Branch data Line data Source code
1 : : // $Id: Net.h 6219 2008-10-01 05:39:07Z vern $
2 : : //
3 : : // See the file "COPYING" in the main distribution directory for copyright.
4 : :
5 : : #ifndef net_h
6 : : #define net_h
7 : :
8 : : #include "net_util.h"
9 : : #include "BPF_Program.h"
10 : : #include "List.h"
11 : : #include "PktSrc.h"
12 : : #include "FlowSrc.h"
13 : : #include "Func.h"
14 : : #include "RemoteSerializer.h"
15 : :
16 : : extern void net_init(name_list& interfaces, name_list& readfiles,
17 : : name_list& netflows, name_list& flowfiles,
18 : : const char* writefile, const char* transformed_writefile,
19 : : const char* filter, const char* secondary_filter,
20 : : int do_watchdog);
21 : : extern void net_run();
22 : : extern void net_get_final_stats();
23 : : extern void net_finish(int drain_events);
24 : : extern void net_delete(); // Reclaim all memory, etc.
25 : : extern void net_packet_arrival(double t, const struct pcap_pkthdr* hdr,
26 : : const u_char* pkt, int hdr_size,
27 : : PktSrc* src_ps);
28 : : extern int net_packet_match(BPF_Program* fp, const u_char* pkt,
29 : : u_int len, u_int caplen);
30 : : extern void expire_timers(PktSrc* src_ps = 0);
31 : : extern void termination_signal();
32 : :
33 : : // Functions to temporarily suspend processing of live input (network packets
34 : : // and remote events/state). Turning this is on is sure to lead to data loss!
35 : : extern void net_suspend_processing();
36 : : extern void net_continue_processing();
37 : :
38 : : extern int _processing_suspended; // don't access directly.
39 : 21349 : inline bool net_is_processing_suspended()
40 : 21349 : { return _processing_suspended > 0; }
41 : :
42 : : // Whether we're reading live traffic.
43 : : extern int reading_live;
44 : :
45 : : // Same but for reading from traces instead. We have two separate
46 : : // variables because it's possible that neither is true, and we're
47 : : // instead just running timers (per the variable after this one).
48 : : extern int reading_traces;
49 : :
50 : : // True if we have timers scheduled for the future on which we need
51 : : // to wait. "Need to wait" here means that we're running live (though
52 : : // perhaps not reading_live, but just running in real-time) as opposed
53 : : // to reading a trace (in which case we don't want to wait in real-time
54 : : // on future timers).
55 : : extern int have_pending_timers;
56 : :
57 : : // If > 0, we are reading from traces but trying to mimic real-time behavior.
58 : : // (In this case, both reading_traces and reading_live are true.) The value
59 : : // is the speedup (1 = real-time, 0.5 = half real-time, etc.).
60 : : extern double pseudo_realtime;
61 : :
62 : : // Pcap filter supplied by the user on the command line (if any).
63 : : extern char* user_pcap_filter;
64 : :
65 : : // When we started processing the current packet and corresponding event
66 : : // queue.
67 : : extern double processing_start_time;
68 : :
69 : : // When the Bro process was started.
70 : : extern double bro_start_time;
71 : :
72 : : // Time at which the Bro process was started with respect to network time,
73 : : // i.e. the timestamp of the first packet.
74 : : extern double bro_start_network_time;
75 : :
76 : : // True if we're a in the process of cleaning-up just before termination.
77 : : extern bool terminating;
78 : :
79 : : // True if the remote serializer is to be activated.
80 : : extern bool using_communication;
81 : :
82 : : extern const struct pcap_pkthdr* current_hdr;
83 : : extern const u_char* current_pkt;
84 : : extern int current_dispatched;
85 : : extern int current_hdr_size;
86 : : extern double current_timestamp;
87 : : extern PktSrc* current_pktsrc;
88 : : extern IOSource* current_iosrc;
89 : :
90 : 10 : declare(PList,PktSrc);
91 : : extern PList(PktSrc) pkt_srcs;
92 : :
93 : : extern PktDumper* pkt_dumper; // where to save packets
94 : : extern PktDumper* pkt_transformed_dumper;
95 : :
96 : : extern char* writefile;
97 : :
98 : : #endif
|