Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
The Center for Applied Internet Data Analysis
corsaro_plugin.h
Go to the documentation of this file.
1 /*
2  * corsaro
3  *
4  * Alistair King, CAIDA, UC San Diego
5  * corsaro-info@caida.org
6  *
7  * Copyright (C) 2012 The Regents of the University of California.
8  *
9  * This file is part of corsaro.
10  *
11  * corsaro is free software: you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation, either version 3 of the License, or
14  * (at your option) any later version.
15  *
16  * corsaro is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with corsaro. If not, see <http://www.gnu.org/licenses/>.
23  *
24  */
25 
26 #ifndef __CORSARO_PLUGIN_H
27 #define __CORSARO_PLUGIN_H
28 
29 #include "corsaro_int.h"
30 
44 #define CORSARO_PLUGIN_GENERATE_PROTOS(plugin) \
45  corsaro_plugin_t * plugin##_alloc(); \
46  int plugin##_probe_filename(const char *fname); \
47  int plugin##_probe_magic(struct corsaro_in * corsaro, corsaro_file_in_t *file); \
48  int plugin##_init_input(struct corsaro_in *corsaro); \
49  int plugin##_init_output(struct corsaro *corsaro); \
50  int plugin##_close_input(struct corsaro_in *corsaro); \
51  int plugin##_close_output(struct corsaro *corsaro); \
52  off_t plugin##_read_record(struct corsaro_in *corsaro, \
53  enum corsaro_in_record_type *record_type, \
54  struct corsaro_in_record *record); \
55  off_t plugin##_read_global_data_record(struct corsaro_in *corsaro, \
56  enum corsaro_in_record_type *record_type, \
57  struct corsaro_in_record *record); \
58  int plugin##_start_interval(struct corsaro *corsaro, \
59  struct corsaro_interval *int_start); \
60  int plugin##_end_interval(struct corsaro *corsaro, \
61  struct corsaro_interval *int_end); \
62  int plugin##_process_packet(struct corsaro *corsaro, \
63  struct corsaro_packet *packet);
64 
65 #ifdef WITH_PLUGIN_SIXT
66 #define CORSARO_PLUGIN_GENERATE_FT_PROTO(plugin) \
67  int plugin##_process_flowtuple(struct corsaro *corsaro, \
68  corsaro_flowtuple_t *flowtuple, \
69  struct corsaro_packet_state *state); \
70  int plugin##_process_flowtuple_class_start(struct corsaro *corsaro, \
71  corsaro_flowtuple_class_start_t *class); \
72  int plugin##_process_flowtuple_class_end(struct corsaro *corsaro, \
73  corsaro_flowtuple_class_end_t *class);
74 #endif
75 
84 #ifdef WITH_PLUGIN_SIXT
85 #define CORSARO_PLUGIN_GENERATE_PTRS(plugin) \
86  plugin##_probe_filename, \
87  plugin##_probe_magic, \
88  plugin##_init_input, \
89  plugin##_init_output, \
90  plugin##_close_input, \
91  plugin##_close_output, \
92  plugin##_read_record, \
93  plugin##_read_global_data_record, \
94  plugin##_start_interval, \
95  plugin##_end_interval, \
96  plugin##_process_packet, \
97  NULL, \
98  NULL, \
99  NULL
100 
101 #define CORSARO_PLUGIN_GENERATE_PTRS_FT(plugin) \
102  plugin##_probe_filename, \
103  plugin##_probe_magic, \
104  plugin##_init_input, \
105  plugin##_init_output, \
106  plugin##_close_input, \
107  plugin##_close_output, \
108  plugin##_read_record, \
109  plugin##_read_global_data_record, \
110  plugin##_start_interval, \
111  plugin##_end_interval, \
112  plugin##_process_packet, \
113  plugin##_process_flowtuple, \
114  plugin##_process_flowtuple_class_start, \
115  plugin##_process_flowtuple_class_end
116 #else
117 #define CORSARO_PLUGIN_GENERATE_PTRS(plugin) \
118  plugin##_probe_filename, \
119  plugin##_probe_magic, \
