qfTraceSource_t *qfTraceOpen(const char *uri,
const char *bpf,
int snaplen,
GError **err)
{
qfTraceSource_t *lts;
libtrace_err_t terr;
lts = g_new0(qfTraceSource_t, 1);
if (!(lts->packet = trace_create_packet())) {
g_set_error(err, YAF_ERROR_DOMAIN, YAF_ERROR_IO,
"Could not initialize libtrace packet");
goto err;
}
lts->trace = trace_create(uri);
if (trace_is_err(lts->trace)) {
terr = trace_get_err(lts->trace);
g_set_error(err, YAF_ERROR_DOMAIN, YAF_ERROR_IO,
"Could not open libtrace URI %s: %s",
uri, terr.problem);
goto err;
}
if (trace_config(lts->trace, TRACE_OPTION_SNAPLEN, &snaplen) == -1) {
terr = trace_get_err(lts->trace);
g_set_error(err, YAF_ERROR_DOMAIN, YAF_ERROR_IO,
"Could not set snaplen on libtrace URI %s: %s",
uri, terr.problem);
goto err;
}
if (bpf) {
if (!(lts->filter = trace_create_filter(bpf))) {
g_warning("Could not compile libtrace BPF %s", bpf);
goto err;
}
if (trace_config(lts->trace, TRACE_OPTION_FILTER, lts->filter) == -1) {
terr = trace_get_err(lts->trace);
g_warning("Could not set libtrace filter: %s", terr.problem);
goto err;
}
}
/* start processing */
if (trace_start(lts->trace) == -1) {
terr = trace_get_err(lts->trace);
g_warning("libtrace trace_start() error: %s", terr.problem);
goto err;
}
return lts;
err:
qfTraceClose(lts);
return NULL;
}
/* Process a trace, counting packets that match filter(s) */
static void run_trace(char *uri, libtrace_filter_t *filter, int count)
{
struct libtrace_packet_t *packet = trace_create_packet();
/* Already read the maximum number of packets - don't need to read
* anything from this trace */
if ((count >= 0 && packets_read >= count) || done)
return;
trace = trace_create(uri);
if (trace_is_err(trace)) {
trace_perror(trace,"trace_create");
return;
}
if (filter) {
trace_config(trace,TRACE_OPTION_FILTER,filter);
}
if (trace_start(trace)==-1) {
trace_perror(trace,"trace_start");
return;
}
while (1) {
int psize;
if (count >= 0 && packets_read >= count)
break;
if (done)
break;
if ((psize = trace_read_packet(trace, packet)) <1) {
break;
}
if (IS_LIBTRACE_META_PACKET(packet))
continue;
if (reports_required & REPORT_TYPE_MISC)
misc_per_packet(packet);
if (reports_required & REPORT_TYPE_ERROR)
error_per_packet(packet);
if (reports_required & REPORT_TYPE_PORT)
port_per_packet(packet);
if (reports_required & REPORT_TYPE_PROTO)
protocol_per_packet(packet);
if (reports_required & REPORT_TYPE_TOS)
tos_per_packet(packet);
if (reports_required & REPORT_TYPE_TTL)
ttl_per_packet(packet);
if (reports_required & REPORT_TYPE_FLOW)
flow_per_packet(packet);
if (reports_required & REPORT_TYPE_TCPOPT)
tcpopt_per_packet(packet);
if (reports_required & REPORT_TYPE_SYNOPT)
synopt_per_packet(packet);
if (reports_required & REPORT_TYPE_NLP)
nlp_per_packet(packet);
if (reports_required & REPORT_TYPE_DIR)
dir_per_packet(packet);
if (reports_required & REPORT_TYPE_ECN)
ecn_per_packet(packet);
if (reports_required & REPORT_TYPE_TCPSEG)
tcpseg_per_packet(packet);
packets_read ++;
}
if (reports_required & REPORT_TYPE_DROPS)
drops_per_trace(trace);
trace_destroy_packet(packet);
trace_destroy(trace);
}
int main(int argc, char *argv[])
{
libtrace_t *trace;
libtrace_packet_t *packet;
libtrace_filter_t *filter=NULL;
int snaplen=-1;
int promisc=-1;
while(1) {
int option_index;
struct option long_options[] = {
{ "filter", 1, 0, 'f' },
{ "snaplen", 1, 0, 's' },
{ "promisc", 1, 0, 'p' },
{ "help", 0, 0, 'h' },
{ "libtrace-help", 0, 0, 'H' },
{ NULL, 0, 0, 0 }
};
int c= getopt_long(argc, argv, "f:s:p:hH",
long_options, &option_index);
if (c==-1)
break;
switch (c) {
case 'f':
filter=trace_create_filter(optarg);
break;
case 's':
snaplen=atoi(optarg);
break;
case 'p':
promisc=atoi(optarg);
break;
case 'H':
trace_help();
return 1;
default:
fprintf(stderr,"Unknown option: %c\n",c);
/* FALL THRU */
case 'h':
usage(argv[0]);
return 1;
}
}
if (optind>=argc) {
fprintf(stderr,"Missing input uri\n");
usage(argv[0]);
return 1;
}
while (optind<argc) {
trace = trace_create(argv[optind]);
++optind;
if (trace_is_err(trace)) {
trace_perror(trace,"Opening trace file");
return 1;
}
if (snaplen>0)
if (trace_config(trace,TRACE_OPTION_SNAPLEN,&snaplen)) {
trace_perror(trace,"ignoring: ");
}
if (filter)
if (trace_config(trace,TRACE_OPTION_FILTER,filter)) {
trace_perror(trace,"ignoring: ");
}
if (promisc!=-1) {
if (trace_config(trace,TRACE_OPTION_PROMISC,&promisc)) {
trace_perror(trace,"ignoring: ");
}
}
if (trace_start(trace)) {
trace_perror(trace,"Starting trace");
trace_destroy(trace);
return 1;
}
packet = trace_create_packet();
while (trace_read_packet(trace,packet)>0) {
per_packet(packet);
}
trace_destroy_packet(packet);
if (trace_is_err(trace)) {
trace_perror(trace,"Reading packets");
}
trace_destroy(trace);
}
return 0;
}
int main(int argc, char *argv[])
{
char *compress_type_str=NULL;
struct libtrace_filter_t *filter=NULL;
struct libtrace_t *input = NULL;
struct libtrace_packet_t *packet = trace_create_packet();
struct sigaction sigact;
int i;
if (argc<2) {
usage(argv[0]);
return 1;
}
/* Parse command line options */
while(1) {
int option_index;
struct option long_options[] = {
{ "filter", 1, 0, 'f' },
{ "count", 1, 0, 'c' },
{ "bytes", 1, 0, 'b' },
{ "starttime", 1, 0, 's' },
{ "endtime", 1, 0, 'e' },
{ "interval", 1, 0, 'i' },
{ "libtrace-help", 0, 0, 'H' },
{ "maxfiles", 1, 0, 'm' },
{ "snaplen", 1, 0, 'S' },
{ "verbose", 0, 0, 'v' },
{ "compress-level", 1, 0, 'z' },
{ "compress-type", 1, 0, 'Z' },
{ NULL, 0, 0, 0 },
};
int c=getopt_long(argc, argv, "f:c:b:s:e:i:m:S:Hvz:Z:",
long_options, &option_index);
if (c==-1)
break;
switch (c) {
case 'f': filter=trace_create_filter(optarg);
break;
case 'c': count=atoi(optarg);
break;
case 'b': bytes=atoi(optarg);
break;
case 's': starttime=atof(optarg); /* FIXME: use getdate */
break;
case 'e': endtime=atof(optarg);
break;
case 'i': interval=atoi(optarg);
break;
case 'm': maxfiles=atoi(optarg);
break;
case 'S': snaplen=atoi(optarg);
break;
case 'H':
trace_help();
exit(1);
break;
case 'v':
verbose++;
break;
case 'z':
compress_level=atoi(optarg);
if (compress_level<0 || compress_level>9) {
usage(argv[0]);
exit(1);
}
break;
case 'Z':
compress_type_str=optarg;
break;
default:
fprintf(stderr,"Unknown option: %c\n",c);
usage(argv[0]);
return 1;
}
}
if (compress_type_str == NULL && compress_level >= 0) {
fprintf(stderr, "Compression level set, but no compression type was defined, setting to gzip\n");
compress_type = TRACE_OPTION_COMPRESSTYPE_ZLIB;
}
else if (compress_type_str == NULL) {
/* If a level or type is not specified, use the "none"
* compression module */
compress_type = TRACE_OPTION_COMPRESSTYPE_NONE;
}
/* I decided to be fairly generous in what I accept for the
* compression type string */
else if (strncmp(compress_type_str, "gz", 2) == 0 ||
strncmp(compress_type_str, "zlib", 4) == 0) {
compress_type = TRACE_OPTION_COMPRESSTYPE_ZLIB;
} else if (strncmp(compress_type_str, "bz", 2) == 0) {
compress_type = TRACE_OPTION_COMPRESSTYPE_BZ2;
} else if (strncmp(compress_type_str, "lzo", 3) == 0) {
compress_type = TRACE_OPTION_COMPRESSTYPE_LZO;
} else if (strncmp(compress_type_str, "no", 2) == 0) {
compress_type = TRACE_OPTION_COMPRESSTYPE_NONE;
} else {
fprintf(stderr, "Unknown compression type: %s\n",
compress_type_str);
return 1;
}
if (optind+2>argc) {
fprintf(stderr,"missing inputuri or outputuri\n");
usage(argv[0]);
}
output_base = argv[argc - 1];
sigact.sa_handler = cleanup_signal;
sigemptyset(&sigact.sa_mask);
sigact.sa_flags = SA_RESTART;
sigaction(SIGINT, &sigact, NULL);
sigaction(SIGTERM, &sigact, NULL);
output=NULL;
signal(SIGINT,&cleanup_signal);
signal(SIGTERM,&cleanup_signal);
for (i = optind; i < argc - 1; i++) {
input = trace_create(argv[i]);
if (trace_is_err(input)) {
