Example #1
0
LOCAL void *reader_snf_thread(gpointer ring)
{
    struct snf_recv_req req;

    while (!config.quitting) {
        int err = snf_ring_recv(ring, -1, &req);
        if (err) {
            if (err == EBUSY || err == EAGAIN || err == EINTR)
                continue;
            LOG("SNF quiting %d", err);
            moloch_quit();
            break;
        }

        MolochPacket_t *packet = MOLOCH_TYPE_ALLOC0(MolochPacket_t);

        packet->pkt           = (u_char *)req.pkt_addr;
        packet->ts.tv_sec     = req.timestamp / 1000000000;
        packet->ts.tv_usec    = req.timestamp % 1000000000000;
        packet->pktlen        = req.length;

        moloch_packet(packet);
    }
    return NULL;
}
Example #2
0
void reader_pfring_packet_cb(const struct pfring_pkthdr *h, const u_char *p, const u_char *UNUSED(user_bytes))
{
    if (unlikely(h->caplen != h->len)) {
        LOG("ERROR - Moloch requires full packet captures caplen: %d pktlen: %d", h->caplen, h->len);
        exit (0);
    }

    MolochPacket_t *packet = MOLOCH_TYPE_ALLOC0(MolochPacket_t);

    packet->pkt           = (u_char *)p;
    packet->ts            = h->ts;
    packet->pktlen        = h->len;

    moloch_packet(packet);
}
Example #3
0
void reader_libpcap_pcap_cb(u_char *UNUSED(user), const struct pcap_pkthdr *h, const u_char *bytes)
{
    if (unlikely(h->caplen != h->len)) {
        LOG("ERROR - Moloch requires full packet captures caplen: %d pktlen: %d\n"
            "turning offloading off may fix, something like 'ethtool -K INTERFACE tx off sg off gro off gso off lro off tso off'", 
            h->caplen, h->len);
        exit (0);
    }

    MolochPacket_t *packet = MOLOCH_TYPE_ALLOC0(MolochPacket_t);

    packet->pkt           = (u_char *)bytes;
    packet->ts            = h->ts;
    packet->pktlen        = h->len;

    moloch_packet(packet);
}
Example #4
0
void reader_libpcapfile_pcap_cb(u_char *UNUSED(user), const struct pcap_pkthdr *h, const u_char *bytes)
{
    MolochPacket_t *packet = MOLOCH_TYPE_ALLOC0(MolochPacket_t);

    if (unlikely(h->caplen != h->len)) {
        if (!config.readTruncatedPackets) {
            LOG("ERROR - Moloch requires full packet captures caplen: %d pktlen: %d. "
                "If using tcpdump use the \"-s0\" option, or set readTruncatedPackets in ini file",
                h->caplen, h->len);
            exit (0);
        }
        packet->pktlen     = h->caplen;
    } else {
        packet->pktlen     = h->len;
    }

    packet->pkt           = (u_char *)bytes;
    packet->ts            = h->ts;
    packet->readerFilePos = ftell(offlineFile) - 16 - h->len;
    packet->readerName    = offlinePcapName;
    moloch_packet(packet);
}