static struct libtrace_out_t *create_output(char *uri) {
struct libtrace_out_t *output = NULL;
output = trace_create_output(uri);
if (trace_is_err_output(output)) {
trace_perror_output(output,"%s",uri);
trace_destroy_output(output);
return NULL;
}
/* Default values for now */
trace_start_output(output);
if (trace_is_err_output(output)) {
trace_perror_output(output,"%s",uri);
trace_destroy_output(output);
return NULL;
}
return output;
}
/* If you don't specify O_WONLY or O_RDWR on the fileflags, then this should
* fail.
*/
void test_forgotten_wronly()
{
libtrace_out_t *out;
libtrace_t *trace;
libtrace_packet_t *packet;
int err;
int zero = 0;
out = trace_create_output("pcapfile:traces/100_packets_out.pcap");
assert(out);
assert (!trace_is_err_output(out));
/* Note: no WRONLY/RDWR */
err = trace_config_output(out,TRACE_OPTION_OUTPUT_FILEFLAGS,&zero);
assert(err==0);
assert(!trace_is_err_output(out));
err = trace_start_output(out);
assert(err == 0);
assert(!trace_is_err_output(out));
trace = trace_create("pcapfile:traces/100_packets.pcap");
assert(trace);
assert(!trace_is_err(trace));
err = trace_start(trace);
assert(!trace_is_err(trace));
assert(err == 0);
packet = trace_create_packet();
assert(packet);
err = trace_read_packet(trace, packet);
assert(err>0);
err = trace_write_packet(out,packet);
assert(err == -1); /* Should fail */
assert(trace_is_err_output(out));
trace_destroy_output(out);
trace_destroy_packet(packet);
trace_destroy(trace);
}
/* Return values:
* 1 = continue reading packets
* 0 = stop reading packets, cos we're done
* -1 = stop reading packets, we've got an error
*/
static int per_packet(libtrace_packet_t *packet) {
double ts = trace_get_seconds(packet);
if (trace_get_link_type(packet) == ~0U) {
fprintf(stderr, "Halted due to being unable to determine linktype - input trace may be corrupt.\n");
return -1;
}
if (snaplen>0) {
trace_set_capture_length(packet,snaplen);
}
if (ts <starttime) {
return 1;
}
if ( ts > endtime) {
//printf( "%f\t%f\n", ts, endtime);
return 0;
}
if (firsttime==0) {
time_t now = trace_get_seconds(packet);
if (starttime != 0.0) {
firsttime=now-((now - (int)starttime) % interval);
}
else {
firsttime=now;
}
}
if (output && trace_get_seconds(packet)>firsttime+interval) {
trace_destroy_output(output);
output=NULL;
firsttime+=interval;
}
if (output && pktcount%count==0) {
trace_destroy_output(output);
output=NULL;
}
pktcount++;
totbytes+=trace_get_capture_length(packet);
if (output && totbytes-totbyteslast>=bytes) {
trace_destroy_output(output);
output=NULL;
totbyteslast=totbytes;
}
if (!output) {
char *buffer;
bool need_ext=false;
if (maxfiles <= filescreated) {
return 0;
}
buffer=strdup(output_base);
if (interval!=UINT64_MAX && maxfiles>1) {
buffer=strdupcat(buffer,"-");
buffer=strdupcati(buffer,(uint64_t)firsttime);
need_ext=true;
}
if (count!=UINT64_MAX && maxfiles>1) {
buffer=strdupcat(buffer,"-");
buffer=strdupcati(buffer,(uint64_t)pktcount);
need_ext=true;
}
if (bytes!=UINT64_MAX && maxfiles>1) {
static int filenum=0;
buffer=strdupcat(buffer,"-");
buffer=strdupcati(buffer,(uint64_t)++filenum);
need_ext=true;
}
if (need_ext) {
if (compress_level!=0)
buffer=strdupcat(buffer,".gz");
}
if (verbose>1) {
fprintf(stderr,"%s:",buffer);
if (count!=UINT64_MAX)
fprintf(stderr," count=%" PRIu64,pktcount);
if (bytes!=UINT64_MAX)
fprintf(stderr," bytes=%" PRIu64,bytes);
if (interval!=UINT64_MAX) {
time_t filetime = firsttime;
fprintf(stderr," time=%s",ctime(&filetime));
}
else {
fprintf(stderr,"\n");
}
}
output=trace_create_output(buffer);
if (trace_is_err_output(output)) {
trace_perror_output(output,"%s",buffer);
free(buffer);
return -1;
}
if (compress_level!=-1) {
if (trace_config_output(output,
TRACE_OPTION_OUTPUT_COMPRESS,
&compress_level)==-1) {
trace_perror_output(output,"Unable to set compression level");
}
}
if (trace_config_output(output,
TRACE_OPTION_OUTPUT_COMPRESSTYPE,
&compress_type) == -1) {
