unsigned int trace_mr_res_randomid (unsigned int oldid) { int rid = oldid; #if defined (TRACING) u_int32_t id; unsigned buflen = 0; char *buf = (char *)0; isc_result_t status; if (trace_playback ()) { status = trace_get_packet (&trace_mr_randomid, &buflen, &buf); if (status != ISC_R_SUCCESS) { log_error ("trace_mr_statp: no statp packet found."); return oldid; } if (buflen != sizeof id) { log_error ("trace_mr_randomid: bogus length: %d", buflen); return oldid; } memcpy (&id, buf, sizeof id); dfree (buf, MDL); buf = (char *)0; rid = ntohl (id); } if (trace_record ()) { id = htonl (rid); trace_write_packet (trace_mr_randomid, sizeof id, (char *)&id, MDL); } #endif return rid; }
void trace_seed_stash (trace_type_t *ttype, unsigned seed) { u_int32_t outseed; if (!trace_record ()) return; outseed = htonl (seed); trace_write_packet (ttype, sizeof outseed, (char *)&outseed, MDL); return; }
void trace_interface_register (trace_type_t *ttype, struct interface_info *ip) { trace_interface_packet_t tipkt; if (trace_record ()) { memset (&tipkt, 0, sizeof tipkt); memcpy (&tipkt.hw_address, &ip -> hw_address, sizeof ip -> hw_address); memcpy (&tipkt.primary_address, &ip -> primary_address, sizeof ip -> primary_address); memcpy (tipkt.name, ip -> name, sizeof ip -> name); tipkt.index = htonl (ip -> index); trace_write_packet (ttype, sizeof tipkt, (char *)&tipkt, MDL); } }
off_t corsaro_file_write_packet(corsaro_t *corsaro, corsaro_file_t *file, libtrace_packet_t *packet) { uint8_t *pkt_buf = NULL; libtrace_linktype_t linktype; switch(file->mode) { case CORSARO_FILE_MODE_ASCII: assert(file->wand_io != NULL); #ifdef HAVE_LIBPACKETDUMP corsaro_log(__func__, corsaro, "libpacketdump currently does not support dumping " "to a file"); return 0; #else corsaro_log(__func__, corsaro, "corsaro must be built with libpacketdump to dump " "a packet to ASCII"); return 0; #endif break; case CORSARO_FILE_MODE_BINARY: assert(file->wand_io != NULL); if((pkt_buf = trace_get_packet_buffer(packet, &linktype, NULL)) == NULL) { corsaro_log(__func__, corsaro, "could not get packet buffer"); return -1; } return corsaro_file_write(corsaro, file, pkt_buf, trace_get_capture_length(packet)); case CORSARO_FILE_MODE_TRACE: assert(file->trace_io != NULL); return trace_write_packet(file->trace_io, packet); default: corsaro_log(__func__, corsaro, "invalid corsaro file mode %d", file->mode); return -1; } return -1; }
static isc_result_t trace_type_record (trace_type_t *ttmp, unsigned slen, const char *file, int line) { trace_index_mapping_t *tim; isc_result_t status; tim = dmalloc (slen + TRACE_INDEX_MAPPING_SIZE, file, line); if (!tim) return ISC_R_NOMEMORY; ttmp -> index = ++traceindex; trace_type_stash (ttmp); tim -> index = htonl (ttmp -> index); memcpy (tim -> name, ttmp -> name, slen); status = trace_write_packet (trace_types [0], slen + TRACE_INDEX_MAPPING_SIZE, (char *)tim, file, line); dfree (tim, file, line); return status; }
/* If you don't specify O_WONLY or O_RDWR on the fileflags, then this should * fail. */ void test_forgotten_wronly() { libtrace_out_t *out; libtrace_t *trace; libtrace_packet_t *packet; int err; int zero = 0; out = trace_create_output("pcapfile:traces/100_packets_out.pcap"); assert(out); assert (!trace_is_err_output(out)); /* Note: no WRONLY/RDWR */ err = trace_config_output(out,TRACE_OPTION_OUTPUT_FILEFLAGS,&zero); assert(err==0); assert(!trace_is_err_output(out)); err = trace_start_output(out); assert(err == 0); assert(!trace_is_err_output(out)); trace = trace_create("pcapfile:traces/100_packets.pcap"); assert(trace); assert(!trace_is_err(trace)); err = trace_start(trace); assert(!trace_is_err(trace)); assert(err == 0); packet = trace_create_packet(); assert(packet); err = trace_read_packet(trace, packet); assert(err>0); err = trace_write_packet(out,packet); assert(err == -1); /* Should fail */ assert(trace_is_err_output(out)); trace_destroy_output(out); trace_destroy_packet(packet); trace_destroy(trace); }
int main(int argc, char *argv[]) { int psize = 0; int error = 0; int count = 0; int level = 0; int expected = 100; libtrace_t *trace; libtrace_out_t *outtrace; libtrace_packet_t *packet; trace = trace_create(lookup_uri("pcap")); iferr(trace); outtrace = trace_create_output(lookup_out_uri("pcap")); iferrout(outtrace); level=0; trace_config_output(outtrace,TRACE_OPTION_OUTPUT_COMPRESS,&level); iferrout(outtrace); trace_start(trace); iferr(trace); trace_start_output(outtrace); iferrout(outtrace); packet=trace_create_packet(); for (;;) { if ((psize = trace_read_packet(trace, packet)) <0) { error = 1; break; } if (psize == 0) { error = 0; break; } count ++; /* Force promotion */ if (trace_get_source_port(packet)==80) { trace_set_direction(packet,TRACE_DIR_OUTGOING); assert(trace_get_direction(packet)==TRACE_DIR_OUTGOING); assert(trace_get_source_port(packet)==80); } else { trace_set_direction(packet,TRACE_DIR_INCOMING); assert(trace_get_direction(packet)==TRACE_DIR_INCOMING); } /* And then force demotion */ trace_write_packet(outtrace,packet); iferrout(outtrace); if (count>100) break; } trace_destroy_packet(packet); if (error == 0) { if (count != expected) { printf("failure: %d packets expected, %d seen\n",expected,count); error = 1; } } else { iferr(trace); } trace_destroy(trace); trace_destroy_output(outtrace); return error; }
int main(int argc, char *argv[]) { struct libtrace_t *input = NULL; struct libtrace_out_t *in_write = NULL; struct libtrace_out_t *out_write = NULL; libtrace_err_t trace_err; struct libtrace_packet_t *packet = trace_create_packet(); if (argc < 3) { usage(argv[0]); return 1; } input = trace_create(argv[1]); if (trace_is_err(input)) { trace_err = trace_get_err(input); printf("Problem reading input trace: %s\n", trace_err.problem); return 1; } if (trace_start(input)==-1) { trace_perror(input,"Unable to start trace: %s",argv[1]); return 1; } while(1) { if (trace_read_packet(input, packet) < 1) break; switch(trace_get_direction(packet)) { case TRACE_DIR_INCOMING: if (!out_write) { out_write = create_output(argv[3]); if (!out_write) return 1; } if (trace_write_packet(out_write, packet)==-1){ trace_perror_output(in_write,"write"); return 1; } break; case TRACE_DIR_OUTGOING: if (!in_write) { in_write = create_output(argv[2]); if (!in_write) return 1; } if (trace_write_packet(in_write, packet)==-1) { trace_perror_output(in_write,"write"); return 1; } break; default: ignored++; } } if (out_write) trace_destroy_output(out_write); if (in_write) trace_destroy_output(in_write); trace_destroy(input); trace_destroy_packet(packet); if (ignored) fprintf(stderr,"warning: Ignored %" PRIu64 " packets with unknown directions\n", ignored); return 0; }
enum packetret parse_packet(libtrace_packet_t *pkt) { trace_write_packet(output, pkt); return OUTPUTTED; }
/* Return values: * 1 = continue reading packets * 0 = stop reading packets, cos we're done * -1 = stop reading packets, we've got an error */ static int per_packet(libtrace_packet_t *packet) { double ts = trace_get_seconds(packet); if (trace_get_link_type(packet) == ~0U) { fprintf(stderr, "Halted due to being unable to determine linktype - input trace may be corrupt.\n"); return -1; } if (snaplen>0) { trace_set_capture_length(packet,snaplen); } if (ts <starttime) { return 1; } if ( ts > endtime) { //printf( "%f\t%f\n", ts, endtime); return 0; } if (firsttime==0) { time_t now = trace_get_seconds(packet); if (starttime != 0.0) { firsttime=now-((now - (int)starttime) % interval); } else { firsttime=now; } } if (output && trace_get_seconds(packet)>firsttime+interval) { trace_destroy_output(output); output=NULL; firsttime+=interval; } if (output && pktcount%count==0) { trace_destroy_output(output); output=NULL; } pktcount++; totbytes+=trace_get_capture_length(packet); if (output && totbytes-totbyteslast>=bytes) { trace_destroy_output(output); output=NULL; totbyteslast=totbytes; } if (!output) { char *buffer; bool need_ext=false; if (maxfiles <= filescreated) { return 0; } buffer=strdup(output_base); if (interval!=UINT64_MAX && maxfiles>1) { buffer=strdupcat(buffer,"-"); buffer=strdupcati(buffer,(uint64_t)firsttime); need_ext=true; } if (count!=UINT64_MAX && maxfiles>1) { buffer=strdupcat(buffer,"-"); buffer=strdupcati(buffer,(uint64_t)pktcount); need_ext=true; } if (bytes!=UINT64_MAX && maxfiles>1) { static int filenum=0; buffer=strdupcat(buffer,"-"); buffer=strdupcati(buffer,(uint64_t)++filenum); need_ext=true; } if (need_ext) { if (compress_level!=0) buffer=strdupcat(buffer,".gz"); } if (verbose>1) { fprintf(stderr,"%s:",buffer); if (count!=UINT64_MAX) fprintf(stderr," count=%" PRIu64,pktcount); if (bytes!=UINT64_MAX) fprintf(stderr," bytes=%" PRIu64,bytes); if (interval!=UINT64_MAX) { time_t filetime = firsttime; fprintf(stderr," time=%s",ctime(&filetime)); } else { fprintf(stderr,"\n"); } } output=trace_create_output(buffer); if (trace_is_err_output(output)) { trace_perror_output(output,"%s",buffer); free(buffer); return -1; } if (compress_level!=-1) { if (trace_config_output(output, TRACE_OPTION_OUTPUT_COMPRESS, &compress_level)==-1) { trace_perror_output(output,"Unable to set compression level"); } } if (trace_config_output(output, TRACE_OPTION_OUTPUT_COMPRESSTYPE, &compress_type) == -1) { trace_perror_output(output, "Unable to set compression type"); } trace_start_output(output); if (trace_is_err_output(output)) { trace_perror_output(output,"%s",buffer); free(buffer); return -1; } free(buffer); filescreated ++; } /* Some traces we have are padded (usually with 0x00), so * lets sort that out now and truncate them properly */ if (trace_get_capture_length(packet) > trace_get_wire_length(packet)) { trace_set_capture_length(packet,trace_get_wire_length(packet)); } if (trace_write_packet(output,packet)==-1) { trace_perror_output(output,"write_packet"); return -1; } return 1; }
static void pkt(struct lfc *lfc, void *pdata, struct lfc_flow *lf, void *data, double ts, bool up, bool is_new, libtrace_packet_t *pkt) { struct flow *f = data; char *name, *uri; libtrace_out_t *out; if (f->ignore) return; if (is_new) { /* find the flow by its id in the ARFF file, get output file name */ name = thash_uint_get(fd->cache, lf->id); if (!name) { cache_update(); name = thash_uint_get(fd->cache, lf->id); if (!name) { f->ignore = true; thash_uint_set(fd->cache, lf->id, NULL); return; } } /* ignore flows with column values we are not interested in */ if (fd->value && !streq(fd->value, name)) { f->ignore = true; thash_uint_set(fd->cache, lf->id, NULL); return; } /* get libtrace output file */ out = thash_get(fd->out_files, name); if (!out) { uri = mmatic_sprintf(fd->mm, "pcap:%s/%s.pcap", fd->dir, name); out = trace_create_output(uri); if (!out) { cleanup(); die("trace_create_output(%s) failed\n", uri); } if (trace_is_err_output(out)) { trace_perror_output(out, "Opening output trace file"); cleanup(); die("trace_create_output(%s) failed\n", uri); } if (trace_start_output(out) == -1) { trace_perror_output(out, "Starting output trace"); cleanup(); die("trace_start_output(%s) failed\n", uri); } thash_set(fd->out_files, name, out); } f->out = out; /* remove id from cache */ thash_uint_set(fd->cache, lf->id, NULL); } trace_write_packet(f->out, pkt); if (trace_is_err_output(f->out)) { trace_perror_output(f->out, "Writing packet to output trace file"); cleanup(); die("trace_write_packet() failed\n"); } }