Esempio n. 1
0
int main(int argc, char *argv[])
{
	/* This is essentially the same main function from readdemo.c */
	
	libtrace_t *trace = NULL;
	libtrace_packet_t *packet = NULL;

	/* Ensure we have at least one argument after the program name */
        if (argc < 2) {
                fprintf(stderr, "Usage: %s inputURI\n", argv[0]);
                return 1;
        }	
	
	packet = trace_create_packet();

	if (packet == NULL) {
		perror("Creating libtrace packet");
		libtrace_cleanup(trace, packet);
		return 1;
	}

	trace = trace_create(argv[1]);

	if (trace_is_err(trace)) {
		trace_perror(trace,"Opening trace file");
		libtrace_cleanup(trace, packet);
		return 1;
	}

	if (trace_start(trace) == -1) {
		trace_perror(trace,"Starting trace");
		libtrace_cleanup(trace, packet);
		return 1;
	}


	while (trace_read_packet(trace,packet)>0) {
		per_packet(packet);
	}


	if (trace_is_err(trace)) {
		trace_perror(trace,"Reading packets");
		libtrace_cleanup(trace, packet);
		return 1;
	}

	/* Print the stats for the final reporting period that was probably
	 * not complete when the trace finished */
	printf("%u\t", next_report);
	printf("%.2f\t\t", ((double)wire_count) / packet_count);
	printf("%.2f\n", ((double)capture_count) / packet_count);

	libtrace_cleanup(trace, packet);
	return 0;
}
Esempio n. 2
0
int main(int argc, char *argv[])
{
        /* This is essentially the same main function from readdemo.c */

        libtrace_t *trace = NULL;
        libtrace_packet_t *packet = NULL;

        /* Ensure we have at least one argument after the program name */
        if (argc < 2) {
                fprintf(stderr, "Usage: %s inputURI\n", argv[0]);
                return 1;
        }

	packet = trace_create_packet();

        if (packet == NULL) {
                perror("Creating libtrace packet");
                libtrace_cleanup(trace, packet);
                return 1;
        }

        trace = trace_create(argv[1]);

        if (trace_is_err(trace)) {
                trace_perror(trace,"Opening trace file");
                libtrace_cleanup(trace, packet);
                return 1;
        }

        if (trace_start(trace) == -1) {
                trace_perror(trace,"Starting trace");
                libtrace_cleanup(trace, packet);
                return 1;
        }


        while (trace_read_packet(trace,packet)>0) {
                per_packet(packet);
        }


        if (trace_is_err(trace)) {
                trace_perror(trace,"Reading packets");
                libtrace_cleanup(trace, packet);
                return 1;
        }

	printf("Packet Count = %" PRIu64 "\n", count);

        libtrace_cleanup(trace, packet);
        return 0;
}
Esempio n. 3
0
qfTraceSource_t *qfTraceOpen(const char *uri,
                             const char *bpf,
                             int snaplen,
                             GError **err)
{
    qfTraceSource_t *lts;
    libtrace_err_t  terr;
    
    lts = g_new0(qfTraceSource_t, 1);
    
    if (!(lts->packet = trace_create_packet())) {
        g_set_error(err, YAF_ERROR_DOMAIN, YAF_ERROR_IO,
                    "Could not initialize libtrace packet");
        goto err;
    }
    
    lts->trace = trace_create(uri);
    if (trace_is_err(lts->trace)) {
        terr = trace_get_err(lts->trace);
        g_set_error(err, YAF_ERROR_DOMAIN, YAF_ERROR_IO,
                    "Could not open libtrace URI %s: %s",
                    uri, terr.problem);
        goto err;
    }
    
    if (trace_config(lts->trace, TRACE_OPTION_SNAPLEN, &snaplen) == -1) {
        terr = trace_get_err(lts->trace);
        g_set_error(err, YAF_ERROR_DOMAIN, YAF_ERROR_IO,
                    "Could not set snaplen on libtrace URI %s: %s",
                    uri, terr.problem);
        goto err;
    }
    
    if (bpf) {
        if (!(lts->filter = trace_create_filter(bpf))) {
            g_warning("Could not compile libtrace BPF %s", bpf);
            goto err;
        }
        
        if (trace_config(lts->trace, TRACE_OPTION_FILTER, lts->filter) == -1) {
            terr = trace_get_err(lts->trace);
            g_warning("Could not set libtrace filter: %s", terr.problem);
            goto err;
        }
    }
    
    /* start processing */
    if (trace_start(lts->trace) == -1) {
        terr = trace_get_err(lts->trace);
        g_warning("libtrace trace_start() error: %s", terr.problem);
        goto err;
    }

    
    return lts;
  
err:
    qfTraceClose(lts);
    return NULL;
}
Esempio n. 4
0
/* If you don't specify O_WONLY or O_RDWR on the fileflags, then this should
 * fail.
 */
void test_forgotten_wronly()
{
    libtrace_out_t *out;
    libtrace_t *trace;
    libtrace_packet_t *packet;
    int err;
    int zero = 0;

    out = trace_create_output("pcapfile:traces/100_packets_out.pcap");
    assert(out);
    assert (!trace_is_err_output(out));
    /* Note: no WRONLY/RDWR */
    err = trace_config_output(out,TRACE_OPTION_OUTPUT_FILEFLAGS,&zero);
    assert(err==0);
    assert(!trace_is_err_output(out));

    err = trace_start_output(out);
    assert(err == 0);
    assert(!trace_is_err_output(out));

    trace = trace_create("pcapfile:traces/100_packets.pcap");
    assert(trace);
    assert(!trace_is_err(trace));

    err = trace_start(trace);
    assert(!trace_is_err(trace));
    assert(err == 0);

    packet = trace_create_packet();
    assert(packet);

    err = trace_read_packet(trace, packet);
    assert(err>0);

    err = trace_write_packet(out,packet);
    assert(err == -1); 		/* Should fail */
    assert(trace_is_err_output(out));

    trace_destroy_output(out);
    trace_destroy_packet(packet);
    trace_destroy(trace);
}
Esempio n. 5
0
gboolean qfTraceMain(qfContext_t             *ctx)
{
    gboolean                ok = TRUE;
    qfTraceSource_t         *lts = ctx->ictx.pktsrc;
    yfPBuf_t                    *pbuf;

    libtrace_err_t          terr;
    
    int i, trv;
    
    /* process input until we're done */
    while (!yaf_quit) {
        
        i = 0;
        while (i < TRACE_PACKET_GROUP && !yaf_quit) {
            
            /* get next spot in ring buffer */
            pbuf = (yfPBuf_t *)rgaNextHead(ctx->pbufring);
            g_assert(pbuf);
            
            /* and try to parse packets into it until we get one */
            do {
                trv = trace_read_packet(lts->trace, lts->packet);
                if (trv <= 0) goto TRACE_END;
            } while (!qfTraceHandlePacket(lts, pbuf, ctx));
            i++;
        }

TRACE_END:
        /* Check for error */
        if (trace_is_err(lts->trace)) {
            terr = trace_get_err(lts->trace);
            g_warning("libtrace error: %s", terr.problem);
            ok = FALSE;
            break;
        }

        /* Check for quit or EOF */
        if (yaf_quit || trv == 0) break;

        /* Process the packet buffer */
        if (ok && !yfProcessPBufRing(ctx, &(ctx->err))) {
            ok = FALSE;
            break;
        }
        
        /* Do periodic export as necessary */
        qfTracePeriodicExport(ctx, yfFlowTabCurrentTime(ctx->flowtab));
    }

    return yfFinalFlush(ctx, ok,  &(ctx->err));
}
Esempio n. 6
0
/* Sets the trace format for the packet to match the format it was originally
 * captured in, rather than the RT format */
static int rt_set_format(libtrace_t *libtrace, libtrace_packet_t *packet) 
{

	/* We need to assign the packet to a "dead" trace */

	/* Try to minimize the number of corrupt packets that slip through
	 * while making it easy to identify new pcap DLTs */
	if (packet->type > TRACE_RT_DATA_DLT && 
			packet->type < TRACE_RT_DATA_DLT_END) {
		if (!RT_INFO->dummy_pcap) {
			RT_INFO->dummy_pcap = trace_create_dead("pcap:-");
		}
		packet->trace = RT_INFO->dummy_pcap;
		return 0;	
	}

	if (packet->type > TRACE_RT_DATA_BPF &&
			packet->type < TRACE_RT_DATA_BPF_END) {

		if (!RT_INFO->dummy_bpf) {
			RT_INFO->dummy_bpf = trace_create_dead("bpf:-");
			/* This may fail on a non-BSD machine */
			if (trace_is_err(RT_INFO->dummy_bpf)) {
				trace_perror(RT_INFO->dummy_bpf, "Creating dead bpf trace");
				return -1;
			}
		}
		packet->trace = RT_INFO->dummy_bpf;
		return 0;
	}

	switch (packet->type) {
		case TRACE_RT_DUCK_2_4:
		case TRACE_RT_DUCK_2_5:
			if (!RT_INFO->dummy_duck) {
				RT_INFO->dummy_duck = trace_create_dead("duck:dummy");
			}
			packet->trace = RT_INFO->dummy_duck;
			break;
		case TRACE_RT_DATA_ERF:
			if (!RT_INFO->dummy_erf) {
				RT_INFO->dummy_erf = trace_create_dead("erf:-");
			}
			packet->trace = RT_INFO->dummy_erf;
			break;
		case TRACE_RT_DATA_LINUX_NATIVE:
			if (!RT_INFO->dummy_linux) {
				RT_INFO->dummy_linux = trace_create_dead("int:");
				/* This may fail on a non-Linux machine */
				if (trace_is_err(RT_INFO->dummy_linux)) {
					trace_perror(RT_INFO->dummy_linux, "Creating dead int trace");
					return -1;
				}
			}
			packet->trace = RT_INFO->dummy_linux;
			break;
		case TRACE_RT_DATA_LINUX_RING:
			if (!RT_INFO->dummy_ring) {
				RT_INFO->dummy_ring = trace_create_dead("ring:");
				/* This may fail on a non-Linux machine */
				if (trace_is_err(RT_INFO->dummy_ring)) {
					trace_perror(RT_INFO->dummy_ring, "Creating dead int trace");
					return -1;
				}
			}
			packet->trace = RT_INFO->dummy_ring;
			break;
		case TRACE_RT_STATUS:
		case TRACE_RT_METADATA:
			/* Just use the RT trace! */
			packet->trace = libtrace;
			break;
		case TRACE_RT_DATA_LEGACY_ETH:
		case TRACE_RT_DATA_LEGACY_ATM:
		case TRACE_RT_DATA_LEGACY_POS:
			printf("Sending legacy over RT is currently not supported\n");
			trace_set_err(libtrace, TRACE_ERR_BAD_PACKET, "Legacy packet cannot be sent over rt");
			return -1;
		default:
			printf("Unrecognised format: %u\n", packet->type);
			trace_set_err(libtrace, TRACE_ERR_BAD_PACKET, "Unrecognised packet format");
			return -1;
	}
	return 0; /* success */
}		
Esempio n. 7
0
/* Process a trace, counting packets that match filter(s) */
static void run_trace(char *uri, libtrace_filter_t *filter, int count) 
{
	struct libtrace_packet_t *packet = trace_create_packet();

	/* Already read the maximum number of packets - don't need to read
	 * anything from this trace */
	if ((count >= 0 && packets_read >= count) || done)
		return;

	trace = trace_create(uri);
	
	if (trace_is_err(trace)) {
		trace_perror(trace,"trace_create");
		return;
	}

	if (filter) {
		trace_config(trace,TRACE_OPTION_FILTER,filter);
	}

	if (trace_start(trace)==-1) {
		trace_perror(trace,"trace_start");
		return;
	}

	while (1) {
		int psize;
		
		if (count >= 0 && packets_read >= count)
			break;
		if (done)
			break;
		if ((psize = trace_read_packet(trace, packet)) <1) {
			break;
		}
                if (IS_LIBTRACE_META_PACKET(packet))
                        continue;

		if (reports_required & REPORT_TYPE_MISC)
			misc_per_packet(packet);
		if (reports_required & REPORT_TYPE_ERROR)
			error_per_packet(packet);
		if (reports_required & REPORT_TYPE_PORT)
			port_per_packet(packet);
		if (reports_required & REPORT_TYPE_PROTO)
			protocol_per_packet(packet);
		if (reports_required & REPORT_TYPE_TOS)
			tos_per_packet(packet);
		if (reports_required & REPORT_TYPE_TTL)
			ttl_per_packet(packet);
		if (reports_required & REPORT_TYPE_FLOW)
			flow_per_packet(packet);
		if (reports_required & REPORT_TYPE_TCPOPT)
			tcpopt_per_packet(packet);
		if (reports_required & REPORT_TYPE_SYNOPT)
			synopt_per_packet(packet);
		if (reports_required & REPORT_TYPE_NLP)
			nlp_per_packet(packet);
		if (reports_required & REPORT_TYPE_DIR)
			dir_per_packet(packet);
		if (reports_required & REPORT_TYPE_ECN)
			ecn_per_packet(packet);
		if (reports_required & REPORT_TYPE_TCPSEG)
			tcpseg_per_packet(packet);

		packets_read ++;
	}
	if (reports_required & REPORT_TYPE_DROPS)
		drops_per_trace(trace);
        trace_destroy_packet(packet);
	trace_destroy(trace);
}
Esempio n. 8
0
int main(int argc, char *argv[])
{
	libtrace_t *trace;
	libtrace_packet_t *packet;
	libtrace_filter_t *filter=NULL;
	int snaplen=-1;
	int promisc=-1;

	while(1) {
		int option_index;
		struct option long_options[] = {
			{ "filter",		1, 0, 'f' },
			{ "snaplen",		1, 0, 's' },
			{ "promisc",		1, 0, 'p' },
			{ "help",		0, 0, 'h' },
			{ "libtrace-help",	0, 0, 'H' },
			{ NULL,			0, 0, 0 }
		};

		int c= getopt_long(argc, argv, "f:s:p:hH",
				long_options, &option_index);

		if (c==-1)
			break;

		switch (c) {
			case 'f':
				filter=trace_create_filter(optarg);
				break;
			case 's':
				snaplen=atoi(optarg);
				break;
			case 'p':
				promisc=atoi(optarg);
				break;
			case 'H':
				trace_help();
				return 1;
			default:
				fprintf(stderr,"Unknown option: %c\n",c);
				/* FALL THRU */
			case 'h':
				usage(argv[0]);
				return 1;
		}
	}

	if (optind>=argc) {
		fprintf(stderr,"Missing input uri\n");
		usage(argv[0]);
		return 1;
	}

	while (optind<argc) {
		trace = trace_create(argv[optind]);
		++optind;

		if (trace_is_err(trace)) {
			trace_perror(trace,"Opening trace file");
			return 1;
		}

		if (snaplen>0)
			if (trace_config(trace,TRACE_OPTION_SNAPLEN,&snaplen)) {
				trace_perror(trace,"ignoring: ");
			}
		if (filter)
			if (trace_config(trace,TRACE_OPTION_FILTER,filter)) {
				trace_perror(trace,"ignoring: ");
			}
		if (promisc!=-1) {
			if (trace_config(trace,TRACE_OPTION_PROMISC,&promisc)) {
				trace_perror(trace,"ignoring: ");
			}
		}

		if (trace_start(trace)) {
			trace_perror(trace,"Starting trace");
			trace_destroy(trace);
			return 1;
		}

		packet = trace_create_packet();

		while (trace_read_packet(trace,packet)>0) {
			per_packet(packet);
		}

		trace_destroy_packet(packet);

		if (trace_is_err(trace)) {
			trace_perror(trace,"Reading packets");
		}

		trace_destroy(trace);
	}

	return 0;
}
Esempio n. 9
0
int main(int argc, char *argv[]) {
	struct libtrace_t *input = NULL;
	struct libtrace_out_t *in_write = NULL;
	struct libtrace_out_t *out_write = NULL;
	libtrace_err_t trace_err;
	struct libtrace_packet_t *packet = trace_create_packet();
	
	if (argc < 3) {
		usage(argv[0]);
		return 1;
	}

	input = trace_create(argv[1]);
	if (trace_is_err(input)) {
		trace_err = trace_get_err(input);
		printf("Problem reading input trace: %s\n", trace_err.problem);
		return 1;
	}
	if (trace_start(input)==-1) {
		trace_perror(input,"Unable to start trace: %s",argv[1]);
		return 1;
	}
	
	while(1) {
		if (trace_read_packet(input, packet) < 1)
			break;

		switch(trace_get_direction(packet)) {
			case TRACE_DIR_INCOMING:
				if (!out_write) {
					out_write = create_output(argv[3]);
					if (!out_write)
						return 1;
				}
				if (trace_write_packet(out_write, packet)==-1){
					trace_perror_output(in_write,"write");
					return 1;
				}
				break;
			case TRACE_DIR_OUTGOING:
				if (!in_write) {
					in_write = create_output(argv[2]);
					if (!in_write)
						return 1;
				}
				if (trace_write_packet(in_write, packet)==-1) {
					trace_perror_output(in_write,"write");
					return 1;
				}
				break;
			default:
				ignored++;
		}

	}
	if (out_write)
		trace_destroy_output(out_write);
	if (in_write)
		trace_destroy_output(in_write);
	trace_destroy(input);
	trace_destroy_packet(packet);

	if (ignored)
		fprintf(stderr,"warning: Ignored %" PRIu64 " packets with unknown directions\n",
				ignored);
	
	return 0;
}
Esempio n. 10
0
int main(int argc, char *argv[]) {

        char *uri = 0;
        int psize = 0;
        struct libtrace_ip *ipptr = 0;
	struct libtrace_packet_t *packet = trace_create_packet();
	libtrace_err_t trace_err;

	uint32_t last_second = 0;
	double ts = 0.0;


        if (argc == 2) {
                uri = strdup(argv[1]);
        }

        // create an trace to uri
        trace = trace_create(uri);
	if (trace_is_err(trace)) {
                trace_err = trace_get_err(trace);
                printf("Error in trace_create: %s\n", trace_err.problem);
                return -1;
        }
        trace_start(trace);
        if (trace_is_err(trace)) {
                trace_err = trace_get_err(trace);
                printf("Error in trace_start: %s\n", trace_err.problem);
                return -1;
        }


        for (;;) {
                if ((psize = trace_read_packet(trace,packet)) < 1) {
                        // terminate
                        break;
                }
                if (psize == 0) {
                        continue;
                }

                if((ipptr = trace_get_ip(packet)) == 0) {
			continue;
		}
		
                counter[BYTES][INSTANT] += ntohs(ipptr->ip_len);
                counter[PACKETS][INSTANT] ++;

		ts = trace_get_seconds(packet);
		if(last_second == 0) {
			last_second = ts;
		} else if (last_second < ts) {
			last_second = ts;
			docalc++;
		}

                if(docalc) {
                        secondreport();
                }


        }

        trace_destroy(trace);
        return 0;
}
Esempio n. 11
0
corsaro_file_in_t *corsaro_file_ropen(const char *filename)
{
  corsaro_file_in_t *f = NULL;
  char buffer[1024];
  int len;

  /* 2013-01-22 AK has removed all of the logging output on failures this is
     because i dont want to need a corsaro_t object to open a file. but also
     because i think it should be up to the caller to log the errors. logs from
     this deep in corsaro just confuse people when somewhat common errors occur
     (file not found etc). */

  if((f = malloc(sizeof(corsaro_file_in_t))) == NULL)
    {
      return NULL;
    }

  /* we need to try and guess the mode... */
  /* if there is a : in the uri, we guess it is a libtrace file */
  /* this should be refined to do something more intelligent */
  if(strchr(filename, ':') != NULL)
    {
      f->mode = CORSARO_FILE_MODE_TRACE;

      /* open this as a trace file */
      f->trace_io = trace_create(filename);

      if(trace_is_err(f->trace_io))
	{
	  free(f);
	  return NULL;
	}

      if (trace_start(f->trace_io) == -1) {
	free(f);
	return NULL;
      }
      /* trace is set to go! */
      return f;
    }
  else
    {
      /* lets open the file and take a peek to see what we find */
      if((f->wand_io = wandio_create(filename)) == NULL)
	{
	  free(f);
	  return NULL;
	}

      len = wandio_peek(f->wand_io, buffer, sizeof(buffer));

