mirror of
https://github.com/zeek/zeek.git
synced 2025-10-06 00:28:21 +00:00
789cb376fd
This also installs symlinks from "zeek" and "bro-config" to a wrapper script that prints a deprecation warning. The btests pass, but this is still WIP. broctl renaming is still missing. #239
42 lines
915 B
C++
42 lines
915 B
C++
// See the file "COPYING" in the main distribution directory for copyright.
|
|
|
|
|
|
#include "zeek-config.h"
|
|
|
|
#include <assert.h>
|
|
#include <stdlib.h>
|
|
|
|
#include "Event.h"
|
|
#include "Net.h"
|
|
#include "PacketDumper.h"
|
|
|
|
PacketDumper::PacketDumper(pcap_dumper_t* arg_pkt_dump)
|
|
{
|
|
last_timestamp.tv_sec = last_timestamp.tv_usec = 0;
|
|
|
|
pkt_dump = arg_pkt_dump;
|
|
if ( ! pkt_dump )
|
|
reporter->InternalError("PacketDumper: nil dump file");
|
|
}
|
|
|
|
void PacketDumper::DumpPacket(const struct pcap_pkthdr* hdr,
|
|
const u_char* pkt, int len)
|
|
{
|
|
if ( pkt_dump )
|
|
{
|
|
struct pcap_pkthdr h = *hdr;
|
|
h.caplen = len;
|
|
if ( h.caplen > hdr->caplen )
|
|
reporter->InternalError("bad modified caplen");
|
|
|
|
pcap_dump((u_char*) pkt_dump, &h, pkt);
|
|
}
|
|
}
|
|
|
|
void PacketDumper::SortTimeStamp(struct timeval* timestamp)
|
|
{
|
|
if ( time_compare(&last_timestamp, timestamp) > 0 )
|
|
*timestamp = last_timestamp;
|
|
else
|
|
last_timestamp = *timestamp;
|
|
}
|