Offset counter in tcpdump

[Robert.S.Gray () dartmouth edu (Robert S. Gray)]

Hello all,

I made a small addition to libpcap for a project here (the diff is below my signature), and I thought it might be 
useful to others. The change just lets me get the offset of a packet even when the packet records that libpcap is 
reading are not actually in a file. In my case, we were piping packets from gunzip into libpcap with a redirection 
trick, and wanted to be able to "seek" to a packet of interest later. So I made these changes to count the byte offset 
directly, rather than relying on ftell, etc.

Cheers,
Bob 

--------------------------------------------------------------

diff libpcap-0.8.3-offset/pcap-int.h /home/rgray/codebase/external/libpcap-0.8.3/pcap-int.h
66,68d65
< #ifndef STANDARD_PCAP
<       u_long offset;  // current offset within the file 
< #endif
diff libpcap-0.8.3-offset/pcap.h /home/rgray/codebase/external/libpcap-0.8.3/pcap.h
170,172d169
< #ifndef STANDARD_PCAP
< u_long pcap_file_offset (pcap_t *);
< #endif
diff libpcap-0.8.3-offset/savefile.c /home/rgray/codebase/external/libpcap-0.8.3/savefile.c
596,602d595
< #ifndef STANDARD_PCAP
< u_long pcap_file_offset (pcap_t *p) 
< {
<     return (p->sf.offset);
< } 
< #endif
< 
639,641d631
< #ifndef STANDARD_PCAP
<       p->sf.offset += sizeof(hdr);    // offset now at the end of the header
< #endif
789,793d778
< #ifndef STANDARD_PCAP
<       if (amt_read > 0) {
<           p->sf.offset += amt_read;
<       }
< #endif
876,880d860
< #ifndef STANDARD_PCAP
<               if (amt_read > 0) {
<                   p->sf.offset += amt_read;
<               }
< #endif
906,910d885
< #ifndef STANDARD_PCAP
<               if (amt_read > 0) {
<                   p->sf.offset += amt_read;
<               }
< #endif
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.