コード例 #1
0
ファイル: qofltrace.c プロジェクト: britram/qof 
qfTraceSource_t *qfTraceOpen(const char *uri,
                             const char *bpf,
                             int snaplen,
                             GError **err)
{
    qfTraceSource_t *lts;
    libtrace_err_t  terr;
    
    lts = g_new0(qfTraceSource_t, 1);
    
    if (!(lts->packet = trace_create_packet())) {
        g_set_error(err, YAF_ERROR_DOMAIN, YAF_ERROR_IO,
                    "Could not initialize libtrace packet");
        goto err;
    }
    
    lts->trace = trace_create(uri);
    if (trace_is_err(lts->trace)) {
        terr = trace_get_err(lts->trace);
        g_set_error(err, YAF_ERROR_DOMAIN, YAF_ERROR_IO,
                    "Could not open libtrace URI %s: %s",
                    uri, terr.problem);
        goto err;
    }
    
    if (trace_config(lts->trace, TRACE_OPTION_SNAPLEN, &snaplen) == -1) {
        terr = trace_get_err(lts->trace);
        g_set_error(err, YAF_ERROR_DOMAIN, YAF_ERROR_IO,
                    "Could not set snaplen on libtrace URI %s: %s",
                    uri, terr.problem);
        goto err;
    }
    
    if (bpf) {
        if (!(lts->filter = trace_create_filter(bpf))) {
            g_warning("Could not compile libtrace BPF %s", bpf);
            goto err;
        }
        
        if (trace_config(lts->trace, TRACE_OPTION_FILTER, lts->filter) == -1) {
            terr = trace_get_err(lts->trace);
            g_warning("Could not set libtrace filter: %s", terr.problem);
            goto err;
        }
    }
    
    /* start processing */
    if (trace_start(lts->trace) == -1) {
        terr = trace_get_err(lts->trace);
        g_warning("libtrace trace_start() error: %s", terr.problem);
        goto err;
    }

    
    return lts;
  
err:
    qfTraceClose(lts);
    return NULL;
}
コード例 #2
0
ファイル: test-time.c プロジェクト: superpig0501/libtrace 
void iferr(libtrace_t *trace)
{
	libtrace_err_t err = trace_get_err(trace);
	if (err.err_num==0)
		return;
	printf("Error: %s\n",err.problem);
	exit(1);
}
コード例 #3
0
ファイル: format_rt.c プロジェクト: superpig0501/libtrace 
static libtrace_eventobj_t trace_event_rt(libtrace_t *trace,
					libtrace_packet_t *packet) 
{
	libtrace_eventobj_t event = {0,0,0.0,0};
	libtrace_err_t read_err;

	assert(trace);
	assert(packet);
	
	if (trace->format->get_fd) {
		event.fd = trace->format->get_fd(trace);
	} else {
		event.fd = 0;
	}

	do {

		event.size = rt_read_packet_versatile(trace, packet, 0);
		if (event.size == -1) {
			read_err = trace_get_err(trace);
			if (read_err.err_num == EAGAIN) {
				/* No data available - do an IOWAIT */
				event.type = TRACE_EVENT_IOWAIT;
			}
			else {
				trace_perror(trace, "Error doing a non-blocking read from rt");
				event.type = TRACE_EVENT_PACKET;
				break;
			}
		} else if (event.size == 0) {
			/* RT gives us a specific indicator that there will be 
			 * no more packets. */
			if (packet->type == TRACE_RT_END_DATA)
				event.type = TRACE_EVENT_TERMINATE;
			else
				/* Since several RT messages can have zero-byte
				 * length (once the framing is removed), an 
				 * event size of zero can still indicate a 
				 * PACKET event */
				event.type = TRACE_EVENT_PACKET;

		}	
		else {
			event.type = TRACE_EVENT_PACKET;
		}

		if (trace->filter && event.type == TRACE_EVENT_PACKET) {
			if (!trace_apply_filter(trace->filter, packet)) {
				trace_clear_cache(packet);
				continue;
			}
		}

		break;	
	} while (1);

	return event;
}
コード例 #4
0
ファイル: qofltrace.c プロジェクト: britram/qof 
gboolean qfTraceMain(qfContext_t             *ctx)
{
    gboolean                ok = TRUE;
    qfTraceSource_t         *lts = ctx->ictx.pktsrc;
    yfPBuf_t                    *pbuf;

    libtrace_err_t          terr;
    
    int i, trv;
    
