From 00d52aa37ba3ba6635d8fc58d9513909a5435161 Mon Sep 17 00:00:00 2001 From: Přemysl Janouch Date: Tue, 7 Feb 2017 16:29:08 +0100 Subject: pcap.lua: fix decoding Which didn't work before at all. --- plugins/pcap.lua | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/plugins/pcap.lua b/plugins/pcap.lua index edbd338..aaa713c 100644 --- a/plugins/pcap.lua +++ b/plugins/pcap.lua @@ -152,9 +152,9 @@ local decode = function (c) local p, vmajor, vminor = c.position, c:u16 (), c:u16 () c (p, c.position - 1):mark ("PCAP version: %d.%d", vmajor, vminor) - local zone = c:i32 ("UTC to local TZ correction: %d seconds") + local zone = c:s32 ("UTC to local TZ correction: %d seconds") local sigfigs = c:u32 ("timestamp accuracy") - local snaplen = c:u32 ("max. length of captured packets") + local snaplen = c:u32 ("max. length of captured packets: %d") local network = c:u32 ("data link type: %s", function (u32) name = link_types[u32] @@ -164,19 +164,19 @@ local decode = function (c) local i = 0 while not c.eof do - c (c.position, c.position + 23):mark ("PCAP record %d header", i) - i = i + 1 + c (c.position, c.position + 15):mark ("PCAP record %d header", i) - local p, ts_sec, ts_usec = p, c:u32 (), c:u32 () + local p, ts_sec, ts_usec = c.position, c:u32 (), c:u32 () c (p, c.position - 1):mark ("timestamp: %s.%06d", - os.date ("!%F %T", ts_sec + zonen), ts_usec) - local incl_len = c:u32 ("included record length") - local orig_len = c:u32 ("original record length") + os.date ("!%F %T", ts_sec + zone), ts_usec) + local incl_len = c:u32 ("included record length: %d") + local orig_len = c:u32 ("original record length: %d") local p = c.position c.position = c.position + incl_len -- TODO: also decode record contents as per the huge table c (p, c.position - 1):mark ("PCAP record %d data", i) + i = i + 1 end end -- cgit v1.2.3-70-g09d2