tcpflow  1.6.1
About: tcpflow is a TCP/IP packet demultiplexer that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging.
  Fossies Dox: tcpflow-1.6.1.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

Plugin_module

Files

file  bulk_extractor_i.h
 

Namespaces

 be13
 

Classes

struct  be13::ether_addr
 
struct  be13::ether_header
 
struct  be13::ip4_addr
 
struct  be13::ip4
 
struct  be13::ip4_dgram
 
struct  be13::ip6_addr
 
struct  be13::ip6_hdr
 
struct  be13::ip6_dgram
 
struct  be13::tcphdr
 
class  be13::packet_info
 
class  be13::packet_info::frame_too_short
 
class  scanner_info
 
struct  scanner_info::scanner_config
 
class  scanner_params
 
class  recursion_control_block
 
class  scanner_def
 
struct  be13::plugin
 

Macros

#define ETH_ALEN   6
 
#define IPPROTO_TCP   6 /* tcp */
 
#define IP_RF   0x8000 /* reserved fragment flag */
 
#define IP_DF   0x4000 /* dont fragment flag */
 
#define IP_MF   0x2000 /* more fragments flag */
 
#define IP_OFFMASK   0x1fff /* mask for fragmenting bits */
 
#define TH_FIN   0x01
 
#define TH_SYN   0x02
 
#define TH_RST   0x04
 
#define TH_PUSH   0x08
 
#define TH_ACK   0x10
 
#define TH_URG   0x20
 
#define ETHERTYPE_PUP   0x0200 /* Xerox PUP */
 
#define ETHERTYPE_SPRITE   0x0500 /* Sprite */
 
#define ETHERTYPE_IP   0x0800 /* IP */
 
#define ETHERTYPE_ARP   0x0806 /* Address resolution */
 
#define ETHERTYPE_REVARP   0x8035 /* Reverse ARP */
 
#define ETHERTYPE_AT   0x809B /* AppleTalk protocol */
 
#define ETHERTYPE_AARP   0x80F3 /* AppleTalk ARP */
 
#define ETHERTYPE_VLAN   0x8100 /* IEEE 802.1Q VLAN tagging */
 
#define ETHERTYPE_IPX   0x8137 /* IPX */
 
#define ETHERTYPE_IPV6   0x86dd /* IP protocol version 6 */
 
#define ETHERTYPE_LOOPBACK   0x9000 /* used to test interfaces */
 
#define ONE_HUNDRED_NANO_SEC_TO_SECONDS   10000000
 
#define SECONDS_BETWEEN_WIN32_EPOCH_AND_UNIX_EPOCH   11644473600LL
 

Typedefs

typedef uint32_t be13::ip4_addr_t
 
typedef uint32_t be13::tcp_seq
 
typedef void scanner_t(const class scanner_params &sp, const class recursion_control_block &rcb)
 
typedef void process_t(const class scanner_params &sp)
 
typedef void packet_callback_t(void *user, const be13::packet_info &pi)
 
typedef std::map< std::string, std::string > scanner_info::config_t
 
typedef std::map< std::string, std::string > scanner_params::PrintOptions
 
typedef std::vector< scanner_def * > be13::plugin::scanner_vector
 

Enumerations

enum  be13::packet_info::vlan_t { be13::packet_info::NO_VLAN =-1 }
 
enum  scanner_params::print_mode_t { scanner_params::MODE_NONE =0 , scanner_params::MODE_HEX , scanner_params::MODE_RAW , scanner_params::MODE_HTTP }
 
enum  scanner_params::phase_t {
  scanner_params::PHASE_NONE = -1 , scanner_params::PHASE_STARTUP = 0 , scanner_params::PHASE_INIT = 3 , scanner_params::PHASE_THREAD_BEFORE_SCAN = 4 ,
  scanner_params::PHASE_SCAN = 1 , scanner_params::PHASE_SHUTDOWN = 2
}
 

Functions

 be13::packet_info::frame_too_short::frame_too_short ()
 
 be13::packet_info::packet_info (const int dlt, const struct pcap_pkthdr *h, const u_char *d, const struct timeval &ts_, const uint8_t *d2, size_t dl2)
 
 be13::packet_info::packet_info (const int dlt, const struct pcap_pkthdr *h, const u_char *d)
 
static u_short be13::packet_info::nshort (const u_char *buf, size_t pos)
 
int be13::packet_info::ip_version () const
 
u_short be13::packet_info::ether_type () const
 
int be13::packet_info::vlan () const
 
const uint8_tbe13::packet_info::get_ether_dhost () const
 
const uint8_tbe13::packet_info::get_ether_shost () const
 
bool be13::packet_info::is_ip4 () const
 
bool be13::packet_info::is_ip6 () const
 
bool be13::packet_info::is_ip4_tcp () const
 
bool be13::packet_info::is_ip6_tcp () const
 
const struct in_addr * be13::packet_info::get_ip4_src () const
 
const struct in_addr * be13::packet_info::get_ip4_dst () const
 
uint8_t be13::packet_info::get_ip4_proto () const
 
uint8_t be13::packet_info::get_ip6_nxt_hdr () const
 
uint16_t be13::packet_info::get_ip6_plen () const
 
const struct ip6_addrbe13::packet_info::get_ip6_src () const
 
const struct ip6_addrbe13::packet_info::get_ip6_dst () const
 
uint16_t be13::packet_info::get_ip4_tcp_sport () const
 
uint16_t be13::packet_info::get_ip4_tcp_dport () const
 
uint16_t be13::packet_info::get_ip6_tcp_sport () const
 
uint16_t be13::packet_info::get_ip6_tcp_dport () const
 
 scanner_info::scanner_info (const scanner_info &i)
 
scanner_infoscanner_info::operator= (const scanner_info &i)
 
static std::string scanner_info::helpstr ()
 
static const std::string scanner_info::flag_to_string (const int flag)
 
 scanner_info::scanner_config::scanner_config ()
 
virtual scanner_info::scanner_config::~scanner_config ()
 
 scanner_info::scanner_info ()
 
virtual void scanner_info::get_config (const scanner_info::config_t &c, const std::string &name, std::string *val, const std::string &help)
 
virtual void scanner_info::get_config (const std::string &name, std::string *val, const std::string &help)
 
virtual void scanner_info::get_config (const std::string &name, uint64_t *val, const std::string &help)
 
virtual void scanner_info::get_config (const std::string &name, int32_t *val, const std::string &help)
 
virtual void scanner_info::get_config (const std::string &name, uint32_t *val, const std::string &help)
 
virtual void scanner_info::get_config (const std::string &name, uint16_t *val, const std::string &help)
 
virtual void scanner_info::get_config (const std::string &name, uint8_t *val, const std::string &help)
 
virtual void scanner_info::get_config (const std::string &name, bool *val, const std::string &help)
 
virtual scanner_info::~scanner_info ()
 
static print_mode_t scanner_params::getPrintMode (const PrintOptions &po)
 
static void scanner_params::setPrintMode (PrintOptions &po, int mode)
 
