这里有人有一次性打开 PCAP 文件列表并将 PCAP 文件列表输出到一个输出文件的经验吗?例如,我有 1.pcap、2.pcap 和 3.pcap,我想对 1.pcap、2.pcap 和 3.pcap 进行一些处理,然后将结果合并到一个输出 pcap 文件(output.pcap) )。以下是我现在的代码:
static pcap_t *input = NULL;
input = pcap_open_offline(packet_path, errbuf);
if (input == NULL){exit(0);}
pktMatch = pcap_dump_open(input, "-");
/*Do some processing, eg to find an IP*/
compareIP=true;
if (compareIP){
pcap_dump(pktMatch, &pktHeader, pktData);
continue;
}
上面的代码可以用于读取单个输入 pcap 文件。问题:如果我想修改此代码,使其可以在单个 pcap_open_offline() 方法中打开文件列表(1.pcap、2.pcap、3.pcap),我需要更改什么?有哪位专家愿意指教一下吗?谢谢
最佳答案
这是一些伪代码;将其变成真正的代码是你的工作:
for (all files) {
new pcap = pcap_open_offline(the file, errbuf);
if (new pcap == NULL) {
fprintf(stderr, "Opening \"%s\" failed: %s\n", the file, errbuf);
exit(1);
}
add new pcap to the list of pcaps to read;
}
mark all files as not having a packet yet;
for (;;) {
for (all open files) {
if (the file doesn't have a packet yet)
read a packet from the file and make it that file's current packet;
}
packet time = nothing;
for (all files) {
/* note: "nothing" is older than all possible times */
if (that file's packet's time is newer than packet time) {
make that file's packet the one to process next;
packet time = that packet's time;
}
}
/*Do some processing on the packet we selected, eg to find an IP*/
if (compareIP)
pcap_dump(pktMatch, &pktHeader, pktData);
mark the file whose packet we selected as not having a packet yet;
}
关于c - 读取 PCAP 文件列表,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/18093616/