suricata
Data Structures | Typedefs | Functions
source-pcap-file-helper.h File Reference
#include "suricata-common.h"
#include "tm-threads.h"
Include dependency graph for source-pcap-file-helper.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  PcapFileGlobalVars_
 
struct  PcapFileSharedVars_
 
struct  PcapFileFileVars_
 

Typedefs

typedef struct PcapFileGlobalVars_ PcapFileGlobalVars
 
typedef struct PcapFileSharedVars_ PcapFileSharedVars
 
typedef struct PcapFileFileVars_ PcapFileFileVars
 

Functions

TmEcode PcapFileDispatch (PcapFileFileVars *ptv)
 Main PCAP file reading Loop function. More...
 
TmEcode InitPcapFile (PcapFileFileVars *pfv)
 
void CleanupPcapFileFileVars (PcapFileFileVars *pfv)
 
TmEcode ValidateLinkType (int datalink, DecoderFunc *decoder)
 
const char * PcapFileGetFilename (void)
 

Detailed Description

Author
Danny Browning danny.nosp@m..bro.nosp@m.wning.nosp@m.@pro.nosp@m.tectw.nosp@m.ise..nosp@m.com

Definition in file source-pcap-file-helper.h.

Typedef Documentation

◆ PcapFileFileVars

typedef struct PcapFileFileVars_ PcapFileFileVars

Data specific to a single pcap file

◆ PcapFileGlobalVars

typedef struct PcapFileGlobalVars_ PcapFileGlobalVars

◆ PcapFileSharedVars

typedef struct PcapFileSharedVars_ PcapFileSharedVars

Data that is shared amongst File, Directory, and Thread level vars

Function Documentation

◆ CleanupPcapFileFileVars()

void CleanupPcapFileFileVars ( PcapFileFileVars pfv)

Cleanup resources associated with a PcapFileFileVars object.

Parameters
pfvObject to be cleaned up

Definition at line 39 of file source-pcap-file-helper.c.

References PcapFileFileVars_::filename, PcapFileFileVars_::pcap_handle, SC_ERR_PCAP_FILE_DELETE_FAILED, SCFree, SCLogDebug, SCLogWarning, PcapFileFileVars_::shared, and PcapFileSharedVars_::should_delete.

Referenced by CleanupPcapFileDirectoryVars().

Here is the caller graph for this function:

◆ InitPcapFile()

TmEcode InitPcapFile ( PcapFileFileVars pfv)

From a PcapFileFileVars, prepare the filename for processing by setting pcap_handle, datalink, and filter

Parameters
pfvPcapFileFileVars object to populate
Returns

Definition at line 200 of file source-pcap-file-helper.c.

References PcapFileSharedVars_::bpf_string, PcapFileFileVars_::datalink, DatalinkSetGlobalType(), PcapFileFileVars_::filename, PcapFileFileVars_::filter, PcapFileFileVars_::pcap_handle, SC_ERR_BPF, SC_ERR_FOPEN, SC_ERR_INVALID_ARGUMENT, SCLogDebug, SCLogError, SCLogInfo, SCReturnInt, PcapFileFileVars_::shared, TM_ECODE_FAILED, and unlikely.

Here is the call graph for this function:

◆ PcapFileDispatch()

TmEcode PcapFileDispatch ( PcapFileFileVars ptv)

Main PCAP file reading Loop function.

Dispatch a file for processing, where the information necessary to process that file is as PcapFileFileVars object.

Parameters
ptvPcapFileFileVars object to be processed
Returns

Definition at line 128 of file source-pcap-file-helper.c.

References PcapFileFileVars_::first_pkt_hdr, PcapFileFileVars_::first_pkt_ts, likely, SCEnter, and TmThreadsInitThreadsTimestamp().

Here is the call graph for this function:

◆ PcapFileGetFilename()

const char* PcapFileGetFilename ( void  )

Definition at line 120 of file source-pcap-file-helper.c.

References pcap_filename.

Referenced by OutputJSONBuffer(), and OutputJsonBuilderBuffer().

Here is the caller graph for this function:

◆ ValidateLinkType()

TmEcode ValidateLinkType ( int  datalink,
DecoderFunc decoder 
)

Determine if a datalink type is valid, setting a decoder function if valid.

Parameters
datalinkDatalink type to validate
decoderPointer to decoder to set if valid
Returns
TM_ECODE_OK if valid datalink type and decoder has been set.

Definition at line 245 of file source-pcap-file-helper.c.

References DecodeCHDLC(), DecodeEthernet(), DecodeNull(), DecodePPP(), DecodeRaw(), DecodeSll(), LINKTYPE_CISCO_HDLC, LINKTYPE_ETHERNET, LINKTYPE_GRE_OVER_IP, LINKTYPE_IPV4, LINKTYPE_LINUX_SLL, LINKTYPE_NULL, LINKTYPE_PPP, LINKTYPE_RAW, LINKTYPE_RAW2, SC_ERR_UNIMPLEMENTED, SCLogError, SCReturnInt, TM_ECODE_FAILED, and TM_ECODE_OK.

Here is the call graph for this function: