Header file dealing with the corsaro file IO. More...

This graph shows which files directly or indirectly include this file:

Macros
#define	CORSARO_IO_HEADER_FIXED_BYTE_LEN (4+4+1+1+4+2)
	Length of the fixed part of the global corsaro header. More...

#define	CORSARO_IO_INTERVAL_HEADER_BYTE_LEN sizeof(corsaro_interval_t)
	Length of the interval header. More...

#define	CORSARO_IO_TRAILER_BYTE_LEN sizeof(corsaro_trailer_t)
	Length of the corsaro trailer. More...

#define	CORSARO_IO_PLUGIN_PATTERN 'P'
	The character to replace with the name of the plugin. More...

#define	CORSARO_IO_PLUGIN_PATTERN_STR "%P"
	The pattern to replace in the output file name with the name of the plugin. More...

#define	CORSARO_IO_MONITOR_PATTERN 'N'
	The character to replace with the monitor name. More...

#define	CORSARO_IO_MONITOR_PATTERN_STR "%N"
	The pattern to replace in the output file name with monitor name. More...

#define	CORSARO_IO_GLOBAL_NAME "global"
	The name to use for the global 'plugin' file. More...

#define	CORSARO_IO_LOG_NAME "log"
	The name to use for the log 'plugin' file. More...

Functions
corsaro_file_t *	corsaro_io_prepare_file_full (corsaro_t corsaro, const char plugin_name, corsaro_interval_t *interval, corsaro_file_mode_t mode, corsaro_file_compress_t compress, int compress_level, int flags)
	Uses the given settings to open an corsaro file for the given plugin. More...

corsaro_file_t *	corsaro_io_prepare_file (corsaro_t corsaro, const char plugin_name, corsaro_interval_t *interval)
	Uses the current settings to open an corsaro file for the given plugin. More...

int	corsaro_io_validate_template (corsaro_t corsaro, char template)
	Validates a output file template for needed features. More...

int	corsaro_io_template_has_timestamp (corsaro_t *corsaro)
	Determines whether there are any time-related patterns in the file template. More...

off_t	corsaro_io_write_header (corsaro_t corsaro, corsaro_file_t file, corsaro_header_t *header)
	Write the corsaro headers to the file. More...

void	corsaro_io_print_header (corsaro_plugin_manager_t plugin_manager, corsaro_header_t header)
	Write the corsaro headers to stdout. More...

off_t	corsaro_io_write_trailer (corsaro_t corsaro, corsaro_file_t file, corsaro_trailer_t *trailer)
	Write the corsaro trailers to the file. More...

void	corsaro_io_print_trailer (corsaro_trailer_t *trailer)
	Write the corsaro trailers to stdout. More...

off_t	corsaro_io_write_interval_start (corsaro_t corsaro, corsaro_file_t file, corsaro_interval_t *int_start)
	Write the appropriate interval headers to the file. More...

void	corsaro_io_print_interval_start (corsaro_interval_t *int_start)
	Write the interval headers to stdout. More...

off_t	corsaro_io_write_interval_end (corsaro_t corsaro, corsaro_file_t file, corsaro_interval_t *int_end)
	Write the appropriate interval trailers to the file. More...

void	corsaro_io_print_interval_end (corsaro_interval_t *int_end)
	Write the interval trailers to stdout. More...

off_t	corsaro_io_write_plugin_start (corsaro_t corsaro, corsaro_file_t file, corsaro_plugin_t *plugin)
	Write the appropriate plugin header to the file. More...

off_t	corsaro_io_write_plugin_end (corsaro_t corsaro, corsaro_file_t file, corsaro_plugin_t *plugin)
	Write the appropriate plugin trailer to the file. More...

off_t	corsaro_io_write_record (corsaro_t corsaro, corsaro_file_t file, corsaro_in_record_type_t record_type, corsaro_in_record_t *record)
	Write a generic corsaro record to the file. More...

int	corsaro_io_print_record (corsaro_plugin_manager_t plugin_manager, corsaro_in_record_type_t record_type, corsaro_in_record_t record)
	Print a generic corsaro record to stdout. More...

