[people/ms/suricata.git] / src / source-pcap-file.c

/* Copyright (c) 2009 Victor Julien <victor@inliniac.net> */

/* TODO
 *
 *
 *
 */

#if LIBPCAP_VERSION_MAJOR == 1
#include <pcap/pcap.h>
#else
#include <pcap.h>
#endif /* LIBPCAP_VERSION_MAJOR */

#include "suricata-common.h"
#include "suricata.h"
#include "decode.h"
#include "packet-queue.h"
#include "threads.h"
#include "threadvars.h"
#include "tm-queuehandlers.h"
#include "tm-modules.h"
#include "source-pcap-file.h"
#include "util-time.h"
#include "util-debug.h"
#include "conf.h"
#include "util-error.h"
#include "util-privs.h"

extern int max_pending_packets;

typedef struct PcapFileGlobalVars_ {
    pcap_t *pcap_handle;
    void (*Decoder)(ThreadVars *, DecodeThreadVars *, Packet *, u_int8_t *, u_int16_t, PacketQueue *);
    int datalink;
    struct bpf_program filter;
} PcapFileGlobalVars;

typedef struct PcapFileThreadVars_
{
    /* counters */
    uint32_t pkts;
    uint64_t bytes;
    uint32_t errs;

    ThreadVars *tv;

    Packet *in_p;
} PcapFileThreadVars;

static PcapFileGlobalVars pcap_g;

TmEcode ReceivePcapFile(ThreadVars *, Packet *, void *, PacketQueue *);
TmEcode ReceivePcapFileThreadInit(ThreadVars *, void *, void **);
void ReceivePcapFileThreadExitStats(ThreadVars *, void *);
TmEcode ReceivePcapFileThreadDeinit(ThreadVars *, void *);

TmEcode DecodePcapFile(ThreadVars *, Packet *, void *, PacketQueue *);
TmEcode DecodePcapFileThreadInit(ThreadVars *, void *, void **);

void TmModuleReceivePcapFileRegister (void) {
    memset(&pcap_g, 0x00, sizeof(pcap_g));

    tmm_modules[TMM_RECEIVEPCAPFILE].name = "ReceivePcapFile";
    tmm_modules[TMM_RECEIVEPCAPFILE].ThreadInit = ReceivePcapFileThreadInit;
    tmm_modules[TMM_RECEIVEPCAPFILE].Func = ReceivePcapFile;
    tmm_modules[TMM_RECEIVEPCAPFILE].ThreadExitPrintStats = ReceivePcapFileThreadExitStats;
    tmm_modules[TMM_RECEIVEPCAPFILE].ThreadDeinit = NULL;
    tmm_modules[TMM_RECEIVEPCAPFILE].RegisterTests = NULL;
    tmm_modules[TMM_RECEIVEPCAPFILE].cap_flags = 0;
}

void TmModuleDecodePcapFileRegister (void) {
    tmm_modules[TMM_DECODEPCAPFILE].name = "DecodePcapFile";
    tmm_modules[TMM_DECODEPCAPFILE].ThreadInit = DecodePcapFileThreadInit;
    tmm_modules[TMM_DECODEPCAPFILE].Func = DecodePcapFile;
    tmm_modules[TMM_DECODEPCAPFILE].ThreadExitPrintStats = NULL;
    tmm_modules[TMM_DECODEPCAPFILE].ThreadDeinit = NULL;
    tmm_modules[TMM_DECODEPCAPFILE].RegisterTests = NULL;
    tmm_modules[TMM_DECODEPCAPFILE].cap_flags = 0;
}

void PcapFileCallback(char *user, struct pcap_pkthdr *h, u_char *pkt) {
    SCEnter();

    PcapFileThreadVars *ptv = (PcapFileThreadVars *)user;

    SCMutexLock(&mutex_pending);
    if (pending > max_pending_packets) {
        SCondWait(&cond_pending, &mutex_pending);
    }
    SCMutexUnlock(&mutex_pending);

    Packet *p = ptv->in_p;

    p->ts.tv_sec = h->ts.tv_sec;
    p->ts.tv_usec = h->ts.tv_usec;
    SCLogDebug("p->ts.tv_sec %"PRIuMAX"", (uintmax_t)p->ts.tv_sec);
    TimeSet(&p->ts);
    p->datalink = pcap_g.datalink;

    ptv->pkts++;
    ptv->bytes += h->caplen;

    p->pktlen = h->caplen;
    memcpy(p->pkt, pkt, p->pktlen);
    //printf("PcapFileCallback: p->pktlen: %" PRIu32 " (pkt %02x, p->pkt %02x)\n", p->pktlen, *pkt, *p->pkt);

