Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
The Center for Applied Internet Data Analysis
corsaro_pfx2as.c
Go to the documentation of this file.
1 /*
2  * corsaro
3  *
4  * Alistair King, CAIDA, UC San Diego
5  * alistair@caida.org
6  *
7  * Copyright (C) 2012 The Regents of the University of California.
8  *
9  * This file is part of corsaro.
10  *
11  * corsaro is free software: you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation, either version 3 of the License, or
14  * (at your option) any later version.
15  *
16  * corsaro is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with corsaro. If not, see <http://www.gnu.org/licenses/>.
23  *
24  */
25 
26 #include "config.h"
27 #include "corsaro_int.h"
28 
29 #include <arpa/inet.h>
30 #include <assert.h>
31 #include <inttypes.h>
32 #include <netinet/in.h>
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <sys/socket.h>
37 #include <unistd.h>
38 
39 #include "libtrace.h"
40 
41 #include "khash.h"
42 #include "patricia.h"
43 #include "ip_utils.h"
44 #include "utils.h"
45 
46 #include "corsaro_io.h"
47 #include "corsaro_file.h"
48 #include "corsaro_geo.h"
49 #include "corsaro_log.h"
50 #include "corsaro_plugin.h"
51 
52 #ifdef WITH_PLUGIN_SIXT
53 #include "corsaro_flowtuple.h"
54 #endif
55 
56 #include "corsaro_pfx2as.h"
57 
67 /*#define CORSARO_PFX2AS_DEBUG*/
68 
69 #ifdef CORSARO_PFX2AS_DEBUG
70 
71 static int debug_cache_hits = 0;
73 static int debug_cache_misses = 0;
74 #endif
75 
77 #define CORSARO_PFX2AS_MAGIC 0x41532323
78 
80 #define PLUGIN_NAME "pfx2as"
81 
83 KHASH_MAP_INIT_INT(32record, corsaro_geo_record_t *)
85 KHASH_MAP_INIT_STR(strrec, corsaro_geo_record_t *)
86 
88 static corsaro_plugin_t corsaro_pfx2as_plugin = {
89  PLUGIN_NAME, /* name */
90  CORSARO_PLUGIN_ID_PFX2AS, /* id */
91  CORSARO_PFX2AS_MAGIC, /* magic */
92 #ifdef WITH_PLUGIN_SIXT
93  CORSARO_PLUGIN_GENERATE_PTRS_FT(corsaro_pfx2as), /* func ptrs */
94 #else
95  CORSARO_PLUGIN_GENERATE_PTRS(corsaro_pfx2as),
96 #endif
97  CORSARO_PLUGIN_GENERATE_TAIL,
98 };
99 
101 struct corsaro_pfx2as_state_t {
102  corsaro_geo_provider_t *provider;
103 
105  int cache_enabled;
107  khash_t(32record) *as_cache;
108 
110  char *pfx2as_file;
111 };
112 
114 #define BUFFER_LEN 1024
115 
117 #define PFX2AS_COL_CNT 3
118 
120 #define STATE(corsaro) \
121  (CORSARO_PLUGIN_STATE(corsaro, pfx2as, CORSARO_PLUGIN_ID_PFX2AS))
122 
123 #define PLUGIN(corsaro) \
124  (CORSARO_PLUGIN_PLUGIN(corsaro, CORSARO_PLUGIN_ID_PFX2AS))
125 
127 static void usage(corsaro_plugin_t *plugin)
128 {
129  fprintf(stderr,
130  "plugin usage: %s [-c] -f pfx2as_file\n"
131  " -c cache the results for each IP\n"
132  " -f pfx2as file to use for lookups\n",
133  plugin->argv[0]);
134 }
135 
137 static int parse_args(corsaro_t *corsaro)
138 {
139  corsaro_plugin_t *plugin = PLUGIN(corsaro);
140  struct corsaro_pfx2as_state_t *state = STATE(corsaro);
141  int opt;
142 
143  /* NB: remember to reset optind to 1 before using getopt! */
144  optind = 1;
145 
146  while((opt = getopt(plugin->argc, plugin->argv, "f:c?")) >= 0)
147  {
148  switch(opt)
149  {
150  case 'c':
151  state->cache_enabled = 1;
152  break;
153 
154  case 'f':
155  state->pfx2as_file = optarg;
156  break;
157 
158  case '?':
159  case ':':
160  default:
161  usage(plugin);
162  return -1;
163  }
164  }
165 
166  if(state->pfx2as_file == NULL)
167  {
168  fprintf(stderr, "ERROR: %s requires '-f' to be specified\n",
169  plugin->argv[0]);
170  usage(plugin);
171  return -1;
172  }
173 
174  return 0;
175 }
176 
178 static int parse_asn(char *asn_str, uint32_t **asn_arr)
179 {
180  int asn_cnt = 0;
181  uint32_t *asn = NULL;
182  char *tok = NULL;
183  char *period = NULL;
184 
185  while((tok = strsep(&asn_str, "_")) != NULL)
186  {
187  /* realloc the asn array to buy us one more */
188  if((asn = realloc(asn, sizeof(uint32_t) * (asn_cnt+1))) == NULL)
189  {
190  if(asn != NULL)
191  {
192  free(asn);
193  }
194  return -1;
195  }
196 
197  /* check if this is a 32bit asn */
198  if((period = strchr(tok, '.')) != NULL)
199  {
200  /* set this to a nul */
201  *period = '\0';
202  /* get the value of the first 16 bits and the second */
203  asn[asn_cnt] = (atoi(tok)<<16) | atoi(period+1);
204  }
205  else
206  {
207  /* do a simple atoi and be done */
208  asn[asn_cnt] = atoi(tok);
209  }
210  asn_cnt++;
211  }
212 
213  /* return the array of asn values and the count */
214  *asn_arr = asn;
215  return asn_cnt;
216 }
217 
219 static inline void str_free(const char *str)
220 {
221  free((char*)str);
222 }
223 
225 static int read_routeviews(corsaro_t *corsaro,
226  corsaro_file_in_t *file)
227 {
228  struct corsaro_pfx2as_state_t *state = STATE(corsaro);
229 
230  /* we have to normalize the asns on the fly */
231  /* so we read the file, reading records into here */
232  int khret;
233  khiter_t khiter;
234  khash_t(strrec) *asn_table = kh_init(strrec);
235 
236  char buffer[BUFFER_LEN];
237  char *rowp;
238  char *tok = NULL;
239  int tokc = 0;
240 
241  int asn_id = 0;
242  in_addr_t addr = 0;
243  uint8_t mask = 0;
244  uint32_t *asn = NULL;
245  char *asn_str = NULL;
246  int asn_cnt = 0;
247 
248  corsaro_geo_record_t *record;
249 
250  while(corsaro_file_rgets(file, &buffer, BUFFER_LEN) > 0)
251  {
252  rowp = buffer;
253  tokc = 0;
254 
255  /* hack off the newline */
256  chomp(buffer);
257 
258  while((tok = strsep(&rowp, "\t")) != NULL)
259  {
260  switch(tokc)
261  {
262  case 0:
263  /* network */
264  addr = inet_addr(tok);
265  break;
266 
267  case 1:
268  /* mask */
269  mask = atoi(tok);
270  break;
271 
272  case 2:
273  /* asn */
274  asn_str = strdup(tok);
275  asn_cnt = parse_asn(tok, &asn);
276  break;
277 
278  default:
279  corsaro_log(__func__, corsaro, "invalid pfx2as file");
280  return -1;
281  break;
282  }
283  tokc++;
284  }
285 
286  if(tokc != PFX2AS_COL_CNT)
287  {
288  corsaro_log(__func__, corsaro, "invalid pfx2as file");
289  return -1;
290  }
291 
292  if(asn_cnt <= 0 || asn_str == NULL)
293  {
294  corsaro_log(__func__, corsaro, "could not parse asn string");
295  return -1;
296  }
297 
298  /* check our hash for this asn */
299  if((khiter = kh_get(strrec, asn_table, asn_str)) == kh_end(asn_table))
300  {
301  /* need to create a record for this asn */
302  if((record = corsaro_geo_init_record(state->provider, asn_id))
303  == NULL)
304  {
305  corsaro_log(__func__, corsaro, "could not alloc geo record");
306  return -1;
307  }
308 
309  /* set the fields */
310  record->asn = asn;
311  record->asn_cnt = asn_cnt;
312 
313  /* put it into our table */
314  khiter = kh_put(strrec, asn_table, asn_str, &khret);
315  kh_value(asn_table, khiter) = record;
316 
317  /* move on to the next id */
318  asn_id++;
319  }
320  else
321  {
322  /* we've seen this ASN before, just use that! */
323  record = kh_value(asn_table, khiter);
324  assert(record != NULL);
325  /* BUT! remember that we strdup'd the asn string */
326  /* add that parse_asn did some malloc'ing */
327  free(asn_str);
328  free(asn);
329  asn = NULL;
330  asn_cnt = 0;
331  }
332 
333  assert(record != NULL);
334 
335  /* how many IP addresses does this prefix cover ? */
336  /* we will add this to the record and then use the total count for the asn
337  to find the 'biggest' ASes */
338  record->asn_ip_cnt += (ip_broadcast_addr(addr, mask) -
339  ip_network_addr(addr, mask)) + 1;
340 
341  /* by here record is the right asn record, associate it with this pfx */
342  if(corsaro_geo_provider_associate_record(corsaro,
343  state->provider,
344  addr,
345  mask,
346  record) != 0)
347  {
348  corsaro_log(__func__, corsaro, "failed to associate record");
349  return -1;
350  }
351  }
352 
353  /* free our asn_table hash */
354  kh_free(strrec, asn_table, str_free);
355  kh_destroy(strrec, asn_table);
356 
357  return 0;
358 
359 }
360 
362 static corsaro_geo_record_t *cache_get(kh_32record_t *hash, uint32_t ip)
363 {
364  khiter_t khiter;
365  assert(hash != NULL);
366 
367  if((khiter = kh_get(32record, hash, ip)) == kh_end(hash))
368  {
369  return NULL;
370  }
371  return kh_value(hash, khiter);
372 }
373 
375 static void cache_add(kh_32record_t *hash, uint32_t ip,
376  corsaro_geo_record_t *record)
377 {
378  int khret;
379  khiter_t khiter;
380 
381  /* we assume that if you call this you have checked it is not in the hash */
382  khiter = kh_put(32record, hash, ip, &khret);
383  kh_value(hash, khiter) = record;
384 }
385 
387 static int process_generic(corsaro_t *corsaro, corsaro_packet_state_t *state,
388  uint32_t src_ip)
389 {
390  struct corsaro_pfx2as_state_t *plugin_state = STATE(corsaro);
391  corsaro_geo_record_t *record;
392 
393  /* remove the old record from the provider */
394  corsaro_geo_provider_clear(plugin_state->provider);
395 
396  /* note that the ip address are in network byte order */
397 
398 if(plugin_state->cache_enabled != 0)
399  {
400  /* first we'll check the hashtable (if it is enabled) */
401  if((record = cache_get(plugin_state->as_cache, src_ip)) == NULL)
402  {
403  /* its not in the cache - look in the trie */
404 
405  record = corsaro_geo_provider_lookup_record(corsaro,
406  plugin_state->provider,
407  src_ip);
408 
409  cache_add(plugin_state->as_cache, src_ip, record);
410 
411 #ifdef CORSARO_PFX2AS_DEBUG
412  debug_cache_misses++;
413  }
414  else
415  {
416  debug_cache_hits++;
417 #endif
418  }
419  }
420  else
421  {
422  /* go straight to the trie */
423  record = corsaro_geo_provider_lookup_record(corsaro,
424  plugin_state->provider,
425  src_ip);
426  }
427 
428  /* insert the record into the matched records for this packet */
429  corsaro_geo_provider_add_record(plugin_state->provider, record);
430 
431 #if 0
432 
433  /* DEBUG */
434  corsaro_geo_provider_t *provider;
435  corsaro_geo_record_t *tmp = NULL;
436  struct in_addr addr;
437  addr.s_addr = src_ip;
438 
439  fprintf(stdout, "src: %s\n",
440  inet_ntoa(addr));
441 
442  /* first, ask for the pfx2as provider */
443  provider = corsaro_geo_get_by_id(corsaro, CORSARO_GEO_PROVIDER_PFX2AS);
444  assert(provider != NULL);
445 
446  while((tmp = corsaro_geo_next_record(provider, tmp)) != NULL)
447  {
448  corsaro_geo_dump_record(tmp);
449  }
450 #endif
451 
452  return 0;
453 
454 }
455 
456 /* == PUBLIC PLUGIN FUNCS BELOW HERE == */
457 
459 corsaro_plugin_t *corsaro_pfx2as_alloc(corsaro_t *corsaro)
460 {
461  return &corsaro_pfx2as_plugin;
462 }
463 
465 int corsaro_pfx2as_probe_filename(const char *fname)
466 {
467  /* look for 'corsaro_pfx2as' in the name */
468  return corsaro_plugin_probe_filename(fname, &corsaro_pfx2as_plugin);
469 }
470 
472 int corsaro_pfx2as_probe_magic(corsaro_in_t *corsaro, corsaro_file_in_t *file)
473 {
474  /* we write no output files, so dont even bother looking */
475  return 0;
476 }
477 
479 int corsaro_pfx2as_init_output(corsaro_t *corsaro)
480 {
481  struct corsaro_pfx2as_state_t *state;
482  corsaro_plugin_t *plugin = PLUGIN(corsaro);
483  corsaro_file_in_t *file = NULL;
484  assert(plugin != NULL);
485 
486  if((state = malloc_zero(sizeof(struct corsaro_pfx2as_state_t))) == NULL)
487  {
488  corsaro_log(__func__, corsaro,
489  "could not malloc corsaro_pfx2as_state_t");
490  goto err;
491  }
492  corsaro_plugin_register_state(corsaro->plugin_manager, plugin, state);
493 
494  /* parse the arguments */
495  if(parse_args(corsaro) != 0)
496  {
497  /* parse args calls usage itself, so do not goto err here */
498  return -1;
499  }
500 
501  /* register as a geoloc provider */
502  /* we do not want to be the default provider as we do not provide full
503  geo data */
504  if((state->provider =
505  corsaro_geo_init_provider(corsaro,
506  CORSARO_GEO_PROVIDER_PFX2AS,
507  CORSARO_GEO_DATASTRUCTURE_DEFAULT,
508  CORSARO_GEO_PROVIDER_DEFAULT_NO)) == NULL)
509  {
510  corsaro_log(__func__, corsaro, "could not register as a geolocation"
511  " provider");
512  goto err;
513  }
514 
515  /* open the routeviews file */
516  if((file = corsaro_file_ropen(state->pfx2as_file)) == NULL)
517  {
518  corsaro_log(__func__, corsaro,
519  "failed to open pfx2as file '%s'", state->pfx2as_file);
520  goto err;
521  }
522 
523  /* read in the routeviews mapping from network to pfx2as and store in patricia
524  tree */
525  if (read_routeviews(corsaro, file) != 0)
526  {
527  corsaro_log(__func__, corsaro, "could not read pfx2as file '%s'",
528  state->pfx2as_file);
529  goto err;
530  }
531 
532  corsaro_file_rclose(file);
533 
534  if(state->cache_enabled != 0)
535  {
536  /* initialize the hash cache */
537  state->as_cache = kh_init(32record);
538  }
539 
540  return 0;
541 
542  err:
543  corsaro_pfx2as_close_output(corsaro);
544  return -1;
545 }
546 
548 int corsaro_pfx2as_init_input(corsaro_in_t *corsaro)
549 {
550  return -1;
551 }
552 
554 int corsaro_pfx2as_close_input(corsaro_in_t *corsaro)
555 {
556  return -1;
557 }
558 
560 int corsaro_pfx2as_close_output(corsaro_t *corsaro)
561 {
562  struct corsaro_pfx2as_state_t *state = STATE(corsaro);
563 
564  if(state != NULL)
565  {
566  if(state->provider != NULL)
567  {
568  corsaro_geo_free_provider(corsaro, state->provider);
569  state->provider = NULL;
570  }
571 
572  if(state->as_cache != NULL)
573  {
574  kh_destroy(32record, state->as_cache);
575  state->as_cache = NULL;
576  }
577 
578  corsaro_plugin_free_state(corsaro->plugin_manager, PLUGIN(corsaro));
579  }
580 
581 #ifdef CORSARO_PFX2AS_DEBUG
582  corsaro_log(__func__, corsaro, "cache hits: %d misses: %d",
