void corsaro_file_close(corsaro_t *corsaro, corsaro_file_t *file)
{
switch(file->mode)
{
case CORSARO_FILE_MODE_ASCII:
case CORSARO_FILE_MODE_BINARY:
/* close the wandio object */
assert(file->wand_io != NULL);
wandio_wdestroy(file->wand_io);
file->wand_io = NULL;
break;
case CORSARO_FILE_MODE_TRACE:
assert(file->trace_io != NULL);
trace_destroy_output(file->trace_io);
file->trace_io = NULL;
break;
default:
assert(0);
}
free(file);
return;
}
static struct libtrace_out_t *create_output(char *uri) {
struct libtrace_out_t *output = NULL;
output = trace_create_output(uri);
if (trace_is_err_output(output)) {
trace_perror_output(output,"%s",uri);
trace_destroy_output(output);
return NULL;
}
/* Default values for now */
trace_start_output(output);
if (trace_is_err_output(output)) {
trace_perror_output(output,"%s",uri);
trace_destroy_output(output);
return NULL;
}
return output;
}
/* Creates an output trace and configures it according to our preferences */
static libtrace_out_t *create_output(int my_id) {
libtrace_out_t *out = NULL;
char name[1024];
const char * file_index = NULL;
const char * first_extension = NULL;
file_index = strrchr(outputfile, '/');
if (file_index)
first_extension = strchr(file_index, '.');
else
first_extension = strchr(name, '.');
if (first_extension) {
snprintf(name, sizeof(name), "%.*s-%d%s", (int) (first_extension - outputfile), outputfile, my_id, first_extension);
} else {
snprintf(name, sizeof(name), "%s-%d", outputfile, my_id);
}
out = trace_create_output(name);
assert(out);
if (compress_level >= 0 && trace_config_output(out,
TRACE_OPTION_OUTPUT_COMPRESS, &compress_level) == -1) {
trace_perror_output(out, "Configuring compression level");
trace_destroy_output(out);
exit(-1);
}
if (trace_config_output(out, TRACE_OPTION_OUTPUT_COMPRESSTYPE,
&compress_type) == -1) {
trace_perror_output(out, "Configuring compression type");
trace_destroy_output(out);
exit(-1);
}
if (trace_start_output(out)==-1) {
trace_perror_output(out,"trace_start_output");
trace_destroy_output(out);
exit(-1);
}
return out;
}
/* If you don't specify O_WONLY or O_RDWR on the fileflags, then this should
* fail.
*/
void test_forgotten_wronly()
{
libtrace_out_t *out;
libtrace_t *trace;
libtrace_packet_t *packet;
int err;
int zero = 0;
out = trace_create_output("pcapfile:traces/100_packets_out.pcap");
assert(out);
assert (!trace_is_err_output(out));
/* Note: no WRONLY/RDWR */
err = trace_config_output(out,TRACE_OPTION_OUTPUT_FILEFLAGS,&zero);
assert(err==0);
assert(!trace_is_err_output(out));
err = trace_start_output(out);
assert(err == 0);
assert(!trace_is_err_output(out));
trace = trace_create("pcapfile:traces/100_packets.pcap");
assert(trace);
assert(!trace_is_err(trace));
err = trace_start(trace);
assert(!trace_is_err(trace));
assert(err == 0);
packet = trace_create_packet();
assert(packet);
err = trace_read_packet(trace, packet);
assert(err>0);
err = trace_write_packet(out,packet);
assert(err == -1); /* Should fail */
assert(trace_is_err_output(out));
trace_destroy_output(out);
trace_destroy_packet(packet);
trace_destroy(trace);
}
int main(int argc, char *argv[]) {
int psize = 0;
int error = 0;
int count = 0;
int level = 0;
int expected = 100;
libtrace_t *trace;
