1 | /* |
---|
2 | * This file is part of libtrace |
---|
3 | * |
---|
4 | * Copyright (c) 2004 The University of Waikato, Hamilton, New Zealand. |
---|
5 | * Authors: Daniel Lawson |
---|
6 | * Perry Lorier |
---|
7 | * |
---|
8 | * All rights reserved. |
---|
9 | * |
---|
10 | * This code has been developed by the University of Waikato WAND |
---|
11 | * research group. For further information please see http://www.wand.net.nz/ |
---|
12 | * |
---|
13 | * libtrace is free software; you can redistribute it and/or modify |
---|
14 | * it under the terms of the GNU General Public License as published by |
---|
15 | * the Free Software Foundation; either version 2 of the License, or |
---|
16 | * (at your option) any later version. |
---|
17 | * |
---|
18 | * libtrace is distributed in the hope that it will be useful, |
---|
19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
21 | * GNU General Public License for more details. |
---|
22 | * |
---|
23 | * You should have received a copy of the GNU General Public License |
---|
24 | * along with libtrace; if not, write to the Free Software |
---|
25 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
---|
26 | * |
---|
27 | * $Id$ |
---|
28 | * |
---|
29 | */ |
---|
30 | |
---|
31 | |
---|
32 | /** @file |
---|
33 | * |
---|
34 | * @brief Trace file processing library |
---|
35 | * |
---|
36 | * @author Daniel Lawson |
---|
37 | * @author Perry Lorier |
---|
38 | * |
---|
39 | * @internal |
---|
40 | */ |
---|
41 | #define _GNU_SOURCE |
---|
42 | #include "common.h" |
---|
43 | #include "config.h" |
---|
44 | #include <assert.h> |
---|
45 | #include <errno.h> |
---|
46 | #include <fcntl.h> |
---|
47 | #include <netdb.h> |
---|
48 | #include <stdio.h> |
---|
49 | #include <stdlib.h> |
---|
50 | #include <string.h> |
---|
51 | #include <sys/stat.h> |
---|
52 | #include <sys/types.h> |
---|
53 | |
---|
54 | #ifdef HAVE_LIMITS_H |
---|
55 | # include <limits.h> |
---|
56 | #endif |
---|
57 | |
---|
58 | #ifdef HAVE_SYS_LIMITS_H |
---|
59 | # include <sys/limits.h> |
---|
60 | #endif |
---|
61 | |
---|
62 | #include <sys/socket.h> |
---|
63 | #include <sys/un.h> |
---|
64 | #include <sys/mman.h> |
---|
65 | #include <unistd.h> |
---|
66 | |
---|
67 | #ifdef HAVE_NET_IF_ARP_H |
---|
68 | # include <net/if_arp.h> |
---|
69 | #endif |
---|
70 | |
---|
71 | #ifdef HAVE_NET_IF_H |
---|
72 | # include <net/if.h> |
---|
73 | #endif |
---|
74 | |
---|
75 | #ifdef HAVE_NETINET_IN_H |
---|
76 | # include <netinet/in.h> |
---|
77 | #endif |
---|
78 | |
---|
79 | #ifdef HAVE_NET_ETHERNET_H |
---|
80 | # include <net/ethernet.h> |
---|
81 | #endif |
---|
82 | |
---|
83 | #ifdef HAVE_NETINET_IF_ETHER_H |
---|
84 | # include <netinet/if_ether.h> |
---|
85 | #endif |
---|
86 | |
---|
87 | #include <time.h> |
---|
88 | #include <sys/ioctl.h> |
---|
89 | |
---|
90 | #ifdef HAVE_INTTYPES_H |
---|
91 | # include <inttypes.h> |
---|
92 | #else |
---|
93 | # error "Can't find inttypes.h - this needs to be fixed" |
---|
94 | #endif |
---|
95 | |
---|
96 | #ifdef HAVE_STDDEF_H |
---|
97 | # include <stddef.h> |
---|
98 | #else |
---|
99 | # error "Can't find stddef.h - do you define ptrdiff_t elsewhere?" |
---|
100 | #endif |
---|
101 | |
---|
102 | #include "libtrace.h" |
---|
103 | #include "fifo.h" |
---|
104 | |
---|
105 | #if HAVE_PCAP_BPF_H |
---|
106 | # include <pcap-bpf.h> |
---|
107 | #else |
---|
108 | # ifdef HAVE_NET_BPF_H |
---|
109 | # include <net/bpf.h> |
---|
110 | # endif |
---|
111 | #endif |
---|
112 | |
---|
113 | #if HAVE_PCAP_H |
---|
114 | # include <pcap.h> |
---|
115 | # ifdef HAVE_PCAP_INT_H |
---|
116 | # include <pcap-int.h> |
---|
117 | # endif |
---|
118 | #endif |
---|
119 | |
---|
120 | #ifdef HAVE_ZLIB_H |
---|
121 | # include <zlib.h> |
---|
122 | #endif |
---|
123 | |
---|
124 | |
---|
125 | #include "wag.h" |
---|
126 | |
---|
127 | #ifdef HAVE_DAG_API |
---|
128 | # include "dagnew.h" |
---|
129 | # include "dagapi.h" |
---|
130 | #else |
---|
131 | # include "dagformat.h" |
---|
132 | #endif |
---|
133 | |
---|
134 | |
---|
135 | typedef enum {SOCKET, TRACE, STDIN, DEVICE, INTERFACE, RT } source_t; |
---|
136 | |
---|
137 | typedef enum {ERF, PCAP, PCAPINT, DAG, RTCLIENT, WAG, WAGINT } format_t; |
---|
138 | |
---|
139 | #if HAVE_BPF |
---|
140 | /** A type encapsulating a bpf filter |
---|
141 | * This type covers the compiled bpf filter, as well as the original filter |
---|
142 | * string |
---|
143 | * |
---|
144 | */ |
---|
145 | struct libtrace_filter_t { |
---|
146 | struct bpf_insn *filter; |
---|
147 | char * filterstring; |
---|
148 | }; |
---|
149 | #endif |
---|
150 | |
---|
151 | /** The information about traces that are open |
---|
152 | * @internal |
---|
153 | */ |
---|
154 | struct libtrace_t { |
---|
155 | format_t format; /**< The format that this trace is in */ |
---|
156 | source_t sourcetype; /**< The type (device,file, etc */ |
---|
157 | union { |
---|
158 | /** Information about rtclients */ |
---|
159 | struct { |
---|
160 | char *hostname; |
---|
161 | short port; |
---|
162 | } rt; |
---|
163 | char *path; /**< information for local sockets */ |
---|
164 | char *interface; /**< intormation for reading of network |
---|
165 | interfaces */ |
---|
166 | } conn_info; |
---|
167 | /** Information about the current state of the input device */ |
---|
168 | union { |
---|
169 | int fd; |
---|
170 | FILE *file; |
---|
171 | #if HAVE_PCAP |
---|
172 | pcap_t *pcap; |
---|
173 | #endif |
---|
174 | } input; |
---|
175 | struct fifo_t *fifo; |
---|
176 | struct { |
---|
177 | void *buf; |
---|
178 | unsigned bottom; |
---|
179 | unsigned top; |
---|
180 | unsigned diff; |
---|
181 | unsigned curr; |
---|
182 | unsigned offset; |
---|
183 | } dag; |
---|
184 | struct { |
---|
185 | void *buffer; |
---|
186 | int size; |
---|
187 | } packet; |
---|
188 | double tdelta; |
---|
189 | double trace_start_ts; |
---|
190 | double real_start_ts; |
---|
191 | double trace_last_ts; |
---|
192 | |
---|
193 | double last_ts; |
---|
194 | double start_ts; |
---|
195 | struct { |
---|
196 | #define COMP_IBUF_SIZE 65536 |
---|
197 | void *ibuf; |
---|
198 | void *cbuf; |
---|
199 | |
---|
200 | uint64_t ibuf_pos; |
---|
201 | uint64_t cbuf_max; |
---|
202 | uint64_t cbuf_pos; |
---|
203 | struct fifo_t *cfifo; |
---|
204 | } comp; |
---|
205 | }; |
---|
206 | |
---|
207 | struct trace_sll_header_t { |
---|
208 | uint16_t pkttype; /* packet type */ |
---|
209 | uint16_t hatype; /* link-layer address type */ |
---|
210 | uint16_t halen; /* link-layer address length */ |
---|
211 | char addr[8]; /* link-layer address */ |
---|
212 | uint16_t protocol; /* protocol */ |
---|
213 | }; |
---|
214 | |
---|
215 | #ifndef PF_RULESET_NAME_SIZE |
---|
216 | #define PF_RULESET_NAME_SIZE 16 |
---|
217 | #endif |
---|
218 | |
---|
219 | #ifndef IFNAMSIZ |
---|
220 | #define IFNAMSIZ 16 |
---|
221 | #endif |
---|
222 | |
---|
223 | struct trace_pflog_header_t { |
---|
224 | uint8_t length; |
---|
225 | sa_family_t af; |
---|
226 | uint8_t action; |
---|
227 | uint8_t reason; |
---|
228 | char ifname[IFNAMSIZ]; |
---|
229 | char ruleset[PF_RULESET_NAME_SIZE]; |
---|
230 | uint32_t rulenr; |
---|
231 | uint32_t subrulenr; |
---|
232 | uint8_t dir; |
---|
233 | uint8_t pad[3]; |
---|
234 | }; |
---|
235 | |
---|
236 | |
---|
237 | /* forward declarations for local functions */ |
---|
238 | |
---|
239 | int trace_uncompress(void * dest, size_t destLen, const void *source, size_t sourceLen); |
---|
240 | int trace_comp_read(struct libtrace_t *trace, void *buffer, size_t len); |
---|
241 | |
---|
242 | |
---|
243 | #define RP_BUFSIZE 65536 |
---|
244 | |
---|
245 | #define URI_PROTO_LINE 16 |
---|
246 | static int init_trace(struct libtrace_t **libtrace, char *uri) { |
---|
247 | char *scan = calloc(sizeof(char),URI_PROTO_LINE); |
---|
248 | char *uridata = 0; |
---|
249 | struct stat buf; |
---|
250 | |
---|
251 | // parse the URI to determine what sort of event we are dealing with |
---|
252 | |
---|
253 | // want snippet before the : to get the uri base type. |
---|
254 | |
---|
255 | if((uridata = strchr(uri,':')) == NULL) { |
---|
256 | // badly formed URI - needs a : |
---|
257 | return 0; |
---|
258 | } |
---|
259 | |
---|
260 | if ((*uridata - *uri) > URI_PROTO_LINE) { |
---|
261 | // badly formed URI - uri type is too long |
---|
262 | return 0; |
---|
263 | } |
---|
264 | strncpy(scan,uri, (uridata - uri)); |
---|
265 | |
---|
266 | (*libtrace)->tdelta = 0.0; |
---|
267 | |
---|
268 | if (!strncasecmp(scan,"erf",3)) { |
---|
269 | (*libtrace)->format=ERF; |
---|
270 | #if HAVE_PCAP |
---|
271 | } else if (!strncasecmp(scan,"pcapint",7)) { |
---|
272 | (*libtrace)->format=PCAPINT; |
---|
273 | } else if (!strncasecmp(scan,"pcap",4)) { |
---|
274 | (*libtrace)->format=PCAP; |
---|
275 | #else |
---|
276 | } else if (!strncasecmp(scan,"pcap",4)) { // also catches pcapint |
---|
277 | fprintf(stderr,"This version of libtrace has been compiled without PCAP support\n"); |
---|
278 | return 0; |
---|
279 | #endif |
---|
280 | |
---|
281 | #if HAVE_DAG |
---|
282 | } else if (!strncasecmp(scan,"dag",3)) { |
---|
283 | (*libtrace)->format=DAG; |
---|
284 | #else |
---|
285 | } else if (!strncasecmp(scan,"dag",3)) { |
---|
286 | fprintf(stderr,"This version of libtrace has been compiled without DAG support\n"); |
---|
287 | return 0; |
---|
288 | #endif |
---|
289 | } else if (!strncasecmp(scan,"rtclient",7)) { |
---|
290 | (*libtrace)->format=RTCLIENT; |
---|
291 | } else if (!strncasecmp(scan,"wagint",6)) { |
---|
292 | struct ports_t *port; |
---|
293 | (*libtrace)->format=WAGINT; |
---|
294 | } else if (!strncasecmp(scan,"wag",3)) { |
---|
295 | (*libtrace)->format=WAG; |
---|
296 | } else { |
---|
297 | //badly formed URI |
---|
298 | return 0; |
---|
299 | } |
---|
300 | |
---|
301 | // push uridata past the delimiter |
---|
302 | uridata++; |
---|
303 | |
---|
304 | // libtrace->format now contains the type of uri |
---|
305 | // libtrace->uridata contains the appropriate data for this |
---|
306 | |
---|
307 | switch((*libtrace)->format) { |
---|
308 | #if HAVE_PCAP |
---|
309 | case PCAPINT: |
---|
310 | #endif |
---|
311 | case WAGINT: |
---|
312 | /* Can have uridata of the following format |
---|
313 | * eth0 |
---|
314 | * etc |
---|
315 | */ |
---|
316 | // We basically assume this is correct. |
---|
317 | (*libtrace)->sourcetype = INTERFACE; |
---|
318 | (*libtrace)->conn_info.path = strdup(uridata); |
---|
319 | break; |
---|
320 | #if HAVE_PCAP |
---|
321 | case PCAP: |
---|
322 | #endif |
---|
323 | case ERF: |
---|
324 | case WAG: |
---|
325 | /* |
---|
326 | * Can have uridata of the following format |
---|
327 | * /path/to/socket (probably not PCAP) |
---|
328 | * /path/to/file |
---|
329 | * /path/to/file.gz (not PCAP) |
---|
330 | * /dev/device (use PCAPINT) |
---|
331 | * - |
---|
332 | */ |
---|
333 | if (!strncmp(uridata,"-",1)) { |
---|
334 | (*libtrace)->sourcetype = STDIN; |
---|
335 | } else { |
---|
336 | if (stat(uridata,&buf) == -1) { |
---|
337 | perror("stat"); |
---|
338 | return 0; |
---|
339 | } |
---|
340 | if (S_ISSOCK(buf.st_mode)) { |
---|
341 | (*libtrace)->sourcetype = SOCKET; |
---|
342 | } else if (S_ISCHR(buf.st_mode)) { |
---|
343 | (*libtrace)->sourcetype = DEVICE; |
---|
344 | } else { |
---|
345 | (*libtrace)->sourcetype = TRACE; |
---|
346 | } |
---|
347 | (*libtrace)->conn_info.path = strdup(uridata); |
---|
348 | } |
---|
349 | break; |
---|
350 | case DAG: |
---|
351 | #if HAVE_DAG |
---|
352 | /* |
---|
353 | * Can have uridata of the following format: |
---|
354 | * /dev/device |
---|
355 | */ |
---|
356 | if (stat(uridata,&buf) == -1) { |
---|
357 | perror("stat"); |
---|
358 | return 0; |
---|
359 | } |
---|
360 | if (S_ISCHR(buf.st_mode)) { |
---|
361 | (*libtrace)->sourcetype = DEVICE; |
---|
362 | } else { |
---|
363 | fprintf(stderr,"%s isn't a valid char device, exiting\n",uridata); |
---|
364 | exit(1); |
---|
365 | } |
---|
366 | (*libtrace)->conn_info.path = strdup(uridata); |
---|
367 | #endif |
---|
368 | break; |
---|
369 | |
---|
370 | case RTCLIENT: |
---|
371 | /* |
---|
372 | * Can have the uridata in the format |
---|
373 | * hostname |
---|
374 | * hostname:port |
---|
375 | */ |
---|
376 | (*libtrace)->sourcetype = RT; |
---|
377 | if (strlen(uridata) == 0) { |
---|
378 | (*libtrace)->conn_info.rt.hostname = |
---|
379 | strdup("localhost"); |
---|
380 | (*libtrace)->conn_info.rt.port = |
---|
381 | COLLECTOR_PORT; |
---|
382 | break; |
---|
383 | } |
---|
384 | if ((scan = strchr(uridata,':')) == NULL) { |
---|
385 | (*libtrace)->conn_info.rt.hostname = |
---|
386 | strdup(uridata); |
---|
387 | (*libtrace)->conn_info.rt.port = |
---|
388 | COLLECTOR_PORT; |
---|
389 | } else { |
---|
390 | (*libtrace)->conn_info.rt.hostname = |
---|
391 | (char *)strndup(uridata,(scan - uridata)); |
---|
392 | |
---|
393 | (*libtrace)->conn_info.rt.port = |
---|
394 | atoi(++scan); |
---|
395 | } |
---|
396 | break; |
---|
397 | } |
---|
398 | |
---|
399 | |
---|
400 | (*libtrace)->fifo = create_fifo(1048576); |
---|
401 | assert( (*libtrace)->fifo); |
---|
402 | //(*libtrace)->packet.buffer = 0; |
---|
403 | //(*libtrace)->packet.size = 0; |
---|
404 | |
---|
405 | (*libtrace)->comp.ibuf = 0; |
---|
406 | (*libtrace)->comp.cbuf = 0; |
---|
407 | (*libtrace)->comp.cfifo = create_fifo(1048576); |
---|
408 | |
---|
409 | return 1; |
---|
410 | } |
---|
411 | |
---|
412 | /** Create a trace file from a URI |
---|
413 | * |
---|
414 | * @returns opaque pointer to a libtrace_t |
---|
415 | * |
---|
416 | * Valid URI's are: |
---|
417 | * erf:/path/to/erf/file |
---|
418 | * erf:/path/to/erf/file.gz |
---|
419 | * erf:/path/to/rtclient/socket |
---|
420 | * erf:- (stdin) |
---|
421 | * pcapint:pcapinterface (eg: pcapint:eth0) |
---|
422 | * pcap:/path/to/pcap/file |
---|
423 | * pcap:- |
---|
424 | * rtclient:hostname |
---|
425 | * rtclient:hostname:port |
---|
426 | * wag:- |
---|
427 | * wag:/path/to/wag/file |
---|
428 | * wag:/path/to/wag/file.gz |
---|
429 | * wag:/path/to/wag/socket |
---|
430 | * wagint:/dev/device |
---|
431 | * |
---|
432 | * URIs which have yet to be implemented are: |
---|
433 | * dag:/dev/dagcard |
---|
434 | * pcap:/path/to/pcap/socket |
---|
435 | * |
---|
436 | * If an error occured when attempting to open a trace, NULL is returned |
---|
437 | * and an error is output to stdout. |
---|
438 | */ |
---|
439 | struct libtrace_t *trace_create(char *uri) { |
---|
440 | struct libtrace_t *libtrace = malloc(sizeof(struct libtrace_t)); |
---|
441 | struct hostent *he; |
---|
442 | struct sockaddr_in remote; |
---|
443 | struct sockaddr_un unix_sock; |
---|
444 | #if HAVE_PCAP |
---|
445 | char errbuf[PCAP_ERRBUF_SIZE]; |
---|
446 | #endif |
---|
447 | |
---|