583  debug_cache_hits, debug_cache_misses);
584 #endif
585 
586  return 0;
587 }
588 
590 off_t corsaro_pfx2as_read_record(struct corsaro_in *corsaro,
591  corsaro_in_record_type_t *record_type,
592  corsaro_in_record_t *record)
593 {
594  /* This plugin writes no output data */
595  return -1;
596 }
597 
599 off_t corsaro_pfx2as_read_global_data_record(struct corsaro_in *corsaro,
600  enum corsaro_in_record_type *record_type,
601  struct corsaro_in_record *record)
602 {
603  /* we write nothing to the global file. someone messed up */
604  return -1;
605 }
606 
608 int corsaro_pfx2as_start_interval(corsaro_t *corsaro,
609  corsaro_interval_t *int_start)
610 {
611  /* we don't care */
612  return 0;
613 }
614 
616 int corsaro_pfx2as_end_interval(corsaro_t *corsaro, corsaro_interval_t *int_end)
617 {
618  /* we don't care */
619  return 0;
620 }
621 
623 int corsaro_pfx2as_process_packet(corsaro_t *corsaro,
624  corsaro_packet_t *packet)
625 {
626  libtrace_ip_t *ip_hdr = NULL;
627 
628  if((ip_hdr = trace_get_ip(LT_PKT(packet))) == NULL)
629  {
630  /* not an ip packet */
631  return 0;
632  }
633 
634  return process_generic(corsaro, &packet->state, ip_hdr->ip_src.s_addr);
635 }
636 
637 #ifdef WITH_PLUGIN_SIXT
638 
639 int corsaro_pfx2as_process_flowtuple(corsaro_t *corsaro,
640  corsaro_flowtuple_t *flowtuple,
641  corsaro_packet_state_t *state)
642 {
643  return process_generic(corsaro, state,
644  corsaro_flowtuple_get_source_ip(flowtuple));
645 }
646 
648 int corsaro_pfx2as_process_flowtuple_class_start(corsaro_t *corsaro,
649  corsaro_flowtuple_class_start_t *class)
650 {
651  /* we dont care about these */
652  return 0;
653 }
654 
656 int corsaro_pfx2as_process_flowtuple_class_end(corsaro_t *corsaro,
657  corsaro_flowtuple_class_end_t *class)
658 {
659  /* dont care */
660  return 0;
661 }
662 #endif
corsaro_interval
Structure representing the start or end of an interval.
Definition: corsaro_int.h:156
corsaro_file_in
An opaque structure defining an corsaro input file.
Definition: corsaro_file.h:86
usage
static void usage(corsaro_plugin_t *plugin)
Print plugin usage to stderr.
Definition: corsaro_pfx2as.c:127
cache_add
static void cache_add(kh_32record_t *hash, uint32_t ip, corsaro_geo_record_t *record)
Add an ASN record to the hash for the given IP address.
Definition: corsaro_pfx2as.c:375
corsaro_plugin.h
Header file dealing with the corsaro plugin manager.
CORSARO_GEO_DATASTRUCTURE_DEFAULT
Default Geolocation data-structure.
Definition: corsaro_geo.h:170
corsaro_file_rgets
off_t corsaro_file_rgets(corsaro_file_in_t *file, void *buffer, off_t len)
Reads a string from an corsaro input file into the provided buffer.
Definition: corsaro_file.c:343
str_free
static void str_free(const char *str)
Free a string (for use with the map)
Definition: corsaro_pfx2as.c:219
corsaro_log.h
Header file dealing with the corsaro logging sub-system.
corsaro_pfx2as_end_interval
int corsaro_pfx2as_end_interval(corsaro_t *corsaro, corsaro_interval_t *int_end)
Implements the end_interval function of the plugin API.
Definition: corsaro_pfx2as.c:616
corsaro_in_record
A reusable opaque structure for corsaro to read an input record into.
Definition: corsaro_int.h:350
process_generic
static int process_generic(corsaro_t *corsaro, corsaro_packet_state_t *state, uint32_t src_ip)
Common code between process_packet and process_flowtuple.
Definition: corsaro_pfx2as.c:387
corsaro_geo_free_provider
void corsaro_geo_free_provider(corsaro_t *corsaro, corsaro_geo_provider_t *provider)
Free the given geolocation provider object.
Definition: corsaro_geo.c:299
corsaro_pfx2as_init_output
int corsaro_pfx2as_init_output(corsaro_t *corsaro)
Implements the init_output function of the plugin API.
Definition: corsaro_pfx2as.c:479
corsaro_plugin::argv
char ** argv
Array of plugin arguments This is populated by the plugin manager in corsaro_plugin_enable_plugin.
Definition: corsaro_plugin.h:385
corsaro_geo_get_by_id
corsaro_geo_provider_t * corsaro_geo_get_by_id(corsaro_t *corsaro, corsaro_geo_provider_id_t id)
Retrieve the provider object for the given provider ID.
Definition: corsaro_geo.c:495
LT_PKT
#define LT_PKT(corsaro_packet)
Convenience macro to get to the libtrace packet inside an corsaro packet.
Definition: corsaro_int.h:227
cache_get
static corsaro_geo_record_t * cache_get(kh_32record_t *hash, uint32_t ip)
Get an ASN record from the cache given an IP address.
Definition: corsaro_pfx2as.c:362
corsaro_geo_provider_add_record
void corsaro_geo_provider_add_record(corsaro_geo_provider_t *provider, corsaro_geo_record_t *record)
Add the given geolocation record to the head of the given geolocation provider object.
Definition: corsaro_geo.c:465
corsaro_geo_provider
Structure which represents a geolocation provider.
Definition: corsaro_geo.h:137
corsaro_geo_provider_lookup_record
corsaro_geo_record_t * corsaro_geo_provider_lookup_record(corsaro_t *corsaro, corsaro_geo_provider_t *provider, uint32_t addr)
Look up the given address in the provider's datastructure.
Definition: corsaro_geo.c:437
corsaro_flowtuple.h
Header file which exports corsaro_flowtuple plugin API.
packet
static libtrace_packet_t * packet
A pointer to a libtrace packet.
Definition: corsaro_main.c:67
corsaro_plugin_free_state
void corsaro_plugin_free_state(corsaro_plugin_manager_t *manager, corsaro_plugin_t *plugin)
Free the state for a plugin.
Definition: corsaro_plugin.c:465
corsaro_geo_dump_record
void corsaro_geo_dump_record(corsaro_geo_record_t *record)
Dump the given geolocation record to stdout (for debugging)
Definition: corsaro_geo.c:536
corsaro_pfx2as_probe_filename
int corsaro_pfx2as_probe_filename(const char *fname)
Implements the probe_filename function of the plugin API.
Definition: corsaro_pfx2as.c:465
utils.h
Header file for common utility functions.
corsaro_packet
A lightweight wrapper around a libtrace packet.
Definition: corsaro_int.h:211
corsaro::plugin_manager
corsaro_plugin_manager_t * plugin_manager
A pointer to the corsaro plugin manager state.
Definition: corsaro_int.h:273
CORSARO_PLUGIN_GENERATE_PTRS
#define CORSARO_PLUGIN_GENERATE_PTRS(plugin)
Convenience macro that defines all the function pointers for the corsaro plugin API.
Definition: corsaro_plugin.h:117
corsaro_in_record_type
corsaro_in_record_type
Corsaro input record types.
Definition: corsaro.h:97
BUFFER_LEN
#define BUFFER_LEN
The length of the line buffer when reading pfx2as files.
Definition: corsaro_pfx2as.c:114
corsaro_geo_record::asn_cnt
int asn_cnt
Number of ASNs in the asn array.
Definition: corsaro_geo.h:91
corsaro_plugin_register_state
void corsaro_plugin_register_state(corsaro_plugin_manager_t *manager, corsaro_plugin_t *plugin, void *state)
Register the state for a plugin.
Definition: corsaro_plugin.c:454
corsaro_flowtuple_get_source_ip
uint32_t corsaro_flowtuple_get_source_ip(corsaro_flowtuple_t *flowtuple)
Convenience function to get the source IP address from a FlowTuple.
