读取PCAP文件列表

Question

这里的任何人都有在一次打开PCAP文件列表并将PCAP文件列表输出到一个输出文件的经验吗？例如，我有1.pcap、2.pcap和3.pcap，我想对1.pcap、2.pcap和3.pcap进行一些处理，然后将结果组合到一个输出pcap文件(output.pcap)中。以下是我目前的代码：

static pcap_t *input = NULL;
input = pcap_open_offline(packet_path, errbuf);
if (input == NULL){exit(0);}
pktMatch = pcap_dump_open(input, "-");
/*Do some processing, eg to find an IP*/
compareIP=true;
if (compareIP){
    pcap_dump(pktMatch, &pktHeader, pktData);
    continue;
}

上面的代码可以用于读取单个输入pcap文件。问:如果我想修改这段代码，以便它可以在单个pcap_open_offline()方法中打开一个文件列表(1.pcap，2.pcap，3.pcap)，我需要更改什么？有没有专家能给点建议？谢谢

Answer 1

下面是一些伪代码；将其转换为真正的代码是您的工作：

for (all files) {
    new pcap = pcap_open_offline(the file, errbuf);
    if (new pcap == NULL) {
        fprintf(stderr, "Opening \"%s\" failed: %s\n", the file, errbuf);
        exit(1);
    }
    add new pcap to the list of pcaps to read;
}
mark all files as not having a packet yet;
for (;;) {
    for (all open files) {
        if (the file doesn't have a packet yet)
            read a packet from the file and make it that file's current packet;
    }
    packet time = nothing;
    for (all files) {
        /* note: "nothing" is older than all possible times */
        if (that file's packet's time is newer than packet time) {
            make that file's packet the one to process next;
            packet time = that packet's time;
        }
    }
    /*Do some processing on the packet we selected, eg to find an IP*/
    if (compareIP)
        pcap_dump(pktMatch, &pktHeader, pktData);
    mark the file whose packet we selected as not having a packet yet;
}