120  plugin##_init_input, \
121  plugin##_init_output, \
122  plugin##_close_input, \
123  plugin##_close_output, \
124  plugin##_read_record, \
125  plugin##_read_global_data_record, \
126  plugin##_start_interval, \
127  plugin##_end_interval, \
128  plugin##_process_packet
129 #endif
130 
138 #define CORSARO_PLUGIN_GENERATE_TAIL \
139  NULL, /* next */ \
140  0, /* argc */ \
141  NULL /* argv */
142 
147 #define CORSARO_PLUGIN_STATE(corsaro, type, id) \
148  ((struct corsaro_##type##_state_t*) \
149  ((corsaro)->plugin_manager->plugins_state[(id)-1]))
150 
155 #define CORSARO_PLUGIN_PLUGIN(corsaro, id) \
156  ((corsaro)->plugin_manager->plugins[(id)-1])
157 
166 typedef enum corsaro_plugin_id
167 {
174  CORSARO_PLUGIN_ID_PCAP = 1,
175 
177  CORSARO_PLUGIN_ID_ANON = 2,
178 
180  CORSARO_PLUGIN_ID_PFX2AS = 3,
181 
183  CORSARO_PLUGIN_ID_FILTERGEO = 6,
184 
186  CORSARO_PLUGIN_ID_FILTERPFX = 7,
187 
189  CORSARO_PLUGIN_ID_GEODB = 9,
190 
192  CORSARO_PLUGIN_ID_FLOWTUPLE = 20,
193 
195  CORSARO_PLUGIN_ID_DOS = 30,
196 
198  CORSARO_PLUGIN_ID_SMEE = 80,
199 
201  CORSARO_PLUGIN_ID_MAX = CORSARO_PLUGIN_ID_SMEE
202 } corsaro_plugin_id_t;
203 
205 /* All functions should return -1, or NULL on failure */
206 typedef struct corsaro_plugin
207 {
210  const char *name;
211 
212 #if 0
213 
216  /*const char *version;*/
217 #endif
218 
220  const corsaro_plugin_id_t id;
221 
223  const uint32_t magic;
224 
231  int (*probe_filename)(const char *fname);
232 
240  int (*probe_magic)(struct corsaro_in *corsaro, corsaro_file_in_t *file);
241 
247  int (*init_input)(struct corsaro_in *corsaro);
248 
254  int (*init_output)(struct corsaro *corsaro);
255 
261  int (*close_input)(struct corsaro_in *corsaro);
262 
268  int (*close_output)(struct corsaro *corsaro);
269 
281  off_t (*read_record)(struct corsaro_in *corsaro,
282  enum corsaro_in_record_type *record_type,
283  struct corsaro_in_record *record);
284 
296  off_t (*read_global_data_record)(struct corsaro_in *corsaro,
297  enum corsaro_in_record_type *record_type,
298  struct corsaro_in_record *record);
299 
306  int (*start_interval)(struct corsaro *corsaro, struct corsaro_interval *int_start);
307 
316  int (*end_interval)(struct corsaro *corsaro, struct corsaro_interval *int_end);
317 
330  int (*process_packet)(struct corsaro *corsaro, struct corsaro_packet *packet);
331 
332 #ifdef WITH_PLUGIN_SIXT
333 
343  int (*process_flowtuple)(struct corsaro *corsaro,
344  corsaro_flowtuple_t *flowtuple,
345  struct corsaro_packet_state *state);
346 
357  int (*process_flowtuple_class_start)(struct corsaro *corsaro,
358  corsaro_flowtuple_class_start_t *class);
359 
370  int (*process_flowtuple_class_end)(struct corsaro *corsaro,
371  corsaro_flowtuple_class_end_t *class);
372 #endif
373 
376  struct corsaro_plugin *next;
377 
379  int argc;
380 
385  char **argv;
386 
387 } corsaro_plugin_t;
388 
394 typedef struct corsaro_plugin_manager
395 {
400  uint16_t *plugins_enabled;
401 
403  uint16_t plugins_enabled_cnt;
404 
406  corsaro_plugin_t **plugins;
407 
409  corsaro_plugin_t *first_plugin;
410 
412  void **plugins_state;
413 
415  uint16_t plugins_cnt;
416 
418  corsaro_file_t *logfile;
419 
420 } corsaro_plugin_manager_t;
421 
426 corsaro_plugin_manager_t *corsaro_plugin_manager_init();
427 
432 int corsaro_plugin_manager_start(corsaro_plugin_manager_t *manager);
433 
443 void corsaro_plugin_manager_free(corsaro_plugin_manager_t *manager);
