suricata
Data Structures | Typedefs | Functions
source-pcap-file-helper.h File Reference
#include "suricata-common.h"
#include "tm-threads.h"
Include dependency graph for source-pcap-file-helper.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  PcapFileGlobalVars_
 
struct  PcapFileSharedVars_
 
struct  PcapFileFileVars_
 

Typedefs

typedef struct PcapFileGlobalVars_ PcapFileGlobalVars
 
typedef struct PcapFileSharedVars_ PcapFileSharedVars
 
typedef struct PcapFileFileVars_ PcapFileFileVars
 
typedef int(* Decoder) (ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint32_t, PacketQueue *)
 

Functions

TmEcode PcapFileDispatch (PcapFileFileVars *ptv)
 Main PCAP file reading Loop function. More...
 
TmEcode InitPcapFile (PcapFileFileVars *pfv)
 
void CleanupPcapFileFileVars (PcapFileFileVars *pfv)
 
TmEcode ValidateLinkType (int datalink, Decoder *decoder)
 

Detailed Description

Author
Danny Browning danny.nosp@m..bro.nosp@m.wning.nosp@m.@pro.nosp@m.tectw.nosp@m.ise..nosp@m.com

Definition in file source-pcap-file-helper.h.

Typedef Documentation

typedef int(* Decoder) (ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint32_t, PacketQueue *)

Definition at line 79 of file source-pcap-file-helper.h.

typedef struct PcapFileFileVars_ PcapFileFileVars

Data specific to a single pcap file

typedef struct PcapFileGlobalVars_ PcapFileGlobalVars
typedef struct PcapFileSharedVars_ PcapFileSharedVars

Data that is shared amongst File, Directory, and Thread level vars

Function Documentation

void CleanupPcapFileFileVars ( PcapFileFileVars pfv)

Cleanup resources associated with a PcapFileFileVars object.

Parameters
pfvObject to be cleaned up

Definition at line 36 of file source-pcap-file-helper.c.

References PcapFileSharedVars_::bytes, PcapFileSharedVars_::cb_result, PcapFileGlobalVars_::checksum_mode, CHECKSUM_VALIDATION_AUTO, CHECKSUM_VALIDATION_DISABLE, ChecksumAutoModeCheck(), PcapFileGlobalVars_::cnt, PcapFileFileVars_::datalink, Packet_::datalink, PcapFileFileVars_::filename, Packet_::flags, PACKET_PROFILING_TMM_END, PACKET_PROFILING_TMM_START, PacketCopyData(), PacketGetFromQueueOrAlloc(), Packet_::pcap_cnt, PcapFileFileVars_::pcap_handle, Packet_::pcap_v, PKT_IGNORE_CHECKSUM, PKT_SET_SRC, PKT_SRC_WIRE, PcapFileSharedVars_::pkts, SC_ATOMIC_GET, SC_ERR_PCAP_FILE_DELETE_FAILED, SCEnter, SCFree, SCLogDebug, SCLogWarning, SCReturn, PcapFileFileVars_::shared, PcapFileSharedVars_::should_delete, PcapFileSharedVars_::slot, PcapPacketVars_::tenant_id, PcapFileSharedVars_::tenant_id, TM_ECODE_FAILED, TM_ECODE_OK, TMM_RECEIVEPCAPFILE, TmqhOutputPacketpool(), Packet_::ts, PcapFileSharedVars_::tv, and unlikely.

Referenced by CleanupPcapFileDirectoryVars(), PcapDetermineDirectoryOrFile(), and PcapFileGlobalInit().

Here is the call graph for this function:

Here is the caller graph for this function:

TmEcode InitPcapFile ( PcapFileFileVars pfv)

From a PcapFileFileVars, prepare the filename for processing by setting pcap_handle, datalink, and filter

Parameters
pfvPcapFileFileVars object to populate
Returns

Definition at line 163 of file source-pcap-file-helper.c.

References PcapFileSharedVars_::bpf_string, PcapFileFileVars_::datalink, PcapFileFileVars_::filename, PcapFileFileVars_::filter, PcapFileFileVars_::pcap_handle, RunModeUnixSocketIsActive(), SC_ERR_BPF, SC_ERR_FOPEN, SC_ERR_INVALID_ARGUMENT, SCLogDebug, SCLogError, SCLogInfo, SCReturnInt, PcapFileFileVars_::shared, TM_ECODE_DONE, TM_ECODE_FAILED, UnixSocketPcapFile(), unlikely, and ValidateLinkType().

Referenced by PcapDetermineDirectoryOrFile(), and PcapFileGlobalInit().

Here is the call graph for this function:

Here is the caller graph for this function:

TmEcode PcapFileDispatch ( PcapFileFileVars ptv)

Main PCAP file reading Loop function.

Dispatch a file for processing, where the information necessary to process that file is as PcapFileFileVars object.

Parameters
ptvPcapFileFileVars object to be processed
Returns

Definition at line 119 of file source-pcap-file-helper.c.

References PcapFileSharedVars_::cb_result, PcapFileFileVars_::filename, PcapFileSharedVars_::files, PacketPoolWait(), pcap_filename, PcapFileFileVars_::pcap_handle, SC_ERR_PCAP_DISPATCH, SCEnter, SCLogError, SCLogInfo, SCReturnInt, PcapFileFileVars_::shared, StatsSyncCountersIfSignalled, strlcpy(), suricata_ctl_flags, SURICATA_STOP, TM_ECODE_DONE, TM_ECODE_FAILED, TM_ECODE_OK, PcapFileSharedVars_::tv, and unlikely.

Referenced by PcapDetermineDirectoryOrFile(), and PcapFileGlobalInit().

Here is the call graph for this function:

Here is the caller graph for this function:

TmEcode ValidateLinkType ( int  datalink,
Decoder decoder 
)

Determine if a datalink type is valid, setting a decoder function if valid.

Parameters
datalinkDatalink type to validate
decoderPointer to decoder to set if valid
Returns
TM_ECODE_OK if valid datalink type and decoder has been set.

Definition at line 207 of file source-pcap-file-helper.c.

References DecodeEthernet(), DecodeNull(), DecodePPP(), DecodeRaw(), DecodeSll(), LINKTYPE_ETHERNET, LINKTYPE_GRE_OVER_IP, LINKTYPE_IPV4, LINKTYPE_LINUX_SLL, LINKTYPE_NULL, LINKTYPE_PPP, LINKTYPE_RAW, LINKTYPE_RAW2, SC_ERR_UNIMPLEMENTED, SCLogError, SCReturnInt, TM_ECODE_FAILED, and TM_ECODE_OK.

Referenced by InitPcapFile(), and PcapFileGlobalInit().

Here is the call graph for this function:

Here is the caller graph for this function: