int main(void) { buffer_t *b; packet_t *pkt_ptr; unsigned i = 0; struct ip *ip_hdr; char ip1[256], ip2[256]; b = buffer_new(); buffer_init_capture(b); for ( ; ; ) { /* pkt_ptr->data points to the ip header of the packet */ while ( (pkt_ptr = buffer_get_packet(b)) == NULL) ; printf("Packet: %d\n", ++i); printf("\tmac: %02X:%02X:%02X:%02X:%02X:%02X\n", ((unsigned)pkt_ptr->mac[0])%0x100, ((unsigned)pkt_ptr->mac[1])%0x100, ((unsigned)pkt_ptr->mac[2])%0x100, ((unsigned)pkt_ptr->mac[3])%0x100, ((unsigned)pkt_ptr->mac[4])%0x100, ((unsigned)pkt_ptr->mac[5])%0x100); printf("\tlength: %d\n", pkt_ptr->length); ip_hdr = (struct ip *) pkt_ptr->data; printf("* IP info: header_len: %u saddr: %s daddr: %s\n", ip_hdr->ip_hl, inet_ntop(AF_INET, &ip_hdr->ip_src, ip1, 256), inet_ntop(AF_INET, &ip_hdr->ip_dst, ip2, 256)); } buffer_stop_capture(b); buffer_free(b); return 0; }
static int st_joining(struct state *st) { struct pkt pkt; int ret; // Actually attempt to join the data if (st->buffer_offset >= 0) { struct pkt pkts[REQUIRED_MATCHES]; struct pkt old_pkts[REQUIRED_MATCHES]; int synced = 0; int disk_offset = 0; int buffer_start = st->buffer_offset; for (disk_offset=disk_offset; (disk_offset+REQUIRED_MATCHES) < SKIP_AMOUNT && !synced; disk_offset++) { fill_buffer(st, pkts, REQUIRED_MATCHES, packet_get_next_raw); for (st->search_limit = 0; (st->search_limit + REQUIRED_MATCHES) < SKIP_AMOUNT && !synced; st->search_limit++) { int i; int matches_found = 0; fill_buffer(st, old_pkts, REQUIRED_MATCHES, buffer_get_packet); // Check to see if our run matches up for (i=0; i<REQUIRED_MATCHES; i++) { int dat = pkts[i].data.nand_cycle.data; int old_dat = old_pkts[i].data.nand_cycle.data; int ctrl = pkts[i].data.nand_cycle.control; int old_ctrl = old_pkts[i].data.nand_cycle.control; if (dat == old_dat && ctrl == old_ctrl) matches_found++; } // If enough packets match, we're synced if (matches_found >= REQUIRED_MATCHES-1) { st->last_sec_dif = st->sec_dif; st->last_nsec_dif = st->nsec_dif; st->sec_dif = -(pkts[REQUIRED_MATCHES/2].header.sec-old_pkts[REQUIRED_MATCHES/2].header.sec); st->nsec_dif = -(pkts[REQUIRED_MATCHES/2].header.nsec-old_pkts[REQUIRED_MATCHES/2].header.nsec); if (st->nsec_dif > 1000000000L) { st->nsec_dif -= 1000000000L; st->sec_dif++; } else if (st->nsec_dif < 0) { st->nsec_dif += 1000000000L; st->sec_dif--; } synced=1; buffer_unget_packet(st, old_pkts); } else { empty_buffer(st, old_pkts, REQUIRED_MATCHES, buffer_unget_packet); buffer_get_packet(st, old_pkts); } } if (!synced) { empty_buffer(st, pkts, REQUIRED_MATCHES, packet_unget); empty_buffer(st, old_pkts, REQUIRED_MATCHES, buffer_unget_packet); packet_get_next_raw(st, pkts); } } if (!synced) printf("Couldn't join\n"); // Now we're synced, just ignore the rest of the matched-buffer // packets. This is because if they're in the buffer, they've // already been written out. int tries = 0; while ((st->buffer_offset+st->search_limit)%SKIP_AMOUNT != buffer_start-1) { struct pkt old_pkt; int dat, old_dat, ctrl, old_ctrl; buffer_get_packet(st, &old_pkt); packet_get_next_raw(st, &pkt); dat = pkt.data.nand_cycle.data; old_dat = old_pkt.data.nand_cycle.data; ctrl = pkt.data.nand_cycle.control; old_ctrl = old_pkt.data.nand_cycle.control; tries++; if ((dat != old_dat) || (ctrl != old_ctrl)) { printf("Join anomaly after %d tries: %d/%d and %d/%d\n", tries, old_dat, dat, old_ctrl, ctrl); } } st->buffer_offset = -1; st->search_limit = 0; } // Done now, copy data while ((ret = packet_get_next_raw(st, &pkt)) == 0) { if (!is_nand(st, &pkt)) { packet_unget(st, &pkt); jstate_set(st, ST_SEARCHING); break; } if (st->nsec_dif > 0) { pkt.header.nsec += st->nsec_dif; if (pkt.header.nsec > 1000000000L) { pkt.header.nsec -= 1000000000L; pkt.header.sec++; } pkt.header.sec += st->sec_dif; } else { pkt.header.nsec -= st->nsec_dif; if (pkt.header.nsec <= 0) { pkt.header.nsec += 1000000000L; pkt.header.sec--; } pkt.header.sec -= st->sec_dif; } packet_write(st, &pkt); buffer_put_packet(st, &pkt); } return ret; }