41 #ifdef WITH_PLUGIN_SIXT
60 corsaro_log(__func__, corsaro,
"could not malloc corsaro_packet");
70 assert(packet != NULL);
129 if(corsaro->
packet != NULL)
156 interval->
number = number;
157 interval->
time = time;
163 assert(corsaro != NULL);
188 corsaro_log(__func__, NULL,
"could not malloc corsaro_t");
205 corsaro_log(__func__, e,
"invalid template %s",
template);
208 if((e->
template = strdup(
template)) == NULL)
211 "could not duplicate template string (no memory?)");
227 corsaro_log(__func__, e,
"could not create corsaro packet");
237 corsaro_log(__func__, e,
"could not initialize plugin manager");
290 __func__, corsaro,
"now logging to file"
299 corsaro_log(__func__, corsaro,
"could not initialize log file");
313 corsaro_log(__func__, corsaro,
"could not open global output file");
321 corsaro_log(__func__, corsaro,
"could not write global headers");
333 corsaro_log(__func__, corsaro,
"%s failed to start interval at %ld",
334 tmp->
name, int_start.tv_sec);
357 "could not write global interval start headers at %ld",
366 corsaro_log(__func__, corsaro,
"%s failed to end interval at %ld",
367 tmp->
name, int_end.tv_sec);
377 "could not write global interval end headers at %ld",
392 "could not write global trailers");
401 if(corsaro->
trace != NULL)
428 "WARNING: corsaro_in_free called on NULL object; "
429 "this could indicate a double-free");
438 if(corsaro->
plugin != NULL)
457 if(corsaro->
file != NULL)
460 corsaro->
file = NULL;
479 if((e->
uridata = strdup(corsarouri)) == NULL)
482 "could not duplicate uri string (no memory?)");
522 corsaro_log(__func__, corsaro,
"%s failed to process packet",
530 #ifdef WITH_PLUGIN_SIXT
540 if(tmp->process_flowtuple != NULL &&
541 tmp->process_flowtuple(corsaro, tuple, &corsaro->
packet->
state) < 0)
543 corsaro_log(__func__, corsaro,
"%s failed to process flowtuple",
549 corsaro->
packet_cnt += ntohl(tuple->packet_cnt);
555 static int per_flowtuple_class_start(
corsaro_t *corsaro,
556 corsaro_flowtuple_class_start_t *
class)
561 if(tmp->process_flowtuple_class_start != NULL &&
562 tmp->process_flowtuple_class_start(corsaro,
class) < 0)
565 "%s failed to process flowtuple class start",
575 static int per_flowtuple_class_end(
corsaro_t *corsaro,
576 corsaro_flowtuple_class_end_t *
class)
581 if(tmp->process_flowtuple_class_end != NULL &&
582 tmp->process_flowtuple_class_end(corsaro,
class) < 0)
585 "%s failed to process flowtuple class end",
601 ts.tv_sec = interval->
time;
612 corsaro_log(__func__, corsaro,
"could not start interval at %ld",
624 ts.tv_sec = interval->
time;
629 corsaro_log(__func__, corsaro,
"could not end interval at %ld",
664 if(strncmp(&buffer[0],
"EDGRHEAD", 8) == 0)
684 "invalid corsaro global file");
692 if(strncmp(buffer,
"EDGRDATA", 8) == 0)
696 else if(strncmp(buffer,
"EDGRINTR", 8) == 0)
720 "invalid corsaro global file");
728 if(strncmp(buffer,
"EDGRFOOT", 8) == 0)
732 else if(strncmp(buffer,
"EDGRINTR", 8) == 0)
747 off_t bytes_read = -1;
766 record_type, record);
788 record_type, record);
798 corsaro_log_in(__func__, corsaro,
"invalid plugin magic detected");
800 "necessary plugins?");
812 "failed to read plugin data start");
819 assert(corsaro->
plugin != NULL);
831 record_type, record);
854 record_type, record);
885 corsaro_log_in(__func__, corsaro,
"invalid expected record type");
898 if(
template == NULL || strcmp(
template,
"-") == 0)
900 corsaro_log(__func__, NULL,
"writing to stdout not supported");
907 corsaro_log(__func__, NULL,
"could not initialize corsaro object");
921 assert(corsaro != NULL);
928 assert(corsaro->
logfile == NULL);
933 __func__, corsaro,
"now logging to file"
949 corsaro_log(__func__, corsaro,
"could not start plugin manager");
978 assert(corsaro != NULL);
982 corsaro_log(__func__, corsaro,
"setting interval alignment to %d",
990 assert(corsaro != NULL);
994 corsaro_log(__func__, corsaro,
"setting interval length to %d",