 scanner_params::scanner_params (phase_t phase_, const sbuf_t &sbuf_, class feature_recorder_set &fs_, PrintOptions &print_options_)
 
 scanner_params::scanner_params (phase_t phase_, const sbuf_t &sbuf_, class feature_recorder_set &fs_)
 
 scanner_params::scanner_params (phase_t phase_, const sbuf_t &sbuf_, class feature_recorder_set &fs_, std::stringstream *xmladd)
 
 scanner_params::scanner_params (const scanner_params &sp_existing, const sbuf_t &sbuf_new)
 
std::ostream & operator<< (std::ostream &os, const class scanner_params &sp)
 
 recursion_control_block::recursion_control_block (process_t *callback_, std::string partName_)
 
 scanner_def::scanner_def ()
 
static void be13::plugin::set_scanner_debug (int debug)
 
static void be13::plugin::load_scanner (scanner_t scanner, const scanner_info::scanner_config &sc)
 
static void be13::plugin::load_scanner_file (std::string fn, const scanner_info::scanner_config &sc)
 
static void be13::plugin::load_scanners (scanner_t *const *scanners_builtin, const scanner_info::scanner_config &sc)
 
static void be13::plugin::load_scanner_directory (const std::string &dirname, const scanner_info::scanner_config &sc)
 
static void be13::plugin::load_scanner_directories (const std::vector< std::string > &dirnames, const scanner_info::scanner_config &sc)
 
static void be13::plugin::load_scanner_packet_handlers ()
 
static void be13::plugin::message_enabled_scanners (scanner_params::phase_t phase, feature_recorder_set &fs)
 
static scanner_tbe13::plugin::find_scanner (const std::string &name)
 
static void be13::plugin::get_enabled_scanners (std::vector< std::string > &svector)
 
static void be13::plugin::add_enabled_scanner_histograms_to_feature_recorder_set (feature_recorder_set &fs)
 
static bool be13::plugin::find_scanner_enabled ()
 
static void be13::plugin::scanners_disable_all ()
 
static void be13::plugin::scanners_enable_all ()
 
static void be13::plugin::set_scanner_enabled (const std::string &name, bool enable)
 
static void be13::plugin::set_scanner_enabled_all (bool enable)
 
static void be13::plugin::scanners_enable (const std::string &name)
 
static void be13::plugin::scanners_disable (const std::string &name)
 
static void be13::plugin::scanners_process_enable_disable_commands ()
 
static void be13::plugin::scanners_init (feature_recorder_set &fs)
 
static void be13::plugin::info_scanners (bool detailed_info, bool detailed_settings, scanner_t *const *scanners_builtin, const char enable_opt, const char disable_opt)
 
static void be13::plugin::phase_shutdown (feature_recorder_set &fs, std::stringstream *sxml=0)
 
static uint32_t be13::plugin::get_max_depth_seen ()
 
static void be13::plugin::process_sbuf (const class scanner_params &sp)
 
static void be13::plugin::process_packet (const be13::packet_info &pi)
 
static void be13::plugin::get_scanner_feature_file_names (feature_file_names_t &feature_file_names)
 
std::string itos (int i)
 
std::string dtos (double d)
 
std::string utos (unsigned int i)
 
std::string utos (uint64_t i)
 
std::string utos (uint16_t i)
 
std::string safe_utf16to8 (std::wstring s)
 
std::wstring safe_utf8to16 (std::string s)
 
void truncate_at (std::string &line, char ch)
 
int isxdigit (int c)
 
std::string microsoftDateToISODate (const uint64_t &time)
 
std::string unixTimeToISODate (const uint64_t &t)
 
bool validASCIIName (const std::string &name)
 

Variables

uint8_t be13::ether_addr::ether_addr_octet [6]
 
uint8_t be13::ether_header::ether_dhost [6]
 
uint8_t be13::ether_header::ether_shost [6]
 
uint16_t be13::ether_header::ether_type
 
ip4_addr_t be13::ip4_addr::addr
 
uint8_t be13::ip4::ip_hl:4
 
uint8_t be13::ip4::ip_v:4
 
uint8_t be13::ip4::ip_tos
 
uint16_t be13::ip4::ip_len
 
uint16_t be13::ip4::ip_id
 
uint16_t be13::ip4::ip_off
 
uint8_t be13::ip4::ip_ttl
 
uint8_t be13::ip4::ip_p
 
uint16_t be13::ip4::ip_sum
 
struct ip4_addr ip_src be13::ip4::ip_dst
 
const struct ip4be13::ip4_dgram::header
 
const uint8_tbe13::ip4_dgram::payload
 
uint16_t be13::ip4_dgram::payload_len
 
uint8_t   be13::ip6_addr::addr8 [16]
 
uint16_t   be13::ip6_addr::addr16 [8]
 
uint32_t   be13::ip6_addr::addr32 [4]
 
union {
   uint8_t   be13::ip6_addr::addr8 [16]
 
   uint16_t   be13::ip6_addr::addr16 [8]
 
   uint32_t   be13::ip6_addr::addr32 [4]
 
