> Attached is the code for editpcap.c.
>
> It shows how to read a capture file and in this case simply drop frames.
>
> I should be fixed up to do a few more things.
>
> It also exposes the need to fix some aspects of wiretap, like moving some
> record definitions out of .c files into header files.
I've attached a version that used Wiretap to *write* the capture file as
well; that means it no longer contains record definitions, so there's no
need to move record definitions out of wiretap.
It also means that, if, as, and when we add to Wiretap the ability to
write non-"libpcap" files, it can be used to translate capture files
from any format Wiretap reads to any format Wiretap writes (assuming
such a translation is possible - it wouldn't be possible to take an
"iptrace" capture that has more than one link-layer type in it and write
out a capture in any format that doesn't have per-packet link layer
types, for example).
I also used Wiretap's "wtap_strerror()" routine to print the error
messages, so it uses the value in "err".
(I also changed it not to care if you didn't supply a list of frames to
drop, as it could be useful even if you *don't* drop frames, as a way of
translating a capture file from one format to another, as noted.)
#include <stdio.h>
#include <glib.h>
#include <sys/time.h>
#include "wtap.h"
int delete[100], max_delete = -1;
/* Can we delete the record? */
int deleteit(int recno)
{
int i = 0;
for (i = 0; i<= max_delete; i++) {
if (recno == delete[i]) return 1;
}
return 0;
}
typedef struct {
char *filename;
char *buf;
wtap_dumper *pdh;
} callback_arg;
static int count = 1;
static void
edit_callback(u_char *user, const struct wtap_pkthdr *phdr, int offset,
const u_char *buf)
{
callback_arg *argp = (callback_arg *)user;
int err;
if (!deleteit(count)) {
printf("Record: %u\n", count);
if (!wtap_dump(argp->pdh, phdr, argp->buf, &err)) {
fprintf(stderr, "editpcap: Error writing to %s: %s\n", argp->filename,
wtap_strerror(err));
exit(1);
}
}
count++;
}
int main(int argc, char *argv[])
{
wtap *wth;
int read_bytes, pcnt = 0, i, err;
char buf[65536];
callback_arg args;
if (argc < 3) {
fprintf(stderr, "Usage: editpcap <infile> <outfile> [ <record#> ... ]\n");
exit(1);
}
wth = wtap_open_offline(argv[1], &err);
if (!wth) {
fprintf(stderr, "editpcap: Can't open %s: %s\n", argv[1],
wtap_strerror(err));
exit(1);
}
args.filename = argv[2];
args.buf = buf;
args.pdh = wtap_dump_open(argv[2], WTAP_FILE_PCAP,
wtap_file_encap(wth), wtap_snapshot_length(wth), &err);
if (args.pdh == NULL) {
fprintf(stderr, "editpcap: Can't open or create %s: %s\n", argv[2],
wtap_strerror(err));
exit(1);
}
for (i = 3; i < argc; i++)
delete[++max_delete] = atoi(argv[i]);
wtap_loop(wth, 0, edit_callback, (char *)&args, &err);
if (!wtap_dump_close(args.pdh, &err)) {
fprintf(stderr, "editpcap: Error writing to %s: %s\n", argv[2],
wtap_strerror(err));
exit(1);
}
exit(0);
}
