Header file which exports the public libcorsaro API. More...

This graph shows which files directly or indirectly include this file:

Typedefs
Opaque Data Structures
typedef struct corsaro	corsaro_t
	Opaque struct holding corsaro output state. More...

typedef struct corsaro_in	corsaro_in_t
	Opaque struct holding corsaro input state. More...

typedef struct corsaro_packet	corsaro_packet_t
	Opaque corsaro packet wrapper. More...

typedef struct corsaro_packet_state	corsaro_packet_state_t
	Struct holding corsaro packet state. More...

typedef struct corsaro_in_record	corsaro_in_record_t
	Opaque struct holding a corsaro record read from file. More...

typedef struct corsaro_header	corsaro_header_t
	Opaque struct representing a corsaro file header. More...

typedef struct corsaro_trailer	corsaro_trailer_t
	Opaque struct representing a corsaro file trailer. More...

typedef struct corsaro_interval	corsaro_interval_t
	Opaque struct representing the start or end of an interval. More...

typedef struct corsaro_plugin_data	corsaro_plugin_data_t
	Opaque struct representing the start of end of a plugin data block. More...

Functions
Corsaro output API functions
These functions are used to generate corsaro output from libtrace packets The basic process for using corsaro to generate output is: init corsaro using corsaro_alloc_output optionally call corsaro_set_interval to set the interval time optionally call corsaro_set_traceuri to set the name of the trace call corsaro_start_output to initialize the plugins (and create the files) call corsaro_per_packet with each packet to be processed call corsaro_finalize when all packets have been processed If an API function returns an error condition, it is your responsibility to call corsaro_finalize to clean up any resources corsaro is using. This is so you can decide if halting execution is really what you want to do. For example, if a packet fails to process, you may decide to log it and attempt to continue with the next packet. Beware that this could get corsaro into an unstable state if the error arose from something like malloc failing.
corsaro_t *	corsaro_alloc_output (char *template, corsaro_file_mode_t mode)
	Allocate an corsaro object. More...

int	corsaro_start_output (corsaro_t *corsaro)
	Initialize an corsaro object that has already been allocated. More...

void	corsaro_set_interval_alignment (corsaro_t *corsaro, corsaro_interval_align_t interval_align)
	Accessor function to enable/disable the alignment of the initial interval. More...

void	corsaro_set_interval (corsaro_t *corsaro, unsigned int interval)
	Accessor function to set the interval length. More...

void	corsaro_set_output_rotation (corsaro_t *corsaro, int intervals)
	Accessor function to set the rotation frequency of output files. More...

void	corsaro_set_meta_output_rotation (corsaro_t *corsaro, int intervals)
	Accessor function to set the rotation frequency of meta output files. More...

int	corsaro_is_rotate_interval (corsaro_t *corsaro)
	Convenience function to determine if the output files should be rotated. More...

int	corsaro_set_trace (corsaro_t corsaro, libtrace_t trace)
	Accessor function to set the trace pointer. More...

int	corsaro_set_traceuri (corsaro_t corsaro, char traceuri)
	Accessor function to set the trace uri string. More...

void	corsaro_disable_logfile (corsaro_t *corsaro)
	Accessor function to disable logging to a file. More...

void	corsaro_disable_globalfile (corsaro_t *corsaro)
	Accessor function to disable the global metadata file. More...

int	corsaro_enable_plugin (corsaro_t corsaro, const char plugin_name, const char *plugin_args)
	Attempt to enable a plugin using the given plugin name. More...

int	corsaro_get_plugin_names (char ***plugin_names)
	Return an array of the names of plugins which are compiled into corsaro. More...

void	corsaro_free_plugin_names (char **plugin_names, int plugin_cnt)
	Free the array of plugin names returned by corsaro_get_plugin_names. More...

uint64_t	corsaro_get_accepted_packets (corsaro_t *corsaro)
	Accessor function to get the number of accepted packets in this interval. More...