1003 assert(corsaro != NULL);
1005 assert(corsaro->
started == 0);
1008 "setting output rotation after %d interval(s)",
1017 fprintf(stderr,
"WARNING: using output rotation without any timestamp "
1018 "specifiers in the template.\n");
1020 "WARNING: output files will be overwritten upon rotation\n");
1030 assert(corsaro != NULL);
1032 assert(corsaro->
started == 0);
1035 "setting meta output rotation after %d intervals(s)",
1043 assert(corsaro != NULL);
1061 assert(corsaro != NULL);
1064 if(corsaro->
trace != NULL)
1066 corsaro_log(__func__, corsaro,
"updating trace pointer");
1070 corsaro_log(__func__, corsaro,
"setting trace pointer");
1083 assert(corsaro != NULL);
1088 "trace uri can only be set before "
1089 "corsaro_start_output is called");
1095 corsaro_log(__func__, corsaro,
"updating trace uri from %s to %s",
1100 corsaro_log(__func__, corsaro,
"setting trace uri to %s",
1104 if((corsaro->
uridata = strdup(uri)) == NULL)
1107 "could not duplicate uri string (no memory?)");
1115 assert(corsaro != NULL);
1121 assert(corsaro != NULL);
1126 const char *plugin_args)
1128 assert(corsaro != NULL);
1144 char **names = NULL;
1153 if((names = malloc(
sizeof(
char *) * tmp_manager->
plugins_cnt)) == NULL)
1160 names[i] = strndup(tmp->
name, strlen(tmp->
name));
1166 *plugin_names = names;
1173 if(plugin_names == NULL)
1177 for(i = 0; i < plugin_cnt; i++)
1179 if(plugin_names[i] != NULL)
1181 free(plugin_names[i]);
1183 plugin_names[i] = NULL;
1209 assert(corsaro != NULL);
1214 "monitor name can only be set before "
1215 "corsaro_start_output is called");
1222 "updating monitor name from %s to %s",
1227 corsaro_log(__func__, corsaro,
"setting monitor name to %s",
1234 "could not duplicate monitor name string (no memory?)");
1249 struct timeval report;
1251 assert(corsaro != NULL);
1252 assert(corsaro->
started == 1 &&
"corsaro_start_output must be called before"
1253 "packets can be processed");
1262 corsaro->
last_ts = ts = trace_get_timeval(ltpacket);
1273 corsaro_log(__func__, corsaro,
"could not start interval at %ld",
1300 corsaro_log(__func__, corsaro,
"could not end interval at %ld",
1312 corsaro_log(__func__, corsaro,
"could not start interval at %ld",
1333 #ifdef WITH_PLUGIN_SIXT
1334 corsaro_flowtuple_t *flowtuple = NULL;
1335 corsaro_flowtuple_class_start_t *class_start = NULL;
1336 corsaro_flowtuple_class_end_t *class_end = NULL;
1355 #ifdef WITH_PLUGIN_SIXT
1358 flowtuple = (corsaro_flowtuple_t *)
1361 return per_flowtuple(corsaro, flowtuple);
1365 class_start = (corsaro_flowtuple_class_start_t *)
1368 return per_flowtuple_class_start(corsaro, class_start);
1372 class_end = (corsaro_flowtuple_class_end_t *)
1375 return per_flowtuple_class_end(corsaro, class_end);
1393 corsaro_log(__func__, corsaro,
"could not end interval at %ld",
1402 "could not write global trailers");
1421 corsaro_log_in(__func__, NULL,
"could not initialize corsaro_in object");
1432 assert(corsaro != NULL);
1433 assert(corsaro->
started == 0);
1434 assert(corsaro->
plugin == NULL);
1439 corsaro_log_in(__func__, corsaro,
"could not open input file %s",
1454 "%s plugin selected to read %s (using file name)",
1463 while(corsaro->
plugin == NULL &&
1469 "%s plugin selected to read %s (using magic)",
1476 if(corsaro->
plugin == NULL)
1483 "unable to find plugin to decode %s\n"
1484 " - is this a corsaro file?\n"
1485 " - is corsaro compiled with all needed plugins?",
1494 corsaro_log_in(__func__, corsaro,
"corsaro_global selected to read %s",
1520 corsaro_log_in(__func__, corsaro,
"could not malloc corsaro_in_record_t");
1527 if((record->
buffer = malloc(
sizeof(uint8_t)*
1530 corsaro_log_in(__func__, corsaro,
"could not malloc record buffer");
1546 corsaro_log_file(__func__, NULL,
"possible double free of record pointer");
1550 if(record->
buffer != NULL)
1569 if(corsaro->
plugin != NULL
Structure representing the start or end of an interval.
