-2

I post the main function, the struct header is normal. After I run this program, it often stops at some packet, different packet stops at different position,but the certain pcap always stops at certain position. It prints "read end of pcap file", I am not sure whether some pointer is wrong.

    int main()
{
    struct pcap_file_header *file_header;
    struct pcap_pkthdr *ptk_header;
    IPHeader_t *ip_header;
    TCPHeader_t *tcp_header;
    FILE *fp, *output,*testfile;
    int   i=0;
    long pkt_offset;
    long testtime;
    int ip_len, http_len, ip_proto;
    int src_port, dst_port, tcp_flags;
    char buf[BUFSIZE], my_time[20],my_time1[20],my_time2[10];
    char src_ip[STRSIZE], dst_ip[STRSIZE];
    char  host[STRSIZE], uri[BUFSIZE];
    file_header = (struct pcap_file_header *)malloc(sizeof(struct   pcap_file_header));
    ptk_header  = (struct pcap_pkthdr *)malloc(sizeof(struct pcap_pkthdr));
    ip_header = (IPHeader_t *)malloc(sizeof(IPHeader_t));
    tcp_header = (TCPHeader_t *)malloc(sizeof(TCPHeader_t));
    memset(buf, 0, sizeof(buf));

    if((fp = fopen("f:\\1.pcap","r")) == NULL)
    {
        printf("error: can not open pcap file\n");
        exit(0);
    }
    if((output = fopen("output.txt","w+")) == NULL)
    {
         printf("error: can not open output file\n");
         exit(0);
    }
    if((testfile = fopen("test.txt","w+")) == NULL)
    {
        printf("error: can not open test file\n");
        exit(0);
    }

    pkt_offset = 24; //pcap head 
    while(fseek(fp, pkt_offset, SEEK_SET) == 0) 
    {
        i++;
        //pcap_pkt_header 16 byte
        if(fread(ptk_header, 16, 1, fp) == 0) //read pcap packet head
        {   
            fprintf(testfile,"%d-%ld-",i,pkt_offset);
            fprintf(testfile,"\nread end of pcap file\n");
            break;
        }
        pkt_offset += 16 + ptk_header->caplen;   
        fprintf(testfile,"%d-%ld-",i,pkt_offset);
        fprintf(testfile,"%ld",ptk_header->caplen);
        fprintf(testfile,"\n");

        //extract timestamp
        itoa(ptk_header->ts.tv_sec,my_time,10);
        itoa(ptk_header->ts.tv_usec,my_time1,10);
        strcat(my_time,".");
        strncpy(my_time2,my_time1,4);
        my_time2[4] = '\0'; 
        strcat(my_time,my_time2);
        printf("%d: %s\n", i, my_time);
        fwrite(&my_time[0],16,1,output);
        fprintf(output,"\n");
    } // end while
    fclose(fp);
    fclose(output);
    fclose(testfile);
    return 0;
}
NX.Guo
  • 7
  • 3
  • 1
    Use `fopen (..., "rb")` (b for binary). – n. m. could be an AI Jul 13 '16 at 08:45
  • 1
    Unrelated (1) [don't cast malloc result](http://stackoverflow.com/questions/605845/do-i-cast-the-result-of-malloc) (2) free what you malloc (3) you don't *need* to dynamically allocate all these headers, automatic variables would do just fine. – n. m. could be an AI Jul 13 '16 at 08:48
  • Indeed. The `b` in `"rb"` is likely to prevent CRLF translation to LF, which would eliminate the need for `fseek`. The `fseek` here seems like a dirty hack to achieve the same result as the `b`, except that it doesn't solve the whole problem and masks the part it doesn't solve. Did you happen to notice that your program was losing `\n` characters? – autistic Jul 13 '16 at 09:07
  • thank you very much, the actual reason is 'rb' , after I change "r" to "rb", it works! – NX.Guo Jul 13 '16 at 10:23

1 Answers1

-1

You are using a fseek along with a fread in the same loop. Each time you call fread the file pointer increments by the value read. You do not need to call a fseek also to set the file pointer.

Change the while loop like this

while(fread(ptk_header, 16, 1, fp) > 0) //read pcap packet head
{
    i++;
    //pcap_pkt_header 16 byte
    pkt_offset += 16 + ptk_header->caplen;   
    fprintf(testfile,"%d-%ld-",i,pkt_offset);
    fprintf(testfile,"%ld",ptk_header->caplen);
    fprintf(testfile,"\n");

    // further code below
}
Rishikesh Raje
  • 8,556
  • 2
  • 16
  • 31