uint64_t	corsaro_get_dropped_packets (corsaro_t *corsaro)
	Accessor function to get the number of dropped packets in this interval. More...

const char *	corsaro_get_traceuri (corsaro_t *corsaro)
	Accessor function to get the trace uri string. More...

int	corsaro_set_monitorname (corsaro_t corsaro, char name)
	Accessor function to set the monitor name. More...

const char *	corsaro_get_monitorname (corsaro_t *corsaro)
	Accessor function to get the monitor name string. More...

int	corsaro_per_packet (corsaro_t corsaro, libtrace_packet_t packet)
	Perform corsaro processing on a given libtrace packet. More...

int	corsaro_per_record (corsaro_t corsaro, corsaro_in_record_type_t type, corsaro_in_record_t record)
	Perform corsaro processing on a given corsaro record. More...

int	corsaro_finalize_output (corsaro_t *corsaro)
	Write the final interval and free resources allocated by corsaro. More...

Corsaro input API functions
These functions are used to process exising corsaro files. Similarly to using corsaro for output, the process for opening an input file is: call corsaro_alloc_input call corsaro_start_input call corsaro_in_read_record until all records have been read for each record returned, cast to the appropriate type and carry out any processing required call corsaro_in_finalize when all records have been processed
corsaro_in_t *	corsaro_alloc_input (const char *corsarouri)
	Allocate an corsaro object for reading an corsaro file. More...

int	corsaro_start_input (corsaro_in_t *corsaro)
	Initialize an corsaro input object that has already been allocated. More...

corsaro_in_record_t *	corsaro_in_alloc_record (corsaro_in_t *corsaro)
	Allocate a reusable corsaro record object. More...

void	corsaro_in_free_record (corsaro_in_record_t *record)
	Free an corsaro record object. More...

off_t	corsaro_in_read_record (corsaro_in_t corsaro, corsaro_in_record_type_t record_type, corsaro_in_record_t *record)
	Read the next corsaro record from the given corsaro input file. More...

void *	corsaro_in_get_record_data (corsaro_in_record_t *record)
	Get a pointer data in a record. More...

int	corsaro_finalize_input (corsaro_in_t *corsaro)
	Close the input file and free resources allocated by corsaro. More...

Enumerations
enum	corsaro_in_record_type { CORSARO_IN_RECORD_TYPE_NULL = 0, CORSARO_IN_RECORD_TYPE_INTERNAL_REDIRECT = 1, CORSARO_IN_RECORD_TYPE_IO_HEADER = 2, CORSARO_IN_RECORD_TYPE_IO_TRAILER = 3, CORSARO_IN_RECORD_TYPE_IO_INTERVAL_START = 4, CORSARO_IN_RECORD_TYPE_IO_INTERVAL_END = 5, CORSARO_IN_RECORD_TYPE_IO_PLUGIN_START = 6, CORSARO_IN_RECORD_TYPE_IO_PLUGIN_END = 7, CORSARO_IN_RECORD_TYPE_FLOWTUPLE_CLASS_START = 20, CORSARO_IN_RECORD_TYPE_FLOWTUPLE_CLASS_END = 21, CORSARO_IN_RECORD_TYPE_FLOWTUPLE_FLOWTUPLE = 22, CORSARO_IN_RECORD_TYPE_DOS_GLOBAL_HEADER = 30, CORSARO_IN_RECORD_TYPE_DOS_HEADER = 31, CORSARO_IN_RECORD_TYPE_DOS_ATTACK_VECTOR = 32 }
	Corsaro input record types. More...

enum	corsaro_file_mode { CORSARO_FILE_MODE_ASCII = 0, CORSARO_FILE_MODE_BINARY = 1, CORSARO_FILE_MODE_TRACE = 2, CORSARO_FILE_MODE_UNKNOWN = 3, CORSARO_FILE_MODE_DEFAULT = CORSARO_FILE_MODE_UNKNOWN }
	Enum of supported file modes. More...