The start of a plugin data section.
An opaque structure defining an corsaro input file.
void corsaro_in_free_record(corsaro_in_record_t *record)
Free an corsaro record object.
corsaro_plugin_t * plugin
Pointer to the plugin to be used to read this file.
int corsaro_finalize_output(corsaro_t *corsaro)
Write the final interval and free resources allocated by corsaro.
void corsaro_disable_globalfile(corsaro_t *corsaro)
Accessor function to disable the global metadata file.
int corsaro_per_record(corsaro_t *corsaro, corsaro_in_record_type_t type, corsaro_in_record_t *record)
Perform corsaro processing on a given corsaro record.
int interval
The number of seconds after which plugins will be asked to dump data.
off_t corsaro_io_read_plugin_start(corsaro_in_t *corsaro, corsaro_file_in_t *file, corsaro_in_record_type_t *record_type, corsaro_in_record_t *record)
Read the appropriate plugin header from the file.
const char * name
The name of this plugin used in the ascii output and eventually to allow plugins to be enabled and di...
int compress_level
The compression level (ignored if not compressing)
corsaro_in_t * corsaro_alloc_input(const char *corsarouri)
Allocate an corsaro object for reading an corsaro file.
static int per_interval_start(corsaro_t *corsaro, corsaro_interval_t *interval)
Process an interval start record.
uint64_t dropped_pkts
The total number of packets that have been dropped by libtrace (before the current interval) ...
int corsaro_get_plugin_names(char ***plugin_names)
Return an array of the names of plugins which are compiled into corsaro.
Header file dealing with the corsaro logging sub-system.
Structure representing the start or end of a plugin data block.
const char * corsaro_get_monitorname(corsaro_t *corsaro)
Accessor function to get the monitor name string.
uint64_t packet_cnt
The total number of packets that have been processed.
static void corsaro_free(corsaro_t *corsaro)
Cleanup and free the given corsaro instance.
#define CORSARO_FILE_COMPRESS_LEVEL_DEFAULT
The default compression level.
struct timeval init_time
The local wall time that corsaro was started at.
A reusable opaque structure for corsaro to read an input record into.
int interval_end_needed
Whether there are un-dumped packets in the current interval.
corsaro_interval_align_t interval_align
The first interval end will be rounded down to the nearest integer multiple of the interval length if...
corsaro_file_mode_t output_mode
The default output mode for new files.
void corsaro_free_plugin_names(char **plugin_names, int plugin_cnt)
Free the array of plugin names returned by corsaro_get_plugin_names.
static int end_interval(corsaro_t *corsaro, struct timeval int_end)
End the current interval.
corsaro_plugin_manager_t * plugin_manager
A pointer to the corsaro plugin manager state.
int(* close_input)(struct corsaro_in *corsaro)
Concludes an input file and cleans up the plugin data.
int corsaro_start_output(corsaro_t *corsaro)
Initialize an corsaro object that has already been allocated.
static int check_global_filename(char *fname)
Check if the filename is a global output file.
size_t buffer_len
The length of the buffer.
int(* close_output)(struct corsaro *corsaro)
Concludes an output file and cleans up the plugin data.
int started
Has this corsaro_in object been started yet?
uint32_t magic
The interval magic number.
int corsaro_plugin_enable_plugin(corsaro_plugin_manager_t *manager, const char *plugin_name, const char *plugin_args)
Attempt to enable a plugin by its name.
off_t corsaro_io_read_plugin_end(corsaro_in_t *corsaro, corsaro_file_in_t *file, corsaro_in_record_type_t *record_type, corsaro_in_record_t *record)
Read the appropriate plugin trailer from the file.
#define CORSARO_IN_RECORD_DEFAULT_BUFFER_LEN
The initial buffer size in the record object.
off_t corsaro_io_read_trailer(corsaro_in_t *corsaro, corsaro_file_in_t *file, corsaro_in_record_type_t *record_type, corsaro_in_record_t *record)
Read the corsaro trailers from the file.
int corsaro_set_trace(corsaro_t *corsaro, libtrace_t *trace)
Accessor function to set the trace pointer.
uint64_t accepted_pkts
The total number of packets that have been accepted by libtrace (before the current interval) ...
corsaro_plugin_t * corsaro_plugin_next(corsaro_plugin_manager_t *manager, corsaro_plugin_t *plugin)
Retrieve the next plugin in the list.
corsaro_packet_t * packet
A pointer to the wrapper packet passed to the plugins.
off_t corsaro_file_rpeek(corsaro_file_in_t *file, void *buffer, off_t len)
Reads from an corsaro input file into the provided buffer, but does not update the read pointer...
uint16_t plugins_cnt
The number of active plugins.
void corsaro_file_close(struct corsaro *corsaro, corsaro_file_t *file)
Closes an corsaro output file and frees the writer structure.
uint32_t corsaro_magic
The global corsaro magic number.
struct timeval last_ts
The time of the most recent packet seen by corsaro.
Header file which exports corsaro_flowtuple plugin API.
libtrace_packet_t * ltpacket
A pointer to the underlying libtrace packet.
static libtrace_packet_t * packet
A pointer to a libtrace packet.
corsaro_plugin_t * corsaro_plugin_get_by_magic(corsaro_plugin_manager_t *manager, uint32_t id)
Attempt to retrieve a plugin by magic number (not by using magic)
uint16_t number
The interval number (starts at 0)
int corsaro_finalize_input(corsaro_in_t *corsaro)
Close the input file and free resources allocated by corsaro.
static int check_global_magic(corsaro_in_t *corsaro, corsaro_file_in_t *file)
Check for the global output magic number in the given file.
Header file for common utility functions.
A lightweight wrapper around a libtrace packet.
corsaro_plugin_manager_t * plugin_manager
A pointer to the corsaro plugin manager state.
void corsaro_plugin_manager_free(corsaro_plugin_manager_t *manager)
Free the plugin manager and all in-use plugins.
int logfile_disabled
Has the user asked us not to log to a file?
Holds the metadata for the plugin manager.
void corsaro_log_close(corsaro_t *corsaro)
Close the log file for an corsaro output object.
Overall corsaro magic number - "EDGR".
Structure representing a corsaro file trailer.
corsaro_file_t * corsaro_io_prepare_file(corsaro_t *corsaro, const char *plugin_name, corsaro_interval_t *interval)
Uses the current settings to open an corsaro file for the given plugin.
off_t corsaro_io_read_interval_end(corsaro_in_t *corsaro, corsaro_file_in_t *file, corsaro_in_record_type_t *record_type, corsaro_in_record_t *record)
Read the appropriate interval trailers from the file.
int corsaro_plugin_manager_start(corsaro_plugin_manager_t *manager)
Start the plugin manager.
corsaro_in_record_type_t expected_type
The next expected record type when reading the corsaro_global file.
enum corsaro_interval_align corsaro_interval_align_t
Settings for interval alignment.
The corsaro_flowtuple flowtuple record.
void corsaro_file_rclose(corsaro_file_in_t *file)
Closes an corsaro input file and frees the reader structure.
void corsaro_set_output_rotation(corsaro_t *corsaro, int intervals)
Accessor function to set the rotation frequency of output files.
off_t corsaro_io_write_interval_end(corsaro_t *corsaro, corsaro_file_t *file, corsaro_interval_t *int_end)
Write the appropriate interval trailers to the file.
#define STR(a)
Stringify a macro value.
int corsaro_start_input(corsaro_in_t *corsaro)
Initialize an corsaro input object that has already been allocated.
uint64_t corsaro_get_accepted_packets(corsaro_t *corsaro)
Accessor function to get the number of accepted packets in this interval.
void * malloc_zero(const size_t size)
Allocate memory and set it to zero.
static corsaro_in_t * corsaro_in_init(const char *corsarouri)
Initialize a new corsaro_in instance.
Header file dealing with the low-level file IO.
off_t corsaro_io_write_header(corsaro_t *corsaro, corsaro_file_t *file, corsaro_header_t *header)
Write the corsaro headers to the file.
static int interval
The amount of time to wait until we dump the hash.
static int start_interval(corsaro_t *corsaro, struct timeval int_start)
Start a new interval.
int(* init_output)(struct corsaro *corsaro)
Initialises an output file using the plugin.
static corsaro_in_record_t * record
A pointer to a corsaro record.
void corsaro_log_in(const char *func, corsaro_in_t *corsaro, const char *format,...)
