suricata: src/source-pcap-file-helper.c File Reference

suricata

#include "source-pcap-file-helper.h"
#include "suricata.h"
#include "util-datalink.h"
#include "util-checksum.h"
#include "util-profiling.h"
#include "util-exception-policy.h"
#include "conf-yaml-loader.h"
#include "capture-hooks.h"
#include "threads.h"
#include "util-unittest-helper.h"

Include dependency graph for source-pcap-file-helper.c:

Go to the source code of this file.

Functions
void	PcapFileReleasePseudoPacket (Packet *p)

void	CleanupPcapFileFileVars (PcapFileFileVars *pfv)

const char *	PcapFileGetFilename (void)

void	PcapFileSetCurrentPfv (PcapFileFileVars *pfv)

PcapFileFileVars *	PcapFileGetCurrentPfv (void)

TmEcode	PcapFileDispatch (PcapFileFileVars *ptv)
	Main PCAP file reading Loop function. More...

TmEcode	InitPcapFile (PcapFileFileVars *pfv)

TmEcode	ValidateLinkType (int datalink, DecoderFunc *DecoderFn)

bool	PcapFileShouldDeletePcapFile (PcapFileFileVars *pfv)

void	PcapFileFinalizePacket (PcapFileFileVars *pfv)

void	PcapFileAddAlertCount (PcapFileFileVars *pfv, uint16_t alert_count)

void	PcapFileInstallCaptureHooks (void)

PcapFileDeleteMode	PcapFileParseDeleteMode (void)

void	SourcePcapFileHelperRegisterTests (void)
	Register unit tests for pcap file helper. More...

Variables
uint32_t	max_pending_packets

PcapFileGlobalVars	pcap_g

char	pcap_filename [PATH_MAX] = "unknown"

Detailed Description

Author: Danny Browning danny.nosp@m..bro.nosp@m.wning.nosp@m.@pro.nosp@m.tectw.nosp@m.ise..nosp@m.com

File based pcap packet acquisition support

Definition in file source-pcap-file-helper.c.

Function Documentation

◆ CleanupPcapFileFileVars()

void CleanupPcapFileFileVars ( PcapFileFileVars * pfv )

Cleanup resources associated with a PcapFileFileVars object.

Parameters

pfv	Object to be cleaned up

Definition at line 67 of file source-pcap-file-helper.c.

References PcapFileFileVars_::cleanup_requested, PcapFileFileVars_::filename, PcapFileFileVars_::pcap_handle, PcapFileShouldDeletePcapFile(), SC_ATOMIC_GET, SCFree, SCLogDebug, SCLogWarning, and PcapFileFileVars_::shared.

Referenced by CleanupPcapFileDirectoryVars(), PcapFileFinalizePacket(), and PcapFileReleasePseudoPacket().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ InitPcapFile()

TmEcode InitPcapFile ( PcapFileFileVars * pfv )

From a PcapFileFileVars, prepare the filename for processing by setting pcap_handle, datalink, and filter

Parameters

pfv	PcapFileFileVars object to populate

Returns

Definition at line 257 of file source-pcap-file-helper.c.

References PcapFileSharedVars_::bpf_string, PcapFileFileVars_::cleanup_requested, PcapFileFileVars_::datalink, DatalinkSetGlobalType(), PcapFileFileVars_::filename, PcapFileFileVars_::filter, pcap_g, PcapFileFileVars_::pcap_handle, PcapFileGlobalVars_::read_buffer_size, SC_ATOMIC_INIT, SC_ATOMIC_SET, SCLogDebug, SCLogError, SCLogInfo, SCLogWarning, SCReturnInt, PcapFileFileVars_::shared, TM_ECODE_FAILED, and unlikely.

Here is the call graph for this function:

◆ PcapFileAddAlertCount()

void PcapFileAddAlertCount	(	PcapFileFileVars *	pfv,
		uint16_t	alert_count
	)

Definition at line 401 of file source-pcap-file-helper.c.

References SC_ATOMIC_ADD.

◆ PcapFileDispatch()

TmEcode PcapFileDispatch ( PcapFileFileVars * ptv )

Main PCAP file reading Loop function.

Dispatch a file for processing, where the information necessary to process that file is as PcapFileFileVars object.

Parameters

ptv	PcapFileFileVars object to be processed

Returns

Definition at line 186 of file source-pcap-file-helper.c.

References PcapFileFileVars_::first_pkt_hdr, PcapFileFileVars_::first_pkt_ts, likely, PcapFileSetCurrentPfv(), SCEnter, SCTIME_FROM_TIMEVAL, and TmThreadsInitThreadsTimestamp().

