unsigned int trace_mr_res_randomid (unsigned int oldid)
{
int rid = oldid;
#if defined (TRACING)
u_int32_t id;
unsigned buflen = 0;
char *buf = (char *)0;
isc_result_t status;
if (trace_playback ()) {
status = trace_get_packet (&trace_mr_randomid, &buflen, &buf);
if (status != ISC_R_SUCCESS) {
log_error ("trace_mr_statp: no statp packet found.");
return oldid;
}
if (buflen != sizeof id) {
log_error ("trace_mr_randomid: bogus length: %d",
buflen);
return oldid;
}
memcpy (&id, buf, sizeof id);
dfree (buf, MDL);
buf = (char *)0;
rid = ntohl (id);
}
if (trace_record ()) {
id = htonl (rid);
trace_write_packet (trace_mr_randomid,
sizeof id, (char *)&id, MDL);
}
#endif
return rid;
}
void trace_seed_stash (trace_type_t *ttype, unsigned seed)
{
u_int32_t outseed;
if (!trace_record ())
return;
outseed = htonl (seed);
trace_write_packet (ttype, sizeof outseed, (char *)&outseed, MDL);
return;
}
void trace_interface_register (trace_type_t *ttype, struct interface_info *ip)
{
trace_interface_packet_t tipkt;
if (trace_record ()) {
memset (&tipkt, 0, sizeof tipkt);
memcpy (&tipkt.hw_address,
&ip -> hw_address, sizeof ip -> hw_address);
memcpy (&tipkt.primary_address,
&ip -> primary_address, sizeof ip -> primary_address);
memcpy (tipkt.name, ip -> name, sizeof ip -> name);
tipkt.index = htonl (ip -> index);
trace_write_packet (ttype, sizeof tipkt, (char *)&tipkt, MDL);
}
}
off_t corsaro_file_write_packet(corsaro_t *corsaro,
corsaro_file_t *file, libtrace_packet_t *packet)
{
uint8_t *pkt_buf = NULL;
libtrace_linktype_t linktype;
switch(file->mode)
{
case CORSARO_FILE_MODE_ASCII:
assert(file->wand_io != NULL);
#ifdef HAVE_LIBPACKETDUMP
corsaro_log(__func__, corsaro,
"libpacketdump currently does not support dumping "
"to a file");
return 0;
#else
corsaro_log(__func__, corsaro,
"corsaro must be built with libpacketdump to dump "
"a packet to ASCII");
return 0;
#endif
break;
case CORSARO_FILE_MODE_BINARY:
assert(file->wand_io != NULL);
if((pkt_buf = trace_get_packet_buffer(packet,
&linktype, NULL)) == NULL)
{
corsaro_log(__func__, corsaro, "could not get packet buffer");
return -1;
}
return corsaro_file_write(corsaro, file, pkt_buf,
trace_get_capture_length(packet));
case CORSARO_FILE_MODE_TRACE:
assert(file->trace_io != NULL);
return trace_write_packet(file->trace_io, packet);
default:
corsaro_log(__func__, corsaro, "invalid corsaro file mode %d", file->mode);
return -1;
}
return -1;
}
static isc_result_t trace_type_record (trace_type_t *ttmp, unsigned slen,
const char *file, int line)
{
trace_index_mapping_t *tim;
isc_result_t status;
tim = dmalloc (slen + TRACE_INDEX_MAPPING_SIZE, file, line);
if (!tim)
return ISC_R_NOMEMORY;
ttmp -> index = ++traceindex;
trace_type_stash (ttmp);
tim -> index = htonl (ttmp -> index);
memcpy (tim -> name, ttmp -> name, slen);
status = trace_write_packet (trace_types [0],
slen + TRACE_INDEX_MAPPING_SIZE,
(char *)tim, file, line);
dfree (tim, file, line);
return status;
}
/* If you don't specify O_WONLY or O_RDWR on the fileflags, then this should
* fail.