Write a formatted string to the logfile associated with an corsaro input object.
int meta_output_rotate
The meta output files will be rotated after n intervals if >=0 a value of 0 indicates no rotation...
off_t corsaro_io_read_interval_start(corsaro_in_t *corsaro, corsaro_file_in_t *file, corsaro_in_record_type_t *record_type, corsaro_in_record_t *record)
Read the appropriate interval headers from the file.
int corsaro_io_template_has_timestamp(corsaro_t *corsaro)
Determines whether there are any time-related patterns in the file template.
The overall corsaro trailer (currently only in global)
int corsaro_is_rotate_interval(corsaro_t *corsaro)
Convenience function to determine if the output files should be rotated.
corsaro_plugin_manager_t * corsaro_plugin_manager_init()
Initialize the plugin manager and all in-use plugins.
int(* probe_filename)(const char *fname)
Given a filename, return if this is the most likely plugin.
int corsaro_log_init(corsaro_t *corsaro)
Initialize the logging sub-system for an corsaro output object.
int corsaro_io_validate_template(corsaro_t *corsaro, char *template)
Validates a output file template for needed features.
The corsaro_flowtuple flowtuple classification type end record.
static corsaro_t * corsaro
A pointer to the instance of corsaro that we will drive.
corsaro_packet_state_t state
The corsaro state associated with this packet.
static libtrace_t * trace
A pointer to a libtrace object.
corsaro_in_record_t * corsaro_in_alloc_record(corsaro_in_t *corsaro)
Allocate a reusable corsaro record object.
int(* start_interval)(struct corsaro *corsaro, struct corsaro_interval *int_start)
Starts a new interval.
#define CORSARO_INTERVAL_DEFAULT
The interval after which we will end an interval.
int corsaro_per_packet(corsaro_t *corsaro, libtrace_packet_t *ltpacket)
Perform corsaro processing on a given libtrace packet.
uint8_t * buffer
The buffer to read the record into.
int output_rotate
The output files will be rotated after n intervals if >0.
corsaro_interval_t interval_start
State for the current interval.
corsaro interval magic number - "INTR"
int global_file_disabled
Has the user asked us not to create a global output file?
void corsaro_log_file(const char *func, corsaro_file_t *logfile, const char *format,...)
Write a formatted string to a generic log file.
uint32_t time
The time this interval started/ended.
int(* end_interval)(struct corsaro *corsaro, struct corsaro_interval *int_end)
Ends an interval.
char * monitorname
The name of the monitor that corsaro is running on.
void corsaro_set_interval_alignment(corsaro_t *corsaro, corsaro_interval_align_t align)
Accessor function to enable/disable the alignment of the initial interval.
The end of a plugin data section.
The corsaro_flowtuple flowtuple classification type start record.
int corsaro_set_monitorname(corsaro_t *corsaro, char *name)
Accessor function to set the monitor name.
The start of an interval.
The overall corsaro header (currently only in global)
char * uridata
The uri that was used to open the trace file.
char * uridata
The uri of the file to read data from.
const char * corsaro_get_traceuri(corsaro_t *corsaro)
Accessor function to get the trace uri string.
int(* process_packet)(struct corsaro *corsaro, struct corsaro_packet *packet)
Process a packet.
corsaro_file_compress_t compress
The compression type (based on the file name)
Corsaro state for a packet.
static off_t read_record(corsaro_in_t *corsaro, corsaro_in_record_type_t *record_type, corsaro_in_record_t *record)
Read a global file record.
Header file dealing with the corsaro file IO.
corsaro_in_t * corsaro
The corsaro input object the record is associated with.
off_t(* read_global_data_record)(struct corsaro_in *corsaro, enum corsaro_in_record_type *record_type, struct corsaro_in_record *record)
Reads a plugin global data block from an input file.
static void corsaro_packet_state_reset(corsaro_packet_t *packet)
Reset the state for a the given corsaro packet wrapper.
static int is_trailer_or_interval(corsaro_in_t *corsaro)
Check if the next record is a trailer or an interval.
static int per_interval_end(corsaro_t *corsaro, corsaro_interval_t *interval)
Process an interval end record.
corsaro_t * corsaro_alloc_output(char *template, corsaro_file_mode_t mode)
Allocate an corsaro object.
struct timeval first_ts
The time of the the first packet seen by corsaro.
The null type used for wildcard matching.
void * corsaro_in_get_record_data(corsaro_in_record_t *record)
Get a pointer data in a record.
Internal type for directing read requests.
