Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
The Center for Applied Internet Data Analysis
corsaro_pcap.c
Go to the documentation of this file.
1 /*
2  * corsaro
3  *
4  * Alistair King, CAIDA, UC San Diego
5  * corsaro-info@caida.org
6  *
7  * Copyright (C) 2012 The Regents of the University of California.
8  *
9  * This file is part of corsaro.
10  *
11  * corsaro is free software: you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation, either version 3 of the License, or
14  * (at your option) any later version.
15  *
16  * corsaro is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with corsaro. If not, see <http://www.gnu.org/licenses/>.
23  *
24  */
25 
26 #include "config.h"
27 #include "corsaro_int.h"
28 
29 #include <assert.h>
30 #include <inttypes.h>
31 #include <stdio.h>
32 #include <stdlib.h>
33 #include <string.h>
34 
35 #include "libtrace.h"
36 
37 #include "utils.h"
38 
39 #include "corsaro_io.h"
40 #include "corsaro_file.h"
41 #include "corsaro_log.h"
42 #include "corsaro_plugin.h"
43 
44 #include "corsaro_pcap.h"
45 
55 #define CORSARO_PCAP_MAGIC 0x50434150
56 
58 #define PLUGIN_NAME "pcap"
59 
63 #define OUTFILE_POINTERS 2
64 
66 static corsaro_plugin_t corsaro_pcap_plugin = {
67  PLUGIN_NAME, /* name */
68  CORSARO_PLUGIN_ID_PCAP, /* id */
69  CORSARO_PCAP_MAGIC, /* magic */
70  CORSARO_PLUGIN_GENERATE_PTRS(corsaro_pcap), /* func ptrs */
71  CORSARO_PLUGIN_GENERATE_TAIL,
72 };
73 
75 struct corsaro_pcap_state_t {
77  corsaro_file_t *outfile;
79  corsaro_file_t *outfile_p[OUTFILE_POINTERS];
81  int outfile_n;
82 };
83 
85 #define STATE(corsaro) \
86  (CORSARO_PLUGIN_STATE(corsaro, pcap, CORSARO_PLUGIN_ID_PCAP))
87 
88 #define PLUGIN(corsaro) \
89  (CORSARO_PLUGIN_PLUGIN(corsaro, CORSARO_PLUGIN_ID_PCAP))
90 
91 /* == PUBLIC PLUGIN FUNCS BELOW HERE == */
92 
94 corsaro_plugin_t *corsaro_pcap_alloc(corsaro_t *corsaro)
95 {
96  return &corsaro_pcap_plugin;
97 }
98 
100 int corsaro_pcap_probe_filename(const char *fname)
101 {
102  /* cannot read raw pcap files using corsaro_in */
103  return 0;
104 }
105 
107 int corsaro_pcap_probe_magic(corsaro_in_t *corsaro, corsaro_file_in_t *file)
108 {
109  /* cannot read raw pcap files using corsaro_in */
110  return 0;
111 }
112 
114 int corsaro_pcap_init_output(corsaro_t *corsaro)
115 {
116  struct corsaro_pcap_state_t *state;
117  corsaro_plugin_t *plugin = PLUGIN(corsaro);
118  assert(plugin != NULL);
119 
120  if((state = malloc_zero(sizeof(struct corsaro_pcap_state_t))) == NULL)
121  {
122  corsaro_log(__func__, corsaro,
123  "could not malloc corsaro_pcap_state_t");
124  goto err;
125  }
126  corsaro_plugin_register_state(corsaro->plugin_manager, plugin, state);
127 
128  /* defer opening the output file until we start the first interval */
129 
130  return 0;
131 
132  err:
133  corsaro_pcap_close_output(corsaro);
134  return -1;
135 }
136 
138 int corsaro_pcap_init_input(corsaro_in_t *corsaro)
139 {
140  return -1;
141 }
142 
144 int corsaro_pcap_close_input(corsaro_in_t *corsaro)
145 {
146  return -1;
147 }
148 
150 int corsaro_pcap_close_output(corsaro_t *corsaro)
151 {
152  int i;
153  struct corsaro_pcap_state_t *state = STATE(corsaro);
154 
155  if(state != NULL)
156  {
157  /* close all the outfile pointers */
158  for(i = 0; i < OUTFILE_POINTERS; i++)
159  {
160  if(state->outfile_p[i] != NULL)
161  {
162  corsaro_file_close(corsaro, state->outfile_p[i]);
163  state->outfile_p[i] = NULL;
164  }
165  }
166  state->outfile = NULL;
167 
168  corsaro_plugin_free_state(corsaro->plugin_manager, PLUGIN(corsaro));
169  }
170 
171  return 0;
172 }
173 
175 off_t corsaro_pcap_read_record(struct corsaro_in *corsaro,
176  corsaro_in_record_type_t *record_type,
177  corsaro_in_record_t *record)
178 {
179  /* This plugin can't read it's data back. just use libtrace */
180  corsaro_log_in(__func__, corsaro, "pcap files are simply trace files."
