suricata
Data Structures | Typedefs | Enumerations | Functions
source-pcap-file-helper.h File Reference
#include "suricata-common.h"
#include "tm-threads.h"
#include "util-atomic.h"
Include dependency graph for source-pcap-file-helper.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  PcapFileGlobalVars_
 
struct  PcapFileSharedVars_
 
struct  PcapFileFileVars_
 

Typedefs

typedef struct PcapFileGlobalVars_ PcapFileGlobalVars
 
typedef struct PcapFileSharedVars_ PcapFileSharedVars
 
typedef struct PcapFileFileVars_ PcapFileFileVars
 

Enumerations

enum  PcapFileDeleteMode { PCAP_FILE_DELETE_NONE = 0, PCAP_FILE_DELETE_ALWAYS, PCAP_FILE_DELETE_NON_ALERTS }
 

Functions

TmEcode PcapFileDispatch (PcapFileFileVars *ptv)
 Main PCAP file reading Loop function. More...
 
TmEcode InitPcapFile (PcapFileFileVars *pfv)
 
void CleanupPcapFileFileVars (PcapFileFileVars *pfv)
 
TmEcode ValidateLinkType (int datalink, DecoderFunc *decoder)
 
const char * PcapFileGetFilename (void)
 
bool PcapFileShouldDeletePcapFile (PcapFileFileVars *pfv)
 
void PcapFileFinalizePacket (PcapFileFileVars *pfv)
 
PcapFileDeleteMode PcapFileParseDeleteMode (void)
 
void PcapFileAddAlertCount (PcapFileFileVars *pfv, uint16_t alert_count)
 
void PcapFileReleasePseudoPacket (Packet *p)
 
void PcapFileSetCurrentPfv (PcapFileFileVars *pfv)
 
PcapFileFileVarsPcapFileGetCurrentPfv (void)
 
void PcapFileInstallCaptureHooks (void)
 
void SourcePcapFileHelperRegisterTests (void)
 Register unit tests for pcap file helper. More...
 

Detailed Description

Author
Danny Browning danny.nosp@m..bro.nosp@m.wning.nosp@m.@pro.nosp@m.tectw.nosp@m.ise..nosp@m.com

Definition in file source-pcap-file-helper.h.

Typedef Documentation

◆ PcapFileFileVars

typedef struct PcapFileFileVars_ PcapFileFileVars

Data specific to a single pcap file

◆ PcapFileGlobalVars

typedef struct PcapFileGlobalVars_ PcapFileGlobalVars

◆ PcapFileSharedVars

typedef struct PcapFileSharedVars_ PcapFileSharedVars

Data that is shared amongst File, Directory, and Thread level vars

Enumeration Type Documentation

◆ PcapFileDeleteMode

enum PcapFileDeleteMode
Enumerator
PCAP_FILE_DELETE_NONE 
PCAP_FILE_DELETE_ALWAYS 
PCAP_FILE_DELETE_NON_ALERTS 

Definition at line 31 of file source-pcap-file-helper.h.

Function Documentation

◆ CleanupPcapFileFileVars()

void CleanupPcapFileFileVars ( PcapFileFileVars pfv)

Cleanup resources associated with a PcapFileFileVars object.

Parameters
pfvObject to be cleaned up

Definition at line 67 of file source-pcap-file-helper.c.

References PcapFileFileVars_::cleanup_requested, PcapFileFileVars_::filename, PcapFileFileVars_::pcap_handle, PcapFileShouldDeletePcapFile(), SC_ATOMIC_GET, SCFree, SCLogDebug, SCLogWarning, and PcapFileFileVars_::shared.

Referenced by CleanupPcapFileDirectoryVars(), PcapFileFinalizePacket(), and PcapFileReleasePseudoPacket().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ InitPcapFile()

TmEcode InitPcapFile ( PcapFileFileVars pfv)

From a PcapFileFileVars, prepare the filename for processing by setting pcap_handle, datalink, and filter

Parameters
pfvPcapFileFileVars object to populate
Returns

Definition at line 257 of file source-pcap-file-helper.c.

References PcapFileSharedVars_::bpf_string, PcapFileFileVars_::cleanup_requested, PcapFileFileVars_::datalink, DatalinkSetGlobalType(), PcapFileFileVars_::filename, PcapFileFileVars_::filter, pcap_g, PcapFileFileVars_::pcap_handle, PcapFileGlobalVars_::read_buffer_size, SC_ATOMIC_INIT, SC_ATOMIC_SET, SCLogDebug, SCLogError, SCLogInfo, SCLogWarning, SCReturnInt, PcapFileFileVars_::shared, TM_ECODE_FAILED, and unlikely.

Here is the call graph for this function:

◆ PcapFileAddAlertCount()

void PcapFileAddAlertCount ( PcapFileFileVars pfv,
uint16_t  alert_count 
)

Definition at line 401 of file source-pcap-file-helper.c.

