corsaro.c File Reference

Code which implements the public functions of libcorsaro. More...

Go to the source code of this file.

Functions
static corsaro_packet_t *	corsaro_packet_alloc (corsaro_t *corsaro)
static void	corsaro_packet_state_reset (corsaro_packet_t *packet)
static void	corsaro_packet_free (corsaro_packet_t *packet)
static void	corsaro_free (corsaro_t *corsaro)
static void	populate_interval (corsaro_interval_t *interval, uint32_t number, uint32_t time)
static corsaro_t *	corsaro_init (char *template, corsaro_file_mode_t mode)
static int	start_interval (corsaro_t *corsaro, struct timeval int_start)
static int	end_interval (corsaro_t *corsaro, struct timeval int_end)
static void	corsaro_in_free (corsaro_in_t *corsaro)
static corsaro_in_t *	corsaro_in_init (char *corsarouri)
static int	process_packet (corsaro_t *corsaro, corsaro_packet_t *packet)
static int	check_global_filename (char *fname)
static int	check_global_magic (corsaro_in_t *corsaro, corsaro_file_in_t *file)
static int	is_plugin_data_or_interval (corsaro_in_t *corsaro)
static int	is_trailer_or_interval (corsaro_in_t *corsaro)
static off_t	read_record (corsaro_in_t *corsaro, corsaro_in_record_type_t *record_type, corsaro_in_record_t *record)
corsaro_t *	corsaro_alloc_output (char *template, corsaro_file_mode_t mode)
	Allocate an corsaro object.
int	corsaro_start_output (corsaro_t *corsaro)
	Initialize an corsaro object that has already been allocated.
void	corsaro_set_interval (corsaro_t *corsaro, int i)
	Accessor function to set the interval length.
int	corsaro_set_traceuri (corsaro_t *corsaro, char *uri)
	Accessor function to set the trace uri string.
int	corsaro_enable_plugin (corsaro_t *corsaro, const char *plugin_name)
	Attempt to enable a plugin using the given plugin name.
const char *	corsaro_get_traceuri (corsaro_t *corsaro)
	Accessor function to get the trace uri string.
int	corsaro_set_monitorname (corsaro_t *corsaro, char *name)
	Accessor function to set the monitor name.
const char *	corsaro_get_monitorname (corsaro_t *corsaro)
	Accessor function to get the monitor name string.
int	corsaro_per_packet (corsaro_t *corsaro, libtrace_packet_t *ltpacket)
	Perform corsaro processing on a given libtrace packet.
int	corsaro_finalize_output (corsaro_t *corsaro)
	Write the final interval and free resources allocated by corsaro.
corsaro_in_t *	corsaro_alloc_input (char *corsarouri)
	Allocate an corsaro object for reading an corsaro file.
int	corsaro_start_input (corsaro_in_t *corsaro)
	Initialize an corsaro input object that has already been allocated.
corsaro_in_record_t *	corsaro_in_alloc_record (corsaro_in_t *corsaro)
	Allocate a reusable corsaro record object.
void	corsaro_in_free_record (corsaro_in_record_t *record)
	Free an corsaro record object.
off_t	corsaro_in_read_record (corsaro_in_t *corsaro, corsaro_in_record_type_t *record_type, corsaro_in_record_t *record)
	Read the next corsaro record from the given corsaro input file.
void *	corsaro_in_get_record_data (corsaro_in_t *corsaro, corsaro_in_record_t *record)
	Get a pointer data in a record.
int	corsaro_finalize_input (corsaro_in_t *corsaro)
	Close the input file and free resources allocated by corsaro.

---

Detailed Description

Code which implements the public functions of libcorsaro.

Author:

Alistair King

Definition in file corsaro.c.

---

Function Documentation

corsaro_in_t* corsaro_alloc_input

(

char *

corsarouri

)

Allocate an corsaro object for reading an corsaro file.

Parameters:

corsarouri

The corsaro file uri to open

Returns:

a pointer to an corsaro input structure, or NULL if an error occurs

Definition at line 915 of file corsaro.c.

corsaro_t* corsaro_alloc_output	(	char *	template,
		corsaro_file_mode_t	mode
	)

Allocate an corsaro object.

Parameters:

template	The string used to generate output files
mode	The file output mode

Returns:

a pointer to an opaque corsaro structure, or NULL if an error occurs

The template must contain a pattern to be replaced with the plugin names (P). The output modes that make sense to use are CORSARO_FILE_MODE_ASCII and CORSARO_FILE_MODE_BINARY. Using CORSARO_FILE_MODE_TRACE will result in an error as not all plugins are expected to be able to write to generic packets

The returned object can then be used to set options (corsaro_set_*) before calling corsaro_start_output to write headers to the output files ready to process packets.

Definition at line 652 of file corsaro.c.

int corsaro_enable_plugin	(	corsaro_t *	corsaro,
		const char *	plugin_name
	)

Attempt to enable a plugin using the given plugin name.

Parameters:

corsaro	The corsaro object to enable the plugin for
plugin_name	The string name of the plugin to enable

Returns:

0 if the plugin was successfully enabled, -1 if an error occurs

Until this function is called successfully, all compiled plugins are considered enabled. Once it has been called, only the plugins explicitly enabled using this function will be used

Definition at line 751 of file corsaro.c.

References corsaro::plugin_manager, and corsaro::started.

int corsaro_finalize_input

(

corsaro_in_t *

corsaro

)

Close the input file and free resources allocated by corsaro.

Parameters:

corsaro

The corsaro input object to finalize

Returns:

0 if corsaro finished properly, -1 if an error occurs.

Definition at line 1088 of file corsaro.c.

int corsaro_finalize_output

(

corsaro_t *

corsaro

)

Write the final interval and free resources allocated by corsaro.

Parameters:

corsaro

The corsaro object to finalize

Returns:

0 if corsaro finished properly, -1 if an error occurs.

Definition at line 888 of file corsaro.c.

References corsaro::global_file, corsaro::last_ts, and corsaro::started.

const char* corsaro_get_monitorname

(

corsaro_t *

corsaro

)

Accessor function to get the monitor name string.

Parameters:

corsaro

The corsaro object to set the monitor name for

Returns:

a pointer to the monitor name string

Definition at line 802 of file corsaro.c.

References corsaro::monitorname, and STR.

const char* corsaro_get_traceuri

(

corsaro_t *

corsaro

)

Accessor function to get the trace uri string.

Parameters:

corsaro

The corsaro object to set the trace uri for

Returns:

a pointer to the traceuri string, or NULL if it is not set

Definition at line 768 of file corsaro.c.

References corsaro::uridata.

corsaro_in_record_t* corsaro_in_alloc_record

(

corsaro_in_t *

corsaro

)

Allocate a reusable corsaro record object.

Parameters:

corsaro

The corsaro input object to associate with the record

Returns:

a pointer to the record object, NULL if an error occurs

Definition at line 1014 of file corsaro.c.

References corsaro_in_record::buffer, corsaro_in_record::buffer_len, corsaro_in_record::corsaro, corsaro_in_free_record(), CORSARO_IN_RECORD_DEFAULT_BUFFER_LEN, and corsaro_in_record::type.

void corsaro_in_free_record

(

corsaro_in_record_t *

record

)

Free an corsaro record object.

Parameters:

record

The record object to free

Definition at line 1042 of file corsaro.c.

References corsaro_in_record::buffer, corsaro_in_record::buffer_len, and corsaro_in_record::type.

Referenced by corsaro_in_alloc_record().

void* corsaro_in_get_record_data	(	corsaro_in_t *	corsaro,
		corsaro_in_record_t *	record
	)

Get a pointer data in a record.

Parameters:

corsaro	The corsaro input object associated with the record
record	The corsaro record object to retrieve data from

Returns:

a void pointer to the data, NULL if an error occurred

Definition at line 1083 of file corsaro.c.

References corsaro_in_record::buffer.