      /* an ASCII corsaro file will start with "# CORSARO_VERSION" */
      if(len >= strlen(CORSARO_FILE_ASCII_CHECK) &&
	 memcmp(CORSARO_FILE_ASCII_CHECK, buffer,
		strlen(CORSARO_FILE_ASCII_CHECK)) == 0)
	{
	  f->mode = CORSARO_FILE_MODE_ASCII;
	}
      /* a binary corsaro file will start with an corsaro header "EDGRHEAD" but,
	 it is possible that an old binary corsaro file can just start with an
	 interval header - "EDGRINTR", so we will only look for "EDGR" */
      else if(len >= 4 && buffer[0] == 'E' && buffer[1] == 'D' &&
	      buffer[2] == 'G' && buffer[3] == 'R')
	{
	  f->mode = CORSARO_FILE_MODE_BINARY;
	}
      else
	{
	  /* who knows, but maybe someone wants to read a non-corsaro file */
	  f->mode = CORSARO_FILE_MODE_UNKNOWN;
	}
    }

  return f;
}
Esempio n. 12
0
int main(int argc, char *argv[])
{
	char *compress_type_str=NULL;
	struct libtrace_filter_t *filter=NULL;
	struct libtrace_t *input = NULL;
	struct libtrace_packet_t *packet = trace_create_packet();
	struct sigaction sigact;
	int i;	
	
	if (argc<2) {
		usage(argv[0]);
		return 1;
	}

	/* Parse command line options */
	while(1) {
		int option_index;
		struct option long_options[] = {
			{ "filter",	   1, 0, 'f' },
			{ "count",	   1, 0, 'c' },
			{ "bytes",	   1, 0, 'b' },
			{ "starttime",	   1, 0, 's' },
			{ "endtime",	   1, 0, 'e' },
			{ "interval",	   1, 0, 'i' },
			{ "libtrace-help", 0, 0, 'H' },
			{ "maxfiles", 	   1, 0, 'm' },
			{ "snaplen",	   1, 0, 'S' },
			{ "verbose",       0, 0, 'v' },
			{ "compress-level", 1, 0, 'z' },
			{ "compress-type", 1, 0, 'Z' },
			{ NULL, 	   0, 0, 0   },
		};

		int c=getopt_long(argc, argv, "f:c:b:s:e:i:m:S:Hvz:Z:",
				long_options, &option_index);

		if (c==-1)
			break;

		switch (c) {
			case 'f': filter=trace_create_filter(optarg);
				break;
			case 'c': count=atoi(optarg);
				break;
			case 'b': bytes=atoi(optarg);
				break;
			case 's': starttime=atof(optarg); /* FIXME: use getdate */
				  break;
			case 'e': endtime=atof(optarg);
				  break;
			case 'i': interval=atoi(optarg);
				  break;
			case 'm': maxfiles=atoi(optarg);
				  break;
			case 'S': snaplen=atoi(optarg);
				  break;
			case 'H':
				  trace_help();
				  exit(1);
				  break;
			case 'v':
				  verbose++;
				  break;
			case 'z':
				  compress_level=atoi(optarg);
				  if (compress_level<0 || compress_level>9) {
					usage(argv[0]);
				  	exit(1);
				  }
				  break;
			case 'Z':
				  compress_type_str=optarg;
				  break;	
			default:
				fprintf(stderr,"Unknown option: %c\n",c);
				usage(argv[0]);
				return 1;
		}
	}


	if (compress_type_str == NULL && compress_level >= 0) {
		fprintf(stderr, "Compression level set, but no compression type was defined, setting to gzip\n");
		compress_type = TRACE_OPTION_COMPRESSTYPE_ZLIB;
	}

	else if (compress_type_str == NULL) {
		/* If a level or type is not specified, use the "none"
		 * compression module */
		compress_type = TRACE_OPTION_COMPRESSTYPE_NONE;
	}

	/* I decided to be fairly generous in what I accept for the
	 * compression type string */
	else if (strncmp(compress_type_str, "gz", 2) == 0 ||
			strncmp(compress_type_str, "zlib", 4) == 0) {
		compress_type = TRACE_OPTION_COMPRESSTYPE_ZLIB;
	} else if (strncmp(compress_type_str, "bz", 2) == 0) {
		compress_type = TRACE_OPTION_COMPRESSTYPE_BZ2;
	} else if (strncmp(compress_type_str, "lzo", 3) == 0) {
		compress_type = TRACE_OPTION_COMPRESSTYPE_LZO;
	} else if (strncmp(compress_type_str, "no", 2) == 0) {
		compress_type = TRACE_OPTION_COMPRESSTYPE_NONE;
	} else {
		fprintf(stderr, "Unknown compression type: %s\n", 
			compress_type_str);
		return 1;
	}

	if (optind+2>argc) {
		fprintf(stderr,"missing inputuri or outputuri\n");
		usage(argv[0]);
	}

	output_base = argv[argc - 1];

	sigact.sa_handler = cleanup_signal;
	sigemptyset(&sigact.sa_mask);
	sigact.sa_flags = SA_RESTART;

	sigaction(SIGINT, &sigact, NULL);
	sigaction(SIGTERM, &sigact, NULL);

	output=NULL;

	signal(SIGINT,&cleanup_signal);
	signal(SIGTERM,&cleanup_signal);

	for (i = optind; i < argc - 1; i++) {


		input = trace_create(argv[i]);	
		
		if (trace_is_err(input)) {
			trace_perror(input,"%s",argv[i]);
			return 1;
		}

		if (filter && trace_config(input, TRACE_OPTION_FILTER, filter) == 1) {
			trace_perror(input, "Configuring filter for %s", 
					argv[i]);
			return 1;
		}

		if (trace_start(input)==-1) {
			trace_perror(input,"%s",argv[i]);
			return 1;
		}

		while (trace_read_packet(input,packet)>0) {
			if (per_packet(packet) < 1)
				done = 1;
			if (done)
				break;
		}

		if (done)
			break;
		
		if (trace_is_err(input)) {
			trace_perror(input,"Reading packets");
			trace_destroy(input);
			break;
		}

		trace_destroy(input);
	}

	if (verbose) {
		uint64_t f;
		f=trace_get_received_packets(input);
		if (f!=UINT64_MAX)
			fprintf(stderr,"%" PRIu64 " packets on input\n",f);
		f=trace_get_filtered_packets(input);
		if (f!=UINT64_MAX)
			fprintf(stderr,"%" PRIu64 " packets filtered\n",f);
		f=trace_get_dropped_packets(input);
		if (f!=UINT64_MAX)
			fprintf(stderr,"%" PRIu64 " packets dropped\n",f);
		f=trace_get_accepted_packets(input);
		if (f!=UINT64_MAX)
			fprintf(stderr,"%" PRIu64 " packets accepted\n",f);
	}
	
	if (output)
		trace_destroy_output(output);

	trace_destroy_packet(packet);

	return 0;
}
Esempio n. 13
0
int main(int argc, char *argv[])
{
  libtrace_t *trace;
  libtrace_packet_t *packet;
  libtrace_filter_t *filter=NULL;
  session_manager_t *sm;
  uint64_t f;

  while(1) {
    int option_index;
    struct option long_options[] = {
      { "filter",	1, 0, 'f' },
      { "interval",	1, 0, 'i' },
      { "count",        1, 0, 'c' },
      { "exit",         1, 0, 'e' },			
      { "relative",     0, 0, 'r' },
      { "help",		0, 0, 'h' },
      { "libtrace-help",0, 0, 'H' },
      { NULL,		0, 0, 0 }
    };

    int c= getopt_long(argc, argv, "c:e:f:i:hHr",
		       long_options, &option_index);

    if (c==-1)
      break;

    switch (c) {
    case 'f':
      filter=trace_create_filter(optarg);
      break;
    case 'i':
      packet_interval=atof(optarg);
      break;
    case 'c':
      packet_count=atoi(optarg);
      packet_interval=UINT32_MAX; // make sure only one is defined
      break;
    case 'e':
      report_periods=atoi(optarg);
      break;      
    case 'r':
      report_rel_time = 1;
      break;
    case 'H':
      trace_help();
      return 1;
    default:
      fprintf(stderr,"Unknown option: %c\n",c);
      /* FALL THRU */
    case 'h':
      usage(argv[0]);
      return 1;
    }
  }

  if (optind>=argc) {
    fprintf(stderr,"Missing input uri\n");
    usage(argv[0]);
    return 1;
  }

  while (optind<argc) {
    // create tcp session manager
    sm = session_manager_create();
    // create and register the data-ack based RTT module
    session_manager_register_module(sm,rtt_n_sequence_module()); 

    fprintf(stderr, "Processing %s\n",argv[optind]);
    trace = trace_create(argv[optind]);
    ++optind;

    if (trace_is_err(trace)) {
      trace_perror(trace,"Opening trace file");
      return 1;
    }

    if (filter && trace_config(trace,TRACE_OPTION_FILTER,filter)==1) {
	trace_perror(trace,"Configuring filter");
    }

    if (trace_start(trace)) {
      trace_perror(trace,"Starting trace");
      trace_destroy(trace);
      return 1;
    }

    packet = trace_create_packet();

    print_report_hdr();
    reset_report();
    last_report_ts = 0;
    last_packet_ts = 0;

    while (trace_read_packet(trace,packet)>0) {      
      per_packet(packet,session_manager_update(sm,packet));
      if (report_periods != UINT64_MAX && reported >= report_periods) {
	break;
      }
    }

    // remaining pkts (or all if no period set)
    if ((reports[OUT].count+reports[IN].count) > 0 || 
	(packet_interval == UINT32_MAX && packet_count == UINT64_MAX)) {
      double ts = trace_get_seconds(packet);
      if (report_rel_time) {
	print_report(ts-last_report_ts);
      } else {
	print_report(ts);
      }
    }

    trace_destroy_packet(packet);

    if (trace_is_err(trace)) {
      trace_perror(trace,"Reading packets");
    }

    // some stats
    f=trace_get_received_packets(trace);
    if (f!=UINT64_MAX)
      fprintf(stderr,"%" PRIu64 " packets on input\n",f);
    f=trace_get_filtered_packets(trace);
    if (f!=UINT64_MAX)
      fprintf(stderr,"%" PRIu64 " packets filtered\n",f);
    f=trace_get_dropped_packets(trace);
    if (f!=UINT64_MAX)
      fprintf(stderr,"%" PRIu64 " packets dropped\n",f);
    f=trace_get_accepted_packets(trace);
    if (f!=UINT64_MAX)
      fprintf(stderr,"%" PRIu64 " packets accepted\n",f);

    trace_destroy(trace);
    session_manager_destroy(sm);
  }

  return 0;
}
Esempio n. 14
0
/* Process a trace, counting packets that match filter(s) */
static void run_trace(char *uri)
{
    struct libtrace_packet_t *packet = trace_create_packet();
    int i;
    uint64_t count = 0;
    uint64_t bytes = 0;
    uint64_t packets;

    fprintf(stderr,"%s:\n",uri);

    trace = trace_create(uri);

    if (trace_is_err(trace)) {
        trace_perror(trace,"Failed to create trace");
        return;
    }

    if (trace_start(trace)==-1) {
        trace_perror(trace,"Failed to start trace");
        return;
    }


    for (;;) {
        int psize;
        int wlen;
        int match = 0;
        if ((psize = trace_read_packet(trace, packet)) <1) {
            break;
        }

        if (done)
            break;
        wlen = trace_get_wire_length(packet);

        for(i=0; i<filter_count; ++i) {
            if (filters[i].filter == NULL)
                continue;
            if(trace_apply_filter(filters[i].filter,packet) > 0) {
                ++filters[i].count;
                filters[i].bytes+=wlen;
                match = 1;
            }
            if (trace_is_err(trace)) {
                trace_perror(trace, "trace_apply_filter");
                fprintf(stderr, "Removing filter from filterlist\n");
                filters[i].filter = NULL;
            }
        }

        if(match == 1 || filter_count == 0)
        {
            libtrace_ip_t *ip_hdr = trace_get_ip(packet);
            if(ip_hdr != NULL)
            {
                char src_ip[INET_ADDRSTRLEN];
                char dst_ip[INET_ADDRSTRLEN];

                inet_ntop(AF_INET, &ip_hdr->ip_src, &src_ip[0], INET_ADDRSTRLEN);
                inet_ntop(AF_INET, &ip_hdr->ip_dst, &dst_ip[0], INET_ADDRSTRLEN);

                printf("%f\t%s\t%s\t%"PRIu16"\t%"PRIu16"\t"
                       "%"PRIu8"\t%"PRIu16"\t%"PRIu16"\n",
                       trace_get_seconds(packet), src_ip, dst_ip,
                       trace_get_source_port(packet),
                       trace_get_destination_port(packet),
                       ip_hdr->ip_p,
                       ntohs(ip_hdr->ip_id),
                       ntohs(ip_hdr->ip_len)
                      );
            }
        }

        ++count;
        bytes+=wlen;
    }

    fprintf(stderr, "%-30s\t%12s\t%12s\t%7s\n","filter","count","bytes","%");
    for(i=0; i<filter_count; ++i) {
        fprintf(stderr, "%30s:\t%12"PRIu64"\t%12"PRIu64"\t%7.03f\n",
                filters[i].expr,filters[i].count,
                filters[i].bytes,filters[i].count*100.0/count);
        filters[i].bytes=0;
        filters[i].count=0;
    }
    packets=trace_get_received_packets(trace);
    if (packets!=UINT64_MAX)
        fprintf(stderr,"%30s:\t%12" PRIu64"\n",
                "Input packets", packets);
    packets=trace_get_filtered_packets(trace);
    if (packets!=UINT64_MAX)
        fprintf(stderr,"%30s:\t%12" PRIu64"\n",
                "Filtered packets", packets);
    packets=trace_get_dropped_packets(trace);
    if (packets!=UINT64_MAX)
        fprintf(stderr,"%30s:\t%12" PRIu64"\n",
                "Dropped packets",packets);
    packets=trace_get_accepted_packets(trace);
    if (packets!=UINT64_MAX)
        fprintf(stderr,"%30s:\t%12" PRIu64 "\n",
                "Accepted Packets",packets);
    fprintf(stderr, "%30s:\t%12"PRIu64"\t%12" PRIu64 "\n","Total",count,bytes);
    totcount+=count;
    totbytes+=bytes;

    if (trace_is_err(trace))
        trace_perror(trace,"%s",uri);

    trace_destroy(trace);
}
int main(int argc, char *argv[])
{
	clock_t start;
	clock_t end;
	double function_time;

	struct time_adjust_record time_adjust_flow1 = {"0.0.0.0", 0, "0.0.0.0", 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1};
	char * p = NULL;
	FILE * fp_time_adjust = NULL;
	FILE * fp_write = NULL;
	char time_adjust_file[128];
	char file_write[256];
	char input_file[256];
	char buffer[256];

	if (argc < 4)
	{
		printf("Please enter two parameters: read_file and write_file\n");
		return 1;
	}

	strcpy(input_file, argv[1]);
	strcpy(time_adjust_file, argv[2]);
	strcpy(file_write, argv[3]);

	if((fp_time_adjust = fopen(time_adjust_file, "r")) == NULL)  //open the file to read
	{
		fprintf(stderr, "Open time adjust file: %s failed\n", time_adjust_file);
		exit(1);
	}
	memset(buffer, '\0', sizeof(buffer));
	fgets(buffer, sizeof(buffer), fp_time_adjust);
	p = strtok(buffer, " ");
	if(p)
	{
		strcpy( time_adjust_flow1.src_ip, p);
	}
	p = strtok(NULL, " ");
	if(p)
	{
		time_adjust_flow1.src_port = atoi(p);
	}
	p = strtok(NULL, " ");
	if(p)
	{
		strcpy( time_adjust_flow1.dest_ip, p);
	}
	p = strtok(NULL, " ");
	if(p)
	{
		time_adjust_flow1.dest_port = atoi(p);
	}
	//printf("flow: %s:%d %s:%d\n", time_adjust_flow1.src_ip, time_adjust_flow1.src_port, time_adjust_flow1.dest_ip, time_adjust_flow1.dest_port);
	memset(buffer, '\0', sizeof(buffer));
	fgets(buffer, sizeof(buffer), fp_time_adjust);
	if( Set_Time_Adjust(buffer, &time_adjust_flow1.first_pkt_sec, &time_adjust_flow1.first_pkt_usec) != 0 )
	{
		printf("line: %d\n", __LINE__);
		exit(1);
	}
	//printf("First packet second: %d, usecond: %d\n", time_adjust_flow1.first_pkt_sec, time_adjust_flow1.first_pkt_usec);
	memset(buffer, '\0', sizeof(buffer));
	fgets(buffer, sizeof(buffer), fp_time_adjust);
	if( Set_Time_Adjust(buffer, &time_adjust_flow1.client_inter_sec, &time_adjust_flow1.client_inter_usec) != 0 )
	{
		printf("line: %d\n", __LINE__);
		exit(1);
	}
	//printf("Client packet inter arrival second: %d, usecond: %d\n", time_adjust_flow1.client_inter_sec, time_adjust_flow1.client_inter_usec);
	memset(buffer, '\0', sizeof(buffer));
	fgets(buffer, sizeof(buffer), fp_time_adjust);
	if( Set_Time_Adjust(buffer, &time_adjust_flow1.server_inter_sec, &time_adjust_flow1.server_inter_usec) != 0 )
	{
		printf("line: %d\n", __LINE__);
		exit(1);
	}
	//printf("Server packet inter arrival second: %d, usecond: %d\n", time_adjust_flow1.server_inter_sec, time_adjust_flow1.server_inter_usec);
	memset(buffer, '\0', sizeof(buffer));
	fgets(buffer, sizeof(buffer), fp_time_adjust);
	if( Set_Time_Adjust(buffer, &time_adjust_flow1.reaction_sec, &time_adjust_flow1.reaction_usec) != 0 )
	{
		printf("line: %d\n", __LINE__);
		exit(1);
	}
	//printf("Client reaction second: %d, usecond: %d\n", time_adjust_flow1.reaction_sec, time_adjust_flow1.reaction_usec);
	memset(buffer, '\0', sizeof(buffer));
	fgets(buffer, sizeof(buffer), fp_time_adjust);
	if( Set_Time_Adjust(buffer, &time_adjust_flow1.rtt_sec, &time_adjust_flow1.rtt_usec) != 0 )
	{
		printf("line: %d\n", __LINE__);
		exit(1);
	}
	//time_adjust_flow1.rtt_usec = time_adjust_flow1.rtt_sec*1000 + time_adjust_flow1.rtt_usec*1000;
	//time_adjust_flow1.rtt_sec = time_adjust_flow1.rtt_sec/1000;
	//printf("Client RTT second: %d, usecond: %d\n", time_adjust_flow1.rtt_sec, time_adjust_flow1.rtt_usec);
	fclose(fp_time_adjust);
	
	if((fp_write=fopen(file_write, "w")) == NULL)  //open the file to read
        {
                fprintf(stderr, "Open write file: %s failed\n", file_write);
                exit(1);
        }

	libtrace_t *trace = 0;
	libtrace_out_t *writer = 0;
	libtrace_packet_t *pkt = trace_create_packet();

	// Open traces for reading and writing.
	trace = trace_create(input_file);
	if (trace_is_err(trace)) {
		trace_perror(trace, "trace_create");
		trace_destroy(trace);
		return 1;
	}
	if (trace_start(trace) == -1) {
		trace_perror(trace,"Starting trace");
		//libtrace_cleanup(trace, output, packet);
		return 1;
	}

	//char output_file[] = "pcap:ttt.pcap";
	//writer = trace_create_output("pcap:testcp");
	/*writer = trace_create_output(output_file);
	if (trace_is_err_output(writer)) {
		trace_perror_output(writer, "trace_create_output");
		trace_destroy_output(writer);
		trace_destroy(trace);
		trace_destroy_packet(pkt);
		return 1;
	}

	if (trace_start_output(writer) == -1) {
		trace_perror_output(writer,"Starting output trace");
		//libtrace_cleanup(trace, output, packet);
		return 1;
	}*/

	int psize = 0;
	int pkt_count = 0;
	for (;;) {
		psize = trace_read_packet(trace, pkt);
		if (psize == 0) {
			break;
		}
		if (psize < 0) {
			trace_perror(trace, "read_packet");
			break;
		}
		//if(pkt_count < 50)
		{
			//printf("packet: %d\n", pkt_count);
			if ((per_packet(pkt, fp_write, &time_adjust_flow1)) == -1)
			{
				fprintf(stderr, "Something went wrong in per_packet.\n");
				break;
			}
		}
		pkt_count++;
	}

	trace_destroy_packet(pkt);
	trace_destroy(trace);
	//trace_destroy_output(writer);
	fclose(fp_write);

	return 0;
}