Code which implements the public functions of libcorsaro. More...
Go to the source code of this file.
Functions | |
| static corsaro_packet_t * | corsaro_packet_alloc (corsaro_t *corsaro) |
| Allocate a corsaro packet wrapper structure. More... | |
| static void | corsaro_packet_state_reset (corsaro_packet_t *packet) |
| Reset the state for a the given corsaro packet wrapper. More... | |
| static void | corsaro_packet_free (corsaro_packet_t *packet) |
| Free the given corsaro packet wrapper. More... | |
| static void | corsaro_free (corsaro_t *corsaro) |
| Cleanup and free the given corsaro instance. More... | |
| static void | populate_interval (corsaro_interval_t *interval, uint32_t number, uint32_t time) |
| Fill the given interval object with the default values. More... | |
| static int | is_meta_rotate_interval (corsaro_t *corsaro) |
| Check if the meta output files should be rotated. More... | |
| static corsaro_t * | corsaro_init (char *template, corsaro_file_mode_t mode) |
| Initialize a new corsaro object. More... | |
| static int | start_interval (corsaro_t *corsaro, struct timeval int_start) |
| Start a new interval. More... | |
| static int | end_interval (corsaro_t *corsaro, struct timeval int_end) |
| End the current interval. More... | |
| static void | corsaro_in_free (corsaro_in_t *corsaro) |
| Cleanup and free a corsaro_in instance. More... | |
| static corsaro_in_t * | corsaro_in_init (const char *corsarouri) |
| Initialize a new corsaro_in instance. More... | |
| static int | process_packet (corsaro_t *corsaro, corsaro_packet_t *packet) |
| Process the given corsaro packet. More... | |
| static int | per_interval_start (corsaro_t *corsaro, corsaro_interval_t *interval) |
| Process an interval start record. More... | |
| static int | per_interval_end (corsaro_t *corsaro, corsaro_interval_t *interval) |
| Process an interval end record. More... | |
| static int | check_global_filename (char *fname) |
| Check if the filename is a global output file. More... | |
| static int | check_global_magic (corsaro_in_t *corsaro, corsaro_file_in_t *file) |
| Check for the global output magic number in the given file. More... | |
| static int | is_plugin_data_or_interval (corsaro_in_t *corsaro) |
| Check if the next record is plugin data or an interval. More... | |
| static int | is_trailer_or_interval (corsaro_in_t *corsaro) |
| Check if the next record is a trailer or an interval. More... | |
| static off_t | read_record (corsaro_in_t *corsaro, corsaro_in_record_type_t *record_type, corsaro_in_record_t *record) |
| Read a global file record. More... | |
| corsaro_t * | corsaro_alloc_output (char *template, corsaro_file_mode_t mode) |
| Allocate an corsaro object. More... | |
| int | corsaro_start_output (corsaro_t *corsaro) |
| Initialize an corsaro object that has already been allocated. More... | |
| void | corsaro_set_interval_alignment (corsaro_t *corsaro, corsaro_interval_align_t align) |
| Accessor function to enable/disable the alignment of the initial interval. More... | |
| void | corsaro_set_interval (corsaro_t *corsaro, unsigned int i) |
| Accessor function to set the interval length. More... | |
| void | corsaro_set_output_rotation (corsaro_t *corsaro, int intervals) |
| Accessor function to set the rotation frequency of output files. More... | |
| void | corsaro_set_meta_output_rotation (corsaro_t *corsaro, int intervals) |
| Accessor function to set the rotation frequency of meta output files. More... | |
| int | corsaro_is_rotate_interval (corsaro_t *corsaro) |
| Convenience function to determine if the output files should be rotated. More... | |
| int | corsaro_set_trace (corsaro_t *corsaro, libtrace_t *trace) |
| Accessor function to set the trace pointer. More... | |
| int | corsaro_set_traceuri (corsaro_t *corsaro, char *uri) |
| Accessor function to set the trace uri string. More... | |
| void | corsaro_disable_logfile (corsaro_t *corsaro) |
| Accessor function to disable logging to a file. More... | |
| void | corsaro_disable_globalfile (corsaro_t *corsaro) |
| Accessor function to disable the global metadata file. More... | |