448 | if(init_trace(&libtrace,uri) == 0) { |
---|
449 | return 0; |
---|
450 | } |
---|
451 | |
---|
452 | switch(libtrace->sourcetype) { |
---|
453 | case RT: |
---|
454 | if ((he=gethostbyname(libtrace->conn_info.rt.hostname)) == NULL) { |
---|
455 | perror("gethostbyname"); |
---|
456 | return 0; |
---|
457 | } |
---|
458 | if ((libtrace->input.fd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { |
---|
459 | perror("socket"); |
---|
460 | return 0; |
---|
461 | } |
---|
462 | |
---|
463 | remote.sin_family = AF_INET; |
---|
464 | remote.sin_port = htons(libtrace->conn_info.rt.port); |
---|
465 | remote.sin_addr = *((struct in_addr *)he->h_addr); |
---|
466 | bzero(&(remote.sin_zero), 8); |
---|
467 | |
---|
468 | if (connect(libtrace->input.fd, (struct sockaddr *)&remote, |
---|
469 | sizeof(struct sockaddr)) == -1) { |
---|
470 | perror("connect (inet)"); |
---|
471 | return 0; |
---|
472 | } |
---|
473 | break; |
---|
474 | case TRACE: |
---|
475 | #if HAVE_PCAP |
---|
476 | if (libtrace->format == PCAP) { |
---|
477 | if ((libtrace->input.pcap = pcap_open_offline(libtrace->conn_info.path, errbuf)) == NULL) { |
---|
478 | fprintf(stderr,"%s\n",errbuf); |
---|
479 | return 0; |
---|
480 | } |
---|
481 | } else { |
---|
482 | #else |
---|
483 | { |
---|
484 | #endif |
---|
485 | // We just open files now, because we |
---|
486 | // do the decompression internally |
---|
487 | libtrace->input.file = fopen(libtrace->conn_info.path, "r"); |
---|
488 | } |
---|
489 | break; |
---|
490 | case STDIN: |
---|
491 | #if HAVE_PCAP |
---|
492 | if (libtrace->format == PCAP) { |
---|
493 | libtrace->input.pcap = pcap_open_offline("-",errbuf); |
---|
494 | } else { |
---|
495 | #else |
---|
496 | { |
---|
497 | #endif |
---|
498 | #if HAVE_ZLIB |
---|
499 | libtrace->input.file = gzdopen(STDIN, "r"); |
---|
500 | #else |
---|
501 | libtrace->input.file = stdin; |
---|
502 | #endif |
---|
503 | } |
---|
504 | break; |
---|
505 | case SOCKET: |
---|
506 | /* Pcap doesn't work */ |
---|
507 | if (libtrace->format != PCAP) { |
---|
508 | if ((libtrace->input.fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { |
---|
509 | perror("socket"); |
---|
510 | return 0; |
---|
511 | } |
---|
512 | unix_sock.sun_family = AF_UNIX; |
---|
513 | bzero(unix_sock.sun_path,108); |
---|
514 | snprintf(unix_sock.sun_path,108,"%s",libtrace->conn_info.path); |
---|
515 | |
---|
516 | if (connect(libtrace->input.fd, (struct sockaddr *)&unix_sock, |
---|
517 | sizeof(struct sockaddr)) == -1) { |
---|
518 | perror("connect (unix)"); |
---|
519 | return 0; |
---|
520 | } |
---|
521 | } |
---|
522 | break; |
---|
523 | case DEVICE: |
---|
524 | case INTERFACE: |
---|
525 | switch (libtrace->format) { |
---|
526 | #if HAVE_PCAP |
---|
527 | case PCAPINT: |
---|
528 | case PCAP: |
---|
529 | libtrace->input.pcap = pcap_open_live( |
---|
530 | libtrace->conn_info.path, |
---|
531 | 4096, |
---|
532 | 1, |
---|
533 | 1, |
---|
534 | errbuf); |
---|
535 | break; |
---|
536 | #endif |
---|
537 | case WAGINT: |
---|
538 | case WAG: |
---|
539 | libtrace->input.fd = open( |
---|
540 | libtrace->conn_info.path, |
---|
541 | O_RDONLY); |
---|
542 | break; |
---|
543 | #if HAVE_DAG |
---|
544 | case DAG: |
---|
545 | if((libtrace->input.fd = dag_open(libtrace->conn_info.path)) < 0) { |
---|
546 | fprintf(stderr,"Cannot open DAG %s: %m\n", libtrace->conn_info.path,errno); |
---|
547 | exit(0); |
---|
548 | } |
---|
549 | if((libtrace->dag.buf = dag_mmap(libtrace->input.fd)) == MAP_FAILED) { |
---|
550 | fprintf(stderr,"Cannot mmap DAG %s: %m\n", libtrace->conn_info.path,errno); |
---|
551 | exit(0); |
---|
552 | } |
---|
553 | if(dag_start(libtrace->input.fd) < 0) { |
---|
554 | fprintf(stderr,"Cannot start DAG %s: %m\n", libtrace->conn_info.path,errno); |
---|
555 | exit(0); |
---|
556 | } |
---|
557 | break; |
---|
558 | #endif |
---|
559 | default: |
---|
560 | fprintf(stderr,"Unknown format trace, hoping I can just read\n"); |
---|
561 | break; |
---|
562 | |
---|
563 | } |
---|
564 | break; |
---|
565 | default: |
---|
566 | fprintf(stderr,"Unsupported source type for libtrace, terminating (%i)\n",libtrace->sourcetype); |
---|
567 | exit(0); |
---|
568 | |
---|
569 | } |
---|
570 | return libtrace; |
---|
571 | } |
---|
572 | |
---|
573 | /** Close a trace file, freeing up any resources it may have been using |
---|
574 | * |
---|
575 | */ |
---|
576 | void trace_destroy(struct libtrace_t *libtrace) { |
---|
577 | assert(libtrace); |
---|
578 | #if HAVE_PCAP |
---|
579 | if (libtrace->format == PCAP || libtrace->format == PCAPINT) { |
---|
580 | pcap_close(libtrace->input.pcap); |
---|
581 | #else |
---|
582 | if (0) { |
---|
583 | #endif |
---|
584 | } else if (libtrace->sourcetype == SOCKET || libtrace->sourcetype == RT) { |
---|
585 | close(libtrace->input.fd); |
---|
586 | #if HAVE_DAG |
---|
587 | } else if (libtrace->format == DAG) { |
---|
588 | dag_stop(libtrace->input.fd); |
---|
589 | #endif |
---|
590 | } else { |
---|
591 | fclose(libtrace->input.file); |
---|
592 | } |
---|
593 | // need to free things! |
---|
594 | destroy_fifo(libtrace->fifo); |
---|
595 | destroy_fifo(libtrace->comp.cfifo); |
---|
596 | |
---|
597 | if (libtrace->comp.ibuf) { |
---|
598 | free(libtrace->comp.ibuf); |
---|
599 | free(libtrace->comp.cbuf); |
---|
600 | } |
---|
601 | |
---|
602 | free(libtrace); |
---|
603 | } |
---|
604 | |
---|
605 | static int trace_read(struct libtrace_t *libtrace, void *buffer, size_t len) { |
---|
606 | int numbytes; |
---|
607 | static short lctr = 0; |
---|
608 | struct dag_record_t *recptr = 0; |
---|
609 | int rlen; |
---|
610 | assert(libtrace); |
---|
611 | assert(len >= 0); |
---|
612 | |
---|
613 | if (buffer == 0) |
---|
614 | buffer = malloc(len); |
---|
615 | |
---|
616 | while(1) { |
---|
617 | switch(libtrace->sourcetype) { |
---|
618 | case SOCKET: |
---|
619 | case RT: |
---|
620 | |
---|
621 | #ifndef MSG_NOSIGNAL |
---|
622 | #define MSG_NOSIGNAL 0 |
---|
623 | #endif |
---|
624 | // read from the network |
---|
625 | if ((numbytes=recv(libtrace->input.fd, |
---|
626 | buffer, |
---|
627 | len, |
---|
628 | MSG_NOSIGNAL)) == -1) { |
---|
629 | if (errno == EINTR) { |
---|
630 | // ignore EINTR in case |
---|
631 | // a caller is using signals |
---|
632 | continue; |
---|
633 | } |
---|
634 | perror("recv"); |
---|
635 | return -1; |
---|
636 | } |
---|
637 | break; |
---|
638 | case DEVICE: |
---|
639 | switch(libtrace->format) { |
---|
640 | #if HAVE_DAG |
---|
641 | case DAG: |
---|
642 | |
---|
643 | libtrace->dag.bottom = libtrace->dag.top; |
---|
644 | libtrace->dag.top = dag_offset( |
---|
645 | libtrace->input.fd, |
---|
646 | &(libtrace->dag.bottom), |
---|
647 | 0); |
---|
648 | libtrace->dag.diff = libtrace->dag.top - |
---|
649 | libtrace->dag.bottom; |
---|
650 | |
---|
651 | numbytes=libtrace->dag.diff; |
---|
652 | libtrace->dag.offset = 0; |
---|
653 | |
---|
654 | break; |
---|
655 | #endif |
---|
656 | default: |
---|
657 | if ((numbytes=read(libtrace->input.fd, |
---|
658 | buffer, |
---|
659 | len)) == -1) { |
---|
660 | perror("read"); |
---|
661 | return -1; |
---|
662 | } |
---|
663 | } |
---|
664 | break; |
---|
665 | default: |
---|
666 | #if HAVE_ZLIB |
---|
667 | if ((numbytes=trace_comp_read(libtrace, |
---|
668 | //if ((numbytes=gzread(libtrace->input.file, |
---|
669 | buffer, |
---|
670 | len)) == -1) { |
---|
671 | //perror("gzread"); |