    SCReturn;
}

/**
 *  \brief Main PCAP file reading function
 */
TmEcode ReceivePcapFile(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq) {
    SCEnter();

    PcapFileThreadVars *ptv = (PcapFileThreadVars *)data;
    ptv->in_p = p;

    /* Right now we just support reading packets one at a time. */
    int r = pcap_dispatch(pcap_g.pcap_handle, 1,
            (pcap_handler)PcapFileCallback, (u_char *)ptv);
    if (r < 0) {
        SCLogError(SC_ERR_PCAP_DISPATCH, "error code %" PRId32 " %s",
                r, pcap_geterr(pcap_g.pcap_handle));

        EngineStop();
        SCReturnInt(TM_ECODE_FAILED);
    } else if (r == 0) {
        SCLogInfo("pcap file end of file reached (pcap err code %" PRId32 ")", r);

        EngineStop();
        SCReturnInt(TM_ECODE_FAILED);
    }

    SCReturnInt(TM_ECODE_OK);
}

TmEcode ReceivePcapFileThreadInit(ThreadVars *tv, void *initdata, void **data) {
    SCEnter();
    char *tmpbpfstring = NULL;
    if (initdata == NULL) {
        SCLogError(SC_ERR_INVALID_ARGUMENT, "error: initdata == NULL");
        SCReturnInt(TM_ECODE_FAILED);
    }

    SCLogInfo("reading pcap file %s", (char *)initdata);

    PcapFileThreadVars *ptv = SCMalloc(sizeof(PcapFileThreadVars));
    if (ptv == NULL) {
        SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory for PcapFileThreadVars");
        SCReturnInt(TM_ECODE_FAILED);
    }
    memset(ptv, 0, sizeof(PcapFileThreadVars));

    char errbuf[PCAP_ERRBUF_SIZE] = "";
    pcap_g.pcap_handle = pcap_open_offline((char *)initdata, errbuf);
    if (pcap_g.pcap_handle == NULL) {
        SCLogError(SC_ERR_FOPEN, "%s\n", errbuf);
        SCFree(ptv);
        exit(EXIT_FAILURE);
    }

    if (ConfGet("bpf-filter", &tmpbpfstring) != 1) {
        SCLogDebug("could not get bpf or none specified");
    } else {
        SCLogInfo("using bpf-filter \"%s\"", tmpbpfstring);

        if(pcap_compile(pcap_g.pcap_handle,&pcap_g.filter,tmpbpfstring,1,0) < 0) {
            SCLogError(SC_ERR_BPF,"bpf compilation error %s",pcap_geterr(pcap_g.pcap_handle));
            SCFree(ptv);
            return TM_ECODE_FAILED;
        }

        if(pcap_setfilter(pcap_g.pcap_handle,&pcap_g.filter) < 0) {
            SCLogError(SC_ERR_BPF,"could not set bpf filter %s",pcap_geterr(pcap_g.pcap_handle));
            SCFree(ptv);
            return TM_ECODE_FAILED;
        }
    }

    pcap_g.datalink = pcap_datalink(pcap_g.pcap_handle);
    SCLogDebug("datalink %" PRId32 "", pcap_g.datalink);

    switch(pcap_g.datalink)	{
        case LINKTYPE_LINUX_SLL:
            pcap_g.Decoder = DecodeSll;
            break;
        case LINKTYPE_ETHERNET:
            pcap_g.Decoder = DecodeEthernet;
            break;
        case LINKTYPE_PPP:
            pcap_g.Decoder = DecodePPP;
            break;
        case LINKTYPE_RAW:
            pcap_g.Decoder = DecodeRaw;
            break;

        default:
            SCLogError(SC_ERR_UNIMPLEMENTED, "datalink type %" PRId32 " not "
                      "(yet) supported in module PcapFile.\n", pcap_g.datalink);
            SCFree(ptv);
            SCReturnInt(TM_ECODE_FAILED);
    }

    ptv->tv = tv;
    *data = (void *)ptv;
    SCReturnInt(TM_ECODE_OK);
}

void ReceivePcapFileThreadExitStats(ThreadVars *tv, void *data) {
    SCEnter();
    PcapFileThreadVars *ptv = (PcapFileThreadVars *)data;