444 
451 corsaro_plugin_t *corsaro_plugin_get_by_id(corsaro_plugin_manager_t *manager,
452  int id);
453 
460 corsaro_plugin_t *corsaro_plugin_get_by_magic(corsaro_plugin_manager_t *manager,
461  uint32_t id);
462 
469 corsaro_plugin_t *corsaro_plugin_get_by_name(corsaro_plugin_manager_t *manager,
470  const char *name);
471 
480 corsaro_plugin_t *corsaro_plugin_next(corsaro_plugin_manager_t *manager,
481  corsaro_plugin_t *plugin);
482 
489 void corsaro_plugin_register_state(corsaro_plugin_manager_t *manager,
490  corsaro_plugin_t *plugin,
491  void *state);
492 
498 void corsaro_plugin_free_state(corsaro_plugin_manager_t *manager,
499  corsaro_plugin_t *plugin);
500 
507 int corsaro_plugin_probe_filename(const char *fname, corsaro_plugin_t *plugin);
508 
516 const char *corsaro_plugin_get_name_by_id(corsaro_plugin_manager_t *manager,
517  int id);
518 
526 const char *corsaro_plugin_get_name_by_magic(corsaro_plugin_manager_t *manager,
527  uint32_t magic);
528 
538 int corsaro_plugin_is_enabled(corsaro_plugin_manager_t *manager,
539  corsaro_plugin_t *plugin);
540 
550 int corsaro_plugin_enable_plugin(corsaro_plugin_manager_t *manager,
551  const char *plugin_name,
552  const char *plugin_args);
553 
554 #endif /* __CORSARO_PLUGIN_H */
corsaro_interval
Structure representing the start or end of an interval.
Definition: corsaro_int.h:156
corsaro_file_in
An opaque structure defining an corsaro input file.
Definition: corsaro_file.h:86
corsaro_plugin_is_enabled
int corsaro_plugin_is_enabled(corsaro_plugin_manager_t *manager, corsaro_plugin_t *plugin)
Determine whether this plugin is enabled for use.
Definition: corsaro_plugin.c:509
corsaro_plugin::name
const char * name
The name of this plugin used in the ascii output and eventually to allow plugins to be enabled and di...
Definition: corsaro_plugin.h:210
CORSARO_PLUGIN_ID_SMEE
Smee plugin.
Definition: corsaro_plugin.h:198
corsaro_plugin_id_t
enum corsaro_plugin_id corsaro_plugin_id_t
A unique identifier for a plugin, used when writing binary data.
corsaro_file
An opaque structure defining an corsaro output file.
Definition: corsaro_file.h:60
corsaro_in_record
A reusable opaque structure for corsaro to read an input record into.
Definition: corsaro_int.h:350
corsaro_plugin::close_input
int(* close_input)(struct corsaro_in *corsaro)
Concludes an input file and cleans up the plugin data.
Definition: corsaro_plugin.h:261
CORSARO_PLUGIN_ID_FILTERGEO
FilterGeo plugin.
Definition: corsaro_plugin.h:183
corsaro_plugin::argv
char ** argv
Array of plugin arguments This is populated by the plugin manager in corsaro_plugin_enable_plugin.
Definition: corsaro_plugin.h:385
corsaro_plugin::close_output
int(* close_output)(struct corsaro *corsaro)
Concludes an output file and cleans up the plugin data.
Definition: corsaro_plugin.h:268
corsaro_plugin_enable_plugin
int corsaro_plugin_enable_plugin(corsaro_plugin_manager_t *manager, const char *plugin_name, const char *plugin_args)
Attempt to enable a plugin by its name.
Definition: corsaro_plugin.c:532
corsaro_plugin_next
corsaro_plugin_t * corsaro_plugin_next(corsaro_plugin_manager_t *manager, corsaro_plugin_t *plugin)
Retrieve the next plugin in the list.
Definition: corsaro_plugin.c:437
corsaro_plugin_manager::plugins_cnt
uint16_t plugins_cnt
The number of active plugins.
Definition: corsaro_plugin.h:415
packet
static libtrace_packet_t * packet
A pointer to a libtrace packet.