---|
672 | return -1; |
---|
673 | } |
---|
674 | #else |
---|
675 | if ((numbytes=fread(buffer,len,1,libtrace->input.file)) == 0 ) { |
---|
676 | if(feof(libtrace->input.file)) { |
---|
677 | return 0; |
---|
678 | } |
---|
679 | if(ferror(libtrace->input.file)) { |
---|
680 | perror("fread"); |
---|
681 | return -1; |
---|
682 | } |
---|
683 | return 0; |
---|
684 | } |
---|
685 | #endif |
---|
686 | } |
---|
687 | break; |
---|
688 | } |
---|
689 | return numbytes; |
---|
690 | |
---|
691 | } |
---|
692 | |
---|
693 | #if HAVE_PCAP |
---|
694 | void trace_pcap_handler(u_char *user, const struct pcap_pkthdr *pcaphdr, const u_char *pcappkt) { |
---|
695 | struct libtrace_packet_t *packet = (struct libtrace_packet_t *)user; |
---|
696 | void *buffer = packet->buffer; |
---|
697 | int numbytes = 0; |
---|
698 | |
---|
699 | memcpy(buffer,pcaphdr,sizeof(struct pcap_pkthdr)); |
---|
700 | numbytes = pcaphdr->len; |
---|
701 | memcpy(buffer + sizeof(struct pcap_pkthdr),pcappkt,numbytes); |
---|
702 | |
---|
703 | packet->size = numbytes + sizeof(struct pcap_pkthdr); |
---|
704 | |
---|
705 | } |
---|
706 | #endif |
---|
707 | /** Read one packet from the trace into buffer |
---|
708 | * |
---|
709 | * @param libtrace the libtrace opaque pointer |
---|
710 | * @param packet the packet opaque pointer |
---|
711 | * @returns false if it failed to read a packet |
---|
712 | * |
---|
713 | */ |
---|
714 | int trace_read_packet(struct libtrace_t *libtrace, struct libtrace_packet_t *packet) { |
---|
715 | int numbytes; |
---|
716 | int size; |
---|
717 | char buf[RP_BUFSIZE]; |
---|
718 | #if HAVE_PCAP |
---|
719 | //struct pcap_pkthdr *pcaphdr = malloc(sizeof(struct pcap_pkthdr)); |
---|
720 | const u_char *pcappkt; |
---|
721 | int pcapbytes = 0; |
---|
722 | #endif |
---|
723 | dag_record_t *erfptr; |
---|
724 | int read_required = 0; |
---|
725 | |
---|
726 | void *buffer = 0; |
---|
727 | if (!libtrace) { |
---|
728 | fprintf(stderr,"Oi! You called trace_read_packet() with a NULL libtrace parameter!\n"); |
---|
729 | } |
---|
730 | assert(libtrace); |
---|
731 | assert(packet); |
---|
732 | |
---|
733 | /* Store the trace we are reading from into the packet opaque |
---|
734 | * structure */ |
---|
735 | packet->trace = libtrace; |
---|
736 | |
---|
737 | buffer = packet->buffer; |
---|
738 | #if HAVE_PCAP |
---|
739 | /* PCAP gives us it's own per-packet interface. Let's use it */ |
---|
740 | if (libtrace->format == PCAP || libtrace->format == PCAPINT) { |
---|
741 | /* pcap_next doesn't return enough information for us |
---|
742 | * newer libpcap has pcap_next_ex, which does, but we'd |
---|
743 | * really rather have it all the time. */ |
---|
744 | |
---|
745 | //if ((pcappkt = pcap_next(libtrace->input.pcap, &pcaphdr)) == NULL) { |
---|
746 | /* |
---|
747 | if ((pcapbytes = pcap_next_ex(libtrace->input.pcap, |
---|
748 | &pcaphdr, |
---|
749 | &pcappkt)) < 0 ) { |
---|
750 | */ |
---|
751 | /* Instead of pcap_next/pcap_next_ex, we do this ourselves |
---|
752 | * with a trivial callback function. This lets us |
---|
753 | * catch the same errors as pcap_next_ex, but removes |
---|
754 | * the requirement for libpcap >= 0.8.x |
---|
755 | */ |
---|
756 | while ((pcapbytes = pcap_dispatch(libtrace->input.pcap, |
---|
757 | 1, /* number of packets */ |
---|
758 | &trace_pcap_handler, |
---|
759 | (u_char *)packet)) == 0); |
---|
760 | |
---|
761 | if (pcapbytes < 0 ) { |
---|
762 | return -1; |
---|
763 | } |
---|
764 | return (packet->size - sizeof(struct pcap_pkthdr)); |
---|
765 | //memcpy(buffer,&pcaphdr,sizeof(struct pcap_pkthdr)); |
---|
766 | //numbytes = pcaphdr->len; |
---|
767 | //memcpy(buffer + sizeof(struct pcap_pkthdr),pcappkt,numbytes); |
---|
768 | |
---|
769 | //packet->size = numbytes + sizeof(struct pcap_pkthdr); |
---|
770 | //return numbytes; |
---|
771 | } |
---|
772 | #endif |
---|
773 | |
---|
774 | /* If we're reading from an ERF input, it's an offline trace. We can make some assumptions */ |
---|
775 | if (libtrace->format == ERF) { |
---|
776 | void *buffer2 = buffer; |
---|
777 | int rlen; |
---|
778 | // read in the trace header |
---|
779 | if ((numbytes=trace_comp_read(libtrace, |
---|
780 | //if ((numbytes=gzread(libtrace->input.file, |
---|
781 | buffer, |
---|
782 | dag_record_size)) == -1) { |
---|
783 | //perror("gzread"); |
---|
784 | return -1; |
---|
785 | } |
---|
786 | if (numbytes == 0) { |
---|
787 | return 0; |
---|
788 | } |
---|
789 | rlen = ntohs(((dag_record_t *)buffer)->rlen); |
---|
790 | size = rlen - dag_record_size; |
---|
791 | assert(size < LIBTRACE_PACKET_BUFSIZE); |
---|
792 | buffer2 = buffer + dag_record_size; |
---|
793 | |
---|
794 | // read in the rest of the packet |
---|
795 | if ((numbytes=trace_comp_read(libtrace, |
---|
796 | //if ((numbytes=gzread(libtrace->input.file, |
---|
797 | buffer2, |
---|
798 | size)) == -1) { |
---|
799 | //perror("gzread"); |
---|
800 | return -1; |
---|
801 | } |
---|
802 | //if ((numbytes + dag_record_size) != rlen) { |
---|
803 | // printf("read %d wanted %d\n",numbytes +dag_record_size, rlen); |
---|
804 | //} |
---|
805 | packet->size = rlen; |
---|
806 | |
---|
807 | return rlen; |
---|
808 | } |
---|
809 | |
---|
810 | #if HAVE_DAG |
---|
811 | if (libtrace->format == DAG) { |
---|
812 | if (libtrace->dag.diff == 0) { |
---|
813 | if ((numbytes = trace_read(libtrace,buf,RP_BUFSIZE)) <= 0) |
---|
814 | return numbytes; |
---|
815 | } |
---|
816 | // DAG always gives us whole packets. |
---|
817 | |
---|
818 | erfptr = (dag_record_t *) ((void *)libtrace->dag.buf + (libtrace->dag.bottom + libtrace->dag.offset)); |
---|
819 | size = ntohs(erfptr->rlen); |
---|
820 | |
---|
821 | if ( size > LIBTRACE_PACKET_BUFSIZE) { |
---|
822 | printf("%d\n",size); |
---|
823 | assert( size < LIBTRACE_PACKET_BUFSIZE); |
---|
824 | } |
---|
825 | |
---|
826 | // have to copy it out of the memory hole at this stage: |
---|
827 | memcpy(packet->buffer, erfptr, size); |
---|
828 | |
---|
829 | packet->size = size; |
---|
830 | libtrace->dag.offset += size; |
---|
831 | libtrace->dag.diff -= size; |
---|
832 | |
---|
833 | assert(libtrace->dag.diff >= 0); |
---|
834 | //assert(libtrace->dag.offset <= libtrace->dag.top); |
---|
835 | return (size); |
---|
836 | |
---|
837 | } |
---|
838 | #endif |
---|
839 | do { |
---|
840 | if (fifo_out_available(libtrace->fifo) == 0 || read_required) { |
---|
841 | if ((numbytes = trace_read(libtrace,buf,RP_BUFSIZE))<=0){ |
---|
842 | return numbytes; |
---|
843 | } |
---|
844 | assert(libtrace->fifo); |
---|
845 | fifo_write(libtrace->fifo,buf,numbytes); |
---|
846 | |
---|
847 | read_required = 0; |
---|
848 | } |
---|
849 | |
---|
850 | switch (libtrace->format) { |
---|
851 | case RTCLIENT: |
---|
852 | // only do this if we're reading from the RT interface |
---|
853 | if (fifo_out_read(libtrace->fifo, &packet->status, sizeof(int)) == 0) { |
---|
854 | read_required = 1; |
---|
855 | continue; |
---|
856 | } |
---|
857 | |
---|
858 | fifo_out_update(libtrace->fifo,sizeof(int)); |
---|
859 | |
---|
860 | /* FALL THRU */ |
---|
861 | case ERF: |
---|
862 | //case DAG: |
---|
863 | // read in the erf header |
---|
864 | if ((numbytes = fifo_out_read(libtrace->fifo, buffer, sizeof(dag_record_t))) == 0) { |
---|
865 | fifo_out_reset(libtrace->fifo); |
---|
866 | read_required = 1; |
---|
867 | continue; |
---|
868 | } |