    SCLogInfo(" - (%s) Packets %" PRIu32 ", bytes %" PRIu64 ".", tv->name, ptv->pkts, ptv->bytes);
    return;
}

TmEcode ReceivePcapFileThreadDeinit(ThreadVars *tv, void *data) {
    SCEnter();
    SCReturnInt(TM_ECODE_OK);
}

TmEcode DecodePcapFile(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq)
{
    SCEnter();
    DecodeThreadVars *dtv = (DecodeThreadVars *)data;

    /* update counters */
    SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);
    SCPerfCounterIncr(dtv->counter_pkts_per_sec, tv->sc_perf_pca);

    SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, p->pktlen);
    SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, p->pktlen);
    SCPerfCounterAddDouble(dtv->counter_mbit_per_sec, tv->sc_perf_pca,
                           (p->pktlen * 8)/1000000.0 );

    SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, p->pktlen);
    SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, p->pktlen);

    /* call the decoder */
    pcap_g.Decoder(tv, dtv, p, p->pkt, p->pktlen, pq);

    SCReturnInt(TM_ECODE_OK);
}

TmEcode DecodePcapFileThreadInit(ThreadVars *tv, void *initdata, void **data)
{
    SCEnter();
    DecodeThreadVars *dtv = NULL;

    if ( (dtv = SCMalloc(sizeof(DecodeThreadVars))) == NULL) {
        SCLogError(SC_ERR_MEM_ALLOC, "Error Allocating memory for DecodeThreadVars");
        SCReturnInt(TM_ECODE_FAILED);
    }
    memset(dtv, 0, sizeof(DecodeThreadVars));

    DecodeRegisterPerfCounters(dtv, tv);

    *data = (void *)dtv;

