Ejemplo n.º 1
0
static struct libtrace_out_t *create_output(char *uri) {
	struct libtrace_out_t *output = NULL;
	output = trace_create_output(uri);
	if (trace_is_err_output(output)) {
		trace_perror_output(output,"%s",uri);
		trace_destroy_output(output);
		return NULL;
	}
	/* Default values for now */
	trace_start_output(output);
	if (trace_is_err_output(output)) {
		trace_perror_output(output,"%s",uri);
		trace_destroy_output(output);
		return NULL;
	}
	return output;
}
Ejemplo n.º 2
0
/* Creates an output trace and configures it according to our preferences */
static libtrace_out_t *create_output(int my_id) {
	libtrace_out_t *out = NULL;
	char name[1024];
	const char * file_index = NULL;
	const char * first_extension = NULL;

	file_index = strrchr(outputfile, '/');
	if (file_index)
		first_extension = strchr(file_index, '.');
	else
		first_extension = strchr(name, '.');

	if (first_extension) {
		snprintf(name, sizeof(name), "%.*s-%d%s", (int) (first_extension - outputfile), outputfile, my_id, first_extension);
	} else {
		snprintf(name, sizeof(name), "%s-%d", outputfile, my_id);
	}

	out = trace_create_output(name);
	assert(out);

	if (compress_level >= 0 && trace_config_output(out,
			TRACE_OPTION_OUTPUT_COMPRESS, &compress_level) == -1) {
		trace_perror_output(out, "Configuring compression level");
		trace_destroy_output(out);
		exit(-1);
	}

	if (trace_config_output(out, TRACE_OPTION_OUTPUT_COMPRESSTYPE,
				&compress_type) == -1) {
		trace_perror_output(out, "Configuring compression type");
		trace_destroy_output(out);
		exit(-1);
	}

	if (trace_start_output(out)==-1) {
		trace_perror_output(out,"trace_start_output");
		trace_destroy_output(out);
		exit(-1);
	}
	return out;
}
Ejemplo n.º 3
0
int main(int argc, char *argv[]) {
	struct libtrace_t *input = NULL;
	struct libtrace_out_t *in_write = NULL;
	struct libtrace_out_t *out_write = NULL;
	libtrace_err_t trace_err;
	struct libtrace_packet_t *packet = trace_create_packet();
	
	if (argc < 3) {
		usage(argv[0]);
		return 1;
	}

	input = trace_create(argv[1]);
	if (trace_is_err(input)) {
		trace_err = trace_get_err(input);
		printf("Problem reading input trace: %s\n", trace_err.problem);
		return 1;
	}
	if (trace_start(input)==-1) {
		trace_perror(input,"Unable to start trace: %s",argv[1]);
		return 1;
	}
	
	while(1) {
		if (trace_read_packet(input, packet) < 1)
			break;

		switch(trace_get_direction(packet)) {
			case TRACE_DIR_INCOMING:
				if (!out_write) {
					out_write = create_output(argv[3]);
					if (!out_write)
						return 1;
				}
				if (trace_write_packet(out_write, packet)==-1){
					trace_perror_output(in_write,"write");
					return 1;
				}
				break;
			case TRACE_DIR_OUTGOING:
				if (!in_write) {
					in_write = create_output(argv[2]);
					if (!in_write)
						return 1;
				}
				if (trace_write_packet(in_write, packet)==-1) {
					trace_perror_output(in_write,"write");
					return 1;
				}
				break;
			default:
				ignored++;
		}

	}
	if (out_write)
		trace_destroy_output(out_write);
	if (in_write)
		trace_destroy_output(in_write);
	trace_destroy(input);
	trace_destroy_packet(packet);

	if (ignored)
		fprintf(stderr,"warning: Ignored %" PRIu64 " packets with unknown directions\n",
				ignored);
	
	return 0;
}
Ejemplo n.º 4
0
/* Return values:
 *  1 = continue reading packets
 *  0 = stop reading packets, cos we're done
 *  -1 = stop reading packets, we've got an error
 */
static int per_packet(libtrace_packet_t *packet) {
        double ts = trace_get_seconds(packet);

	if (trace_get_link_type(packet) == ~0U) {
		fprintf(stderr, "Halted due to being unable to determine linktype - input trace may be corrupt.\n");
		return -1;
	}

	if (snaplen>0) {
		trace_set_capture_length(packet,snaplen);
	}

	if (ts <starttime) {
		return 1;
	}

	if ( ts > endtime) {
	  	//printf( "%f\t%f\n", ts, endtime);
		return 0;
	}

	if (firsttime==0) {
		time_t now = trace_get_seconds(packet);
		if (starttime != 0.0) {
			firsttime=now-((now - (int)starttime) % interval);
		}
		else {
			firsttime=now;
		}
	}

	if (output && trace_get_seconds(packet)>firsttime+interval) {
		trace_destroy_output(output);
		output=NULL;
		firsttime+=interval;
	}

	if (output && pktcount%count==0) {
		trace_destroy_output(output);
		output=NULL;
	}