---|
869 | |
---|
870 | size = ntohs(((dag_record_t *)buffer)->rlen); |
---|
871 | break; |
---|
872 | case WAG: |
---|
873 | if ((numbytes = fifo_out_read(libtrace->fifo, |
---|
874 | &size, |
---|
875 | sizeof(size))) |
---|
876 | == 0) { |
---|
877 | fifo_out_reset(libtrace->fifo); |
---|
878 | read_required = 1; |
---|
879 | continue; |
---|
880 | } |
---|
881 | size*=4; |
---|
882 | break; |
---|
883 | default: |
---|
884 | fprintf(stderr,"Unknown type in _read()\n"); |
---|
885 | assert(0); |
---|
886 | } |
---|
887 | |
---|
888 | assert(size < LIBTRACE_PACKET_BUFSIZE); |
---|
889 | |
---|
890 | // read in the full packet |
---|
891 | if ((numbytes = fifo_out_read(libtrace->fifo, buffer, size)) == 0) { |
---|
892 | fifo_out_reset(libtrace->fifo); |
---|
893 | read_required = 1; |
---|
894 | continue; |
---|
895 | } |
---|
896 | |
---|
897 | // got in our whole packet, so... |
---|
898 | fifo_out_update(libtrace->fifo,size); |
---|
899 | |
---|
900 | if (libtrace->sourcetype == SOCKET || libtrace->sourcetype == RT) { |
---|
901 | fifo_ack_update(libtrace->fifo,size + sizeof(int)); |
---|
902 | } else { |
---|
903 | fifo_ack_update(libtrace->fifo,size); |
---|
904 | } |
---|
905 | |
---|
906 | packet->size = numbytes; |
---|
907 | return numbytes; |
---|
908 | |
---|
909 | } while (1); |
---|
910 | } |
---|
911 | |
---|
912 | |
---|
913 | /** get a pointer to the link layer |
---|
914 | * @param packet a pointer to a libtrace_packet structure |
---|
915 | * |
---|
916 | * @returns a pointer to the link layer, or NULL if there is no link layer |
---|
917 | * you should call trace_get_link_type() to find out what type of link layer this is |
---|
918 | */ |
---|
919 | void *trace_get_link(const struct libtrace_packet_t *packet) { |
---|
920 | const void *ethptr = 0; |
---|
921 | dag_record_t *erfptr = 0; |
---|
922 | struct wag_event_t *event = (struct wag_event_t *)packet->buffer; |
---|
923 | struct wag_data_event_t *data_event; |
---|
924 | |
---|
925 | |
---|
926 | switch(packet->trace->format) { |
---|
927 | case ERF: |
---|
928 | case DAG: |
---|
929 | case RTCLIENT: |
---|
930 | erfptr = (dag_record_t *)packet->buffer; |
---|
931 | if (erfptr->flags.rxerror == 1) { |
---|
932 | return NULL; |
---|
933 | } |
---|
934 | if (trace_get_link_type(packet)==TRACE_TYPE_ETH) |
---|
935 | ethptr = ((uint8_t *)packet->buffer + |
---|
936 | dag_record_size + 2); |
---|
937 | else |
---|
938 | ethptr = ((uint8_t *)packet->buffer + |
---|
939 | dag_record_size + 2); |
---|
940 | break; |
---|
941 | #if HAVE_PCAP |
---|
942 | case PCAPINT: |
---|
943 | case PCAP: |
---|
944 | ethptr = (packet->buffer + sizeof(struct pcap_pkthdr)); |
---|
945 | break; |
---|
946 | #endif |
---|
947 | case WAGINT: |
---|
948 | case WAG: |
---|
949 | switch (event->type) { |
---|
950 | case 0x0: |
---|
951 | data_event = (void*)&(event->payload); |
---|
952 | return data_event->data; |
---|
953 | default: |
---|
954 | fprintf(stderr,"Unknown WAG Event (0x%08x)\n",event->type); |
---|
955 | return NULL; |
---|
956 | } |
---|
957 | |
---|
958 | default: |
---|
959 | fprintf(stderr,"Don't know this trace format\n"); |
---|
960 | assert(0); |
---|
961 | } |
---|
962 | return (void *)ethptr; |
---|
963 | } |
---|
964 | |
---|
965 | /** get a pointer to the IP header (if any) |
---|
966 | * @param packet a pointer to a libtrace_packet structure |
---|
967 | * |
---|
968 | * @returns a pointer to the IP header, or NULL if there is not an IP packet |
---|
969 | */ |
---|
970 | struct libtrace_ip *trace_get_ip(const struct libtrace_packet_t *packet) { |
---|
971 | struct libtrace_ip *ipptr = 0; |
---|
972 | |
---|
973 | switch(trace_get_link_type(packet)) { |
---|
974 | case TRACE_TYPE_80211: |
---|
975 | { |
---|
976 | |
---|
977 | struct ieee_802_11_header *wifi = trace_get_link(packet); |
---|
978 | if (!wifi) { |
---|
979 | ipptr = NULL; |
---|
980 | break; |
---|
981 | } |
---|
982 | |
---|
983 | // Data packet? |
---|
984 | if (wifi->type != 2) { |
---|
985 | ipptr = NULL; |
---|
986 | } |
---|
987 | else { |
---|
988 | struct ieee_802_11_payload *eth = (void*)wifi->data; |
---|
989 | if (eth->type != 0x0008) { |
---|
990 | ipptr=NULL; |
---|
991 | } else { |
---|
992 | ipptr=(void*)eth->data; |
---|
993 | } |
---|
994 | } |
---|
995 | } |
---|
996 | break; |
---|
997 | case TRACE_TYPE_ETH: |
---|
998 | { |
---|
999 | struct ether_header *eth = |
---|
1000 | trace_get_link(packet); |
---|
1001 | if (!eth) { |
---|
1002 | ipptr = NULL; |
---|
1003 | break; |
---|
1004 | } |
---|
1005 | if (ntohs(eth->ether_type)!=0x0800) { |
---|
1006 | ipptr = NULL; |
---|
1007 | } |
---|
1008 | else { |
---|
1009 | ipptr = ((void *)eth) + 14; |
---|
1010 | } |
---|
1011 | break; |
---|
1012 | } |
---|
1013 | case TRACE_TYPE_NONE: |
---|
1014 | ipptr = trace_get_link(packet); |
---|
1015 | break; |
---|
1016 | case TRACE_TYPE_LINUX_SLL: |
---|
1017 | { |
---|
1018 | struct trace_sll_header_t *sll; |
---|
1019 | |
---|
1020 | sll = trace_get_link(packet); |
---|
1021 | if (!sll) { |
---|
1022 | ipptr = NULL; |
---|
1023 | break; |
---|
1024 | } |
---|
1025 | if (ntohs(sll->protocol)!=0x0800) { |
---|
1026 | ipptr = NULL; |
---|
1027 | } |
---|
1028 | else { |
---|
1029 | ipptr = ((void*)sll)+sizeof(*sll); |
---|
1030 | } |
---|
1031 | } |
---|
1032 | break; |
---|
1033 | case TRACE_TYPE_PFLOG: |
---|
1034 | { |
---|
1035 | struct trace_pflog_header_t *pflog; |
---|
1036 | pflog = trace_get_link(packet); |
---|
1037 | if (!pflog) { |
---|
1038 | ipptr = NULL; |
---|
1039 | break; |
---|
1040 | } |
---|
1041 | if (pflog->af != AF_INET) { |
---|
1042 | ipptr = NULL; |
---|
1043 | } else { |
---|
1044 | ipptr = ((void*)pflog)+sizeof(*pflog); |
---|
1045 | } |
---|
1046 | } |
---|
1047 | break; |
---|
1048 | case TRACE_TYPE_ATM: |
---|
1049 | { |
---|
1050 | struct atm_rec *atm = |
---|
1051 | trace_get_link(packet); |
---|
1052 | // TODO: Find out what ATM does, and return |
---|
1053 | // NULL for non IP data |
---|
1054 | // Presumably it uses the normal stuff |
---|
1055 | if (!atm) { |
---|
1056 | ipptr = NULL; |
---|
1057 | break; |
---|
1058 | } |
---|
1059 | ipptr = (void*)&atm->pload; |
---|
1060 | break; |
---|
1061 | } |
---|
1062 | default: |
---|
1063 | fprintf(stderr,"Don't understand link layer type %i in trace_get_ip()\n", |
---|
1064 | trace_get_link_type(packet)); |
---|
1065 | ipptr=NULL; |
---|
1066 | break; |
---|
1067 | } |
---|
1068 | |
---|
1069 | return ipptr; |
---|
1070 | } |
---|
1071 | |
---|
1072 | #define SW_IP_OFFMASK 0xff1f |
---|
1073 | |
---|
1074 | /** get a pointer to the TCP header (if any) |
---|
1075 | * @param packet a pointer to a libtrace_packet structure |
---|
1076 | * |
---|
1077 | * @returns a pointer to the TCP header, or NULL if there is not a TCP packet |
---|
1078 | */ |
---|
1079 | struct libtrace_tcp *trace_get_tcp(const struct libtrace_packet_t *packet) { |
---|
1080 | struct libtrace_tcp *tcpptr = 0; |
---|
1081 | struct libtrace_ip *ipptr = 0; |
---|
1082 | |
---|
1083 | if(!(ipptr = trace_get_ip(packet))) { |
---|
1084 | return 0; |
---|
1085 | } |
---|
1086 | if ((ipptr->ip_p == 6) && ((ipptr->ip_off & SW_IP_OFFMASK) == 0)) { |
---|
1087 | tcpptr = (struct libtrace_tcp *)((ptrdiff_t)ipptr + (ipptr->ip_hl * 4)); |
---|
1088 | } |
---|
1089 | return tcpptr; |
---|
1090 | } |
---|
1091 | |
---|
1092 | /** get a pointer to the TCP header (if any) given a pointer to the IP header |