    SCReturnInt(TM_ECODE_OK);
}

/* eof */
Commit	Line	Data
9c7f5afa VJ	1	/* Copyright (c) 2009 Victor Julien <victor@inliniac.net> */
	2
	3	/* TODO
	4	*
	5	*
	6	*
	7	*/
	8
af992242	9	#if LIBPCAP_VERSION_MAJOR == 1
9c7f5afa	10	#include <pcap/pcap.h>
af992242 WM	11	#else
af992242 WM	12	#include <pcap.h>
ba46c16a	13	#endif /* LIBPCAP_VERSION_MAJOR */
9c7f5afa	14
ecf86f9c VJ	15	#include "suricata-common.h"
ecf86f9c VJ	16	#include "suricata.h"
9c7f5afa VJ	17	#include "decode.h"
	18	#include "packet-queue.h"
	19	#include "threads.h"
	20	#include "threadvars.h"
	21	#include "tm-queuehandlers.h"
	22	#include "tm-modules.h"
	23	#include "source-pcap-file.h"
	24	#include "util-time.h"
9ececacd	25	#include "util-debug.h"
ba46c16a	26	#include "conf.h"
29d51a61	27	#include "util-error.h"
070ed778	28	#include "util-privs.h"
ba46c16a	29
7142fdb7	30	extern int max_pending_packets;
9c7f5afa VJ	31
	32	typedef struct PcapFileGlobalVars_ {
	33	pcap_t *pcap_handle;
57f71f7e	34	void (Decoder)(ThreadVars , DecodeThreadVars , Packet , u_int8_t , u_int16_t, PacketQueue );
a4fe9718	35	int datalink;
ba46c16a	36	struct bpf_program filter;
9c7f5afa VJ	37	} PcapFileGlobalVars;
	38
	39	typedef struct PcapFileThreadVars_
	40	{
	41	/* counters */
fa5939ca BR	42	uint32_t pkts;
	43	uint64_t bytes;
	44	uint32_t errs;
9c7f5afa VJ	45
9c7f5afa VJ	46	ThreadVars *tv;
c53dfea3 VJ	47
c53dfea3 VJ	48	Packet *in_p;
9c7f5afa VJ	49	} PcapFileThreadVars;
9c7f5afa VJ	50
e0aacac4	51	static PcapFileGlobalVars pcap_g;
9c7f5afa	52
40b8afdd GS	53	TmEcode ReceivePcapFile(ThreadVars , Packet , void , PacketQueue );
40b8afdd GS	54	TmEcode ReceivePcapFileThreadInit(ThreadVars , void , void **);
9c7f5afa	55	void ReceivePcapFileThreadExitStats(ThreadVars , void );
40b8afdd	56	TmEcode ReceivePcapFileThreadDeinit(ThreadVars , void );
9c7f5afa	57
40b8afdd GS	58	TmEcode DecodePcapFile(ThreadVars , Packet , void , PacketQueue );
40b8afdd GS	59	TmEcode DecodePcapFileThreadInit(ThreadVars , void , void **);
9c7f5afa VJ	60
9c7f5afa VJ	61	void TmModuleReceivePcapFileRegister (void) {
e0aacac4 VJ	62	memset(&pcap_g, 0x00, sizeof(pcap_g));
e0aacac4 VJ	63
9c7f5afa	64	tmm_modules[TMM_RECEIVEPCAPFILE].name = "ReceivePcapFile";
a3910884	65	tmm_modules[TMM_RECEIVEPCAPFILE].ThreadInit = ReceivePcapFileThreadInit;
9c7f5afa	66	tmm_modules[TMM_RECEIVEPCAPFILE].Func = ReceivePcapFile;
a3910884 VJ	67	tmm_modules[TMM_RECEIVEPCAPFILE].ThreadExitPrintStats = ReceivePcapFileThreadExitStats;
a3910884 VJ	68	tmm_modules[TMM_RECEIVEPCAPFILE].ThreadDeinit = NULL;
9c7f5afa	69	tmm_modules[TMM_RECEIVEPCAPFILE].RegisterTests = NULL;
070ed778	70	tmm_modules[TMM_RECEIVEPCAPFILE].cap_flags = 0;
9c7f5afa VJ	71	}
	72
	73	void TmModuleDecodePcapFileRegister (void) {
	74	tmm_modules[TMM_DECODEPCAPFILE].name = "DecodePcapFile";
a3910884	75	tmm_modules[TMM_DECODEPCAPFILE].ThreadInit = DecodePcapFileThreadInit;
9c7f5afa	76	tmm_modules[TMM_DECODEPCAPFILE].Func = DecodePcapFile;
a3910884 VJ	77	tmm_modules[TMM_DECODEPCAPFILE].ThreadExitPrintStats = NULL;
a3910884 VJ	78	tmm_modules[TMM_DECODEPCAPFILE].ThreadDeinit = NULL;
9c7f5afa	79	tmm_modules[TMM_DECODEPCAPFILE].RegisterTests = NULL;
070ed778	80	tmm_modules[TMM_DECODEPCAPFILE].cap_flags = 0;
9c7f5afa VJ	81	}
	82
	83	void PcapFileCallback(char user, struct pcap_pkthdr h, u_char *pkt) {
29d51a61	84	SCEnter();
c5e15213	85
9c7f5afa	86	PcapFileThreadVars ptv = (PcapFileThreadVars )user;
9c7f5afa	87
