Context Navigation

source: lib/format_helper.c @ d7d3267

develop

Last change on this file since d7d3267 was d7d3267, checked in by Shane Alcock <salcock@…>, 2 years ago

Merge branch 'master' of git://github.com/jacobvw/libtrace into jacobvw-master

Conflicts:

lib/format_linux_ring.c

Property mode set to 100644

File size: 13.0 KB

Line
1	/*
2	*
3	* Copyright (c) 2007-2016 The University of Waikato, Hamilton, New Zealand.
4	* All rights reserved.
5	*
6	* This file is part of libtrace.
7	*
8	* This code has been developed by the University of Waikato WAND
9	* research group. For further information please see http://www.wand.net.nz/
10	*
11	* libtrace is free software; you can redistribute it and/or modify
12	* it under the terms of the GNU Lesser General Public License as published by
13	* the Free Software Foundation; either version 3 of the License, or
14	* (at your option) any later version.
15	*
16	* libtrace is distributed in the hope that it will be useful,
17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19	* GNU Lesser General Public License for more details.
20	*
21	* You should have received a copy of the GNU Lesser General Public License
22	* along with this program. If not, see <http://www.gnu.org/licenses/>.
23	*
24	*
25	*/
26	#include "config.h"
27	#include <sys/types.h>
28	#include <fcntl.h> /* for O_LARGEFILE */
29	#include <math.h>
30	#include "libtrace.h"
31	#include "libtrace_int.h"
32	#include "wandio.h"
33
34	#include <stdlib.h>
35	#include <stdio.h>
36	#include <string.h>
37	#include <errno.h>
38	#include <time.h>
39	#include "format_helper.h"
40
41	#include <stdarg.h>
42
43	#ifdef WIN32
44	# include <io.h>
45	# include <share.h>
46	# include <sys/timeb.h>
47
48	struct libtrace_eventobj_t trace_event_device(struct libtrace_t trace, struct libtrace_packet_t packet) {
49	struct libtrace_eventobj_t event = {0,0,0.0,0};
50
51	trace_set_err(trace,TRACE_ERR_OPTION_UNAVAIL, "trace_event() is not "
52	"supported on devices under windows in this version");
53
54	event.type = TRACE_EVENT_TERMINATE;
55	return event;
56	}
57	#else
58	# include <sys/ioctl.h>
59
60	/* Generic event function for live capture devices / interfaces */
61	struct libtrace_eventobj_t trace_event_device(struct libtrace_t *trace,
62	struct libtrace_packet_t *packet) {
63	struct libtrace_eventobj_t event = {0,0,0.0,0};
64
65	fd_set rfds, rfds_param;
66	int ret;
67	int max_fd;
68	struct timeval tv;
69
70	if (!trace) {
71	fprintf(stderr, "NULL trace passed into trace_event_device()\n");
72	event.type = TRACE_EVENT_TERMINATE;
73	return event;
74	}
75	if (!packet) {
76	trace_set_err(trace, TRACE_ERR_NULL_PACKET, "NULL packet passed into trace_event_device()");
77	event.type = TRACE_EVENT_TERMINATE;
78	return event;
79	}
80
81	FD_ZERO(&rfds);
82	FD_ZERO(&rfds_param);
83
84	if (trace->format->get_fd) {
85	event.fd = trace->format->get_fd(trace);
86	FD_SET(event.fd, &rfds);
87	max_fd = event.fd;
88	} else {
89	event.fd = 0;
90	max_fd = -1;
91	}
92
93	/* Use select() to perform a quick poll to check that there is data
94	* available - we used to use FIONREAD here but that does not work
95	* for mmapped pcap sockets. As recent pcap on linux (e.g. Ubuntu 9.04)
96	* uses mmapped sockets by default, I've switched over to this
97	* solution. */
98
99	do {
100	tv.tv_sec = 0;
101	tv.tv_usec = 0;
102	rfds_param = rfds;
103
104	ret = select(max_fd + 1, &rfds_param, NULL, NULL, &tv);
105	if (ret == -1 && errno != EINTR) {
106	event.type = TRACE_EVENT_TERMINATE;
107	return event;
108	}
109	} while (ret == -1);
110
111	if (FD_ISSET(event.fd, &rfds_param)) {
112	event.size = trace_read_packet(trace,packet);
113	if (event.size < 1) {
114	/* Covers error and EOF events - terminate rather
115	* than report a packet as available */
116	if (trace_is_err(trace)) {
117	trace_perror(trace, "read packet");
118	}
119	event.type = TRACE_EVENT_TERMINATE;
120	} else {
121
122	event.type = TRACE_EVENT_PACKET;
123	}
124	return event;
125	}
126	event.type= TRACE_EVENT_IOWAIT;
127	return event;
128	}
129	#endif
130
131	/* Generic event function for trace files */
132	struct libtrace_eventobj_t trace_event_trace(struct libtrace_t trace, struct libtrace_packet_t packet) {
133	struct libtrace_eventobj_t event = {0,0,0.0,0};
134	double ts;
135	double now;