be13::ip6_addr::addr
 
uint32_t   be13::ip6_hdr::ip6_un1_flow
 
uint16_t   be13::ip6_hdr::ip6_un1_plen
 
uint8_t   be13::ip6_hdr::ip6_un1_nxt
 
uint8_t   be13::ip6_hdr::ip6_un1_hlim
 
struct ip6_hdrctl {
   uint32_t   be13::ip6_hdr::ip6_un1_flow
 
   uint16_t   be13::ip6_hdr::ip6_un1_plen
 
   uint8_t   be13::ip6_hdr::ip6_un1_nxt
 
   uint8_t   be13::ip6_hdr::ip6_un1_hlim
 
}   be13::ip6_hdr::ip6_un1
 
uint8_t   be13::ip6_hdr::ip6_un2_vfc
 
union {
   struct ip6_hdrctl {
      uint32_t   be13::ip6_hdr::ip6_un1_flow
 
      uint16_t   be13::ip6_hdr::ip6_un1_plen
 
      uint8_t   be13::ip6_hdr::ip6_un1_nxt
 
      uint8_t   be13::ip6_hdr::ip6_un1_hlim
 
   }   be13::ip6_hdr::ip6_un1
 
   uint8_t   be13::ip6_hdr::ip6_un2_vfc
 
be13::ip6_hdr::ip6_ctlun
 
struct ip6_addr be13::ip6_hdr::ip6_src
 
struct ip6_addr be13::ip6_hdr::ip6_dst
 
const struct ip6_hdrbe13::ip6_dgram::header
 
const uint8_tbe13::ip6_dgram::payload
 
uint16_t be13::ip6_dgram::payload_len
 
uint16_t be13::tcphdr::th_sport
 
uint16_t be13::tcphdr::th_dport
 
tcp_seq be13::tcphdr::th_seq
 
tcp_seq be13::tcphdr::th_ack
 
uint8_t be13::tcphdr::th_x2:4
 
uint8_t be13::tcphdr::th_off:4
 
uint8_t be13::tcphdr::th_flags
 
uint16_t be13::tcphdr::th_win
 
uint16_t be13::tcphdr::th_sum
 
uint16_t be13::tcphdr::th_urp
 
static const size_t be13::packet_info::ip4_proto_off = 9
 
static const size_t be13::packet_info::ip4_src_off = 12
 
static const size_t be13::packet_info::ip4_dst_off = 16
 
static const size_t be13::packet_info::ip6_nxt_hdr_off = 6
 
static const size_t be13::packet_info::ip6_plen_off = 4
 
static const size_t be13::packet_info::ip6_src_off = 8
 
static const size_t be13::packet_info::ip6_dst_off = 24
 
static const size_t be13::packet_info::tcp_sport_off = 0
 
static const size_t be13::packet_info::tcp_dport_off = 2
 
const int be13::packet_info::pcap_dlt
 
const struct pcap_pkthdrbe13::packet_info::pcap_hdr
 
const u_char * be13::packet_info::pcap_data
 
const struct timeval & be13::packet_info::ts
 
const uint8_t *const be13::packet_info::ip_data
 
const size_t be13::packet_info::ip_datalen
 
static std::stringstream scanner_info::helpstream
 
static const int scanner_info::SCANNER_DISABLED = 0x001
 
static const int scanner_info::SCANNER_NO_USAGE = 0x002
 
static const int scanner_info::SCANNER_NO_ALL = 0x004
 
static const int scanner_info::SCANNER_FIND_SCANNER = 0x008
 
static const int scanner_info::SCANNER_RECURSE = 0x010
 
static const int scanner_info::SCANNER_RECURSE_EXPAND = 0x020
 
static const int scanner_info::SCANNER_WANTS_NGRAMS = 0x040
 
static const int scanner_info::SCANNER_FAST_FIND = 0x080
 
static const int scanner_info::SCANNER_DEPTH_0 = 0x100
 
static const int scanner_info::CURRENT_SI_VERSION = 4
 
config_t scanner_info::scanner_config::namevals
 
int scanner_info::scanner_config::debug
 
int scanner_info::si_version
 
std::string scanner_info::name
 
std::string scanner_info::author
 
std::string scanner_info::description
 
std::string scanner_info::url
 
std::string scanner_info::scanner_version
 
uint64_t scanner_info::flags
 
std::set< std::string > scanner_info::feature_names
 
histogram_defs_t scanner_info::histogram_defs
 
void * scanner_info::packet_user
 
packet_callback_tscanner_info::packet_cb
 
const scanner_configscanner_info::config
 
static const int scanner_params::CURRENT_SP_VERSION =3
 
static PrintOptions scanner_params::no_options
 
const int scanner_params::sp_version
 
const phase_t scanner_params::phase
 
const sbuf_tscanner_params::sbuf
 
class feature_recorder_setscanner_params::fs
 
const uint32_t scanner_params::depth
 
PrintOptionsscanner_params::print_options
 
scanner_infoscanner_params::info
 
std::stringstream * scanner_params::sxml
 
process_trecursion_control_block::callback
 
std::string recursion_control_block::partName
 
static uint32_t scanner_def::max_depth = 7
 
static uint32_t scanner_def::max_ngram = 10
 
scanner_tscanner_def::scanner
 
bool scanner_def::enabled
 
scanner_info scanner_def::info
 
std::string scanner_def::pathPrefix
 
static scanner_vector be13::plugin::current_scanners
 
static bool be13::plugin::dup_data_alerts = false
 
static uint64_t be13::plugin::dup_data_encountered = 0
 

Detailed Description

Macro Definition Documentation

◆ ETH_ALEN

#define ETH_ALEN   6

Definition at line 161 of file bulk_extractor_i.h.

◆ ETHERTYPE_AARP

#define ETHERTYPE_AARP   0x80F3 /* AppleTalk ARP */

Definition at line 402 of file bulk_extractor_i.h.

◆ ETHERTYPE_ARP

#define ETHERTYPE_ARP   0x0806 /* Address resolution */

Definition at line 390 of file bulk_extractor_i.h.

◆ ETHERTYPE_AT

#define ETHERTYPE_AT   0x809B /* AppleTalk protocol */

Definition at line 398 of file bulk_extractor_i.h.

◆ ETHERTYPE_IP

#define ETHERTYPE_IP   0x0800 /* IP */

Definition at line 386 of file bulk_extractor_i.h.

◆ ETHERTYPE_IPV6

#define ETHERTYPE_IPV6   0x86dd /* IP protocol version 6 */

Definition at line 414 of file bulk_extractor_i.h.

◆ ETHERTYPE_IPX

#define ETHERTYPE_IPX   0x8137 /* IPX */

Definition at line 410 of file bulk_extractor_i.h.

◆ ETHERTYPE_LOOPBACK

#define ETHERTYPE_LOOPBACK   0x9000 /* used to test interfaces */

Definition at line 418 of file bulk_extractor_i.h.

◆ ETHERTYPE_PUP

#define ETHERTYPE_PUP   0x0200 /* Xerox PUP */

Definition at line 378 of file bulk_extractor_i.h.

◆ ETHERTYPE_REVARP

#define ETHERTYPE_REVARP   0x8035 /* Reverse ARP */

Definition at line 394 of file bulk_extractor_i.h.

◆ ETHERTYPE_SPRITE

#define ETHERTYPE_SPRITE   0x0500 /* Sprite */

Definition at line 382 of file bulk_extractor_i.h.

◆ ETHERTYPE_VLAN

#define ETHERTYPE_VLAN   0x8100 /* IEEE 802.1Q VLAN tagging */

Definition at line 406 of file bulk_extractor_i.h.

◆ IP_DF

#define IP_DF   0x4000 /* dont fragment flag */

Definition at line 209 of file bulk_extractor_i.h.

◆ IP_MF

#define IP_MF   0x2000 /* more fragments flag */

Definition at line 210 of file bulk_extractor_i.h.

◆ IP_OFFMASK

#define IP_OFFMASK   0x1fff /* mask for fragmenting bits */

Definition at line 211 of file bulk_extractor_i.h.

◆ IP_RF

#define IP_RF   0x8000 /* reserved fragment flag */

Definition at line 208 of file bulk_extractor_i.h.

◆ IPPROTO_TCP

#define IPPROTO_TCP   6 /* tcp */

Definition at line 165 of file bulk_extractor_i.h.

◆ ONE_HUNDRED_NANO_SEC_TO_SECONDS

#define ONE_HUNDRED_NANO_SEC_TO_SECONDS   10000000

Definition at line 912 of file bulk_extractor_i.h.

◆ SECONDS_BETWEEN_WIN32_EPOCH_AND_UNIX_EPOCH

#define SECONDS_BETWEEN_WIN32_EPOCH_AND_UNIX_EPOCH   11644473600LL

Definition at line 913 of file bulk_extractor_i.h.

◆ TH_ACK

#define TH_ACK   0x10

Definition at line 277 of file bulk_extractor_i.h.

◆ TH_FIN

#define TH_FIN   0x01

Definition at line 273 of file bulk_extractor_i.h.