    /* process input until we're done */
    while (!yaf_quit) {
        
        i = 0;
        while (i < TRACE_PACKET_GROUP && !yaf_quit) {
            
            /* get next spot in ring buffer */
            pbuf = (yfPBuf_t *)rgaNextHead(ctx->pbufring);
            g_assert(pbuf);
            
            /* and try to parse packets into it until we get one */
            do {
                trv = trace_read_packet(lts->trace, lts->packet);
                if (trv <= 0) goto TRACE_END;
            } while (!qfTraceHandlePacket(lts, pbuf, ctx));
            i++;
        }

TRACE_END:
        /* Check for error */
        if (trace_is_err(lts->trace)) {
            terr = trace_get_err(lts->trace);
            g_warning("libtrace error: %s", terr.problem);
            ok = FALSE;
            break;
        }

        /* Check for quit or EOF */
        if (yaf_quit || trv == 0) break;

        /* Process the packet buffer */
        if (ok && !yfProcessPBufRing(ctx, &(ctx->err))) {
            ok = FALSE;
            break;
        }
        
        /* Do periodic export as necessary */
        qfTracePeriodicExport(ctx, yfFlowTabCurrentTime(ctx->flowtab));
    }

    return yfFinalFlush(ctx, ok,  &(ctx->err));
}
コード例 #5
0
int main(int argc, char *argv[]) {
	struct libtrace_t *input = NULL;
	struct libtrace_out_t *in_write = NULL;
	struct libtrace_out_t *out_write = NULL;
	libtrace_err_t trace_err;
	struct libtrace_packet_t *packet = trace_create_packet();
	
	if (argc < 3) {
		usage(argv[0]);
		return 1;
	}

	input = trace_create(argv[1]);
	if (trace_is_err(input)) {
		trace_err = trace_get_err(input);
		printf("Problem reading input trace: %s\n", trace_err.problem);
		return 1;
	}
	if (trace_start(input)==-1) {
		trace_perror(input,"Unable to start trace: %s",argv[1]);
		return 1;
	}
	
	while(1) {
		if (trace_read_packet(input, packet) < 1)
			break;

		switch(trace_get_direction(packet)) {
			case TRACE_DIR_INCOMING:
				if (!out_write) {
					out_write = create_output(argv[3]);
					if (!out_write)
						return 1;
				}
				if (trace_write_packet(out_write, packet)==-1){
					trace_perror_output(in_write,"write");
					return 1;
				}
				break;
			case TRACE_DIR_OUTGOING:
				if (!in_write) {
					in_write = create_output(argv[2]);
					if (!in_write)
						return 1;
				}
				if (trace_write_packet(in_write, packet)==-1) {
					trace_perror_output(in_write,"write");
					return 1;
				}
				break;
			default:
				ignored++;
		}

	}
	if (out_write)
		trace_destroy_output(out_write);
	if (in_write)
		trace_destroy_output(in_write);
	trace_destroy(input);
	trace_destroy_packet(packet);

	if (ignored)
		fprintf(stderr,"warning: Ignored %" PRIu64 " packets with unknown directions\n",
				ignored);
	
	return 0;
}
コード例 #6
0
ファイル: rate.c プロジェクト: EaseTheWorld/libtrace 
int main(int argc, char *argv[]) {

        char *uri = 0;
        int psize = 0;
        struct libtrace_ip *ipptr = 0;
	struct libtrace_packet_t *packet = trace_create_packet();
	libtrace_err_t trace_err;

	uint32_t last_second = 0;
	double ts = 0.0;


        if (argc == 2) {
                uri = strdup(argv[1]);
        }

        // create an trace to uri
        trace = trace_create(uri);
	if (trace_is_err(trace)) {
                trace_err = trace_get_err(trace);
                printf("Error in trace_create: %s\n", trace_err.problem);
                return -1;
        }
        trace_start(trace);
        if (trace_is_err(trace)) {
                trace_err = trace_get_err(trace);
                printf("Error in trace_start: %s\n", trace_err.problem);
                return -1;
        }


        for (;;) {
                if ((psize = trace_read_packet(trace,packet)) < 1) {
                        // terminate
                        break;
                }
                if (psize == 0) {
                        continue;
                }

                if((ipptr = trace_get_ip(packet)) == 0) {
			continue;
		}
		
                counter[BYTES][INSTANT] += ntohs(ipptr->ip_len);
                counter[PACKETS][INSTANT] ++;

		ts = trace_get_seconds(packet);
		if(last_second == 0) {
			last_second = ts;
		} else if (last_second < ts) {
			last_second = ts;
			docalc++;
		}

                if(docalc) {
                        secondreport();
                }


        }

        trace_destroy(trace);
        return 0;
}