enum	corsaro_file_compress { CORSARO_FILE_COMPRESS_NONE = WANDIO_COMPRESS_NONE, CORSARO_FILE_COMPRESS_ZLIB = WANDIO_COMPRESS_ZLIB, CORSARO_FILE_COMPRESS_BZ2 = WANDIO_COMPRESS_BZ2, CORSARO_FILE_COMPRESS_LZO = WANDIO_COMPRESS_LZO, CORSARO_FILE_COMPRESS_DEFAULT = CORSARO_FILE_COMPRESS_ZLIB }
	Supported compression types (must be kept in sync with wandio) More...

enum	corsaro_interval_align { CORSARO_INTERVAL_ALIGN_NO = 0, CORSARO_INTERVAL_ALIGN_YES = 1, CORSARO_INTERVAL_ALIGN_DEFAULT = CORSARO_INTERVAL_ALIGN_NO }
	Settings for interval alignment. More...

typedef enum corsaro_in_record_type	corsaro_in_record_type_t
	Corsaro input record types. More...

typedef enum corsaro_file_mode	corsaro_file_mode_t
	Enum of supported file modes. More...

typedef enum corsaro_file_compress	corsaro_file_compress_t
	Supported compression types (must be kept in sync with wandio) More...

typedef enum corsaro_interval_align	corsaro_interval_align_t
	Settings for interval alignment. More...

Detailed Description

Header file which exports the public libcorsaro API.

Author: Alistair King

Definition in file corsaro.h.

Typedef Documentation

typedef enum corsaro_file_compress corsaro_file_compress_t

Supported compression types (must be kept in sync with wandio)

typedef enum corsaro_file_mode corsaro_file_mode_t

Enum of supported file modes.

typedef struct corsaro_header corsaro_header_t

Opaque struct representing a corsaro file header.

Definition at line 58 of file corsaro.h.

typedef struct corsaro_in_record corsaro_in_record_t

Opaque struct holding a corsaro record read from file.

Definition at line 56 of file corsaro.h.

typedef enum corsaro_in_record_type corsaro_in_record_type_t

Corsaro input record types.

Use these types to request a specific record, or to cast a returned record, from corsaro_in_read_record

You should be able to cast this by removing the 'type' and adding '_t'. For example, CORSARO_IN_RECORD_TYPE_IO_HEADER becomes corsaro_in_record_io_header_t

Additionally, the field immediately following 'TYPE' indicates the module which is responsible for reading and writing these records. It is probably safe to look in corsaro_<module>.[ch] to find them.

typedef struct corsaro_in corsaro_in_t

Opaque struct holding corsaro input state.

Definition at line 50 of file corsaro.h.

typedef enum corsaro_interval_align corsaro_interval_align_t

Settings for interval alignment.

typedef struct corsaro_interval corsaro_interval_t

Opaque struct representing the start or end of an interval.

Definition at line 62 of file corsaro.h.

typedef struct corsaro_packet_state corsaro_packet_state_t

Struct holding corsaro packet state.

Definition at line 54 of file corsaro.h.

typedef struct corsaro_packet corsaro_packet_t

Opaque corsaro packet wrapper.

Definition at line 52 of file corsaro.h.

typedef struct corsaro_plugin_data corsaro_plugin_data_t

Opaque struct representing the start of end of a plugin data block.

Definition at line 64 of file corsaro.h.

typedef struct corsaro corsaro_t

Opaque struct holding corsaro output state.

Definition at line 48 of file corsaro.h.

typedef struct corsaro_trailer corsaro_trailer_t

Opaque struct representing a corsaro file trailer.

Definition at line 60 of file corsaro.h.

Enumeration Type Documentation

enum corsaro_file_compress

Supported compression types (must be kept in sync with wandio)

Enumerator
CORSARO_FILE_COMPRESS_NONE	No compression.
CORSARO_FILE_COMPRESS_ZLIB	Zlib compression (gzip)
CORSARO_FILE_COMPRESS_BZ2	Bzip compression.
CORSARO_FILE_COMPRESS_LZO	LZO Compression.
CORSARO_FILE_COMPRESS_DEFAULT	Default compression.

