Corsaro FlowTuple plugin implementation. More...
Go to the source code of this file.
Macros | |
| #define | CORSARO_FLOWTUPLE_MAGIC 0x53495855 |
| The magic number for this plugin when not using /8 opts - "SIXU". More... | |
| #define | OUTFILE_POINTERS 2 |
| The number of output file pointers to support non-blocking close at the end of an interval. More... | |
| #define | PLUGIN_NAME "flowtuple" |
| The name of this plugin. More... | |
| #define | STATE(corsaro) (CORSARO_PLUGIN_STATE(corsaro, flowtuple, CORSARO_PLUGIN_ID_FLOWTUPLE)) |
| Extends the generic plugin state convenience macro in corsaro_plugin.h. More... | |
| #define | STATE_IN(corsaro) (CORSARO_PLUGIN_STATE(corsaro, flowtuple_in, CORSARO_PLUGIN_ID_FLOWTUPLE)) |
| Extends the generic plugin state convenience macro in corsaro_plugin.h. More... | |
| #define | PLUGIN(corsaro) (CORSARO_PLUGIN_PLUGIN(corsaro, CORSARO_PLUGIN_ID_FLOWTUPLE)) |
| Extends the generic plugin plugin convenience macro in corsaro_plugin.h. More... | |
Typedefs | |
| typedef enum corsaro_flowtuple_sort | corsaro_flowtuple_sort_t |
| Possible states for FlowTuple output sorting. More... | |
Enumerations | |
| enum | corsaro_flowtuple_sort { CORSARO_FLOWTUPLE_SORT_DISABLED = 0, CORSARO_FLOWTUPLE_SORT_ENABLED = 1, CORSARO_FLOWTUPLE_SORT_DEFAULT = CORSARO_FLOWTUPLE_SORT_ENABLED } |
| Possible states for FlowTuple output sorting. More... | |
Functions | |
| KSORT_INIT (sixt, corsaro_flowtuple_t *, corsaro_flowtuple_lt) | |
| Initialize the sorting functions and datatypes. More... | |
| KHASH_INIT (sixt, corsaro_flowtuple_t *, char, 0, corsaro_flowtuple_hash_func, corsaro_flowtuple_hash_equal) | |
| Initialize the hash functions and datatypes. More... | |
| static void | usage (corsaro_plugin_t *plugin) |
| Print usage information to stderr. More... | |
| static int | parse_args (corsaro_t *corsaro) |
| Parse the arguments given to the plugin. More... | |
| static int | flowtuple_classify_packet (corsaro_t *corsaro, libtrace_packet_t *packet) |
| Determines the traffic class for a packet; possible options are CORSARO_FLOWTUPLE_CLASS_BACKSCATTER, CORSARO_FLOWTUPLE_CLASS_ICMPREQ, CLASS_OTHER. More... | |
| static int | sort_hash (corsaro_t *corsaro, kh_sixt_t *hash, corsaro_flowtuple_t ***sorted) |
| Given a st hash, malloc and return a sorted array of pointers. More... | |
| static int | binary_dump (corsaro_t *corsaro, corsaro_flowtuple_class_type_t dist) |
| Dump the given flowtuple to the plugin's outfile in binary format. More... | |
| static int | ascii_dump (corsaro_t *corsaro, corsaro_flowtuple_class_type_t dist) |
| Dump the given flowtuple to the plugin's outfile in ASCII format. More... | |
| static int | validate_class_start (corsaro_flowtuple_class_start_t *class) |
| Check that a class start record is valid. More... | |
| static int | read_class_start (corsaro_in_t *corsaro, corsaro_in_record_type_t *record_type, corsaro_in_record_t *record) |
| Read a class start record. More... | |
| static int | validate_class_end (corsaro_flowtuple_class_end_t *class) |
| Check that a class end record is valid. More... | |
| static int | read_class_end (corsaro_in_t *corsaro, corsaro_in_record_type_t *record_type, corsaro_in_record_t *record) |
| Read a class end record. More... | |
| static int | validate_flowtuple (corsaro_flowtuple_t *flowtuple) |
| Attempt to validate a flowtuple record (no-op) More... | |
| static int | read_flowtuple (corsaro_in_t *corsaro, corsaro_in_record_type_t *record_type, corsaro_in_record_t *record) |
