Scroll to navigation

dnsjit.input.fpcap(3) Library Functions Manual dnsjit.input.fpcap(3)

NAME

dnsjit.input.fpcap - Read input from a PCAP file using fopen()

SYNOPSIS


local input = require("dnsjit.input.fpcap").new()
input:open("file.pcap")
input:receiver(filter_or_output)
input:run()

DESCRIPTION

Read input from a PCAP file using standard library function fopen() and parse the PCAP without libpcap. After opening a file and reading the PCAP header, the attributes are populated.

Attributes

Indicate if the byte order in the PCAP is in reverse order of the host.
Indicate if the time stamps are in nanoseconds or not.
Magic number.
Major version number.
Minor version number.
GMT to local correction.
Accuracy of timestamps.
Max length of captured packets, in octets.
The link type found in the PCAP header, see https://www.tcpdump.org/linktypes.html .
The data link type, mapped from network.

Functions

Create a new Fpcap input.
Return the Log object to control logging of this instance or module.
Set the receiver to pass objects to.
Return the C functions and context for producing objects.
Use posix_fadvise() to indicate sequential reading (if supported), may increase performance. MUST be called before open().
Open a PCAP file for processing and read the PCAP header. Returns 0 on success.
Open a PCAP file for processing and read the PCAP header using a file descriptor, for example io.stdin or with io.open(). Will not take ownership of the file descriptor. Returns 0 on success.
Start processing packets and send each packet read to the receiver. Returns 0 if all packets was read successfully.
Return the number of packets seen.

AUTHORS and CONTRIBUTORS

Jerry Lundström (DNS-OARC), Tomáš Křížek (CZ.NIC), Petr Špaček (ISC)

Maintained by DNS-OARC

https://www.dns-oarc.net/

BUGS

For issues and feature requests please use:

https://github.com/DNS-OARC/dnsjit/issues

For question and help please use:

admin@dns-oarc.net
1.3.0 dnsjit