181  " use libtrace instead of corsaro");
182  return -1;
183 }
184 
186 off_t corsaro_pcap_read_global_data_record(struct corsaro_in *corsaro,
187  enum corsaro_in_record_type *record_type,
188  struct corsaro_in_record *record)
189 {
190  /* we write nothing to the global file. someone messed up */
191  return -1;
192 }
193 
195 int corsaro_pcap_start_interval(corsaro_t *corsaro, corsaro_interval_t *int_start)
196 {
197  if(STATE(corsaro)->outfile == NULL)
198  {
199  /* open the output file */
200  if((
201  STATE(corsaro)->outfile_p[STATE(corsaro)->outfile_n] =
202  corsaro_io_prepare_file_full(corsaro,
203  PLUGIN(corsaro)->name,
204  int_start,
205  CORSARO_FILE_MODE_TRACE,
206  corsaro->compress,
207  corsaro->compress_level,
208  0)) == NULL)
209  {
210  corsaro_log(__func__, corsaro, "could not open %s output file",
211  PLUGIN(corsaro)->name);
212  return -1;
213  }
214  STATE(corsaro)->outfile = STATE(corsaro)->
215  outfile_p[STATE(corsaro)->outfile_n];
216  }
217  return 0;
218 }
219 
221 int corsaro_pcap_end_interval(corsaro_t *corsaro, corsaro_interval_t *int_end)
222 {
223  struct corsaro_pcap_state_t *state = STATE(corsaro);
224 
225  /* if we are rotating, now is when we should do it */
226  if(corsaro_is_rotate_interval(corsaro))
227  {
228  /* leave the current file to finish draining buffers */
229  assert(state->outfile != NULL);
230 
231  /* move on to the next output pointer */
232  state->outfile_n = (state->outfile_n+1) %
233  OUTFILE_POINTERS;
234 
235  if(state->outfile_p[state->outfile_n] != NULL)
236  {
237  /* we're gonna have to wait for this to close */
238  corsaro_file_close(corsaro,
239  state->outfile_p[state->outfile_n]);
240  state->outfile_p[state->outfile_n] = NULL;
241  }
242 
243  state->outfile = NULL;
244  }
245  return 0;
246 }
247 
249 int corsaro_pcap_process_packet(corsaro_t *corsaro,
250  corsaro_packet_t *packet)
251 {
252  if(corsaro_file_write_packet(corsaro, STATE(corsaro)->outfile,
253  LT_PKT(packet)) <= 0)
254  {
255  corsaro_log(__func__, corsaro, "could not write packet");
256  return -1;
257  }
258  return 0;
259 }
260 
261 
262 
corsaro_interval
Structure representing the start or end of an interval.
Definition: corsaro_int.h:156
corsaro_file_in
An opaque structure defining an corsaro input file.
Definition: corsaro_file.h:86
PLUGIN_NAME
#define PLUGIN_NAME
The name of this plugin.