| int | corsaro_enable_plugin (corsaro_t *corsaro, const char *plugin_name, const char *plugin_args) |
| Attempt to enable a plugin using the given plugin name. More... | |
| int | corsaro_get_plugin_names (char ***plugin_names) |
| Return an array of the names of plugins which are compiled into corsaro. More... | |
| void | corsaro_free_plugin_names (char **plugin_names, int plugin_cnt) |
| Free the array of plugin names returned by corsaro_get_plugin_names. More... | |
| uint64_t | corsaro_get_accepted_packets (corsaro_t *corsaro) |
| Accessor function to get the number of accepted packets in this interval. More... | |
| uint64_t | corsaro_get_dropped_packets (corsaro_t *corsaro) |
| Accessor function to get the number of dropped packets in this interval. More... | |
| const char * | corsaro_get_traceuri (corsaro_t *corsaro) |
| Accessor function to get the trace uri string. More... | |
| int | corsaro_set_monitorname (corsaro_t *corsaro, char *name) |
| Accessor function to set the monitor name. More... | |
| const char * | corsaro_get_monitorname (corsaro_t *corsaro) |
| Accessor function to get the monitor name string. More... | |
| int | corsaro_per_packet (corsaro_t *corsaro, libtrace_packet_t *ltpacket) |
| Perform corsaro processing on a given libtrace packet. More... | |
| int | corsaro_per_record (corsaro_t *corsaro, corsaro_in_record_type_t type, corsaro_in_record_t *record) |
| Perform corsaro processing on a given corsaro record. More... | |
| int | corsaro_finalize_output (corsaro_t *corsaro) |
| Write the final interval and free resources allocated by corsaro. More... | |
| corsaro_in_t * | corsaro_alloc_input (const char *corsarouri) |
| Allocate an corsaro object for reading an corsaro file. More... | |
| int | corsaro_start_input (corsaro_in_t *corsaro) |
| Initialize an corsaro input object that has already been allocated. More... | |
| corsaro_in_record_t * | corsaro_in_alloc_record (corsaro_in_t *corsaro) |
| Allocate a reusable corsaro record object. More... | |
| void | corsaro_in_free_record (corsaro_in_record_t *record) |
| Free an corsaro record object. More... | |
| off_t | corsaro_in_read_record (corsaro_in_t *corsaro, corsaro_in_record_type_t *record_type, corsaro_in_record_t *record) |
| Read the next corsaro record from the given corsaro input file. More... | |
| void * | corsaro_in_get_record_data (corsaro_in_record_t *record) |
| Get a pointer data in a record. More... | |
| int | corsaro_finalize_input (corsaro_in_t *corsaro) |
| Close the input file and free resources allocated by corsaro. More... | |
Code which implements the public functions of libcorsaro.
Definition in file corsaro.c.
|
static |
Check if the filename is a global output file.
Definition at line 638 of file corsaro.c.
References CORSARO_IO_GLOBAL_NAME.
Referenced by corsaro_start_input().
|
static |
Check for the global output magic number in the given file.
Definition at line 648 of file corsaro.c.
References corsaro_file_rpeek().
Referenced by corsaro_start_input().
| corsaro_in_t* corsaro_alloc_input | ( | const char * | corsarouri | ) |
Allocate an corsaro object for reading an corsaro file.
| corsarouri | The corsaro file uri to open |
Definition at line 1414 of file corsaro.c.
References corsaro, corsaro_in_init(), and corsaro_log_in().
Referenced by init_corsaro(), and init_flowtuple().
| corsaro_t* corsaro_alloc_output | ( | char * | template, |
| corsaro_file_mode_t | mode | ||
| ) |
Allocate an corsaro object.
| template | The string used to generate output files |
| mode | The file output mode |
The template must contain a pattern to be replaced with the plugin names (P). The output modes that make sense to use are CORSARO_FILE_MODE_ASCII and CORSARO_FILE_MODE_BINARY. Using CORSARO_FILE_MODE_TRACE will result in an error as not all plugins are expected to be able to write to generic packets
The returned object can then be used to set options (corsaro_set_*) before calling corsaro_start_output to write headers to the output files ready to process packets.
Definition at line 893 of file corsaro.c.
References corsaro, corsaro_init(), and corsaro_log().