libtrace_out_t *outtrace;
libtrace_packet_t *packet;
trace = trace_create(lookup_uri("pcap"));
iferr(trace);
outtrace = trace_create_output(lookup_out_uri("pcap"));
iferrout(outtrace);
level=0;
trace_config_output(outtrace,TRACE_OPTION_OUTPUT_COMPRESS,&level);
iferrout(outtrace);
trace_start(trace);
iferr(trace);
trace_start_output(outtrace);
iferrout(outtrace);
packet=trace_create_packet();
for (;;) {
if ((psize = trace_read_packet(trace, packet)) <0) {
error = 1;
break;
}
if (psize == 0) {
error = 0;
break;
}
count ++;
/* Force promotion */
if (trace_get_source_port(packet)==80) {
trace_set_direction(packet,TRACE_DIR_OUTGOING);
assert(trace_get_direction(packet)==TRACE_DIR_OUTGOING);
assert(trace_get_source_port(packet)==80);
}
else {
trace_set_direction(packet,TRACE_DIR_INCOMING);
assert(trace_get_direction(packet)==TRACE_DIR_INCOMING);
}
/* And then force demotion */
trace_write_packet(outtrace,packet);
iferrout(outtrace);
if (count>100)
break;
}
trace_destroy_packet(packet);
if (error == 0) {
if (count != expected) {
printf("failure: %d packets expected, %d seen\n",expected,count);
error = 1;
}
} else {
iferr(trace);
}
trace_destroy(trace);
trace_destroy_output(outtrace);
return error;
}
int main(int argc, char *argv[]) {
struct libtrace_t *input = NULL;
struct libtrace_out_t *in_write = NULL;
struct libtrace_out_t *out_write = NULL;
libtrace_err_t trace_err;
struct libtrace_packet_t *packet = trace_create_packet();
if (argc < 3) {
usage(argv[0]);
return 1;
}
input = trace_create(argv[1]);
if (trace_is_err(input)) {
trace_err = trace_get_err(input);
printf("Problem reading input trace: %s\n", trace_err.problem);
return 1;
}
if (trace_start(input)==-1) {
trace_perror(input,"Unable to start trace: %s",argv[1]);
return 1;
}
while(1) {
if (trace_read_packet(input, packet) < 1)
break;
switch(trace_get_direction(packet)) {
case TRACE_DIR_INCOMING:
if (!out_write) {
out_write = create_output(argv[3]);
if (!out_write)
return 1;
}
if (trace_write_packet(out_write, packet)==-1){
trace_perror_output(in_write,"write");
return 1;
}
break;
case TRACE_DIR_OUTGOING:
if (!in_write) {
in_write = create_output(argv[2]);
if (!in_write)
return 1;
}
if (trace_write_packet(in_write, packet)==-1) {
trace_perror_output(in_write,"write");
return 1;
}
break;
default:
ignored++;
}
}
if (out_write)
trace_destroy_output(out_write);
if (in_write)
trace_destroy_output(in_write);
trace_destroy(input);
trace_destroy_packet(packet);
if (ignored)
fprintf(stderr,"warning: Ignored %" PRIu64 " packets with unknown directions\n",
ignored);
return 0;
}
void cleanup()
{
trace_destroy_output(output);
}
/* Return values:
* 1 = continue reading packets
* 0 = stop reading packets, cos we're done
* -1 = stop reading packets, we've got an error
*/
static int per_packet(libtrace_packet_t *packet) {
double ts = trace_get_seconds(packet);
if (trace_get_link_type(packet) == ~0U) {
fprintf(stderr, "Halted due to being unable to determine linktype - input trace may be corrupt.\n");
return -1;
}
if (snaplen>0) {
trace_set_capture_length(packet,snaplen);
}
if (ts <starttime) {
return 1;
}
if ( ts > endtime) {
//printf( "%f\t%f\n", ts, endtime);
return 0;
}
if (firsttime==0) {
time_t now = trace_get_seconds(packet);
