pktscope-core 0.2.0

Core engine for pktscope: live/offline capture, protocol decoders, flow tracking, filters, and egress monitoring
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

use std::sync::Arc;
use std::sync::atomic::{AtomicBool, AtomicU64};

use super::{Linktype, RawPacket, capture_loop};

pub fn start_live_capture(
    interface: &str,
    bpf_filter: Option<&str>,
    snaplen: i32,
    tx: crossbeam_channel::Sender<RawPacket>,
    stop: Arc<AtomicBool>,
) -> anyhow::Result<std::thread::JoinHandle<anyhow::Result<()>>> {
    let mut cap = pcap::Capture::from_device(interface)?
        .snaplen(snaplen)
        .promisc(true)
        .timeout(100)
        .open()?;

    if let Some(filter) = bpf_filter {
        cap.filter(filter, true)?;
    }

    let linktype = Linktype::from(cap.get_datalink());

    let handle = std::thread::Builder::new()
        .name("capture".into())
        .spawn(move || {
            let counter = AtomicU64::new(0);
            capture_loop(cap, tx, stop, linktype, &counter)
        })?;

    Ok(handle)
}