Referenced by main().
| void corsaro_disable_globalfile | ( | corsaro_t * | corsaro | ) |
Accessor function to disable the global metadata file.
| corsaro | The corsaro to disable the global metadata file for |
This function may be called at any time, but if a metadata file is already created then it will continue to be used until a rotation interval is encountered. Normally it should be called before calling corsaro_start_output
Definition at line 1119 of file corsaro.c.
References corsaro::global_file_disabled.
Referenced by main().
| void corsaro_disable_logfile | ( | corsaro_t * | corsaro | ) |
Accessor function to disable logging to a file.
| corsaro | The corsaro to disable logging to a file for |
This function may be called at any time, but if a log file is already created then it will continue to be used until a rotation interval is encountered. Normally it should be called before calling corsaro_start_output
Definition at line 1113 of file corsaro.c.
References corsaro::logfile_disabled.
Referenced by main().
| int corsaro_enable_plugin | ( | corsaro_t * | corsaro, |
| const char * | plugin_name, | ||
| const char * | plugin_args | ||
| ) |
Attempt to enable a plugin using the given plugin name.
| corsaro | The corsaro object to enable the plugin for |
| plugin_name | The string name of the plugin to enable |
| plugin_args | The string of arguments to pass to the plugin |
Until this function is called successfully, all compiled plugins are considered enabled. Once it has been called, only the plugins explicitly enabled using this function will be used
Definition at line 1125 of file corsaro.c.
References corsaro_plugin_enable_plugin(), and corsaro::plugin_manager.
Referenced by main().
| int corsaro_finalize_input | ( | corsaro_in_t * | corsaro | ) |
Close the input file and free resources allocated by corsaro.
| corsaro | The corsaro input object to finalize |
Definition at line 1588 of file corsaro.c.
References corsaro_in_free().
Referenced by clean(), and close_flowtuple().
| int corsaro_finalize_output | ( | corsaro_t * | corsaro | ) |
Write the final interval and free resources allocated by corsaro.
| corsaro | The corsaro object to finalize |
Definition at line 1382 of file corsaro.c.
References corsaro_free(), corsaro_io_write_trailer(), corsaro_log(), end_interval(), corsaro::global_file, corsaro::interval_end_needed, corsaro::last_ts, and corsaro::started.
|
static |
Cleanup and free the given corsaro instance.
Definition at line 88 of file corsaro.c.
References corsaro_plugin::close_output, corsaro_file_close(), corsaro_log_close(), corsaro_packet_free(), corsaro_plugin_manager_free(), corsaro_plugin_next(), corsaro::global_file, corsaro::monitorname, corsaro::packet, corsaro::plugin_manager, corsaro::template, and corsaro::uridata.
Referenced by corsaro_finalize_output(), end_interval(), and start_interval().
| void corsaro_free_plugin_names | ( | char ** | plugin_names, |
| int | plugin_cnt | ||
| ) |
| uint64_t corsaro_get_accepted_packets | ( | corsaro_t * | corsaro | ) |
Accessor function to get the number of accepted packets in this interval.
| corsaro | The corsaro object to retrieve the packet count for |
This function requires that a pointer to the trace has been provided to corsaro by way of the corsaro_set_trace function.
Definition at line 1188 of file corsaro.c.
References corsaro::accepted_pkts, and corsaro::trace.
| uint64_t corsaro_get_dropped_packets | ( | corsaro_t * | corsaro | ) |
Accessor function to get the number of dropped packets in this interval.
| corsaro | The corsaro object to retrieve the packet count for |
This function requires that a pointer to the trace has been provided to corsaro by way of the corsaro_set_trace function.
Definition at line 1195 of file corsaro.c.
References corsaro::dropped_pkts, and corsaro::trace.
Referenced by smee_pkt_drops().
| const char* corsaro_get_monitorname | ( | corsaro_t * | corsaro | ) |
Accessor function to get the monitor name string.
| corsaro | The corsaro object to set the monitor name for |
Definition at line 1241 of file corsaro.c.
References corsaro::monitorname.
Referenced by corsaro_smee_init_output(), and usage().
| int corsaro_get_plugin_names | ( | char *** | plugin_names | ) |
Return an array of the names of plugins which are compiled into corsaro.
| [out] | plugin_names | A pointer to an array of plugin names |
Note that corsaro_free_plugin_names must be called to free the returned array
Definition at line 1135 of file corsaro.c.
References corsaro_plugin_manager_free(), corsaro_plugin_manager_init(), corsaro_plugin_next(), corsaro_plugin::name, and corsaro_plugin_manager::plugins_cnt.
