void init(config_setting_t *setting) { const char *str; config_setting_lookup_string(setting, "filename", &str); char file[256]; sprintf(file, "pcapfile:%s",str); output = trace_create_output(file); trace_start_output(output); }
static struct libtrace_out_t *create_output(char *uri) { struct libtrace_out_t *output = NULL; output = trace_create_output(uri); if (trace_is_err_output(output)) { trace_perror_output(output,"%s",uri); trace_destroy_output(output); return NULL; } /* Default values for now */ trace_start_output(output); if (trace_is_err_output(output)) { trace_perror_output(output,"%s",uri); trace_destroy_output(output); return NULL; } return output; }
/* If you don't specify O_WONLY or O_RDWR on the fileflags, then this should * fail. */ void test_forgotten_wronly() { libtrace_out_t *out; libtrace_t *trace; libtrace_packet_t *packet; int err; int zero = 0; out = trace_create_output("pcapfile:traces/100_packets_out.pcap"); assert(out); assert (!trace_is_err_output(out)); /* Note: no WRONLY/RDWR */ err = trace_config_output(out,TRACE_OPTION_OUTPUT_FILEFLAGS,&zero); assert(err==0); assert(!trace_is_err_output(out)); err = trace_start_output(out); assert(err == 0); assert(!trace_is_err_output(out)); trace = trace_create("pcapfile:traces/100_packets.pcap"); assert(trace); assert(!trace_is_err(trace)); err = trace_start(trace); assert(!trace_is_err(trace)); assert(err == 0); packet = trace_create_packet(); assert(packet); err = trace_read_packet(trace, packet); assert(err>0); err = trace_write_packet(out,packet); assert(err == -1); /* Should fail */ assert(trace_is_err_output(out)); trace_destroy_output(out); trace_destroy_packet(packet); trace_destroy(trace); }
/* Creates an output trace and configures it according to our preferences */ static libtrace_out_t *create_output(int my_id) { libtrace_out_t *out = NULL; char name[1024]; const char * file_index = NULL; const char * first_extension = NULL; file_index = strrchr(outputfile, '/'); if (file_index) first_extension = strchr(file_index, '.'); else first_extension = strchr(name, '.'); if (first_extension) { snprintf(name, sizeof(name), "%.*s-%d%s", (int) (first_extension - outputfile), outputfile, my_id, first_extension); } else { snprintf(name, sizeof(name), "%s-%d", outputfile, my_id); } out = trace_create_output(name); assert(out); if (compress_level >= 0 && trace_config_output(out, TRACE_OPTION_OUTPUT_COMPRESS, &compress_level) == -1) { trace_perror_output(out, "Configuring compression level"); trace_destroy_output(out); exit(-1); } if (trace_config_output(out, TRACE_OPTION_OUTPUT_COMPRESSTYPE, &compress_type) == -1) { trace_perror_output(out, "Configuring compression type"); trace_destroy_output(out); exit(-1); } if (trace_start_output(out)==-1) { trace_perror_output(out,"trace_start_output"); trace_destroy_output(out); exit(-1); } return out; }
int main(int argc, char *argv[]) { int psize = 0; int error = 0; int count = 0; int level = 0; int expected = 100; libtrace_t *trace; libtrace_out_t *outtrace; libtrace_packet_t *packet; trace = trace_create(lookup_uri("pcap")); iferr(trace); outtrace = trace_create_output(lookup_out_uri("pcap")); iferrout(outtrace); level=0; trace_config_output(outtrace,TRACE_OPTION_OUTPUT_COMPRESS,&level); iferrout(outtrace); trace_start(trace); iferr(trace); trace_start_output(outtrace); iferrout(outtrace); packet=trace_create_packet(); for (;;) { if ((psize = trace_read_packet(trace, packet)) <0) { error = 1; break; } if (psize == 0) { error = 0; break; } count ++; /* Force