1 #ifndef FASTNETMON_PCAP_FORMAT_H 2 #define FASTNETMON_PCAP_FORMAT_H 3 4 #include <stdint.h> 5 #include <unistd.h> 6 #include <stdio.h> 7 #include <sys/stat.h> 8 9 #include <sys/types.h> 10 #include <sys/stat.h> 11 #include <fcntl.h> 12 13 /* 14 pcap dump format: 15 global header: struct pcap_file_header 16 packet header: struct fastnetmon_pcap_pkthdr 17 */ 18 19 /* 20 * Compatibility for systems that have a bpf.h that 21 * predates the bpf typedefs for 64-bit support. 22 */ 23 #if BPF_RELEASE - 0 < 199406 24 typedef int bpf_int32; 25 typedef u_int bpf_u_int32; 26 #endif 27 28 // We use copy and paste from pcap.h here because we do not want to link with pcap here 29 struct fastnetmon_pcap_file_header { 30 bpf_u_int32 magic; 31 u_short version_major; 32 u_short version_minor; 33 bpf_int32 thiszone; /* gmt to local correction */ 34 bpf_u_int32 sigfigs; /* accuracy of timestamps */ 35 bpf_u_int32 snaplen; /* max length saved portion of each pkt */ 36 bpf_u_int32 linktype; /* data link type (LINKTYPE_*) */ 37 }; 38 39 /* 40 TODO: move to this code, get rid any bpf* custom types 41 struct fastnetmon_pcap_file_header { 42 uint32_t magic; 43 uint16_t version_major; 44 uint16_t version_minor; 45 int32_t thiszone; 46 uint32_t sigfigs; 47 uint32_t snaplen; 48 uint32_t linktype; 49 }; 50 */ 51 52 53 // We can't use pcap_pkthdr from upstream because it uses 16 bytes timeval instead of 8 byte and 54 // broke everything 55 struct fastnetmon_pcap_pkthdr { 56 uint32_t ts_sec; /* timestamp seconds */ 57 uint32_t ts_usec; /* timestamp microseconds */ 58 uint32_t incl_len; /* number of octets of packet saved in file */ 59 uint32_t orig_len; /* actual length of packet */ 60 }; 61 62 typedef void (*pcap_packet_parser_callback)(char* buffer, uint32_t len, uint32_t snaplen); 63 64 int pcap_reader(const char* pcap_file_path, pcap_packet_parser_callback pcap_parse_packet_function_ptr); 65 66 bool fill_pcap_header(struct fastnetmon_pcap_file_header* pcap_header, bpf_u_int32 snap_length); 67 68 #endif 69