Merge pull request #113 from infokek/pcap-logger-original-timestamps

Original PCAP timestamps instead of timeofday-generated
This commit is contained in:
Alexandre Dulaunoy 2024-10-17 06:26:07 +02:00 committed by GitHub
commit b8fa2f4bbf
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 28 additions and 9 deletions

View file

@ -254,12 +254,16 @@ void logpkt_ctx_init(logpkt_ctx_t *ctx,
const struct sockaddr *src_addr, const struct sockaddr *src_addr,
socklen_t src_addr_len, socklen_t src_addr_len,
const struct sockaddr *dst_addr, const struct sockaddr *dst_addr,
socklen_t dst_addr_len) { socklen_t dst_addr_len,
const uint32_t *timestamp_sec,
const uint32_t *timestamp_usec) {
ctx->libnet = libnet; ctx->libnet = libnet;
memcpy(ctx->src_ether, src_ether, ETHER_ADDR_LEN); memcpy(ctx->src_ether, src_ether, ETHER_ADDR_LEN);
memcpy(ctx->dst_ether, dst_ether, ETHER_ADDR_LEN); memcpy(ctx->dst_ether, dst_ether, ETHER_ADDR_LEN);
memcpy(&ctx->src_addr, src_addr, src_addr_len); memcpy(&ctx->src_addr, src_addr, src_addr_len);
memcpy(&ctx->dst_addr, dst_addr, dst_addr_len); memcpy(&ctx->dst_addr, dst_addr, dst_addr_len);
memcpy(&ctx->timestamp_sec, timestamp_sec, sizeof(timestamp_sec));
memcpy(&ctx->timestamp_usec, timestamp_usec, sizeof(timestamp_usec));
ctx->src_seq = 0; ctx->src_seq = 0;
ctx->dst_seq = 0; ctx->dst_seq = 0;
if(mtu) { if(mtu) {
@ -275,13 +279,17 @@ void logpkt_ctx_init(logpkt_ctx_t *ctx,
* Write the layer 2 frame contained in *pkt* to file descriptor *fd* already * Write the layer 2 frame contained in *pkt* to file descriptor *fd* already
* open for writing. First writes a PCAP record header, then the actual frame. * open for writing. First writes a PCAP record header, then the actual frame.
*/ */
static int logpkt_pcap_write(const uint8_t *pkt, size_t pktsz, int fd) { static int logpkt_pcap_write(const uint8_t *pkt, size_t pktsz, int fd, uint32_t timestamp_sec, uint32_t timestamp_usec) {
pcap_rec_hdr_t rec_hdr; pcap_rec_hdr_t rec_hdr;
struct timeval tv; struct timeval tv;
if (timestamp_sec != 0 || timestamp_usec != 0) {
rec_hdr.ts_sec = timestamp_sec;
rec_hdr.ts_usec = timestamp_usec;
} else {
gettimeofday(&tv, NULL); gettimeofday(&tv, NULL);
rec_hdr.ts_sec = tv.tv_sec; rec_hdr.ts_sec = tv.tv_sec;
rec_hdr.ts_usec = tv.tv_usec; rec_hdr.ts_usec = tv.tv_usec;
}
rec_hdr.orig_len = rec_hdr.incl_len = pktsz; rec_hdr.orig_len = rec_hdr.incl_len = pktsz;
if(write(fd, &rec_hdr, sizeof(rec_hdr)) != sizeof(rec_hdr)) { if(write(fd, &rec_hdr, sizeof(rec_hdr)) != sizeof(rec_hdr)) {
@ -488,7 +496,8 @@ static int logpkt_write_packet(logpkt_ctx_t *ctx,
CSA(&ctx->dst_addr), CSA(&ctx->src_addr), flags, CSA(&ctx->dst_addr), CSA(&ctx->src_addr), flags,
ctx->dst_seq, ctx->src_seq, payload, payloadlen); ctx->dst_seq, ctx->src_seq, payload, payloadlen);
} }
rv = logpkt_pcap_write(buf, sz, fd);
rv = logpkt_pcap_write(buf, sz, fd, ctx->timestamp_sec, ctx->timestamp_usec);
if(rv == -1) { if(rv == -1) {
printf("Error writing packet to PCAP file\n"); printf("Error writing packet to PCAP file\n");
return -1; return -1;

View file

@ -51,6 +51,8 @@ typedef struct {
uint32_t src_seq; uint32_t src_seq;
uint32_t dst_seq; uint32_t dst_seq;
size_t mss; size_t mss;
uint32_t timestamp_sec;
uint32_t timestamp_usec;
} logpkt_ctx_t; } logpkt_ctx_t;
#define LOGPKT_REQUEST 0 #define LOGPKT_REQUEST 0
@ -65,7 +67,9 @@ void logpkt_ctx_init(logpkt_ctx_t *,
const struct sockaddr *, const struct sockaddr *,
socklen_t, socklen_t,
const struct sockaddr *, const struct sockaddr *,
socklen_t); socklen_t,
const uint32_t *,
const uint32_t *);
int logpkt_write_payload(logpkt_ctx_t *, int logpkt_write_payload(logpkt_ctx_t *,
int, int,
int, int,

View file

@ -72,6 +72,10 @@ static int create_pcap_logger(proto_obj **objp,
int _status; int _status;
logpkt_ctx_t *pcap_obj = 0; logpkt_ctx_t *pcap_obj = 0;
struct sockaddr_in src_addr, dst_addr; struct sockaddr_in src_addr, dst_addr;
uint32_t timestamp_sec, timestamp_usec;
timestamp_sec = base_time->tv_sec;
timestamp_usec = base_time->tv_usec;
if(!(pcap_obj = (logpkt_ctx_t *)calloc(1, sizeof(logpkt_ctx_t)))) if(!(pcap_obj = (logpkt_ctx_t *)calloc(1, sizeof(logpkt_ctx_t))))
ABORT(R_NO_MEMORY); ABORT(R_NO_MEMORY);
@ -89,7 +93,9 @@ static int create_pcap_logger(proto_obj **objp,
logpkt_ctx_init(pcap_obj, NULL, 0, content_pcap_src_ether, logpkt_ctx_init(pcap_obj, NULL, 0, content_pcap_src_ether,
content_pcap_dst_ether, (const struct sockaddr *)&src_addr, content_pcap_dst_ether, (const struct sockaddr *)&src_addr,
sizeof(src_addr), (const struct sockaddr *)&dst_addr, sizeof(src_addr), (const struct sockaddr *)&dst_addr,
sizeof(dst_addr)); sizeof(dst_addr),
&timestamp_sec,
&timestamp_usec);
*objp = (proto_obj *)pcap_obj; *objp = (proto_obj *)pcap_obj;
_status = 0; _status = 0;
abort: abort: