I am trying to read pcap file to some data structure like vector or array and later use gathered data (only selected one like packet length, timestamp) in application. I've found some sample application for reading pcap:
#include <stdio.h>
#include <pcap.h>
#define LINE_LEN 16
void dispatcher_handler(u_char *, const struct pcap_pkthdr *, const u_char *);
int main(int argc, char **argv)
{
pcap_t *fp;
char errbuf[PCAP_ERRBUF_SIZE];
if(argc != 2)
{
printf("usage: %s filename", argv[0]);
return -1;
}
/* Open the capture file */
if ((fp = pcap_open_offline(argv[1], // name of the device
errbuf // error buffer
)) == NULL)
{
fprintf(stderr,"\nUnable to open the file %s.\n", argv[1]);
return -1;
}
/* read and dispatch packets until EOF is reached */
pcap_loop(fp, 0, dispatcher_handler, NULL);
pcap_close(fp);
return 0;
}
void dispatcher_handler(u_char *temp1,
const struct pcap_pkthdr *header,
const u_char *pkt_data)
{
u_int i=0;
/*
* unused variable
*/
(VOID*)temp1;
/* print pkt timestamp and pkt len */
printf("%ld:%ld (%ld)\n", header->ts.tv_sec, header->ts.tv_usec, header->len);
printf("\n\n");
}
The problem is with pcap_loop(). I've found documentation for this, but the only information is that this is reading whole file until end of file is reached. I've been trying to treat file as a typical FILE, and in while loop read until EOF, but it doesn't work, because I cannot simply treat fp as FILE.
Also I don't see any possibility to pass pointer to pcap_handler to retrieve it later.
Can someone suggest how I can do it other way?
According to documentation your code looks right. pcap_loop should be doing the FILE reading, you shouldn't try to do it.
One thing the doc mentions is that in older pcap versions 0 for count in pcap_loop is undefined, so it should be safer to use -1 in case you are linking to an older version.
I after further documentation and Internet investigation I've found function: pcap_next_ex()
Thanks to that I can use now while loop and read line by line (or more precisely packet by packet). The general idea is as follows:
struct pcap_pkthdr *header;
const u_char *pkt_data;
int res;
while((res = pcap_next_ex(fp, &header, &pkt_data)) >= 0)
{
//Process packet
}
I've been trying to treat file as a typical FILE, and in while loop read until EOF, but it doesn't work, because I cannot simply treat fp as FILE.
No, because it's not a FILE. (You also get a pcap_t * from pcap_open_live() or from a pcap_create()/pcap_activate() combination, but that gives you a handle for a live capture, not for a file.)
Also I don't see any possibility to pass pointer to pcap_handler to retrieve it later.
The fourth argument to pcap_loop() is passed as the first argument to pcap_handler, so you could do
pcap_loop(fp, 0, dispatcher_handler, pointer);
and then, in dispatcher_handler(), cast temp1 to the appropriate type and use it - it'll point to the same thing that pointer does.
Related
I have a relatively simple web server I have written in C++. It works fine for serving text/html pages, but the way it is written it seems unable to send binary data and I really need to be able to send images.
I have been searching and searching but can't find an answer specific to this question which is written in real C++ (fstream as opposed to using file pointers etc.) and whilst this kind of thing is necessarily low level and may well require handling bytes in a C style array I would like the the code to be as C++ as possible.
I have tried a few methods, this is what I currently have:
int sendFile(const Server* serv, const ssocks::Response& response, int fd)
{
// some other stuff to do with headers etc. ........ then:
// open file
std::ifstream fileHandle;
fileHandle.open(serv->mBase + WWW_D + resource.c_str(), std::ios::binary);
if(!fileHandle.is_open())
{
// error handling code
return -1;
}
// send file
ssize_t buffer_size = 2048;
char buffer[buffer_size];
while(!fileHandle.eof())
{
fileHandle.read(buffer, buffer_size);
status = serv->mSock.doSend(buffer, fd);
if (status == -1)
{
std::cerr << "Error: socket error, sending file\n";
return -1;
}
}
return 0
}
And then elsewhere:
int TcpSocket::doSend(const char* message, int fd) const
{
if (fd == 0)
{
fd = mFiledes;
}
ssize_t bytesSent = send(fd, message, strlen(message), 0);
if (bytesSent < 1)
{
return -1;
}
return 0;
}
As I say, the problem is that when the client requests an image it won't work. I get in std::cerr "Error: socket error sending file"
EDIT : I got it working using the advice in the answer I accepted. For completeness and to help those finding this post I am also posting the final working code.
