阅读PCAP文件列表

Question

任何人都可以在一次打开PCAP文件列表中体验并将PCAP文件列表输出到一个输出文件？例如，我有1.pcap，2.pcap和3.pcap，我想对1.pcap，2.pcap和3.pcap做一些处理，然后将结果合并到一个输出pcap文件（output.pcap ）。以下是我的代码现在：

static pcap_t *input = NULL; 
input = pcap_open_offline(packet_path, errbuf); 
if (input == NULL){exit(0);} 
pktMatch = pcap_dump_open(input, "-"); 
/*Do some processing, eg to find an IP*/ 
compareIP=true; 
if (compareIP){ 
    pcap_dump(pktMatch, &pktHeader, pktData); 
    continue; 
} 

上面的代码可以用于读取单个输入PCAP文件的工作。问题：如果我想修改此代码以便它可以在单个pcap_open_offline（）方法中打开文件列表（1.pcap，2.pcap，3.pcap），那么我需要更改哪些内容？任何专家想提供意见？谢谢

Answer 1

这里有一些伪代码;把它变成真实的代码是你的工作：

for (all files) { 
    new pcap = pcap_open_offline(the file, errbuf); 
    if (new pcap == NULL) { 
     fprintf(stderr, "Opening \"%s\" failed: %s\n", the file, errbuf); 
     exit(1); 
    } 
    add new pcap to the list of pcaps to read; 
} 
mark all files as not having a packet yet; 
for (;;) { 
    for (all open files) { 
     if (the file doesn't have a packet yet) 
      read a packet from the file and make it that file's current packet; 
    } 
    packet time = nothing; 
    for (all files) { 
     /* note: "nothing" is older than all possible times */ 
     if (that file's packet's time is newer than packet time) { 
      make that file's packet the one to process next; 
      packet time = that packet's time; 
     } 
    } 
    /*Do some processing on the packet we selected, eg to find an IP*/ 
    if (compareIP) 
     pcap_dump(pktMatch, &pktHeader, pktData); 
    mark the file whose packet we selected as not having a packet yet; 
}