◆ TH_PUSH

#define TH_PUSH   0x08

Definition at line 276 of file bulk_extractor_i.h.

◆ TH_RST

#define TH_RST   0x04

Definition at line 275 of file bulk_extractor_i.h.

◆ TH_SYN

#define TH_SYN   0x02

Definition at line 274 of file bulk_extractor_i.h.

◆ TH_URG

#define TH_URG   0x20

Definition at line 278 of file bulk_extractor_i.h.

Typedef Documentation

◆ config_t

typedef std::map<std::string,std::string> scanner_info::config_t

Definition at line 617 of file bulk_extractor_i.h.

◆ ip4_addr_t

typedef uint32_t be13::ip4_addr_t

Definition at line 185 of file bulk_extractor_i.h.

◆ packet_callback_t

typedef void packet_callback_t(void *user, const be13::packet_info &pi)

Definition at line 602 of file bulk_extractor_i.h.

◆ PrintOptions

typedef std::map<std::string,std::string> scanner_params::PrintOptions

Definition at line 703 of file bulk_extractor_i.h.

◆ process_t

typedef void process_t(const class scanner_params &sp)

Definition at line 601 of file bulk_extractor_i.h.

◆ scanner_t

typedef void scanner_t(const class scanner_params &sp, const class recursion_control_block &rcb)

Definition at line 600 of file bulk_extractor_i.h.

◆ scanner_vector

typedef std::vector<scanner_def *> be13::plugin::scanner_vector

Definition at line 821 of file bulk_extractor_i.h.

◆ tcp_seq

typedef uint32_t be13::tcp_seq

Definition at line 258 of file bulk_extractor_i.h.

Enumeration Type Documentation

◆ phase_t

Enumerator
PHASE_NONE 
PHASE_STARTUP 
PHASE_INIT 
PHASE_THREAD_BEFORE_SCAN 
PHASE_SCAN 
PHASE_SHUTDOWN 

Definition at line 725 of file bulk_extractor_i.h.

◆ print_mode_t

Enumerator
MODE_NONE 
MODE_HEX 
MODE_RAW 
MODE_HTTP 

Definition at line 700 of file bulk_extractor_i.h.

◆ vlan_t

Enumerator
NO_VLAN 

Definition at line 319 of file bulk_extractor_i.h.

Function Documentation

◆ add_enabled_scanner_histograms_to_feature_recorder_set()

void be13::plugin::add_enabled_scanner_histograms_to_feature_recorder_set ( feature_recorder_set fs)
static

◆ dtos()

std::string dtos ( double  d)
inline

Definition at line 872 of file bulk_extractor_i.h.

◆ ether_type()

u_short be13::packet_info::ether_type ( ) const
inline

◆ find_scanner()

scanner_t * be13::plugin::find_scanner ( const std::string &  name)
static

Definition at line 294 of file plugin.cpp.

◆ find_scanner_enabled()

bool be13::plugin::find_scanner_enabled ( )
static

Definition at line 314 of file plugin.cpp.

References scanner_info::SCANNER_FIND_SCANNER.

◆ flag_to_string()

◆ frame_too_short()

be13::packet_info::frame_too_short::frame_too_short ( )
inline

Definition at line 315 of file bulk_extractor_i.h.

◆ get_config() [1/8]

void scanner_info::get_config ( const scanner_info::config_t c,
const std::string &  name,
std::string *  val,
const std::string &  help 
)
virtual

Definition at line 415 of file plugin.cpp.

References c, and name.

Referenced by scanner_info::get_config(), main(), scan_http(), scan_netviz(), scan_tcpdemux(), and scan_wifiviz().

◆ get_config() [2/8]

void scanner_info::get_config ( const std::string &  name,
bool *  val,
const std::string &  help 
)
virtual

Definition at line 465 of file plugin.cpp.

◆ get_config() [3/8]

void scanner_info::get_config ( const std::string &  name,
int32_t *  val,
const std::string &  help 
)
virtual

Definition at line 441 of file plugin.cpp.

◆ get_config() [4/8]

void scanner_info::get_config ( const std::string &  name,
std::string *  val,
const std::string &  help 
)
virtual

Definition at line 426 of file plugin.cpp.

References scanner_info::get_config().

◆ get_config() [5/8]

void scanner_info::get_config ( const std::string &  name,
uint16_t val,
const std::string &  help 
)
virtual

Definition at line 443 of file plugin.cpp.

◆ get_config() [6/8]

void scanner_info::get_config ( const std::string &  name,
uint32_t *  val,
const std::string &  help 
)
virtual

Definition at line 442 of file plugin.cpp.

◆ get_config() [7/8]

void scanner_info::get_config ( const std::string &  name,
uint64_t *  val,
const std::string &  help 
)
virtual

Definition at line 440 of file plugin.cpp.

◆ get_config() [8/8]

void scanner_info::get_config ( const std::string &  name,
uint8_t val,
const std::string &  help 
)
virtual

Definition at line 452 of file plugin.cpp.

◆ get_enabled_scanners()

void be13::plugin::get_enabled_scanners ( std::vector< std::string > &  svector)
static

Definition at line 305 of file plugin.cpp.

◆ get_ether_dhost()

const uint8_t * be13::packet_info::get_ether_dhost ( ) const
inline

◆ get_ether_shost()

const uint8_t * be13::packet_info::get_ether_shost ( ) const
inline

◆ get_ip4_dst()

const struct in_addr * be13::packet_info::get_ip4_dst ( ) const
inline

◆ get_ip4_proto()

uint8_t be13::packet_info::get_ip4_proto ( ) const
inline

◆ get_ip4_src()

const struct in_addr * be13::packet_info::get_ip4_src ( ) const
inline

◆ get_ip4_tcp_dport()

uint16_t be13::packet_info::get_ip4_tcp_dport ( ) const
inline

◆ get_ip4_tcp_sport()

uint16_t be13::packet_info::get_ip4_tcp_sport ( ) const
inline

◆ get_ip6_dst()

const struct ip6_addr * be13::packet_info::get_ip6_dst ( ) const
inline

◆ get_ip6_nxt_hdr()

uint8_t be13::packet_info::get_ip6_nxt_hdr ( ) const
inline

◆ get_ip6_plen()

uint16_t be13::packet_info::get_ip6_plen ( ) const
inline

◆ get_ip6_src()

const struct ip6_addr * be13::packet_info::get_ip6_src ( ) const
inline

◆ get_ip6_tcp_dport()

uint16_t be13::packet_info::get_ip6_tcp_dport ( ) const
inline

◆ get_ip6_tcp_sport()

uint16_t be13::packet_info::get_ip6_tcp_sport ( ) const
inline

◆ get_max_depth_seen()

uint32_t be13::plugin::get_max_depth_seen ( )
static

Definition at line 566 of file plugin.cpp.

References max_depth_seen, and max_depth_seenM.

◆ get_scanner_feature_file_names()

void be13::plugin::get_scanner_feature_file_names ( feature_file_names_t feature_file_names)
static

Definition at line 715 of file plugin.cpp.

