corsaro_plugin Struct Reference

An corsaro packet processing plugin. More...

Collaboration diagram for corsaro_plugin:

Data Fields
const char *	name
	The name of this plugin used in the ascii output and eventually to allow plugins to be enabled and disabled.
const corsaro_plugin_id_t	id
	The corsaro plugin id for this plugin.
const uint32_t	magic
	The magic number for this plugin's data.
int(*	probe_filename )(const char *fname)
	Given a filename, return if this is the most likely plugin.
int(*	probe_magic )(struct corsaro_in *corsaro, corsaro_file_in_t *file)
	Given a file, looks at next 4 bytes to determine if this is the right plugin.
int(*	init_input )(struct corsaro_in *corsaro)
	Initialises an input file using the plugin.
int(*	init_output )(struct corsaro *corsaro)
	Initialises an output file using the plugin.
int(*	close_input )(struct corsaro_in *corsaro)
	Concludes an input file and cleans up the plugin data.
int(*	close_output )(struct corsaro *corsaro)
	Concludes an output file and cleans up the plugin data.
off_t(*	read_record )(struct corsaro_in *corsaro, enum corsaro_in_record_type *record_type, struct corsaro_in_record *record)
	Reads the next block of plugin data from an input file.
off_t(*	read_global_data_record )(struct corsaro_in *corsaro, enum corsaro_in_record_type *record_type, struct corsaro_in_record *record)
	Reads a plugin global data block from an input file.
int(*	start_interval )(struct corsaro *corsaro, struct corsaro_interval *int_start)
	Starts a new interval.
int(*	end_interval )(struct corsaro *corsaro, struct corsaro_interval *int_end)
	Ends an interval.
int(*	process_packet )(struct corsaro *corsaro, struct corsaro_packet *packet)
	Process a packet.
struct corsaro_plugin *	next
	Next pointer, should always be NULL - used by the plugin manager.

---

Detailed Description

An corsaro packet processing plugin.

Definition at line 128 of file corsaro_plugin.h.

---

Field Documentation

int(* corsaro_plugin::close_input)(struct corsaro_in *corsaro)

Concludes an input file and cleans up the plugin data.

Parameters:

corsaro

The corsaro input to be concluded

Returns:

0 if successful, -1 if an error occurs

Definition at line 182 of file corsaro_plugin.h.

int(* corsaro_plugin::close_output)(struct corsaro *corsaro)

Concludes an output file and cleans up the plugin data.

Parameters:

corsaro

The output file to be concluded

Returns:

0 if successful, -1 if an error occurs

Definition at line 189 of file corsaro_plugin.h.

int(* corsaro_plugin::end_interval)(struct corsaro *corsaro, struct corsaro_interval *int_end)

Ends an interval.

Parameters:

corsaro	The output object end the interval on
int_end	The end structure for the interval

Returns:

0 if successful, -1 if an error occurs

This is likely when the plugin will write it's data to it's output file

Definition at line 237 of file corsaro_plugin.h.

const corsaro_plugin_id_t corsaro_plugin::id

The corsaro plugin id for this plugin.

Definition at line 141 of file corsaro_plugin.h.

Referenced by corsaro_plugin_enable_plugin(), corsaro_plugin_free_state(), corsaro_plugin_is_enabled(), corsaro_plugin_manager_start(), and corsaro_plugin_register_state().

int(* corsaro_plugin::init_input)(struct corsaro_in *corsaro)

Initialises an input file using the plugin.

Parameters:

corsaro

The corsaro input to be initialized

Returns:

0 if successful, -1 in the event of error

Definition at line 168 of file corsaro_plugin.h.

Referenced by corsaro_start_input().

int(* corsaro_plugin::init_output)(struct corsaro *corsaro)

Initialises an output file using the plugin.

Parameters:

corsaro

The corsaro output to be initialized

Returns:

0 if successful, -1 in the event of error

Definition at line 175 of file corsaro_plugin.h.

