mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
f5a76c1aed
This largely copies over Spicy's `.clang-format` configuration file. The one place where we deviate is header include order since Zeek depends on headers being included in a certain order.
50 lines
1.1 KiB
C++
50 lines
1.1 KiB
C++
// See the file "COPYING" in the main distribution directory for copyright.
|
|
|
|
#pragma once
|
|
|
|
#include <sys/types.h> // for u_char
|
|
#include <unistd.h>
|
|
#include <vector>
|
|
|
|
extern "C" {
|
|
#include <pcap.h>
|
|
}
|
|
|
|
#include "zeek/iosource/PktSrc.h"
|
|
|
|
namespace zeek::iosource::pcap {
|
|
|
|
class PcapSource : public PktSrc {
|
|
public:
|
|
PcapSource(const std::string& path, bool is_live);
|
|
~PcapSource() override;
|
|
|
|
static PktSrc* Instantiate(const std::string& path, bool is_live);
|
|
|
|
protected:
|
|
// PktSrc interface.
|
|
void Open() override;
|
|
void Close() override;
|
|
bool ExtractNextPacket(Packet* pkt) override;
|
|
void DoneWithPacket() override;
|
|
bool SetFilter(int index) override;
|
|
void Statistics(Stats* stats) override;
|
|
|
|
detail::BPF_Program* CompileFilter(const std::string& filter) override;
|
|
|
|
private:
|
|
void OpenLive();
|
|
void OpenOffline();
|
|
void PcapError(const char* where = nullptr);
|
|
|
|
Properties props;
|
|
Stats stats;
|
|
|
|
pcap_t* pd;
|
|
struct pcap_stat prev_pstat = {0};
|
|
|
|
// Buffer provided to setvbuf() when reading from a PCAP file.
|
|
std::vector<char> iobuf;
|
|
};
|
|
|
|
} // namespace zeek::iosource::pcap
|