A tool to run the capture with an input pcap file. More...

#include <stdarg.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
#include <inttypes.h>
#include <libgen.h>
#include <pcap.h>
#include <signal.h>
#include <sqlite3.h>
#include <sys/types.h>
#include <unistd.h>
#include <eloop.h>
#include "capture/capture_service.h"
#include "capture/middlewares/header_middleware/packet_decoder.h"
#include "capture/middlewares/header_middleware/packet_queue.h"
#include "capture/middlewares/header_middleware/sqlite_header.h"
#include "capture/middlewares/protobuf_middleware/protobuf_middleware.h"
#include "utils/attributes.h"
#include "utils/os.h"
#include "utils/sqliteu.h"
#include "version.h"

Include dependency graph for edgesec-recap.c:

Data Structures
struct	pcap_pkthdr32

struct	recap_context

Macros
#define	PCAP_MAGIC_VALUE 0xa1b2c3d4

#define	QUEUE_PROCESS_INTERVAL 100 * 1000

#define	PCAP_READ_INTERVAL 10

#define	PCAP_READ_SIZE 1024

#define	IFNAME_DEFAULT "ifname"

#define	OPT_STRING ":p:f:i:tnkdhv"

#define	USAGE_STRING

#define	DESCRIPTION_STRING

Enumerations
enum	PCAP_FILE_STATE { PCAP_FILE_STATE_INIT = 0 , PCAP_FILE_STATE_READ_PCAP_HEADER , PCAP_FILE_STATE_READ_PKT_HEADER , PCAP_FILE_STATE_READ_PACKET , PCAP_FILE_STATE_FIN }

Functions
void	show_app_version (void)

void	show_app_help (char *app_name)

	PRINTF_FORMAT (1, 2)

void	process_app_options (int argc, char argv[], uint8_t verbosity, char pcap_path, char out_path, char *ifname, bool pipe, bool capture, bool transaction)

ssize_t	read_pcap_stream_fd (struct recap_context pctx, size_t len, char *data)

ssize_t	read_pcap (struct recap_context *pctx, size_t len)

int	process_file_header_state (struct recap_context *pctx)

int	process_pkt_header_state (struct recap_context *pctx)

void	get_packet_header (struct recap_context pctx, struct pcap_pkthdr header)

int	save_sqlite_tuple_packet (sqlite3 db, struct tuple_packet p)

int	save_sqlite_packet (sqlite3 db, UT_array packets)

int	save_packet_array (struct recap_context pctx, UT_array packets)

int	save_tuple_packet (struct recap_context pctx, struct tuple_packet p)

int	save_decoded_packet (const char ltype, const struct pcap_pkthdr header, const uint8_t packet, char ifname, struct recap_context *pctx)

int	save_raw_packet (struct recap_context *pctx)

int	process_pkt_read_state (struct recap_context *pctx)

int	process_file_stream_state (struct recap_context *pctx)

int	process_file_stream (const char pcap_path, struct recap_context pctx)

void	add_packet_queue (UT_array packets, struct packet_queue queue)

void	pcap_callback (const void ctx, const void pcap_ctx, char ltype, struct pcap_pkthdr header, uint8_t *packet)
	Callback for pcap packet module. More...

void	eloop_read_fd_handler (int sock, void eloop_ctx, void sock_ctx)

void	save_packets_from_queue (struct recap_context *pctx)

void	eloop_tout_header_handler (void eloop_ctx, void user_ctx)

int	process_pcap_capture (struct recap_context *pctx)

int	main (int argc, char *argv[])

Variables
struct pcap_pkthdr32	STRUCT_PACKED

Detailed Description

A tool to run the capture with an input pcap file.

Author: Alexandru Mereacre

Date: 2022

Copyright: SPDX-FileCopyrightText: © 2020 NQMCyber Ltd and edgesec contributors SPDX-License-Identifier: LGPL-3.0-or-later

Macro Definition Documentation

◆ DESCRIPTION_STRING

#define DESCRIPTION_STRING

Value:

"\nRun capture on an input pcap file, stdin or libpcap and output to a " \

"capture db or pipe.\n"

◆ IFNAME_DEFAULT

#define IFNAME_DEFAULT "ifname"

◆ OPT_STRING

#define OPT_STRING ":p:f:i:tnkdhv"

