#include "suricata-common.h"#include "log-pcap.h"#include "threads.h"#include "threadvars.h"#include "decode.h"#include "stream.h"#include "stream-tcp-reassemble.h"#include "output.h"#include "util-buffer.h"#include "util-byte.h"#include "util-conf.h"#include "util-cpu.h"#include "util-datalink.h"#include "util-misc.h"#include "util-path.h"#include "util-time.h"
Go to the source code of this file.
Data Structures | |
| struct | PcapFileName_ |
| struct | PcapLogProfileData_ |
| struct | PcapLogCompressionData_ |
| struct | PcapLogData_ |
| struct | PcapLogThreadData_ |
| struct | PcapLogCallbackContext |
Macros | |
| #define | DEFAULT_LOG_FILENAME "pcaplog" |
| #define | MODULE_NAME "PcapLog" |
| #define | MIN_LIMIT 4 * 1024 * 1024 |
| #define | DEFAULT_LIMIT 100 * 1024 * 1024 |
| #define | DEFAULT_FILE_LIMIT 0 |
| #define | LOGMODE_NORMAL 0 |
| #define | LOGMODE_MULTI 1 |
| #define | RING_BUFFER_MODE_DISABLED 0 |
| #define | RING_BUFFER_MODE_ENABLED 1 |
| #define | TS_FORMAT_SEC 0 |
| #define | TS_FORMAT_USEC 1 |
| #define | USE_STREAM_DEPTH_DISABLED 0 |
| #define | USE_STREAM_DEPTH_ENABLED 1 |
| #define | HONOR_PASS_RULES_DISABLED 0 |
| #define | HONOR_PASS_RULES_ENABLED 1 |
| #define | PCAP_SNAPLEN 262144 |
| #define | PCAP_BUFFER_TIMEOUT 1000000 |
| #define | PCAP_PKTHDR_SIZE 16 |
| #define | MAX_TOKS 9 |
| #define | MAX_FILENAMELEN 513 |
| #define | PCAPLOG_PROFILE_START uint64_t pcaplog_profile_ticks = UtilCpuGetTicks() |
| #define | PCAPLOG_PROFILE_END(prof) |
Typedefs | |
| typedef enum LogModeConditionalType_ | LogModeConditionalType |
| typedef struct PcapFileName_ | PcapFileName |
| typedef struct PcapLogProfileData_ | PcapLogProfileData |
| typedef struct PcapLogCompressionData_ | PcapLogCompressionData |
| typedef struct PcapLogData_ | PcapLogData |
| typedef struct PcapLogThreadData_ | PcapLogThreadData |
Functions | |
| SC_ATOMIC_DECLARE (uint32_t, thread_cnt) | |
| void | PcapLogRegister (void) |
| char * | PcapLogGetFilename (void) |
| void | PcapLogProfileSetup (void) |
Variables | |
| thread_local char * | pcap_file_thread = NULL |
Detailed Description
Pcap packet logging module.
Definition in file log-pcap.c.
Macro Definition Documentation
◆ DEFAULT_FILE_LIMIT
| #define DEFAULT_FILE_LIMIT 0 |
Definition at line 63 of file log-pcap.c.
◆ DEFAULT_LIMIT
| #define DEFAULT_LIMIT 100 * 1024 * 1024 |
Definition at line 62 of file log-pcap.c.
◆ DEFAULT_LOG_FILENAME
| #define DEFAULT_LOG_FILENAME "pcaplog" |
Definition at line 59 of file log-pcap.c.
◆ HONOR_PASS_RULES_DISABLED
| #define HONOR_PASS_RULES_DISABLED 0 |
Definition at line 83 of file log-pcap.c.
◆ HONOR_PASS_RULES_ENABLED
| #define HONOR_PASS_RULES_ENABLED 1 |
Definition at line 84 of file log-pcap.c.
◆ LOGMODE_MULTI
| #define LOGMODE_MULTI 1 |
Definition at line 66 of file log-pcap.c.
◆ LOGMODE_NORMAL
| #define LOGMODE_NORMAL 0 |
Definition at line 65 of file log-pcap.c.
◆ MAX_FILENAMELEN
| #define MAX_FILENAMELEN 513 |
Definition at line 114 of file log-pcap.c.
◆ MAX_TOKS
| #define MAX_TOKS 9 |
Definition at line 113 of file log-pcap.c.