Definition at line 166 of file corsaro.h.

enum corsaro_file_mode

Enum of supported file modes.

Enumerator
CORSARO_FILE_MODE_ASCII	ASCII IO mode.
CORSARO_FILE_MODE_BINARY	Binary IO mode.
CORSARO_FILE_MODE_TRACE	Pseudo IO mode which allows trace files to be written.
CORSARO_FILE_MODE_UNKNOWN	Unknown IO mode.
CORSARO_FILE_MODE_DEFAULT	Default IO mode.

Definition at line 150 of file corsaro.h.

enum corsaro_in_record_type

Corsaro input record types.

Use these types to request a specific record, or to cast a returned record, from corsaro_in_read_record

You should be able to cast this by removing the 'type' and adding '_t'. For example, CORSARO_IN_RECORD_TYPE_IO_HEADER becomes corsaro_in_record_io_header_t

Additionally, the field immediately following 'TYPE' indicates the module which is responsible for reading and writing these records. It is probably safe to look in corsaro_<module>.[ch] to find them.

Enumerator
CORSARO_IN_RECORD_TYPE_NULL	The null type used for wildcard matching.
CORSARO_IN_RECORD_TYPE_INTERNAL_REDIRECT	Internal type for directing read requests.
CORSARO_IN_RECORD_TYPE_IO_HEADER	The overall corsaro header (currently only in global)
CORSARO_IN_RECORD_TYPE_IO_TRAILER	The overall corsaro trailer (currently only in global)
CORSARO_IN_RECORD_TYPE_IO_INTERVAL_START	The start of an interval.
CORSARO_IN_RECORD_TYPE_IO_INTERVAL_END	The end of an interval.
CORSARO_IN_RECORD_TYPE_IO_PLUGIN_START	The start of a plugin data section.
CORSARO_IN_RECORD_TYPE_IO_PLUGIN_END	The end of a plugin data section.
CORSARO_IN_RECORD_TYPE_FLOWTUPLE_CLASS_START	The corsaro_flowtuple flowtuple classification type start record.
CORSARO_IN_RECORD_TYPE_FLOWTUPLE_CLASS_END	The corsaro_flowtuple flowtuple classification type end record.
CORSARO_IN_RECORD_TYPE_FLOWTUPLE_FLOWTUPLE	The corsaro_flowtuple flowtuple record.
CORSARO_IN_RECORD_TYPE_DOS_GLOBAL_HEADER	The corsaro_dos global header record.
CORSARO_IN_RECORD_TYPE_DOS_HEADER	The corsaro_dos header record.
CORSARO_IN_RECORD_TYPE_DOS_ATTACK_VECTOR	The corsaro_dos attack vector record.

Definition at line 97 of file corsaro.h.

enum corsaro_interval_align

Settings for interval alignment.

Definition at line 182 of file corsaro.h.

Function Documentation

corsaro_in_t* corsaro_alloc_input ( const char * corsarouri )

Allocate an corsaro object for reading an corsaro file.

Parameters

corsarouri The corsaro file uri to open

Returns: a pointer to an corsaro input structure, or NULL if an error occurs

Definition at line 1414 of file corsaro.c.

References corsaro, corsaro_in_init(), and corsaro_log_in().

Referenced by init_corsaro(), and init_flowtuple().

corsaro_t* corsaro_alloc_output	(	char *	template,
		corsaro_file_mode_t	mode
	)

Allocate an corsaro object.

Parameters

template	The string used to generate output files
mode	The file output mode

Returns: a pointer to an opaque corsaro structure, or NULL if an error occurs

The template must contain a pattern to be replaced with the plugin names (P). The output modes that make sense to use are CORSARO_FILE_MODE_ASCII and CORSARO_FILE_MODE_BINARY. Using CORSARO_FILE_MODE_TRACE will result in an error as not all plugins are expected to be able to write to generic packets

The returned object can then be used to set options (corsaro_set_*) before calling corsaro_start_output to write headers to the output files ready to process packets.

Definition at line 893 of file corsaro.c.

References corsaro, corsaro_init(), and corsaro_log().

Referenced by main().

void corsaro_disable_globalfile ( corsaro_t * corsaro )

Accessor function to disable the global metadata file.

Parameters

corsaro The corsaro to disable the global metadata file for

This function may be called at any time, but if a metadata file is already created then it will continue to be used until a rotation interval is encountered. Normally it should be called before calling corsaro_start_output

Definition at line 1119 of file corsaro.c.

References corsaro::global_file_disabled.

Referenced by main().

void corsaro_disable_logfile ( corsaro_t * corsaro )

Accessor function to disable logging to a file.

Parameters

corsaro The corsaro to disable logging to a file for

This function may be called at any time, but if a log file is already created then it will continue to be used until a rotation interval is encountered. Normally it should be called before calling corsaro_start_output

Definition at line 1113 of file corsaro.c.

References corsaro::logfile_disabled.

Referenced by main().

int corsaro_enable_plugin	(	corsaro_t *	corsaro,
		const char *	plugin_name,
		const char *	plugin_args
	)

Attempt to enable a plugin using the given plugin name.

Parameters

corsaro	The corsaro object to enable the plugin for
plugin_name	The string name of the plugin to enable
plugin_args	The string of arguments to pass to the plugin

Returns: 0 if the plugin was successfully enabled, -1 if an error occurs

Until this function is called successfully, all compiled plugins are considered enabled. Once it has been called, only the plugins explicitly enabled using this function will be used

Definition at line 1125 of file corsaro.c.

References corsaro_plugin_enable_plugin(), and corsaro::plugin_manager.

Referenced by main().

int corsaro_finalize_input ( corsaro_in_t * corsaro )

Close the input file and free resources allocated by corsaro.

Parameters

corsaro The corsaro input object to finalize

Returns: 0 if corsaro finished properly, -1 if an error occurs.

Definition at line 1588 of file corsaro.c.

References corsaro_in_free().

Referenced by clean(), and close_flowtuple().

int corsaro_finalize_output ( corsaro_t * corsaro )

Write the final interval and free resources allocated by corsaro.

Parameters

corsaro The corsaro object to finalize

Returns: 0 if corsaro finished properly, -1 if an error occurs.

Definition at line 1382 of file corsaro.c.

References corsaro_free(), corsaro_io_write_trailer(), corsaro_log(), end_interval(), corsaro::global_file, corsaro::interval_end_needed, corsaro::last_ts, and corsaro::started.

Referenced by clean(), and main().

void corsaro_free_plugin_names	(	char **	plugin_names,
		int	plugin_cnt
	)

Free the array of plugin names returned by corsaro_get_plugin_names.

Parameters

plugin_names	The array of plugin names
plugin_cnt	The number of names in the array

Definition at line 1170 of file corsaro.c.

Referenced by usage().

uint64_t corsaro_get_accepted_packets ( corsaro_t * corsaro )

Accessor function to get the number of accepted packets in this interval.

Parameters

corsaro The corsaro object to retrieve the packet count for

Returns: the number of packets libtrace reports as accepted in the current interval, or UINT64_MAX if this value is unavailable.

This function requires that a pointer to the trace has been provided to corsaro by way of the corsaro_set_trace function.

Definition at line 1188 of file corsaro.c.

References corsaro::accepted_pkts, and corsaro::trace.

uint64_t corsaro_get_dropped_packets ( corsaro_t * corsaro )

Accessor function to get the number of dropped packets in this interval.

Parameters

corsaro The corsaro object to retrieve the packet count for

Returns: the number of packets libtrace reports as dropped in the current interval, or UINT64_MAX if this value is unavailable.

This function requires that a pointer to the trace has been provided to corsaro by way of the corsaro_set_trace function.

Definition at line 1195 of file corsaro.c.

