File containing the definition of the sqlite pcap utilities. More...

#include <stdint.h>
#include <sqlite3.h>
#include "../../../utils/allocs.h"
#include "../../../utils/os.h"
#include "../../../utils/squeue.h"

Include dependency graph for sqlite_pcap.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures
struct	pcap_file_meta

Macros
#define	PCAP_TABLE_NAME "pcap"

#define	PCAP_CREATE_TABLE

#define	PCAP_INSERT_INTO

#define	PCAP_SELECT_FIRST_ENTRY

#define	PCAP_SUM_GROUP

#define	PCAP_SELECT_GROUP

#define	PCAP_DELETE_GROUP

Functions
int	init_sqlite_pcap_db (sqlite3 *db)
	Initialisez the sqlite pcap db tables. More...

int	save_sqlite_pcap_entry (sqlite3 db, char name, uint64_t timestamp, uint32_t caplen, uint32_t length)
	Save a pcap entry into the sqlite db. More...

int	get_first_pcap_entry (sqlite3 db, uint64_t timestamp, uint64_t *caplen)
	Returns the first pcap entry timestamp. More...

int	get_pcap_meta_array (sqlite3 db, uint64_t lt, uint32_t lim, UT_array pcap_meta_arr)
	Returns the pcap meta array. More...

int	delete_pcap_entries (sqlite3 *db, uint64_t lt, uint64_t ht)
	Removes a set of entries. More...

int	sum_pcap_group (sqlite3 db, uint64_t lt, uint32_t lim, uint64_t ht, uint64_t *sum)
	Calculates the sum of the group of a pcap. More...

Detailed Description

File containing the definition of the sqlite pcap utilities.

Author: Alexandru Mereacre

Date: 2021

Copyright: SPDX-FileCopyrightText: © 2021 NQMCyber Ltd and edgesec contributors SPDX-License-Identifier: LGPL-3.0-or-later

Macro Definition Documentation

◆ PCAP_CREATE_TABLE

#define PCAP_CREATE_TABLE

Value:

  "CREATE TABLE IF NOT EXISTS " PCAP_TABLE_NAME                                \
  " (timestamp INTEGER NOT NULL, name TEXT NOT NULL, "                         \
  "caplen INTEGER, length INTEGER, "                                           \
  "PRIMARY KEY (name));"

◆ PCAP_DELETE_GROUP

#define PCAP_DELETE_GROUP

Value:

"DELETE FROM " PCAP_TABLE_NAME " WHERE timestamp >= @lt AND timestamp <= " \

"@ht;"

◆ PCAP_INSERT_INTO

#define PCAP_INSERT_INTO

Value:

"INSERT INTO " PCAP_TABLE_NAME " VALUES(@timestamp, @name, @caplen, " \

"@length);"

◆ PCAP_SELECT_FIRST_ENTRY

#define PCAP_SELECT_FIRST_ENTRY

Value:

"SELECT timestamp,caplen FROM " PCAP_TABLE_NAME \

" ORDER BY timestamp ASC LIMIT 1;"

◆ PCAP_SELECT_GROUP

#define PCAP_SELECT_GROUP

Value:

"SELECT timestamp,name FROM " PCAP_TABLE_NAME \

" WHERE timestamp >= @lt ORDER BY timestamp ASC LIMIT @lim;"

◆ PCAP_SUM_GROUP

#define PCAP_SUM_GROUP

Value:

"SELECT timestamp,caplen FROM " PCAP_TABLE_NAME \

" WHERE timestamp > @lt ORDER BY timestamp ASC LIMIT @lim;"

◆ PCAP_TABLE_NAME

#define PCAP_TABLE_NAME "pcap"

Function Documentation

◆ delete_pcap_entries()

int delete_pcap_entries	(	sqlite3 *	db,
		uint64_t	lt,
		uint64_t	ht
	)

Removes a set of entries.

Parameters

db	The sqlite db structure pointer
lt	The lower timestamp
ht	The higher timestamp

Returns: int 0 on success, 1 for no data and -1 on failure

◆ get_first_pcap_entry()

int get_first_pcap_entry	(	sqlite3 *	db,
		uint64_t *	timestamp,
		uint64_t *	caplen
	)

Returns the first pcap entry timestamp.

Parameters

db	The sqlite db structure pointer
timestamp	The returned timestamp value
caplen	The returned caplen value

Returns: int 0 on success, 1 for no data and -1 on failure

◆ get_pcap_meta_array()

int get_pcap_meta_array	(	sqlite3 *	db,
		uint64_t	lt,
		uint32_t	lim,
		UT_array *	pcap_meta_arr
	)

Returns the pcap meta array.

Parameters

db	The sqlite db structure pointer
lt	The lower timestamp
lim	The limit number of rows
pcap_meta_arr	The pcap meta array

Returns: int 0 on success, 1 for no data and -1 on failure

◆ init_sqlite_pcap_db()

int init_sqlite_pcap_db ( sqlite3 * db )

Initialisez the sqlite pcap db tables.

Parameters

db	The sqlite3 db

Returns: 0 on success, -1 on failure

◆ save_sqlite_pcap_entry()

int save_sqlite_pcap_entry	(	sqlite3 *	db,
		char *	name,
		uint64_t	timestamp,
		uint32_t	caplen,
		uint32_t	length
	)

Save a pcap entry into the sqlite db.

Parameters

db	The sqlite db structure pointer
name	The pcap file name
timestamp	The timestamp value
caplen	The capture len
length	The offwire packet len

Returns: int 0 on success, -1 on failure

◆ sum_pcap_group()

int sum_pcap_group	(	sqlite3 *	db,
		uint64_t	lt,
		uint32_t	lim,
		uint64_t *	ht,
		uint64_t *	sum
	)

Calculates the sum of the group of a pcap.

Parameters

db	The sqlite db structure pointer
lt	The lower bound timestamp
lim	The limit number of rows
ht	The returned upper timestamp
sum	The returned sum

Returns: int 0 on success, 1 for no data and -1 on failure

Data Structures

Macros

Functions

Detailed Description

Macro Definition Documentation

◆ PCAP_CREATE_TABLE

◆ PCAP_DELETE_GROUP

◆ PCAP_INSERT_INTO

◆ PCAP_SELECT_FIRST_ENTRY

◆ PCAP_SELECT_GROUP

◆ PCAP_SUM_GROUP

◆ PCAP_TABLE_NAME

Function Documentation

◆ delete_pcap_entries()

◆ get_first_pcap_entry()

◆ get_pcap_meta_array()

◆ init_sqlite_pcap_db()

◆ save_sqlite_pcap_entry()

◆ sum_pcap_group()