suricata
Data Structures | Macros | Typedefs | Enumerations | Functions | Variables
log-pcap.c File Reference
#include "suricata-common.h"
#include "log-pcap.h"
#include "threads.h"
#include "threadvars.h"
#include "decode.h"
#include "stream.h"
#include "stream-tcp-reassemble.h"
#include "output.h"
#include "util-buffer.h"
#include "util-byte.h"
#include "util-conf.h"
#include "util-cpu.h"
#include "util-datalink.h"
#include "util-misc.h"
#include "util-path.h"
#include "util-time.h"
Include dependency graph for log-pcap.c:

Go to the source code of this file.

Data Structures

struct  PcapFileName_
 
struct  PcapLogProfileData_
 
struct  PcapLogCompressionData_
 
struct  PcapLogData_
 
struct  PcapLogThreadData_
 
struct  PcapLogCallbackContext
 

Macros

#define DEFAULT_LOG_FILENAME   "pcaplog"
 
#define MODULE_NAME   "PcapLog"
 
#define MIN_LIMIT   4 * 1024 * 1024
 
#define DEFAULT_LIMIT   100 * 1024 * 1024
 
#define DEFAULT_FILE_LIMIT   0
 
#define LOGMODE_NORMAL   0
 
#define LOGMODE_MULTI   1
 
#define RING_BUFFER_MODE_DISABLED   0
 
#define RING_BUFFER_MODE_ENABLED   1
 
#define TS_FORMAT_SEC   0
 
#define TS_FORMAT_USEC   1
 
#define USE_STREAM_DEPTH_DISABLED   0
 
#define USE_STREAM_DEPTH_ENABLED   1
 
#define HONOR_PASS_RULES_DISABLED   0
 
#define HONOR_PASS_RULES_ENABLED   1
 
#define PCAP_SNAPLEN   262144
 
#define PCAP_BUFFER_TIMEOUT   1000000
 
#define PCAP_PKTHDR_SIZE   16
 
#define PCAP_NETMASK_UNKNOWN   0xffffffff
 
#define MAX_TOKS   9
 
#define MAX_FILENAMELEN   513
 
#define PCAPLOG_PROFILE_START   uint64_t pcaplog_profile_ticks = UtilCpuGetTicks()
 
#define PCAPLOG_PROFILE_END(prof)
 

Typedefs

typedef enum LogModeConditionalType_ LogModeConditionalType
 
typedef struct PcapFileName_ PcapFileName
 
typedef struct PcapLogProfileData_ PcapLogProfileData
 
typedef struct PcapLogCompressionData_ PcapLogCompressionData
 
typedef struct PcapLogData_ PcapLogData
 
typedef struct PcapLogThreadData_ PcapLogThreadData
 

Enumerations

enum  LogModeConditionalType_ { LOGMODE_COND_ALL, LOGMODE_COND_ALERTS, LOGMODE_COND_TAG }
 
enum  PcapLogCompressionFormat { PCAP_LOG_COMPRESSION_FORMAT_NONE, PCAP_LOG_COMPRESSION_FORMAT_LZ4 }
 

Functions

 SC_ATOMIC_DECLARE (uint32_t, thread_cnt)
 
void PcapLogRegister (void)
 
char * PcapLogGetFilename (void)
 
void PcapLogProfileSetup (void)
 

Variables

thread_local char * pcap_file_thread = NULL
 

Detailed Description

Author
William Metcalf Willi.nosp@m.am.M.nosp@m.etcal.nosp@m.f@gm.nosp@m.ail.c.nosp@m.om
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Pcap packet logging module.

Definition in file log-pcap.c.

Macro Definition Documentation

◆ DEFAULT_FILE_LIMIT

#define DEFAULT_FILE_LIMIT   0

Definition at line 63 of file log-pcap.c.

◆ DEFAULT_LIMIT

#define DEFAULT_LIMIT   100 * 1024 * 1024

Definition at line 62 of file log-pcap.c.

◆ DEFAULT_LOG_FILENAME

#define DEFAULT_LOG_FILENAME   "pcaplog"

Definition at line 59 of file log-pcap.c.

◆ HONOR_PASS_RULES_DISABLED

#define HONOR_PASS_RULES_DISABLED   0

Definition at line 83 of file log-pcap.c.

◆ HONOR_PASS_RULES_ENABLED

#define HONOR_PASS_RULES_ENABLED   1

Definition at line 84 of file log-pcap.c.

◆ LOGMODE_MULTI

#define LOGMODE_MULTI   1

Definition at line 66 of file log-pcap.c.

◆ LOGMODE_NORMAL

#define LOGMODE_NORMAL   0

Definition at line 65 of file log-pcap.c.

◆ MAX_FILENAMELEN

#define MAX_FILENAMELEN   513

Definition at line 119 of file log-pcap.c.

