File containing the implementation of the pcap middleware utilities. More...

#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <libgen.h>
#include <sqlite3.h>
#include <string.h>
#include "pcap_middleware.h"
#include "pcap_queue.h"
#include "sqlite_pcap.h"
#include <eloop.h>
#include "../../../utils/allocs.h"
#include "../../../utils/log.h"
#include "../../../utils/os.h"
#include "../../../utils/squeue.h"
#include "../../pcap_service.h"

Include dependency graph for pcap_middleware.c:

Data Structures
struct	pcap_middleware_context

Macros
#define	PCAP_SUBFOLDER_NAME

#define	PCAP_EXTENSION ".pcap"

#define	PCAP_PROCESS_INTERVAL 10 * 1000

#define	MAX_PCAP_FILE_NAME_LENGTH MAX_RANDOM_UUID_LEN + ARRAY_SIZE(PCAP_EXTENSION)

Functions
int	get_pcap_folder_path (char capture_db_path, char pcap_path)
	Return the pcap folder path. More...

void	construct_pcap_file_name (char *file_name)

int	save_pcap_file_data (struct middleware_context context, struct pcap_pkthdr header, uint8_t *packet)

void	eloop_tout_pcap_handler (void eloop_ctx, void user_ctx)

void	free_pcap_middleware (struct middleware_context *context)

struct middleware_context *	init_pcap_middleware (sqlite3 db, char db_path, struct eloop_data eloop, struct pcap_context pc, char *params)

int	process_pcap_middleware (struct middleware_context context, const char ltype, struct pcap_pkthdr header, uint8_t packet, char *ifname)

Variables
struct capture_middleware	pcap_middleware
	PCAP Capture Middleware. The PCAP capture middleware stores the full PCAP data from captured middlewares. Because this is a lot of data, we recommended using the cleaner_middleware too, to automatically cleanup/delete old PCAP files. More...

Detailed Description

File containing the implementation of the pcap middleware utilities.

Author: Alexandru Mereacre

Date: 2021

Copyright: SPDX-FileCopyrightText: © 2021 NQMCyber Ltd and edgesec contributors SPDX-License-Identifier: LGPL-3.0-or-later

Macro Definition Documentation

◆ MAX_PCAP_FILE_NAME_LENGTH

#define MAX_PCAP_FILE_NAME_LENGTH MAX_RANDOM_UUID_LEN + ARRAY_SIZE(PCAP_EXTENSION)

◆ PCAP_EXTENSION

#define PCAP_EXTENSION ".pcap"

◆ PCAP_PROCESS_INTERVAL

#define PCAP_PROCESS_INTERVAL 10 * 1000

◆ PCAP_SUBFOLDER_NAME

#define PCAP_SUBFOLDER_NAME

Value:

"./capture" /* Subfodler name to store raw pcap data \

*/

Function Documentation

◆ construct_pcap_file_name()

void construct_pcap_file_name ( char * file_name )

◆ eloop_tout_pcap_handler()

void eloop_tout_pcap_handler	(	void *	eloop_ctx,
		void *	user_ctx
	)

◆ free_pcap_middleware()

void free_pcap_middleware ( struct middleware_context * context )

◆ get_pcap_folder_path()

int get_pcap_folder_path	(	char *	capture_db_path,
		char *	pcap_path
	)

Return the pcap folder path.

Parameters

capture_db_path	The capture db path
pcap_path	The returned pcap folder path

Returns: int 0 on success, -1 on failure

◆ init_pcap_middleware()

struct middleware_context* init_pcap_middleware	(	sqlite3 *	db,
		char *	db_path,
		struct eloop_data *	eloop,
		struct pcap_context *	pc,
		char *	params
	)

◆ process_pcap_middleware()

int process_pcap_middleware	(	struct middleware_context *	context,
		const char *	ltype,
		struct pcap_pkthdr *	header,
		uint8_t *	packet,
		char *	ifname
	)

◆ save_pcap_file_data()

int save_pcap_file_data	(	struct middleware_context *	context,
		struct pcap_pkthdr *	header,
		uint8_t *	packet
	)

Variable Documentation

◆ pcap_middleware

struct capture_middleware pcap_middleware

Initial value:

= {
    .init = init_pcap_middleware,
    .process = process_pcap_middleware,
    .free = free_pcap_middleware,
    .name = "pcap middleware",
}

PCAP Capture Middleware. The PCAP capture middleware stores the full PCAP data from captured middlewares. Because this is a lot of data, we recommended using the cleaner_middleware too, to automatically cleanup/delete old PCAP files.

Authors: Alexandru Mereacre, Alois Klink

Data Structures

Macros

Functions

Variables