| Read a flowtuple record. More... | |
| corsaro_plugin_t * | corsaro_flowtuple_alloc (corsaro_t *corsaro) |
| Implements the alloc function of the plugin API. More... | |
| int | corsaro_flowtuple_probe_filename (const char *fname) |
| Implements the probe_filename function of the plugin API. More... | |
| int | corsaro_flowtuple_probe_magic (corsaro_in_t *corsaro, corsaro_file_in_t *file) |
| Implements the probe_magic function of the plugin API. More... | |
| int | corsaro_flowtuple_init_output (corsaro_t *corsaro) |
| Implements the init_output function of the plugin API. More... | |
| int | corsaro_flowtuple_init_input (corsaro_in_t *corsaro) |
| Implements the init_input function of the plugin API. More... | |
| int | corsaro_flowtuple_close_input (corsaro_in_t *corsaro) |
| Implements the close_input function of the plugin API. More... | |
| int | corsaro_flowtuple_close_output (corsaro_t *corsaro) |
| Implements the close_output function of the plugin API. More... | |
| off_t | corsaro_flowtuple_read_record (struct corsaro_in *corsaro, corsaro_in_record_type_t *record_type, corsaro_in_record_t *record) |
| Implements the read_record function of the plugin API. More... | |
| off_t | corsaro_flowtuple_read_global_data_record (struct corsaro_in *corsaro, enum corsaro_in_record_type *record_type, struct corsaro_in_record *record) |
| Implements the read_global_data_record function of the plugin API. More... | |
| int | corsaro_flowtuple_start_interval (corsaro_t *corsaro, corsaro_interval_t *int_start) |
| Implements the start_interval function of the plugin API. More... | |
| int | corsaro_flowtuple_end_interval (corsaro_t *corsaro, corsaro_interval_t *int_end) |
| Implements the end_interval function of the plugin API. More... | |
| int | corsaro_flowtuple_process_packet (corsaro_t *corsaro, corsaro_packet_t *packet) |
| Implements the process_packet function of the plugin API. More... | |
| int | corsaro_flowtuple_process_flowtuple (corsaro_t *corsaro, corsaro_flowtuple_t *flowtuple, corsaro_packet_state_t *state) |
| Implements the process_flowtuple function of the plugin API. More... | |
| int | corsaro_flowtuple_process_flowtuple_class_start (corsaro_t *corsaro, corsaro_flowtuple_class_start_t *class) |
| Implements the process_flowtuple_class_start function of the plugin API. More... | |
| int | corsaro_flowtuple_process_flowtuple_class_end (corsaro_t *corsaro, corsaro_flowtuple_class_end_t *class) |
| Implements the process_flowtuple_class_end function of the plugin API. More... | |
| int | corsaro_flowtuple_probe_file (corsaro_in_t *corsaro, const char *fturi) |
| Check if an input file is a FlowTuple file. More... | |
| uint32_t | corsaro_flowtuple_get_source_ip (corsaro_flowtuple_t *flowtuple) |
| Convenience function to get the source IP address from a FlowTuple. More... | |
| uint32_t | corsaro_flowtuple_get_destination_ip (corsaro_flowtuple_t *flowtuple) |
| Convenience function to get the destination IP address from a FlowTuple. More... | |
| off_t | corsaro_flowtuple_fprint (corsaro_t *corsaro, corsaro_file_t *file, corsaro_flowtuple_t *flowtuple) |
| Print a flowtuple to a file in ASCII format. More... | |
| void | corsaro_flowtuple_print (corsaro_flowtuple_t *flowtuple) |
| Print a FlowTuple to stdout in ASCII format. More... | |
| off_t | corsaro_flowtuple_class_start_fprint (corsaro_t *corsaro, corsaro_file_t *file, corsaro_flowtuple_class_start_t *class) |
| Print a class start record to a file in ASCII format. More... | |