trace_perror(input,"%s",argv[i]);
return 1;
}
if (filter && trace_config(input, TRACE_OPTION_FILTER, filter) == 1) {
trace_perror(input, "Configuring filter for %s",
argv[i]);
return 1;
}
if (trace_start(input)==-1) {
trace_perror(input,"%s",argv[i]);
return 1;
}
while (trace_read_packet(input,packet)>0) {
if (per_packet(packet) < 1)
done = 1;
if (done)
break;
}
if (done)
break;
if (trace_is_err(input)) {
trace_perror(input,"Reading packets");
trace_destroy(input);
break;
}
trace_destroy(input);
}
if (verbose) {
uint64_t f;
f=trace_get_received_packets(input);
if (f!=UINT64_MAX)
fprintf(stderr,"%" PRIu64 " packets on input\n",f);
f=trace_get_filtered_packets(input);
if (f!=UINT64_MAX)
fprintf(stderr,"%" PRIu64 " packets filtered\n",f);
f=trace_get_dropped_packets(input);
if (f!=UINT64_MAX)
fprintf(stderr,"%" PRIu64 " packets dropped\n",f);
f=trace_get_accepted_packets(input);
if (f!=UINT64_MAX)
fprintf(stderr,"%" PRIu64 " packets accepted\n",f);
}
if (output)
trace_destroy_output(output);
trace_destroy_packet(packet);
return 0;
}
int main(int argc, char *argv[])
{
libtrace_t *trace;
libtrace_packet_t *packet;
libtrace_filter_t *filter=NULL;
session_manager_t *sm;
uint64_t f;
while(1) {
int option_index;
struct option long_options[] = {
{ "filter", 1, 0, 'f' },
{ "interval", 1, 0, 'i' },
{ "count", 1, 0, 'c' },
{ "exit", 1, 0, 'e' },
{ "relative", 0, 0, 'r' },
{ "help", 0, 0, 'h' },
{ "libtrace-help",0, 0, 'H' },
{ NULL, 0, 0, 0 }
};
int c= getopt_long(argc, argv, "c:e:f:i:hHr",
long_options, &option_index);
if (c==-1)
break;
switch (c) {
case 'f':
filter=trace_create_filter(optarg);
break;
case 'i':
packet_interval=atof(optarg);
break;
case 'c':
packet_count=atoi(optarg);
packet_interval=UINT32_MAX; // make sure only one is defined
break;
case 'e':
report_periods=atoi(optarg);
break;
case 'r':
report_rel_time = 1;
break;
case 'H':
trace_help();
return 1;
default:
fprintf(stderr,"Unknown option: %c\n",c);
/* FALL THRU */
case 'h':
usage(argv[0]);
return 1;
}
}
if (optind>=argc) {
fprintf(stderr,"Missing input uri\n");
usage(argv[0]);
return 1;
}
while (optind<argc) {
// create tcp session manager
sm = session_manager_create();
// create and register the data-ack based RTT module
session_manager_register_module(sm,rtt_n_sequence_module());
fprintf(stderr, "Processing %s\n",argv[optind]);
trace = trace_create(argv[optind]);
++optind;
if (trace_is_err(trace)) {
trace_perror(trace,"Opening trace file");
return 1;
}
if (filter && trace_config(trace,TRACE_OPTION_FILTER,filter)==1) {
trace_perror(trace,"Configuring filter");
}
if (trace_start(trace)) {
trace_perror(trace,"Starting trace");
trace_destroy(trace);
return 1;
}
packet = trace_create_packet();
print_report_hdr();
reset_report();
last_report_ts = 0;
last_packet_ts = 0;
while (trace_read_packet(trace,packet)>0) {
per_packet(packet,session_manager_update(sm,packet));
if (report_periods != UINT64_MAX && reported >= report_periods) {
break;
}
}
// remaining pkts (or all if no period set)
if ((reports[OUT].count+reports[IN].count) > 0 ||
(packet_interval == UINT32_MAX && packet_count == UINT64_MAX)) {
double ts = trace_get_seconds(packet);
if (report_rel_time) {
print_report(ts-last_report_ts);
} else {
print_report(ts);
}
}
trace_destroy_packet(packet);
if (trace_is_err(trace)) {
trace_perror(trace,"Reading packets");
}
// some stats
f=trace_get_received_packets(trace);
if (f!=UINT64_MAX)
fprintf(stderr,"%" PRIu64 " packets on input\n",f);
f=trace_get_filtered_packets(trace);
if (f!=UINT64_MAX)
fprintf(stderr,"%" PRIu64 " packets filtered\n",f);
f=trace_get_dropped_packets(trace);
if (f!=UINT64_MAX)
fprintf(stderr,"%" PRIu64 " packets dropped\n",f);
f=trace_get_accepted_packets(trace);
if (f!=UINT64_MAX)
fprintf(stderr,"%" PRIu64 " packets accepted\n",f);
trace_destroy(trace);
session_manager_destroy(sm);
}
return 0;
}