	pktcount++;
	totbytes+=trace_get_capture_length(packet);
	if (output && totbytes-totbyteslast>=bytes) {
		trace_destroy_output(output);
		output=NULL;
		totbyteslast=totbytes;
	}
	if (!output) {
		char *buffer;
		bool need_ext=false;
		if (maxfiles <= filescreated) {
			return 0;
		}
		buffer=strdup(output_base);
		if (interval!=UINT64_MAX && maxfiles>1) {
			buffer=strdupcat(buffer,"-");
			buffer=strdupcati(buffer,(uint64_t)firsttime);
			need_ext=true;
		}
		if (count!=UINT64_MAX && maxfiles>1) {
			buffer=strdupcat(buffer,"-");
			buffer=strdupcati(buffer,(uint64_t)pktcount);
			need_ext=true;
		}
		if (bytes!=UINT64_MAX && maxfiles>1) {
			static int filenum=0;
			buffer=strdupcat(buffer,"-");
			buffer=strdupcati(buffer,(uint64_t)++filenum);
			need_ext=true;
		}
		if (need_ext) {
			if (compress_level!=0)
				buffer=strdupcat(buffer,".gz");
		}
		if (verbose>1) {
			fprintf(stderr,"%s:",buffer);
			if (count!=UINT64_MAX)
				fprintf(stderr," count=%" PRIu64,pktcount);
			if (bytes!=UINT64_MAX)
				fprintf(stderr," bytes=%" PRIu64,bytes);
			if (interval!=UINT64_MAX) {
				time_t filetime = firsttime;
				fprintf(stderr," time=%s",ctime(&filetime));
			}
			else {
				fprintf(stderr,"\n");
			}
		}
		output=trace_create_output(buffer);
		if (trace_is_err_output(output)) {
			trace_perror_output(output,"%s",buffer);
			free(buffer);
			return -1;
		}
		if (compress_level!=-1) {
			if (trace_config_output(output,
						TRACE_OPTION_OUTPUT_COMPRESS,
						&compress_level)==-1) {
				trace_perror_output(output,"Unable to set compression level");
			}
		}

		if (trace_config_output(output,
					TRACE_OPTION_OUTPUT_COMPRESSTYPE,
					&compress_type) == -1) {
			trace_perror_output(output, "Unable to set compression type");
		}

		trace_start_output(output);
		if (trace_is_err_output(output)) {
			trace_perror_output(output,"%s",buffer);
			free(buffer);
			return -1;
		}
		free(buffer);
		filescreated ++;
	}

	/* Some traces we have are padded (usually with 0x00), so 
	 * lets sort that out now and truncate them properly
	 */

	if (trace_get_capture_length(packet) 
			> trace_get_wire_length(packet)) {
		trace_set_capture_length(packet,trace_get_wire_length(packet));
	}

	if (trace_write_packet(output,packet)==-1) {
		trace_perror_output(output,"write_packet");
		return -1;
	}

	return 1;

}
Ejemplo n.º 5
0
static void pkt(struct lfc *lfc, void *pdata,
	struct lfc_flow *lf, void *data,
	double ts, bool up, bool is_new, libtrace_packet_t *pkt)
{
	struct flow *f = data;
	char *name, *uri;
	libtrace_out_t *out;

	if (f->ignore)
		return;

	if (is_new) {
		/* find the flow by its id in the ARFF file, get output file name */
		name = thash_uint_get(fd->cache, lf->id);
		if (!name) {
			cache_update();
			name = thash_uint_get(fd->cache, lf->id);
			if (!name) {
				f->ignore = true;
				thash_uint_set(fd->cache, lf->id, NULL);
				return;
			}
		}

		/* ignore flows with column values we are not interested in */
		if (fd->value && !streq(fd->value, name)) {
			f->ignore = true;
			thash_uint_set(fd->cache, lf->id, NULL);
			return;
		}

		/* get libtrace output file */
		out = thash_get(fd->out_files, name);
		if (!out) {
			uri = mmatic_sprintf(fd->mm, "pcap:%s/%s.pcap", fd->dir, name);

			out = trace_create_output(uri);
			if (!out) {
				cleanup();
				die("trace_create_output(%s) failed\n", uri);
			}

			if (trace_is_err_output(out)) {
				trace_perror_output(out, "Opening output trace file");
				cleanup();
				die("trace_create_output(%s) failed\n", uri);
			}

			if (trace_start_output(out) == -1) {
				trace_perror_output(out, "Starting output trace");
				cleanup();
				die("trace_start_output(%s) failed\n", uri);
			}

			thash_set(fd->out_files, name, out);
		}

		f->out = out;

		/* remove id from cache */
		thash_uint_set(fd->cache, lf->id, NULL);
	}

	trace_write_packet(f->out, pkt);
	if (trace_is_err_output(f->out)) {
		trace_perror_output(f->out, "Writing packet to output trace file");
		cleanup();
		die("trace_write_packet() failed\n");
	}
}