off_t	corsaro_io_read_header (corsaro_in_t corsaro, corsaro_file_in_t file, corsaro_in_record_type_t record_type, corsaro_in_record_t record)
	Read an corsaro header from the file. More...

off_t	corsaro_io_read_trailer (corsaro_in_t corsaro, corsaro_file_in_t file, corsaro_in_record_type_t record_type, corsaro_in_record_t record)
	Read the corsaro trailers from the file. More...

off_t	corsaro_io_read_interval_start (corsaro_in_t corsaro, corsaro_file_in_t file, corsaro_in_record_type_t record_type, corsaro_in_record_t record)
	Read the appropriate interval headers from the file. More...

off_t	corsaro_io_read_interval_end (corsaro_in_t corsaro, corsaro_file_in_t file, corsaro_in_record_type_t record_type, corsaro_in_record_t record)
	Read the appropriate interval trailers from the file. More...

off_t	corsaro_io_read_plugin_start (corsaro_in_t corsaro, corsaro_file_in_t file, corsaro_in_record_type_t record_type, corsaro_in_record_t record)
	Read the appropriate plugin header from the file. More...

off_t	corsaro_io_read_plugin_end (corsaro_in_t corsaro, corsaro_file_in_t file, corsaro_in_record_type_t record_type, corsaro_in_record_t record)
	Read the appropriate plugin trailer from the file. More...

off_t	corsaro_io_read_bytes (corsaro_in_t corsaro, corsaro_in_record_t record, off_t len)
	Read the given number of bytes into the record. More...

off_t	corsaro_io_read_bytes_offset (corsaro_in_t corsaro, corsaro_in_record_t record, off_t offset, off_t len)
	Read the given number of bytes into the record buffer at the given offset. More...

Detailed Description

Header file dealing with the corsaro file IO.

Author: Alistair King

Definition in file corsaro_io.h.

Macro Definition Documentation

#define CORSARO_IO_GLOBAL_NAME "global"

The name to use for the global 'plugin' file.

Definition at line 66 of file corsaro_io.h.

Referenced by check_global_filename(), and start_interval().

#define CORSARO_IO_HEADER_FIXED_BYTE_LEN (4+4+1+1+4+2)

Length of the fixed part of the global corsaro header.

Definition at line 45 of file corsaro_io.h.

Referenced by corsaro_io_read_header().

#define CORSARO_IO_INTERVAL_HEADER_BYTE_LEN sizeof(corsaro_interval_t)

Length of the interval header.

Definition at line 48 of file corsaro_io.h.

Referenced by corsaro_flowtuple_probe_magic(), corsaro_io_read_interval_end(), and corsaro_io_read_interval_start().

#define CORSARO_IO_LOG_NAME "log"

The name to use for the log 'plugin' file.

Definition at line 68 of file corsaro_io.h.

Referenced by corsaro_log_init().

#define CORSARO_IO_MONITOR_PATTERN 'N'

The character to replace with the monitor name.

Definition at line 61 of file corsaro_io.h.

Referenced by corsaro_io_template_has_timestamp().

#define CORSARO_IO_MONITOR_PATTERN_STR "%N"

The pattern to replace in the output file name with monitor name.

Definition at line 63 of file corsaro_io.h.

#define CORSARO_IO_PLUGIN_PATTERN 'P'

The character to replace with the name of the plugin.

Definition at line 56 of file corsaro_io.h.

Referenced by corsaro_io_template_has_timestamp().

#define CORSARO_IO_PLUGIN_PATTERN_STR "%P"

The pattern to replace in the output file name with the name of the plugin.

Definition at line 58 of file corsaro_io.h.

Referenced by corsaro_io_validate_template().

#define CORSARO_IO_TRAILER_BYTE_LEN sizeof(corsaro_trailer_t)

Length of the corsaro trailer.

Definition at line 52 of file corsaro_io.h.

Function Documentation

corsaro_file_t* corsaro_io_prepare_file	(	corsaro_t *	corsaro,
		const char *	plugin_name,
		corsaro_interval_t *	interval
	)

Uses the current settings to open an corsaro file for the given plugin.