Referenced by usage().
| const char* corsaro_get_traceuri | ( | corsaro_t * | corsaro | ) |
Accessor function to get the trace uri string.
| corsaro | The corsaro object to set the trace uri for |
Definition at line 1202 of file corsaro.c.
References corsaro::uridata.
Referenced by corsaro_smee_init_output().
| corsaro_in_record_t* corsaro_in_alloc_record | ( | corsaro_in_t * | corsaro | ) |
Allocate a reusable corsaro record object.
| corsaro | The corsaro input object to associate with the record |
Definition at line 1514 of file corsaro.c.
References corsaro_in_record::buffer, corsaro_in_record::buffer_len, corsaro, corsaro_in_record::corsaro, corsaro_in_free_record(), CORSARO_IN_RECORD_DEFAULT_BUFFER_LEN, corsaro_log_in(), record, and corsaro_in_record::type.
Referenced by init_corsaro(), and init_flowtuple().
|
static |
Cleanup and free a corsaro_in instance.
Definition at line 421 of file corsaro.c.
References corsaro_plugin::close_input, corsaro_file_rclose(), corsaro_log_in(), corsaro_plugin_manager_free(), corsaro_in::file, corsaro_in::plugin, corsaro_in::plugin_manager, corsaro_in::started, and corsaro_in::uridata.
Referenced by corsaro_finalize_input(), and corsaro_in_init().
| void corsaro_in_free_record | ( | corsaro_in_record_t * | record | ) |
Free an corsaro record object.
| record | The record object to free |
Definition at line 1542 of file corsaro.c.
References corsaro_in_record::buffer, corsaro_in_record::buffer_len, corsaro_log_file(), and corsaro_in_record::type.
Referenced by clean(), close_flowtuple(), and corsaro_in_alloc_record().
| void* corsaro_in_get_record_data | ( | corsaro_in_record_t * | record | ) |
Get a pointer data in a record.
| record | The corsaro record object to retrieve data from |
Definition at line 1583 of file corsaro.c.
References corsaro_in_record::buffer.
Referenced by corsaro_per_record(), process_corsaro(), and process_flowtuple_file().
|
static |
Initialize a new corsaro_in instance.
Definition at line 469 of file corsaro.c.
References corsaro_in_free(), CORSARO_IN_RECORD_TYPE_NULL, corsaro_log_in(), corsaro_log_in_init(), corsaro_plugin_manager_init(), corsaro_in::expected_type, malloc_zero(), corsaro_in::plugin_manager, and corsaro_in::uridata.
Referenced by corsaro_alloc_input().
| off_t corsaro_in_read_record | ( | corsaro_in_t * | corsaro, |
| corsaro_in_record_type_t * | record_type, | ||
| corsaro_in_record_t * | record | ||
| ) |
Read the next corsaro record from the given corsaro input file.
| corsaro | The corsaro input object to read from | |
| [in,out] | record_type | The type of the record to read |
| record | The generic corsaro input record pointer |
Definition at line 1562 of file corsaro.c.
References CORSARO_IN_RECORD_TYPE_NULL, corsaro_in::expected_type, corsaro_in::plugin, corsaro_plugin::read_record, and read_record().
Referenced by main(), process_corsaro(), and process_flowtuple_file().
|
static |
Initialize a new corsaro object.
Definition at line 182 of file corsaro.c.
References corsaro::accepted_pkts, corsaro::compress, corsaro::compress_level, CORSARO_FILE_COMPRESS_LEVEL_DEFAULT, corsaro_file_detect_compression(), CORSARO_INTERVAL_DEFAULT, corsaro_io_validate_template(), corsaro_log(), corsaro_packet_alloc(), corsaro_plugin_manager_init(), corsaro::dropped_pkts, gettimeofday_wrap(), corsaro::init_time, corsaro::interval, corsaro::interval_align, corsaro::interval_start, corsaro::logfile, malloc_zero(), corsaro::meta_output_rotate, corsaro::monitorname, corsaro::output_mode, corsaro::packet, corsaro::plugin_manager, populate_interval(), STR, and corsaro::template.
Referenced by corsaro_alloc_output().
| int corsaro_is_rotate_interval | ( | corsaro_t * | corsaro | ) |
Convenience function to determine if the output files should be rotated.
| corsaro | The corsaro object to check the rotation status of |
Definition at line 1041 of file corsaro.c.