Definition: corsaro_flowtuple.c:1060
corsaro_geo_provider_clear
int corsaro_geo_provider_clear(corsaro_geo_provider_t *provider)
Remove all the existing records from the given geolocation provider.
Definition: corsaro_geo.c:447
corsaro_file_rclose
void corsaro_file_rclose(corsaro_file_in_t *file)
Closes an corsaro input file and frees the reader structure.
Definition: corsaro_file.c:428
corsaro_plugin_probe_filename
int corsaro_plugin_probe_filename(const char *fname, corsaro_plugin_t *plugin)
Check a filename to see if it contains a plugin's name.
Definition: corsaro_plugin.c:475
corsaro_geo_next_record
corsaro_geo_record_t * corsaro_geo_next_record(corsaro_geo_provider_t *provider, corsaro_geo_record_t *record)
Retrieve the next geolocation provider record in the list.
Definition: corsaro_geo.c:521
CORSARO_PLUGIN_GENERATE_TAIL
#define CORSARO_PLUGIN_GENERATE_TAIL
Convenience macro that defines all the 'remaining' blank fields in a corsaro plugin object...
Definition: corsaro_plugin.h:138
malloc_zero
void * malloc_zero(const size_t size)
Allocate memory and set it to zero.
Definition: utils.c:78
corsaro_file.h
Header file dealing with the low-level file IO.
record
static corsaro_in_record_t * record
A pointer to a corsaro record.
Definition: corsaro_main.c:76
corsaro_plugin::argc
int argc
Count of arguments in argv.
Definition: corsaro_plugin.h:379
CORSARO_PFX2AS_MAGIC
#define CORSARO_PFX2AS_MAGIC
The magic number for this plugin - "AS##".
Definition: corsaro_pfx2as.c:77
corsaro_geo_record::asn_ip_cnt
uint32_t asn_ip_cnt
Number of IP addresses that this ASN (or ASN group) 'owns'.
Definition: corsaro_geo.h:94
chomp
void chomp(char *line)
Remove a newline from the given string.
Definition: utils.c:114
corsaro_pfx2as_plugin
static corsaro_plugin_t corsaro_pfx2as_plugin
Initialize the hash type (32bit keys, geo_record values)
Definition: corsaro_pfx2as.c:88
corsaro_packet::state
corsaro_packet_state_t state
The corsaro state associated with this packet.
Definition: corsaro_int.h:214
CORSARO_PLUGIN_ID_PFX2AS
CAIDA Prefix2AS lookup plugin.
Definition: corsaro_plugin.h:180
corsaro_geo_init_provider
corsaro_geo_provider_t * corsaro_geo_init_provider(corsaro_t *corsaro, corsaro_geo_provider_id_t provider_id, corsaro_geo_datastructure_id_t ds_id, corsaro_geo_provider_default_t set_default)
Allocate a geolocation provider object in the packet state.
Definition: corsaro_geo.c:222
PFX2AS_COL_CNT
#define PFX2AS_COL_CNT
The number of columns in a pfx2as file.
Definition: corsaro_pfx2as.c:117
corsaro_geo_provider_associate_record
int corsaro_geo_provider_associate_record(corsaro_t *corsaro, corsaro_geo_provider_t *provider, uint32_t addr, uint8_t mask, corsaro_geo_record_t *record)
Register a new prefix to record mapping for the given provider.
Definition: corsaro_geo.c:425
corsaro_in
Corsaro input state.
Definition: corsaro_int.h:323
corsaro_geo_record
Structure which contains a geolocation record.
Definition: corsaro_geo.h:45
corsaro_pfx2as_start_interval
int corsaro_pfx2as_start_interval(corsaro_t *corsaro, corsaro_interval_t *int_start)
Implements the start_interval function of the plugin API.
Definition: corsaro_pfx2as.c:608
corsaro_pfx2as_process_packet
int corsaro_pfx2as_process_packet(corsaro_t *corsaro, corsaro_packet_t *packet)
Implements the process_packet function of the plugin API.
Definition: corsaro_pfx2as.c:623
corsaro_geo_record::asn
uint32_t * asn
Array of Autonomous System Numbers.
