       (int)pcap_ghdr.version_minor);
		goto out;
	}

	// create output file
	strcpy(fname, "output.pcap");
	ofp = fopen(fname, "wb");
	if (ofp == NULL) {
		pr_err("cannot create output pcap file.");
		goto out;
	}

	ret = fwrite(&pcap_ghdr, sizeof(struct pcap_hdr_s), 1, ofp);
	if (ret < 1) {
		pr_err("cannot write ghdr.");
		goto out;
	}

	anon_init(&anon);
	cache_init();
	set_signal(SIGINT);

	while (1) {
		// read pcap header
		ret = fread(ibuf, sizeof(struct pcaprec_hdr_s), 1, ifp);
		if (ret < 1) {
			pr_debug("size of fread is too short: pcaprec_hdr_s");
			break;
		}

		// checking packet size
		if ((pkt->pcap.orig_len < PKT_SIZE_MIN) || (pkt->pcap.orig_len > PKT_SIZE_MAX)) {
			pr_warn("Skip a packet: frame original length=%d", (int)pkt->pcap.orig_len);
			fseek(ifp, pkt->pcap.incl_len, SEEK_CUR); // skip the packet data
			continue;
		}

		// read packet data
		ret = fread(ibuf+sizeof(struct pcaprec_hdr_s), pkt->pcap.incl_len, 1, ifp);
		if (ret < 1) {
			pr_err("size of fread is too short: pcap data");
			break;
		}
		INFO_ETH(pkt);

		ethtype = ntohs(pkt->eth.ether_type);
		// ipv4 header
		if (ethtype == ETHERTYPE_IP) {
			INFO_IP4(pkt_count, &pkt->ip4);
			anon4(&anon, &pkt->ip4.ip_dst);
			anon4(&anon, &pkt->ip4.ip_src);

		// ipv6 header
		} else if (ethtype == ETHERTYPE_IPV6) {
			INFO_IP6(pkt_count, &pkt->ip6);
			anon6(&anon, &pkt->ip6.ip6_dst);
			anon6(&anon, &pkt->ip6.ip6_src);

		// ARP
		//} else if (ethtype == ETHERTYPE_ARP) {
		//	set_arp(&pkt, (char *)ibuf + ETHER_HDR_LEN);
		// unknown Ethernet Type
		} else {
			// temp: debug
			pr_warn("EtherType: %04X is not supported", ethtype);
		}

		// write packet data
		ret = fwrite(ibuf, sizeof(struct pcaprec_hdr_s) + pkt->pcap.incl_len, 1, ofp);
		if (ret < 1) {
			pr_err("cannot write pcap file: packet data");
			break;
		}
		++pkt_count;

		if (caught_signal)
			break;
	}

out:
	anon_release(&anon);
	cache_release();
	fclose(ifp);
	fclose(ofp);
	return 0;
}