Referenced by main().

off_t corsaro_in_read_record	(	corsaro_in_t *	corsaro,
		corsaro_in_record_type_t *	record_type,
		corsaro_in_record_t *	record
	)

Read the next corsaro record from the given corsaro input file.

Parameters:

	corsaro	The corsaro input object to read from
[in,out]		The type of the record to read
	record	The generic corsaro input record pointer

Returns:

0 on EOF, -1 on error, number of bytes read when successful

Definition at line 1062 of file corsaro.c.

References CORSARO_IN_RECORD_TYPE_NULL, corsaro_in::expected_type, corsaro_in::plugin, and corsaro_plugin::read_record.

Referenced by main().

int corsaro_per_packet	(	corsaro_t *	corsaro,
		libtrace_packet_t *	packet
	)

Perform corsaro processing on a given libtrace packet.

Parameters:

corsaro	The corsaro object used to process the packet
packet	The libtrace packet to process

Returns:

0 if the packet is successfully processed, -1 if an error occurs

For each packet, corsaro will determine whether it falls within the current interval, if not, it will write out data for the previous interval. The packet is then handed to each plugin which processes it and updates internal state.

Definition at line 814 of file corsaro.c.

References corsaro::first_ts, corsaro::interval, corsaro::interval_start, corsaro::last_ts, corsaro_packet::ltpacket, corsaro::next_report, corsaro_interval::number, corsaro::packet, corsaro::packet_cnt, and corsaro::started.

void corsaro_set_interval	(	corsaro_t *	corsaro,
		int	interval
	)

Accessor function to set the interval length.

Parameters:

corsaro	The corsaro object to set the interval for
interval	The interval (in seconds)

If this function is not called, the default interval, CORSARO_INTERVAL_DEFAULT, will be used.

Definition at line 714 of file corsaro.c.

References corsaro::interval, and corsaro::started.

int corsaro_set_monitorname	(	corsaro_t *	corsaro,
		char *	name
	)

Accessor function to set the monitor name.

Parameters:

corsaro	The corsaro object to set the monitor name for
name	The string to set as the monitor name

Returns:

0 if the name was successfully set, -1 if an error occurs

If it is not set, the value defined at compile time is used. This is either the hostname of the machine it was compiled on, or a value passed to configure using –with-monitorname

Definition at line 773 of file corsaro.c.

References corsaro::monitorname, and corsaro::started.

int corsaro_set_traceuri	(	corsaro_t *	corsaro,
		char *	traceuri
	)

Accessor function to set the trace uri string.

Parameters:

corsaro	The corsaro object to set the trace uri for
traceuri	The string to set as the trace uri

Returns:

0 if the uri was successfully set, -1 if an error occurs

The trace uri is not used internally by corsaro, this can be any user-defined string which is stored in the corsaro header in output files. If it is not set, no uri is written to the output.

Definition at line 724 of file corsaro.c.

References corsaro::started, and corsaro::uridata.

int corsaro_start_input

(

corsaro_in_t *

corsaro

)

Initialize an corsaro input object that has already been allocated.

Parameters:

corsaro

The corsaro input object to start

Returns:

0 if corsaro is started successfully, -1 if an error occurs

Definition at line 929 of file corsaro.c.

References CORSARO_IN_RECORD_TYPE_IO_HEADER, corsaro_in::expected_type, corsaro_in::file, corsaro_plugin::init_input, corsaro_plugin::name, corsaro_in::plugin, corsaro_in::plugin_manager, corsaro_plugin::probe_filename, corsaro_plugin::probe_magic, corsaro_in::started, and corsaro_in::uridata.

int corsaro_start_output

(

corsaro_t *

corsaro

)

Initialize an corsaro object that has already been allocated.

Parameters:

corsaro

The corsaro object to start

Returns:

0 if corsaro is started successfully, -1 if an error occurs

Definition at line 673 of file corsaro.c.

References corsaro::global_file, corsaro_plugin::init_output, corsaro::plugin_manager, and corsaro::started.