line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
1
|
|
|
1
|
|
322
|
use strict; |
|
1
|
|
|
|
|
1
|
|
|
1
|
|
|
|
|
20
|
|
2
|
1
|
|
|
1
|
|
3
|
use warnings; |
|
1
|
|
|
|
|
1
|
|
|
1
|
|
|
|
|
29
|
|
3
|
|
|
|
|
|
|
|
4
|
|
|
|
|
|
|
package Net::Inspect::L2::Pcap; |
5
|
1
|
|
|
1
|
|
183
|
use Net::Pcap qw(pcap_datalink :datalink); |
|
0
|
|
|
|
|
|
|
|
0
|
|
|
|
|
|
|
6
|
|
|
|
|
|
|
use base 'Net::Inspect::Flow'; |
7
|
|
|
|
|
|
|
use fields qw(offset); |
8
|
|
|
|
|
|
|
|
9
|
|
|
|
|
|
|
sub new { |
10
|
|
|
|
|
|
|
my ($class,$pcap,$flow) = @_; |
11
|
|
|
|
|
|
|
my $linktype = ref($pcap) ? pcap_datalink($pcap) : $pcap; |
12
|
|
|
|
|
|
|
my $offset = |
13
|
|
|
|
|
|
|
($linktype == DLT_EN10MB) ? 14 : |
14
|
|
|
|
|
|
|
($linktype == DLT_LOOP) ? 4 : |
15
|
|
|
|
|
|
|
($linktype == DLT_NULL) ? 4 : |
16
|
|
|
|
|
|
|
($linktype == DLT_LINUX_SLL) ? 16 : |
17
|
|
|
|
|
|
|
($linktype == DLT_RAW) ? 0 : |
18
|
|
|
|
|
|
|
die "cannot handle linktype $linktype"; |
19
|
|
|
|
|
|
|
|
20
|
|
|
|
|
|
|
my $self = $class->SUPER::new($flow); |
21
|
|
|
|
|
|
|
$self->{offset} = $offset; |
22
|
|
|
|
|
|
|
return $self; |
23
|
|
|
|
|
|
|
} |
24
|
|
|
|
|
|
|
|
25
|
|
|
|
|
|
|
sub pktin { |
26
|
|
|
|
|
|
|
my Net::Inspect::L2::Pcap $self = shift; |
27
|
|
|
|
|
|
|
my ($data,$hdr) = @_; |
28
|
|
|
|
|
|
|
if ( $hdr->{caplen} > $hdr->{len} ) { |
29
|
|
|
|
|
|
|
$data = substr($data,0,$hdr->{len}); |
30
|
|
|
|
|
|
|
} elsif ( $hdr->{caplen} < $hdr->{len} ) { |
31
|
|
|
|
|
|
|
warn "packet truncated\n"; |
32
|
|
|
|
|
|
|
return 1; |
33
|
|
|
|
|
|
|
} |
34
|
|
|
|
|
|
|
|
35
|
|
|
|
|
|
|
my $time = $hdr->{tv_sec} + $hdr->{tv_usec}/1000_000; |
36
|
|
|
|
|
|
|
$data = substr($data,$self->{offset}) if $self->{offset}; |
37
|
|
|
|
|
|
|
|
38
|
|
|
|
|
|
|
$self->{upper_flow}->pktin($data,$time); |
39
|
|
|
|
|
|
|
return 1; |
40
|
|
|
|
|
|
|
} |
41
|
|
|
|
|
|
|
1; |
42
|
|
|
|
|
|
|
|
43
|
|
|
|
|
|
|
__END__ |