e26833be	88	SCMutexLock(&mutex_pending);
7142fdb7	89	if (pending > max_pending_packets) {
e26833be	90	SCondWait(&cond_pending, &mutex_pending);
9c7f5afa	91	}
e26833be	92	SCMutexUnlock(&mutex_pending);
9c7f5afa	93
c53dfea3	94	Packet *p = ptv->in_p;
9c7f5afa VJ	95
	96	p->ts.tv_sec = h->ts.tv_sec;
	97	p->ts.tv_usec = h->ts.tv_usec;
9ececacd	98	SCLogDebug("p->ts.tv_sec %"PRIuMAX"", (uintmax_t)p->ts.tv_sec);
9c7f5afa	99	TimeSet(&p->ts);
a4fe9718	100	p->datalink = pcap_g.datalink;
9c7f5afa VJ	101
	102	ptv->pkts++;
	103	ptv->bytes += h->caplen;
	104
	105	p->pktlen = h->caplen;
	106	memcpy(p->pkt, pkt, p->pktlen);
fa5939ca	107	//printf("PcapFileCallback: p->pktlen: %" PRIu32 " (pkt %02x, p->pkt %02x)\n", p->pktlen, pkt, p->pkt);
c5e15213 VJ	108
c5e15213 VJ	109	SCReturn;
9c7f5afa VJ	110	}
9c7f5afa VJ	111
c5e15213 VJ	112	/**
	113	* \brief Main PCAP file reading function
	114	*/
40b8afdd	115	TmEcode ReceivePcapFile(ThreadVars tv, Packet p, void data, PacketQueue pq) {
29d51a61	116	SCEnter();
9c7f5afa	117
c5e15213	118	PcapFileThreadVars ptv = (PcapFileThreadVars )data;
c53dfea3 VJ	119	ptv->in_p = p;
c53dfea3 VJ	120
53c9276d	121	/* Right now we just support reading packets one at a time. */
c5e15213 VJ	122	int r = pcap_dispatch(pcap_g.pcap_handle, 1,
c5e15213 VJ	123	(pcap_handler)PcapFileCallback, (u_char *)ptv);
53c9276d	124	if (r < 0) {
c5e15213 VJ	125	SCLogError(SC_ERR_PCAP_DISPATCH, "error code %" PRId32 " %s",
	126	r, pcap_geterr(pcap_g.pcap_handle));
	127
53c9276d	128	EngineStop();
c5e15213	129	SCReturnInt(TM_ECODE_FAILED);
53c9276d	130	} else if (r == 0) {
7dcc1daa	131	SCLogInfo("pcap file end of file reached (pcap err code %" PRId32 ")", r);
c5e15213	132
9c7f5afa	133	EngineStop();
29d51a61	134	SCReturnInt(TM_ECODE_FAILED);
9c7f5afa VJ	135	}
9c7f5afa VJ	136
29d51a61	137	SCReturnInt(TM_ECODE_OK);
9c7f5afa VJ	138	}
9c7f5afa VJ	139
40b8afdd	140	TmEcode ReceivePcapFileThreadInit(ThreadVars tv, void initdata, void **data) {
29d51a61	141	SCEnter();
e0aacac4	142	char *tmpbpfstring = NULL;
9c7f5afa	143	if (initdata == NULL) {
29d51a61 PR	144	SCLogError(SC_ERR_INVALID_ARGUMENT, "error: initdata == NULL");
29d51a61 PR	145	SCReturnInt(TM_ECODE_FAILED);
9c7f5afa VJ	146	}
9c7f5afa VJ	147
e0aacac4 VJ	148	SCLogInfo("reading pcap file %s", (char *)initdata);
e0aacac4 VJ	149
25a3a5c6	150	PcapFileThreadVars *ptv = SCMalloc(sizeof(PcapFileThreadVars));
9c7f5afa	151	if (ptv == NULL) {
29d51a61 PR	152	SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory for PcapFileThreadVars");
29d51a61 PR	153	SCReturnInt(TM_ECODE_FAILED);
9c7f5afa VJ	154	}
	155	memset(ptv, 0, sizeof(PcapFileThreadVars));
	156
8c3d0c05	157	char errbuf[PCAP_ERRBUF_SIZE] = "";
9c7f5afa VJ	158	pcap_g.pcap_handle = pcap_open_offline((char *)initdata, errbuf);
9c7f5afa VJ	159	if (pcap_g.pcap_handle == NULL) {
52936818	160	SCLogError(SC_ERR_FOPEN, "%s\n", errbuf);
25a3a5c6	161	SCFree(ptv);
52936818	162	exit(EXIT_FAILURE);
9c7f5afa VJ	163	}
9c7f5afa VJ	164
ba46c16a	165	if (ConfGet("bpf-filter", &tmpbpfstring) != 1) {
e0aacac4	166	SCLogDebug("could not get bpf or none specified");
ba46c16a	167	} else {
e0aacac4	168	SCLogInfo("using bpf-filter \"%s\"", tmpbpfstring);
ba46c16a WM	169
	170	if(pcap_compile(pcap_g.pcap_handle,&pcap_g.filter,tmpbpfstring,1,0) < 0) {
	171	SCLogError(SC_ERR_BPF,"bpf compilation error %s",pcap_geterr(pcap_g.pcap_handle));
25a3a5c6	172	SCFree(ptv);
e0aacac4	173	return TM_ECODE_FAILED;