References corsaro::interval_start, corsaro_interval::number, and corsaro::output_rotate.
Referenced by corsaro_dos_end_interval(), corsaro_flowtuple_end_interval(), corsaro_pcap_end_interval(), corsaro_smee_end_interval(), and is_meta_rotate_interval().
|
static |
Allocate a corsaro packet wrapper structure.
Definition at line 54 of file corsaro.c.
References corsaro_log(), and malloc_zero().
Referenced by corsaro_init().
|
static |
Free the given corsaro packet wrapper.
Definition at line 78 of file corsaro.c.
Referenced by corsaro_free().
|
inlinestatic |
Reset the state for a the given corsaro packet wrapper.
Definition at line 68 of file corsaro.c.
References corsaro_packet::state.
Referenced by corsaro_per_packet().
| int corsaro_per_packet | ( | corsaro_t * | corsaro, |
| libtrace_packet_t * | packet | ||
| ) |
Perform corsaro processing on a given libtrace packet.
| corsaro | The corsaro object used to process the packet |
| packet | The libtrace packet to process |
For each packet, corsaro will determine whether it falls within the current interval, if not, it will write out data for the previous interval. The packet is then handed to each plugin which processes it and updates internal state.
Definition at line 1246 of file corsaro.c.
References corsaro_log(), corsaro_packet_state_reset(), end_interval(), corsaro::first_ts, corsaro::interval, corsaro::interval_align, corsaro::interval_end_needed, corsaro::interval_start, corsaro::last_ts, corsaro_packet::ltpacket, corsaro::next_report, corsaro_interval::number, corsaro::packet, corsaro::packet_cnt, process_packet(), start_interval(), and corsaro::started.
Referenced by process_trace().
| int corsaro_per_record | ( | corsaro_t * | corsaro, |
| corsaro_in_record_type_t | type, | ||
| corsaro_in_record_t * | record | ||
| ) |
Perform corsaro processing on a given corsaro record.
| corsaro | The corsaro object used to process the packet |
| type | The type of the record |
| record | The record to process |
For each record, corsaro will simply hand it to each plugin which can process it and updates internal state.
Definition at line 1327 of file corsaro.c.
References corsaro_in_get_record_data(), CORSARO_IN_RECORD_TYPE_FLOWTUPLE_CLASS_END, CORSARO_IN_RECORD_TYPE_FLOWTUPLE_CLASS_START, CORSARO_IN_RECORD_TYPE_FLOWTUPLE_FLOWTUPLE, CORSARO_IN_RECORD_TYPE_IO_INTERVAL_END, CORSARO_IN_RECORD_TYPE_IO_INTERVAL_START, interval, per_interval_end(), and per_interval_start().
Referenced by process_corsaro().
| void corsaro_set_interval | ( | corsaro_t * | corsaro, |
| unsigned int | interval | ||
| ) |
Accessor function to set the interval length.
| corsaro | The corsaro object to set the interval for |
| interval | The interval (in seconds) |
If this function is not called, the default interval, CORSARO_INTERVAL_DEFAULT, will be used.
Definition at line 988 of file corsaro.c.
References corsaro_log(), corsaro::interval, and corsaro::started.
Referenced by main().
| void corsaro_set_interval_alignment | ( | corsaro_t * | corsaro, |
| corsaro_interval_align_t | interval_align | ||
| ) |
Accessor function to enable/disable the alignment of the initial interval.
| corsaro | The corsaro object to set the interval for |
| interval_align | Enable or disable the alignment of interval end times |
The end time of the first interval will be rounded down to the nearest integer multiple of the interval length. Interval rounding makes the most sense when the interval length is evenly divisible into 1 hour. The default is no interval alignment.
Definition at line 975 of file corsaro.c.
References corsaro_log(), corsaro::interval_align, and corsaro::started.
Referenced by main().
| void corsaro_set_meta_output_rotation | ( | corsaro_t * | corsaro, |
| int | intervals | ||
| ) |
Accessor function to set the rotation frequency of meta output files.
| corsaro | The corsaro object to set the interval for |
| intervals | The number of intervals after which the output files will be rotated |
If this is set to > 0, corsaro meta output files (global and log) will be rotated at the end of n intervals. The default is to follow the output rotation interval specified by corsaro_set_output_rotation.
