dnsjit.input.zpcap - Read input from a PCAP file that is
compressed
local input = require("dnsjit.input.zpcap").new()
input:zstd()
input:open("file.pcap.zst")
input:receiver(filter_or_output)
input:run()
Read input from a PCAP file that is compressed and parse the PCAP
without libpcap. After opening a file and reading the PCAP header, the
attributes are populated.
- is_swapped
- Indicate if the byte order in the PCAP is in reverse order of the
host.
- is_nanosec
- Indicate if the time stamps are in nanoseconds or not.
- magic_number
- Magic number.
- version_major
- Major version number.
- version_minor
- Minor version number.
- thiszone
- GMT to local correction.
- sigfigs
- Accuracy of timestamps.
- snaplen
- Max length of captured packets, in octets.
- network
- The link type found in the PCAP header, see
https://www.tcpdump.org/linktypes.html .
- linktype
- The data link type, mapped from network.
- Zpcap.new()
- Create a new Zpcap input.
- Zpcap:log()
- Return the Log object to control logging of this instance or module.
- Zpcap:receiver(o)
- Set the receiver to pass objects to.
- Zpcap:produce()
- Return the C functions and context for producing objects.
- Zpcap:fadvise_sequential()
- Use posix_fadvise() to indicate sequential reading (if supported),
may increase performance. MUST be called before open().
- Zpcap:lz4()
- Use liblz4 to decompress the input file/data.
- Zpcap:zstd()
- Use libzstd to decompress the input file/data.
- Zpcap:have_support()
- Return true if support for selected compression library is built in.
- Zpcap:open(file)
- Open a PCAP file for processing and read the PCAP header. Returns 0 on
success.
- Zpcap:openfp(fp)
- Open a PCAP file for processing and read the PCAP header using a file
descriptor, for example io.stdin or with io.open(). Will not
take ownership of the file descriptor. Returns 0 on success.
- Zpcap:run()
- Start processing packets and send each packet read to the receiver.
Returns 0 if all packets was read successfully.
- Zpcap:packets()
- Return the number of packets seen.
Jerry Lundström (DNS-OARC), Tomáš
Křížek (CZ.NIC), Petr Špaček (ISC)
Maintained by DNS-OARC
https://www.dns-oarc.net/
For issues and feature requests please use:
https://github.com/DNS-OARC/dnsjit/issues
For question and help please use:
admin@dns-oarc.net