Definition: corsaro_main.c:67
corsaro_plugin_free_state
void corsaro_plugin_free_state(corsaro_plugin_manager_t *manager, corsaro_plugin_t *plugin)
Free the state for a plugin.
Definition: corsaro_plugin.c:465
corsaro_plugin_get_by_magic
corsaro_plugin_t * corsaro_plugin_get_by_magic(corsaro_plugin_manager_t *manager, uint32_t id)
Attempt to retrieve a plugin by magic number (not by using magic)
Definition: corsaro_plugin.c:407
corsaro_plugin_manager::plugins_state
void ** plugins_state
A pointer to the array of plugin states.
Definition: corsaro_plugin.h:412
corsaro_plugin_manager::plugins_enabled
uint16_t * plugins_enabled
An array of plugin ids that have been enabled by the user.
Definition: corsaro_plugin.h:400
corsaro_packet
A lightweight wrapper around a libtrace packet.
Definition: corsaro_int.h:211
corsaro_plugin_manager_free
void corsaro_plugin_manager_free(corsaro_plugin_manager_t *manager)
Free the plugin manager and all in-use plugins.
Definition: corsaro_plugin.c:341
corsaro_plugin_manager
Holds the metadata for the plugin manager.
Definition: corsaro_plugin.h:394
corsaro_in_record_type
corsaro_in_record_type
Corsaro input record types.
Definition: corsaro.h:97
corsaro_plugin_manager_start
int corsaro_plugin_manager_start(corsaro_plugin_manager_t *manager)
Start the plugin manager.
Definition: corsaro_plugin.c:296
corsaro_plugin_get_name_by_id
const char * corsaro_plugin_get_name_by_id(corsaro_plugin_manager_t *manager, int id)
Get the name of a plugin given it's ID number.
Definition: corsaro_plugin.c:487
corsaro_plugin_register_state
void corsaro_plugin_register_state(corsaro_plugin_manager_t *manager, corsaro_plugin_t *plugin, void *state)
Register the state for a plugin.
Definition: corsaro_plugin.c:454
corsaro_plugin_probe_filename
int corsaro_plugin_probe_filename(const char *fname, corsaro_plugin_t *plugin)
Check a filename to see if it contains a plugin's name.
Definition: corsaro_plugin.c:475
corsaro_plugin_get_name_by_magic
const char * corsaro_plugin_get_name_by_magic(corsaro_plugin_manager_t *manager, uint32_t magic)
Get the name of a plugin given it's magic number.
Definition: corsaro_plugin.c:498
corsaro_plugin::init_output
int(* init_output)(struct corsaro *corsaro)
Initialises an output file using the plugin.
Definition: corsaro_plugin.h:254
record
static corsaro_in_record_t * record
A pointer to a corsaro record.
Definition: corsaro_main.c:76
corsaro_plugin::argc
int argc
Count of arguments in argv.
Definition: corsaro_plugin.h:379
CORSARO_PLUGIN_ID_GEODB
Geolocation Database Lookup Plugin.
Definition: corsaro_plugin.h:189
corsaro_plugin_manager_init
corsaro_plugin_manager_t * corsaro_plugin_manager_init()
Initialize the plugin manager and all in-use plugins.
corsaro_plugin::probe_filename
int(* probe_filename)(const char *fname)
Given a filename, return if this is the most likely plugin.
Definition: corsaro_plugin.h:231
corsaro
static corsaro_t * corsaro
A pointer to the instance of corsaro that we will drive.
Definition: corsaro_main.c:80
corsaro_plugin::start_interval
int(* start_interval)(struct corsaro *corsaro, struct corsaro_interval *int_start)
Starts a new interval.
Definition: corsaro_plugin.h:306
corsaro_plugin::id
const corsaro_plugin_id_t id
The corsaro plugin id for this plugin.
Definition: corsaro_plugin.h:220
CORSARO_PLUGIN_ID_PFX2AS
CAIDA Prefix2AS lookup plugin.
Definition: corsaro_plugin.h:180
corsaro_plugin_t
struct corsaro_plugin corsaro_plugin_t
An corsaro packet processing plugin.
corsaro_plugin_get_by_id
corsaro_plugin_t * corsaro_plugin_get_by_id(corsaro_plugin_manager_t *manager, int id)
Attempt to retrieve a plugin by id.