◆ MIN_LIMIT
| #define MIN_LIMIT 4 * 1024 * 1024 |
Definition at line 61 of file log-pcap.c.
◆ MODULE_NAME
| #define MODULE_NAME "PcapLog" |
Definition at line 60 of file log-pcap.c.
◆ PCAP_BUFFER_TIMEOUT
| #define PCAP_BUFFER_TIMEOUT 1000000 |
Definition at line 87 of file log-pcap.c.
◆ PCAP_PKTHDR_SIZE
| #define PCAP_PKTHDR_SIZE 16 |
Definition at line 88 of file log-pcap.c.
◆ PCAP_SNAPLEN
| #define PCAP_SNAPLEN 262144 |
Definition at line 86 of file log-pcap.c.
◆ PCAPLOG_PROFILE_END
| #define PCAPLOG_PROFILE_END | ( | prof | ) |
Definition at line 223 of file log-pcap.c.
◆ PCAPLOG_PROFILE_START
| #define PCAPLOG_PROFILE_START uint64_t pcaplog_profile_ticks = UtilCpuGetTicks() |
Definition at line 220 of file log-pcap.c.
◆ RING_BUFFER_MODE_DISABLED
| #define RING_BUFFER_MODE_DISABLED 0 |
Definition at line 74 of file log-pcap.c.
◆ RING_BUFFER_MODE_ENABLED
| #define RING_BUFFER_MODE_ENABLED 1 |
Definition at line 75 of file log-pcap.c.
◆ TS_FORMAT_SEC
| #define TS_FORMAT_SEC 0 |
Definition at line 77 of file log-pcap.c.
◆ TS_FORMAT_USEC
| #define TS_FORMAT_USEC 1 |
Definition at line 78 of file log-pcap.c.
◆ USE_STREAM_DEPTH_DISABLED
| #define USE_STREAM_DEPTH_DISABLED 0 |
Definition at line 80 of file log-pcap.c.
◆ USE_STREAM_DEPTH_ENABLED
| #define USE_STREAM_DEPTH_ENABLED 1 |
Definition at line 81 of file log-pcap.c.
Typedef Documentation
◆ LogModeConditionalType
| typedef enum LogModeConditionalType_ LogModeConditionalType |
◆ PcapFileName
| typedef struct PcapFileName_ PcapFileName |
◆ PcapLogCompressionData
| typedef struct PcapLogCompressionData_ PcapLogCompressionData |
◆ PcapLogData
| typedef struct PcapLogData_ PcapLogData |
PcapLog thread vars
Used for storing file options.
◆ PcapLogProfileData
| typedef struct PcapLogProfileData_ PcapLogProfileData |
◆ PcapLogThreadData
| typedef struct PcapLogThreadData_ PcapLogThreadData |
Enumeration Type Documentation
◆ LogModeConditionalType_
| Enumerator | |
|---|---|
| LOGMODE_COND_ALL | |
| LOGMODE_COND_ALERTS | |
| LOGMODE_COND_TAG | |
Definition at line 67 of file log-pcap.c.
◆ PcapLogCompressionFormat
| Enumerator | |
|---|---|
| PCAP_LOG_COMPRESSION_FORMAT_NONE | |
| PCAP_LOG_COMPRESSION_FORMAT_LZ4 | |
Definition at line 115 of file log-pcap.c.
Function Documentation
◆ PcapLogGetFilename()
| char* PcapLogGetFilename | ( | void | ) |
Definition at line 1766 of file log-pcap.c.
References pcap_file_thread.
◆ PcapLogProfileSetup()
| void PcapLogProfileSetup | ( | void | ) |
Definition at line 1890 of file log-pcap.c.
References ConfGetNode(), and ConfNodeChildValueIsTrue().
◆ PcapLogRegister()
| void PcapLogRegister | ( | void | ) |
Definition at line 210 of file log-pcap.c.
References LOGGER_PCAP, MODULE_NAME, and OutputRegisterPacketModule().
◆ SC_ATOMIC_DECLARE()
| SC_ATOMIC_DECLARE | ( | uint32_t | , |
| thread_cnt | |||
| ) |
Variable Documentation
◆ pcap_file_thread
| thread_local char* pcap_file_thread = NULL |
Definition at line 105 of file log-pcap.c.
Referenced by PcapLogGetFilename().
