pcapfile.c

   1 /* simple pcap file writer (C) 2018 rofl0r */
   2 #include <unistd.h>
   3 #include <pcap/pcap.h>
   4 #include "endianness.h"
   5
   6 #ifdef SWITCH_ENDIAN
   7 /* if defined allows to use the opposite endian format for testing */
   8 #  define SWAP_IF_SWITCHED(X) end_bswap32(X)
   9 #  define NOT_IF_SWITCHED !
  10 #else
  11 #  define SWAP_IF_SWITCHED(X) X
  12 #  define NOT_IF_SWITCHED
  13 #endif
  14
  15 static void pcapfile_write_header_be(int outfd) {
  16         write(outfd, "\xA1\xB2\xC3\xD4" "\x00\x02\x00\x04"
  17                      "\x00\x00\x00\x00" "\x00\x00\x00\x00"
  18                      "\x00\x04\x00\x00" "\x00\x00\x00\x7F", 24);
  19 }
  20 static void pcapfile_write_header_le(int outfd) {
  21         write(outfd, "\xD4\xC3\xB2\xA1" "\x02\x00\x04\x00"
  22                      "\x00\x00\x00\x00" "\x00\x00\x00\x00"
  23                      "\x00\x00\x04\x00" "\x7F\x00\x00\x00", 24);
  24 }
  25 void pcapfile_write_header(int outfd) {
  26         if (NOT_IF_SWITCHED ENDIANNESS_BE) pcapfile_write_header_be(outfd);
  27         else pcapfile_write_header_le(outfd);
  28 }
  29
  30 void pcapfile_write_packet(int outfd, struct pcap_pkthdr *h_out, const unsigned char* data) {
  31         struct pcap_file_pkthdr {
  32                 unsigned sec_epoch;
  33                 unsigned ms_sec;
  34                 unsigned caplen;
  35                 unsigned len;
  36         } hdr_out = {
  37                 .sec_epoch = SWAP_IF_SWITCHED(h_out->ts.tv_sec),
  38                 .ms_sec = SWAP_IF_SWITCHED(h_out->ts.tv_usec),
  39                 .caplen = SWAP_IF_SWITCHED(h_out->caplen),
  40                 .len = SWAP_IF_SWITCHED(h_out->len),
  41         };
  42         write(outfd, &hdr_out, sizeof hdr_out);
  43         write(outfd, data, h_out->len);
  44 }
  45