if (starttime != 0.0) {
firsttime=now-((now - (int)starttime) % interval);
}
else {
firsttime=now;
}
}
if (output && trace_get_seconds(packet)>firsttime+interval) {
trace_destroy_output(output);
output=NULL;
firsttime+=interval;
}
if (output && pktcount%count==0) {
trace_destroy_output(output);
output=NULL;
}
pktcount++;
totbytes+=trace_get_capture_length(packet);
if (output && totbytes-totbyteslast>=bytes) {
trace_destroy_output(output);
output=NULL;
totbyteslast=totbytes;
}
if (!output) {
char *buffer;
bool need_ext=false;
if (maxfiles <= filescreated) {
return 0;
}
buffer=strdup(output_base);
if (interval!=UINT64_MAX && maxfiles>1) {
buffer=strdupcat(buffer,"-");
buffer=strdupcati(buffer,(uint64_t)firsttime);
need_ext=true;
}
if (count!=UINT64_MAX && maxfiles>1) {
buffer=strdupcat(buffer,"-");
buffer=strdupcati(buffer,(uint64_t)pktcount);
need_ext=true;
}
if (bytes!=UINT64_MAX && maxfiles>1) {
static int filenum=0;
buffer=strdupcat(buffer,"-");
buffer=strdupcati(buffer,(uint64_t)++filenum);
need_ext=true;
}
if (need_ext) {
if (compress_level!=0)
buffer=strdupcat(buffer,".gz");
}
if (verbose>1) {
fprintf(stderr,"%s:",buffer);
if (count!=UINT64_MAX)
fprintf(stderr," count=%" PRIu64,pktcount);
if (bytes!=UINT64_MAX)
fprintf(stderr," bytes=%" PRIu64,bytes);
if (interval!=UINT64_MAX) {
time_t filetime = firsttime;
fprintf(stderr," time=%s",ctime(&filetime));
}
else {
fprintf(stderr,"\n");
}
}
output=trace_create_output(buffer);
if (trace_is_err_output(output)) {
trace_perror_output(output,"%s",buffer);
free(buffer);
return -1;
}
if (compress_level!=-1) {
if (trace_config_output(output,
TRACE_OPTION_OUTPUT_COMPRESS,
&compress_level)==-1) {
trace_perror_output(output,"Unable to set compression level");
}
}
if (trace_config_output(output,
TRACE_OPTION_OUTPUT_COMPRESSTYPE,
&compress_type) == -1) {
trace_perror_output(output, "Unable to set compression type");
}
trace_start_output(output);
if (trace_is_err_output(output)) {
trace_perror_output(output,"%s",buffer);
free(buffer);
return -1;
}
free(buffer);
filescreated ++;
}
/* Some traces we have are padded (usually with 0x00), so
* lets sort that out now and truncate them properly
*/
if (trace_get_capture_length(packet)
> trace_get_wire_length(packet)) {
trace_set_capture_length(packet,trace_get_wire_length(packet));
}
if (trace_write_packet(output,packet)==-1) {
trace_perror_output(output,"write_packet");
return -1;
}
return 1;
}
int main(int argc, char *argv[])
{
char *compress_type_str=NULL;
struct libtrace_filter_t *filter=NULL;
struct libtrace_t *input = NULL;
struct libtrace_packet_t *packet = trace_create_packet();
struct sigaction sigact;
int i;
if (argc<2) {
usage(argv[0]);
return 1;
}
/* Parse command line options */
while(1) {
int option_index;
struct option long_options[] = {
{ "filter", 1, 0, 'f' },
{ "count", 1, 0, 'c' },
{ "bytes", 1, 0, 'b' },
{ "starttime", 1, 0, 's' },
{ "endtime", 1, 0, 'e' },
{ "interval", 1, 0, 'i' },
{ "libtrace-help", 0, 0, 'H' },
{ "maxfiles", 1, 0, 'm' },
{ "snaplen", 1, 0, 'S' },
{ "verbose", 0, 0, 'v' },
{ "compress-level", 1, 0, 'z' },
{ "compress-type", 1, 0, 'Z' },
{ NULL, 0, 0, 0 },
};
int c=getopt_long(argc, argv, "f:c:b:s:e:i:m:S:Hvz:Z:",
long_options, &option_index);