Definition: corsaro_geo.h:88
corsaro_packet_state
Corsaro state for a packet.
Definition: corsaro_int.h:194
corsaro_pfx2as_probe_magic
int corsaro_pfx2as_probe_magic(corsaro_in_t *corsaro, corsaro_file_in_t *file)
Implements the probe_magic function of the plugin API.
Definition: corsaro_pfx2as.c:472
corsaro_io.h
Header file dealing with the corsaro file IO.
STATE
#define STATE(corsaro)
Extends the generic plugin state convenience macro in corsaro_plugin.h.
Definition: corsaro_pfx2as.c:120
parse_args
static int parse_args(corsaro_t *corsaro)
Parse the arguments given to the plugin.
Definition: corsaro_pfx2as.c:137
corsaro_pfx2as_init_input
int corsaro_pfx2as_init_input(corsaro_in_t *corsaro)
Implements the init_input function of the plugin API.
Definition: corsaro_pfx2as.c:548
read_routeviews
static int read_routeviews(corsaro_t *corsaro, corsaro_file_in_t *file)
Read the prefix2as file.
Definition: corsaro_pfx2as.c:225
corsaro_pfx2as_close_output
int corsaro_pfx2as_close_output(corsaro_t *corsaro)
Implements the close_output function of the plugin API.
Definition: corsaro_pfx2as.c:560
parse_asn
static int parse_asn(char *asn_str, uint32_t **asn_arr)
Parse an underscore-separated list of ASNs.
Definition: corsaro_pfx2as.c:178
corsaro_pfx2as_read_record
off_t corsaro_pfx2as_read_record(struct corsaro_in *corsaro, corsaro_in_record_type_t *record_type, corsaro_in_record_t *record)
Implements the read_record function of the plugin API.
Definition: corsaro_pfx2as.c:590
corsaro_pfx2as_close_input
int corsaro_pfx2as_close_input(corsaro_in_t *corsaro)
Implements the close_input function of the plugin API.
Definition: corsaro_pfx2as.c:554
corsaro_pfx2as_alloc
corsaro_plugin_t * corsaro_pfx2as_alloc(corsaro_t *corsaro)
Implements the alloc function of the plugin API.
Definition: corsaro_pfx2as.c:459
corsaro
Corsaro output state.
Definition: corsaro_int.h:230
PLUGIN
#define PLUGIN(corsaro)
Extends the generic plugin plugin convenience macro in corsaro_plugin.h.
Definition: corsaro_pfx2as.c:123
corsaro_file_ropen
corsaro_file_in_t * corsaro_file_ropen(const char *filename)
Creates a new corsaro file reader and opens the provided file for reading.
Definition: corsaro_file.c:256
CORSARO_GEO_PROVIDER_DEFAULT_NO
This provider should not be the default geolocation result.
Definition: corsaro_geo.h:107
corsaro_pfx2as_read_global_data_record
off_t corsaro_pfx2as_read_global_data_record(struct corsaro_in *corsaro, enum corsaro_in_record_type *record_type, struct corsaro_in_record *record)
Implements the read_global_data_record function of the plugin API.
Definition: corsaro_pfx2as.c:599
corsaro_log
void corsaro_log(const char *func, corsaro_t *corsaro, const char *format,...)
Write a formatted string to the logfile associated with an corsaro object.
Definition: corsaro_log.c:113
corsaro_in_record_type_t
enum corsaro_in_record_type corsaro_in_record_type_t
Corsaro input record types.
corsaro_geo.h
Header file dealing with the corsaro geolocation subsystem.
corsaro_plugin
An corsaro packet processing plugin.
Definition: corsaro_plugin.h:206
corsaro_geo_init_record
corsaro_geo_record_t * corsaro_geo_init_record(corsaro_geo_provider_t *provider, uint32_t id)
Allocate an empty geolocation record for the given id.
Definition: corsaro_geo.c:346
CORSARO_GEO_PROVIDER_PFX2AS
'Geolocation' data from CAIDA pfx2as
Definition: corsaro_geo.h:129
corsaro_int.h
Header file dealing with the internal corsaro functions.
PLUGIN_NAME
#define PLUGIN_NAME
The name of this plugin - should match the file name.
Definition: corsaro_pfx2as.c:80