*/
void test_forgotten_wronly()
{
libtrace_out_t *out;
libtrace_t *trace;
libtrace_packet_t *packet;
int err;
int zero = 0;
out = trace_create_output("pcapfile:traces/100_packets_out.pcap");
assert(out);
assert (!trace_is_err_output(out));
/* Note: no WRONLY/RDWR */
err = trace_config_output(out,TRACE_OPTION_OUTPUT_FILEFLAGS,&zero);
assert(err==0);
assert(!trace_is_err_output(out));
err = trace_start_output(out);
assert(err == 0);
assert(!trace_is_err_output(out));
trace = trace_create("pcapfile:traces/100_packets.pcap");
assert(trace);
assert(!trace_is_err(trace));
err = trace_start(trace);
assert(!trace_is_err(trace));
assert(err == 0);
packet = trace_create_packet();
assert(packet);
err = trace_read_packet(trace, packet);
assert(err>0);
err = trace_write_packet(out,packet);
assert(err == -1); /* Should fail */
assert(trace_is_err_output(out));
trace_destroy_output(out);
trace_destroy_packet(packet);
trace_destroy(trace);
}
int main(int argc, char *argv[]) {
int psize = 0;
int error = 0;
int count = 0;
int level = 0;
int expected = 100;
libtrace_t *trace;
libtrace_out_t *outtrace;
libtrace_packet_t *packet;
trace = trace_create(lookup_uri("pcap"));
iferr(trace);
outtrace = trace_create_output(lookup_out_uri("pcap"));
iferrout(outtrace);
level=0;
trace_config_output(outtrace,TRACE_OPTION_OUTPUT_COMPRESS,&level);
iferrout(outtrace);
trace_start(trace);
iferr(trace);
trace_start_output(outtrace);
iferrout(outtrace);
packet=trace_create_packet();
for (;;) {
if ((psize = trace_read_packet(trace, packet)) <0) {
error = 1;
break;
}
if (psize == 0) {
error = 0;
break;
}
count ++;
/* Force promotion */
if (trace_get_source_port(packet)==80) {
trace_set_direction(packet,TRACE_DIR_OUTGOING);
assert(trace_get_direction(packet)==TRACE_DIR_OUTGOING);
assert(trace_get_source_port(packet)==80);
}
else {
trace_set_direction(packet,TRACE_DIR_INCOMING);
assert(trace_get_direction(packet)==TRACE_DIR_INCOMING);
}
/* And then force demotion */
trace_write_packet(outtrace,packet);
iferrout(outtrace);
if (count>100)
break;
}
trace_destroy_packet(packet);
if (error == 0) {
if (count != expected) {
printf("failure: %d packets expected, %d seen\n",expected,count);
error = 1;
}
} else {
iferr(trace);
}
trace_destroy(trace);
trace_destroy_output(outtrace);
return error;
}
int main(int argc, char *argv[]) {
struct libtrace_t *input = NULL;
struct libtrace_out_t *in_write = NULL;
struct libtrace_out_t *out_write = NULL;
libtrace_err_t trace_err;
struct libtrace_packet_t *packet = trace_create_packet();
if (argc < 3) {
usage(argv[0]);
return 1;
}
input = trace_create(argv[1]);
if (trace_is_err(input)) {
trace_err = trace_get_err(input);
printf("Problem reading input trace: %s\n", trace_err.problem);
return 1;
}
if (trace_start(input)==-1) {
trace_perror(input,"Unable to start trace: %s",argv[1]);
return 1;
}
while(1) {
if (trace_read_packet(input, packet) < 1)
break;
switch(trace_get_direction(packet)) {
case TRACE_DIR_INCOMING:
if (!out_write) {
out_write = create_output(argv[3]);
if (!out_write)
return 1;
}
if (trace_write_packet(out_write, packet)==-1){
trace_perror_output(in_write,"write");
return 1;
}
break;
case TRACE_DIR_OUTGOING:
if (!in_write) {
in_write = create_output(argv[2]);
if (!in_write)
return 1;
}
if (trace_write_packet(in_write, packet)==-1) {
trace_perror_output(in_write,"write");
return 1;
}
break;
default:
ignored++;
}
}
if (out_write)
trace_destroy_output(out_write);
if (in_write)
trace_destroy_output(in_write);
trace_destroy(input);
trace_destroy_packet(packet);
if (ignored)
fprintf(stderr,"warning: Ignored %" PRIu64 " packets with unknown directions\n",
ignored);
return 0;
}
enum packetret parse_packet(libtrace_packet_t *pkt)
{
trace_write_packet(output, pkt);
return OUTPUTTED;
}
/* Return values:
* 1 = continue reading packets
* 0 = stop reading packets, cos we're done
* -1 = stop reading packets, we've got an error
*/
static int per_packet(libtrace_packet_t *packet) {
double ts = trace_get_seconds(packet);
if (trace_get_link_type(packet) == ~0U) {
fprintf(stderr, "Halted due to being unable to determine linktype - input trace may be corrupt.\n");
return -1;
}
if (snaplen>0) {
