[people/ms/suricata.git] / src / source-pcap-file-helper.h

/* Copyright (C) 2007-2020 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

/**
 * \file
 *
 * \author Danny Browning <danny.browning@protectwise.com>
 */

#include "suricata-common.h"
#include "tm-threads.h"

#ifndef __SOURCE_PCAP_FILE_HELPER_H__
#define __SOURCE_PCAP_FILE_HELPER_H__

typedef struct PcapFileGlobalVars_ {
    uint64_t cnt; /** packet counter */
    ChecksumValidationMode conf_checksum_mode;
    ChecksumValidationMode checksum_mode;
    SC_ATOMIC_DECLARE(unsigned int, invalid_checksums);
} PcapFileGlobalVars;

/**
 * Data that is shared amongst File, Directory, and Thread level vars
 */
typedef struct PcapFileSharedVars_
{
    char *bpf_string;

    uint32_t tenant_id;

    struct timespec last_processed;

    bool should_delete;

    ThreadVars *tv;
    TmSlot *slot;

    /* counters */
    uint64_t pkts;
    uint64_t bytes;
    uint64_t files;

    uint8_t done;
    uint32_t errs;

    /** callback result -- set if one of the thread module failed. */
    int cb_result;
} PcapFileSharedVars;

/**
 * Data specific to a single pcap file
 */
typedef struct PcapFileFileVars_
{
    char *filename;
    pcap_t *pcap_handle;

    int datalink;
    struct bpf_program filter;

    PcapFileSharedVars *shared;

    /* fields used to get the first packet's timestamp early,
     * so it can be used to setup the time subsys. */
    const u_char *first_pkt_data;
    struct pcap_pkthdr *first_pkt_hdr;
    struct timeval first_pkt_ts;
} PcapFileFileVars;

/**
 * Dispatch a file for processing, where the information necessary to process that
 * file is as PcapFileFileVars object.
 * @param ptv PcapFileFileVars object to be processed
 * @return
 */
TmEcode PcapFileDispatch(PcapFileFileVars *ptv);

/**
 * From a PcapFileFileVars, prepare the filename for processing by setting
 * pcap_handle, datalink, and filter
 * @param pfv PcapFileFileVars object to populate
 * @return
 */
TmEcode InitPcapFile(PcapFileFileVars *pfv);

/**
 * Cleanup resources associated with a PcapFileFileVars object.
 * @param pfv Object to be cleaned up
 */
void CleanupPcapFileFileVars(PcapFileFileVars *pfv);

/**
 * Determine if a datalink type is valid, setting a decoder function if valid.
 * @param datalink Datalink type to validate
 * @param decoder Pointer to decoder to set if valid
 * @return TM_ECODE_OK if valid datalink type and decoder has been set.
 */
TmEcode ValidateLinkType(int datalink, DecoderFunc *decoder);

#endif /* __SOURCE_PCAP_FILE_HELPER_H__ */
Commit	Line	Data
ae413793	1	/* Copyright (C) 2007-2020 Open Information Security Foundation
3ab91208 DH	2	*
	3	* You can copy, redistribute or modify this Program under the terms of
	4	* the GNU General Public License version 2 as published by the Free
	5	* Software Foundation.
	6	*
	7	* This program is distributed in the hope that it will be useful,
	8	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	9	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	10	* GNU General Public License for more details.
	11	*
	12	* You should have received a copy of the GNU General Public License
	13	* version 2 along with this program; if not, write to the Free Software
	14	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
	15	* 02110-1301, USA.
	16	*/
	17
	18	/**
	19	* \file
	20	*
	21	* \author Danny Browning <danny.browning@protectwise.com>
	22	*/
	23
	24	#include "suricata-common.h"
	25	#include "tm-threads.h"
	26
	27	#ifndef __SOURCE_PCAP_FILE_HELPER_H__
	28	#define __SOURCE_PCAP_FILE_HELPER_H__
	29
	30	typedef struct PcapFileGlobalVars_ {
	31	uint64_t cnt; /** packet counter */
	32	ChecksumValidationMode conf_checksum_mode;
	33	ChecksumValidationMode checksum_mode;
	34	SC_ATOMIC_DECLARE(unsigned int, invalid_checksums);
	35	} PcapFileGlobalVars;
	36
	37	/**
	38	* Data that is shared amongst File, Directory, and Thread level vars
	39	*/
	40	typedef struct PcapFileSharedVars_
	41	{
	42	char *bpf_string;
	43
	44	uint32_t tenant_id;
	45
	46	struct timespec last_processed;
	47
2dc6b6ee DB	48	bool should_delete;
2dc6b6ee DB	49
3ab91208 DH	50	ThreadVars *tv;
	51	TmSlot *slot;
	52
	53	/* counters */
	54	uint64_t pkts;
	55	uint64_t bytes;
	56	uint64_t files;
	57
	58	uint8_t done;
	59	uint32_t errs;
	60
	61	/** callback result -- set if one of the thread module failed. */
	62	int cb_result;
	63	} PcapFileSharedVars;
	64
	65	/**
	66	* Data specific to a single pcap file
	67	*/
	68	typedef struct PcapFileFileVars_
	69	{
	70	char *filename;
	71	pcap_t *pcap_handle;
	72
	73	int datalink;
	74	struct bpf_program filter;
	75
	76	PcapFileSharedVars *shared;
ae413793	77
f6c77dcd	78	/* fields used to get the first packet's timestamp early,
ae413793 VJ	79	* so it can be used to setup the time subsys. */
	80	const u_char *first_pkt_data;
	81	struct pcap_pkthdr *first_pkt_hdr;
	82	struct timeval first_pkt_ts;
3ab91208 DH	83	} PcapFileFileVars;
3ab91208 DH	84
3ab91208 DH	85	/**
	86	* Dispatch a file for processing, where the information necessary to process that
	87	* file is as PcapFileFileVars object.
	88	* @param ptv PcapFileFileVars object to be processed
	89	* @return
	90	*/
	91	TmEcode PcapFileDispatch(PcapFileFileVars *ptv);
	92
	93	/**
	94	* From a PcapFileFileVars, prepare the filename for processing by setting
	95	* pcap_handle, datalink, and filter
	96	* @param pfv PcapFileFileVars object to populate
	97	* @return
	98	*/
	99	TmEcode InitPcapFile(PcapFileFileVars *pfv);
	100
	101	/**
	102	* Cleanup resources associated with a PcapFileFileVars object.
	103	* @param pfv Object to be cleaned up
	104	*/
	105	void CleanupPcapFileFileVars(PcapFileFileVars *pfv);
	106
	107	/**
	108	* Determine if a datalink type is valid, setting a decoder function if valid.
	109	* @param datalink Datalink type to validate
	110	* @param decoder Pointer to decoder to set if valid
	111	* @return TM_ECODE_OK if valid datalink type and decoder has been set.
	112	*/
579cc9f0	113	TmEcode ValidateLinkType(int datalink, DecoderFunc *decoder);
3ab91208 DH	114
3ab91208 DH	115	#endif /* __SOURCE_PCAP_FILE_HELPER_H__ */