References SC_ATOMIC_ADD.

◆ PcapFileDispatch()

TmEcode PcapFileDispatch ( PcapFileFileVars ptv)

Main PCAP file reading Loop function.

Dispatch a file for processing, where the information necessary to process that file is as PcapFileFileVars object.

Parameters
ptvPcapFileFileVars object to be processed
Returns

Definition at line 186 of file source-pcap-file-helper.c.

References PcapFileFileVars_::first_pkt_hdr, PcapFileFileVars_::first_pkt_ts, likely, PcapFileSetCurrentPfv(), SCEnter, SCTIME_FROM_TIMEVAL, and TmThreadsInitThreadsTimestamp().

Here is the call graph for this function:

◆ PcapFileFinalizePacket()

void PcapFileFinalizePacket ( PcapFileFileVars pfv)

Definition at line 386 of file source-pcap-file-helper.c.

References CleanupPcapFileFileVars(), PcapFileFileVars_::filename, SC_ATOMIC_SUB, and SCLogDebug.

Here is the call graph for this function:

◆ PcapFileGetCurrentPfv()

PcapFileFileVars* PcapFileGetCurrentPfv ( void  )

Definition at line 178 of file source-pcap-file-helper.c.

◆ PcapFileGetFilename()

const char* PcapFileGetFilename ( void  )

Definition at line 168 of file source-pcap-file-helper.c.

References pcap_filename.

Referenced by OutputJSONBuffer(), and OutputJsonBuilderBuffer().

Here is the caller graph for this function:

◆ PcapFileInstallCaptureHooks()

void PcapFileInstallCaptureHooks ( void  )

Definition at line 434 of file source-pcap-file-helper.c.

References CaptureHooksSet().

Referenced by PcapFileGlobalInit().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ PcapFileParseDeleteMode()

PcapFileDeleteMode PcapFileParseDeleteMode ( void  )

Definition at line 439 of file source-pcap-file-helper.c.

References PCAP_FILE_DELETE_ALWAYS, PCAP_FILE_DELETE_NON_ALERTS, PCAP_FILE_DELETE_NONE, SCConfGet(), and SCConfGetBool().

Here is the call graph for this function:

◆ PcapFileReleasePseudoPacket()

void PcapFileReleasePseudoPacket ( Packet p)

Definition at line 53 of file source-pcap-file-helper.c.

References PcapFileFileVars_::cleanup_requested, CleanupPcapFileFileVars(), PacketFreeOrRelease(), Packet_::pcap_v, PcapPacketVars_::pfv, and SC_ATOMIC_SUB.

Here is the call graph for this function:

◆ PcapFileSetCurrentPfv()

void PcapFileSetCurrentPfv ( PcapFileFileVars pfv)

Definition at line 173 of file source-pcap-file-helper.c.

Referenced by PcapFileDispatch().

Here is the caller graph for this function:

◆ PcapFileShouldDeletePcapFile()

bool PcapFileShouldDeletePcapFile ( PcapFileFileVars pfv)

Definition at line 358 of file source-pcap-file-helper.c.

References PcapFileSharedVars_::delete_mode, PcapFileFileVars_::filename, PCAP_FILE_DELETE_ALWAYS, PCAP_FILE_DELETE_NONE, SC_ATOMIC_GET, SCLogDebug, and PcapFileFileVars_::shared.

Referenced by CleanupPcapFileFileVars().

Here is the caller graph for this function:

◆ SourcePcapFileHelperRegisterTests()

void SourcePcapFileHelperRegisterTests ( void  )

Register unit tests for pcap file helper.

Definition at line 1022 of file source-pcap-file-helper.c.

References UtRegisterTest().

Here is the call graph for this function:

◆ ValidateLinkType()

TmEcode ValidateLinkType ( int  datalink,
DecoderFunc decoder 
)

Determine if a datalink type is valid, setting a decoder function if valid.

Parameters
datalinkDatalink type to validate
decoderPointer to decoder to set if valid
Returns
TM_ECODE_OK if valid datalink type and decoder has been set.

Definition at line 320 of file source-pcap-file-helper.c.

References DecodeCHDLC(), DecodeEthernet(), DecodeNull(), DecodePPP(), DecodeRaw(), DecodeSll(), DecodeSll2(), LINKTYPE_CISCO_HDLC, LINKTYPE_ETHERNET, LINKTYPE_GRE_OVER_IP, LINKTYPE_IPV4, LINKTYPE_IPV6, LINKTYPE_LINUX_SLL, LINKTYPE_LINUX_SLL2, LINKTYPE_NULL, LINKTYPE_PPP, LINKTYPE_RAW, LINKTYPE_RAW2, SCLogError, SCReturnInt, TM_ECODE_FAILED, and TM_ECODE_OK.

Here is the call graph for this function: