tcpflow  1.6.1
About: tcpflow is a TCP/IP packet demultiplexer that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging.
  Fossies Dox: tcpflow-1.6.1.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

tcpflow.cpp File Reference
#include "config.h"
#include "tcpflow.h"
#include "tcpip.h"
#include "tcpdemux.h"
#include "bulk_extractor_i.h"
#include "iptree.h"
#include "be13_api/utils.h"
#include <string>
#include <vector>
#include <sys/types.h>
#include <dirent.h>
#include <getopt.h>
#include "inet_ntop.c"
Include dependency graph for tcpflow.cpp:

Go to the source code of this file.


struct  default_t


#define __MAIN_C__
#define ETH_ALEN   6
#define DEFAULT_REPORT_FILENAME   "report.xml"


static void usage (int level)
static void dfxml_create (class dfxml_writer &xreport, int argc, char *const *argv)
void replace (std::string &str, const std::string &from, const std::string &to)
void terminate (int sig)
static void droproot (tcpdemux &demux, const char *username, const char *chroot_dir)
void tcpflow_droproot (tcpdemux &demux)
static int process_infile (tcpdemux &demux, const std::string &expression, std::string &device, const std::string &infile)
static std::string be_hash_name ("md5")
static std::string be_hash_func (const uint8_t *buf, size_t bufsize)
int main (int argc, char *argv[])


const char * program_name = 0
const char * tcpflow_droproot_username = 0
const char * tcpflow_chroot_dir = 0
int packet_buffer_timeout = 10
scanner_info::scanner_config be_config
default_t defaults []
const char * progname = 0
int debug = 1
scanner_tscanners_builtin []
bool opt_no_promisc = false
static const struct option longopts []
feature_recorder_setthe_fs = 0
dfxml_writer * xreport = 0
pcap_tpd = 0
static feature_recorder_set::hash_def be_hash (be_hash_name, be_hash_func)

Macro Definition Documentation

◆ __MAIN_C__

#define __MAIN_C__

Definition at line 10 of file tcpflow.cpp.


#define DEFAULT_REPORT_FILENAME   "report.xml"

Definition at line 79 of file tcpflow.cpp.


#define ETH_ALEN   6

Definition at line 34 of file tcpflow.cpp.

Function Documentation

◆ be_hash_func()

static std::string be_hash_func ( const uint8_t buf,
size_t  bufsize 

Definition at line 547 of file tcpflow.cpp.

References be_hash_name(), and hash_generator__< md, SIZE >::hash_buf().

◆ be_hash_name()

static std::string be_hash_name ( "md5"  )

Referenced by be_hash_func().

◆ dfxml_create()

static void dfxml_create ( class dfxml_writer &  xreport,
int  argc,
char *const *  argv 

Create the dfxml output

Definition at line 207 of file tcpflow.cpp.

References PACKAGE_NAME, PACKAGE_VERSION, and xreport.

Referenced by main().

◆ droproot()

static void droproot ( tcpdemux demux,
const char *  username,
const char *  chroot_dir 

Definition at line 333 of file tcpflow.cpp.

References program_name, and tcpdemux::xreport.

Referenced by tcpflow_droproot().

◆ main()

int main ( int  argc,
char *  argv[] 

Definition at line 565 of file tcpflow.cpp.

References tcpdemux::alter_processing_core(), be_config, be_hash, scanner_info::config, tcpdemux::options::console_output, tcpdemux::options::console_output_nonewline, datalink_tdelta, debug, DEBUG, debug_prefix, DEFAULT_DEBUG_LEVEL, DEFAULT_REPORT_FILENAME, dfxml_create(), die(), err(), flow::filename_template, tcpdemux::flow_counter, tcpdemux::flow_map, tcpdemux::fs, scanner_info::get_config(), be13::plugin::get_scanner_feature_file_names(), tcpdemux::getInstance(), tcpdemux::options::gzip_decompress, be13::plugin::info_scanners(), feature_recorder_set::init(), init_debug(), be13::plugin::load_scanners(), longopts, tcpdemux::options::max_bytes_per_flow, tcpdemux::max_fds, tcpdemux::max_open_flows, tcpdemux::options::max_seek, MKDIR, name, scanner_info::scanner_config::namevals, feature_recorder_set::NO_ALERT, tcpdemux::open_flows, tcpdemux::opt, tcpdemux::options::opt_md5, opt_no_promisc, tcpdemux::outdir, flow::outdir, tcpdemux::options::output_hex, tcpdemux::options::output_json, tcpdemux::options::output_packet_index, tcpdemux::options::output_pcap, tcpdemux::options::output_strip_nonprint, PACKAGE_NAME, PACKAGE_VERSION, packet_buffer_timeout, tcpdemux::packet_counter, be13::plugin::phase_shutdown(), tcpdemux::options::post_processing, process_infile(), progname, program_name, tcpdemux::remove_all_flows(), replace(), tcpdemux::save_unk_packets(), scanners_builtin, be13::plugin::scanners_disable(), be13::plugin::scanners_disable_all(), be13::plugin::scanners_enable(), be13::plugin::scanners_enable_all(), be13::plugin::scanners_process_enable_disable_commands(), feature_recorder::set_main_threadid(), sbuf_t::set_map_file_delimiter(), intrusive_list< T >::size(), split(), ssprintf(), tcpdemux::start_new_connections, tcpdemux::options::store_output, tcpdemux::options::suppress_header, tcpflow_chroot_dir, tcpflow_droproot_username, the_fs, usage(), tcpdemux::options::use_color, tcpdemux::WARN_TOO_MANY_FILES, tcpdemux::xreport, and xreport.

◆ process_infile()

static int process_infile ( tcpdemux demux,
const std::string &  expression,
std::string &  device,
const std::string &  infile 

◆ replace()

void replace ( std::string &  str,
const std::string &  from,
const std::string &  to 

Definition at line 221 of file tcpflow.cpp.

Referenced by main().

◆ tcpflow_droproot()

void tcpflow_droproot ( tcpdemux demux)

Perform the droproot operation for tcpflow. This needs to be called immediately after pcap_open()

Definition at line 409 of file tcpflow.cpp.

References droproot(), tcpflow_chroot_dir, and tcpflow_droproot_username.

Referenced by process_infile().

◆ terminate()

void terminate ( int  sig)

Definition at line 244 of file tcpflow.cpp.

References DEBUG, pd, be13::plugin::phase_shutdown(), and the_fs.

Referenced by process_infile().

◆ usage()

Variable Documentation

◆ be_config

Definition at line 52 of file tcpflow.cpp.

Referenced by main().

◆ be_hash

◆ debug

int debug = 1

Definition at line 71 of file tcpflow.cpp.

Referenced by main().

◆ defaults

default_t defaults[]
Initial value:
= {
{"tdelta","0","Time delta in seconds"},
{"packet-buffer-timeout", "10", "Time in milliseconds between each callback from libpcap"},

Definition at line 60 of file tcpflow.cpp.

Referenced by usage().

◆ longopts

const struct option longopts[]
Initial value:
= {
{ "chroot", required_argument, NULL, 'z' },
{ "help", no_argument, NULL, 'h' },
{ "relinquish-privileges", required_argument, NULL, 'U' },
{ "verbose", no_argument, NULL, 'v' },
{ "version", no_argument, NULL, 'V' },
{ NULL, 0, NULL, 0 }

Definition at line 97 of file tcpflow.cpp.

Referenced by main().

◆ opt_no_promisc

bool opt_no_promisc = false

Definition at line 97 of file tcpflow.cpp.

Referenced by main(), and process_infile().

◆ packet_buffer_timeout

int packet_buffer_timeout = 10

Definition at line 50 of file tcpflow.cpp.

Referenced by main(), and process_infile().

◆ pd

pcap_t* pd = 0

Definition at line 243 of file tcpflow.cpp.

Referenced by process_infile(), and terminate().

◆ progname

const char* progname = 0

Definition at line 70 of file tcpflow.cpp.

Referenced by main(), tcpip::print_packet(), and usage().

◆ program_name

const char* program_name = 0

Definition at line 46 of file tcpflow.cpp.

Referenced by droproot(), and main().

◆ scanners_builtin

scanner_t* scanners_builtin[]
Initial value:
= {
scanner_t scan_md5
Definition: tcpflow.h:317
scanner_t scan_http
Definition: tcpflow.h:318
scanner_t scan_netviz
Definition: tcpflow.h:321
scanner_t scan_tcpdemux
Definition: tcpflow.h:320


Definition at line 85 of file tcpflow.cpp.

Referenced by be13::plugin::info_scanners(), main(), and usage().

◆ tcpflow_chroot_dir

const char* tcpflow_chroot_dir = 0

Definition at line 48 of file tcpflow.cpp.

Referenced by main(), and tcpflow_droproot().

◆ tcpflow_droproot_username

const char* tcpflow_droproot_username = 0

Definition at line 47 of file tcpflow.cpp.

Referenced by main(), and tcpflow_droproot().

◆ the_fs

feature_recorder_set* the_fs = 0

Definition at line 241 of file tcpflow.cpp.

Referenced by main(), and terminate().

◆ xreport

dfxml_writer* xreport = 0

Definition at line 242 of file tcpflow.cpp.

Referenced by dfxml_create(), tcpip::dump_xml(), and main().