Definition at line 1027 of file corsaro.c.
References corsaro_log(), corsaro::meta_output_rotate, and corsaro::started.
Referenced by main().
| int corsaro_set_monitorname | ( | corsaro_t * | corsaro, |
| char * | name | ||
| ) |
Accessor function to set the monitor name.
| corsaro | The corsaro object to set the monitor name for |
| name | The string to set as the monitor name |
If it is not set, the value defined at compile time is used. This is either the hostname of the machine it was compiled on, or a value passed to configure using –with-monitorname
Definition at line 1207 of file corsaro.c.
References corsaro_log(), corsaro::monitorname, and corsaro::started.
Referenced by main().
| void corsaro_set_output_rotation | ( | corsaro_t * | corsaro, |
| int | intervals | ||
| ) |
Accessor function to set the rotation frequency of output files.
| corsaro | The corsaro object to set the interval for |
| intervals | The number of intervals after which the output files will be rotated |
If this is set to > 0, all output files will be rotated at the end of n intervals. The default is 0 (no rotation).
Definition at line 1000 of file corsaro.c.
References corsaro_io_template_has_timestamp(), corsaro_log(), corsaro::output_rotate, and corsaro::started.
Referenced by main().
| int corsaro_set_trace | ( | corsaro_t * | corsaro, |
| libtrace_t * | trace | ||
| ) |
Accessor function to set the trace pointer.
| corsaro | The corsaro object to set the trace uri for |
| trace | A libtrace trace pointer for the current trace |
The trace pointer is used by corsaro to report trace statistics such as dropped and accepted packet counts. This is not required.
Definition at line 1059 of file corsaro.c.
References corsaro::accepted_pkts, corsaro_log(), corsaro::dropped_pkts, trace, and corsaro::trace.
Referenced by process_trace().
| int corsaro_set_traceuri | ( | corsaro_t * | corsaro, |
| char * | traceuri | ||
| ) |
Accessor function to set the trace uri string.
| corsaro | The corsaro object to set the trace uri for |
| traceuri | The string to set as the trace uri |
The trace uri is not used internally by corsaro, this can be any user-defined string which is stored in the corsaro header in output files. If it is not set, no uri is written to the output.
Definition at line 1081 of file corsaro.c.
References corsaro_log(), corsaro::started, and corsaro::uridata.
Referenced by main().
| int corsaro_start_input | ( | corsaro_in_t * | corsaro | ) |
Initialize an corsaro input object that has already been allocated.
| corsaro | The corsaro input object to start |
Definition at line 1428 of file corsaro.c.
References check_global_filename(), check_global_magic(), corsaro_file_ropen(), CORSARO_IN_RECORD_TYPE_IO_HEADER, corsaro_log_in(), corsaro_plugin_next(), corsaro_in::expected_type, corsaro_in::file, corsaro_plugin::init_input, corsaro_plugin::name, corsaro_in::plugin, corsaro_in::plugin_manager, corsaro_plugin::probe_filename, corsaro_plugin::probe_magic, corsaro_in::started, and corsaro_in::uridata.
Referenced by init_corsaro(), and init_flowtuple().
| int corsaro_start_output | ( | corsaro_t * | corsaro | ) |
Initialize an corsaro object that has already been allocated.
| corsaro | The corsaro object to start |
It is only when this function is called that the plugins will parse their arguments and initialize any state (open files etc).
Definition at line 917 of file corsaro.c.
References corsaro_io_template_has_timestamp(), corsaro_log(), corsaro_log_init(), corsaro_plugin_manager_start(), corsaro_plugin_next(), corsaro_plugin::init_output, corsaro::logfile, corsaro::logfile_disabled, corsaro::plugin_manager, and corsaro::started.
Referenced by main().
|
static |
End the current interval.
Definition at line 342 of file corsaro.c.
References corsaro::accepted_pkts, corsaro_file_close(), corsaro_free(), corsaro_io_write_interval_end(), corsaro_io_write_interval_start(), corsaro_io_write_trailer(), corsaro_log(), corsaro_log_close(), corsaro_plugin_next(), corsaro::dropped_pkts, corsaro_plugin::end_interval, corsaro::global_file, corsaro::interval_end_needed, corsaro::interval_start, is_meta_rotate_interval(), corsaro::logfile, corsaro_plugin::name, corsaro_interval::number, corsaro::plugin_manager, populate_interval(), corsaro_interval::time, and corsaro::trace.