if (c==-1)
break;
switch (c) {
case 'f': filter=trace_create_filter(optarg);
break;
case 'c': count=atoi(optarg);
break;
case 'b': bytes=atoi(optarg);
break;
case 's': starttime=atof(optarg); /* FIXME: use getdate */
break;
case 'e': endtime=atof(optarg);
break;
case 'i': interval=atoi(optarg);
break;
case 'm': maxfiles=atoi(optarg);
break;
case 'S': snaplen=atoi(optarg);
break;
case 'H':
trace_help();
exit(1);
break;
case 'v':
verbose++;
break;
case 'z':
compress_level=atoi(optarg);
if (compress_level<0 || compress_level>9) {
usage(argv[0]);
exit(1);
}
break;
case 'Z':
compress_type_str=optarg;
break;
default:
fprintf(stderr,"Unknown option: %c\n",c);
usage(argv[0]);
return 1;
}
}
if (compress_type_str == NULL && compress_level >= 0) {
fprintf(stderr, "Compression level set, but no compression type was defined, setting to gzip\n");
compress_type = TRACE_OPTION_COMPRESSTYPE_ZLIB;
}
else if (compress_type_str == NULL) {
/* If a level or type is not specified, use the "none"
* compression module */
compress_type = TRACE_OPTION_COMPRESSTYPE_NONE;
}
/* I decided to be fairly generous in what I accept for the
* compression type string */
else if (strncmp(compress_type_str, "gz", 2) == 0 ||
strncmp(compress_type_str, "zlib", 4) == 0) {
compress_type = TRACE_OPTION_COMPRESSTYPE_ZLIB;
} else if (strncmp(compress_type_str, "bz", 2) == 0) {
compress_type = TRACE_OPTION_COMPRESSTYPE_BZ2;
} else if (strncmp(compress_type_str, "lzo", 3) == 0) {
compress_type = TRACE_OPTION_COMPRESSTYPE_LZO;
} else if (strncmp(compress_type_str, "no", 2) == 0) {
compress_type = TRACE_OPTION_COMPRESSTYPE_NONE;
} else {
fprintf(stderr, "Unknown compression type: %s\n",
compress_type_str);
return 1;
}
if (optind+2>argc) {
fprintf(stderr,"missing inputuri or outputuri\n");
usage(argv[0]);
}
output_base = argv[argc - 1];
sigact.sa_handler = cleanup_signal;
sigemptyset(&sigact.sa_mask);
sigact.sa_flags = SA_RESTART;
sigaction(SIGINT, &sigact, NULL);
sigaction(SIGTERM, &sigact, NULL);
output=NULL;
signal(SIGINT,&cleanup_signal);
signal(SIGTERM,&cleanup_signal);
for (i = optind; i < argc - 1; i++) {
input = trace_create(argv[i]);
if (trace_is_err(input)) {
trace_perror(input,"%s",argv[i]);
return 1;
}
if (filter && trace_config(input, TRACE_OPTION_FILTER, filter) == 1) {
trace_perror(input, "Configuring filter for %s",
argv[i]);
return 1;
}
if (trace_start(input)==-1) {
trace_perror(input,"%s",argv[i]);
return 1;
}
while (trace_read_packet(input,packet)>0) {
if (per_packet(packet) < 1)
done = 1;
if (done)
break;
}
if (done)
break;
if (trace_is_err(input)) {
trace_perror(input,"Reading packets");
trace_destroy(input);
break;
}
trace_destroy(input);
}
if (verbose) {
uint64_t f;
f=trace_get_received_packets(input);
if (f!=UINT64_MAX)
fprintf(stderr,"%" PRIu64 " packets on input\n",f);
f=trace_get_filtered_packets(input);
if (f!=UINT64_MAX)
fprintf(stderr,"%" PRIu64 " packets filtered\n",f);
f=trace_get_dropped_packets(input);
if (f!=UINT64_MAX)
fprintf(stderr,"%" PRIu64 " packets dropped\n",f);
f=trace_get_accepted_packets(input);
if (f!=UINT64_MAX)
fprintf(stderr,"%" PRIu64 " packets accepted\n",f);
}
if (output)
trace_destroy_output(output);
trace_destroy_packet(packet);
return 0;
}