trace_perror_output(output, "Unable to set compression type");
}
trace_start_output(output);
if (trace_is_err_output(output)) {
trace_perror_output(output,"%s",buffer);
free(buffer);
return -1;
}
free(buffer);
filescreated ++;
}
/* Some traces we have are padded (usually with 0x00), so
* lets sort that out now and truncate them properly
*/
if (trace_get_capture_length(packet)
> trace_get_wire_length(packet)) {
trace_set_capture_length(packet,trace_get_wire_length(packet));
}
if (trace_write_packet(output,packet)==-1) {
trace_perror_output(output,"write_packet");
return -1;
}
return 1;
}
corsaro_file_t *corsaro_file_open(corsaro_t *corsaro,
const char *filename,
corsaro_file_mode_t mode,
corsaro_file_compress_t compress_type,
int compress_level,
int flags)
{
corsaro_file_t *f = NULL;
size_t flen, rlen, len;
char *ptr, *traceuri;
if((f = malloc(sizeof(corsaro_file_t))) == NULL)
{
corsaro_log(__func__, corsaro, "could not malloc new corsaro_file_t");
return NULL;
}
f->mode = mode;
/* did they ask for a libtrace file? */
switch(mode)
{
case CORSARO_FILE_MODE_TRACE:
flen = strlen(CORSARO_FILE_TRACE_FORMAT);
rlen = strlen(filename);
len = flen+rlen+1;
if((ptr = traceuri = malloc(len)) == NULL)
{
corsaro_log(__func__, corsaro, "could not malloc traceuri");
return NULL;
}
strncpy(traceuri, CORSARO_FILE_TRACE_FORMAT, flen);
ptr += flen;
strncpy(ptr, filename, rlen);
traceuri[len-1] = '\0';
f->trace_io = trace_create_output(traceuri);
free(traceuri);
if (trace_is_err_output(f->trace_io))
{
corsaro_log(__func__, corsaro, "trace_create_output failed for %s",
filename);
return NULL;
}
if(trace_config_output(f->trace_io, TRACE_OPTION_OUTPUT_COMPRESS,
&compress_level) ||
trace_config_output(f->trace_io, TRACE_OPTION_OUTPUT_COMPRESSTYPE,
&compress_type) != 0)
{
corsaro_log(__func__, corsaro,
"could not set compression levels for trace");
return NULL;
}
if (trace_start_output(f->trace_io) == -1) {
corsaro_log(__func__, corsaro, "trace_start_output failed for %s",
filename);
return NULL;
}
/* trace is configured! */
break;
case CORSARO_FILE_MODE_ASCII:
case CORSARO_FILE_MODE_BINARY:
if((f->wand_io = wandio_wcreate(filename, compress_type,
compress_level, flags)) == NULL)
{
corsaro_log(__func__, corsaro, "wandio could not create file %s",
filename);
free(f);
return NULL;
}
break;
default:
corsaro_log(__func__, corsaro, "invalid file mode %d", mode);
free(f);
return NULL;
}
return f;
}
static void pkt(struct lfc *lfc, void *pdata,
struct lfc_flow *lf, void *data,
double ts, bool up, bool is_new, libtrace_packet_t *pkt)
{
struct flow *f = data;
char *name, *uri;
libtrace_out_t *out;
if (f->ignore)
return;
if (is_new) {
/* find the flow by its id in the ARFF file, get output file name */
name = thash_uint_get(fd->cache, lf->id);
if (!name) {
cache_update();
name = thash_uint_get(fd->cache, lf->id);
if (!name) {
f->ignore = true;
thash_uint_set(fd->cache, lf->id, NULL);
return;
}
}
/* ignore flows with column values we are not interested in */
if (fd->value && !streq(fd->value, name)) {
f->ignore = true;
thash_uint_set(fd->cache, lf->id, NULL);
return;
}
/* get libtrace output file */
out = thash_get(fd->out_files, name);
if (!out) {
uri = mmatic_sprintf(fd->mm, "pcap:%s/%s.pcap", fd->dir, name);
out = trace_create_output(uri);
if (!out) {
cleanup();
die("trace_create_output(%s) failed\n", uri);
}
if (trace_is_err_output(out)) {
trace_perror_output(out, "Opening output trace file");
cleanup();
die("trace_create_output(%s) failed\n", uri);
}
if (trace_start_output(out) == -1) {
trace_perror_output(out, "Starting output trace");
cleanup();
die("trace_start_output(%s) failed\n", uri);
}
thash_set(fd->out_files, name, out);
}
f->out = out;
/* remove id from cache */
thash_uint_set(fd->cache, lf->id, NULL);
}
trace_write_packet(f->out, pkt);
if (trace_is_err_output(f->out)) {
trace_perror_output(f->out, "Writing packet to output trace file");
cleanup();
die("trace_write_packet() failed\n");
}
}