trace_set_capture_length(packet,snaplen);
}
if (ts <starttime) {
return 1;
}
if ( ts > endtime) {
//printf( "%f\t%f\n", ts, endtime);
return 0;
}
if (firsttime==0) {
time_t now = trace_get_seconds(packet);
if (starttime != 0.0) {
firsttime=now-((now - (int)starttime) % interval);
}
else {
firsttime=now;
}
}
if (output && trace_get_seconds(packet)>firsttime+interval) {
trace_destroy_output(output);
output=NULL;
firsttime+=interval;
}
if (output && pktcount%count==0) {
trace_destroy_output(output);
output=NULL;
}
pktcount++;
totbytes+=trace_get_capture_length(packet);
if (output && totbytes-totbyteslast>=bytes) {
trace_destroy_output(output);
output=NULL;
totbyteslast=totbytes;
}
if (!output) {
char *buffer;
bool need_ext=false;
if (maxfiles <= filescreated) {
return 0;
}
buffer=strdup(output_base);
if (interval!=UINT64_MAX && maxfiles>1) {
buffer=strdupcat(buffer,"-");
buffer=strdupcati(buffer,(uint64_t)firsttime);
need_ext=true;
}
if (count!=UINT64_MAX && maxfiles>1) {
buffer=strdupcat(buffer,"-");
buffer=strdupcati(buffer,(uint64_t)pktcount);
need_ext=true;
}
if (bytes!=UINT64_MAX && maxfiles>1) {
static int filenum=0;
buffer=strdupcat(buffer,"-");
buffer=strdupcati(buffer,(uint64_t)++filenum);
need_ext=true;
}
if (need_ext) {
if (compress_level!=0)
buffer=strdupcat(buffer,".gz");
}
if (verbose>1) {
fprintf(stderr,"%s:",buffer);
if (count!=UINT64_MAX)
fprintf(stderr," count=%" PRIu64,pktcount);
if (bytes!=UINT64_MAX)
fprintf(stderr," bytes=%" PRIu64,bytes);
if (interval!=UINT64_MAX) {
time_t filetime = firsttime;
fprintf(stderr," time=%s",ctime(&filetime));
}
else {
fprintf(stderr,"\n");
}
}
output=trace_create_output(buffer);
if (trace_is_err_output(output)) {
trace_perror_output(output,"%s",buffer);
free(buffer);
return -1;
}
if (compress_level!=-1) {
if (trace_config_output(output,
TRACE_OPTION_OUTPUT_COMPRESS,
&compress_level)==-1) {
trace_perror_output(output,"Unable to set compression level");
}
}
if (trace_config_output(output,
TRACE_OPTION_OUTPUT_COMPRESSTYPE,
&compress_type) == -1) {
trace_perror_output(output, "Unable to set compression type");
}
trace_start_output(output);
if (trace_is_err_output(output)) {
trace_perror_output(output,"%s",buffer);
free(buffer);
return -1;
}
free(buffer);
filescreated ++;
}
/* Some traces we have are padded (usually with 0x00), so
* lets sort that out now and truncate them properly
*/
if (trace_get_capture_length(packet)
> trace_get_wire_length(packet)) {
trace_set_capture_length(packet,trace_get_wire_length(packet));
}
if (trace_write_packet(output,packet)==-1) {
trace_perror_output(output,"write_packet");
return -1;
}
return 1;
}
static void pkt(struct lfc *lfc, void *pdata,
struct lfc_flow *lf, void *data,
double ts, bool up, bool is_new, libtrace_packet_t *pkt)
{
struct flow *f = data;
char *name, *uri;
libtrace_out_t *out;
if (f->ignore)
return;
if (is_new) {
/* find the flow by its id in the ARFF file, get output file name */
name = thash_uint_get(fd->cache, lf->id);
if (!name) {
cache_update();
name = thash_uint_get(fd->cache, lf->id);
if (!name) {
f->ignore = true;
thash_uint_set(fd->cache, lf->id, NULL);
return;
}
}
/* ignore flows with column values we are not interested in */
if (fd->value && !streq(fd->value, name)) {
f->ignore = true;
thash_uint_set(fd->cache, lf->id, NULL);
return;
}
/* get libtrace output file */
out = thash_get(fd->out_files, name);
if (!out) {
uri = mmatic_sprintf(fd->mm, "pcap:%s/%s.pcap", fd->dir, name);
out = trace_create_output(uri);
if (!out) {
cleanup();
die("trace_create_output(%s) failed\n", uri);
}
if (trace_is_err_output(out)) {
trace_perror_output(out, "Opening output trace file");
cleanup();
die("trace_create_output(%s) failed\n", uri);
}
if (trace_start_output(out) == -1) {
trace_perror_output(out, "Starting output trace");
cleanup();
die("trace_start_output(%s) failed\n", uri);
}
thash_set(fd->out_files, name, out);
}
f->out = out;
/* remove id from cache */
thash_uint_set(fd->cache, lf->id, NULL);
}
trace_write_packet(f->out, pkt);
if (trace_is_err_output(f->out)) {
trace_perror_output(f->out, "Writing packet to output trace file");
cleanup();
die("trace_write_packet() failed\n");
}
}
