static struct libtrace_out_t *create_output(char *uri) { struct libtrace_out_t *output = NULL; output = trace_create_output(uri); if (trace_is_err_output(output)) { trace_perror_output(output,"%s",uri); trace_destroy_output(output); return NULL; } /* Default values for now */ trace_start_output(output); if (trace_is_err_output(output)) { trace_perror_output(output,"%s",uri); trace_destroy_output(output); return NULL; } return output; }
/* If you don't specify O_WONLY or O_RDWR on the fileflags, then this should * fail. */ void test_forgotten_wronly() { libtrace_out_t *out; libtrace_t *trace; libtrace_packet_t *packet; int err; int zero = 0; out = trace_create_output("pcapfile:traces/100_packets_out.pcap"); assert(out); assert (!trace_is_err_output(out)); /* Note: no WRONLY/RDWR */ err = trace_config_output(out,TRACE_OPTION_OUTPUT_FILEFLAGS,&zero); assert(err==0); assert(!trace_is_err_output(out)); err = trace_start_output(out); assert(err == 0); assert(!trace_is_err_output(out)); trace = trace_create("pcapfile:traces/100_packets.pcap"); assert(trace); assert(!trace_is_err(trace)); err = trace_start(trace); assert(!trace_is_err(trace)); assert(err == 0); packet = trace_create_packet(); assert(packet); err = trace_read_packet(trace, packet); assert(err>0); err = trace_write_packet(out,packet); assert(err == -1); /* Should fail */ assert(trace_is_err_output(out)); trace_destroy_output(out); trace_destroy_packet(packet); trace_destroy(trace); }
/* Return values: * 1 = continue reading packets * 0 = stop reading packets, cos we're done * -1 = stop reading packets, we've got an error */ static int per_packet(libtrace_packet_t *packet) { double ts = trace_get_seconds(packet); if (trace_get_link_type(packet) == ~0U) { fprintf(stderr, "Halted due to being unable to determine linktype - input trace may be corrupt.\n"); return -1; } if (snaplen>0) { trace_set_capture_length(packet,snaplen); } if (ts <starttime) { return 1; } if ( ts > endtime) { //printf( "%f\t%f\n", ts, endtime); return 0; } if (firsttime==0) { time_t now = trace_get_seconds(packet); if (starttime != 0.0) { firsttime=now-((now - (int)starttime) % interval); } else { firsttime=now; } } if (output && trace_get_seconds(packet)>firsttime+interval) { trace_destroy_output(output); output=NULL; firsttime+=interval; } if (output && pktcount%count==0) { trace_destroy_output(output); output=NULL; } pktcount++; totbytes+=trace_get_capture_length(packet); if (output && totbytes-totbyteslast>=bytes) { trace_destroy_output(output); output=NULL; totbyteslast=totbytes; } if (!output) { char *buffer; bool need_ext=false; if (maxfiles <= filescreated) { return 0; } buffer=strdup(output_base); if (interval!=UINT64_MAX && maxfiles>1) { buffer=strdupcat(buffer,"-"); buffer=strdupcati(buffer,(uint64_t)firsttime); need_ext=true; } if (count!=UINT64_MAX && maxfiles>1) { buffer=strdupcat(buffer,"-"); buffer=strdupcati(buffer,(uint64_t)pktcount); need_ext=true; } if (bytes!=UINT64_MAX && maxfiles>1) { static int filenum=0; buffer=strdupcat(buffer,"-"); buffer=strdupcati(buffer,(uint64_t)++filenum); need_ext=true; } if (need_ext) { if (compress_level!=0) buffer=strdupcat(buffer,".gz"); } if (verbose>1) { fprintf(stderr,"%s:",buffer); if (count!=UINT64_MAX) fprintf(stderr," count=%" PRIu64,pktcount); if (bytes!=UINT64_MAX) fprintf(stderr," bytes=%" PRIu64,bytes); if (interval!=UINT64_MAX) { time_t filetime = firsttime; fprintf(stderr," time=%s",ctime(&filetime)); } else { fprintf(stderr,"\n"); } } output=trace_create_output(buffer); if (trace_is_err_output(output)) { trace_perror_output(output,"%s",buffer); free(buffer); return -1; } if (compress_level!=-1) { if (trace_config_output(output, TRACE_OPTION_OUTPUT_COMPRESS, &compress_level)==-1) { trace_perror_output(output,"Unable to set compression level"); } } if (trace_config_output(output, TRACE_OPTION_OUTPUT_COMPRESSTYPE, &compress_type) == -1) { trace_perror_output(output, "Unable to set compression type"); } trace_start_output(output); if (trace_is_err_output(output)) { trace_perror_output(output,"%s",buffer); free(buffer); return -1; } free(buffer); filescreated ++; } /* Some traces we have are padded (usually with 0x00), so * lets sort that out now and truncate them properly */ if (trace_get_capture_length(packet) > trace_get_wire_length(packet)) { trace_set_capture_length(packet,trace_get_wire_length(packet)); } if (trace_write_packet(output,packet)==-1) { trace_perror_output(output,"write_packet"); return -1; } return 1; }
corsaro_file_t *corsaro_file_open(corsaro_t *corsaro, const char *filename, corsaro_file_mode_t mode, corsaro_file_compress_t compress_type, int compress_level, int flags) { corsaro_file_t *f = NULL; size_t flen, rlen, len; char *ptr, *traceuri; if((f = malloc(sizeof(corsaro_file_t))) == NULL) { corsaro_log(__func__, corsaro, "could not malloc new corsaro_file_t"); return NULL; } f->mode = mode; /* did they ask for a libtrace file? */ switch(mode) { case CORSARO_FILE_MODE_TRACE: flen = strlen(CORSARO_FILE_TRACE_FORMAT); rlen = strlen(filename); len = flen+rlen+1; if((ptr = traceuri = malloc(len)) == NULL) { corsaro_log(__func__, corsaro, "could not malloc traceuri"); return NULL; } strncpy(traceuri, CORSARO_FILE_TRACE_FORMAT, flen); ptr += flen; strncpy(ptr, filename, rlen); traceuri[len-1] = '\0'; f->trace_io = trace_create_output(traceuri); free(traceuri); if (trace_is_err_output(f->trace_io)) { corsaro_log(__func__, corsaro, "trace_create_output failed for %s", filename); return NULL; } if(trace_config_output(f->trace_io, TRACE_OPTION_OUTPUT_COMPRESS, &compress_level) || trace_config_output(f->trace_io, TRACE_OPTION_OUTPUT_COMPRESSTYPE, &compress_type) != 0) { corsaro_log(__func__, corsaro, "could not set compression levels for trace"); return NULL; } if (trace_start_output(f->trace_io) == -1) { corsaro_log(__func__, corsaro, "trace_start_output failed for %s", filename); return NULL; } /* trace is configured! */ break; case CORSARO_FILE_MODE_ASCII: case CORSARO_FILE_MODE_BINARY: if((f->wand_io = wandio_wcreate(filename, compress_type, compress_level, flags)) == NULL) { corsaro_log(__func__, corsaro, "wandio could not create file %s", filename); free(f); return NULL; } break; default: corsaro_log(__func__, corsaro, "invalid file mode %d", mode); free(f); return NULL; } return f; }
static void pkt(struct lfc *lfc, void *pdata, struct lfc_flow *lf, void *data, double ts, bool up, bool is_new, libtrace_packet_t *pkt) { struct flow *f = data; char *name, *uri; libtrace_out_t *out; if (f->ignore) return; if (is_new) { /* find the flow by its id in the ARFF file, get output file name */ name = thash_uint_get(fd->cache, lf->id); if (!name) { cache_update(); name = thash_uint_get(fd->cache, lf->id); if (!name) { f->ignore = true; thash_uint_set(fd->cache, lf->id, NULL); return; } } /* ignore flows with column values we are not interested in */ if (fd->value && !streq(fd->value, name)) { f->ignore = true; thash_uint_set(fd->cache, lf->id, NULL); return; } /* get libtrace output file */ out = thash_get(fd->out_files, name); if (!out) { uri = mmatic_sprintf(fd->mm, "pcap:%s/%s.pcap", fd->dir, name); out = trace_create_output(uri); if (!out) { cleanup(); die("trace_create_output(%s) failed\n", uri); } if (trace_is_err_output(out)) { trace_perror_output(out, "Opening output trace file"); cleanup(); die("trace_create_output(%s) failed\n", uri); } if (trace_start_output(out) == -1) { trace_perror_output(out, "Starting output trace"); cleanup(); die("trace_start_output(%s) failed\n", uri); } thash_set(fd->out_files, name, out); } f->out = out; /* remove id from cache */ thash_uint_set(fd->cache, lf->id, NULL); } trace_write_packet(f->out, pkt); if (trace_is_err_output(f->out)) { trace_perror_output(f->out, "Writing packet to output trace file"); cleanup(); die("trace_write_packet() failed\n"); } }