Definition: corsaro_plugin.c:395
corsaro_plugin::next
struct corsaro_plugin * next
Next pointer, should always be NULL - used by the plugin manager.
Definition: corsaro_plugin.h:376
process_flowtuple
static int process_flowtuple(corsaro_flowtuple_t *tuple)
Process a FlowTuple record.
Definition: cors-ft-aggregate.c:389
CORSARO_PLUGIN_ID_ANON
IP address anonymization plugin.
Definition: corsaro_plugin.h:177
corsaro_plugin_get_by_name
corsaro_plugin_t * corsaro_plugin_get_by_name(corsaro_plugin_manager_t *manager, const char *name)
Attempt to retrieve a plugin by name.
Definition: corsaro_plugin.c:422
corsaro_plugin::end_interval
int(* end_interval)(struct corsaro *corsaro, struct corsaro_interval *int_end)
Ends an interval.
Definition: corsaro_plugin.h:316
corsaro_in
Corsaro input state.
Definition: corsaro_int.h:323
corsaro_plugin_manager::plugins
corsaro_plugin_t ** plugins
A pointer to the array of plugins in use.
Definition: corsaro_plugin.h:406
corsaro_plugin::process_packet
int(* process_packet)(struct corsaro *corsaro, struct corsaro_packet *packet)
Process a packet.
Definition: corsaro_plugin.h:330
corsaro_packet_state
Corsaro state for a packet.
Definition: corsaro_int.h:194
corsaro_plugin_manager::plugins_enabled_cnt
uint16_t plugins_enabled_cnt
The number of plugin ids in the plugins_enabled array.
Definition: corsaro_plugin.h:403
corsaro_plugin_id
corsaro_plugin_id
A unique identifier for a plugin, used when writing binary data.
Definition: corsaro_plugin.h:166
CORSARO_PLUGIN_ID_MAX
Maximum plugin ID assigned.
Definition: corsaro_plugin.h:201
corsaro_plugin::read_global_data_record
off_t(* read_global_data_record)(struct corsaro_in *corsaro, enum corsaro_in_record_type *record_type, struct corsaro_in_record *record)
Reads a plugin global data block from an input file.
Definition: corsaro_plugin.h:296
CORSARO_PLUGIN_ID_DOS
RS DoS plugin.
Definition: corsaro_plugin.h:195
corsaro
Corsaro output state.
Definition: corsaro_int.h:230
corsaro_plugin::init_input
int(* init_input)(struct corsaro_in *corsaro)
Initialises an input file using the plugin.
Definition: corsaro_plugin.h:247
CORSARO_PLUGIN_ID_FLOWTUPLE
FlowTuple plugin.
Definition: corsaro_plugin.h:192
corsaro_plugin_manager_t
struct corsaro_plugin_manager corsaro_plugin_manager_t
Holds the metadata for the plugin manager.
corsaro_plugin::magic
const uint32_t magic
The magic number for this plugin's data.
Definition: corsaro_plugin.h:223
CORSARO_PLUGIN_ID_FILTERPFX
FilterPfx plugin.
Definition: corsaro_plugin.h:186
corsaro_plugin_manager::logfile
corsaro_file_t * logfile
A pointer to the logfile to use.
Definition: corsaro_plugin.h:418
corsaro_plugin_manager::first_plugin
corsaro_plugin_t * first_plugin
A pointer to the first plugin in the list.
Definition: corsaro_plugin.h:409
CORSARO_PLUGIN_ID_PCAP
Pass-through PCAP plugin.
Definition: corsaro_plugin.h:174
corsaro_plugin
An corsaro packet processing plugin.
Definition: corsaro_plugin.h:206
corsaro_plugin::probe_magic
int(* probe_magic)(struct corsaro_in *corsaro, corsaro_file_in_t *file)
Given a file, looks at next 4 bytes to determine if this is the right plugin.
Definition: corsaro_plugin.h:240
corsaro_plugin::read_record
off_t(* read_record)(struct corsaro_in *corsaro, enum corsaro_in_record_type *record_type, struct corsaro_in_record *record)
Reads the next block of plugin data from an input file.
Definition: corsaro_plugin.h:281
corsaro_in::file
corsaro_file_in_t * file
The corsaro input file to read data from.
Definition: corsaro_int.h:329
corsaro_int.h
Header file dealing with the internal corsaro functions.