136	double sincebeginnow = 0;
137	double sincebegintrace = 0;
138
139	#ifdef WIN32
140	struct __timeb64 tstruct;
141	#else
142	struct timeval stv;
143	#endif
144
145	if (!trace->event.packet) {
146	trace->event.packet = trace_create_packet();
147	}
148
149	if (!trace->event.waiting) {
150	/* There is no packet event waiting for us, so create a new
151	* libtrace packet in the event structure and read the next
152	* packet into that.
153	*
154	* If a SLEEP event is reported this time around, the read
155	* packet can therefore be saved until the next time this
156	* function is called. */
157
158	trace->event.psize=
159	trace_read_packet(trace,trace->event.packet);
160	if (trace->event.psize<1) {
161	/* Return here, the test for event.size will sort out
162	* the error */
163	if (trace_is_err(trace)) {
164	trace_perror(trace, "read packet");
165	}
166	event.type = TRACE_EVENT_TERMINATE;
167	trace_destroy_packet(trace->event.packet);
168	trace->event.packet = NULL;
169	packet->buffer = NULL;
170	packet->header = NULL;
171	packet->payload = NULL;
172	packet->buf_control = TRACE_CTRL_EXTERNAL;
173	return event;
174	}
175	}
176
177	/* The goal here is to replicate the inter-packet gaps that are
178	* present in the trace. */
179
180	ts=trace_get_seconds(trace->event.packet);
181
182	/* Get the current walltime */
183	#ifdef WIN32
184	_ftime64(&tstruct);
185	now = tstruct.time +
186	((double)tstruct.millitm / 1000.0);
187	#else
188	gettimeofday(&stv, NULL);
189	now = stv.tv_sec +
190	((double)stv.tv_usec / 1000000.0);
191	#endif
192
193
194	if (fabs(trace->event.first_ts)>1e-9) {
195	/* Subtract the tdelta from the starting times to get a suitable
196	* "relative" time */
197	sincebeginnow = (now - trace->event.first_now);
198	sincebegintrace = (ts - trace->event.first_ts);
199
200	/* If the trace timestamp is still in the future, return a
201	* SLEEP event, otherwise return the packet */
202	if (sincebeginnow <= sincebegintrace / (double)trace->replayspeedup) {
203	event.seconds = ((sincebegintrace / (double)trace->replayspeedup) - sincebeginnow);
204	event.type = TRACE_EVENT_SLEEP;
205	trace->event.waiting = true;
206	return event;
207	}
208	} else {
209	/* Work out the difference between the walltime at the start
210	* of the trace replay and the timestamp of the first packet
211	* in the trace. This will be used to convert the walltime
212	* into a timeline that is relative to the timestamps in the
213	* trace file.
214	*/
215	trace->event.first_now = (double)now;
216	trace->event.first_ts = (double)ts;
217	}
218
219	/* The packet that we had read earlier is now ready to be returned
220	* to the user - switch all the pointers etc. over */
221	packet->type = trace->event.packet->type;
222	packet->trace = trace->event.packet->trace;
223	packet->header = trace->event.packet->header;
224	packet->payload = trace->event.packet->payload;
225
226	packet->buffer = trace->event.packet->buffer;
227	packet->buf_control = trace->event.packet->buf_control;
228
229	packet->which_trace_start = trace->event.packet->which_trace_start;
230
231	event.type = TRACE_EVENT_PACKET;
232
233	trace->event.waiting = false;
234
235	return event;
236	}
237
238	/* Catch undefined O_LARGEFILE on BSD etc /
239	#ifndef O_LARGEFILE
240	# define O_LARGEFILE 0
241	#endif
242
243	/* Catching O_BINARY on all sane OS's */
244	#ifndef O_BINARY
245	# define O_BINARY 0
246	#endif
247
248	/* Open a file for reading using the new Libtrace IO system */
249	io_t trace_open_file(libtrace_t trace)
250	{
251	io_t *io=wandio_create(trace->uridata);
252
253	if (!io) {
254	if (errno != 0) {
255	trace_set_err(trace,errno,"Unable to open %s",trace->uridata);
256	} else {
257	trace_set_err(trace,TRACE_ERR_UNSUPPORTED_COMPRESS,"Unsupported compression error: %s", trace->uridata);
258	}
259	}
260	return io;
261	}
262
263	/* Open a file for writing using the new Libtrace IO system */
264	iow_t trace_open_file_out(libtrace_out_t trace, int compress_type, int level, int fileflag)
265	{
266	iow_t *io = NULL;
267
268	if (level < 0 \|\| level > 9) {
269	trace_set_err_out(trace, TRACE_ERR_UNSUPPORTED_COMPRESS,
270	"Compression level %d is invalid, must be between 0 and 9 inclusive",
271	level);
272	return NULL;
273	}
274
275	if (compress_type < 0 \|\|
276	compress_type >= TRACE_OPTION_COMPRESSTYPE_LAST) {