Parameters

corsaro	The corsaro object associated with the file
plugin_name	The name of the plugin (inserted into the template)
interval	The first interval start time represented in the file (inserted into the template)

Returns: A pointer to a new corsaro output file, or NULL if an error occurs

Definition at line 688 of file corsaro_io.c.

References corsaro::compress, corsaro::compress_level, corsaro_io_prepare_file_full(), and corsaro::output_mode.

Referenced by corsaro_dos_start_interval(), corsaro_flowtuple_start_interval(), corsaro_smee_start_interval(), and start_interval().

corsaro_file_t* corsaro_io_prepare_file_full	(	corsaro_t *	corsaro,
		const char *	plugin_name,
		corsaro_interval_t *	interval,
		corsaro_file_mode_t	mode,
		corsaro_file_compress_t	compress,
		int	compress_level,
		int	flags
	)

Uses the given settings to open an corsaro file for the given plugin.

Parameters

corsaro	The corsaro object associated with the file
plugin_name	The name of the plugin (inserted into the template)
interval	The first interval start time represented in the file (inserted into the template)
mode	The corsaro file mode to use
compress	The corsaro file compression type to use
compress_level	The corsaro file compression level to use
flags	The flags to use when opening the file (e.g. O_CREAT)

Returns: A pointer to a new corsaro output file, or NULL if an error occurs

Definition at line 699 of file corsaro_io.c.

References corsaro_file_open(), and corsaro_log().

Referenced by corsaro_io_prepare_file(), corsaro_log_init(), and corsaro_pcap_start_interval().

void corsaro_io_print_header	(	corsaro_plugin_manager_t *	plugin_manager,
		corsaro_header_t *	header
	)

Write the corsaro headers to stdout.

Parameters

plugin_manager	The plugin manager
header	The header to write out

Definition at line 795 of file corsaro_io.c.

References corsaro_plugin_get_name_by_magic(), corsaro_header::interval_length, corsaro_header::local_init_time, corsaro_header::plugin_cnt, corsaro_header::plugin_magics, corsaro_header::traceuri, corsaro_header::version_major, and corsaro_header::version_minor.

Referenced by corsaro_io_print_record().

void corsaro_io_print_interval_end ( corsaro_interval_t * int_end )

Write the interval trailers to stdout.

Parameters

int_end The end interval to write out

Definition at line 881 of file corsaro_io.c.

References corsaro_interval::number, and corsaro_interval::time.

Referenced by corsaro_io_print_record(), and dump_hash().

void corsaro_io_print_interval_start ( corsaro_interval_t * int_start )

Write the interval headers to stdout.

Parameters

int_start The start interval to write out

Definition at line 865 of file corsaro_io.c.

References corsaro_interval::number, and corsaro_interval::time.

Referenced by corsaro_io_print_record(), and dump_hash().

int corsaro_io_print_record	(	corsaro_plugin_manager_t *	plugin_manager,
		corsaro_in_record_type_t	record_type,
		corsaro_in_record_t *	record
	)

Print a generic corsaro record to stdout.

Parameters

plugin_manager	The plugin manager associated with the record
record_type	The type of the record
record	The record to be written

Returns: 0 if the record_type was recognized, -1 if an error occurs

Definition at line 1016 of file corsaro_io.c.

Referenced by main().

void corsaro_io_print_trailer ( corsaro_trailer_t * trailer )

Write the corsaro trailers to stdout.

Parameters

trailer The trailer to write out

Definition at line 831 of file corsaro_io.c.

References corsaro_trailer::accepted_cnt, corsaro_trailer::dropped_cnt, corsaro_trailer::first_packet_time, corsaro_trailer::last_packet_time, corsaro_trailer::local_final_time, corsaro_trailer::packet_cnt, and corsaro_trailer::runtime.

Referenced by corsaro_io_print_record().

off_t corsaro_io_read_bytes	(	corsaro_in_t *	corsaro,
		corsaro_in_record_t *	record,
		off_t	len
	)

Read the given number of bytes into the record.

