source: lib/format_helper.c @ 633339d

cachetimestampsdevelopdpdk-ndagetsilivendag_formatrc-4.0.2rc-4.0.3rc-4.0.4ringdecrementfixringperformance
Last change on this file since 633339d was 633339d, checked in by Shane Alcock <salcock@…>, 4 years ago

Push pcap_get_direction() function to format_helper.c

This means we don't have duplicate "get direction" code
in multiple pcap-based format modules. The future addition of
pcapng will be able to use this function too.

  • Property mode set to 100644
File size: 12.4 KB
Line 
1/*
2 *
3 * Copyright (c) 2007-2016 The University of Waikato, Hamilton, New Zealand.
4 * All rights reserved.
5 *
6 * This file is part of libtrace.
7 *
8 * This code has been developed by the University of Waikato WAND
9 * research group. For further information please see http://www.wand.net.nz/
10 *
11 * libtrace is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU Lesser General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
15 *
16 * libtrace is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
19 * GNU Lesser General Public License for more details.
20 *
21 * You should have received a copy of the GNU Lesser General Public License
22 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
23 *
24 *
25 */
26#include "config.h"
27#include <sys/types.h>
28#include <fcntl.h> /* for O_LARGEFILE */
29#include <math.h>
30#include "libtrace.h"
31#include "libtrace_int.h"
32#include "wandio.h"
33
34#include <stdlib.h>
35#include <stdio.h>
36#include <string.h>
37#include <errno.h>
38#include <time.h>
39#include "format_helper.h"
40
41#include <assert.h>
42#include <stdarg.h>
43
44#ifdef WIN32
45#  include <io.h>
46#  include <share.h>
47#  include <sys/timeb.h>
48
49struct libtrace_eventobj_t trace_event_device(struct libtrace_t *trace, struct libtrace_packet_t *packet) {
50    struct libtrace_eventobj_t event = {0,0,0.0,0};
51
52    trace_set_err(trace,TRACE_ERR_OPTION_UNAVAIL, "trace_event() is not "
53            "supported on devices under windows in this version");
54
55    event.type = TRACE_EVENT_TERMINATE;
56    return event;
57}
58#else
59#  include <sys/ioctl.h>
60
61/* Generic event function for live capture devices / interfaces */
62struct libtrace_eventobj_t trace_event_device(struct libtrace_t *trace, 
63                                        struct libtrace_packet_t *packet) {
64        struct libtrace_eventobj_t event = {0,0,0.0,0};
65
66        fd_set rfds, rfds_param;
67        int ret;
68        int max_fd;
69        struct timeval tv;
70
71        assert(trace != NULL);
72        assert(packet != NULL);
73       
74        FD_ZERO(&rfds);
75        FD_ZERO(&rfds_param);
76
77        if (trace->format->get_fd) {
78                event.fd = trace->format->get_fd(trace);
79                FD_SET(event.fd, &rfds);
80                max_fd = event.fd;
81        } else {
82                event.fd = 0;
83                max_fd = -1;
84        }
85
86        /* Use select() to perform a quick poll to check that there is data
87         * available - we used to use FIONREAD here but that does not work
88         * for mmapped pcap sockets. As recent pcap on linux (e.g. Ubuntu 9.04)
89         * uses mmapped sockets by default, I've switched over to this
90         * solution. */
91
92        do {
93                tv.tv_sec = 0;
94                tv.tv_usec = 0;
95                rfds_param = rfds;
96
97                ret = select(max_fd + 1, &rfds_param, NULL, NULL, &tv);
98                if (ret == -1 && errno != EINTR) {
99                        event.type = TRACE_EVENT_TERMINATE;
100                        return event;
101                }
102        } while (ret == -1);
103
104        if (FD_ISSET(event.fd, &rfds_param)) {
105                event.size = trace_read_packet(trace,packet);
106                if (event.size < 1) {
107                        /* Covers error and EOF events - terminate rather
108                         * than report a packet as available */
109                        if (trace_is_err(trace)) {
110                                trace_perror(trace, "read packet");
111                        }
112                        event.type = TRACE_EVENT_TERMINATE;
113                } else {
114
115                        event.type = TRACE_EVENT_PACKET;
116                }
117                return event;
118        }
119        event.type= TRACE_EVENT_IOWAIT;
120        return event;
121}
122#endif
123
124/* Generic event function for trace files */ 
125struct libtrace_eventobj_t trace_event_trace(struct libtrace_t *trace, struct libtrace_packet_t *packet) {
126        struct libtrace_eventobj_t event = {0,0,0.0,0};
127        double ts;
128        double now;
129#ifdef WIN32
130        struct __timeb64 tstruct;
131#else
132        struct timeval stv;
133#endif
134
135        if (!trace->event.packet) {
136                trace->event.packet = trace_create_packet();
137        }
138
139        if (!trace->event.waiting) {
140                /* There is no packet event waiting for us, so create a new
141                 * libtrace packet in the event structure and read the next
142                 * packet into that.
143                 *
144                 * If a SLEEP event is reported this time around, the read
145                 * packet can therefore be saved until the next time this
146                 * function is called. */
147
148                trace->event.psize=
149                        trace_read_packet(trace,trace->event.packet);
150                if (trace->event.psize<1) {
151                        /* Return here, the test for event.size will sort out
152                         * the error  */
153                        if (trace_is_err(trace)) {
154                                trace_perror(trace, "read packet");
155                        }
156                        event.type = TRACE_EVENT_TERMINATE;
157                        trace_destroy_packet(trace->event.packet);
158                        trace->event.packet = NULL;
159                        packet->buffer = NULL;
160                        packet->header = NULL;
161                        packet->payload = NULL;
162                        packet->buf_control = TRACE_CTRL_EXTERNAL;
163                        return event;
164                }
165        }
166
167        /* The goal here is to replicate the inter-packet gaps that are
168         * present in the trace. */
169
170        ts=trace_get_seconds(trace->event.packet);
171
172        /* Get the current walltime */
173#ifdef WIN32
174        _ftime64(&tstruct);
175        now = tstruct.time + 
176                ((double)tstruct.millitm / 1000.0);
177#else
178        gettimeofday(&stv, NULL);
179        now = stv.tv_sec + 
180                ((double)stv.tv_usec / 1000000.0);
181#endif
182
183       
184        if (fabs(trace->event.tdelta)>1e-9) {
185                /* Subtract the tdelta from the walltime to get a suitable
186                 * "relative" time */
187                now -= trace->event.tdelta; 
188
189                /* If the trace timestamp is still in the future, return a
190                 * SLEEP event, otherwise return the packet */
191                if (ts > now) {
192                        event.seconds = ts - 
193                                trace->event.trace_last_ts;
194                        trace->event.trace_last_ts = ts;
195                        event.type = TRACE_EVENT_SLEEP;
196                        trace->event.waiting = true;
197                        return event;
198                }
199        } else {
200                /* Work out the difference between the walltime at the start
201                 * of the trace replay and the timestamp of the first packet
202                 * in the trace. This will be used to convert the walltime
203                 * into a timeline that is relative to the timestamps in the
204                 * trace file.
205                 */
206                trace->event.tdelta = now - ts;
207        }
208
209        /* The packet that we had read earlier is now ready to be returned
210         * to the user - switch all the pointers etc. over */   
211        packet->type = trace->event.packet->type;
212        packet->trace = trace->event.packet->trace;
213        packet->header = trace->event.packet->header;
214        packet->payload = trace->event.packet->payload;
215       
216        packet->buffer = trace->event.packet->buffer;
217        packet->buf_control = trace->event.packet->buf_control;
218
219        event.type = TRACE_EVENT_PACKET;
220
221        trace->event.trace_last_ts = ts;
222        trace->event.waiting = false;
223
224        return event;
225}
226
227/* Catch undefined O_LARGEFILE on *BSD etc */
228#ifndef O_LARGEFILE
229#  define O_LARGEFILE 0
230#endif
231
232/* Catching O_BINARY on all sane OS's */
233#ifndef O_BINARY
234#  define O_BINARY 0
235#endif
236
237/* Open a file for reading using the new Libtrace IO system */
238io_t *trace_open_file(libtrace_t *trace)
239{
240        io_t *io=wandio_create(trace->uridata);
241
242        if (!io) {
243                if (errno != 0) {
244                        trace_set_err(trace,errno,"Unable to open %s",trace->uridata);
245                } else {
246                        trace_set_err(trace,TRACE_ERR_UNSUPPORTED_COMPRESS,"Unsupported compression error: %s", trace->uridata);
247                }
248        }
249        return io;
250}
251
252/* Open a file for writing using the new Libtrace IO system */ 
253iow_t *trace_open_file_out(libtrace_out_t *trace, int compress_type, int level, int fileflag)
254{
255        iow_t *io = NULL;
256
257        if (level < 0 || level > 9) {
258                trace_set_err_out(trace, TRACE_ERR_UNSUPPORTED_COMPRESS, 
259                                "Compression level %d is invalid, must be between 0 and 9 inclusive", 
260                                level);
261                return NULL;
262        }
263
264        if (compress_type < 0 || 
265                        compress_type >= TRACE_OPTION_COMPRESSTYPE_LAST) {
266                trace_set_err_out(trace, TRACE_ERR_UNSUPPORTED_COMPRESS,
267                                "Invalid compression type %d", compress_type);
268                return NULL;
269        }
270
271        io = wandio_wcreate(trace->uridata, compress_type, level, fileflag);
272
273        if (!io) {
274                trace_set_err_out(trace, errno, "Unable to create output file %s", trace->uridata);
275        }
276        return io;
277}
278
279
280/** Sets the error status for an input trace
281 * @param errcode either an Econstant from libc, or a LIBTRACE_ERROR
282 * @param msg a plaintext error message
283 * @internal
284 */
285void trace_set_err(libtrace_t *trace,int errcode,const char *msg,...)