---|
1093 | * @param ip The IP header |
---|
1094 | * @param[out] skipped An output variable of the number of bytes skipped |
---|
1095 | * |
---|
1096 | * @returns a pointer to the TCP header, or NULL if this is not a TCP packet |
---|
1097 | * |
---|
1098 | * Skipped can be NULL, in which case it will be ignored by the program. |
---|
1099 | */ |
---|
1100 | struct libtrace_tcp *get_tcp_from_ip(const struct libtrace_ip *ip, int *skipped) |
---|
1101 | { |
---|
1102 | #define SW_IP_OFFMASK 0xff1f |
---|
1103 | struct libtrace_tcp *tcpptr = 0; |
---|
1104 | |
---|
1105 | if ((ip->ip_p == 6) && ((ip->ip_off & SW_IP_OFFMASK) == 0)) { |
---|
1106 | tcpptr = (struct libtrace_tcp *)((ptrdiff_t)ip+ (ip->ip_hl * 4)); |
---|
1107 | } |
---|
1108 | |
---|
1109 | if (skipped) |
---|
1110 | *skipped=(ip->ip_hl*4); |
---|
1111 | |
---|
1112 | return tcpptr; |
---|
1113 | } |
---|
1114 | |
---|
1115 | /** get a pointer to the UDP header (if any) |
---|
1116 | * @param packet a pointer to a libtrace_packet structure |
---|
1117 | * |
---|
1118 | * @returns a pointer to the UDP header, or NULL if this is not a UDP packet |
---|
1119 | */ |
---|
1120 | struct libtrace_udp *trace_get_udp(const struct libtrace_packet_t *packet) { |
---|
1121 | struct libtrace_udp *udpptr = 0; |
---|
1122 | struct libtrace_ip *ipptr = 0; |
---|
1123 | |
---|
1124 | if(!(ipptr = trace_get_ip(packet))) { |
---|
1125 | return 0; |
---|
1126 | } |
---|
1127 | if ((ipptr->ip_p == 17) && ((ipptr->ip_off & SW_IP_OFFMASK) == 0)) { |
---|
1128 | udpptr = (struct libtrace_udp *)((ptrdiff_t)ipptr + (ipptr->ip_hl * 4)); |
---|
1129 | } |
---|
1130 | |
---|
1131 | return udpptr; |
---|
1132 | } |
---|
1133 | |
---|
1134 | /** get a pointer to the UDP header (if any) given a pointer to the IP header |
---|
1135 | * @param ip The IP header |
---|
1136 | * @param[out] skipped An output variable of the number of bytes skipped |
---|
1137 | * |
---|
1138 | * @returns a pointer to the UDP header, or NULL if this is not a UDP packet |
---|
1139 | * |
---|
1140 | * Skipped can be NULL, in which case it will be ignored by the program. |
---|
1141 | */ |
---|
1142 | struct libtrace_udp *get_udp_from_ip(const struct libtrace_ip *ip, int *skipped) |
---|
1143 | { |
---|
1144 | struct libtrace_udp *udpptr = 0; |
---|
1145 | |
---|
1146 | if ((ip->ip_p == 6) && ((ip->ip_off & SW_IP_OFFMASK) == 0)) { |
---|
1147 | udpptr = (struct libtrace_udp *)((ptrdiff_t)ip+ (ip->ip_hl * 4)); |
---|
1148 | } |
---|
1149 | |
---|
1150 | if (skipped) |
---|
1151 | *skipped=(ip->ip_hl*4); |
---|
1152 | |
---|
1153 | return udpptr; |
---|
1154 | } |
---|
1155 | |
---|
1156 | |
---|
1157 | /** get a pointer to the ICMP header (if any) |
---|
1158 | * @param packet a pointer to a libtrace_packet structure |
---|
1159 | * |
---|
1160 | * @returns a pointer to the ICMP header, or NULL if this is not a ICMP packet |
---|
1161 | */ |
---|
1162 | struct libtrace_icmp *trace_get_icmp(const struct libtrace_packet_t *packet) { |
---|
1163 | struct libtrace_icmp *icmpptr = 0; |
---|
1164 | struct libtrace_ip *ipptr = 0; |
---|
1165 | |
---|
1166 | if(!(ipptr = trace_get_ip(packet))) { |
---|
1167 | return 0; |
---|
1168 | } |
---|
1169 | if ((ipptr->ip_p == 1)&& ((ipptr->ip_off & SW_IP_OFFMASK) == 0 )){ |
---|
1170 | icmpptr = (struct libtrace_icmp *)((ptrdiff_t)ipptr + (ipptr->ip_hl * 4)); |
---|
1171 | } |
---|
1172 | return icmpptr; |
---|
1173 | } |
---|
1174 | |
---|
1175 | /** get a pointer to the ICMP header (if any) given a pointer to the IP header |
---|
1176 | * @param ip The IP header |
---|
1177 | * @param[out] skipped An output variable of the number of bytes skipped |
---|
1178 | * |
---|
1179 | * @returns a pointer to the ICMP header, or NULL if this is not a ICMP packet |
---|
1180 | * |
---|
1181 | * Skipped can be NULL, in which case it will be ignored by the program. |
---|
1182 | */ |
---|
1183 | struct libtrace_icmp *get_icmp_from_ip(struct libtrace_ip *ip, int *skipped) |
---|
1184 | { |
---|
1185 | struct libtrace_icmp *icmpptr = 0; |
---|
1186 | |
---|
1187 | if ((ip->ip_p == 6) && ((ip->ip_off & SW_IP_OFFMASK) == 0)) { |
---|
1188 | icmpptr = (struct libtrace_icmp *)((ptrdiff_t)ip+ (ip->ip_hl * 4)); |
---|
1189 | } |
---|
1190 | |
---|
1191 | if (skipped) |
---|
1192 | *skipped=(ip->ip_hl*4); |
---|
1193 | |
---|
1194 | return icmpptr; |
---|
1195 | } |
---|
1196 | /** parse an ip or tcp option |
---|
1197 | * @param[in,out] ptr the pointer to the current option |
---|
1198 | * @param[in,out] len the length of the remaining buffer |
---|
1199 | * @param[out] type the type of the option |
---|
1200 | * @param[out] optlen the length of the option |
---|
1201 | * @param[out] data the data of the option |
---|
1202 | * |
---|
1203 | * @returns bool true if there is another option (and the fields are filled in) |
---|
1204 | * or false if this was the last option. |
---|
1205 | * |
---|
1206 | * This updates ptr to point to the next option after this one, and updates |
---|
1207 | * len to be the number of bytes remaining in the options area. Type is updated |
---|
1208 | * to be the code of this option, and data points to the data of this option, |
---|
1209 | * with optlen saying how many bytes there are. |
---|
1210 | * |
---|
1211 | * @note Beware of fragmented packets. |
---|
1212 | * @author Perry Lorier |
---|
1213 | */ |
---|
1214 | int trace_get_next_option(unsigned char **ptr,int *len, |
---|
1215 | unsigned char *type, |
---|
1216 | unsigned char *optlen, |
---|
1217 | unsigned char **data) |
---|
1218 | { |
---|
1219 | if (*len<=0) |
---|
1220 | return 0; |
---|
1221 | *type=**ptr; |
---|
1222 | switch(*type) { |
---|
1223 | case 0: /* End of options */ |
---|
1224 | return 0; |
---|
1225 | case 1: /* Pad */ |
---|
1226 | (*ptr)++; |
---|
1227 | (*len)--; |
---|
1228 | return 1; |
---|
1229 | default: |
---|
1230 | *optlen = *(*ptr+1); |
---|
1231 | if (*optlen<2) |
---|
1232 | return 0; // I have no idea wtf is going on |
---|
1233 | // with these packets |
---|
1234 | (*len)-=*optlen; |
---|
1235 | (*data)=(*ptr+2); |
---|
1236 | (*ptr)+=*optlen; |
---|
1237 | if (*len<0) |
---|
1238 | return 0; |
---|
1239 | return 1; |
---|
1240 | } |
---|
1241 | assert(0); |
---|
1242 | } |
---|
1243 | |
---|
1244 | |
---|
1245 | /** Get the current time in DAG time format |
---|
1246 | * @param packet a pointer to a libtrace_packet structure |
---|
1247 | * @returns a 64 bit timestamp in DAG ERF format (upper 32 bits are the seconds |
---|
1248 | * past 1970-01-01, the lower 32bits are partial seconds) |
---|
1249 | * @author Daniel Lawson |
---|
1250 | */ |
---|
1251 | uint64_t trace_get_erf_timestamp(const struct libtrace_packet_t *packet) { |
---|
1252 | uint64_t timestamp = 0; |
---|
1253 | dag_record_t *erfptr = 0; |
---|
1254 | struct pcap_pkthdr *pcapptr = 0; |
---|
1255 | struct wag_event_t *wagptr = 0; |
---|
1256 | switch (packet->trace->format) { |
---|
1257 | case DAG: |
---|
1258 | case ERF: |
---|
1259 | case RTCLIENT: |
---|
1260 | erfptr = (dag_record_t *)packet->buffer; |
---|
1261 | timestamp = erfptr->ts; |
---|
1262 | break; |
---|
1263 | #if HAVE_PCAP |
---|
1264 | case PCAPINT: |
---|
1265 | case PCAP: |
---|
1266 | pcapptr = (struct pcap_pkthdr *)packet->buffer; |
---|
1267 | timestamp = ((((uint64_t)pcapptr->ts.tv_sec) << 32) + \ |
---|
