有人在一次打开PCAP文件列表并将PCAP文件列表输出到一个输出文件方面有经验吗?例如,我有1.pcap,2.pcap和3.pcap,我想对1.pcap,2.pcap和3.pcap进行一些处理,然后将结果合并到一个输出pcap文件(output.pcap )。以下是我目前的代码:
static pcap_t *input = NULL;
input = pcap_open_offline(packet_path, errbuf);
if (input == NULL){exit(0);}
pktMatch = pcap_dump_open(input, "-");
/*Do some processing, eg to find an IP*/
compareIP=true;
if (compareIP){
pcap_dump(pktMatch, &pktHeader, pktData);
continue;
}
上面的代码可用于读取单个输入pcap文件。问题:如果要修改此代码,使其可以在单个pcap_open_offline()方法中打开文件列表(1.pcap,2.pcap,3.pcap),我需要更改什么?有什么专家想建议吗?谢谢
最佳答案
这是一些伪代码;将其转换为真实代码是您的工作:
for (all files) {
new pcap = pcap_open_offline(the file, errbuf);
if (new pcap == NULL) {
fprintf(stderr, "Opening \"%s\" failed: %s\n", the file, errbuf);
exit(1);
}
add new pcap to the list of pcaps to read;
}
mark all files as not having a packet yet;
for (;;) {
for (all open files) {
if (the file doesn't have a packet yet)
read a packet from the file and make it that file's current packet;
}
packet time = nothing;
for (all files) {
/* note: "nothing" is older than all possible times */
if (that file's packet's time is newer than packet time) {
make that file's packet the one to process next;
packet time = that packet's time;
}
}
/*Do some processing on the packet we selected, eg to find an IP*/
if (compareIP)
pcap_dump(pktMatch, &pktHeader, pktData);
mark the file whose packet we selected as not having a packet yet;
}
关于c - 读取PCAP文件列表,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/18093616/