Referenced by corsaro_start_output().

const uint32_t corsaro_plugin::magic

The magic number for this plugin's data.

Definition at line 144 of file corsaro_plugin.h.

const char* corsaro_plugin::name

The name of this plugin used in the ascii output and eventually to allow plugins to be enabled and disabled.

Definition at line 132 of file corsaro_plugin.h.

Referenced by corsaro_dos_init_output(), corsaro_flowtuple_init_output(), corsaro_plugin_get_by_name(), corsaro_plugin_get_name(), corsaro_plugin_probe_filename(), and corsaro_start_input().

struct corsaro_plugin* corsaro_plugin::next

Next pointer, should always be NULL - used by the plugin manager.

Definition at line 255 of file corsaro_plugin.h.

Referenced by corsaro_plugin_manager_start(), and corsaro_plugin_next().

int(* corsaro_plugin::probe_filename)(const char *fname)

Given a filename, return if this is the most likely plugin.

Used to "guess" the plugin when it is not specified.

Parameters:

fname

The name of the device or file to examine

Returns:

1 if the name matches the plugin, 0 otherwise

Definition at line 152 of file corsaro_plugin.h.

Referenced by corsaro_start_input().

int(* corsaro_plugin::probe_magic)(struct corsaro_in *corsaro, corsaro_file_in_t *file)

Given a file, looks at next 4 bytes to determine if this is the right plugin.

Used to "guess" the plugin when it is not specified

Parameters:

file	An corsaro file to peek at

Returns:

1 if the file matches the plugin, 0 otherwise

Definition at line 161 of file corsaro_plugin.h.

Referenced by corsaro_start_input().

int(* corsaro_plugin::process_packet)(struct corsaro *corsaro, struct corsaro_packet *packet)

Process a packet.

Parameters:

corsaro	The output object to process the packet for
corsaro_packet_t	*packet The packet to process

Returns:

0 if successful, -1 if an error occurs

This is where the magic happens, the plugin should do any processing needed for this packet and update internal state and optionally update the corsaro_packet_state object to pass on discoveries to later plugins.

Definition at line 251 of file corsaro_plugin.h.

off_t(* corsaro_plugin::read_global_data_record)(struct corsaro_in *corsaro, enum corsaro_in_record_type *record_type, struct corsaro_in_record *record)

Reads a plugin global data block from an input file.

Parameters:

	corsaro	The input file to read from
[in,out]	record_type	The type of record to read, NULL for wildcard
[in,out]	record	A pointer to the record object to fill

Returns:

The the number of bytes read from the file, or -1 if an error occurs. 0 is returned when the plugin reaches the end of it's data.

If no more data is available for reading, this function should return 0. The returned pointer should be cast to the appropriate plugin data struct.

Definition at line 217 of file corsaro_plugin.h.

off_t(* corsaro_plugin::read_record)(struct corsaro_in *corsaro, enum corsaro_in_record_type *record_type, struct corsaro_in_record *record)

Reads the next block of plugin data from an input file.

Parameters:

	corsaro	The input file to read from
[in,out]	record_type	The type of record to read, NULL for wildcard
[in,out]	record	A pointer to the record object to fill

Returns:

The the number of bytes read from the file, or -1 if an error occurs. 0 is returned when the plugin reaches the end of it's data.

If no more data is available for reading, this function should return 0. The returned pointer should be cast to the appropriate plugin data struct.

Definition at line 202 of file corsaro_plugin.h.

Referenced by corsaro_in_read_record().

int(* corsaro_plugin::start_interval)(struct corsaro *corsaro, struct corsaro_interval *int_start)

Starts a new interval.

Parameters:

corsaro	The output object to start the interval on
int_start	The start structure for the interval

Returns:

0 if successful, -1 if an error occurs

Definition at line 227 of file corsaro_plugin.h.

---

The documentation for this struct was generated from the following file:

• corsaro_plugin.h