|
|
@@ -19,7 +19,7 @@
|
|
|
#define FLAG_SHORT_DIFF "-d"
|
|
|
#define FLAG_LONG_DIFF "--diff"
|
|
|
|
|
|
-#define FILTER_KEY_PKT "tcp[13] & 8 == 8 and len == 102 and dst port 22"
|
|
|
+#define FILTER_KEY_PKT "tcp[13] & 8 == 8 and dst port 22"
|
|
|
|
|
|
/* Format of keylog lines in log file.
|
|
|
* 4 = the fd SSH reads user input from (don't know why it isn't 0 but it isn't)
|
|
|
@@ -233,19 +233,21 @@ void print_keystroke(Keystroke key) {
|
|
|
void match_packets_to_keys(TimeCap* cap, FILE* keylog) {
|
|
|
struct bpf_program filter;
|
|
|
struct pcap_pkthdr header;
|
|
|
- Keystroke key;
|
|
|
+ Keystroke key = get_next_key(keylog);
|
|
|
Packet* data;
|
|
|
int err = pcap_compile(cap->pcap, &filter, FILTER_KEY_PKT, true,
|
|
|
PCAP_NETMASK_UNKNOWN);
|
|
|
check_error_pcap(err == -1, cap->pcap, NULL);
|
|
|
pcap_setfilter(cap->pcap, &filter);
|
|
|
while ((data = (Packet*) pcap_next(cap->pcap, &header)) != NULL) {
|
|
|
- key = get_next_key(keylog);
|
|
|
- key.packetTime = header.ts;
|
|
|
- key.packetId = data->id;
|
|
|
- print_keystroke(key);
|
|
|
- free(key.input);
|
|
|
- }
|
|
|
+ if (timercmp(&header.ts, &key.time, >)) {
|
|
|
+ key.packetTime = header.ts;
|
|
|
+ key.packetId = data->id;
|
|
|
+ print_keystroke(key);
|
|
|
+ free(key.input);
|
|
|
+ key = get_next_key(keylog);
|
|
|
+ }
|
|
|
+ }
|
|
|
pcap_freecode(&filter);
|
|
|
}
|
|
|
|
Thomas Flucke