Definition: corsaro_pcap.c:58
corsaro_plugin.h
Header file dealing with the corsaro plugin manager.
corsaro::compress_level
int compress_level
The compression level (ignored if not compressing)
Definition: corsaro_int.h:254
corsaro_log.h
Header file dealing with the corsaro logging sub-system.
corsaro_pcap_close_input
int corsaro_pcap_close_input(corsaro_in_t *corsaro)
Implements the close_input function of the plugin API.
Definition: corsaro_pcap.c:144
corsaro_file
An opaque structure defining an corsaro output file.
Definition: corsaro_file.h:60
corsaro_pcap_process_packet
int corsaro_pcap_process_packet(corsaro_t *corsaro, corsaro_packet_t *packet)
Implements the process_packet function of the plugin API.
Definition: corsaro_pcap.c:249
corsaro_in_record
A reusable opaque structure for corsaro to read an input record into.
Definition: corsaro_int.h:350
LT_PKT
#define LT_PKT(corsaro_packet)
Convenience macro to get to the libtrace packet inside an corsaro packet.
Definition: corsaro_int.h:227
corsaro_io_prepare_file_full
corsaro_file_t * corsaro_io_prepare_file_full(corsaro_t *corsaro, const char *plugin_name, corsaro_interval_t *interval, corsaro_file_mode_t mode, corsaro_file_compress_t compress, int compress_level, int flags)
Uses the given settings to open an corsaro file for the given plugin.
Definition: corsaro_io.c:699
corsaro_pcap_read_record
off_t corsaro_pcap_read_record(struct corsaro_in *corsaro, corsaro_in_record_type_t *record_type, corsaro_in_record_t *record)
Implements the read_record function of the plugin API.
Definition: corsaro_pcap.c:175
corsaro_file_write_packet
off_t corsaro_file_write_packet(struct corsaro *corsaro, corsaro_file_t *file, libtrace_packet_t *packet)
Write a libtrace packet to an corsaro output file.
Definition: corsaro_file.c:154
corsaro_file_close
void corsaro_file_close(struct corsaro *corsaro, corsaro_file_t *file)
Closes an corsaro output file and frees the writer structure.
Definition: corsaro_file.c:230
corsaro_pcap_end_interval
int corsaro_pcap_end_interval(corsaro_t *corsaro, corsaro_interval_t *int_end)
Implements the end_interval function of the plugin API.
Definition: corsaro_pcap.c:221
corsaro_pcap_probe_magic
int corsaro_pcap_probe_magic(corsaro_in_t *corsaro, corsaro_file_in_t *file)
Implements the probe_magic function of the plugin API.
Definition: corsaro_pcap.c:107
corsaro_pcap_start_interval
int corsaro_pcap_start_interval(corsaro_t *corsaro, corsaro_interval_t *int_start)
Implements the start_interval function of the plugin API.
Definition: corsaro_pcap.c:195
packet
static libtrace_packet_t * packet
A pointer to a libtrace packet.
Definition: corsaro_main.c:67
corsaro_plugin_free_state
void corsaro_plugin_free_state(corsaro_plugin_manager_t *manager, corsaro_plugin_t *plugin)
Free the state for a plugin.
Definition: corsaro_plugin.c:465
CORSARO_PCAP_MAGIC
#define CORSARO_PCAP_MAGIC
The magic number for this plugin - "PCAP".
Definition: corsaro_pcap.c:55
utils.h
Header file for common utility functions.
corsaro_packet
A lightweight wrapper around a libtrace packet.
Definition: corsaro_int.h:211
corsaro::plugin_manager
corsaro_plugin_manager_t * plugin_manager
A pointer to the corsaro plugin manager state.
Definition: corsaro_int.h:273
CORSARO_PLUGIN_GENERATE_PTRS
#define CORSARO_PLUGIN_GENERATE_PTRS(plugin)
Convenience macro that defines all the function pointers for the corsaro plugin API.
Definition: corsaro_plugin.h:117
corsaro_in_record_type
corsaro_in_record_type
Corsaro input record types.
Definition: corsaro.h:97
corsaro_plugin_register_state
void corsaro_plugin_register_state(corsaro_plugin_manager_t *manager, corsaro_plugin_t *plugin, void *state)
Register the state for a plugin.