1268 | (((uint64_t)pcapptr->ts.tv_usec*UINT_MAX)/1000000)); |
---|
1269 | break; |
---|
1270 | #endif |
---|
1271 | case WAGINT: |
---|
1272 | case WAG: |
---|
1273 | wagptr = (struct wag_event_t *)packet->buffer; |
---|
1274 | timestamp = wagptr->timestamp_lo; |
---|
1275 | timestamp |= (uint64_t)wagptr->timestamp_hi<<32; |
---|
1276 | timestamp = ((timestamp%44000000)*(UINT_MAX/44000000)) |
---|
1277 | | ((timestamp/44000000)<<32); |
---|
1278 | break; |
---|
1279 | default: |
---|
1280 | fprintf(stderr,"Unknown format in trace_get_erf_timestamp\n"); |
---|
1281 | timestamp = 0; |
---|
1282 | } |
---|
1283 | return timestamp; |
---|
1284 | } |
---|
1285 | |
---|
1286 | /** Get the current time in struct timeval |
---|
1287 | * @param packet a pointer to a libtrace_packet structure |
---|
1288 | * |
---|
1289 | * @returns time that this packet was seen in a struct timeval |
---|
1290 | * @author Daniel Lawson |
---|
1291 | * @author Perry Lorier |
---|
1292 | */ |
---|
1293 | struct timeval trace_get_timeval(const struct libtrace_packet_t *packet) { |
---|
1294 | struct timeval tv; |
---|
1295 | #if HAVE_PCAP |
---|
1296 | struct pcap_pkthdr *pcapptr = 0; |
---|
1297 | #endif |
---|
1298 | uint64_t ts; |
---|
1299 | //uint32_t seconds; |
---|
1300 | switch (packet->trace->format) { |
---|
1301 | #if HAVE_PCAP |
---|
1302 | case PCAPINT: |
---|
1303 | case PCAP: |
---|
1304 | pcapptr = (struct pcap_pkthdr *)packet->buffer; |
---|
1305 | // ick. FIXME |
---|
1306 | tv = pcapptr->ts; |
---|
1307 | break; |
---|
1308 | #endif |
---|
1309 | case WAGINT: |
---|
1310 | case WAG: |
---|
1311 | case DAG: |
---|
1312 | case ERF: |
---|
1313 | case RTCLIENT: |
---|
1314 | default: |
---|
1315 | // FIXME: This isn't portable to big-endian machines |
---|
1316 | ts = trace_get_erf_timestamp(packet); |
---|
1317 | #if __BYTE_ORDER == __BIG_ENDIAN |
---|
1318 | tv.tv_sec = ts & 0xFFFFFFFF; |
---|
1319 | #elif __BYTE_ORDER == __LITTLE_ENDIAN |
---|
1320 | tv.tv_sec = ts >> 32; |
---|
1321 | #else |
---|
1322 | #error "What on earth are you running this on?" |
---|
1323 | #endif |
---|
1324 | ts = (1000000 * (ts & 0xffffffffULL)); |
---|
1325 | ts += (ts & 0x80000000ULL) << 1; |
---|
1326 | tv.tv_usec = ts >> 32; |
---|
1327 | if (tv.tv_usec >= 1000000) { |
---|
1328 | tv.tv_usec -= 1000000; |
---|
1329 | tv.tv_sec += 1; |
---|
1330 | } |
---|
1331 | break; |
---|
1332 | } |
---|
1333 | return tv; |
---|
1334 | } |
---|
1335 | |
---|
1336 | /** Get the current time in floating point seconds |
---|
1337 | * @param packet a pointer to a libtrace_packet structure |
---|
1338 | * @returns time that this packet was seen in 64bit floating point seconds |
---|
1339 | * @author Perry Lorier |
---|
1340 | */ |
---|
1341 | double trace_get_seconds(const struct libtrace_packet_t *packet) { |
---|
1342 | uint64_t ts; |
---|
1343 | ts = trace_get_erf_timestamp(packet); |
---|
1344 | return (ts>>32) + ((ts & UINT_MAX)*1.0 / UINT_MAX); |
---|
1345 | } |
---|
1346 | |
---|
1347 | /** Get the size of the packet in the trace |
---|
1348 | * @param packet the packet opaque pointer |
---|
1349 | * @returns the size of the packet in the trace |
---|
1350 | * @author Perry Lorier |
---|
1351 | * @note Due to this being a header capture, or anonymisation, this may not |
---|
1352 | * be the same size as the original packet. See trace_get_wire_length() for the |
---|
1353 | * original size of the packet. |
---|
1354 | * @note This can (and often is) different for different packets in a trace! |
---|
1355 | * @par |
---|
1356 | * This is sometimes called the "snaplen". |
---|
1357 | */ |
---|
1358 | int trace_get_capture_length(const struct libtrace_packet_t *packet) { |
---|
1359 | dag_record_t *erfptr = 0; |
---|
1360 | #if HAVE_PCAP |
---|
1361 | struct pcap_pkthdr *pcapptr = 0; |
---|
1362 | #endif |
---|
1363 | struct wag_event_t *wag_event; |
---|
1364 | switch (packet->trace->format) { |
---|
1365 | case DAG: |
---|
1366 | case ERF: |
---|
1367 | case RTCLIENT: |
---|
1368 | erfptr = (dag_record_t *)packet->buffer; |
---|
1369 | return ntohs(erfptr->rlen); |
---|
1370 | #if HAVE_PCAP |
---|
1371 | case PCAPINT: |
---|
1372 | case PCAP: |
---|
1373 | pcapptr = (struct pcap_pkthdr *)packet->buffer; |
---|
1374 | //return ntohs(pcapptr->caplen); |
---|
1375 | return pcapptr->caplen; |
---|
1376 | #endif |
---|
1377 | case WAGINT: |
---|
1378 | case WAG: |
---|
1379 | wag_event = (struct wag_event_t *)packet->buffer; |
---|
1380 | switch(wag_event->type) { |
---|
1381 | case 0: |
---|
1382 | return wag_event->length*4-( |
---|
1383 | sizeof(struct wag_event_t)+ |
---|
1384 | sizeof(struct wag_data_event_t) |
---|
1385 | ); |
---|
1386 | default: |
---|
1387 | assert(0); |
---|
1388 | } |
---|
1389 | default: |
---|
1390 | assert(0); |
---|
1391 | } |
---|
1392 | return -1; |
---|
1393 | } |
---|
1394 | |
---|
1395 | /** Get the size of the packet as it was seen on the wire. |
---|
1396 | * @param packet a pointer to a libtrace_packet structure |
---|
1397 | * |
---|
1398 | * @returns the size of the packet as it was on the wire. |
---|
1399 | * @author Perry Lorier |
---|
1400 | * @author Daniel Lawson |
---|
1401 | * @note Due to the trace being a header capture, or anonymisation this may |
---|
1402 | * not be the same as the Capture Len. |
---|
1403 | */ |
---|
1404 | int trace_get_wire_length(const struct libtrace_packet_t *packet){ |
---|
1405 | dag_record_t *erfptr = 0; |
---|
1406 | #if HAVE_PCAP |
---|
1407 | struct pcap_pkthdr *pcapptr = 0; |
---|
1408 | #endif |
---|
1409 | struct wag_event_t *wag_event = 0; |
---|
1410 | switch (packet->trace->format) { |
---|
1411 | case DAG: |
---|
1412 | case ERF: |
---|
1413 | case RTCLIENT: |
---|
1414 | erfptr = (dag_record_t *)packet->buffer; |
---|
1415 | return ntohs(erfptr->wlen); |
---|
1416 | break; |
---|
1417 | #if HAVE_PCAP |
---|
1418 | case PCAPINT: |
---|
1419 | case PCAP: |
---|
1420 | pcapptr = (struct pcap_pkthdr *)packet->buffer; |
---|
1421 | return ntohs(pcapptr->len); |
---|
1422 | break; |
---|
1423 | #endif |
---|
1424 | case WAGINT: |
---|
1425 | case WAG: |
---|
1426 | wag_event = (struct wag_event_t *)packet->buffer; |
---|
1427 | switch(wag_event->type) { |
---|
1428 | case 0: |
---|
1429 | return ((struct wag_data_event_t *)(&wag_event->payload))->frame_length; |
---|
1430 | default: |
---|
1431 | assert(0); |
---|
1432 | } |
---|
1433 | } |
---|
1434 | return -1; |
---|
1435 | |
---|
1436 | } |
---|
1437 | |
---|
1438 | /** Get the type of the link layer |
---|
1439 | * @param packet a pointer to a libtrace_packet structure |
---|
1440 | * @returns libtrace_linktype_t |
---|
1441 | * @author Perry Lorier |
---|
1442 | * @author Daniel Lawson |
---|
1443 | */ |
---|
1444 | libtrace_linktype_t trace_get_link_type(const struct libtrace_packet_t *packet ) { |
---|
1445 | dag_record_t *erfptr = 0; |
---|
1446 | #if HAVE_PCAP |
---|
1447 | struct pcap_pkthdr *pcapptr = 0; |
---|
1448 | #endif |
---|
1449 | int linktype = 0; |
---|
1450 | switch (packet->trace->format) { |
---|
1451 | case DAG: |
---|
1452 | case ERF: |
---|
1453 | case RTCLIENT: |
---|
1454 | erfptr = (dag_record_t *)packet->buffer; |
---|
1455 | switch (erfptr->type) { |
---|
1456 | case TYPE_ETH: return TRACE_TYPE_ETH; |
---|
1457 | case TYPE_ATM: return TRACE_TYPE_ATM; |
---|
1458 | default: assert(0); |
---|
1459 | } |
---|
1460 | return erfptr->type; |
---|
1461 | |
