Optional tools and extensions for working with pcaps.

sam-github · sam-github · commit 4788c919eeef · 2012-04-17T13:30:48.000-07:00
diff --git a/Makefile b/Makefile
@@ -16,11 +16,21 @@ prefix=/usr/local
 
 SODIR = $(DESTDIR)/$(prefix)/lib/lua/5.1/
 
+LIBDIR = $(DESTDIR)/$(prefix)/share/lua/5.1/
+BINDIR = $(DESTDIR)/$(prefix)/bin/
+
 .PHONY: install
 install: $(BINDING)
 	mkdir -p $(SODIR)
 	install -t $(SODIR) $(BINDING)
 
+.PHONY: install-all
+install-all: install
+	mkdir -p $(LIBDIR)
+	mkdir -p $(BINDIR)
+	install -t $(LIBDIR) pcapx.lua
+	install -t $(BINDIR) pcap-recode pcap-dump pcap-split
+
 CWARNS = -Wall \
   -pedantic \
   -Wcast-align \
diff --git a/netutil.lua b/netutil.lua
@@ -72,30 +72,6 @@ function assertmostlyeql(threshold, s0, s1)
   assert(diff <= threshold, diff.." is less than threshold "..threshold)
 end
 
-function pcaprecode(incap, outcap)
-    if not outcap then
-        outcap = "recoded-"..incap
-    end
-    os.remove(outcap)
-
-    local cap = assert(pcap.open_offline(incap))
-    local dmp = assert(cap:dump_open(outcap))
-    local n = assert(net.init())
-    local i = 0
-    for pkt, time, len in cap.next, cap do
-        i = i + 1
-        print("packet", i, "wirelen", len, "timestamp", time, os.date("!%c", time))
-        assert(n:clear())
-        assert(n:decode_eth(pkt))
-        assert(dmp:dump(n:block(), time, len))
-        --print(n:dump())
-    end
-    dmp:close()
-    cap:close()
-    n:destroy()
-    return outcap
-end
-
 function assertpcapsimilar(threshold, file0, file1)
     local n0 = assert(net.init())
     local n1 = assert(net.init())
diff --git a/pcap-recode b/pcap-recode
@@ -1,6 +1,6 @@
 #!/usr/bin/env lua
 
-require"netutil"
+require"pcapx"
 
-pcaprecode(arg[1], arg[2])
+pcap.recode(arg[1], arg[2])
 
diff --git a/pcapx.lua b/pcapx.lua
@@ -0,0 +1,52 @@
+--[[-
+pcapx - extensions to pcap
+
+]]
+
+require"pcap"
+require"net"
+
+local function NOP()
+end
+
+--[[-
+- pcap.recode(incap, outcap, progress, debug)
+
+- incap, name of input pcap
+- outcap, name of output pcap, default to "recoded-"..incap
+- progress, pass print-like function to receive progress messages,
+  defaults to no progress
+- debug, as above, but for debug output
+
+Re-encode file.pcap as recoded-file.pcap, using print()
+to report progress:
+
+  pcap.recode("file.pcap", nil, print)
+]]
+function pcap.recode(incap, outcap, progress, debug)
+    progress = progress or NOP
+    debug = debug or NOP
+
+    if not outcap then
+        outcap = "recoded-"..incap
+    end
+    os.remove(outcap)
+
+    local cap = assert(pcap.open_offline(incap))
+    local dmp = assert(cap:dump_open(outcap))
+    local n = assert(net.init())
+    local i = 0
+    for pkt, time, len in cap.next, cap do
+        i = i + 1
+        progress("packet", i, "wirelen", len, "timestamp", time, os.date("!%c", time))
+        assert(n:clear())
+        assert(n:decode_eth(pkt))
+        assert(dmp:dump(n:block(), time, len))
+        debug(n:dump())
+    end
+    dmp:close()
+    cap:close()
+    n:destroy()
+    return outcap
+end
+