For sending I decided to use a std::vector rather than a char array. Primarily because I feel it is a more C++ approach and it makes it clear that the data is not a string. This is probably not necessary but a matter of taste. I then counted the bytes read for the stream and passed that over to the send function like this:
// send file
std::vector<char> buffer(SEND_BUFFER);
while(!fileHandle.eof())
{
fileHandle.read(&buffer[0], SEND_BUFFER);
status = serv->mSock.doSend(&buffer[0], fd, fileHandle.gcount());
if (status == -1)
{
std::cerr << "Error: socket error, sending file\n";
return -1;
}
}
Then the actual send function was adapted like this:
int TcpSocket::doSend(const char* message, int fd, size_t size) const
{
if (fd == 0)
{
fd = mFiledes;
}
ssize_t bytesSent = send(fd, message, size, 0);
if (bytesSent < 1)
{
return -1;
}
return 0;
}
The first thing you should change is the while (!fileHandle.eof()) loop, because that will not work as you expect it to, in fact it will iterate once too many because the eof flag isn't set until after you try to read from beyond the end of the file. Instead do e.g. while (fileHandle.read(...)).
The second thing you should do is to check how many bytes was actually read from the file, and only send that amount of bytes.
Lastly, you read binary data, not text, so you can't use strlen on the data you read from the file.
A little explanations of the binary file problem: As you should hopefully know, C-style strings (the ones you use strlen to get the length of) are terminated by a zero character '\0' (in short, a zero byte). Random binary data can contain lots of zero bytes anywhere inside it, and it's a valid byte and doesn't have any special meaning.
When you use strlen to get the length of binary data there are two possible problems:
There's a zero byte in the middle of the data. This will cause strlen to terminate early and return the wrong length.
There's no zero byte in the data. That will cause strlen to go beyond the end of the buffer to look for the zero byte, leading to undefined behavior.
I wrote the following code to capture packets; but, it actually save the last packet.
process_Packet(const struct pcap_pkthdr *header,
const u_char * packet)
{
FILE* pFile = NULL;
pFile = fopen ("myfile.pcap" , "wb"); // open for writing in binary mode
pcap_dumper_t * dumpfile = pcap_dump_fopen(pcap_handle,pFile);
if (dumpfile == NULL)
{
printf("***NOOOO Dump!!!!!!!***");
}
else
{
pcap_dump((unsigned char *) dumpfile, header, packet);
printf("***Dumped!!!!!!!***");
}
pcap_dump_close(dumpfile);
}
I want to write a code that collect packets and append the new packet to previous ones.
I should say that fopen("...", "ab") corrupts the file and doesn't work.
pcap_dump_fopen writes some initialization headers, so it should be called only once on empty file. After file with headers created you actually can pass FILE* instance opened in append mode to pcap_dump directly casted to unsigned char *. But it is not safe approach - better at least write all required fields yourself (it's like 10 lines anyway) since function implementation may change in the future and file format will not. And I don't really understand why you would like to reopen file on every packet dumped. If you want to ensure all data is written you can just call fflush.
Hi I am trying to read this text using a file input stream or some sort:
E^#^#<a^R#^##^FÌø<80>è^AÛ<80>è ^F \^DÔVn3Ï^#^#^#^# ^B^VÐXâ^#^#^B^D^E´^D^B^H
IQRÝ^#^#^#^#^A^C^C^GE^#^#<^#^##^##^F.^K<80>è ^F<80>è^AÛ^DÔ \»4³ÕVn3Ð ^R^V J ^#^#^B^D^E´^D^B^H
^#g<9f><86>IQRÝ^A^C^C^GE^#^#4a^S#^##^FÌÿ<80>è^AÛ<80>è ^F \^DÔVn3л4³Ö<80>^P^#.<8f>F^#^#^A^A^H
IQRÞ^#g<9f><86>E^#^A±,Q#^##^F^#E<80>è ^F<80>è^AÛ^DÔ \»4³ÖVn3Ð<80>^X^#.^NU^#^#^A^A^H
^#g<9f><87>
Here's the code I tried to read it with, but I am getting a bunch of 0s.
#include <stdio.h> /* required for file operations */
int main(int argc, char *argv[]){
int n;
FILE *fr;
unsigned char c;
if (argc != 2) {
perror("Usage: summary <FILE>");
return 1;
}
fr = fopen (argv[1], "rt"); /* open the file for reading */
while (1 == 1){
read(fr, &c, sizeof(c));
printf("<0x%x>\n", c);
}
fclose(fr); /* close the file prior to exiting the routine */
}
What's wrong with my code? I think I am not reading the file correctly.
You're using fopen() to open your file, which returns a FILE *, and read() to read it, which takes an int. You need to either use open() and read() together, or fopen() and fread(). You can't mix these together.