Referenced by main().

◆ getPrintMode()

static print_mode_t scanner_params::getPrintMode ( const PrintOptions po)
inlinestatic

◆ helpstr()

static std::string scanner_info::helpstr ( )
inlinestatic

Definition at line 616 of file bulk_extractor_i.h.

References scanner_info::helpstream.

Referenced by be13::plugin::info_scanners().

◆ info_scanners()

void be13::plugin::info_scanners ( bool  detailed_info,
bool  detailed_settings,
scanner_t *const *  scanners_builtin,
const char  enable_opt,
const char  disable_opt 
)
static

Print a list of scanners. We need to load them to do this, so they are loaded with empty config Note that scanners can only be loaded once, so this exits.

Definition at line 486 of file plugin.cpp.

References scanner_info::flag_to_string(), scanner_info::helpstr(), scanner_info::SCANNER_DISABLED, scanner_info::SCANNER_NO_USAGE, and scanners_builtin.

Referenced by main(), and usage().

◆ ip_version()

int be13::packet_info::ip_version ( ) const
inline

◆ is_ip4()

bool be13::packet_info::is_ip4 ( ) const
inline

Definition at line 450 of file bulk_extractor_i.h.

References be13::packet_info::ip_version().

◆ is_ip4_tcp()

bool be13::packet_info::is_ip4_tcp ( ) const
inline

◆ is_ip6()

bool be13::packet_info::is_ip6 ( ) const
inline

Definition at line 455 of file bulk_extractor_i.h.

References be13::packet_info::ip_version().

◆ is_ip6_tcp()

bool be13::packet_info::is_ip6_tcp ( ) const
inline

◆ isxdigit()

int isxdigit ( int  c)
inline

Definition at line 905 of file bulk_extractor_i.h.

References c.

Referenced by feature_recorder::unquote_string().

◆ itos()

std::string itos ( int  i)
inline

Definition at line 871 of file bulk_extractor_i.h.

◆ load_scanner()

void be13::plugin::load_scanner ( scanner_t  scanner,
const scanner_info::scanner_config sc 
)
static

Name of feature files that should be histogramed. The histogram should be done in the plug-in scanner plugin loading plugin system phase 0: Load a scanner.

As part of scanner loading:

  • pass configuration to the scanner
  • feature files that the scanner requires
  • Histograms that the scanner makes (see feature_recorder_set) This is called before scanners are enabled or disabled, so the pcap handlers need to be set afterwards

Definition at line 136 of file plugin.cpp.

References scanner_info::config, scanner_def::enabled, scanner_info::flags, scanner_params::info, scanner_def::info, feature_recorder_set::NO_INPUT, feature_recorder_set::NO_OUTDIR, feature_recorder_set::null_hasher, scanner_params::PHASE_STARTUP, scanner_def::scanner, scanner_info::SCANNER_DISABLED, and feature_recorder_set::SET_DISABLED.

◆ load_scanner_directories()

void be13::plugin::load_scanner_directories ( const std::vector< std::string > &  dirnames,
const scanner_info::scanner_config sc 
)
static

Definition at line 260 of file plugin.cpp.

◆ load_scanner_directory()

void be13::plugin::load_scanner_directory ( const std::string &  dirname,
const scanner_info::scanner_config sc 
)
static

Definition at line 236 of file plugin.cpp.

◆ load_scanner_file()

void be13::plugin::load_scanner_file ( std::string  fn,
const scanner_info::scanner_config sc 
)
static

Definition at line 178 of file plugin.cpp.

References debug.

◆ load_scanner_packet_handlers()

void be13::plugin::load_scanner_packet_handlers ( )
static

◆ load_scanners()

void be13::plugin::load_scanners ( scanner_t *const *  scanners_builtin,
const scanner_info::scanner_config sc 
)
static

Definition at line 229 of file plugin.cpp.

Referenced by main().

◆ message_enabled_scanners()

void be13::plugin::message_enabled_scanners ( scanner_params::phase_t  phase,
feature_recorder_set fs 
)
static

Definition at line 281 of file plugin.cpp.

◆ microsoftDateToISODate()

std::string microsoftDateToISODate ( const uint64_t &  time)
inline

◆ nshort()

◆ operator<<()

std::ostream& operator<< ( std::ostream &  os,
const class scanner_params sp 
)
inline

Definition at line 788 of file bulk_extractor_i.h.

References scanner_params::sbuf.

◆ operator=()

scanner_info& scanner_info::operator= ( const scanner_info i)
private

◆ packet_info() [1/2]

be13::packet_info::packet_info ( const int  dlt,
const struct pcap_pkthdr h,
const u_char *  d 
)
inline

Definition at line 327 of file bulk_extractor_i.h.

◆ packet_info() [2/2]

be13::packet_info::packet_info ( const int  dlt,
const struct pcap_pkthdr h,
const u_char *  d,
const struct timeval &  ts_,
const uint8_t d2,
size_t  dl2 
)
inline

create a packet, usually an IP packet.

Parameters
d- start of MAC packet
d2- start of IP data

Definition at line 324 of file bulk_extractor_i.h.

◆ phase_shutdown()

void be13::plugin::phase_shutdown ( feature_recorder_set fs,
std::stringstream *  sxml = 0 
)
static

PHASE_SHUTDOWN (formerly phase 2): shut down the scanners

Definition at line 395 of file plugin.cpp.

References scanner_params::PHASE_SHUTDOWN, and scanner_commands_processed.

Referenced by main(), and terminate().

◆ process_packet()

void be13::plugin::process_packet ( const be13::packet_info pi)
static

Process a pcap packet. Designed to be very efficient because we have so many packets.

Definition at line 707 of file plugin.cpp.

References packet_handlers.

Referenced by dl_ethernet(), dl_null(), dl_ppp(), dl_raw(), and TFCB::HandleLLC().

◆ process_sbuf()

◆ recursion_control_block()

recursion_control_block::recursion_control_block ( process_t callback_,
std::string  partName_ 
)
inline
Parameters
callback_- the function to call back
partName_- the part of the forensic path processed by this scanner.

Definition at line 799 of file bulk_extractor_i.h.

◆ safe_utf16to8()

std::string safe_utf16to8 ( std::wstring  s)
inline

Definition at line 876 of file bulk_extractor_i.h.

References utf8::utf16to8().

◆ safe_utf8to16()

std::wstring safe_utf8to16 ( std::string  s)
inline

Definition at line 887 of file bulk_extractor_i.h.

References utf8::utf8to16().

◆ scanner_config()

scanner_info::scanner_config::scanner_config ( )
inline

Definition at line 648 of file bulk_extractor_i.h.

◆ scanner_def()

scanner_def::scanner_def ( )
inline

Definition at line 810 of file bulk_extractor_i.h.

◆ scanner_info() [1/2]

scanner_info::scanner_info ( )
inline

Definition at line 656 of file bulk_extractor_i.h.

◆ scanner_info() [2/2]

scanner_info::scanner_info ( const scanner_info i)
private

◆ scanner_params() [1/4]

scanner_params::scanner_params ( const scanner_params sp_existing,
const sbuf_t sbuf_new 
)
inline

Construct a scanner_params for recursion from an existing sp and a new sbuf. Defaults to phase1

Definition at line 761 of file bulk_extractor_i.h.

References scanner_params::CURRENT_SP_VERSION, and scanner_params::sp_version.

◆ scanner_params() [2/4]

scanner_params::scanner_params ( phase_t  phase_,
const sbuf_t sbuf_,
class feature_recorder_set fs_ 
)
inline

Definition at line 747 of file bulk_extractor_i.h.

◆ scanner_params() [3/4]

scanner_params::scanner_params ( phase_t  phase_,
const sbuf_t sbuf_,
class feature_recorder_set fs_,
PrintOptions print_options_ 
)
inline

CONSTRUCTORS ***

Definition at line 740 of file bulk_extractor_i.h.

◆ scanner_params() [4/4]

scanner_params::scanner_params ( phase_t  phase_,
const sbuf_t sbuf_,
class feature_recorder_set fs_,
std::stringstream *  xmladd 
)
inline

Definition at line 753 of file bulk_extractor_i.h.

◆ scanners_disable()

void be13::plugin::scanners_disable ( const std::string &  name)
static

Definition at line 369 of file plugin.cpp.

References scanner_command::DISABLE, name, scanner_commands, and scanner_commands_processed.

Referenced by main().

◆ scanners_disable_all()

void be13::plugin::scanners_disable_all ( )
static

Scanner Commands (which one is enabled or disabled)

Definition at line 351 of file plugin.cpp.

References scanner_command::DISABLE_ALL, scanner_commands, and scanner_commands_processed.

Referenced by main().

◆ scanners_enable()

void be13::plugin::scanners_enable ( const std::string &  name)
static

Definition at line 363 of file plugin.cpp.

References scanner_command::ENABLE, name, scanner_commands, and scanner_commands_processed.

Referenced by main().

◆ scanners_enable_all()

void be13::plugin::scanners_enable_all ( )
static

Definition at line 357 of file plugin.cpp.

References scanner_command::ENABLE_ALL, scanner_commands, and scanner_commands_processed.

Referenced by main().

◆ scanners_init()

void be13::plugin::scanners_init ( feature_recorder_set fs)
static

Definition at line 339 of file plugin.cpp.

References scanner_params::PHASE_INIT, and scanner_commands_processed.

◆ scanners_process_enable_disable_commands()

void be13::plugin::scanners_process_enable_disable_commands ( )
static

◆ set_scanner_debug()

void be13::plugin::set_scanner_debug ( int  debug)
static

Definition at line 79 of file plugin.cpp.

References debug.

◆ set_scanner_enabled()

void be13::plugin::set_scanner_enabled ( const std::string &  name,
bool  enable 
)
static

return true a scanner is enabled

Definition at line 95 of file plugin.cpp.

References name, and scanner_info::SCANNER_NO_ALL.

◆ set_scanner_enabled_all()

void be13::plugin::set_scanner_enabled_all ( bool  enable)
static

Definition at line 111 of file plugin.cpp.

◆ setPrintMode()

static void scanner_params::setPrintMode ( PrintOptions po,
int  mode 
)
inlinestatic

◆ truncate_at()

void truncate_at ( std::string &  line,
char  ch 
)
inline

Definition at line 899 of file bulk_extractor_i.h.

Referenced by feature_recorder::dump_histogram_file().

◆ unixTimeToISODate()

std::string unixTimeToISODate ( const uint64_t &  t)
inline

Definition at line 934 of file bulk_extractor_i.h.

References gmtime_r().

◆ utos() [1/3]

std::string utos ( uint16_t  i)
inline

Definition at line 875 of file bulk_extractor_i.h.

◆ utos() [2/3]

std::string utos ( uint64_t  i)
inline

Definition at line 874 of file bulk_extractor_i.h.

◆ utos() [3/3]

std::string utos ( unsigned int  i)
inline

Definition at line 873 of file bulk_extractor_i.h.

◆ validASCIIName()

bool validASCIIName ( const std::string &  name)
inline

Definition at line 945 of file bulk_extractor_i.h.

References name.

◆ vlan()

int be13::packet_info::vlan ( ) const
inline

◆ ~scanner_config()

virtual scanner_info::scanner_config::~scanner_config ( )
inlinevirtual

Definition at line 649 of file bulk_extractor_i.h.

◆ ~scanner_info()

virtual scanner_info::~scanner_info ( )
inlinevirtual

Definition at line 690 of file bulk_extractor_i.h.

Variable Documentation

◆ addr [1/2]

ip4_addr_t be13::ip4_addr::addr

Definition at line 189 of file bulk_extractor_i.h.

Referenced by tcpdemux::process_ip4().

◆  [2/2]

union { ... } be13::ip6_addr::addr

Referenced by tcpdemux::process_ip6().

◆  [1/2]

uint16_t { ... } ::addr16[8]

Definition at line 230 of file bulk_extractor_i.h.

◆ addr16 [2/2]

uint16_t be13::ip6_addr::addr16[8]

Definition at line 230 of file bulk_extractor_i.h.

◆  [1/2]

uint32_t { ... } ::addr32[4]

Definition at line 231 of file bulk_extractor_i.h.

◆ addr32 [2/2]

uint32_t be13::ip6_addr::addr32[4]

Definition at line 231 of file bulk_extractor_i.h.

◆ addr8 [1/2]

uint8_t be13::ip6_addr::addr8[16]

Definition at line 229 of file bulk_extractor_i.h.

Referenced by tcpdemux::process_ip6().

◆  [2/2]

uint8_t { ... } ::addr8[16]

Definition at line 229 of file bulk_extractor_i.h.

◆ author

std::string scanner_info::author

Definition at line 662 of file bulk_extractor_i.h.

Referenced by scan_netviz(), scan_tcpdemux(), and scan_wifiviz().

◆ callback

process_t* recursion_control_block::callback

Definition at line 801 of file bulk_extractor_i.h.

◆ config

const scanner_config* scanner_info::config

Definition at line 673 of file bulk_extractor_i.h.

Referenced by be13::plugin::load_scanner(), and main().

◆ current_scanners

be13::plugin::scanner_vector be13::plugin::current_scanners
static

the vector of current scanners

Definition at line 822 of file bulk_extractor_i.h.

◆ CURRENT_SI_VERSION

const int scanner_info::CURRENT_SI_VERSION = 4
static

Definition at line 629 of file bulk_extractor_i.h.

◆ CURRENT_SP_VERSION

const int scanner_params::CURRENT_SP_VERSION =3
static

◆ debug

int scanner_info::scanner_config::debug

Definition at line 651 of file bulk_extractor_i.h.

◆ depth

const uint32_t scanner_params::depth

Definition at line 780 of file bulk_extractor_i.h.

Referenced by be13::plugin::process_sbuf().

◆ description

std::string scanner_info::description

Definition at line 663 of file bulk_extractor_i.h.

Referenced by scan_netviz(), and scan_wifiviz().

◆ dup_data_alerts

bool be13::plugin::dup_data_alerts = false
static

Definition at line 823 of file bulk_extractor_i.h.

◆ dup_data_encountered

uint64_t be13::plugin::dup_data_encountered = 0
static

Definition at line 824 of file bulk_extractor_i.h.

◆ enabled

bool scanner_def::enabled

Definition at line 812 of file bulk_extractor_i.h.

Referenced by be13::plugin::load_scanner().

◆ ether_addr_octet

uint8_t be13::ether_addr::ether_addr_octet[6]

Definition at line 169 of file bulk_extractor_i.h.

◆ ether_dhost

uint8_t be13::ether_header::ether_dhost[6]

Definition at line 174 of file bulk_extractor_i.h.

◆ ether_shost

uint8_t be13::ether_header::ether_shost[6]

Definition at line 175 of file bulk_extractor_i.h.

◆ ether_type

uint16_t be13::ether_header::ether_type

Definition at line 176 of file bulk_extractor_i.h.

Referenced by dl_ethernet(), and be13::packet_info::ether_type().

◆ feature_names

std::set<std::string> scanner_info::feature_names

Definition at line 667 of file bulk_extractor_i.h.

◆ flags

uint64_t scanner_info::flags

◆ fs

class feature_recorder_set& scanner_params::fs

Definition at line 779 of file bulk_extractor_i.h.

Referenced by be13::plugin::process_sbuf(), and scan_netviz().

◆ header [1/2]

const struct ip4* be13::ip4_dgram::header

Definition at line 219 of file bulk_extractor_i.h.

◆ header [2/2]

const struct ip6_hdr* be13::ip6_dgram::header

Definition at line 249 of file bulk_extractor_i.h.

◆ helpstream

std::stringstream scanner_info::helpstream
staticprivate

HELP and option processing ***

Definition at line 609 of file bulk_extractor_i.h.

Referenced by scanner_info::helpstr().

◆ histogram_defs

histogram_defs_t scanner_info::histogram_defs

◆ info [1/2]

scanner_info* scanner_params::info

◆ info [2/2]

◆ ip4_dst_off

const size_t be13::packet_info::ip4_dst_off = 16
static

Definition at line 303 of file bulk_extractor_i.h.

Referenced by be13::packet_info::get_ip4_dst().

◆ ip4_proto_off

const size_t be13::packet_info::ip4_proto_off = 9
static

◆ ip4_src_off

const size_t be13::packet_info::ip4_src_off = 12
static

Definition at line 302 of file bulk_extractor_i.h.

Referenced by be13::packet_info::get_ip4_src().

◆ 

union { ... } be13::ip6_hdr::ip6_ctlun

Referenced by tcpdemux::process_ip6().

◆ ip6_dst

struct ip6_addr be13::ip6_hdr::ip6_dst

Definition at line 231 of file bulk_extractor_i.h.

Referenced by tcpdemux::process_ip6().

◆ ip6_dst_off

const size_t be13::packet_info::ip6_dst_off = 24
static

Definition at line 308 of file bulk_extractor_i.h.

Referenced by be13::packet_info::get_ip6_dst().

◆ ip6_nxt_hdr_off

const size_t be13::packet_info::ip6_nxt_hdr_off = 6
static

◆ ip6_plen_off

const size_t be13::packet_info::ip6_plen_off = 4
static

Definition at line 306 of file bulk_extractor_i.h.

Referenced by be13::packet_info::get_ip6_plen().

◆ ip6_src

struct ip6_addr be13::ip6_hdr::ip6_src

Definition at line 231 of file bulk_extractor_i.h.

Referenced by tcpdemux::process_ip6().

◆ ip6_src_off

const size_t be13::packet_info::ip6_src_off = 8
static

Definition at line 307 of file bulk_extractor_i.h.

Referenced by be13::packet_info::get_ip6_src().

◆  [1/2]

struct { ... } ::ip6_hdrctl be13::ip6_hdr::ip6_un1

Referenced by tcpdemux::process_ip6().

◆  [2/2]

struct { ... } ::ip6_un1

◆  [1/2]

uint32_t { ... } ::ip6_hdrctl::ip6_un1_flow

Definition at line 237 of file bulk_extractor_i.h.

◆ ip6_un1_flow [2/2]

uint32_t be13::ip6_hdr::ip6_un1_flow

Definition at line 237 of file bulk_extractor_i.h.

◆ ip6_un1_hlim [1/2]

uint8_t be13::ip6_hdr::ip6_un1_hlim

Definition at line 240 of file bulk_extractor_i.h.

◆  [2/2]

uint8_t { ... } ::ip6_hdrctl::ip6_un1_hlim

Definition at line 240 of file bulk_extractor_i.h.

◆  [1/2]

uint8_t { ... } ::ip6_hdrctl::ip6_un1_nxt

Definition at line 239 of file bulk_extractor_i.h.

◆ ip6_un1_nxt [2/2]

uint8_t be13::ip6_hdr::ip6_un1_nxt

Definition at line 239 of file bulk_extractor_i.h.

◆  [1/2]

uint16_t { ... } ::ip6_hdrctl::ip6_un1_plen

Definition at line 238 of file bulk_extractor_i.h.

◆ ip6_un1_plen [2/2]

uint16_t be13::ip6_hdr::ip6_un1_plen

Definition at line 238 of file bulk_extractor_i.h.

◆  [1/2]

uint8_t { ... } ::ip6_un2_vfc

Definition at line 242 of file bulk_extractor_i.h.

◆ ip6_un2_vfc [2/2]

uint8_t be13::ip6_hdr::ip6_un2_vfc

Definition at line 242 of file bulk_extractor_i.h.

◆ ip_data

◆ ip_datalen

◆ ip_dst

struct ip4_addr ip_src be13::ip4::ip_dst

Definition at line 214 of file bulk_extractor_i.h.

Referenced by tcpdemux::process_ip4().

◆ ip_hl

uint8_t be13::ip4::ip_hl

Definition at line 197 of file bulk_extractor_i.h.

Referenced by tcpdemux::process_ip4().

◆ ip_id

uint16_t be13::ip4::ip_id

Definition at line 206 of file bulk_extractor_i.h.

◆ ip_len

uint16_t be13::ip4::ip_len

Definition at line 205 of file bulk_extractor_i.h.

Referenced by tcpdemux::process_ip4().

◆ ip_off

uint16_t be13::ip4::ip_off

Definition at line 207 of file bulk_extractor_i.h.

Referenced by tcpdemux::process_ip4().

◆ ip_p

uint8_t be13::ip4::ip_p

Definition at line 213 of file bulk_extractor_i.h.

Referenced by tcpdemux::process_ip4().

◆ ip_sum

uint16_t be13::ip4::ip_sum

Definition at line 214 of file bulk_extractor_i.h.

◆ ip_tos

uint8_t be13::ip4::ip_tos

Definition at line 204 of file bulk_extractor_i.h.

◆ ip_ttl

uint8_t be13::ip4::ip_ttl

Definition at line 212 of file bulk_extractor_i.h.

◆ ip_v

uint8_t be13::ip4::ip_v

Definition at line 198 of file bulk_extractor_i.h.

Referenced by be13::packet_info::ip_version().

◆ max_depth

uint32_t scanner_def::max_depth = 7
static

Definition at line 808 of file bulk_extractor_i.h.

Referenced by be13::plugin::process_sbuf().

◆ max_ngram

uint32_t scanner_def::max_ngram = 10
static

Definition at line 809 of file bulk_extractor_i.h.

Referenced by find_ngram_size().

◆ name

std::string scanner_info::name

Definition at line 661 of file bulk_extractor_i.h.

Referenced by scan_http(), scan_md5(), scan_netviz(), scan_tcpdemux(), and scan_wifiviz().

◆ namevals

config_t scanner_info::scanner_config::namevals

Definition at line 650 of file bulk_extractor_i.h.

Referenced by main().

◆ no_options

scanner_params::PrintOptions scanner_params::no_options
static

misc support SCANNER PLUG-IN SYSTEM

Definition at line 733 of file bulk_extractor_i.h.

◆ packet_cb

packet_callback_t* scanner_info::packet_cb

◆ packet_user

void* scanner_info::packet_user

◆ partName

std::string recursion_control_block::partName

Definition at line 802 of file bulk_extractor_i.h.

◆ pathPrefix

std::string scanner_def::pathPrefix

Definition at line 814 of file bulk_extractor_i.h.

◆ payload [1/2]

const uint8_t* be13::ip4_dgram::payload

Definition at line 220 of file bulk_extractor_i.h.

◆ payload [2/2]

const uint8_t* be13::ip6_dgram::payload

Definition at line 250 of file bulk_extractor_i.h.

◆ payload_len [1/2]

uint16_t be13::ip4_dgram::payload_len

Definition at line 221 of file bulk_extractor_i.h.

◆ payload_len [2/2]

uint16_t be13::ip6_dgram::payload_len

Definition at line 251 of file bulk_extractor_i.h.

◆ pcap_data

◆ pcap_dlt

const int be13::packet_info::pcap_dlt

Definition at line 330 of file bulk_extractor_i.h.

Referenced by tcpdemux::dissect_tcp(), and be13::packet_info::ether_type().

◆ pcap_hdr

◆ phase

const phase_t scanner_params::phase

Definition at line 777 of file bulk_extractor_i.h.

Referenced by scan_http(), scan_md5(), scan_netviz(), scan_tcpdemux(), and scan_wifiviz().

◆ print_options

PrintOptions& scanner_params::print_options

Definition at line 782 of file bulk_extractor_i.h.

◆ sbuf

const sbuf_t& scanner_params::sbuf

Definition at line 778 of file bulk_extractor_i.h.

Referenced by operator<<(), be13::plugin::process_sbuf(), scan_http(), and scan_md5().

◆ scanner

scanner_t* scanner_def::scanner

Definition at line 811 of file bulk_extractor_i.h.

Referenced by be13::plugin::load_scanner().

◆ SCANNER_DEPTH_0

const int scanner_info::SCANNER_DEPTH_0 = 0x100
static

Definition at line 628 of file bulk_extractor_i.h.

Referenced by be13::plugin::process_sbuf().

◆ SCANNER_DISABLED

const int scanner_info::SCANNER_DISABLED = 0x001
static

◆ SCANNER_FAST_FIND

const int scanner_info::SCANNER_FAST_FIND = 0x080
static

Definition at line 627 of file bulk_extractor_i.h.

◆ SCANNER_FIND_SCANNER

const int scanner_info::SCANNER_FIND_SCANNER = 0x008
static

◆ SCANNER_NO_ALL

const int scanner_info::SCANNER_NO_ALL = 0x004
static

◆ SCANNER_NO_USAGE

const int scanner_info::SCANNER_NO_USAGE = 0x002
static

◆ SCANNER_RECURSE

const int scanner_info::SCANNER_RECURSE = 0x010
static

Definition at line 624 of file bulk_extractor_i.h.

Referenced by scanner_info::flag_to_string().

◆ SCANNER_RECURSE_EXPAND

const int scanner_info::SCANNER_RECURSE_EXPAND = 0x020
static

Definition at line 625 of file bulk_extractor_i.h.

Referenced by scanner_info::flag_to_string().

◆ scanner_version

std::string scanner_info::scanner_version

Definition at line 665 of file bulk_extractor_i.h.

◆ SCANNER_WANTS_NGRAMS

const int scanner_info::SCANNER_WANTS_NGRAMS = 0x040
static

Definition at line 626 of file bulk_extractor_i.h.

Referenced by scanner_info::flag_to_string(), and be13::plugin::process_sbuf().

◆ si_version

int scanner_info::si_version

Definition at line 660 of file bulk_extractor_i.h.

◆ sp_version

const int scanner_params::sp_version

A scanner params with an empty info INSTANCE VARIABLES ***

Definition at line 776 of file bulk_extractor_i.h.

Referenced by scan_http(), scan_md5(), scan_netviz(), scan_tcpdemux(), scan_wifiviz(), and scanner_params::scanner_params().

◆ sxml

std::stringstream* scanner_params::sxml

Definition at line 784 of file bulk_extractor_i.h.

Referenced by scan_http(), scan_md5(), and scan_wifiviz().

◆ tcp_dport_off

const size_t be13::packet_info::tcp_dport_off = 2
static

◆ tcp_sport_off

const size_t be13::packet_info::tcp_sport_off = 0
static

◆ th_ack

tcp_seq be13::tcphdr::th_ack

Definition at line 263 of file bulk_extractor_i.h.

◆ th_dport

uint16_t be13::tcphdr::th_dport

◆ th_flags

uint8_t be13::tcphdr::th_flags

◆ th_off

uint8_t be13::tcphdr::th_off

Definition at line 266 of file bulk_extractor_i.h.

Referenced by tcpdemux::process_tcp(), and tcp_header_t::tcp_header_len().

◆ th_seq

tcp_seq be13::tcphdr::th_seq

Definition at line 262 of file bulk_extractor_i.h.

Referenced by tcpdemux::process_tcp(), and tcp_header_t::seq().

◆ th_sport

uint16_t be13::tcphdr::th_sport

◆ th_sum

uint16_t be13::tcphdr::th_sum

Definition at line 280 of file bulk_extractor_i.h.

◆ th_urp

uint16_t be13::tcphdr::th_urp

Definition at line 281 of file bulk_extractor_i.h.

◆ th_win

uint16_t be13::tcphdr::th_win

Definition at line 279 of file bulk_extractor_i.h.

◆ th_x2

uint8_t be13::tcphdr::th_x2

Definition at line 265 of file bulk_extractor_i.h.

◆ ts

const struct timeval& be13::packet_info::ts

Definition at line 333 of file bulk_extractor_i.h.

Referenced by tcpdemux::process_pkt(), and tcpdemux::process_tcp().

◆ url

std::string scanner_info::url

Definition at line 664 of file bulk_extractor_i.h.