Fixed bugs with packet matcher matching non-keystroke packets.

src/common/Makefile

@@ -9,7 +9,7 @@ ODIR=obj
 default: $(TARGETS)
 
 libtimecap.a: $(ODIR)/timecap.o
-	$(AR) $(ARFLAGS) $<
+	$(AR) $(ARFLAGS) $@ $<
 
 $(ODIR)/timecap.o: timecap.c timecap.h $(ODIR)
 	$(CC) -c $(CCFLAGS) $< -o $@

src/packet-matcher/getPackets.c

@@ -19,7 +19,7 @@
 #define FLAG_SHORT_DIFF "-d"
 #define FLAG_LONG_DIFF  "--diff"
 
-#define FILTER_KEY_PKT "tcp[13] & 8 == 8 and len == 102 and dst port 22"
+#define FILTER_KEY_PKT "tcp[13] & 8 == 8 and dst port 22"
 
 /* Format of keylog lines in log file.
  * 4 = the fd SSH reads user input from (don't know why it isn't 0 but it isn't)
@@ -233,19 +233,21 @@ void print_keystroke(Keystroke key) {
 void match_packets_to_keys(TimeCap* cap, FILE* keylog) {
   struct bpf_program filter;
   struct pcap_pkthdr header;
-  Keystroke key;
+  Keystroke key = get_next_key(keylog);
   Packet* data;
   int err = pcap_compile(cap->pcap, &filter, FILTER_KEY_PKT, true,
                          PCAP_NETMASK_UNKNOWN);
   check_error_pcap(err == -1, cap->pcap, NULL);
   pcap_setfilter(cap->pcap, &filter);
   while ((data = (Packet*) pcap_next(cap->pcap, &header)) != NULL) {
-    key = get_next_key(keylog);
-    key.packetTime = header.ts;
-    key.packetId = data->id;
-    print_keystroke(key);
-    free(key.input);
-  }  
+    if (timercmp(&header.ts, &key.time, >)) {
+      key.packetTime = header.ts;
+      key.packetId = data->id;
+      print_keystroke(key);
+      free(key.input);
+      key = get_next_key(keylog);
+    }
+  }
   pcap_freecode(&filter);
 }