286{
287        char buf[256];
288        va_list va;
289        va_start(va,msg);
290        assert(errcode != 0 && "An error occurred, but it is unknown what it is");
291        trace->err.err_num=errcode;
292        if (errcode>0) {
293                vsnprintf(buf,sizeof(buf),msg,va);
294                snprintf(trace->err.problem,sizeof(trace->err.problem),
295                                "%s: %s",buf,strerror(errcode));
296        } else {
297                vsnprintf(trace->err.problem,sizeof(trace->err.problem),
298                                msg,va);
299        }
300        va_end(va);
301}
302
303/** Sets the error status for an output trace
304 * @param errcode either an Econstant from libc, or a LIBTRACE_ERROR
305 * @param msg a plaintext error message
306 * @internal
307 */
308void trace_set_err_out(libtrace_out_t *trace,int errcode,const char *msg,...)
309{
310        char buf[256];
311        va_list va;
312        va_start(va,msg);
313        assert(errcode != 0 && "An error occurred, but it is unknown what it is");
314        trace->err.err_num=errcode;
315        if (errcode>0) {
316                vsnprintf(buf,sizeof(buf),msg,va);
317                snprintf(trace->err.problem,sizeof(trace->err.problem),
318                                "%s: %s",buf,strerror(errno));
319        } else {
320                vsnprintf(trace->err.problem,sizeof(trace->err.problem),
321                                msg,va);
322        }
323        va_end(va);
324}
325
326/** Attempts to determine the direction for a pcap (or pcapng) packet.
327 *
328 * @param packet        The packet in question.
329 * @return A valid libtrace_direction_t describing the direction that the
330 *         packet was travelling, if direction can be determined. Otherwise
331 *         returns TRACE_DIR_UNKNOWN.
332 * @internal
333 *
334 * Note that we can determine the direction for only certain types of packets
335 * if they are captured using pcap/pcapng, specifically SLL and PFLOG captures.
336 */
337libtrace_direction_t pcap_get_direction(const libtrace_packet_t *packet) {
338        libtrace_direction_t direction  = -1;
339        switch(pcap_linktype_to_libtrace(rt_to_pcap_linktype(packet->type))) {
340                /* We can only get the direction for PCAP packets that have
341                 * been encapsulated in Linux SLL or PFLOG */
342                case TRACE_TYPE_LINUX_SLL:
343                {
344                        libtrace_sll_header_t *sll;
345                        libtrace_linktype_t linktype;
346
347                        sll = (libtrace_sll_header_t*)trace_get_packet_buffer(
348                                        packet,
349                                        &linktype,
350                                        NULL);
351                        if (!sll) {
352                                trace_set_err(packet->trace,
353                                        TRACE_ERR_BAD_PACKET,
354                                                "Bad or missing packet");
355                                return -1;
356                        }
357                        /* 0 == LINUX_SLL_HOST */
358                        /* the Waikato Capture point defines "packets
359                         * originating locally" (ie, outbound), with a
360                         * direction of 0, and "packets destined locally"
361                         * (ie, inbound), with a direction of 1.
362                         * This is kind-of-opposite to LINUX_SLL.
363                         * We return consistent values here, however
364                         *
365                         * Note that in recent versions of pcap, you can
366                         * use "inbound" and "outbound" on ppp in linux
367                         */
368                        if (ntohs(sll->pkttype == 0)) {
369                                direction = TRACE_DIR_INCOMING;
370                        } else {
371                                direction = TRACE_DIR_OUTGOING;
372                        }
373                        break;
374
375                }
376               case TRACE_TYPE_PFLOG:
377                {
378                        libtrace_pflog_header_t *pflog;
379                        libtrace_linktype_t linktype;
380
381                        pflog=(libtrace_pflog_header_t*)trace_get_packet_buffer(
382                                        packet,&linktype,NULL);
383                        if (!pflog) {
384                                trace_set_err(packet->trace,
385                                                TRACE_ERR_BAD_PACKET,
386                                                "Bad or missing packet");
387                                return -1;
388                        }
389                        /* enum    { PF_IN=0, PF_OUT=1 }; */
390                        if (ntohs(pflog->dir==0)) {
391
392                                direction = TRACE_DIR_INCOMING;
393                        }
394                        else {
395                                direction = TRACE_DIR_OUTGOING;
396                        }
397                        break;
398                }
399                default:
400                        break;
401        }       
402        return direction;
403}
404
405
Note: See TracBrowser for help on using the repository browser.