References corsaro::dropped_pkts, and corsaro::trace.

Referenced by smee_pkt_drops().

const char* corsaro_get_monitorname ( corsaro_t * corsaro )

Accessor function to get the monitor name string.

Parameters

corsaro The corsaro object to set the monitor name for

Returns: a pointer to the monitor name string

Definition at line 1241 of file corsaro.c.

References corsaro::monitorname.

Referenced by corsaro_smee_init_output(), and usage().

int corsaro_get_plugin_names ( char *** plugin_names )

Return an array of the names of plugins which are compiled into corsaro.

Parameters

[out] plugin_names A pointer to an array of plugin names

Returns: the number of strings in the array, -1 if an error occurs

Note that corsaro_free_plugin_names must be called to free the returned array

Definition at line 1135 of file corsaro.c.

References corsaro_plugin_manager_free(), corsaro_plugin_manager_init(), corsaro_plugin_next(), corsaro_plugin::name, and corsaro_plugin_manager::plugins_cnt.

Referenced by usage().

const char* corsaro_get_traceuri ( corsaro_t * corsaro )

Accessor function to get the trace uri string.

Parameters

corsaro The corsaro object to set the trace uri for

Returns: a pointer to the traceuri string, or NULL if it is not set

Definition at line 1202 of file corsaro.c.

References corsaro::uridata.

Referenced by corsaro_smee_init_output().

corsaro_in_record_t* corsaro_in_alloc_record ( corsaro_in_t * corsaro )

Allocate a reusable corsaro record object.

Parameters

corsaro The corsaro input object to associate with the record

Returns: a pointer to the record object, NULL if an error occurs

Definition at line 1514 of file corsaro.c.

References corsaro_in_record::buffer, corsaro_in_record::buffer_len, corsaro, corsaro_in_record::corsaro, corsaro_in_free_record(), CORSARO_IN_RECORD_DEFAULT_BUFFER_LEN, corsaro_log_in(), record, and corsaro_in_record::type.

Referenced by init_corsaro(), and init_flowtuple().

void corsaro_in_free_record ( corsaro_in_record_t * record )

Free an corsaro record object.

Parameters

record The record object to free

Definition at line 1542 of file corsaro.c.

References corsaro_in_record::buffer, corsaro_in_record::buffer_len, corsaro_log_file(), and corsaro_in_record::type.

Referenced by clean(), close_flowtuple(), and corsaro_in_alloc_record().

void* corsaro_in_get_record_data ( corsaro_in_record_t * record )

Get a pointer data in a record.

Parameters

record The corsaro record object to retrieve data from

Returns: a void pointer to the data, NULL if an error occurred

Definition at line 1583 of file corsaro.c.

References corsaro_in_record::buffer.

Referenced by corsaro_per_record(), process_corsaro(), and process_flowtuple_file().

off_t corsaro_in_read_record	(	corsaro_in_t *	corsaro,
		corsaro_in_record_type_t *	record_type,
		corsaro_in_record_t *	record
	)

Read the next corsaro record from the given corsaro input file.

Parameters

	corsaro	The corsaro input object to read from
[in,out]	record_type	The type of the record to read
	record	The generic corsaro input record pointer

Returns: 0 on EOF, -1 on error, number of bytes read when successful

Definition at line 1562 of file corsaro.c.

References CORSARO_IN_RECORD_TYPE_NULL, corsaro_in::expected_type, corsaro_in::plugin, corsaro_plugin::read_record, and read_record().

Referenced by main(), process_corsaro(), and process_flowtuple_file().

int corsaro_is_rotate_interval ( corsaro_t * corsaro )

Convenience function to determine if the output files should be rotated.

Parameters

corsaro The corsaro object to check the rotation status of

Returns: 1 if output files should be rotated at the end of the current interval, 0 if not

Definition at line 1041 of file corsaro.c.

References corsaro::interval_start, corsaro_interval::number, and corsaro::output_rotate.

Referenced by corsaro_dos_end_interval(), corsaro_flowtuple_end_interval(), corsaro_pcap_end_interval(), corsaro_smee_end_interval(), and is_meta_rotate_interval().

int corsaro_per_packet	(	corsaro_t *	corsaro,
		libtrace_packet_t *	packet
	)

Perform corsaro processing on a given libtrace packet.

Parameters

corsaro	The corsaro object used to process the packet
packet	The libtrace packet to process

Returns: 0 if the packet is successfully processed, -1 if an error occurs

For each packet, corsaro will determine whether it falls within the current interval, if not, it will write out data for the previous interval. The packet is then handed to each plugin which processes it and updates internal state.

Definition at line 1246 of file corsaro.c.

References corsaro_log(), corsaro_packet_state_reset(), end_interval(), corsaro::first_ts, corsaro::interval, corsaro::interval_align, corsaro::interval_end_needed, corsaro::interval_start, corsaro::last_ts, corsaro_packet::ltpacket, corsaro::next_report, corsaro_interval::number, corsaro::packet, corsaro::packet_cnt, process_packet(), start_interval(), and corsaro::started.

Referenced by process_trace().

int corsaro_per_record	(	corsaro_t *	corsaro,
		corsaro_in_record_type_t	type,
		corsaro_in_record_t *	record
	)

Perform corsaro processing on a given corsaro record.

Parameters

corsaro	The corsaro object used to process the packet
type	The type of the record
record	The record to process

Returns: 0 if the record is successfully processed, -1 if an error occurs

For each record, corsaro will simply hand it to each plugin which can process it and updates internal state.

Definition at line 1327 of file corsaro.c.

References corsaro_in_get_record_data(), CORSARO_IN_RECORD_TYPE_FLOWTUPLE_CLASS_END, CORSARO_IN_RECORD_TYPE_FLOWTUPLE_CLASS_START, CORSARO_IN_RECORD_TYPE_FLOWTUPLE_FLOWTUPLE, CORSARO_IN_RECORD_TYPE_IO_INTERVAL_END, CORSARO_IN_RECORD_TYPE_IO_INTERVAL_START, interval, per_interval_end(), and per_interval_start().

Referenced by process_corsaro().

void corsaro_set_interval	(	corsaro_t *	corsaro,
		unsigned int	interval
	)

Accessor function to set the interval length.

Parameters

corsaro	The corsaro object to set the interval for
interval	The interval (in seconds)

If this function is not called, the default interval, CORSARO_INTERVAL_DEFAULT, will be used.

Definition at line 988 of file corsaro.c.

References corsaro_log(), corsaro::interval, and corsaro::started.

Referenced by main().

void corsaro_set_interval_alignment	(	corsaro_t *	corsaro,
		corsaro_interval_align_t	interval_align
	)

Accessor function to enable/disable the alignment of the initial interval.

Parameters

corsaro	The corsaro object to set the interval for
interval_align	Enable or disable the alignment of interval end times

The end time of the first interval will be rounded down to the nearest integer multiple of the interval length. Interval rounding makes the most sense when the interval length is evenly divisible into 1 hour. The default is no interval alignment.

Definition at line 975 of file corsaro.c.

References corsaro_log(), corsaro::interval_align, and corsaro::started.

Referenced by main().

void corsaro_set_meta_output_rotation	(	corsaro_t *	corsaro,
		int	intervals
	)

Accessor function to set the rotation frequency of meta output files.

Parameters

corsaro	The corsaro object to set the interval for
intervals	The number of intervals after which the output files will be rotated

If this is set to > 0, corsaro meta output files (global and log) will be rotated at the end of n intervals. The default is to follow the output rotation interval specified by corsaro_set_output_rotation.

Definition at line 1027 of file corsaro.c.

References corsaro_log(), corsaro::meta_output_rotate, and corsaro::started.

Referenced by main().

int corsaro_set_monitorname	(	corsaro_t *	corsaro,
		char *	name
	)

Accessor function to set the monitor name.

