Go to the source code of this file.
Data Structures | |
| struct | PcapFileGlobalVars_ |
| struct | PcapFileSharedVars_ |
| struct | PcapFileFileVars_ |
Typedefs | |
| typedef struct PcapFileGlobalVars_ | PcapFileGlobalVars |
| typedef struct PcapFileSharedVars_ | PcapFileSharedVars |
| typedef struct PcapFileFileVars_ | PcapFileFileVars |
Functions | |
| TmEcode | PcapFileDispatch (PcapFileFileVars *ptv) |
| Main PCAP file reading Loop function. More... | |
| TmEcode | InitPcapFile (PcapFileFileVars *pfv) |
| void | CleanupPcapFileFileVars (PcapFileFileVars *pfv) |
| TmEcode | ValidateLinkType (int datalink, DecoderFunc *decoder) |
Detailed Description
Definition in file source-pcap-file-helper.h.
Typedef Documentation
◆ PcapFileFileVars
| typedef struct PcapFileFileVars_ PcapFileFileVars |
Data specific to a single pcap file
◆ PcapFileGlobalVars
| typedef struct PcapFileGlobalVars_ PcapFileGlobalVars |
◆ PcapFileSharedVars
| typedef struct PcapFileSharedVars_ PcapFileSharedVars |
Data that is shared amongst File, Directory, and Thread level vars
Function Documentation
◆ CleanupPcapFileFileVars()
| void CleanupPcapFileFileVars | ( | PcapFileFileVars * | pfv | ) |
Cleanup resources associated with a PcapFileFileVars object.
- Parameters
-
pfv Object to be cleaned up
Definition at line 36 of file source-pcap-file-helper.c.
References PcapFileFileVars_::filename, PcapFileFileVars_::pcap_handle, SC_ERR_PCAP_FILE_DELETE_FAILED, SCFree, SCLogDebug, SCLogWarning, PcapFileFileVars_::shared, and PcapFileSharedVars_::should_delete.
Referenced by CleanupPcapFileDirectoryVars().
◆ InitPcapFile()
| TmEcode InitPcapFile | ( | PcapFileFileVars * | pfv | ) |
From a PcapFileFileVars, prepare the filename for processing by setting pcap_handle, datalink, and filter
- Parameters
-
pfv PcapFileFileVars object to populate
- Returns
Definition at line 191 of file source-pcap-file-helper.c.
References PcapFileSharedVars_::bpf_string, PcapFileFileVars_::datalink, PcapFileFileVars_::filename, PcapFileFileVars_::filter, PcapFileFileVars_::pcap_handle, SC_ERR_BPF, SC_ERR_FOPEN, SC_ERR_INVALID_ARGUMENT, SCLogDebug, SCLogError, SCLogInfo, SCReturnInt, PcapFileFileVars_::shared, TM_ECODE_FAILED, and unlikely.
◆ PcapFileDispatch()
| TmEcode PcapFileDispatch | ( | PcapFileFileVars * | ptv | ) |
Main PCAP file reading Loop function.
Dispatch a file for processing, where the information necessary to process that file is as PcapFileFileVars object.
- Parameters
-
ptv PcapFileFileVars object to be processed
- Returns
Definition at line 119 of file source-pcap-file-helper.c.
References PcapFileFileVars_::first_pkt_hdr, PcapFileFileVars_::first_pkt_ts, likely, SCEnter, and TmThreadsInitThreadsTimestamp().
◆ ValidateLinkType()
| TmEcode ValidateLinkType | ( | int | datalink, |
| DecoderFunc * | decoder | ||
| ) |
Determine if a datalink type is valid, setting a decoder function if valid.
- Parameters
-
datalink Datalink type to validate decoder Pointer to decoder to set if valid
- Returns
- TM_ECODE_OK if valid datalink type and decoder has been set.
Definition at line 235 of file source-pcap-file-helper.c.
References DecodeCHDLC(), DecodeEthernet(), DecodeNull(), DecodePPP(), DecodeRaw(), DecodeSll(), LINKTYPE_CISCO_HDLC, LINKTYPE_ETHERNET, LINKTYPE_GRE_OVER_IP, LINKTYPE_IPV4, LINKTYPE_LINUX_SLL, LINKTYPE_NULL, LINKTYPE_PPP, LINKTYPE_RAW, LINKTYPE_RAW2, SC_ERR_UNIMPLEMENTED, SCLogError, SCReturnInt, TM_ECODE_FAILED, and TM_ECODE_OK.