promotion */ if (trace_get_source_port(packet)==80) { trace_set_direction(packet,TRACE_DIR_OUTGOING); assert(trace_get_direction(packet)==TRACE_DIR_OUTGOING); assert(trace_get_source_port(packet)==80); } else { trace_set_direction(packet,TRACE_DIR_INCOMING); assert(trace_get_direction(packet)==TRACE_DIR_INCOMING); } /* And then force demotion */ trace_write_packet(outtrace,packet); iferrout(outtrace); if (count>100) break; } trace_destroy_packet(packet); if (error == 0) { if (count != expected) { printf("failure: %d packets expected, %d seen\n",expected,count); error = 1; } } else { iferr(trace); } trace_destroy(trace); trace_destroy_output(outtrace); return error; }
corsaro_file_t *corsaro_file_open(corsaro_t *corsaro, const char *filename, corsaro_file_mode_t mode, corsaro_file_compress_t compress_type, int compress_level, int flags) { corsaro_file_t *f = NULL; size_t flen, rlen, len; char *ptr, *traceuri; if((f = malloc(sizeof(corsaro_file_t))) == NULL) { corsaro_log(__func__, corsaro, "could not malloc new corsaro_file_t"); return NULL; } f->mode = mode; /* did they ask for a libtrace file? */ switch(mode) { case CORSARO_FILE_MODE_TRACE: flen = strlen(CORSARO_FILE_TRACE_FORMAT); rlen = strlen(filename); len = flen+rlen+1; if((ptr = traceuri = malloc(len)) == NULL) { corsaro_log(__func__, corsaro, "could not malloc traceuri"); return NULL; } strncpy(traceuri, CORSARO_FILE_TRACE_FORMAT, flen); ptr += flen; strncpy(ptr, filename, rlen); traceuri[len-1] = '\0'; f->trace_io = trace_create_output(traceuri); free(traceuri); if (trace_is_err_output(f->trace_io)) { corsaro_log(__func__, corsaro, "trace_create_output failed for %s", filename); return NULL; } if(trace_config_output(f->trace_io, TRACE_OPTION_OUTPUT_COMPRESS, &compress_level) || trace_config_output(f->trace_io, TRACE_OPTION_OUTPUT_COMPRESSTYPE, &compress_type) != 0) { corsaro_log(__func__, corsaro, "could not set compression levels for trace"); return NULL; } if (trace_start_output(f->trace_io) == -1) { corsaro_log(__func__, corsaro, "trace_start_output failed for %s", filename); return NULL; } /* trace is configured! */ break; case CORSARO_FILE_MODE_ASCII: case CORSARO_FILE_MODE_BINARY: if((f->wand_io = wandio_wcreate(filename, compress_type, compress_level, flags)) == NULL) { corsaro_log(__func__, corsaro, "wandio could not create file %s", filename); free(f); return NULL; } break; default: corsaro_log(__func__, corsaro, "invalid file mode %d", mode); free(f); return NULL; } return f; }
/* Return values: * 1 = continue reading packets * 0 = stop reading packets, cos we're done * -1 = stop reading packets, we've got an error */ static int per_packet(libtrace_packet_t *packet) { double ts = trace_get_seconds(packet); if (trace_get_link_type(packet) == ~0U) { fprintf(stderr, "Halted due to being unable to determine linktype - input trace may be corrupt.\n"); return -1; } if (snaplen>0) { trace_set_capture_length(packet,snaplen); } if (ts <starttime) { return 1; } if ( ts > endtime) { //printf( "%f\t%f\n", ts, endtime); return 0; } if (firsttime==0) { time_t now = trace_get_seconds(packet); if (starttime != 0.0) { firsttime=now-((now - (int)starttime) % interval); } else { firsttime=now; } } if (output && trace_get_seconds(packet)>firsttime+interval) { trace_destroy_output(output); output=NULL; firsttime+=interval; } if (output && pktcount%count==0) { trace_destroy_output(output); output=NULL; } pktcount++; totbytes+=trace_get_capture_length(packet); if (output && totbytes-totbyteslast>=bytes) { trace_destroy_output(output); output=NULL; totbyteslast=totbytes; } if (!output) { char *buffer; bool need_ext=false; if (maxfiles <= filescreated) { return 0; } buffer=strdup(output_base); if (interval!