void reader_libpcapfile_opened() { int dlt_to_linktype(int dlt); pcapFileHeader.linktype = dlt_to_linktype(pcap_datalink(pcap)) | pcap_datalink_ext(pcap); pcapFileHeader.snaplen = pcap_snapshot(pcap); offlineFile = pcap_file(pcap); if (config.bpf) { struct bpf_program bpf; if (pcap_compile(pcap, &bpf, config.bpf, 1, PCAP_NETMASK_UNKNOWN) == -1) { LOG("ERROR - Couldn't compile filter: '%s' with %s", config.bpf, pcap_geterr(pcap)); exit(1); } if (pcap_setfilter(pcap, &bpf) == -1) { LOG("ERROR - Couldn't set filter: '%s' with %s", config.bpf, pcap_geterr(pcap)); exit(1); } } int t; for (t = 0; t < MOLOCH_FILTER_MAX; t++) { if (config.bpfsNum[t]) { int i; if (bpf_programs[t]) { for (i = 0; i < config.bpfsNum[t]; i++) { pcap_freecode(&bpf_programs[t][i]); } } else { bpf_programs[t] = malloc(config.bpfsNum[t]*sizeof(struct bpf_program)); } for (i = 0; i < config.bpfsNum[t]; i++) { if (pcap_compile(pcap, &bpf_programs[t][i], config.bpfs[t][i], 1, PCAP_NETMASK_UNKNOWN) == -1) { LOG("ERROR - Couldn't compile filter: '%s' with %s", config.bpfs[t][i], pcap_geterr(pcap)); exit(1); } } moloch_reader_should_filter = reader_libpcapfile_should_filter; } } if (config.flushBetween) moloch_session_flush(); offlinePcapName = strdup(offlinePcapFilename); int fd = pcap_fileno(pcap); if (fd == -1) { g_timeout_add(0, reader_libpcapfile_read, NULL); } else { moloch_watch_fd(fd, MOLOCH_GIO_READ_COND, reader_libpcapfile_read, NULL); } }
LOCAL void reader_libpcapfile_opened() { int dlt_to_linktype(int dlt); if (config.flushBetween) moloch_session_flush(); moloch_packet_set_linksnap(dlt_to_linktype(pcap_datalink(pcap)) | pcap_datalink_ext(pcap), pcap_snapshot(pcap)); offlineFile = pcap_file(pcap); if (config.bpf && pcapFileHeader.linktype != 239) { struct bpf_program bpf; if (pcap_compile(pcap, &bpf, config.bpf, 1, PCAP_NETMASK_UNKNOWN) == -1) { LOGEXIT("ERROR - Couldn't compile filter: '%s' with %s", config.bpf, pcap_geterr(pcap)); } if (pcap_setfilter(pcap, &bpf) == -1) { LOGEXIT("ERROR - Couldn't set filter: '%s' with %s", config.bpf, pcap_geterr(pcap)); } } readerPos++; if (readerFileName[readerPos]) moloch_free_later(readerFileName[readerPos], g_free); readerFileName[readerPos] = g_strdup(offlinePcapFilename); int fd = pcap_fileno(pcap); if (fd == -1) { g_timeout_add(0, reader_libpcapfile_read, NULL); } else { moloch_watch_fd(fd, MOLOCH_GIO_READ_COND, reader_libpcapfile_read, NULL); } if (filenameOpsNum > 0) { // Free any previously allocated if (readerFieldOps[readerPos].size > 0) moloch_field_ops_free(&readerFieldOps[readerPos]); moloch_field_ops_init(&readerFieldOps[readerPos], filenameOpsNum, MOLOCH_FIELD_OPS_FLAGS_COPY); // Go thru all the filename ops looking for matches and then expand the value string int i; for (i = 0; i < filenameOpsNum; i++) { GMatchInfo *match_info = 0; g_regex_match(filenameOps[i].regex, offlinePcapFilename, 0, &match_info); if (g_match_info_matches(match_info)) { GError *error = 0; char *expand = g_match_info_expand_references(match_info, filenameOps[i].expand, &error); if (error) { LOG("Error expanding '%s' with '%s' - %s", offlinePcapFilename, filenameOps[i].expand, error->message); g_error_free(error); } if (expand) { moloch_field_ops_add(&readerFieldOps[readerPos], filenameOps[i].field, expand, -1); g_free(expand); } } g_match_info_free(match_info); } } }