diff options
| author | Francois-Xavier Le Bail <devel.fx.lebail@orange.fr> | 2018-08-01 13:44:00 +0200 |
|---|---|---|
| committer | Francois-Xavier Le Bail <devel.fx.lebail@orange.fr> | 2018-08-01 13:57:41 +0200 |
| commit | 5f2a5c03e0f91bc2dc2ae33838db273dd6c7d8d9 (patch) | |
| tree | db8bae8fdda05e4e080a2c7388659219fbf4e5ad /sf-pcap.c | |
| parent | 72790d83d4d0280525f60b9dc010c82cc7bdb5c3 (diff) | |
Set always 'time zone offset' field to zero in the pcap file header
As documented in https://www.tcpdump.org/manpages/pcap-savefile.5.txt,
this field must be 0.
It was previously propagated from the input file to the output file
when reading/writing with: tcpdump -r input.pcap -w output.pcap
Add/update the appropriate comments.
Moreover:
Set the initializations in the order of structure fields.
Diffstat (limited to 'sf-pcap.c')
| -rw-r--r-- | sf-pcap.c | 16 |
1 files changed, 11 insertions, 5 deletions
@@ -699,7 +699,7 @@ pcap_next_packet(pcap_t *p, struct pcap_pkthdr *hdr, u_char **data) } static int -sf_write_header(pcap_t *p, FILE *fp, int linktype, int thiszone, int snaplen) +sf_write_header(pcap_t *p, FILE *fp, int linktype, int snaplen) { struct pcap_file_header hdr; @@ -707,9 +707,15 @@ sf_write_header(pcap_t *p, FILE *fp, int linktype, int thiszone, int snaplen) hdr.version_major = PCAP_VERSION_MAJOR; hdr.version_minor = PCAP_VERSION_MINOR; - hdr.thiszone = thiszone; - hdr.snaplen = snaplen; + /* + * https://www.tcpdump.org/manpages/pcap-savefile.5.txt states: + * thiszone: 4-byte time zone offset; this is always 0. + * sigfigs: 4-byte number giving the accuracy of time stamps + * in the file; this is always 0. + */ + hdr.thiszone = 0; hdr.sigfigs = 0; + hdr.snaplen = snaplen; hdr.linktype = linktype; if (fwrite((char *)&hdr, sizeof(hdr), 1, fp) != 1) @@ -754,7 +760,7 @@ pcap_setup_dump(pcap_t *p, int linktype, FILE *f, const char *fname) else setvbuf(f, NULL, _IONBF, 0); #endif - if (sf_write_header(p, f, linktype, p->tzoff, p->snapshot) == -1) { + if (sf_write_header(p, f, linktype, p->snapshot) == -1) { pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE, errno, "Can't write to %s", fname); if (f != stdout) @@ -986,7 +992,7 @@ pcap_dump_open_append(pcap_t *p, const char *fname) /* * A header isn't present; attempt to write it. */ - if (sf_write_header(p, f, linktype, p->tzoff, p->snapshot) == -1) { + if (sf_write_header(p, f, linktype, p->snapshot) == -1) { pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE, errno, "Can't write to %s", fname); (void)fclose(f); |