1 /* Copyright (C) 2007-2020 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Danny Browning <danny.browning@protectwise.com>
22  */
23 
24 #include "suricata-common.h"
25 #include "tm-threads.h"
26 
27 #ifndef __SOURCE_PCAP_FILE_HELPER_H__
28 #define __SOURCE_PCAP_FILE_HELPER_H__
29 
30 typedef struct PcapFileGlobalVars_ {
31     uint64_t cnt; /** packet counter */
32     ChecksumValidationMode conf_checksum_mode;
33     ChecksumValidationMode checksum_mode;
34     SC_ATOMIC_DECLARE(unsigned int, invalid_checksums);
35 } PcapFileGlobalVars;
36 
37 /**
38  * Data that is shared amongst File, Directory, and Thread level vars
39  */
40 typedef struct PcapFileSharedVars_
41 {
42     char *bpf_string;
43 
44     uint32_t tenant_id;
45 
46     struct timespec last_processed;
47 
48     bool should_delete;
49 
50     ThreadVars *tv;
51     TmSlot *slot;
52 
53     /* counters */
54     uint64_t pkts;
55     uint64_t bytes;
56     uint64_t files;
57 
58     uint8_t done;
59     uint32_t errs;
60 
61     /** callback result -- set if one of the thread module failed. */
62     int cb_result;
63 } PcapFileSharedVars;
64 
65 /**
66  * Data specific to a single pcap file
67  */
68 typedef struct PcapFileFileVars_
69 {
70     char *filename;
71     pcap_t *pcap_handle;
72 
73     int datalink;
74     struct bpf_program filter;
75 
76     PcapFileSharedVars *shared;
77 
78     /* fields used to get the first packet's timestamp early,
79      * so it can be used to setup the time subsys. */
80     const u_char *first_pkt_data;
81     struct pcap_pkthdr *first_pkt_hdr;
82     struct timeval first_pkt_ts;
83 } PcapFileFileVars;
84 
85 /**
86  * Dispatch a file for processing, where the information necessary to process that
87  * file is as PcapFileFileVars object.
88  * @param ptv PcapFileFileVars object to be processed
89  * @return
90  */
91 TmEcode PcapFileDispatch(PcapFileFileVars *ptv);
92 
93 /**
94  * From a PcapFileFileVars, prepare the filename for processing by setting
95  * pcap_handle, datalink, and filter
96  * @param pfv PcapFileFileVars object to populate
97  * @return
98  */
99 TmEcode InitPcapFile(PcapFileFileVars *pfv);
100 
101 /**
102  * Cleanup resources associated with a PcapFileFileVars object.
103  * @param pfv Object to be cleaned up
104  */
105 void CleanupPcapFileFileVars(PcapFileFileVars *pfv);
106 
107 /**
108  * Determine if a datalink type is valid, setting a decoder function if valid.
109  * @param datalink Datalink type to validate
110  * @param decoder Pointer to decoder to set if valid
111  * @return TM_ECODE_OK if valid datalink type and decoder has been set.
112  */
113 TmEcode ValidateLinkType(int datalink, DecoderFunc *decoder);
114 
115 #endif /* __SOURCE_PCAP_FILE_HELPER_H__ */
116