| void | corsaro_flowtuple_class_start_print (corsaro_flowtuple_class_start_t *class) |
| Print a class start record to stdout in ASCII format. More... | |
| off_t | corsaro_flowtuple_class_end_fprint (corsaro_t *corsaro, corsaro_file_t *file, corsaro_flowtuple_class_end_t *class) |
| Print a class end record to a file in ASCII format. More... | |
| void | corsaro_flowtuple_class_end_print (corsaro_flowtuple_class_end_t *class) |
| Print a class end record to stdout in ASCII format. More... | |
| off_t | corsaro_flowtuple_record_fprint (corsaro_t *corsaro, corsaro_file_t *file, corsaro_in_record_type_t record_type, corsaro_in_record_t *record) |
| Print a record to a file in ASCII format. More... | |
| int | corsaro_flowtuple_record_print (corsaro_in_record_type_t record_type, corsaro_in_record_t *record) |
| Print a record to stdout in ASCII format. More... | |
| void | corsaro_flowtuple_free (corsaro_flowtuple_t *t) |
| Free a FlowTuple record. More... | |
| int | corsaro_flowtuple_add_inc (void *h, corsaro_flowtuple_t *t, uint32_t increment) |
| Either add the given flowtuple to the hash, or increment the current count. More... | |
| khint32_t | corsaro_flowtuple_hash_func (struct corsaro_flowtuple *ft) |
| Hash the given flowtuple into a 32bit value. More... | |
Variables | |
| static corsaro_plugin_t | corsaro_flowtuple_plugin |
| Common plugin information across all instances. More... | |
| static const char * | class_names [] |
| Array of string names for classes. More... | |
Corsaro FlowTuple plugin implementation.
Definition in file corsaro_flowtuple.c.
| #define CORSARO_FLOWTUPLE_MAGIC 0x53495855 |
The magic number for this plugin when not using /8 opts - "SIXU".
Definition at line 62 of file corsaro_flowtuple.c.
Referenced by ascii_dump(), binary_dump(), validate_class_end(), and validate_class_start().
| #define OUTFILE_POINTERS 2 |
The number of output file pointers to support non-blocking close at the end of an interval.
If the wandio buffers are large enough that it takes more than 1 interval to drain the buffers, consider increasing this number
Definition at line 82 of file corsaro_flowtuple.c.
Referenced by corsaro_flowtuple_close_output(), and corsaro_flowtuple_end_interval().
| #define PLUGIN | ( | corsaro | ) | (CORSARO_PLUGIN_PLUGIN(corsaro, CORSARO_PLUGIN_ID_FLOWTUPLE)) |
Extends the generic plugin plugin convenience macro in corsaro_plugin.h.
Definition at line 144 of file corsaro_flowtuple.c.
Referenced by corsaro_flowtuple_close_input(), corsaro_flowtuple_close_output(), corsaro_flowtuple_init_input(), corsaro_flowtuple_init_output(), corsaro_flowtuple_start_interval(), and parse_args().
| #define PLUGIN_NAME "flowtuple" |
The name of this plugin.
Definition at line 85 of file corsaro_flowtuple.c.
| #define STATE | ( | corsaro | ) | (CORSARO_PLUGIN_STATE(corsaro, flowtuple, CORSARO_PLUGIN_ID_FLOWTUPLE)) |
Extends the generic plugin state convenience macro in corsaro_plugin.h.
Definition at line 138 of file corsaro_flowtuple.c.
Referenced by ascii_dump(), binary_dump(), corsaro_flowtuple_close_output(), corsaro_flowtuple_end_interval(), corsaro_flowtuple_process_flowtuple(), corsaro_flowtuple_process_flowtuple_class_start(), corsaro_flowtuple_process_packet(), corsaro_flowtuple_start_interval(), and parse_args().
| #define STATE_IN | ( | corsaro | ) | (CORSARO_PLUGIN_STATE(corsaro, flowtuple_in, CORSARO_PLUGIN_ID_FLOWTUPLE)) |
Extends the generic plugin state convenience macro in corsaro_plugin.h.
