dnsjit/src/input/zpcap.lua
Daniel Baumann 7a39e7587d
Merging upstream version 1.4.0.
Signed-off-by: Daniel Baumann <daniel@debian.org>
2025-02-09 08:36:47 +01:00

169 lines
4.4 KiB
Lua

-- Copyright (c) 2018-2024 OARC, Inc.
-- All rights reserved.
--
-- This file is part of dnsjit.
--
-- dnsjit is free software: you can redistribute it and/or modify
-- it under the terms of the GNU General Public License as published by
-- the Free Software Foundation, either version 3 of the License, or
-- (at your option) any later version.
--
-- dnsjit is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License
-- along with dnsjit. If not, see <http://www.gnu.org/licenses/>.
-- dnsjit.input.zpcap
-- Read input from a PCAP file that is compressed
-- local input = require("dnsjit.input.zpcap").new()
-- input:zstd()
-- input:open("file.pcap.zst")
-- input:receiver(filter_or_output)
-- input:run()
--
-- Read input from a PCAP file that is compressed and parse the PCAP without
-- libpcap.
-- After opening a file and reading the PCAP header, the attributes are
-- populated.
-- .SS Attributes
-- .TP
-- is_swapped
-- Indicate if the byte order in the PCAP is in reverse order of the host.
-- .TP
-- is_nanosec
-- Indicate if the time stamps are in nanoseconds or not.
-- .TP
-- magic_number
-- Magic number.
-- .TP
-- version_major
-- Major version number.
-- .TP
-- version_minor
-- Minor version number.
-- .TP
-- thiszone
-- GMT to local correction.
-- .TP
-- sigfigs
-- Accuracy of timestamps.
-- .TP
-- snaplen
-- Max length of captured packets, in octets.
-- .TP
-- network
-- The link type found in the PCAP header, see https://www.tcpdump.org/linktypes.html .
-- .TP
-- linktype
-- The data link type, mapped from
-- .IR network .
module(...,package.seeall)
require("dnsjit.input.zpcap_h")
local ffi = require("ffi")
local C = ffi.C
local t_name = "input_zpcap_t"
local input_zpcap_t = ffi.typeof(t_name)
local Zpcap = {}
-- Create a new Zpcap input.
function Zpcap.new()
local self = {
_receiver = nil,
obj = input_zpcap_t(),
}
C.input_zpcap_init(self.obj)
ffi.gc(self.obj, C.input_zpcap_destroy)
return setmetatable(self, { __index = Zpcap })
end
-- Return the Log object to control logging of this instance or module.
function Zpcap:log()
if self == nil then
return C.input_zpcap_log()
end
return self.obj._log
end
-- Set the receiver to pass objects to.
function Zpcap:receiver(o)
self.obj.recv, self.obj.ctx = o:receive()
self._receiver = o
end
-- Return the C functions and context for producing objects.
function Zpcap:produce()
return C.input_zpcap_producer(self.obj), self.obj
end
-- Use
-- .B posix_fadvise()
-- to indicate sequential reading (if supported), may increase performance.
-- MUST be called before
-- .BR open() .
function Zpcap:fadvise_sequential()
self.obj.use_fadvise = 1
end
-- Use liblz4 to decompress the input file/data.
function Zpcap:lz4()
self.obj.compression = "input_zpcap_type_lz4"
end
-- Use libzstd to decompress the input file/data.
function Zpcap:zstd()
self.obj.compression = "input_zpcap_type_zstd"
end
-- Use zlib/gzip to decompress the input file/data.
function Zpcap:gzip()
self.obj.compression = "input_zpcap_type_gzip"
end
-- Use liblzma/xz to decompress the input file/data.
function Zpcap:lzma()
self.obj.compression = "input_zpcap_type_lzma"
end
-- Return true if support for selected compression library is built in.
function Zpcap:have_support()
if C.input_zpcap_have_support(self.obj) == 1 then
return true
end
return false
end
-- Open a PCAP file for processing and read the PCAP header.
-- Returns 0 on success.
function Zpcap:open(file)
return C.input_zpcap_open(self.obj, file)
end
-- Open a PCAP file for processing and read the PCAP header using a
-- file descriptor, for example
-- .B io.stdin
-- or with
-- .BR io.open() .
-- Will not take ownership of the file descriptor.
-- Returns 0 on success.
function Zpcap:openfp(fp)
return C.input_zpcap_openfp(self.obj, fp)
end
-- Start processing packets and send each packet read to the receiver.
-- Returns 0 if all packets was read successfully.
function Zpcap:run()
return C.input_zpcap_run(self.obj)
end
-- Return the number of packets seen.
function Zpcap:packets()
return tonumber(self.obj.pkts)
end
-- dnsjit.input.fpcap (3)
return Zpcap