Here is the call graph for this function:

◆ PcapFileFinalizePacket()

void PcapFileFinalizePacket ( PcapFileFileVars * pfv )

Definition at line 386 of file source-pcap-file-helper.c.

References CleanupPcapFileFileVars(), PcapFileFileVars_::filename, SC_ATOMIC_SUB, and SCLogDebug.

Here is the call graph for this function:

◆ PcapFileGetCurrentPfv()

PcapFileFileVars* PcapFileGetCurrentPfv ( void )

Definition at line 178 of file source-pcap-file-helper.c.

◆ PcapFileGetFilename()

const char* PcapFileGetFilename ( void )

Definition at line 168 of file source-pcap-file-helper.c.

References pcap_filename.

Referenced by OutputJSONBuffer(), and OutputJsonBuilderBuffer().

Here is the caller graph for this function:

◆ PcapFileInstallCaptureHooks()

void PcapFileInstallCaptureHooks ( void )

Definition at line 434 of file source-pcap-file-helper.c.

References CaptureHooksSet().

Referenced by PcapFileGlobalInit().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ PcapFileParseDeleteMode()

PcapFileDeleteMode PcapFileParseDeleteMode ( void )

Definition at line 439 of file source-pcap-file-helper.c.

References PCAP_FILE_DELETE_ALWAYS, PCAP_FILE_DELETE_NON_ALERTS, PCAP_FILE_DELETE_NONE, SCConfGet(), and SCConfGetBool().

Here is the call graph for this function:

◆ PcapFileReleasePseudoPacket()

void PcapFileReleasePseudoPacket ( Packet * p )

Definition at line 53 of file source-pcap-file-helper.c.

References PcapFileFileVars_::cleanup_requested, CleanupPcapFileFileVars(), PacketFreeOrRelease(), Packet_::pcap_v, PcapPacketVars_::pfv, and SC_ATOMIC_SUB.

Here is the call graph for this function:

◆ PcapFileSetCurrentPfv()

void PcapFileSetCurrentPfv ( PcapFileFileVars * pfv )

Definition at line 173 of file source-pcap-file-helper.c.

Referenced by PcapFileDispatch().

Here is the caller graph for this function:

◆ PcapFileShouldDeletePcapFile()

bool PcapFileShouldDeletePcapFile ( PcapFileFileVars * pfv )

Definition at line 358 of file source-pcap-file-helper.c.

References PcapFileSharedVars_::delete_mode, PcapFileFileVars_::filename, PCAP_FILE_DELETE_ALWAYS, PCAP_FILE_DELETE_NONE, SC_ATOMIC_GET, SCLogDebug, and PcapFileFileVars_::shared.

Referenced by CleanupPcapFileFileVars().

Here is the caller graph for this function:

◆ SourcePcapFileHelperRegisterTests()

void SourcePcapFileHelperRegisterTests ( void )

Register unit tests for pcap file helper.

Definition at line 1022 of file source-pcap-file-helper.c.

References UtRegisterTest().

Here is the call graph for this function:

◆ ValidateLinkType()

TmEcode ValidateLinkType	(	int	datalink,
		DecoderFunc *	decoder
	)

Determine if a datalink type is valid, setting a decoder function if valid.

Parameters

datalink	Datalink type to validate
decoder	Pointer to decoder to set if valid

Returns: TM_ECODE_OK if valid datalink type and decoder has been set.

Definition at line 320 of file source-pcap-file-helper.c.

References DecodeCHDLC(), DecodeEthernet(), DecodeNull(), DecodePPP(), DecodeRaw(), DecodeSll(), DecodeSll2(), LINKTYPE_CISCO_HDLC, LINKTYPE_ETHERNET, LINKTYPE_GRE_OVER_IP, LINKTYPE_IPV4, LINKTYPE_IPV6, LINKTYPE_LINUX_SLL, LINKTYPE_LINUX_SLL2, LINKTYPE_NULL, LINKTYPE_PPP, LINKTYPE_RAW, LINKTYPE_RAW2, SCLogError, SCReturnInt, TM_ECODE_FAILED, and TM_ECODE_OK.

Here is the call graph for this function:

Variable Documentation

◆ pcap_filename

char pcap_filename[PATH_MAX] = "unknown"

Definition at line 166 of file source-pcap-file-helper.c.

Referenced by PcapFileGetFilename().

◆ pcap_g

PcapFileGlobalVars pcap_g

Definition at line 39 of file source-pcap-file.c.

Referenced by InitPcapFile(), PcapFileGlobalInit(), and PcapIncreaseInvalidChecksum().

src
source-pcap-file-helper.c
Generated on Sat Feb 28 2026 23:30:42 for suricata by 1.8.18