Parameters

corsaro	The corsaro object to read from
record	The record to read into
len	The number of bytes to read

Returns: The number of bytes to read, 0 if EOF, -1 on error

Definition at line 1317 of file corsaro_io.c.

References corsaro_in_record::buffer, corsaro_in_record::buffer_len, corsaro_file_rread(), and corsaro_in::file.

Referenced by corsaro_dos_read_global_data_record(), corsaro_io_read_header(), corsaro_io_read_interval_end(), corsaro_io_read_interval_start(), corsaro_io_read_trailer(), read_attack_vector(), read_class_end(), read_class_start(), read_flowtuple(), and read_header().

off_t corsaro_io_read_bytes_offset	(	corsaro_in_t *	corsaro,
		corsaro_in_record_t *	record,
		off_t	offset,
		off_t	len
	)

Read the given number of bytes into the record buffer at the given offset.

Parameters

corsaro	The corsaro object to read from
record	The record to read into
offset	The offset into the record buffer to read data to
len	The number of bytes to read

Returns: The number of bytes to read, 0 if EOF, -1 on error

This function can be useful to store data that a record points to without actually having to malloc memory. Beware that the record buffer is a fixed size so don't use this for massive objects. Also remember to update the pointer in the record object to this data.

Definition at line 1326 of file corsaro_io.c.

References corsaro_in_record::buffer, corsaro_in_record::buffer_len, corsaro_file_rread(), and corsaro_in::file.

Referenced by corsaro_io_read_header(), and read_attack_vector().

off_t corsaro_io_read_header	(	corsaro_in_t *	corsaro,
		corsaro_file_in_t *	file,
		corsaro_in_record_type_t *	record_type,
		corsaro_in_record_t *	record
	)

Read an corsaro header from the file.

Parameters

	corsaro	The corsaro object associated with the file
	file	The corsaro input file to read from
[out]	record_type	The record type read from the file
[out]	record	A record object to read into

Returns: The amount of data read, or -1 if an error occurs

Definition at line 1106 of file corsaro_io.c.

References corsaro_in_record::buffer, CORSARO_IN_RECORD_TYPE_IO_HEADER, CORSARO_IN_RECORD_TYPE_NULL, CORSARO_IO_HEADER_FIXED_BYTE_LEN, corsaro_io_read_bytes(), corsaro_io_read_bytes_offset(), and corsaro_log_in().

Referenced by read_record().

off_t corsaro_io_read_interval_end	(	corsaro_in_t *	corsaro,
		corsaro_file_in_t *	file,
		corsaro_in_record_type_t *	record_type,
		corsaro_in_record_t *	record
	)

Read the appropriate interval trailers from the file.

Parameters

	corsaro	The corsaro object associated with the file
	file	The corsaro input file to read from
[out]	record_type	The record type read from the file
[out]	record	A record object to read into

Returns: The amount of data read, or -1 if an error occurs

Definition at line 1260 of file corsaro_io.c.

References corsaro_in_record::buffer, CORSARO_IN_RECORD_TYPE_IO_INTERVAL_END, CORSARO_IN_RECORD_TYPE_NULL, CORSARO_IO_INTERVAL_HEADER_BYTE_LEN, corsaro_io_read_bytes(), and corsaro_log_in().

Referenced by corsaro_dos_read_record(), corsaro_flowtuple_read_record(), and read_record().

off_t corsaro_io_read_interval_start	(	corsaro_in_t *	corsaro,
		corsaro_file_in_t *	file,
		corsaro_in_record_type_t *	record_type,
		corsaro_in_record_t *	record
	)

Read the appropriate interval headers from the file.

Parameters

	corsaro	The corsaro object associated with the file
	file	The corsaro input file to read from
[out]	record_type	The record type read from the file
[out]	record	A record object to read into

Returns: The amount of data read, or -1 if an error occurs

Definition at line 1232 of file corsaro_io.c.

