Skip to content

pcapplusplus and libpcap tuning #66

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Apr 6, 2021
Merged

pcapplusplus and libpcap tuning #66

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
13938b0
control tcp reassembly frag options
weyrick Apr 5, 2021
53c4933
capture config
weyrick Apr 6, 2021
dcb8fb7
tweak frag config, optional pcap debug
weyrick Apr 6, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions conanfile.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ catch2/2.13.4

[options]
corrade:with_pluginmanager=True
pcapplusplus:immediate_mode=True

[generators]
cmake
19 changes: 16 additions & 3 deletions src/inputs/pcap/PcapInputStream.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
#include <PacketUtils.h>
#include <PcapFileDevice.h>
#include <SystemUtils.h>
#include <Logger.h>
#pragma GCC diagnostic pop
#include <Corrade/Utility/Debug.h>
#include <IpUtils.h>
Expand Down Expand Up @@ -66,7 +67,8 @@ PcapInputStream::PcapInputStream(const std::string &name)
, _tcp_reassembly(_tcp_message_ready_cb,
this,
_tcp_connection_start_cb,
_tcp_connection_end_cb)
_tcp_connection_end_cb,
{true, 5, 500, 50})
{
}

Expand All @@ -91,6 +93,10 @@ void PcapInputStream::start()
return;
}

if (config_exists("debug")) {
pcpp::LoggerPP::getInstance().setAllModlesToLogLevel(pcpp::LoggerPP::LogLevel::Debug);
}

// live capture
assert(config_exists("iface"));
assert(config_exists("bpf"));
Expand Down Expand Up @@ -320,7 +326,14 @@ void PcapInputStream::_open_libpcap_iface(const std::string &bpfFilter)
NOTE: the packet buffer timeout cannot be used to cause calls that read packets to return within a limited period of time, because, on some platforms, the packet buffer timeout isn't supported, and, on other platforms, the timer doesn't start until at least one packet arrives. This means that the packet buffer timeout should NOT be used, for example, in an interactive application to allow the packet capture loop to ``poll'' for user input periodically, as there's no guarantee that a call reading packets will return after the timeout expires even if no packets have arrived.
The packet buffer timeout is set with pcap_set_timeout().
*/
config.packetBufferTimeoutMs = 100;
config.packetBufferTimeoutMs = 10;
/*
* @param[in] snapshotLength Snapshot length for capturing packets. Default value is 0 which means use the default value.
* A snapshot length of 262144 should be big enough for maximum-size Linux loopback packets (65549) and some USB packets
* captured with USBPcap (> 131072, < 262144). A snapshot length of 65535 should be sufficient, on most if not all networks,
* to capture all the data available from the packet.
*/
config.snapshotLength = 1000;

// try to open device
if (!_pcapDevice->open(config)) {
Expand Down Expand Up @@ -416,4 +429,4 @@ void PcapInputStream::parse_host_spec()
}
}

}
}