修复sapp在线捕包模式下使用-o参数偏移两次的bug.v1.0.6

1 files changed, 15 insertions, 3 deletions

diff --git a/src/tcpdump.c b/src/tcpdump.c
index c81c866..6b56ed9 100644
--- a/src/tcpdump.c
+++ b/src/tcpdump.c
@@ -57,7 +57,7 @@ static int has_bpf_filter_flag = 0; /* 是否有正确的BPF过滤条件 */
 extern int treat_vlan_as_mac_in_mac_sw;
 static short pkt_classify_flag = 0;
 static char pkt_classify_watermark_sw = 0;
-
+int tcpdump_r_offline_mode = 0; /* 从pcap文件里读包, 而不是来源于sapp, 主要是应对有-o参数时处理模式不一样 */
 #endif
 
 #ifndef lint
@@ -1778,6 +1778,7 @@ main(int argc, char **argv)
 			RFileName = optarg;
 #if MESA_DUMP
 			has_device_flag = 1;
+			tcpdump_r_offline_mode = 1;
 #endif
 			break;
 
@@ -3050,7 +3051,12 @@ dump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
 	++packets_captured;
 
 	++infodelay;
-	if(tcpdump_data_offset > 0)
+	/*
+		sapp内部也处理了-o参数, 通过udp socket输出的包已经跳过了前面的offset字节, 
+		此时再跳过offset就重复偏移两次了,
+		所以要判断一下tcpdump_r_offline_mode.
+	*/	
+	if((tcpdump_data_offset > 0) && (tcpdump_r_offline_mode != 0))
 	{
 			pcap_dump(user, h, sp+tcpdump_data_offset);
 	}
@@ -3133,7 +3139,13 @@ print_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
 	++packets_captured;
 
 	++infodelay;
-	if(tcpdump_data_offset > 0)
+
+	/*
+		sapp内部也处理了-o参数, 通过udp socket输出的包已经跳过了前面的offset字节, 
+		此时再跳过offset就重复偏移两次了,
+		所以要判断一下tcpdump_r_offline_mode.
+	*/
+	if((tcpdump_data_offset > 0) && (tcpdump_r_offline_mode != 0))
 	{
 		pretty_print_packet((netdissect_options *)user, h, sp+tcpdump_data_offset, packets_captured);
 	}