To clarify, fopen() and fread() make use of FILE pointers, which are a different way to access and a different abstraction than straight-up file descriptors. open() and read() make use of "raw" file descriptors, which are a notion understood by the operating system.
While not related to the program's failure here, your fclose() call must also match. In other words, fopen(), fread(), and fclose(), or open(), read(), and close().
Your's didn't compile for me, but I made a few fixes and it's right as rain ;-)
#include <stdio.h> /* required for file operations */
int main(int argc, char *argv[]){
int n;
FILE *fr;
unsigned char c;
if (argc != 2) {
perror("Usage: summary <FILE>");
return 1;
}
fr = fopen (argv[1], "rt"); /* open the file for reading */
while (!feof(fr)){ // can't read forever, need to stop when reading is done
// my ubuntu didn't have read in stdio.h, but it does have fread
fread(&c, sizeof(c),1, fr);
printf("<0x%x>\n", c);
}
fclose(fr); /* close the file prior to exiting the routine */
}
That doesn't look like text to me. So use the "r" mode to fopen, not "rt".
Also, ^# represents '\0', so you probably will read a bunch of zeros in any case. But not ALL zeros.
I got lzo library to use in our application. The version was provided is 1.07.
They have given me .lib along with some header file and some .c source files.
I have setup test environment as per specs. I am able to see lzo routine functions in my application.
Here is my test application
#include "stdafx.h"
#include "lzoconf.h"
#include "lzo1z.h"
#include <stdlib.h>
int _tmain(int argc, _TCHAR* argv[])
{
FILE * pFile;
long lSize;
unsigned char *i_buff;
unsigned char *o_buff;
int i_len,e = 0;
unsigned int o_len;
size_t result;
//data.txt have a single compressed packet
pFile = fopen("data.txt","rb");
if (pFile==NULL)
return -1;
// obtain file size:
fseek (pFile , 0 , SEEK_END);
lSize = ftell (pFile);
rewind (pFile);
// allocate memory to contain the whole file:
i_buff = (unsigned char*) malloc (sizeof(char)*lSize);
if (i_buff == NULL)
return -1;
// copy the file into the buffer:
result = fread (i_buff,1,lSize,pFile);
if (result != lSize)
return -1;
i_len = lSize;
o_len = 512;
// allocate memory for output buffer
o_buff = (unsigned char*) malloc(sizeof(char)*o_len);
if (o_buff == NULL)
return -1;
lzo_memset(o_buff,0,o_len);
lzo1z_decompress(i_buff,i_len,o_buff,&o_len,NULL);
return 0;
}
It gives access violation on last line.
lzo1z_decompress(i_buff,i_len,o_buff,&o_len,NULL);
in provided library signature for above functiion is
lzo1z_decompress ( const lzo_byte *src, lzo_uint src_len,
lzo_byte *dst, lzo_uint *dst_len,
lzo_voidp wrkmem /* NOT USED */ );
What is wrong?
Are you sure 512 bytes is big enough for the decompressed data? You shouldn't be using an arbitrary value, but rather you should have stowed away the original size somewhere as a header when your file was compressed:
LZO Decompression Buffer Size
You should probably make your data types match the interface spec (e.g. o_len should be a lzo_uint...you're passing an address so the actual underlying type matters).
Beyond that, it's open source. So why don't you build lzo with debug info and step into it to see where the problem is?
http://www.oberhumer.com/opensource/lzo/
Thans everyone for suggestion and comments.
The problem was with data. I have successfully decomressed it.
I'm using the following code to try to read the results of a df command in Linux using popen.
#include <iostream> // file and std I/O functions
int main(int argc, char** argv) {
FILE* fp;
char * buffer;
long bufSize;
size_t ret_code;
fp = popen("df", "r");
if(fp == NULL) { // head off errors reading the results
std::cerr << "Could not execute command: df" << std::endl;
exit(1);
}
// get the size of the results
fseek(fp, 0, SEEK_END);
bufSize = ftell(fp);
rewind(fp);
// allocate the memory to contain the results
buffer = (char*)malloc( sizeof(char) * bufSize );
if(buffer == NULL) {
std::cerr << "Memory error." << std::endl;
exit(2);
}
// read the results into the buffer
ret_code = fread(buffer, 1, sizeof(buffer), fp);
if(ret_code != bufSize) {
std::cerr << "Error reading output." << std::endl;
exit(3);
}
// print the results
std::cout << buffer << std::endl;
// clean up
pclose(fp);
free(buffer);
return (EXIT_SUCCESS);
}
This code is giving me a "Memory error" with an exit status of '2', so I can see where it's failing, I just don't understand why.
I put this together from example code that I found on Ubuntu Forums and C++ Reference, so I'm not married to it. If anyone can suggest a better way to read the results of a system() call, I'm open to new ideas.