Definition at line 141 of file corsaro_flowtuple.c.
Referenced by corsaro_flowtuple_close_input(), corsaro_flowtuple_read_record(), read_class_end(), read_class_start(), and read_flowtuple().
| typedef enum corsaro_flowtuple_sort corsaro_flowtuple_sort_t |
Possible states for FlowTuple output sorting.
Possible states for FlowTuple output sorting.
Definition at line 66 of file corsaro_flowtuple.c.
|
static |
Dump the given flowtuple to the plugin's outfile in ASCII format.
Definition at line 385 of file corsaro_flowtuple.c.
References corsaro_flowtuple_class_end_fprint(), corsaro_flowtuple_class_start_fprint(), corsaro_flowtuple_fprint(), CORSARO_FLOWTUPLE_MAGIC, CORSARO_FLOWTUPLE_SORT_ENABLED, corsaro_log(), sort_hash(), and STATE.
Referenced by corsaro_flowtuple_end_interval().
|
static |
Dump the given flowtuple to the plugin's outfile in binary format.
Definition at line 301 of file corsaro_flowtuple.c.
References bytes_htonl(), bytes_htons(), corsaro_file_write(), CORSARO_FLOWTUPLE_BYTECNT, CORSARO_FLOWTUPLE_MAGIC, CORSARO_FLOWTUPLE_SORT_ENABLED, corsaro_log(), sort_hash(), and STATE.
Referenced by corsaro_flowtuple_end_interval().
| int corsaro_flowtuple_add_inc | ( | void * | h, |
| corsaro_flowtuple_t * | t, | ||
| uint32_t | increment | ||
| ) |
Either add the given flowtuple to the hash, or increment the current count.
Definition at line 1238 of file corsaro_flowtuple.c.
References corsaro_log_file().
Referenced by corsaro_flowtuple_process_flowtuple(), and corsaro_flowtuple_process_packet().
| corsaro_plugin_t* corsaro_flowtuple_alloc | ( | corsaro_t * | corsaro | ) |
Implements the alloc function of the plugin API.
Definition at line 613 of file corsaro_flowtuple.c.
References corsaro_flowtuple_plugin.
| off_t corsaro_flowtuple_class_end_fprint | ( | corsaro_t * | corsaro, |
| corsaro_file_t * | file, | ||
| corsaro_flowtuple_class_end_t * | class | ||
| ) |
Print a class end record to a file in ASCII format.
Write a flowtuple class end record to the given corsaro file in ascii.
Definition at line 1155 of file corsaro_flowtuple.c.
References class_names, and corsaro_file_printf().
Referenced by ascii_dump(), and corsaro_flowtuple_record_fprint().
| void corsaro_flowtuple_class_end_print | ( | corsaro_flowtuple_class_end_t * | class | ) |
Print a class end record to stdout in ASCII format.
Write a flowtuple class end record to stdout in ascii format.
Definition at line 1164 of file corsaro_flowtuple.c.
References class_names.
Referenced by corsaro_flowtuple_record_print().
| off_t corsaro_flowtuple_class_start_fprint | ( | corsaro_t * | corsaro, |
| corsaro_file_t * | file, | ||
| corsaro_flowtuple_class_start_t * | class | ||
| ) |
Print a class start record to a file in ASCII format.
Write a flowtuple class start record to the given corsaro file in ascii.
Definition at line 1137 of file corsaro_flowtuple.c.
References class_names, and corsaro_file_printf().
Referenced by ascii_dump(), and corsaro_flowtuple_record_fprint().
| void corsaro_flowtuple_class_start_print | ( | corsaro_flowtuple_class_start_t * | class | ) |
Print a class start record to stdout in ASCII format.
Write a flowtuple class start record to stdout in ascii format.
Definition at line 1148 of file corsaro_flowtuple.c.
References class_names.
Referenced by corsaro_flowtuple_record_print().
| int corsaro_flowtuple_close_input | ( | corsaro_in_t * | corsaro | ) |
Implements the close_input function of the plugin API.
Definition at line 715 of file corsaro_flowtuple.c.
References corsaro_plugin_free_state(), PLUGIN, corsaro_in::plugin_manager, and STATE_IN.
Referenced by corsaro_flowtuple_init_input().
| int corsaro_flowtuple_close_output | ( | corsaro_t * | corsaro | ) |
Implements the close_output function of the plugin API.
Definition at line 727 of file corsaro_flowtuple.c.
References corsaro_file_close(), CORSARO_FLOWTUPLE_CLASS_MAX, corsaro_plugin_free_state(), OUTFILE_POINTERS, PLUGIN, corsaro::plugin_manager, and STATE.
Referenced by corsaro_flowtuple_init_output().
| int corsaro_flowtuple_end_interval | ( | corsaro_t * | corsaro, |
| corsaro_interval_t * | int_end | ||
| ) |
Implements the end_interval function of the plugin API.
Definition at line 847 of file corsaro_flowtuple.c.
References ascii_dump(), binary_dump(), corsaro_file_close(), CORSARO_FILE_MODE, CORSARO_FILE_MODE_ASCII, CORSARO_FILE_MODE_BINARY, CORSARO_FLOWTUPLE_CLASS_MAX, corsaro_io_write_interval_end(), corsaro_io_write_interval_start(), corsaro_is_rotate_interval(), corsaro_log(), corsaro::interval_start, OUTFILE_POINTERS, and STATE.
| off_t corsaro_flowtuple_fprint | ( | corsaro_t * | corsaro, |
| corsaro_file_t * | file, | ||
| corsaro_flowtuple_t * | flowtuple | ||
| ) |
Print a flowtuple to a file in ASCII format.
Definition at line 1076 of file corsaro_flowtuple.c.
References corsaro_file_printf(), and CORSARO_FLOWTUPLE_SIXT_TO_IP.
Referenced by ascii_dump(), and corsaro_flowtuple_record_fprint().
|
inline |
Free a FlowTuple record.
Definition at line 1232 of file corsaro_flowtuple.c.
Referenced by dump_hash_int(), dump_hash_map(), and main().
| uint32_t corsaro_flowtuple_get_destination_ip | ( | corsaro_flowtuple_t * | flowtuple | ) |
Convenience function to get the destination IP address from a FlowTuple.
Definition at line 1068 of file corsaro_flowtuple.c.
References CORSARO_FLOWTUPLE_SIXT_TO_IP.
| uint32_t corsaro_flowtuple_get_source_ip | ( | corsaro_flowtuple_t * | flowtuple | ) |
Convenience function to get the source IP address from a FlowTuple.
Definition at line 1060 of file corsaro_flowtuple.c.
| khint32_t corsaro_flowtuple_hash_func | ( | struct corsaro_flowtuple * | ft | ) |
Hash the given flowtuple into a 32bit value.
| ft | Pointer to the flowtuple record to hash |
The flowtuple is hashed based on the following table:
Definition at line 1306 of file corsaro_flowtuple.c.
References CORSARO_FLOWTUPLE_SHIFT_AND_XOR, corsaro_flowtuple::dst_ip, corsaro_flowtuple::dst_port, corsaro_flowtuple::ip_len, corsaro_flowtuple::protocol, corsaro_flowtuple::src_ip, corsaro_flowtuple::src_port, corsaro_flowtuple::tcp_flags, and corsaro_flowtuple::ttl.
| int corsaro_flowtuple_init_input | ( | corsaro_in_t * | corsaro | ) |
Implements the init_input function of the plugin API.
Definition at line 688 of file corsaro_flowtuple.c.
References corsaro_flowtuple_close_input(), CORSARO_IN_RECORD_TYPE_IO_INTERVAL_START, corsaro_log_in(), corsaro_plugin_register_state(), malloc_zero(), PLUGIN, and corsaro_in::plugin_manager.
| int corsaro_flowtuple_init_output | ( | corsaro_t * | corsaro | ) |
Implements the init_output function of the plugin API.
Definition at line 647 of file corsaro_flowtuple.c.
