Todo List

Page Core Plugins

describe the stats kept by this plugin and what they mean.

Group Corsaro file input API functions

create a corsaro_file_rreadline function?

Global corsaro_dos_attack_vector_fprint (corsaro_t *corsaro, corsaro_file_t *file, corsaro_dos_attack_vector_in_t *av)

extend libpacketdump to allow to dump to a file

Global corsaro_dos_init_output (corsaro_t *corsaro)

dump full corsaro headers

Global corsaro_dos_probe_magic (corsaro_in_t *corsaro, corsaro_file_in_t *file)

add a magic number and make it backwards compatible

Global CORSARO_FILE_COMPRESS_LEVEL_DEFAULT

make this an option to corsaro_main.c and corsaro_alloc_output

Global corsaro_flowtuple_init_output (corsaro_t *corsaro)

dump full corsaro headers

Global corsaro_flowtuple_t

make the /8 optimizations generic for any darknet size

Global corsaro_flowtuple_t

make the /8 optimizations generic for any darknet size

Global corsaro_io_write_record (corsaro_t *corsaro, corsaro_file_t *file, corsaro_in_record_type_t record_type, corsaro_in_record_t *record)

change the switch to an array of function pointers, one for each type

add code to corsaro_file_open that creates a special 'stdout' file

Global CORSARO_PLUGIN_GENERATE_PROTOS (plugin)

split this into corsaro-out and corsaro-in macros

Global CORSARO_PLUGIN_GENERATE_PTRS (plugin)

split this into corsaro-out and corsaro-in macros

Page Tools

extend to allow to write out to binary again

respect the tuple classes for reaggregation (currently classes are discarded).

add a BPF-like filter