#include "suricata-common.h"
#include "log-pcap.h"
#include "threads.h"
#include "threadvars.h"
#include "decode.h"
#include "stream.h"
#include "stream-tcp-reassemble.h"
#include "output.h"
#include "util-buffer.h"
#include "util-byte.h"
#include "util-conf.h"
#include "util-cpu.h"
#include "util-datalink.h"
#include "util-misc.h"
#include "util-path.h"
#include "util-profiling.h"
#include "util-time.h"

Include dependency graph for log-pcap.c:

Data Structures
struct	PcapFileName_

struct	PcapLogProfileData_

struct	PcapLogCompressionData_

struct	PcapLogData_

struct	PcapLogThreadData_

struct	PcapLogCallbackContext

Macros
#define	DEFAULT_LOG_FILENAME "pcaplog"

#define	MODULE_NAME "PcapLog"

#define	MIN_LIMIT 4 * 1024 * 1024

#define	DEFAULT_LIMIT 100 * 1024 * 1024

#define	DEFAULT_FILE_LIMIT 0

#define	LOGMODE_NORMAL 0

#define	LOGMODE_MULTI 1

#define	RING_BUFFER_MODE_DISABLED 0

#define	RING_BUFFER_MODE_ENABLED 1

#define	TS_FORMAT_SEC 0

#define	TS_FORMAT_USEC 1

#define	USE_STREAM_DEPTH_DISABLED 0

#define	USE_STREAM_DEPTH_ENABLED 1

#define	HONOR_PASS_RULES_DISABLED 0

#define	HONOR_PASS_RULES_ENABLED 1

#define	PCAP_SNAPLEN 262144

#define	PCAP_BUFFER_TIMEOUT 1000000

#define	MAX_TOKS 9

#define	MAX_FILENAMELEN 513

#define	PCAPLOG_PROFILE_START uint64_t pcaplog_profile_ticks = UtilCpuGetTicks()

#define	PCAPLOG_PROFILE_END(prof)

Typedefs
typedef enum LogModeConditionalType_	LogModeConditionalType

typedef struct PcapFileName_	PcapFileName

typedef struct PcapLogProfileData_	PcapLogProfileData

typedef struct PcapLogCompressionData_	PcapLogCompressionData

typedef struct PcapLogData_	PcapLogData

typedef struct PcapLogThreadData_	PcapLogThreadData

Enumerations
enum	LogModeConditionalType_ { LOGMODE_COND_ALL, LOGMODE_COND_ALERTS, LOGMODE_COND_TAG }

enum	PcapLogCompressionFormat { PCAP_LOG_COMPRESSION_FORMAT_NONE, PCAP_LOG_COMPRESSION_FORMAT_LZ4 }

Functions
	SC_ATOMIC_DECLARE (uint32_t, thread_cnt)

void	PcapLogRegister (void)

char *	PcapLogGetFilename (void)

void	PcapLogProfileSetup (void)

Variables
thread_local char *	pcap_file_thread = NULL

Detailed Description

Author: William Metcalf Willi.nosp@m.am.M.nosp@m.etcal.nosp@m.f@gm.nosp@m.ail.c.nosp@m.om; Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Pcap packet logging module.

Definition in file log-pcap.c.

Macro Definition Documentation

◆ DEFAULT_FILE_LIMIT

#define DEFAULT_FILE_LIMIT 0

Definition at line 64 of file log-pcap.c.

◆ DEFAULT_LIMIT

#define DEFAULT_LIMIT 100 * 1024 * 1024

Definition at line 63 of file log-pcap.c.

◆ DEFAULT_LOG_FILENAME

#define DEFAULT_LOG_FILENAME "pcaplog"

Definition at line 60 of file log-pcap.c.

◆ HONOR_PASS_RULES_DISABLED

#define HONOR_PASS_RULES_DISABLED 0

Definition at line 84 of file log-pcap.c.

◆ HONOR_PASS_RULES_ENABLED

#define HONOR_PASS_RULES_ENABLED 1

Definition at line 85 of file log-pcap.c.

◆ LOGMODE_MULTI

#define LOGMODE_MULTI 1

Definition at line 67 of file log-pcap.c.

