dnsjit.input.zpcap - Man Page

Read input from a PCAP file that is compressed

Synopsis

 local input = require("dnsjit.input.zpcap").new()
 input:zstd()
 input:open("file.pcap.zst")
 input:receiver(filter_or_output)
 input:run()

Description

Read input from a PCAP file that is compressed and parse the PCAP without libpcap. After opening a file and reading the PCAP header, the attributes are populated.

Attributes

is_swapped

Indicate if the byte order in the PCAP is in reverse order of the host.

is_nanosec

Indicate if the time stamps are in nanoseconds or not.

magic_number

Magic number.

version_major

Major version number.

version_minor

Minor version number.

thiszone

GMT to local correction.

sigfigs

Accuracy of timestamps.

snaplen

Max length of captured packets, in octets.

network

The link type found in the PCAP header, see https://www.tcpdump.org/linktypes.html .

linktype

The data link type, mapped from network.

Functions

Zpcap.new()

Create a new Zpcap input.

Zpcap:log()

Return the Log object to control logging of this instance or module.

Zpcap:receiver(o)

Set the receiver to pass objects to.

Zpcap:produce()

Return the C functions and context for producing objects.

Zpcap:fadvise_sequential()

Use posix_fadvise() to indicate sequential reading (if supported), may increase performance. MUST be called before open().

Zpcap:lz4()

Use liblz4 to decompress the input file/data.

Zpcap:zstd()

Use libzstd to decompress the input file/data.

Zpcap:gzip()

Use zlib/gzip to decompress the input file/data.

Zpcap:lzma()

Use liblzma/xz to decompress the input file/data.

Zpcap:have_support()

Return true if support for selected compression library is built in.

Zpcap:open(file)

Open a PCAP file for processing and read the PCAP header. Returns 0 on success.

Zpcap:openfp(fp)

Open a PCAP file for processing and read the PCAP header using a file descriptor, for example io.stdin or with io.open(). Will not take ownership of the file descriptor. Returns 0 on success.

Zpcap:run()

Start processing packets and send each packet read to the receiver. Returns 0 if all packets was read successfully.

Zpcap:packets()

Return the number of packets seen.

See Also

dnsjit.input.fpcap(3)

AUTHORS and CONTRIBUTORS

Jerry Lundström (DNS-OARC), Tomáš Křížek (CZ.NIC), Petr Špaček (ISC)

Maintained by DNS-OARC

https://www.dns-oarc.net/

Bugs

For issues and feature requests please use:

https://github.com/DNS-OARC/dnsjit/issues

For question and help please use:

admin@dns-oarc.net

Referenced By

dnsjit.input(3).

1.5.0 dnsjit