References corsaro_in_record::buffer, CORSARO_IN_RECORD_TYPE_IO_INTERVAL_START, CORSARO_IN_RECORD_TYPE_NULL, CORSARO_IO_INTERVAL_HEADER_BYTE_LEN, corsaro_io_read_bytes(), and corsaro_log_in().

Referenced by corsaro_dos_read_record(), corsaro_flowtuple_read_record(), and read_record().

off_t corsaro_io_read_plugin_end	(	corsaro_in_t *	corsaro,
		corsaro_file_in_t *	file,
		corsaro_in_record_type_t *	record_type,
		corsaro_in_record_t *	record
	)

Read the appropriate plugin trailer from the file.

Parameters

	corsaro	The corsaro object associated with the file
	file	The corsaro input file to read from
[out]	record_type	The record type read from the file
[out]	record	A record object to read into

Returns: The amount of data read, or -1 if an error occurs

Definition at line 1303 of file corsaro_io.c.

References CORSARO_IN_RECORD_TYPE_IO_PLUGIN_END.

Referenced by read_record().

off_t corsaro_io_read_plugin_start	(	corsaro_in_t *	corsaro,
		corsaro_file_in_t *	file,
		corsaro_in_record_type_t *	record_type,
		corsaro_in_record_t *	record
	)

Read the appropriate plugin header from the file.

Parameters

	corsaro	The corsaro object associated with the file
	file	The corsaro input file to read from
[out]	record_type	The record type read from the file
[out]	record	A record object to read into

Returns: The amount of data read, or -1 if an error occurs

Definition at line 1288 of file corsaro_io.c.

References CORSARO_IN_RECORD_TYPE_IO_PLUGIN_START.

Referenced by read_record().

off_t corsaro_io_read_trailer	(	corsaro_in_t *	corsaro,
		corsaro_file_in_t *	file,
		corsaro_in_record_type_t *	record_type,
		corsaro_in_record_t *	record
	)

Read the corsaro trailers from the file.

Parameters

	corsaro	The corsaro object associated with the file
	file	The corsaro input file to read from
[out]	record_type	The record type read from the file
[out]	record	A record object to read into

Returns: The amount of data read, or -1 if an error occurs

Definition at line 1206 of file corsaro_io.c.

References corsaro_in_record::buffer, CORSARO_IN_RECORD_TYPE_IO_TRAILER, CORSARO_IN_RECORD_TYPE_NULL, corsaro_io_read_bytes(), and corsaro_log_in().

Referenced by read_record().

int corsaro_io_template_has_timestamp ( corsaro_t * corsaro )

Determines whether there are any time-related patterns in the file template.

Parameters

corsaro The corsaro object to check

Returns: 1 if there are time-related patterns, 0 if not

Definition at line 758 of file corsaro_io.c.

References CORSARO_IO_MONITOR_PATTERN, CORSARO_IO_PLUGIN_PATTERN, and corsaro::template.

Referenced by corsaro_set_output_rotation(), and corsaro_start_output().

int corsaro_io_validate_template	(	corsaro_t *	corsaro,
		char *	template
	)

Validates a output file template for needed features.

Parameters

corsaro	The corsaro object associated with the template
template	The file template to be validated

Returns: 1 if the template is valid, 0 if it is invalid

Definition at line 735 of file corsaro_io.c.

References CORSARO_IO_PLUGIN_PATTERN_STR, and corsaro_log().

Referenced by corsaro_init().

off_t corsaro_io_write_header	(	corsaro_t *	corsaro,
		corsaro_file_t *	file,
		corsaro_header_t *	header
	)

Write the corsaro headers to the file.

Parameters

corsaro	The corsaro object associated with the file
file	The corsaro output file to write to
header	The header to write out (NULL to generate one)

Returns: The amount of data written, or -1 if an error occurs

Definition at line 787 of file corsaro_io.c.

References CORSARO_FILE_MODE, CORSARO_FILE_MODE_ASCII, and CORSARO_FILE_MODE_BINARY.

Referenced by corsaro_io_write_record(), and start_interval().

off_t corsaro_io_write_interval_end	(	corsaro_t *	corsaro,
		corsaro_file_t *	file,
		corsaro_interval_t *	int_end
	)

Write the appropriate interval trailers to the file.