#define CORSARO_IO_GLOBAL_NAME
The name to use for the global 'plugin' file.
static int process_packet(corsaro_t *corsaro, corsaro_packet_t *packet)
Process the given corsaro packet.
void corsaro_set_interval(corsaro_t *corsaro, unsigned int i)
Accessor function to set the interval length.
corsaro_file_t * logfile
The file to write log output to.
void gettimeofday_wrap(struct timeval *tv)
Convenience function to get the current time of day.
uint64_t corsaro_get_dropped_packets(corsaro_t *corsaro)
Accessor function to get the number of dropped packets in this interval.
corsaro_file_t * global_file
The corsaro output file to write global output to.
int(* init_input)(struct corsaro_in *corsaro)
Initialises an input file using the plugin.
corsaro_file_compress_t corsaro_file_detect_compression(char *filename)
Attempts to detect the type of compression for a file based on the suffix.
libtrace_t * trace
The libtrace trace pointer for the trace that we are being fed.
int corsaro_log_in_init(corsaro_in_t *corsaro)
Initialize the logging sub-system for an corsaro input object.
corsaro_in_record_type_t type
The type of the record currently in the buffer.
corsaro_file_in_t * corsaro_file_ropen(const char *filename)
Creates a new corsaro file reader and opens the provided file for reading.
int corsaro_enable_plugin(corsaro_t *corsaro, const char *plugin_name, const char *plugin_args)
Attempt to enable a plugin using the given plugin name.
int started
Has this corsaro object been started yet?
off_t corsaro_io_write_trailer(corsaro_t *corsaro, corsaro_file_t *file, corsaro_trailer_t *trailer)
Write the corsaro trailers to the file.
off_t corsaro_io_write_interval_start(corsaro_t *corsaro, corsaro_file_t *file, corsaro_interval_t *int_start)
Write the appropriate interval headers to the file.
int corsaro_set_traceuri(corsaro_t *corsaro, char *uri)
Accessor function to set the trace uri string.
void corsaro_log(const char *func, corsaro_t *corsaro, const char *format,...)
Write a formatted string to the logfile associated with an corsaro object.
static void populate_interval(corsaro_interval_t *interval, uint32_t number, uint32_t time)
Fill the given interval object with the default values.
enum corsaro_file_mode corsaro_file_mode_t
Enum of supported file modes.
static void corsaro_in_free(corsaro_in_t *corsaro)
Cleanup and free a corsaro_in instance.
off_t corsaro_in_read_record(corsaro_in_t *corsaro, corsaro_in_record_type_t *record_type, corsaro_in_record_t *record)
Read the next corsaro record from the given corsaro input file.
char * template
The template used to create corsaro output files.
static int is_plugin_data_or_interval(corsaro_in_t *corsaro)
Check if the next record is plugin data or an interval.
void corsaro_set_meta_output_rotation(corsaro_t *corsaro, int intervals)
Accessor function to set the rotation frequency of meta output files.
static void corsaro_packet_free(corsaro_packet_t *packet)
Free the given corsaro packet wrapper.
off_t corsaro_io_read_header(corsaro_in_t *corsaro, corsaro_file_in_t *file, corsaro_in_record_type_t *record_type, corsaro_in_record_t *record)
Read an corsaro header from the file.
static int is_meta_rotate_interval(corsaro_t *corsaro)
Check if the meta output files should be rotated.
enum corsaro_in_record_type corsaro_in_record_type_t
Corsaro input record types.
static corsaro_t * corsaro_init(char *template, corsaro_file_mode_t mode)
Initialize a new corsaro object.
uint32_t next_report
The time that this interval will be dumped at.
An corsaro packet processing plugin.
static corsaro_packet_t * corsaro_packet_alloc(corsaro_t *corsaro)
Allocate a corsaro packet wrapper structure.
int(* probe_magic)(struct corsaro_in *corsaro, corsaro_file_in_t *file)
Given a file, looks at next 4 bytes to determine if this is the right plugin.
off_t(* read_record)(struct corsaro_in *corsaro, enum corsaro_in_record_type *record_type, struct corsaro_in_record *record)
Reads the next block of plugin data from an input file.
void corsaro_disable_logfile(corsaro_t *corsaro)
Accessor function to disable logging to a file.
corsaro_file_in_t * file
The corsaro input file to read data from.
Header file dealing with the internal corsaro functions.
![[CAIDA - Center for Applied Internet Data Analysis logo]](https://www.caida.org/images/caida_globe_faded.png)
![[CAIDA]](https://www.caida.org/images/caida_whitewords.png "Go to CAIDA home page"){kind=small}