Author image Matt Sisk
and 1 contributors

NAME

Net::Nmsg::Input - Perl interface for nmsg inputs

SYNOPSIS

  use Net::Nmsg::Input;
  use Net::Nmsg::Output;

  my $in  = Net::Nmsg::Input->open('input.nmsg');
  my $out = Net::Nmsg::Output->open('output.nmsg');

  my $c = 0;

  while (my $msg = $in->read) {
    print "got message $c $msg\n";
    $out->write($msg);
    +$c;
  }

  # alternatively:

  my $cb = sub {
    print "got message $c ", shift, "\n"
    $out->write($msg);
    ++$c;
  };
  $in->loop($cb);

DESCRIPTION

Net::Nmsg::Input is the base class of a set format-specific input classes which provide perl interfaces for the Net::Nmsg::XS::input extension.

CONSTRUCTORS

open($spec, %options)

Creates a new input object from the given specification. A reasonable attempt is made to determine whether the specification is a file name (nmsg, pcap), file handle (nmsg), channel alias or socket specification (nmsg), or network device name (pcap), and is opened accordingly. If for some reason this reasonable guess is not so reasonable, use one of the specific open calls detailed below. The class of the returned object depends on the apparent format of the input.

The resulting object can be treated like an IO handle. The following both work:

  while (my $msg = <$in>) {
    # deal with $msg
  }

  while (my $msg = $in->read()) {
    # deal with $msg
  }

Options, where applicable, are valid for the more specific open calls detailed further below. Available options:

filter_vendor
filter_msgtype

Filter incoming messages based on the given vendor/msgtype. Both are required if filtering is desired. Values can either be by name or numeric id.

filter_source

Filter incoming messages based on the given source (nmsg only).

filter_operator

Filter incoming messages based on the given operator (nmsg only).

filter_group

Filter incoming messages based on the given group (nmsg only).

blocking_io

Specify whether or not this input is blocking or not.

rcvbuf

Set the receive buffer size (socket only)

bpf

Specify a Berkley Packet Filter (pcap file/interface only)

snaplen

Packet capture size (live interface only)

promisc

Promiscuous mode (live interface only)

open_file($spec, %options)

Opens an input in nmsg format, as specified by file name or file handle.

open_json($spec, %options)

Opens an input in JSON format, as specified by file name or file handle.

open_sock($spec, %options)

Opens an input socket as specified by "host/port" or socket handle. The host and port can also be passed as separate arguments.

open_pres($spec, %options)

Opens an input in nmsg presentation format, as specified by file name. The 'filter_vendor' and 'filter_msgtype' options are required.

open_pcap($spec, %options)

Opens an input in pcap format, as specified by file name. The 'filter_vendor' and 'filter_msgtype' options are required.

open_iface($spec, %options)

Opens an input in pcap format, as specified by interface name. The 'filter_vendor' and 'filter_msgtype' options are required.

ACCESSORS

set_msgtype($vendor, $msgtype)
get_msgtype()
set_filter_source($source)
get_filter_source()
set_filter_operator($operator)
get_filter_operator()
set_filter_group($group)
get_filter_group()
set_blocking_io($bool)
get_blocking_io()
set_bpf($bpf)
get_bpf()
set_snaplen($len)
get_snaplen()
set_promisc($bool)
get_promisc()

METHODS

read()

Returns the next message from this input, if available, as a Net::Nmsg::Msg object.

loop($callback, [$count])

Initiate processing of this input source, passing messages to the given code reference. Callbacks receive a single Net::Nmsg::Msg reference as an argument. An optional parameter count stops the loop after that many messages have been returned via the callback.

SEE ALSO

Net::Nmsg, Net::Nmsg::IO, Net::Nmsg::Output, Net::Nmsg::Msg, nmsgtool(1)

AUTHOR

Matthew Sisk, <sisk@cert.org>

COPYRIGHT & LICENSE

Copyright (C) 2010-2015 by Carnegie Mellon University

Use of the Net-Silk library and related source code is subject to the terms of the following licenses:

GNU Public License (GPL) Rights pursuant to Version 2, June 1991 Government Purpose License Rights (GPLR) pursuant to DFARS 252.227.7013

NO WARRANTY

See GPL.txt and LICENSE.txt for more details.