Parameters

corsaro	The corsaro object associated with the file
file	The corsaro output file to write to
int_end	The end interval to write out

Returns: The amount of data written, or -1 if an error occurs

Definition at line 872 of file corsaro_io.c.

References corsaro, CORSARO_FILE_MODE, CORSARO_FILE_MODE_ASCII, and CORSARO_FILE_MODE_BINARY.

Referenced by corsaro_dos_end_interval(), corsaro_flowtuple_end_interval(), corsaro_io_write_record(), and end_interval().

off_t corsaro_io_write_interval_start	(	corsaro_t *	corsaro,
		corsaro_file_t *	file,
		corsaro_interval_t *	int_start
	)

Write the appropriate interval headers to the file.

Parameters

corsaro	The corsaro object associated with the file
file	The corsaro output file to write to
int_start	The start interval to write out

Returns: The amount of data written, or -1 if an error occurs

Definition at line 856 of file corsaro_io.c.

References CORSARO_FILE_MODE, CORSARO_FILE_MODE_ASCII, and CORSARO_FILE_MODE_BINARY.

Referenced by corsaro_dos_end_interval(), corsaro_flowtuple_end_interval(), corsaro_io_write_record(), and end_interval().

off_t corsaro_io_write_plugin_end	(	corsaro_t *	corsaro,
		corsaro_file_t *	file,
		corsaro_plugin_t *	plugin
	)

Write the appropriate plugin trailer to the file.

Parameters

corsaro	The corsaro object associated with the file
file	The corsaro output file to write to
plugin	The plugin object to write an end record for

Returns: The amount of data written, or -1 if an error occurs

Definition at line 905 of file corsaro_io.c.

References corsaro, CORSARO_FILE_MODE, CORSARO_FILE_MODE_ASCII, and CORSARO_FILE_MODE_BINARY.

Referenced by corsaro_dos_end_interval(), and corsaro_io_write_record().

off_t corsaro_io_write_plugin_start	(	corsaro_t *	corsaro,
		corsaro_file_t *	file,
		corsaro_plugin_t *	plugin
	)

Write the appropriate plugin header to the file.

Parameters

corsaro	The corsaro object associated with the file
file	The corsaro output file to write to
plugin	The plugin object to write a start record for

Returns: The amount of data written, or -1 if an error occurs

Definition at line 889 of file corsaro_io.c.

References corsaro, CORSARO_FILE_MODE, CORSARO_FILE_MODE_ASCII, and CORSARO_FILE_MODE_BINARY.

Referenced by corsaro_dos_end_interval(), and corsaro_io_write_record().

off_t corsaro_io_write_record	(	corsaro_t *	corsaro,
		corsaro_file_t *	file,
		corsaro_in_record_type_t	record_type,
		corsaro_in_record_t *	record
	)

Write a generic corsaro record to the file.

Parameters

corsaro	The corsaro object associated with the file
file	The corsaro output file to write to
record_type	The type of the record
record	The record to be written

Returns: The amount of data written, or -1 if an error occurs

Todo:

change the switch to an array of function pointers, one for each type

add code to corsaro_file_open that creates a special 'stdout' file

Definition at line 925 of file corsaro_io.c.

off_t corsaro_io_write_trailer	(	corsaro_t *	corsaro,
		corsaro_file_t *	file,
		corsaro_trailer_t *	trailer
	)

Write the corsaro trailers to the file.

Parameters

corsaro	The corsaro object associated with the file
file	The corsaro output file to write to
trailer	The trailer to write out (NULL to generate one)

Returns: The amount of data written, or -1 if an error occurs

Definition at line 822 of file corsaro_io.c.

References CORSARO_FILE_MODE, CORSARO_FILE_MODE_ASCII, and CORSARO_FILE_MODE_BINARY.

Referenced by corsaro_finalize_output(), corsaro_io_write_record(), and end_interval().

Macros

Functions

Detailed Description

Macro Definition Documentation

Function Documentation