Parameters

corsaro	The corsaro object to set the monitor name for
name	The string to set as the monitor name

Returns: 0 if the name was successfully set, -1 if an error occurs

If it is not set, the value defined at compile time is used. This is either the hostname of the machine it was compiled on, or a value passed to configure using –with-monitorname

Definition at line 1207 of file corsaro.c.

References corsaro_log(), corsaro::monitorname, and corsaro::started.

Referenced by main().

void corsaro_set_output_rotation	(	corsaro_t *	corsaro,
		int	intervals
	)

Accessor function to set the rotation frequency of output files.

Parameters

corsaro	The corsaro object to set the interval for
intervals	The number of intervals after which the output files will be rotated

If this is set to > 0, all output files will be rotated at the end of n intervals. The default is 0 (no rotation).

Definition at line 1000 of file corsaro.c.

References corsaro_io_template_has_timestamp(), corsaro_log(), corsaro::output_rotate, and corsaro::started.

Referenced by main().

int corsaro_set_trace	(	corsaro_t *	corsaro,
		libtrace_t *	trace
	)

Accessor function to set the trace pointer.

Parameters

corsaro	The corsaro object to set the trace uri for
trace	A libtrace trace pointer for the current trace

Returns: 0 if the uri was successfully set, -1 if an error occurs

The trace pointer is used by corsaro to report trace statistics such as dropped and accepted packet counts. This is not required.

Definition at line 1059 of file corsaro.c.

References corsaro::accepted_pkts, corsaro_log(), corsaro::dropped_pkts, trace, and corsaro::trace.

Referenced by process_trace().

int corsaro_set_traceuri	(	corsaro_t *	corsaro,
		char *	traceuri
	)

Accessor function to set the trace uri string.

Parameters

corsaro	The corsaro object to set the trace uri for
traceuri	The string to set as the trace uri

Returns: 0 if the uri was successfully set, -1 if an error occurs

The trace uri is not used internally by corsaro, this can be any user-defined string which is stored in the corsaro header in output files. If it is not set, no uri is written to the output.

Definition at line 1081 of file corsaro.c.

References corsaro_log(), corsaro::started, and corsaro::uridata.

Referenced by main().

int corsaro_start_input ( corsaro_in_t * corsaro )

Initialize an corsaro input object that has already been allocated.

Parameters

corsaro The corsaro input object to start

Returns: 0 if corsaro is started successfully, -1 if an error occurs

Definition at line 1428 of file corsaro.c.

References check_global_filename(), check_global_magic(), corsaro_file_ropen(), CORSARO_IN_RECORD_TYPE_IO_HEADER, corsaro_log_in(), corsaro_plugin_next(), corsaro_in::expected_type, corsaro_in::file, corsaro_plugin::init_input, corsaro_plugin::name, corsaro_in::plugin, corsaro_in::plugin_manager, corsaro_plugin::probe_filename, corsaro_plugin::probe_magic, corsaro_in::started, and corsaro_in::uridata.

Referenced by init_corsaro(), and init_flowtuple().

int corsaro_start_output ( corsaro_t * corsaro )

Initialize an corsaro object that has already been allocated.

Parameters

corsaro The corsaro object to start

Returns: 0 if corsaro is started successfully, -1 if an error occurs

It is only when this function is called that the plugins will parse their arguments and initialize any state (open files etc).

Warning: Plugins may use getopt to parse their arguments, please be sure that you are not using the getopt global variables (optarg, optind etc) when calling this function.

Definition at line 917 of file corsaro.c.

References corsaro_io_template_has_timestamp(), corsaro_log(), corsaro_log_init(), corsaro_plugin_manager_start(), corsaro_plugin_next(), corsaro_plugin::init_output, corsaro::logfile, corsaro::logfile_disabled, corsaro::plugin_manager, and corsaro::started.

Referenced by main().

Typedefs

Functions

Enumerations

Detailed Description

Typedef Documentation

Enumeration Type Documentation

Function Documentation