Referenced by corsaro_finalize_output(), corsaro_per_packet(), and per_interval_end().
|
static |
Check if the meta output files should be rotated.
Definition at line 161 of file corsaro.c.
References corsaro_is_rotate_interval(), corsaro::interval_start, corsaro::meta_output_rotate, and corsaro_interval::number.
Referenced by end_interval().
|
static |
Check if the next record is plugin data or an interval.
Definition at line 672 of file corsaro.c.
References corsaro_file_rpeek(), corsaro_log_in(), and corsaro_in::file.
Referenced by read_record().
|
static |
Check if the next record is a trailer or an interval.
Definition at line 708 of file corsaro.c.
References corsaro_file_rpeek(), corsaro_log_in(), and corsaro_in::file.
Referenced by read_record().
|
static |
Process an interval end record.
Definition at line 620 of file corsaro.c.
References corsaro_log(), end_interval(), corsaro::interval_start, corsaro::last_ts, corsaro_interval::number, and corsaro_interval::time.
Referenced by corsaro_per_record().
|
static |
Process an interval start record.
Definition at line 596 of file corsaro.c.
References corsaro_log(), corsaro::first_ts, corsaro::interval_start, corsaro_interval::number, corsaro::packet_cnt, start_interval(), and corsaro_interval::time.
Referenced by corsaro_per_record().
|
inlinestatic |
Fill the given interval object with the default values.
Definition at line 150 of file corsaro.c.
References CORSARO_MAGIC, corsaro_interval::corsaro_magic, CORSARO_MAGIC_INTERVAL, corsaro_interval::magic, corsaro_interval::number, and corsaro_interval::time.
Referenced by corsaro_init(), and end_interval().
|
inlinestatic |
Process the given corsaro packet.
Definition at line 515 of file corsaro.c.
References corsaro_log(), corsaro_plugin_next(), corsaro_plugin::name, corsaro::plugin_manager, and corsaro_plugin::process_packet.
Referenced by corsaro_per_packet().
|
static |
Read a global file record.
Definition at line 743 of file corsaro.c.
References corsaro_in_record::buffer, CORSARO_IN_RECORD_TYPE_INTERNAL_REDIRECT, CORSARO_IN_RECORD_TYPE_IO_HEADER, CORSARO_IN_RECORD_TYPE_IO_INTERVAL_END, CORSARO_IN_RECORD_TYPE_IO_INTERVAL_START, CORSARO_IN_RECORD_TYPE_IO_PLUGIN_END, CORSARO_IN_RECORD_TYPE_IO_PLUGIN_START, CORSARO_IN_RECORD_TYPE_IO_TRAILER, CORSARO_IN_RECORD_TYPE_NULL, corsaro_io_read_header(), corsaro_io_read_interval_end(), corsaro_io_read_interval_start(), corsaro_io_read_plugin_end(), corsaro_io_read_plugin_start(), corsaro_io_read_trailer(), corsaro_log_in(), corsaro_plugin_get_by_magic(), corsaro_in::expected_type, corsaro_in::file, is_plugin_data_or_interval(), is_trailer_or_interval(), corsaro_in::plugin, corsaro_in::plugin_manager, and corsaro_plugin::read_global_data_record.
Referenced by corsaro_in_read_record().
|
static |
Start a new interval.
Definition at line 271 of file corsaro.c.
References corsaro_free(), CORSARO_IO_GLOBAL_NAME, corsaro_io_prepare_file(), corsaro_io_write_header(), corsaro_log(), corsaro_log_init(), corsaro_plugin_next(), corsaro::global_file, corsaro::global_file_disabled, corsaro::interval_start, corsaro::logfile, corsaro::logfile_disabled, corsaro_plugin::name, corsaro_interval::number, corsaro::plugin_manager, corsaro_plugin::start_interval, and corsaro_interval::time.
Referenced by corsaro_per_packet(), and per_interval_start().
![[CAIDA - Center for Applied Internet Data Analysis logo]](https://www.caida.org/images/caida_globe_faded.png)
![[CAIDA]](https://www.caida.org/images/caida_whitewords.png "Go to CAIDA home page"){kind=small}