suricata
Functions | Variables
source-pcap-file-helper.c File Reference
#include "source-pcap-file-helper.h"
#include "suricata.h"
#include "util-datalink.h"
#include "util-checksum.h"
#include "util-profiling.h"
#include "source-pcap-file.h"
#include "util-exception-policy.h"
Include dependency graph for source-pcap-file-helper.c:

Go to the source code of this file.

Functions

void CleanupPcapFileFileVars (PcapFileFileVars *pfv)
 
const char * PcapFileGetFilename (void)
 
TmEcode PcapFileDispatch (PcapFileFileVars *ptv)
 Main PCAP file reading Loop function. More...
 
TmEcode InitPcapFile (PcapFileFileVars *pfv)
 
TmEcode ValidateLinkType (int datalink, DecoderFunc *DecoderFn)
 

Variables

uint32_t max_pending_packets
 
PcapFileGlobalVars pcap_g
 
char pcap_filename [PATH_MAX] = "unknown"
 

Detailed Description

Author
Danny Browning danny.nosp@m..bro.nosp@m.wning.nosp@m.@pro.nosp@m.tectw.nosp@m.ise..nosp@m.com

File based pcap packet acquisition support

Definition in file source-pcap-file-helper.c.

Function Documentation

◆ CleanupPcapFileFileVars()

void CleanupPcapFileFileVars ( PcapFileFileVars pfv)

Cleanup resources associated with a PcapFileFileVars object.

Parameters
pfvObject to be cleaned up

Definition at line 39 of file source-pcap-file-helper.c.

References PcapFileFileVars_::filename, PcapFileFileVars_::pcap_handle, SCFree, SCLogDebug, SCLogWarning, PcapFileFileVars_::shared, and PcapFileSharedVars_::should_delete.

Referenced by CleanupPcapFileDirectoryVars().

Here is the caller graph for this function:

◆ InitPcapFile()

TmEcode InitPcapFile ( PcapFileFileVars pfv)

From a PcapFileFileVars, prepare the filename for processing by setting pcap_handle, datalink, and filter

Parameters
pfvPcapFileFileVars object to populate
Returns

Definition at line 196 of file source-pcap-file-helper.c.

References PcapFileSharedVars_::bpf_string, PcapFileFileVars_::datalink, DatalinkSetGlobalType(), PcapFileFileVars_::filename, PcapFileFileVars_::filter, pcap_g, PcapFileFileVars_::pcap_handle, PcapFileGlobalVars_::read_buffer_size, SCLogDebug, SCLogError, SCLogInfo, SCLogWarning, SCReturnInt, PcapFileFileVars_::shared, TM_ECODE_FAILED, and unlikely.

Here is the call graph for this function:

◆ PcapFileDispatch()

TmEcode PcapFileDispatch ( PcapFileFileVars ptv)

Main PCAP file reading Loop function.

Dispatch a file for processing, where the information necessary to process that file is as PcapFileFileVars object.

Parameters
ptvPcapFileFileVars object to be processed
Returns

Definition at line 126 of file source-pcap-file-helper.c.

References PcapFileFileVars_::first_pkt_hdr, PcapFileFileVars_::first_pkt_ts, likely, SCEnter, SCTIME_FROM_TIMEVAL, and TmThreadsInitThreadsTimestamp().

Here is the call graph for this function:

◆ PcapFileGetFilename()

const char* PcapFileGetFilename ( void  )

Definition at line 118 of file source-pcap-file-helper.c.

References pcap_filename.

Referenced by OutputJSONBuffer(), and OutputJsonBuilderBuffer().

Here is the caller graph for this function:

◆ ValidateLinkType()

TmEcode ValidateLinkType ( int  datalink,
DecoderFunc decoder 
)

Determine if a datalink type is valid, setting a decoder function if valid.

Parameters
datalinkDatalink type to validate
decoderPointer to decoder to set if valid
Returns
TM_ECODE_OK if valid datalink type and decoder has been set.

Definition at line 251 of file source-pcap-file-helper.c.

References DecodeCHDLC(), DecodeEthernet(), DecodeNull(), DecodePPP(), DecodeRaw(), DecodeSll(), LINKTYPE_CISCO_HDLC, LINKTYPE_ETHERNET, LINKTYPE_GRE_OVER_IP, LINKTYPE_IPV4, LINKTYPE_IPV6, LINKTYPE_LINUX_SLL, LINKTYPE_NULL, LINKTYPE_PPP, LINKTYPE_RAW, LINKTYPE_RAW2, SCLogError, SCReturnInt, TM_ECODE_FAILED, and TM_ECODE_OK.

Here is the call graph for this function:

Variable Documentation

◆ pcap_filename

char pcap_filename[PATH_MAX] = "unknown"

Definition at line 116 of file source-pcap-file-helper.c.

Referenced by PcapFileGetFilename().

◆ pcap_g

PcapFileGlobalVars pcap_g

Definition at line 38 of file source-pcap-file.c.

Referenced by InitPcapFile(), PcapFileGlobalInit(), and PcapIncreaseInvalidChecksum().