◆ LOGMODE_NORMAL

#define LOGMODE_NORMAL 0

Definition at line 66 of file log-pcap.c.

◆ MAX_FILENAMELEN

#define MAX_FILENAMELEN 513

Definition at line 114 of file log-pcap.c.

◆ MAX_TOKS

#define MAX_TOKS 9

Definition at line 113 of file log-pcap.c.

◆ MIN_LIMIT

#define MIN_LIMIT 4 * 1024 * 1024

Definition at line 62 of file log-pcap.c.

◆ MODULE_NAME

#define MODULE_NAME "PcapLog"

Definition at line 61 of file log-pcap.c.

◆ PCAP_BUFFER_TIMEOUT

#define PCAP_BUFFER_TIMEOUT 1000000

Definition at line 88 of file log-pcap.c.

◆ PCAP_SNAPLEN

#define PCAP_SNAPLEN 262144

Definition at line 87 of file log-pcap.c.

◆ PCAPLOG_PROFILE_END

#define PCAPLOG_PROFILE_END ( prof )

Value:

(prof).total += (UtilCpuGetTicks() - pcaplog_profile_ticks); \

(prof).cnt++

Definition at line 225 of file log-pcap.c.

◆ PCAPLOG_PROFILE_START

#define PCAPLOG_PROFILE_START uint64_t pcaplog_profile_ticks = UtilCpuGetTicks()

Definition at line 222 of file log-pcap.c.

◆ RING_BUFFER_MODE_DISABLED

#define RING_BUFFER_MODE_DISABLED 0

Definition at line 75 of file log-pcap.c.

◆ RING_BUFFER_MODE_ENABLED

#define RING_BUFFER_MODE_ENABLED 1

Definition at line 76 of file log-pcap.c.

◆ TS_FORMAT_SEC

#define TS_FORMAT_SEC 0

Definition at line 78 of file log-pcap.c.

◆ TS_FORMAT_USEC

#define TS_FORMAT_USEC 1

Definition at line 79 of file log-pcap.c.

◆ USE_STREAM_DEPTH_DISABLED

#define USE_STREAM_DEPTH_DISABLED 0

Definition at line 81 of file log-pcap.c.

◆ USE_STREAM_DEPTH_ENABLED

#define USE_STREAM_DEPTH_ENABLED 1

Definition at line 82 of file log-pcap.c.

Typedef Documentation

◆ LogModeConditionalType

typedef enum LogModeConditionalType_ LogModeConditionalType

◆ PcapFileName

typedef struct PcapFileName_ PcapFileName

◆ PcapLogCompressionData

typedef struct PcapLogCompressionData_ PcapLogCompressionData

◆ PcapLogData

typedef struct PcapLogData_ PcapLogData

PcapLog thread vars

Used for storing file options.

◆ PcapLogProfileData

typedef struct PcapLogProfileData_ PcapLogProfileData

◆ PcapLogThreadData

typedef struct PcapLogThreadData_ PcapLogThreadData

Enumeration Type Documentation

◆ LogModeConditionalType_

enum LogModeConditionalType_

Enumerator
LOGMODE_COND_ALL
LOGMODE_COND_ALERTS
LOGMODE_COND_TAG

Definition at line 68 of file log-pcap.c.

◆ PcapLogCompressionFormat

enum PcapLogCompressionFormat

Enumerator
PCAP_LOG_COMPRESSION_FORMAT_NONE
PCAP_LOG_COMPRESSION_FORMAT_LZ4

Definition at line 115 of file log-pcap.c.

Function Documentation

◆ PcapLogGetFilename()

char* PcapLogGetFilename ( void )

Definition at line 1789 of file log-pcap.c.

References pcap_file_thread.

◆ PcapLogProfileSetup()

void PcapLogProfileSetup ( void )

Definition at line 1913 of file log-pcap.c.

References ConfGetNode(), and ConfNodeChildValueIsTrue().

Here is the call graph for this function:

◆ PcapLogRegister()

void PcapLogRegister ( void )

Definition at line 210 of file log-pcap.c.

References LOGGER_PCAP, MODULE_NAME, and OutputRegisterPacketModule().