References CORSARO_FLOWTUPLE_CLASS_MAX, corsaro_flowtuple_close_output(), CORSARO_FLOWTUPLE_SORT_DEFAULT, corsaro_log(), corsaro_plugin_register_state(), malloc_zero(), parse_args(), PLUGIN, and corsaro::plugin_manager.
| void corsaro_flowtuple_print | ( | corsaro_flowtuple_t * | flowtuple | ) |
Print a FlowTuple to stdout in ASCII format.
Definition at line 1108 of file corsaro_flowtuple.c.
References CORSARO_FLOWTUPLE_SIXT_TO_IP.
Referenced by corsaro_flowtuple_record_print().
| int corsaro_flowtuple_probe_file | ( | corsaro_in_t * | corsaro, |
| const char * | fturi | ||
| ) |
Check if an input file is a FlowTuple file.
Determine if the file given contains flowtuple data.
Definition at line 1033 of file corsaro_flowtuple.c.
References CORSARO_FILE_MODE, CORSARO_FILE_MODE_BINARY, corsaro_file_rclose(), corsaro_file_ropen(), corsaro_flowtuple_probe_filename(), and corsaro_flowtuple_probe_magic().
Referenced by main().
| int corsaro_flowtuple_probe_filename | ( | const char * | fname | ) |
Implements the probe_filename function of the plugin API.
Definition at line 619 of file corsaro_flowtuple.c.
References corsaro_plugin_probe_filename().
Referenced by corsaro_flowtuple_probe_file().
| int corsaro_flowtuple_probe_magic | ( | corsaro_in_t * | corsaro, |
| corsaro_file_in_t * | file | ||
| ) |
Implements the probe_magic function of the plugin API.
Definition at line 626 of file corsaro_flowtuple.c.
References corsaro_file_rpeek(), and CORSARO_IO_INTERVAL_HEADER_BYTE_LEN.
Referenced by corsaro_flowtuple_probe_file().
| int corsaro_flowtuple_process_flowtuple | ( | corsaro_t * | corsaro, |
| corsaro_flowtuple_t * | flowtuple, | ||
| corsaro_packet_state_t * | state | ||
| ) |
Implements the process_flowtuple function of the plugin API.
Definition at line 991 of file corsaro_flowtuple.c.
References corsaro_flowtuple_add_inc(), corsaro_log(), CORSARO_PACKET_STATE_IGNORE, corsaro_packet_state::flags, and STATE.
| int corsaro_flowtuple_process_flowtuple_class_end | ( | corsaro_t * | corsaro, |
| corsaro_flowtuple_class_end_t * | class | ||
| ) |
Implements the process_flowtuple_class_end function of the plugin API.
Definition at line 1023 of file corsaro_flowtuple.c.
| int corsaro_flowtuple_process_flowtuple_class_start | ( | corsaro_t * | corsaro, |
| corsaro_flowtuple_class_start_t * | class | ||
| ) |
Implements the process_flowtuple_class_start function of the plugin API.
Definition at line 1015 of file corsaro_flowtuple.c.
References STATE.
| int corsaro_flowtuple_process_packet | ( | corsaro_t * | corsaro, |
| corsaro_packet_t * | packet | ||
| ) |
Implements the process_packet function of the plugin API.
Definition at line 907 of file corsaro_flowtuple.c.
References corsaro_flowtuple_add_inc(), CORSARO_FLOWTUPLE_CLASS_BACKSCATTER, CORSARO_FLOWTUPLE_IP_TO_SIXT, corsaro_log(), CORSARO_PACKET_STATE_FLAG_BACKSCATTER, CORSARO_PACKET_STATE_IGNORE, corsaro_packet_state::flags, flowtuple_classify_packet(), LT_PKT, STATE, and corsaro_packet::state.
| off_t corsaro_flowtuple_read_global_data_record | ( | struct corsaro_in * | corsaro, |
| enum corsaro_in_record_type * | record_type, | ||
| struct corsaro_in_record * | record | ||
| ) |
Implements the read_global_data_record function of the plugin API.
Definition at line 815 of file corsaro_flowtuple.c.
| off_t corsaro_flowtuple_read_record | ( | struct corsaro_in * | corsaro, |
| corsaro_in_record_type_t * | record_type, | ||
| corsaro_in_record_t * | record | ||
| ) |
Implements the read_record function of the plugin API.
Definition at line 760 of file corsaro_flowtuple.c.
References CORSARO_IN_RECORD_TYPE_FLOWTUPLE_CLASS_END, CORSARO_IN_RECORD_TYPE_FLOWTUPLE_CLASS_START, CORSARO_IN_RECORD_TYPE_FLOWTUPLE_FLOWTUPLE, CORSARO_IN_RECORD_TYPE_IO_INTERVAL_END, CORSARO_IN_RECORD_TYPE_IO_INTERVAL_START, corsaro_io_read_interval_end(), corsaro_io_read_interval_start(), corsaro_log_in(), corsaro_in::file, read_class_end(), read_class_start(), read_flowtuple(), and STATE_IN.
| off_t corsaro_flowtuple_record_fprint | ( | corsaro_t * | corsaro, |
| corsaro_file_t * | file, | ||
| corsaro_in_record_type_t | record_type, | ||
| corsaro_in_record_t * | record | ||
| ) |
Print a record to a file in ASCII format.
Write a generic flowtuple record to the given corsaro file in ascii.
Definition at line 1170 of file corsaro_flowtuple.c.
References corsaro_in_record::buffer, corsaro_flowtuple_class_end_fprint(), corsaro_flowtuple_class_start_fprint(), corsaro_flowtuple_fprint(), CORSARO_IN_RECORD_TYPE_FLOWTUPLE_CLASS_END, CORSARO_IN_RECORD_TYPE_FLOWTUPLE_CLASS_START, CORSARO_IN_RECORD_TYPE_FLOWTUPLE_FLOWTUPLE, and corsaro_log().
Referenced by corsaro_io_write_record().
| int corsaro_flowtuple_record_print | ( | corsaro_in_record_type_t | record_type, |
| corsaro_in_record_t * | record | ||
| ) |
Print a record to stdout in ASCII format.
Write a generic flowtuple record to stdout in ascii format.
Definition at line 1202 of file corsaro_flowtuple.c.
References corsaro_in_record::buffer, corsaro_flowtuple_class_end_print(), corsaro_flowtuple_class_start_print(), corsaro_flowtuple_print(), CORSARO_IN_RECORD_TYPE_FLOWTUPLE_CLASS_END, CORSARO_IN_RECORD_TYPE_FLOWTUPLE_CLASS_START, CORSARO_IN_RECORD_TYPE_FLOWTUPLE_FLOWTUPLE, and corsaro_log_file().
Referenced by corsaro_io_print_record().
| int corsaro_flowtuple_start_interval | ( | corsaro_t * | corsaro, |
| corsaro_interval_t * | int_start | ||
| ) |
Implements the start_interval function of the plugin API.
Definition at line 824 of file corsaro_flowtuple.c.
References corsaro_io_prepare_file(), corsaro_log(), PLUGIN, and STATE.
|
static |
Determines the traffic class for a packet; possible options are CORSARO_FLOWTUPLE_CLASS_BACKSCATTER, CORSARO_FLOWTUPLE_CLASS_ICMPREQ, CLASS_OTHER.
This code is ported from crl_attack_flow.c::get_traffic_type
Definition at line 204 of file corsaro_flowtuple.c.
References CORSARO_FLOWTUPLE_CLASS_BACKSCATTER, CORSARO_FLOWTUPLE_CLASS_ICMPREQ, and CORSARO_FLOWTUPLE_CLASS_OTHER.
Referenced by corsaro_flowtuple_process_packet().
| KHASH_INIT | ( | sixt | , |
| corsaro_flowtuple_t * | , | ||
| char | , | ||
| 0 | , | ||
| corsaro_flowtuple_hash_func | , | ||
| corsaro_flowtuple_hash_equal | |||
| ) |
Initialize the hash functions and datatypes.
| KSORT_INIT | ( | sixt | , |
| corsaro_flowtuple_t * | , | ||
| corsaro_flowtuple_lt | |||
| ) |
Initialize the sorting functions and datatypes.
|
static |
Parse the arguments given to the plugin.
