Skip to Content
[CAIDA - Cooperative Association for Internet Data Analysis logo]
The Cooperative Association for Internet Data Analysis
corsaro.h
Go to the documentation of this file.
1 /*
2  * corsaro
3  *
4  * Alistair King, CAIDA, UC San Diego
5  * corsaro-info@caida.org
6  *
7  * Copyright (C) 2012 The Regents of the University of California.
8  *
9  * This file is part of corsaro.
10  *
11  * corsaro is free software: you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation, either version 3 of the License, or
14  * (at your option) any later version.
15  *
16  * corsaro is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with corsaro. If not, see <http://www.gnu.org/licenses/>.
23  *
24  */
25 
26 #ifndef __CORSARO_H
27 #define __CORSARO_H
28 
29 #include "config.h"
30 
31 #include "libtrace.h"
32 #include "wandio.h"
33 
48 typedef struct corsaro corsaro_t;
50 typedef struct corsaro_in corsaro_in_t;
52 typedef struct corsaro_packet corsaro_packet_t;
54 typedef struct corsaro_in_record corsaro_in_record_t;
56 typedef struct corsaro_header corsaro_header_t;
58 typedef struct corsaro_trailer corsaro_trailer_t;
60 typedef struct corsaro_interval corsaro_interval_t;
62 typedef struct corsaro_plugin_data corsaro_plugin_data_t;
63 
84 typedef enum corsaro_in_record_type
85  {
87  CORSARO_IN_RECORD_TYPE_NULL = 0,
88 
90  CORSARO_IN_RECORD_TYPE_INTERNAL_REDIRECT = 1,
91 
93  CORSARO_IN_RECORD_TYPE_IO_HEADER = 2,
94 
96  CORSARO_IN_RECORD_TYPE_IO_TRAILER = 3,
97 
99  CORSARO_IN_RECORD_TYPE_IO_INTERVAL_START = 4,
100 
102  CORSARO_IN_RECORD_TYPE_IO_INTERVAL_END = 5,
103 
105  CORSARO_IN_RECORD_TYPE_IO_PLUGIN_START = 6,
106 
108  CORSARO_IN_RECORD_TYPE_IO_PLUGIN_END = 7,
109 
110  /* plugin specific records */
111 
112  /* corsaro_distributions has 10-19 */
113 
115  CORSARO_IN_RECORD_TYPE_DISTRIBUTIONS_START = 10,
116 
118  CORSARO_IN_RECORD_TYPE_DISTRIBUTIONS_END = 11,
119 
121  CORSARO_IN_RECORD_TYPE_DISTRIBUTIONS_ELEMENT = 12,
122 
123  /* corsaro_flowtuple has 20-29 */
124 
126  CORSARO_IN_RECORD_TYPE_FLOWTUPLE_CLASS_START = 20,
127 
129  CORSARO_IN_RECORD_TYPE_FLOWTUPLE_CLASS_END = 21,
130 
132  CORSARO_IN_RECORD_TYPE_FLOWTUPLE_FLOWTUPLE = 22,
133 
134  /* corsaro_dos has 30-39 */
135 
137  CORSARO_IN_RECORD_TYPE_DOS_GLOBAL_HEADER = 30,
138 
140  CORSARO_IN_RECORD_TYPE_DOS_HEADER = 31,
141 
143  CORSARO_IN_RECORD_TYPE_DOS_ATTACK_VECTOR = 32,
144 
145  /* corsaro_sip doesn't need any records */
146 
147  /* corsaro_symantec doesn't need any records */
148 
149  } corsaro_in_record_type_t;
150 
152 typedef enum corsaro_file_mode
153  {
155  CORSARO_FILE_MODE_ASCII = 0,
157  CORSARO_FILE_MODE_BINARY = 1,
159  CORSARO_FILE_MODE_TRACE = 2,
160 
162  CORSARO_FILE_MODE_DEFAULT = CORSARO_FILE_MODE_ASCII
163  } corsaro_file_mode_t;
164 
166 typedef enum corsaro_file_compress
167  {
169  CORSARO_FILE_COMPRESS_NONE = WANDIO_COMPRESS_NONE,
171  CORSARO_FILE_COMPRESS_ZLIB = WANDIO_COMPRESS_ZLIB,
173  CORSARO_FILE_COMPRESS_BZ2 = WANDIO_COMPRESS_BZ2,
175  CORSARO_FILE_COMPRESS_LZO = WANDIO_COMPRESS_LZO,
176 
178  CORSARO_FILE_COMPRESS_DEFAULT = CORSARO_FILE_COMPRESS_ZLIB
179  } corsaro_file_compress_t;
180 
222 corsaro_t *corsaro_alloc_output(char *template, corsaro_file_mode_t mode);
223 
229 int corsaro_start_output(corsaro_t *corsaro);
230 
239 void corsaro_set_interval(corsaro_t *corsaro, int interval);
240 
251 int corsaro_set_traceuri(corsaro_t *corsaro, char *traceuri);
252 
263 int corsaro_enable_plugin(corsaro_t *corsaro, const char *plugin_name);
264 
271 const char *corsaro_get_traceuri(corsaro_t *corsaro);
272 
283 int corsaro_set_monitorname(corsaro_t *corsaro, char *name);
284 
291 const char *corsaro_get_monitorname(corsaro_t *corsaro);
292 
304 int corsaro_per_packet(corsaro_t *corsaro, libtrace_packet_t *packet);
305 
311 int corsaro_finalize_output(corsaro_t *corsaro);
312 
336 /*
337  * === This comment is commented out... ===
338  * The file uri can optionally contain a prefix which tells corsaro the type
339  * of the file (ascii or binary) and the plugin which created it.
340  * For example, binary:corsaro_flowtuple:/path/to/file.gz indicates that the
341  * file is written in binary format, by the corsaro_flowtuple plugin.
342  *
343  * If no prefix is given, corsaro will attempt to guess the type and plugin.
344  */
345 corsaro_in_t *corsaro_alloc_input(char *corsarouri);
346 
352 int corsaro_start_input(corsaro_in_t *corsaro);
353 
359 corsaro_in_record_t *corsaro_in_alloc_record(corsaro_in_t *corsaro);
360 
365 void corsaro_in_free_record(corsaro_in_record_t *record);
366 
374 off_t corsaro_in_read_record(corsaro_in_t *corsaro,
375  corsaro_in_record_type_t *record_type,
376  corsaro_in_record_t *record);
377 
384 void *corsaro_in_get_record_data(corsaro_in_t *corsaro, corsaro_in_record_t *record);
385 
391 int corsaro_finalize_input(corsaro_in_t *corsaro);
392 
395 #endif /* __CORSARO_H */