Operator PacketFileSink

PacketFileSink is an operator that writes network packets into 'packet capture (PCAP)' files. Each input tuple must contain a complete network packet, including all network headers, in an attribute of type blob, such as produced by Packet*Source operators in this toolkit.

Dependencies

The PacketFileSink operator depends upon the Linux 'packet capture library (libpcap)'. The library must be installed on the machine where this operator executes. For instructions on installing this library, see the PacketFileSource operator.

Threads

The PacketFileSink operator runs on the thread of the upstream operator that sends tuples to it. The 'libpcap' library buffers its file output, but disk writes are synchronous and may temporarily block the upstream operator.

Exceptions

The PacketFileSource operator will throw an exception and terminate in these situations:

Example

use com.teracloud.streams.network.sink::PacketFileSink;
use com.teracloud.streams.network.source::*;
composite Main {
    type
      PacketType =
          uint64 packetNumber,  // sequence number of packet, as emitted by operator
          float64 packetTime,   // time that packet was captured, in seconds since Unix epoch
          uint32 packetLength,  // original length of packet (not necessarily all captured)
          blob packetData;      // contents of packet captured, including network headers (possibly truncated)

    graph
      stream<PacketType> PacketStream = PacketFileSource() {
          param
              pcapFilename: getSubmissionTimeValue("inputFilename", "data/sample_dns+dhcp.pcap" );
              metricsInterval: 0.0;
          output PacketStream:
              packetNumber = packetsProcessed() - 1ul,
              packetTime = (float64)CAPTURE_SECONDS() + (float64)CAPTURE_MICROSECONDS() / 1000000.0,
              packetLength = PACKET_LENGTH(),
              packetData = PACKET_DATA();
      }

      () as Out = PacketFileSink(PacketStream) {
        param
          pcapFilename: "./data/debug.PacketStream.pcap";
          packetAttribute: packetData;
          timestampAttribute: packetTime;
      }
}

Summary

Ports

This operator has 1 input port and 0 output ports.

Windowing

This operator does not accept any windowing configurations.

Parameters

This operator supports 4 parameters.

Required: packetAttribute, pcapFilename, timestampAttribute

Optional: timestampMicrosecondsAttribute

Metrics

This operator does not report any metrics.

Properties

Implementation

C++

Threading

Always - Operator always provides a single threaded execution context.

Input Ports

Ports (0)

Properties

• Optional: false

• ControlPort: false
• TupleMutationAllowed: false
• WindowingMode: NonWindowed
• WindowPunctuationInputMode: Oblivious

Parameters

Required: packetAttribute, pcapFilename, timestampAttribute

Optional: timestampMicrosecondsAttribute

packetAttribute

This required parameter specifies an input attribute of type blob that contains a packet to be written into the output file specified by the pcapFilenae attribute. The attribute must contain a complete network packet, including all network headers. For example, the PacketXxxxSource operators in this toolkit can create tuples with such attributes.

Properties

• Type: blob
• Cardinality: 1
• Optional: false
• ExpressionMode: Attribute

pcapFilename

This parameter takes an expression of type rstring that specifies the pathname of an output PCAP file for the operator to write.

Properties

• Type: rstring
• Cardinality: 1
• Optional: false
• ExpressionMode: Expression

timestampAttribute

This required parameter specifies an input attribute that contains the timestamp of the packet in the packetAttribute attribute. It may be of type float, int64, uint64, uint32, or timestamp. If this attribute is of type int64, uint64 or uint32, then the optional parameter timestampMicrosecondsAttribute may also be specified.

Properties

• Cardinality: 1
• Optional: false
• ExpressionMode: Attribute

timestampMicrosecondsAttribute

This optional parameter specifies an input attribute that contains the microseconds portion of the timestamp of the packet in the packetAttribute attribute, when that attribute is of type int64, uint64 or uint32. This attribute may be of type uint64 or uint32.

If the type of the timestampAttribute attribute is int64, uint64 or uint32 and the timestampMicrosecondsAttribute attribute is not specified, the microseconds portion of the timestamp of the packet will be set to zero.

Properties

• Cardinality: 1
• Optional: true
• ExpressionMode: Attribute

Code Templates

PacketFileSink

() as ${opInvocationName} = com.teracloud.streams.network.sink::PacketFileSink(${inputStream}) {
  param
      packetAttribute: ${inputStream-blob-attribute};
      pcapFilename: "${filename}";
      timestampAttribute: ${inputStream-attribute};
      ${parameter}: ${parameterExpression};
}
      

Libraries

Command: ../../impl/bin/libpcapPath.pl

Include Path: ../../impl/include

No description for library.

Library Name: boost_filesystem

No description for library.

Library Name: boost_system