/*
 * Author: Bobby R. Vandalore (vandalor@cse.ohio-state.edu)
 *
 *      The Ohio State University
 *     
 * These set of routines are useful in reading the Ethernet packet data
 * recorded using 'tcpdump' program. For actual format of the trace file
 * see the documentation with 'tcpdump'.
 *
 * Date: 30 April 1997
 *
 */

#include <stdio.h>
#include <string.h>
#include <sys/time.h>


#define ETH_ADDR_LEN 6   /* Ethernet address length */
#define IP_ADDR_LEN  4   /* IP address length */
#define IP_ADDR_SKIP 12  /* IP addresses are from 12 byte of ip header */
#define HEADER_LEN   (6+6+2+IP_ADDR_SKIP+4+4) 
                         /* 34 byte of header info of record */

#define IP_TYPE (0x0800) /* 0x0800 is the value of type field for IP packets */

typedef struct timeval TimeStamp;
/* uncomment these if necessary.
  typedef unsigned char  u_char;
  typedef unsigned short u_short;
  typedef unsigned long  u_long;
*/

typedef struct {
  TimeStamp ts;            /* time stamp */
  int       pkt_len;       /* Ethernet packet length */
  int       rec_len;       /* record length */
  u_char    src_eaddr[ETH_ADDR_LEN];
                           /* source Ethernet address */
  u_char    dst_eaddr[ETH_ADDR_LEN];
                           /* destination Ethernet address */
  u_short   type;          /* type field */
  u_char    src_ip_addr[IP_ADDR_LEN]; 
                           /* source IP address (32 bits) */
  u_char    dst_ip_addr[IP_ADDR_LEN];   
                           /* destination IP address (32 bits) */
  u_short   src_tcp_port;	/* source TCP port number */
  u_short   dst_tcp_port;	/* destination TCP port number */     

} DumpRecord;


void ReadRecord(FILE *fp,DumpRecord *dumpRec);
void PrintRecord(DumpRecord *dumpRec);
long ReadLong(FILE *fp);
u_short ReadShort(FILE *fp);

/************************************************************************/
/*									*/
/* ReadRecord() : Reads character at a time and dumps the various       */
/*           fields of the next record.                                 */
/*									*/
/* Returns : None							*/
/*									*/
/************************************************************************/

void ReadRecord(FILE *fp,DumpRecord *dumpRec)
{
  int i;                                /* index variable */

  dumpRec->ts.tv_sec  = ReadLong(fp);   /* reading seconds of time stamp */
  dumpRec->ts.tv_usec = ReadLong(fp);   /* micro seconds of time stamp */

  dumpRec->pkt_len    = ReadLong(fp);   /* ethernet packet length */
  dumpRec->rec_len    = ReadLong(fp);   /* record packet length */

  /* reading destination Ethernet address */
  for (i = 0;i < ETH_ADDR_LEN; i++)
    dumpRec->dst_eaddr[i] = fgetc(fp);

  /* reading source Ethernet address */
  for (i = 0;i < ETH_ADDR_LEN; i++)
    dumpRec->src_eaddr[i] = fgetc(fp);

  dumpRec->type = ReadShort(fp);       /* read Ethernet type field */

  /* skip byte till ip address fields */
  for (i = 0; i < IP_ADDR_SKIP; i++)
    (void)fgetc(fp);

  for (i = 0; i < IP_ADDR_LEN; i++)
    dumpRec->src_ip_addr[i] = fgetc(fp);

  for (i = 0; i < IP_ADDR_LEN; i++)
    dumpRec->dst_ip_addr[i] = fgetc(fp);

  /* CHANGE THIS TO FSEEK!? */
  for (i = 0; i < dumpRec->rec_len - HEADER_LEN; i++)
    (void)fgetc(fp);

}    /* End ReadRecord */


/************************************************************************/
/*									*/
/* PrintRecord() : prints the various of the dump record.               */
/*                 (similar to 'tcpdump -tt -n -e -r filename' output)  */
/*									*/
/* Returns : None							*/
/*									*/
/************************************************************************/

void PrintRecord(DumpRecord *dumpRec)
{
  int i;           /* index variable */

  printf("%lu.%06lu ",dumpRec->ts.tv_sec,dumpRec->ts.tv_usec);  
                                                /* time stamp */

  for (i = 0; i < ETH_ADDR_LEN - 1; i++)        /* src Ethernet address */
    printf("%02x:",dumpRec->src_eaddr[i]);

  printf("%02x ",dumpRec->src_eaddr[i]);

  for (i = 0; i < ETH_ADDR_LEN - 1; i++)        /* dst Ethernet address */
    printf("%02x:",dumpRec->dst_eaddr[i]);

  printf("%02x ",dumpRec->dst_eaddr[i]);

  printf("%04x ",dumpRec->type);                /* Type field */

  printf("%4d: ", dumpRec->pkt_len);             /* packet length */

  if (dumpRec->type != IP_TYPE)
    {
      printf("Not an ip packet\n");
      /* other fields are not interpreted for
	 non-ip packets */
      return ;
    }

  for (i = 0; i < IP_ADDR_LEN - 1; i++)         /* source ip address */
    printf("%d.",dumpRec->src_ip_addr[i]);

  printf("%d > ",dumpRec->src_ip_addr[i]);     

  for (i = 0; i < IP_ADDR_LEN - 1; i++)         /* destination ip address */
    printf("%d.",dumpRec->dst_ip_addr[i]);

  printf("%d\n",dumpRec->dst_ip_addr[i]);

}    /* End PrintRecord */


/************************************************************************/
/*									*/
/* ReadLong() : reads next four bytes from the file and converts it to  */
/*              long and returns it.                                    */
/*									*/
/* Returns : long value                                                 */
/*									*/
/************************************************************************/

long ReadLong(FILE *fp)
{
  unsigned long val;

  val = (u_long)fgetc(fp);
  val = val << 8 | (u_long)fgetc(fp);
  val = val << 8 | (u_long)fgetc(fp);
  val = val << 8 | (u_long)fgetc(fp);

  return (long) val;

}    /* End ReadLong */


/************************************************************************/
/*									*/
/* ReadShort() : reads next two bytes from the file and converts it to  */
/*              short and returns it.                                   */
/*									*/
/* Returns : short value                                                */
/*									*/
/************************************************************************/

u_short ReadShort(FILE *fp)
{
  u_short val;
  val = (u_short)fgetc(fp);
  val = val << 8 | (u_short)fgetc(fp);

  return val;
}    /* End ReadShort */