277	trace_set_err_out(trace, TRACE_ERR_UNSUPPORTED_COMPRESS,
278	"Invalid compression type %d", compress_type);
279	return NULL;
280	}
281
282	io = wandio_wcreate(trace->uridata, compress_type, level, fileflag);
283
284	if (!io) {
285	trace_set_err_out(trace, errno, "Unable to create output file %s", trace->uridata);
286	}
287	return io;
288	}
289
290
291	/** Sets the error status for an input trace
292	* @param errcode either an Econstant from libc, or a LIBTRACE_ERROR
293	* @param msg a plaintext error message
294	* @internal
295	*/
296	void trace_set_err(libtrace_t trace,int errcode,const char msg,...)
297	{
298	char buf[256];
299	va_list va;
300	va_start(va,msg);
301
302	if (errcode == 0) {
303	fprintf(stderr, "An error occurred, but it is unknown what it is");
304	return;
305	}
306
307	trace->err.err_num=errcode;
308	if (errcode>0) {
309	vsnprintf(buf,sizeof(buf),msg,va);
310	snprintf(trace->err.problem,sizeof(trace->err.problem),
311	"%s: %s",buf,strerror(errcode));
312	} else {
313	vsnprintf(trace->err.problem,sizeof(trace->err.problem),
314	msg,va);
315	}
316	va_end(va);
317	}
318
319	/** Sets the error status for an output trace
320	* @param errcode either an Econstant from libc, or a LIBTRACE_ERROR
321	* @param msg a plaintext error message
322	* @internal
323	*/
324	void trace_set_err_out(libtrace_out_t trace,int errcode,const char msg,...)
325	{
326	char buf[256];
327	va_list va;
328	va_start(va,msg);
329	if (errcode == 0) {
330	fprintf(stderr, "An error occurred, but is is unknown what is is");
331	return;
332	}
333	trace->err.err_num=errcode;
334	if (errcode>0) {
335	vsnprintf(buf,sizeof(buf),msg,va);
336	snprintf(trace->err.problem,sizeof(trace->err.problem),
337	"%s: %s",buf,strerror(errno));
338	} else {
339	vsnprintf(trace->err.problem,sizeof(trace->err.problem),
340	msg,va);
341	}
342	va_end(va);
343	}
344
345	/** Attempts to determine the direction for a pcap (or pcapng) packet.
346	*
347	* @param packet The packet in question.
348	* @return A valid libtrace_direction_t describing the direction that the
349	* packet was travelling, if direction can be determined. Otherwise
350	* returns TRACE_DIR_UNKNOWN.
351	* @internal
352	*
353	* Note that we can determine the direction for only certain types of packets
354	* if they are captured using pcap/pcapng, specifically SLL and PFLOG captures.
355	*/
356	libtrace_direction_t pcap_get_direction(const libtrace_packet_t *packet) {
357	libtrace_direction_t direction = -1;
358	switch(pcap_linktype_to_libtrace(rt_to_pcap_linktype(packet->type))) {
359	/* We can only get the direction for PCAP packets that have
360	* been encapsulated in Linux SLL or PFLOG */
361	case TRACE_TYPE_LINUX_SLL:
362	{
363	libtrace_sll_header_t *sll;
364	libtrace_linktype_t linktype;
365
366	sll = (libtrace_sll_header_t*)trace_get_packet_buffer(
367	packet,
368	&linktype,
369	NULL);
370	if (!sll) {
371	trace_set_err(packet->trace,
372	TRACE_ERR_BAD_PACKET,
373	"Bad or missing packet");
374	return -1;
375	}
376	/* 0 == LINUX_SLL_HOST */
377	/* the Waikato Capture point defines "packets
378	* originating locally" (ie, outbound), with a
379	* direction of 0, and "packets destined locally"
380	* (ie, inbound), with a direction of 1.
381	* This is kind-of-opposite to LINUX_SLL.
382	* We return consistent values here, however
383	*
384	* Note that in recent versions of pcap, you can
385	* use "inbound" and "outbound" on ppp in linux
386	*/
387	if (ntohs(sll->pkttype == 0)) {
388	direction = TRACE_DIR_INCOMING;
389	} else {
390	direction = TRACE_DIR_OUTGOING;
391	}
392	break;
393
394	}
395	case TRACE_TYPE_PFLOG:
396	{
397	libtrace_pflog_header_t *pflog;
398	libtrace_linktype_t linktype;
399
400	pflog=(libtrace_pflog_header_t*)trace_get_packet_buffer(
401	packet,&linktype,NULL);
402	if (!pflog) {
403	trace_set_err(packet->trace,
404	TRACE_ERR_BAD_PACKET,
405	"Bad or missing packet");
406	return -1;
407	}
408	/* enum { PF_IN=0, PF_OUT=1 }; */
409	if (ntohs(pflog->dir==0)) {
410
411	direction = TRACE_DIR_INCOMING;
412	}
413	else {
414	direction = TRACE_DIR_OUTGOING;
415	}
416	break;
417	}
418	default:
419	break;
420	}
421	return direction;
422	}
423
424

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: lib/format_helper.c @ d7d3267

Download in other formats: