/* Creates an output trace and configures it according to our preferences */
static libtrace_out_t *create_output(int my_id) {
libtrace_out_t *out = NULL;
char name[1024];
const char * file_index = NULL;
const char * first_extension = NULL;
file_index = strrchr(outputfile, '/');
if (file_index)
first_extension = strchr(file_index, '.');
else
first_extension = strchr(name, '.');
if (first_extension) {
snprintf(name, sizeof(name), "%.*s-%d%s", (int) (first_extension - outputfile), outputfile, my_id, first_extension);
} else {
snprintf(name, sizeof(name), "%s-%d", outputfile, my_id);
}
out = trace_create_output(name);
assert(out);
if (compress_level >= 0 && trace_config_output(out,
TRACE_OPTION_OUTPUT_COMPRESS, &compress_level) == -1) {
trace_perror_output(out, "Configuring compression level");
trace_destroy_output(out);
exit(-1);
}
if (trace_config_output(out, TRACE_OPTION_OUTPUT_COMPRESSTYPE,
&compress_type) == -1) {
trace_perror_output(out, "Configuring compression type");
trace_destroy_output(out);
exit(-1);
}
if (trace_start_output(out)==-1) {
trace_perror_output(out,"trace_start_output");
trace_destroy_output(out);
exit(-1);
}
return out;
}
/* If you don't specify O_WONLY or O_RDWR on the fileflags, then this should
* fail.
*/
void test_forgotten_wronly()
{
libtrace_out_t *out;
libtrace_t *trace;
libtrace_packet_t *packet;
int err;
int zero = 0;
out = trace_create_output("pcapfile:traces/100_packets_out.pcap");
assert(out);
assert (!trace_is_err_output(out));
/* Note: no WRONLY/RDWR */
err = trace_config_output(out,TRACE_OPTION_OUTPUT_FILEFLAGS,&zero);
assert(err==0);
assert(!trace_is_err_output(out));
err = trace_start_output(out);
assert(err == 0);
assert(!trace_is_err_output(out));
trace = trace_create("pcapfile:traces/100_packets.pcap");
assert(trace);
assert(!trace_is_err(trace));
err = trace_start(trace);
assert(!trace_is_err(trace));
assert(err == 0);
packet = trace_create_packet();
assert(packet);
err = trace_read_packet(trace, packet);
assert(err>0);
err = trace_write_packet(out,packet);
assert(err == -1); /* Should fail */
assert(trace_is_err_output(out));
trace_destroy_output(out);
trace_destroy_packet(packet);
trace_destroy(trace);
}
int main(int argc, char *argv[]) {
int psize = 0;
int error = 0;
int count = 0;
int level = 0;
int expected = 100;
libtrace_t *trace;
libtrace_out_t *outtrace;
libtrace_packet_t *packet;
trace = trace_create(lookup_uri("pcap"));
iferr(trace);
outtrace = trace_create_output(lookup_out_uri("pcap"));
iferrout(outtrace);
level=0;
trace_config_output(outtrace,TRACE_OPTION_OUTPUT_COMPRESS,&level);
iferrout(outtrace);
trace_start(trace);
iferr(trace);
trace_start_output(outtrace);
iferrout(outtrace);
packet=trace_create_packet();
for (;;) {
if ((psize = trace_read_packet(trace, packet)) <0) {
error = 1;
break;
}
if (psize == 0) {
error = 0;
break;
}
count ++;
/* Force promotion */
if (trace_get_source_port(packet)==80) {
trace_set_direction(packet,TRACE_DIR_OUTGOING);
assert(trace_get_direction(packet)==TRACE_DIR_OUTGOING);
assert(trace_get_source_port(packet)==80);
}
else {
trace_set_direction(packet,TRACE_DIR_INCOMING);
assert(trace_get_direction(packet)==TRACE_DIR_INCOMING);
}
/* And then force demotion */
trace_write_packet(outtrace,packet);
iferrout(outtrace);
if (count>100)
break;
}
trace_destroy_packet(packet);
if (error == 0) {
if (count != expected) {
printf("failure: %d packets expected, %d seen\n",expected,count);
error = 1;
}
} else {
iferr(trace);
}
trace_destroy(trace);
trace_destroy_output(outtrace);
return error;
}
corsaro_file_t *corsaro_file_open(corsaro_t *corsaro,
const char *filename,
corsaro_file_mode_t mode,
corsaro_file_compress_t compress_type,
int compress_level,
int flags)
{
corsaro_file_t *f = NULL;
size_t flen, rlen, len;
char *ptr, *traceuri;
if((f = malloc(sizeof(corsaro_file_t))) == NULL)
{
corsaro_log(__func__, corsaro, "could not malloc new corsaro_file_t");
return NULL;
}
f->mode = mode;
/* did they ask for a libtrace file? */
switch(mode)
{
case CORSARO_FILE_MODE_TRACE:
flen = strlen(CORSARO_FILE_TRACE_FORMAT);
rlen = strlen(filename);
len = flen+rlen+1;
if((ptr = traceuri = malloc(len)) == NULL)
{
corsaro_log(__func__, corsaro, "could not malloc traceuri");
return NULL;
}
strncpy(traceuri, CORSARO_FILE_TRACE_FORMAT, flen);
ptr += flen;
strncpy(ptr, filename, rlen);
traceuri[len-1] = '\0';
f->trace_io = trace_create_output(traceuri);
free(traceuri);
if (trace_is_err_output(f->trace_io))
{
corsaro_log(__func__, corsaro, "trace_create_output failed for %s",
filename);
return NULL;
}
if(trace_config_output(f->trace_io, TRACE_OPTION_OUTPUT_COMPRESS,
&compress_level) ||
trace_config_output(f->trace_io, TRACE_OPTION_OUTPUT_COMPRESSTYPE,
&compress_type) != 0)
{
corsaro_log(__func__, corsaro,
"could not set compression levels for trace");
return NULL;
}
if (trace_start_output(f->trace_io) == -1) {
corsaro_log(__func__, corsaro, "trace_start_output failed for %s",
filename);
return NULL;
}
/* trace is configured! */
break;
case CORSARO_FILE_MODE_ASCII:
case CORSARO_FILE_MODE_BINARY:
if((f->wand_io = wandio_wcreate(filename, compress_type,
compress_level, flags)) == NULL)
{
corsaro_log(__func__, corsaro, "wandio could not create file %s",
filename);
free(f);
return NULL;
}
break;
default:
corsaro_log(__func__, corsaro, "invalid file mode %d", mode);
free(f);
return NULL;
}
return f;
}
/* Return values:
* 1 = continue reading packets
* 0 = stop reading packets, cos we're done
* -1 = stop reading packets, we've got an error
*/
static int per_packet(libtrace_packet_t *packet) {
double ts = trace_get_seconds(packet);
if (trace_get_link_type(packet) == ~0U) {
fprintf(stderr, "Halted due to being unable to determine linktype - input trace may be corrupt.\n");
return -1;
}
if (snaplen>0) {
trace_set_capture_length(packet,snaplen);
}
if (ts <starttime) {
return 1;
}
if ( ts > endtime) {
//printf( "%f\t%f\n", ts, endtime);
return 0;
}
if (firsttime==0) {
time_t now = trace_get_seconds(packet);
if (starttime != 0.0) {
firsttime=now-((now - (int)starttime) % interval);
}
else {
firsttime=now;
}
}
if (output && trace_get_seconds(packet)>firsttime+interval) {
trace_destroy_output(output);
output=NULL;
firsttime+=interval;
}
if (output && pktcount%count==0) {
trace_destroy_output(output);
output=NULL;
}
pktcount++;
totbytes+=trace_get_capture_length(packet);
if (output && totbytes-totbyteslast>=bytes) {
trace_destroy_output(output);
output=NULL;
totbyteslast=totbytes;
}
if (!output) {
char *buffer;
bool need_ext=false;
if (maxfiles <= filescreated) {
return 0;
}
buffer=strdup(output_base);
if (interval!=UINT64_MAX && maxfiles>1) {
buffer=strdupcat(buffer,"-");
buffer=strdupcati(buffer,(uint64_t)firsttime);
need_ext=true;
}
if (count!=UINT64_MAX && maxfiles>1) {
buffer=strdupcat(buffer,"-");
buffer=strdupcati(buffer,(uint64_t)pktcount);
need_ext=true;
}
if (bytes!=UINT64_MAX && maxfiles>1) {
static int filenum=0;
buffer=strdupcat(buffer,"-");
buffer=strdupcati(buffer,(uint64_t)++filenum);
need_ext=true;
}
if (need_ext) {
if (compress_level!=0)
buffer=strdupcat(buffer,".gz");
}
if (verbose>1) {
fprintf(stderr,"%s:",buffer);
if (count!=UINT64_MAX)
fprintf(stderr," count=%" PRIu64,pktcount);
if (bytes!=UINT64_MAX)
fprintf(stderr," bytes=%" PRIu64,bytes);
if (interval!=UINT64_MAX) {
time_t filetime = firsttime;
fprintf(stderr," time=%s",ctime(&filetime));
}
else {
fprintf(stderr,"\n");
}
}
output=trace_create_output(buffer);
if (trace_is_err_output(output)) {
trace_perror_output(output,"%s",buffer);
free(buffer);
return -1;
}
if (compress_level!=-1) {
if (trace_config_output(output,
TRACE_OPTION_OUTPUT_COMPRESS,
&compress_level)==-1) {
trace_perror_output(output,"Unable to set compression level");
}
}
if (trace_config_output(output,
TRACE_OPTION_OUTPUT_COMPRESSTYPE,
&compress_type) == -1) {
trace_perror_output(output, "Unable to set compression type");
}
trace_start_output(output);
if (trace_is_err_output(output)) {
trace_perror_output(output,"%s",buffer);
free(buffer);
return -1;
}
free(buffer);
filescreated ++;
}
/* Some traces we have are padded (usually with 0x00), so
* lets sort that out now and truncate them properly
*/
if (trace_get_capture_length(packet)
> trace_get_wire_length(packet)) {
trace_set_capture_length(packet,trace_get_wire_length(packet));
}
if (trace_write_packet(output,packet)==-1) {
trace_perror_output(output,"write_packet");
return -1;
}
return 1;
}