Definition: corsaro_plugin.c:454
corsaro_pcap_close_output
int corsaro_pcap_close_output(corsaro_t *corsaro)
Implements the close_output function of the plugin API.
Definition: corsaro_pcap.c:150
CORSARO_PLUGIN_GENERATE_TAIL
#define CORSARO_PLUGIN_GENERATE_TAIL
Convenience macro that defines all the 'remaining' blank fields in a corsaro plugin object...
Definition: corsaro_plugin.h:138
malloc_zero
void * malloc_zero(const size_t size)
Allocate memory and set it to zero.
Definition: utils.c:78
corsaro_file.h
Header file dealing with the low-level file IO.
record
static corsaro_in_record_t * record
A pointer to a corsaro record.
Definition: corsaro_main.c:76
STATE
#define STATE(corsaro)
Extends the generic plugin state convenience macro in corsaro_plugin.h.
Definition: corsaro_pcap.c:85
corsaro_log_in
void corsaro_log_in(const char *func, corsaro_in_t *corsaro, const char *format,...)
Write a formatted string to the logfile associated with an corsaro input object.
Definition: corsaro_log.c:121
corsaro_is_rotate_interval
int corsaro_is_rotate_interval(corsaro_t *corsaro)
Convenience function to determine if the output files should be rotated.
Definition: corsaro.c:1041
CORSARO_FILE_MODE_TRACE
Pseudo IO mode which allows trace files to be written.
Definition: corsaro.h:157
corsaro_pcap_init_output
int corsaro_pcap_init_output(corsaro_t *corsaro)
Implements the init_output function of the plugin API.
Definition: corsaro_pcap.c:114
OUTFILE_POINTERS
#define OUTFILE_POINTERS
The number of output file pointers to support non-blocking close at the end of an interval...
Definition: corsaro_pcap.c:63
corsaro_pcap_probe_filename
int corsaro_pcap_probe_filename(const char *fname)
Implements the probe_filename function of the plugin API.
Definition: corsaro_pcap.c:100
corsaro_in
Corsaro input state.
Definition: corsaro_int.h:323
corsaro_pcap_read_global_data_record
off_t corsaro_pcap_read_global_data_record(struct corsaro_in *corsaro, enum corsaro_in_record_type *record_type, struct corsaro_in_record *record)
Implements the read_global_data_record function of the plugin API.
Definition: corsaro_pcap.c:186
corsaro::compress
corsaro_file_compress_t compress
The compression type (based on the file name)
Definition: corsaro_int.h:251
corsaro_io.h
Header file dealing with the corsaro file IO.
corsaro_pcap_init_input
int corsaro_pcap_init_input(corsaro_in_t *corsaro)
Implements the init_output function of the plugin API.
Definition: corsaro_pcap.c:138
corsaro
Corsaro output state.
Definition: corsaro_int.h:230
corsaro_pcap_alloc
corsaro_plugin_t * corsaro_pcap_alloc(corsaro_t *corsaro)
Implements the alloc function of the plugin API.
Definition: corsaro_pcap.c:94
corsaro_log
void corsaro_log(const char *func, corsaro_t *corsaro, const char *format,...)
Write a formatted string to the logfile associated with an corsaro object.
Definition: corsaro_log.c:113
corsaro_pcap_plugin
static corsaro_plugin_t corsaro_pcap_plugin
Common plugin information across all instances.
Definition: corsaro_pcap.c:66
corsaro_in_record_type_t
enum corsaro_in_record_type corsaro_in_record_type_t
Corsaro input record types.
CORSARO_PLUGIN_ID_PCAP
Pass-through PCAP plugin.
Definition: corsaro_plugin.h:174
corsaro_plugin
An corsaro packet processing plugin.
Definition: corsaro_plugin.h:206
PLUGIN
#define PLUGIN(corsaro)
Extends the generic plugin plugin convenience macro in corsaro_plugin.h.
Definition: corsaro_pcap.c:88
corsaro_int.h
Header file dealing with the internal corsaro functions.