ba46c16a WM	174	}
	175
	176	if(pcap_setfilter(pcap_g.pcap_handle,&pcap_g.filter) < 0) {
	177	SCLogError(SC_ERR_BPF,"could not set bpf filter %s",pcap_geterr(pcap_g.pcap_handle));
25a3a5c6	178	SCFree(ptv);
e0aacac4	179	return TM_ECODE_FAILED;
ba46c16a WM	180	}
	181	}
	182
a4fe9718	183	pcap_g.datalink = pcap_datalink(pcap_g.pcap_handle);
e0aacac4 VJ	184	SCLogDebug("datalink %" PRId32 "", pcap_g.datalink);
e0aacac4 VJ	185
a4fe9718	186	switch(pcap_g.datalink) {
dec11038 BS	187	case LINKTYPE_LINUX_SLL:
	188	pcap_g.Decoder = DecodeSll;
	189	break;
	190	case LINKTYPE_ETHERNET:
	191	pcap_g.Decoder = DecodeEthernet;
	192	break;
	193	case LINKTYPE_PPP:
	194	pcap_g.Decoder = DecodePPP;
	195	break;
8a643213 WM	196	case LINKTYPE_RAW:
	197	pcap_g.Decoder = DecodeRaw;
	198	break;
	199
dec11038	200	default:
25a3a5c6 PR	201	SCLogError(SC_ERR_UNIMPLEMENTED, "datalink type %" PRId32 " not "
	202	"(yet) supported in module PcapFile.\n", pcap_g.datalink);
	203	SCFree(ptv);
29d51a61	204	SCReturnInt(TM_ECODE_FAILED);
9c7f5afa VJ	205	}
	206
	207	ptv->tv = tv;
	208	data = (void )ptv;
29d51a61	209	SCReturnInt(TM_ECODE_OK);
9c7f5afa VJ	210	}
	211
	212	void ReceivePcapFileThreadExitStats(ThreadVars tv, void data) {
29d51a61	213	SCEnter();
9c7f5afa VJ	214	PcapFileThreadVars ptv = (PcapFileThreadVars )data;
9c7f5afa VJ	215
53c9276d	216	SCLogInfo(" - (%s) Packets %" PRIu32 ", bytes %" PRIu64 ".", tv->name, ptv->pkts, ptv->bytes);
9c7f5afa VJ	217	return;
	218	}
	219
40b8afdd	220	TmEcode ReceivePcapFileThreadDeinit(ThreadVars tv, void data) {
29d51a61 PR	221	SCEnter();
29d51a61 PR	222	SCReturnInt(TM_ECODE_OK);
9c7f5afa VJ	223	}
9c7f5afa VJ	224
40b8afdd	225	TmEcode DecodePcapFile(ThreadVars tv, Packet p, void data, PacketQueue pq)
d0e70309	226	{
29d51a61	227	SCEnter();
244f5d54 AS	228	DecodeThreadVars dtv = (DecodeThreadVars )data;
244f5d54 AS	229
57f71f7e	230	/* update counters */
ceb7e495	231	SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);
8beef4a9 AS	232	SCPerfCounterIncr(dtv->counter_pkts_per_sec, tv->sc_perf_pca);
8beef4a9 AS	233
ceb7e495	234	SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, p->pktlen);
8beef4a9 AS	235	SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, p->pktlen);
	236	SCPerfCounterAddDouble(dtv->counter_mbit_per_sec, tv->sc_perf_pca,
	237	(p->pktlen * 8)/1000000.0 );
	238
ceb7e495 AS	239	SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, p->pktlen);
ceb7e495 AS	240	SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, p->pktlen);
d0e70309	241
9c7f5afa	242	/* call the decoder */
57f71f7e	243	pcap_g.Decoder(tv, dtv, p, p->pkt, p->pktlen, pq);
244f5d54	244
29d51a61	245	SCReturnInt(TM_ECODE_OK);
9c7f5afa VJ	246	}
9c7f5afa VJ	247
40b8afdd	248	TmEcode DecodePcapFileThreadInit(ThreadVars tv, void initdata, void **data)
d0e70309	249	{
29d51a61	250	SCEnter();
244f5d54 AS	251	DecodeThreadVars *dtv = NULL;
244f5d54 AS	252
25a3a5c6	253	if ( (dtv = SCMalloc(sizeof(DecodeThreadVars))) == NULL) {
29d51a61 PR	254	SCLogError(SC_ERR_MEM_ALLOC, "Error Allocating memory for DecodeThreadVars");
29d51a61 PR	255	SCReturnInt(TM_ECODE_FAILED);
244f5d54 AS	256	}
	257	memset(dtv, 0, sizeof(DecodeThreadVars));
	258
8beef4a9	259	DecodeRegisterPerfCounters(dtv, tv);
244f5d54 AS	260
244f5d54 AS	261	data = (void )dtv;
ceb7e495	262
29d51a61	263	SCReturnInt(TM_ECODE_OK);
d0e70309 AS	264	}
d0e70309 AS	265
9c7f5afa VJ	266	/* eof */
9c7f5afa VJ	267