diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2021-07-17 07:11:12 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2021-07-17 07:11:12 +0000 |
commit | b72837827d9290c7ec50b9e4b9e1a0f194ddccca (patch) | |
tree | 8df663325413d0f92086d740638555de6b779df7 /src/input/zpcap.lua | |
parent | Adding upstream version 1.1.0+debian. (diff) | |
download | dnsjit-b72837827d9290c7ec50b9e4b9e1a0f194ddccca.tar.xz dnsjit-b72837827d9290c7ec50b9e4b9e1a0f194ddccca.zip |
Adding upstream version 1.2.1.upstream/1.2.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | src/input/zpcap.lua | 159 |
1 files changed, 159 insertions, 0 deletions
diff --git a/src/input/zpcap.lua b/src/input/zpcap.lua new file mode 100644 index 0000000..9a0230f --- /dev/null +++ b/src/input/zpcap.lua @@ -0,0 +1,159 @@ +-- Copyright (c) 2018-2021, OARC, Inc. +-- All rights reserved. +-- +-- This file is part of dnsjit. +-- +-- dnsjit is free software: you can redistribute it and/or modify +-- it under the terms of the GNU General Public License as published by +-- the Free Software Foundation, either version 3 of the License, or +-- (at your option) any later version. +-- +-- dnsjit is distributed in the hope that it will be useful, +-- but WITHOUT ANY WARRANTY; without even the implied warranty of +-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-- GNU General Public License for more details. +-- +-- You should have received a copy of the GNU General Public License +-- along with dnsjit. If not, see <http://www.gnu.org/licenses/>. + +-- dnsjit.input.zpcap +-- Read input from a PCAP file that is compressed +-- local input = require("dnsjit.input.zpcap").new() +-- input:zstd() +-- input:open("file.pcap.zst") +-- input:receiver(filter_or_output) +-- input:run() +-- +-- Read input from a PCAP file that is compressed and parse the PCAP without +-- libpcap. +-- After opening a file and reading the PCAP header, the attributes are +-- populated. +-- .SS Attributes +-- .TP +-- is_swapped +-- Indicate if the byte order in the PCAP is in reverse order of the host. +-- .TP +-- is_nanosec +-- Indicate if the time stamps are in nanoseconds or not. +-- .TP +-- magic_number +-- Magic number. +-- .TP +-- version_major +-- Major version number. +-- .TP +-- version_minor +-- Minor version number. +-- .TP +-- thiszone +-- GMT to local correction. +-- .TP +-- sigfigs +-- Accuracy of timestamps. +-- .TP +-- snaplen +-- Max length of captured packets, in octets. +-- .TP +-- network +-- The link type found in the PCAP header, see https://www.tcpdump.org/linktypes.html . +-- .TP +-- linktype +-- The data link type, mapped from +-- .IR network . +module(...,package.seeall) + +require("dnsjit.input.zpcap_h") +local ffi = require("ffi") +local C = ffi.C + +local t_name = "input_zpcap_t" +local input_zpcap_t = ffi.typeof(t_name) +local Zpcap = {} + +-- Create a new Zpcap input. +function Zpcap.new() + local self = { + _receiver = nil, + obj = input_zpcap_t(), + } + C.input_zpcap_init(self.obj) + ffi.gc(self.obj, C.input_zpcap_destroy) + return setmetatable(self, { __index = Zpcap }) +end + +-- Return the Log object to control logging of this instance or module. +function Zpcap:log() + if self == nil then + return C.input_zpcap_log() + end + return self.obj._log +end + +-- Set the receiver to pass objects to. +function Zpcap:receiver(o) + self.obj.recv, self.obj.ctx = o:receive() + self._receiver = o +end + +-- Return the C functions and context for producing objects. +function Zpcap:produce() + return C.input_zpcap_producer(self.obj), self.obj +end + +-- Use +-- .B posix_fadvise() +-- to indicate sequential reading (if supported), may increase performance. +-- MUST be called before +-- .BR open() . +function Zpcap:fadvise_sequential() + self.obj.use_fadvise = 1 +end + +-- Use liblz4 to decompress the input file/data. +function Zpcap:lz4() + self.obj.compression = "input_zpcap_type_lz4" +end + +-- Use libzstd to decompress the input file/data. +function Zpcap:zstd() + self.obj.compression = "input_zpcap_type_zstd" +end + +-- Return true if support for selected compression library is built in. +function Zpcap:have_support() + if C.input_zpcap_have_support(self.obj) == 1 then + return true + end + return false +end + +-- Open a PCAP file for processing and read the PCAP header. +-- Returns 0 on success. +function Zpcap:open(file) + return C.input_zpcap_open(self.obj, file) +end + +-- Open a PCAP file for processing and read the PCAP header using a +-- file descriptor, for example +-- .B io.stdin +-- or with +-- .BR io.open() . +-- Will not take ownership of the file descriptor. +-- Returns 0 on success. +function Zpcap:openfp(fp) + return C.input_zpcap_openfp(self.obj, fp) +end + +-- Start processing packets and send each packet read to the receiver. +-- Returns 0 if all packets was read successfully. +function Zpcap:run() + return C.input_zpcap_run(self.obj) +end + +-- Return the number of packets seen. +function Zpcap:packets() + return tonumber(self.obj.pkts) +end + +-- dnsjit.input.fpcap (3) +return Zpcap |