=UINT64_MAX && maxfiles>1) { buffer=strdupcat(buffer,"-"); buffer=strdupcati(buffer,(uint64_t)firsttime); need_ext=true; } if (count!=UINT64_MAX && maxfiles>1) { buffer=strdupcat(buffer,"-"); buffer=strdupcati(buffer,(uint64_t)pktcount); need_ext=true; } if (bytes!=UINT64_MAX && maxfiles>1) { static int filenum=0; buffer=strdupcat(buffer,"-"); buffer=strdupcati(buffer,(uint64_t)++filenum); need_ext=true; } if (need_ext) { if (compress_level!=0) buffer=strdupcat(buffer,".gz"); } if (verbose>1) { fprintf(stderr,"%s:",buffer); if (count!=UINT64_MAX) fprintf(stderr," count=%" PRIu64,pktcount); if (bytes!=UINT64_MAX) fprintf(stderr," bytes=%" PRIu64,bytes); if (interval!=UINT64_MAX) { time_t filetime = firsttime; fprintf(stderr," time=%s",ctime(&filetime)); } else { fprintf(stderr,"\n"); } } output=trace_create_output(buffer); if (trace_is_err_output(output)) { trace_perror_output(output,"%s",buffer); free(buffer); return -1; } if (compress_level!=-1) { if (trace_config_output(output, TRACE_OPTION_OUTPUT_COMPRESS, &compress_level)==-1) { trace_perror_output(output,"Unable to set compression level"); } } if (trace_config_output(output, TRACE_OPTION_OUTPUT_COMPRESSTYPE, &compress_type) == -1) { trace_perror_output(output, "Unable to set compression type"); } trace_start_output(output); if (trace_is_err_output(output)) { trace_perror_output(output,"%s",buffer); free(buffer); return -1; } free(buffer); filescreated ++; } /* Some traces we have are padded (usually with 0x00), so * lets sort that out now and truncate them properly */ if (trace_get_capture_length(packet) > trace_get_wire_length(packet)) { trace_set_capture_length(packet,trace_get_wire_length(packet)); } if (trace_write_packet(output,packet)==-1) { trace_perror_output(output,"write_packet"); return -1; } return 1; }
static void pkt(struct lfc *lfc, void *pdata, struct lfc_flow *lf, void *data, double ts, bool up, bool is_new, libtrace_packet_t *pkt) { struct flow *f = data; char *name, *uri; libtrace_out_t *out; if (f->ignore) return; if (is_new) { /* find the flow by its id in the ARFF file, get output file name */ name = thash_uint_get(fd->cache, lf->id); if (!name) { cache_update(); name = thash_uint_get(fd->cache, lf->id); if (!name) { f->ignore = true; thash_uint_set(fd->cache, lf->id, NULL); return; } } /* ignore flows with column values we are not interested in */ if (fd->value && !streq(fd->value, name)) { f->ignore = true; thash_uint_set(fd->cache, lf->id, NULL); return; } /* get libtrace output file */ out = thash_get(fd->out_files, name); if (!out) { uri = mmatic_sprintf(fd->mm, "pcap:%s/%s.pcap", fd->dir, name); out = trace_create_output(uri); if (!out) { cleanup(); die("trace_create_output(%s) failed\n", uri); } if (trace_is_err_output(out)) { trace_perror_output(out, "Opening output trace file"); cleanup(); die("trace_create_output(%s) failed\n", uri); } if (trace_start_output(out) == -1) { trace_perror_output(out, "Starting output trace"); cleanup(); die("trace_start_output(%s) failed\n", uri); } thash_set(fd->out_files, name, out); } f->out = out; /* remove id from cache */ thash_uint_set(fd->cache, lf->id, NULL); } trace_write_packet(f->out, pkt); if (trace_is_err_output(f->out)) { trace_perror_output(f->out, "Writing packet to output trace file"); cleanup(); die("trace_write_packet() failed\n"); } }