tcpflow  1.6.1
About: tcpflow is a TCP/IP packet demultiplexer that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging.
  Fossies Dox: tcpflow-1.6.1.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

pcap_writer.h
Go to the documentation of this file.
1 /*
2  * pcap_writer.h:
3  *
4  * A class for writing pcap files
5  */
6 
7 #ifndef HAVE_PCAP_WRITER_H
8 #define HAVE_PCAP_WRITER_H
9 class pcap_writer {
10  /* These are not implemented */
13  class write_error: public std::exception {
14  virtual const char *what() const throw() {
15  return "write error in pcap_write";
16  }
17  };
18 
20  PCAP_MAX_PKT_LEN = 65535, // wire shark may reject larger
21  PCAP_HEADER_SIZE = 4+2+2+4+4+4+4,
22  };
23  FILE *fcap; // where file is written
24  void write_bytes(const uint8_t * const val, size_t num_bytes) {
25  size_t count = fwrite(val,1,num_bytes,fcap);
26  if (count != num_bytes) throw new write_error();
27  }
28  void write2(const uint16_t val) {
29  size_t count = fwrite(&val,1,2,fcap);
30  if (count != 2) throw new write_error();
31  }
32  void write4(const uint32_t val) {
33  size_t count = fwrite(&val,1,4,fcap);
34  if (count != 4) throw new write_error();
35  }
36  void open(const std::string &fname) {
37  fcap = fopen(fname.c_str(),"wb"); // write the output
38  if(fcap==0) throw new write_error();
39  }
40  void write_header(const int pcap_dlt){
41  write4(0xa1b2c3d4);
42  write2(2); // major version number
43  write2(4); // minor version number
44  write4(0); // time zone offset; always 0
45  write4(0); // accuracy of time stamps in the file; always 0
46  write4(PCAP_MAX_PKT_LEN); // snapshot length
47  write4(pcap_dlt); // link layer encapsulation
48  }
49  void copy_header(const std::string &ifname){
50  /* assert byte order is correct */
51  FILE *f2 = fopen(ifname.c_str(),"rb");
52  if(f2==0) throw new write_error();
53  u_char buf[PCAP_HEADER_SIZE];
54  if(fread(buf,1,sizeof(buf),f2)!=sizeof(buf)) throw new write_error();
55  if((buf[0]!=0xd4) || (buf[1]!=0xc3) || (buf[2]!=0xb2) || (buf[3]!=0xa1)){
56  std::cout << "pcap file " << ifname << " is in wrong byte order. Cannot continue.\n";
57  throw new write_error();
58  }
59  if(fwrite(buf,1,sizeof(buf),fcap)!=sizeof(buf)) throw new write_error();
60  if(fclose(f2)!=0) throw new write_error();
61  }
62 
63 public:
65 
66  static pcap_writer *open_new(const std::string &ofname){
67  pcap_writer *pcw = new pcap_writer();
68  pcw->open(ofname);
69  pcw->write_header(DLT_EN10MB); // static for temporary regression
70  return pcw;
71  }
72  static pcap_writer *open_copy(const std::string &ofname,const std::string &ifname){
73  pcap_writer *pcw = new pcap_writer();
74  pcw->open(ofname);
75  pcw->copy_header(ifname);
76  return pcw;
77  }
78  virtual ~pcap_writer(){
79  if(fcap) fclose(fcap);
80  }
81  void writepkt(const struct pcap_pkthdr *h,const u_char *p) {
82  /* Write a packet */
83  write4(h->ts.tv_sec); // time stamp, seconds avalue
84  write4(h->ts.tv_usec); // time stamp, microseconds
85  write4(h->caplen);
86  write4(h->len);
87  size_t count = fwrite(p,1,h->caplen,fcap); // the packet
88  if(count!=h->caplen) throw new write_error();
89  }
90  void refresh_sink(const std::string &fname, const int pcap_dlt) {
91  open(fname);
92  write_header(pcap_dlt);
93  }
94  void update_sink(FILE *sink) {
95  fcap = sink;
96  }
97  FILE* yield_sink() {
98  return fcap;
99  }
100 };
101 
102 #endif
virtual const char * what() const
Definition: pcap_writer.h:14
FILE * yield_sink()
Definition: pcap_writer.h:97
@ PCAP_RECORD_HEADER_SIZE
Definition: pcap_writer.h:19
@ PCAP_HEADER_SIZE
Definition: pcap_writer.h:21
@ PCAP_MAX_PKT_LEN
Definition: pcap_writer.h:20
void write_bytes(const uint8_t *const val, size_t num_bytes)
Definition: pcap_writer.h:24
virtual ~pcap_writer()
Definition: pcap_writer.h:78
void write_header(const int pcap_dlt)
Definition: pcap_writer.h:40
void open(const std::string &fname)
Definition: pcap_writer.h:36
pcap_writer & operator=(const pcap_writer &that)
void update_sink(FILE *sink)
Definition: pcap_writer.h:94
static pcap_writer * open_new(const std::string &ofname)
Definition: pcap_writer.h:66
static pcap_writer * open_copy(const std::string &ofname, const std::string &ifname)
Definition: pcap_writer.h:72
FILE * fcap
Definition: pcap_writer.h:23
pcap_writer(const pcap_writer &t)
void write4(const uint32_t val)
Definition: pcap_writer.h:32
void copy_header(const std::string &ifname)
Definition: pcap_writer.h:49
void write2(const uint16_t val)
Definition: pcap_writer.h:28
void writepkt(const struct pcap_pkthdr *h, const u_char *p)
Definition: pcap_writer.h:81
void refresh_sink(const std::string &fname, const int pcap_dlt)
Definition: pcap_writer.h:90
unsigned int uint32_t
Definition: core.h:40
#define DLT_EN10MB
Definition: pcap_fake.h:69
uint32_t caplen
Definition: pcap_fake.h:37
struct timeval ts
Definition: pcap_fake.h:36
uint32_t len
Definition: pcap_fake.h:38
unsigned short uint16_t
Definition: util.h:7
unsigned char uint8_t
Definition: util.h:6