From ba8617f0400efe47931495fc3f2502f24161dd4b Mon Sep 17 00:00:00 2001
From: kardam <netkardam@gmail.com>
Date: Sun, 14 Sep 2014 03:01:05 +0200
Subject: [PATCH] Add -I option in editcap to extend Duplicate packet removal
 Description: Ignore the specified bytes number at the beginning of the frame
 during MD5 hash calculation. Useful to remove duplicated packets taken on
 several routers or SW(differents mac addresses for example). e.g. -I 26 in
 case of Ether/IP/ will ignore ether(14) and IP header(20 - 4(src ip) - 4(dst
 ip)). The default value is 0. This option is only relevant when used with
 -d|-D|-w

Bug: 8511
Change-Id: I009a09d32778a182b2d88f372651f658a4938882
Reviewed-on: https://code.wireshark.org/review/4104
Tested-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
---
 doc/editcap.pod |  8 ++++++++
 editcap.c       | 38 +++++++++++++++++++++++++++++++++++---
 2 files changed, 43 insertions(+), 3 deletions(-)

diff --git a/doc/editcap.pod b/doc/editcap.pod
index f8efcb774d..bd5ea6913a 100644
--- a/doc/editcap.pod
+++ b/doc/editcap.pod
@@ -30,6 +30,7 @@ S< B<-d> > |
 S< B<-D> E<lt>dup windowE<gt> > |
 S< B<-w> E<lt>dup time windowE<gt> >
 S<[ B<-v> ]>
+S<[ B<-I> E<lt>bytes to ignoreE<gt> ]>
 I<infile>
 I<outfile>
 
@@ -165,6 +166,13 @@ be created with a suffix -nnnnn, starting with 00000. If packets for the specifi
 time interval are written to the output file, the next output file is
 opened. The default is to use a single output file.
 
+=item -I  E<lt>bytes to ignoreE<gt>
+
+Ignore the specified bytes number at the beginning of the frame during MD5 hash calculation
+Useful to remove duplicated packets taken on several routers(differents mac addresses for example)
+e.g. -I 26 in case of Ether/IP/ will ignore ether(14) and IP header(20 - 4(src ip) - 4(dst ip)).
+The default value is 0.
+
 =item -L
 
 Adjust the original frame length accordingly when chopping and/or snapping
diff --git a/editcap.c b/editcap.c
index 7d0381cdcc..2c7ca66128 100644
--- a/editcap.c
+++ b/editcap.c
@@ -121,6 +121,8 @@ static fd_hash_t fd_hash[MAX_DUP_DEPTH];
 static int       dup_window    = DEFAULT_DUP_DEPTH;
 static int       cur_dup_entry = 0;
 
+static int       ignored_bytes  = 0;  /* Used with -I */
+
 #define ONE_MILLION    1000000
 #define ONE_BILLION 1000000000
 
@@ -540,13 +542,20 @@ is_duplicate(guint8* fd, guint32 len) {
     int i;
     md5_state_t ms;
 
+    /*Hint to ignore some bytes at the start of the frame for the digest calculation(-I option) */
+    guint32 new_len;
+    guint8 *new_fd;
+
+    new_fd  = &fd[ignored_bytes];
+    new_len = len - (ignored_bytes);
+
     cur_dup_entry++;
     if (cur_dup_entry >= dup_window)
         cur_dup_entry = 0;
 
     /* Calculate our digest */
     md5_init(&ms);
-    md5_append(&ms, fd, len);
+    md5_append(&ms, new_fd, new_len);
     md5_finish(&ms, fd_hash[cur_dup_entry].digest);
 
     fd_hash[cur_dup_entry].len = len;
@@ -570,13 +579,20 @@ is_duplicate_rel_time(guint8* fd, guint32 len, const nstime_t *current) {
     int i;
     md5_state_t ms;
 
+    /*Hint to ignore some bytes at the start of the frame for the digest calculation(-I option) */
+    guint32 new_len;
+    guint8 *new_fd;
+
+    new_fd  = &fd[ignored_bytes];
+    new_len = len - (ignored_bytes);
+
     cur_dup_entry++;
     if (cur_dup_entry >= dup_window)
         cur_dup_entry = 0;
 
     /* Calculate our digest */
     md5_init(&ms);
-    md5_append(&ms, fd, len);
+    md5_append(&ms, new_fd, new_len);
     md5_finish(&ms, fd_hash[cur_dup_entry].digest);
 
     fd_hash[cur_dup_entry].len = len;
@@ -710,6 +726,14 @@ print_usage(FILE *output)
     fprintf(output, "                         A <dup time window> is specified in relative seconds\n");
     fprintf(output, "                         (e.g. 0.000001).\n");
     fprintf(output, "\n");
+    fprintf(output, "  -I <bytes to ignore>   ignore the specified bytes at the beginning of\n");
+    fprintf(output, "                         the frame during MD5 hash calculation\n");
+    fprintf(output, "                         Useful to remove duplicated packets taken on\n");
+    fprintf(output, "                         several routers(differents mac addresses for \n");
+    fprintf(output, "                         example)\n");
+    fprintf(output, "                         e.g. -I 26 in case of Ether/IP/ will ignore \n");
+    fprintf(output, "                         ether(14) and IP header(20 - 4(src ip) - 4(dst ip)).\n");
+    fprintf(output, "\n");
     fprintf(output, "           NOTE: The use of the 'Duplicate packet removal' options with\n");
     fprintf(output, "           other editcap options except -v may not always work as expected.\n");
     fprintf(output, "           Specifically the -r, -t or -S options will very likely NOT have the\n");
@@ -960,7 +984,7 @@ main(int argc, char *argv[])
 #endif
 
     /* Process the options */
-    while ((opt = getopt_long(argc, argv, "A:B:c:C:dD:E:F:hi:Lrs:S:t:T:vVw:", long_options, NULL)) != -1) {
+    while ((opt = getopt_long(argc, argv, "A:B:c:C:dD:E:F:hi:I:Lrs:S:t:T:vVw:", long_options, NULL)) != -1) {
         switch (opt) {
         case 'A':
         {
@@ -1108,6 +1132,14 @@ main(int argc, char *argv[])
             }
             break;
 
+        case 'I': /* ignored_bytes at the beginning of the frame for duplications removal */
+            ignored_bytes = atoi(optarg);
+            if(ignored_bytes <= 0) {
+                fprintf(stderr, "editcap: \"%s\" isn't a valid number of bytes to ignore\n", optarg);
+                exit(1);
+            }
+            break;
+
         case 'L':
             adjlen = TRUE;
             break;