EDIT to the original: Okay, bufSize is coming up negative, and now I understand why. You can't randomly access a pipe, as I naively tried to do.
I can't be the first person to try to do this. Can someone give (or point me to) an example of how to read the results of a system() call into a variable in C++?
You're making this all too hard. popen(3) returns a regular old FILE * for a standard pipe file, which is to say, newline terminated records. You can read it with very high efficiency by using fgets(3) like so in C:
#include <stdio.h>
char bfr[BUFSIZ] ;
FILE * fp;
// ...
if((fp=popen("/bin/df", "r")) ==NULL) {
// error processing and return
}
// ...
while(fgets(bfr,BUFSIZ,fp) != NULL){
// process a line
}
In C++ it's even easier --
#include <cstdio>
#include <iostream>
#include <string>
FILE * fp ;
if((fp= popen("/bin/df","r")) == NULL) {
// error processing and exit
}
ifstream ins(fileno(fp)); // ifstream ctor using a file descriptor
string s;
while (! ins.eof()){
getline(ins,s);
// do something
}
There's some more error handling there, but that's the idea. The point is that you treat the FILE * from popen just like any FILE *, and read it line by line.
Why would std::malloc() fail?
The obvious reason is "because std::ftell() returned a negative signed number, which was then treated as a huge unsigned number".
According to the documentation, std::ftell() returns -1 on failure. One obvious reason it would fail is that you cannot seek in a pipe or FIFO.
There is no escape; you cannot know the length of the command output without reading it, and you can only read it once. You have to read it in chunks, either growing your buffer as needed or parsing on the fly.
But, of course, you can simply avoid the whole issue by directly using the system call df probably uses to get its information: statvfs().
(A note on terminology: "system call" in Unix and Linux generally refers to calling a kernel function from user-space code. Referring to it as "the results of a system() call" or "the results of a system(3) call" would be clearer, but it would probably be better to just say "capturing the output of a process.")
Anyway, you can read a process's output just like you can read any other file. Specifically:
You can start the process using pipe(), fork(), and exec(). This gives you a file descriptor, then you can use a loop to read() from the file descriptor into a buffer and close() the file descriptor once you're done. This is the lowest level option and gives you the most control.
You can start the process using popen(), as you're doing. This gives you a file stream. In a loop, you can read using from the stream into a temporary variable or buffer using fread(), fgets(), or fgetc(), as Zarawesome's answer demonstrates, then process that buffer or append it to a C++ string.
You can start the process using popen(), then use the nonstandard __gnu_cxx::stdio_filebuf to wrap that, then create an std::istream from the stdio_filebuf and treat it like any other C++ stream. This is the most C++-like approach. Here's part 1 and part 2 of an example of this approach.
I'm not sure you can fseek/ftell pipe streams like this.
Have you checked the value of bufSize ? One reason malloc be failing is for insanely sized buffers.
Thanks to everyone who took the time to answer. A co-worker pointed me to the ostringstream class. Here's some example code that does essentially what I was attempting to do in the original question.
#include <iostream> // cout
#include <sstream> // ostringstream
int main(int argc, char** argv) {
FILE* stream = popen( "df", "r" );
std::ostringstream output;
while( !feof( stream ) && !ferror( stream ))
{
char buf[128];
int bytesRead = fread( buf, 1, 128, stream );
output.write( buf, bytesRead );
}
std::string result = output.str();
std::cout << "<RESULT>" << std::endl << result << "</RESULT>" << std::endl;
return (0);
}
To answer the question in the update:
char buffer[1024];
char * line = NULL;
while ((line = fgets(buffer, sizeof buffer, fp)) != NULL) {
// parse one line of df's output here.
}
Would this be enough?
First thing to check is the value of bufSize - if that happens to be <= 0, chances are that malloc returns a NULL as you're trying to allocate a buffer of size 0 at that point.
Another workaround would be to ask malloc to provide you with a buffer of the size (bufSize + n) with n >= 1, which should work around this particular problem.
That aside, the code you posted is pure C, not C++, so including is overdoing it a little.
check your bufSize. ftell can return -1 on error, and this can lead to nonallocation by malloc with buffer having a NULL value.
The reason for the ftell to fail is, because of the popen. You cant search pipes.
Pipes are not random access. They're sequential, which means that once you read a byte, the pipe is not going to send it to you again. Which means, obviously, you can't rewind it.
If you just want to output the data back to the user, you can just do something like:
// your file opening code
while (!feof(fp))
{
char c = getc(fp);
std::cout << c;
}
This will pull bytes out of the df pipe, one by one, and pump them straight into the output.
Now if you want to access the df output as a whole, you can either pipe it into a file and read that file, or concatenate the output into a construct such as a C++ String.