◆ MAX_TOKS

#define MAX_TOKS   9

Definition at line 118 of file log-pcap.c.

◆ MIN_LIMIT

#define MIN_LIMIT   4 * 1024 * 1024

Definition at line 61 of file log-pcap.c.

◆ MODULE_NAME

#define MODULE_NAME   "PcapLog"

Definition at line 60 of file log-pcap.c.

◆ PCAP_BUFFER_TIMEOUT

#define PCAP_BUFFER_TIMEOUT   1000000

Definition at line 87 of file log-pcap.c.

◆ PCAP_NETMASK_UNKNOWN

#define PCAP_NETMASK_UNKNOWN   0xffffffff

Definition at line 92 of file log-pcap.c.

◆ PCAP_PKTHDR_SIZE

#define PCAP_PKTHDR_SIZE   16

Definition at line 88 of file log-pcap.c.

◆ PCAP_SNAPLEN

#define PCAP_SNAPLEN   262144

Definition at line 86 of file log-pcap.c.

◆ PCAPLOG_PROFILE_END

#define PCAPLOG_PROFILE_END (   prof)
Value:
(prof).total += (UtilCpuGetTicks() - pcaplog_profile_ticks); \
(prof).cnt++

Definition at line 240 of file log-pcap.c.

◆ PCAPLOG_PROFILE_START

#define PCAPLOG_PROFILE_START   uint64_t pcaplog_profile_ticks = UtilCpuGetTicks()

Definition at line 237 of file log-pcap.c.

◆ RING_BUFFER_MODE_DISABLED

#define RING_BUFFER_MODE_DISABLED   0

Definition at line 74 of file log-pcap.c.

◆ RING_BUFFER_MODE_ENABLED

#define RING_BUFFER_MODE_ENABLED   1

Definition at line 75 of file log-pcap.c.

◆ TS_FORMAT_SEC

#define TS_FORMAT_SEC   0

Definition at line 77 of file log-pcap.c.

◆ TS_FORMAT_USEC

#define TS_FORMAT_USEC   1

Definition at line 78 of file log-pcap.c.

◆ USE_STREAM_DEPTH_DISABLED

#define USE_STREAM_DEPTH_DISABLED   0

Definition at line 80 of file log-pcap.c.

◆ USE_STREAM_DEPTH_ENABLED

#define USE_STREAM_DEPTH_ENABLED   1

Definition at line 81 of file log-pcap.c.

Typedef Documentation

◆ LogModeConditionalType

typedef enum LogModeConditionalType_ LogModeConditionalType

◆ PcapFileName

typedef struct PcapFileName_ PcapFileName

◆ PcapLogCompressionData

typedef struct PcapLogCompressionData_ PcapLogCompressionData

◆ PcapLogData

typedef struct PcapLogData_ PcapLogData

PcapLog thread vars

Used for storing file options.

◆ PcapLogProfileData

typedef struct PcapLogProfileData_ PcapLogProfileData

◆ PcapLogThreadData

typedef struct PcapLogThreadData_ PcapLogThreadData

Enumeration Type Documentation

◆ LogModeConditionalType_

enum LogModeConditionalType_
Enumerator
LOGMODE_COND_ALL 
LOGMODE_COND_ALERTS 
LOGMODE_COND_TAG 

Definition at line 67 of file log-pcap.c.

◆ PcapLogCompressionFormat

enum PcapLogCompressionFormat
Enumerator
PCAP_LOG_COMPRESSION_FORMAT_NONE 
PCAP_LOG_COMPRESSION_FORMAT_LZ4 

Definition at line 120 of file log-pcap.c.

Function Documentation

◆ PcapLogGetFilename()

char* PcapLogGetFilename ( void  )

Definition at line 1829 of file log-pcap.c.

References pcap_file_thread.

◆ PcapLogProfileSetup()

void PcapLogProfileSetup ( void  )

Definition at line 1953 of file log-pcap.c.

References SCConfGetNode(), and SCConfNodeChildValueIsTrue().

Here is the call graph for this function:

◆ PcapLogRegister()

void PcapLogRegister ( void  )

Definition at line 219 of file log-pcap.c.

References OutputPacketLoggerFunctions_::LogFunc.

◆ SC_ATOMIC_DECLARE()

SC_ATOMIC_DECLARE ( uint32_t  ,
thread_cnt   
)

Variable Documentation

◆ pcap_file_thread

thread_local char* pcap_file_thread = NULL

Definition at line 110 of file log-pcap.c.

Referenced by PcapLogGetFilename().

UtilCpuGetTicks
uint64_t UtilCpuGetTicks(void)
Definition: util-cpu.c:161
cnt
uint32_t cnt
Definition: tmqh-packetpool.h:7