◆ PCAP_MAGIC_VALUE

#define PCAP_MAGIC_VALUE 0xa1b2c3d4

◆ PCAP_READ_INTERVAL

#define PCAP_READ_INTERVAL 10

◆ PCAP_READ_SIZE

#define PCAP_READ_SIZE 1024

◆ QUEUE_PROCESS_INTERVAL

#define QUEUE_PROCESS_INTERVAL 100 * 1000

◆ USAGE_STRING

#define USAGE_STRING

Value:

"\t%s [-p filename] [-f filename] [-i interface] [-t] [-n] [-k] [-d] [-h] " \

"[-v]\n"

Enumeration Type Documentation

◆ PCAP_FILE_STATE

enum PCAP_FILE_STATE

Enumerator
PCAP_FILE_STATE_INIT
PCAP_FILE_STATE_READ_PCAP_HEADER
PCAP_FILE_STATE_READ_PKT_HEADER
PCAP_FILE_STATE_READ_PACKET
PCAP_FILE_STATE_FIN

Function Documentation

◆ add_packet_queue()

void add_packet_queue	(	UT_array *	packets,
		struct packet_queue *	queue
	)

◆ eloop_read_fd_handler()

void eloop_read_fd_handler	(	int	sock,
		void *	eloop_ctx,
		void *	sock_ctx
	)

◆ eloop_tout_header_handler()

void eloop_tout_header_handler	(	void *	eloop_ctx,
		void *	user_ctx
	)

◆ get_packet_header()

void get_packet_header	(	struct recap_context *	pctx,
		struct pcap_pkthdr *	header
	)

◆ main()

int main	(	int	argc,
		char *	argv[]
	)

◆ pcap_callback()

void pcap_callback	(	const void *	ctx,
		const void *	pcap_ctx,
		char *	ltype,
		struct pcap_pkthdr *	header,
		uint8_t *	packet
	)

Callback for pcap packet module.

Parameters

ctx	The capture context
pcap_ctx	The pcap context
ltype	The link type
header	pcap header structure
packet	Returned pcap packet

◆ PRINTF_FORMAT()

PRINTF_FORMAT	(	1	,
		2
	)

◆ process_app_options()

void process_app_options	(	int	argc,
		char *	argv[],
		uint8_t *	verbosity,
		char **	pcap_path,
		char **	out_path,
		char **	ifname,
		bool *	pipe,
		bool *	capture,
		bool *	transaction
	)

◆ process_file_header_state()

int process_file_header_state ( struct recap_context * pctx )

◆ process_file_stream()

int process_file_stream	(	const char *	pcap_path,
		struct recap_context *	pctx
	)

◆ process_file_stream_state()

int process_file_stream_state ( struct recap_context * pctx )

◆ process_pcap_capture()

int process_pcap_capture ( struct recap_context * pctx )

◆ process_pkt_header_state()

int process_pkt_header_state ( struct recap_context * pctx )

◆ process_pkt_read_state()

int process_pkt_read_state ( struct recap_context * pctx )

◆ read_pcap()

ssize_t read_pcap	(	struct recap_context *	pctx,
		size_t	len
	)

◆ read_pcap_stream_fd()

ssize_t read_pcap_stream_fd	(	struct recap_context *	pctx,
		size_t	len,
		char **	data
	)

◆ save_decoded_packet()

int save_decoded_packet	(	const char *	ltype,
		const struct pcap_pkthdr *	header,
		const uint8_t *	packet,
		char *	ifname,
		struct recap_context *	pctx
	)

◆ save_packet_array()

int save_packet_array	(	struct recap_context *	pctx,
		UT_array *	packets
	)

◆ save_packets_from_queue()

void save_packets_from_queue ( struct recap_context * pctx )

◆ save_raw_packet()

int save_raw_packet ( struct recap_context * pctx )

◆ save_sqlite_packet()

int save_sqlite_packet	(	sqlite3 *	db,
		UT_array *	packets
	)

◆ save_sqlite_tuple_packet()

int save_sqlite_tuple_packet	(	sqlite3 *	db,
		struct tuple_packet *	p
	)

◆ save_tuple_packet()

int save_tuple_packet	(	struct recap_context *	pctx,
		struct tuple_packet *	p
	)

◆ show_app_help()

void show_app_help ( char * app_name )

◆ show_app_version()

void show_app_version ( void )

Variable Documentation

◆ STRUCT_PACKED

struct pcap_pkthdr32 STRUCT_PACKED

Data Structures

Macros

Enumerations

Functions

Variables