Definition at line 157 of file corsaro_flowtuple.c.
References corsaro_plugin::argc, corsaro_plugin::argv, CORSARO_FLOWTUPLE_SORT_DISABLED, PLUGIN, STATE, and usage().
Referenced by corsaro_flowtuple_init_output().
|
static |
Read a class end record.
Definition at line 533 of file corsaro_flowtuple.c.
References corsaro_in_record::buffer, CORSARO_FLOWTUPLE_CLASS_MAX, CORSARO_IN_RECORD_TYPE_FLOWTUPLE_CLASS_END, CORSARO_IN_RECORD_TYPE_FLOWTUPLE_CLASS_START, CORSARO_IN_RECORD_TYPE_IO_INTERVAL_END, CORSARO_IN_RECORD_TYPE_NULL, corsaro_io_read_bytes(), corsaro_log_in(), STATE_IN, and validate_class_end().
Referenced by corsaro_flowtuple_read_record().
|
static |
Read a class start record.
Definition at line 466 of file corsaro_flowtuple.c.
References corsaro_in_record::buffer, CORSARO_IN_RECORD_TYPE_FLOWTUPLE_CLASS_END, CORSARO_IN_RECORD_TYPE_FLOWTUPLE_CLASS_START, CORSARO_IN_RECORD_TYPE_FLOWTUPLE_FLOWTUPLE, CORSARO_IN_RECORD_TYPE_NULL, corsaro_io_read_bytes(), corsaro_log_in(), STATE_IN, and validate_class_start().
Referenced by corsaro_flowtuple_read_record().
|
static |
Read a flowtuple record.
Definition at line 577 of file corsaro_flowtuple.c.
References corsaro_in_record::buffer, CORSARO_IN_RECORD_TYPE_FLOWTUPLE_CLASS_END, CORSARO_IN_RECORD_TYPE_FLOWTUPLE_FLOWTUPLE, CORSARO_IN_RECORD_TYPE_NULL, corsaro_io_read_bytes(), corsaro_log_in(), STATE_IN, and validate_flowtuple().
Referenced by corsaro_flowtuple_read_record().
|
static |
Given a st hash, malloc and return a sorted array of pointers.
Definition at line 268 of file corsaro_flowtuple.c.
References corsaro_log().
Referenced by ascii_dump(), and binary_dump().
|
static |
Print usage information to stderr.
Definition at line 148 of file corsaro_flowtuple.c.
References corsaro_plugin::argv.
Referenced by parse_args().
|
static |
Check that a class end record is valid.
Definition at line 517 of file corsaro_flowtuple.c.
References CORSARO_FLOWTUPLE_CLASS_MAX, and CORSARO_FLOWTUPLE_MAGIC.
Referenced by read_class_end().
|
static |
Check that a class start record is valid.
Definition at line 449 of file corsaro_flowtuple.c.
References CORSARO_FLOWTUPLE_CLASS_MAX, and CORSARO_FLOWTUPLE_MAGIC.
Referenced by read_class_start().
|
static |
Attempt to validate a flowtuple record (no-op)
Definition at line 570 of file corsaro_flowtuple.c.
Referenced by read_flowtuple().
|
static |
Array of string names for classes.
Definition at line 97 of file corsaro_flowtuple.c.
Referenced by corsaro_flowtuple_class_end_fprint(), corsaro_flowtuple_class_end_print(), corsaro_flowtuple_class_start_fprint(), and corsaro_flowtuple_class_start_print().
|
static |
Common plugin information across all instances.
Definition at line 88 of file corsaro_flowtuple.c.
Referenced by corsaro_flowtuple_alloc().
![[CAIDA - Center for Applied Internet Data Analysis logo]](https://www.caida.org/images/caida_globe_faded.png)
![[CAIDA]](https://www.caida.org/images/caida_whitewords.png "Go to CAIDA home page"){kind=small}