API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 5th, 2015
213
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.28 KB | None | 0 0
raw download clone embed print report
  1. /*
  2. * Simple tool to discard broken packets and re-synchronize a pcap dump.
  3. * (c) 2015 Konrad Rieck (konrad@mlsec.org)
  4. * --
  5. * Compilation: gcc -Wall -o pcapsync pcapsync.c
  6. */
  7.  
  8. #include <stdint.h>
  9. #include <stdlib.h>
  10. #include <stdio.h>
  11. #include <unistd.h>
  12.  
  13. /* Maximum delay between two packets (24h) */
  14. int max_pkt_delay = 60 * 60 * 24;
  15. /* Maximum packet size (0xffff) */
  16. int max_pkt_size = 0xffff;
  17. /* Name of input pcap dump */
  18. char *pcap_in;
  19. /* Name of output pcap dump */
  20. char *pcap_out;
  21.  
  22. /* File header adapted from pcap.h */
  23. struct pcap_file_header {
  24. uint32_t magic;
  25. uint16_t version_major;
  26. uint16_t version_minor;
  27. int32_t thiszone; /* gmt to local correction */
  28. uint32_t sigfigs; /* accuracy of timestamps */
  29. uint32_t snaplen; /* max length saved portion of each pkt */
  30. uint32_t linktype; /* data link type (LINKTYPE_*) */
  31. };
  32.  
  33. /* Packet header adapted from pcap.h */
  34. struct pcap_pkt_hdr {
  35. uint32_t ts_sec; /* time stamp */
  36. uint32_t ts_usec;
  37. uint32_t caplen; /* length of portion present */
  38. uint32_t len; /* length of this packet (off wire) */
  39. };
  40.  
  41. /* Print usage of the tool */
  42. void print_usage()
  43. {
  44. printf("Usage: pcapsync [-d delay] [-s size] pcap-in pcap-out\n"
  45. " -d delay Maximum packet delay in seconds (Default: %d)\n"
  46. " -s size Maximum packet size in bytes (Default: %d)\n",
  47. max_pkt_delay, max_pkt_size);
  48. }
  49.  
  50. /* Parse options using getopt(2) */
  51. void parse_args(int argc, char **argv)
  52. {
  53. int ch;
  54.  
  55. while ((ch = getopt(argc, argv, "d:s:")) != -1) {
  56. switch (ch) {
  57. case 'd':
  58. max_pkt_delay = atoi(optarg);
  59. break;
  60. case 's':
  61. max_pkt_size = atoi(optarg);
  62. break;
  63. case 'h':
  64. default:
  65. print_usage();
  66. exit(EXIT_FAILURE);
  67. }
  68. }
  69. argc -= optind;
  70. argv += optind;
  71.  
  72. /* Get file names */
  73. if (argc != 2) {
  74. print_usage();
  75. exit(EXIT_FAILURE);
  76. } else {
  77. pcap_in = argv[0];
  78. pcap_out = argv[1];
  79. }
  80. }
  81.  
  82. /* Sanity check on file header */
  83. int check_header(struct pcap_file_header *hdr)
  84. {
  85. if (hdr->magic == 0xd4c3b2a1) {
  86. fprintf(stderr, "%s: Wrong endianess\n", pcap_in);
  87. return 0;
  88. }
  89. if (hdr->magic != 0xa1b2c3d4) {
  90. fprintf(stderr, "%s: Invalid file header\n", pcap_in);
  91. return 0;
  92. }
  93.  
  94. return 1;
  95. }
  96.  
  97. /* Sanity checks on packet header */
  98. int check_packet(struct pcap_pkt_hdr *pkt)
  99. {
  100. static uint32_t last = 0;
  101.  
  102. /* Get time of first packet */
  103. if (last == 0)
  104. last = pkt->ts_sec;
  105.  
  106. /* Sanity check on header */
  107. if (pkt->caplen > max_pkt_size)
  108. return 0;
  109. if (pkt->caplen > pkt->len)
  110. return 0;
  111. if (abs(last - pkt->ts_sec) > max_pkt_delay)
  112. return 0;
  113.  
  114. /* Store timestamp */
  115. last = pkt->ts_sec;
  116.  
  117. return 1;
  118. }
  119.  
  120. /* Main function */
  121. int main(int argc, char **argv)
  122. {
  123. FILE *in = NULL, *out = NULL;
  124. int ret;
  125. char *data, buf[256];
  126. struct pcap_pkt_hdr *pkt = (struct pcap_pkt_hdr *) buf;
  127. struct pcap_file_header *hdr = (struct pcap_file_header *) buf;
  128.  
  129. /* Parse arguments */
  130. parse_args(argc, argv);
  131.  
  132. /* Allocate memory */
  133. data = malloc(max_pkt_size);
  134. if (!data) {
  135. fprintf(stderr, "Could not allocate memory");
  136. return EXIT_FAILURE;
  137. }
  138.  
  139. /* Open input and output file */
  140. in = fopen(pcap_in, "r");
  141. out = fopen(pcap_out, "w");
  142. if (!in || !out) {
  143. perror(in ? pcap_out : pcap_in);
  144. return EXIT_FAILURE;
  145. }
  146.  
  147. /* Read file header */
  148. ret = fread(hdr, sizeof(struct pcap_file_header), 1, in);
  149. if (ret != 1) {
  150. perror(pcap_in);
  151. return EXIT_FAILURE;
  152. }
  153. if (!check_header(hdr))
  154. return EXIT_FAILURE;
  155.  
  156. /* Write file header */
  157. ret = fwrite(hdr, sizeof(struct pcap_file_header), 1, out);
  158. if (ret != 1) {
  159. perror(pcap_out);
  160. return EXIT_FAILURE;
  161. }
  162.  
  163. while (!feof(in)) {
  164. /* Attempt to read packet */
  165. ret = fread(pkt, sizeof(struct pcap_pkt_hdr), 1, in);
  166. if (ret != 1)
  167. continue;
  168.  
  169. /* Check packet for sanity and move on on error */
  170. if (!check_packet(pkt)) {
  171. fseek(in, 1 - sizeof(struct pcap_pkt_hdr), SEEK_CUR);
  172. continue;
  173. }
  174.  
  175. /* Read packet payload */
  176. ret = fread(data, pkt->caplen, 1, in);
  177. if (ret != 1) {
  178. perror(pcap_in);
  179. continue;
  180. }
  181.  
  182. /* Write out packet */
  183. ret = fwrite(buf, sizeof(struct pcap_pkt_hdr), 1, out);
  184. ret += fwrite(data, pkt->caplen, 1, out);
  185. if (ret != 2)
  186. perror(pcap_out);
  187. }
  188.  
  189. /* Cean up */
  190. free(data);
  191. fclose(out);
  192. fclose(in);
  193.  
  194. exit(EXIT_SUCCESS);
  195. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!