---|
1462 | break; |
---|
1463 | #if HAVE_PCAP |
---|
1464 | case PCAPINT: |
---|
1465 | case PCAP: |
---|
1466 | pcapptr = (struct pcap_pkthdr *)packet->buffer; |
---|
1467 | linktype = pcap_datalink(packet->trace->input.pcap); |
---|
1468 | switch (linktype) { |
---|
1469 | case DLT_NULL: |
---|
1470 | return TRACE_TYPE_NONE; |
---|
1471 | case DLT_EN10MB: |
---|
1472 | return TRACE_TYPE_ETH; |
---|
1473 | case DLT_ATM_RFC1483: |
---|
1474 | return TRACE_TYPE_ATM; |
---|
1475 | case DLT_IEEE802_11: |
---|
1476 | return TRACE_TYPE_80211; |
---|
1477 | #ifdef DLT_LINUX_SLL |
---|
1478 | case DLT_LINUX_SLL: |
---|
1479 | return TRACE_TYPE_LINUX_SLL; |
---|
1480 | #endif |
---|
1481 | #ifdef DLT_PFLOG |
---|
1482 | case DLT_PFLOG: |
---|
1483 | return TRACE_TYPE_PFLOG; |
---|
1484 | #endif |
---|
1485 | } |
---|
1486 | break; |
---|
1487 | #endif |
---|
1488 | case WAGINT: |
---|
1489 | case WAG: |
---|
1490 | return TRACE_TYPE_80211; |
---|
1491 | } |
---|
1492 | return -1; |
---|
1493 | } |
---|
1494 | |
---|
1495 | /** Get the source MAC addres |
---|
1496 | * @param packet a pointer to a libtrace_packet structure |
---|
1497 | * @returns a pointer to the source mac, (or NULL if there is no source MAC) |
---|
1498 | * @author Perry Lorier |
---|
1499 | */ |
---|
1500 | uint8_t *trace_get_source_mac(const struct libtrace_packet_t *packet) { |
---|
1501 | void *link = trace_get_link(packet); |
---|
1502 | struct ieee_802_11_header *wifi = link; |
---|
1503 | struct ether_header *ethptr = link; |
---|
1504 | if (!link) |
---|
1505 | return NULL; |
---|
1506 | switch (trace_get_link_type(packet)) { |
---|
1507 | case TRACE_TYPE_80211: |
---|
1508 | return (uint8_t*)&wifi->mac2; |
---|
1509 | case TRACE_TYPE_ETH: |
---|
1510 | return (uint8_t*)ðptr->ether_shost; |
---|
1511 | default: |
---|
1512 | fprintf(stderr,"Not implemented\n"); |
---|
1513 | assert(0); |
---|
1514 | } |
---|
1515 | } |
---|
1516 | |
---|
1517 | /** Get the destination MAC addres |
---|
1518 | * @param packet a libtrace_packet pointer |
---|
1519 | * @returns a pointer to the destination mac, (or NULL if there is no |
---|
1520 | * destination MAC) |
---|
1521 | * @author Perry Lorier |
---|
1522 | */ |
---|
1523 | uint8_t *trace_get_destination_mac(const struct libtrace_packet_t *packet) { |
---|
1524 | void *link = trace_get_link(packet); |
---|
1525 | struct ieee_802_11_header *wifi = link; |
---|
1526 | struct ether_header *ethptr = link; |
---|
1527 | if (!link) |
---|
1528 | return NULL; |
---|
1529 | switch (trace_get_link_type(packet)) { |
---|
1530 | case TRACE_TYPE_80211: |
---|
1531 | return (uint8_t*)&wifi->mac1; |
---|
1532 | case TRACE_TYPE_ETH: |
---|
1533 | return (uint8_t*)ðptr->ether_dhost; |
---|
1534 | default: |
---|
1535 | fprintf(stderr,"Not implemented\n"); |
---|
1536 | assert(0); |
---|
1537 | } |
---|
1538 | } |
---|
1539 | |
---|
1540 | |
---|
1541 | /** process a libtrace event |
---|
1542 | * @param trace the libtrace opaque pointer |
---|
1543 | * @param packet the libtrace_packet opaque pointer |
---|
1544 | * @returns |
---|
1545 | * TRACE_EVENT_IOWAIT Waiting on I/O on fd |
---|
1546 | * TRACE_EVENT_SLEEP Next event in seconds |
---|
1547 | * TRACE_EVENT_PACKET Packet arrived in buffer with size size |
---|
1548 | * TRACE_EVENT_TERMINATE Trace terminated (perhaps with an error condition) |
---|
1549 | * FIXME currently keeps a copy of the packet inside the trace pointer, |
---|
1550 | * which in turn is stored inside the new packet object... |
---|
1551 | * @author Perry Lorier |
---|
1552 | */ |
---|
1553 | struct libtrace_eventobj_t trace_event(struct libtrace_t *trace, |
---|
1554 | struct libtrace_packet_t *packet) { |
---|
1555 | struct libtrace_eventobj_t event; |
---|
1556 | |
---|
1557 | if (!trace) { |
---|
1558 | fprintf(stderr,"You called trace_event() with a NULL trace object!\n"); |
---|
1559 | } |
---|
1560 | assert(trace); |
---|
1561 | assert(packet); |
---|
1562 | |
---|
1563 | /* Store the trace we are reading from into the packet opaque |
---|
1564 | * structure */ |
---|
1565 | packet->trace = trace; |
---|
1566 | |
---|
1567 | /* Is there a packet ready? */ |
---|
1568 | switch (trace->sourcetype) { |
---|
1569 | #if HAVE_PCAP |
---|
1570 | case INTERFACE: |
---|
1571 | { |
---|
1572 | int data; |
---|
1573 | event.fd = pcap_fileno(trace->input.pcap); |
---|
1574 | if(ioctl(event.fd,FIONREAD,&data)==-1){ |
---|
1575 | perror("ioctl(FIONREAD)"); |
---|
1576 | } |
---|
1577 | if (data>0) { |
---|
1578 | event.size = trace_read_packet(trace,packet); |
---|
1579 | event.type = TRACE_EVENT_PACKET; |
---|
1580 | return event; |
---|
1581 | } |
---|
1582 | event.type = TRACE_EVENT_IOWAIT; |
---|
1583 | return event; |
---|
1584 | } |
---|
1585 | #endif |
---|
1586 | case SOCKET: |
---|
1587 | case DEVICE: |
---|
1588 | case RT: |
---|
1589 | { |
---|
1590 | int data; |
---|
1591 | event.fd = trace->input.fd; |
---|
1592 | if(ioctl(event.fd,FIONREAD,&data)==-1){ |
---|
1593 | perror("ioctl(FIONREAD)"); |
---|
1594 | } |
---|
1595 | if (data>0) { |
---|
1596 | event.size = trace_read_packet(trace,packet); |
---|
1597 | event.type = TRACE_EVENT_PACKET; |
---|
1598 | return event; |
---|
1599 | } |
---|
1600 | event.type = TRACE_EVENT_IOWAIT; |
---|
1601 | return event; |
---|
1602 | } |
---|
1603 | case STDIN: |
---|
1604 | case TRACE: |
---|
1605 | { |
---|
1606 | double ts; |
---|
1607 | double now; |
---|
1608 | struct timeval stv; |
---|
1609 | /* "Prime" the pump */ |
---|
1610 | if (!trace->packet.buffer) { |
---|
1611 | trace->packet.buffer = malloc(4096); |
---|
1612 | trace->packet.size= |
---|
1613 | trace_read_packet(trace,packet); |
---|
1614 | event.size = trace->packet.size; |
---|
1615 | if (trace->packet.size > 0 ) { |
---|
1616 | memcpy(trace->packet.buffer,packet->buffer,trace->packet.size); |
---|
1617 | } else { |
---|
1618 | // return here, the test for event.size will sort out the error |
---|
1619 | event.type = TRACE_EVENT_PACKET; |
---|
1620 | return event; |
---|
1621 | } |
---|
1622 | } |
---|
1623 | |
---|
1624 | ts=trace_get_seconds(packet); |
---|
1625 | if (trace->tdelta!=0) { |
---|
1626 | // Get the adjusted current time |
---|
1627 | gettimeofday(&stv, NULL); |
---|
1628 | now = stv.tv_sec + ((double)stv.tv_usec / 1000000.0); |
---|
1629 | now -= trace->tdelta; // adjust for trace delta |
---|
1630 | |
---|
1631 | |
---|
1632 | // if the trace timestamp is still in the future, |
---|
1633 | // return a SLEEP event, otherwise fire the packet |
---|
1634 | if (ts > now) { |
---|
1635 | event.seconds = ts - trace->trace_last_ts; |
---|
1636 | event.type = TRACE_EVENT_SLEEP; |
---|
1637 | return event; |
---|
1638 | } |
---|
1639 | } else { |
---|
1640 | gettimeofday(&stv, NULL); |
---|
1641 | // work out the difference between the start of trace replay, |
---|
1642 | // and the first packet in the trace |
---|
1643 | trace->tdelta = stv.tv_sec + ((double)stv.tv_usec / 1000000.0); |
---|
1644 | trace->tdelta -= ts; |
---|
1645 | |
---|
1646 | } |
---|
1647 | |
---|
1648 | // This is the first packet, so just fire away. |
---|
1649 | packet->size = trace->packet.size; |
---|
1650 | memcpy(packet->buffer,trace->packet.buffer,trace->packet.size); |
---|
1651 | |
---|
1652 | free(trace->packet.buffer); |
---|
1653 | trace->packet.buffer = 0; |
---|
1654 | event.type = TRACE_EVENT_PACKET; |
---|
1655 | |
---|
1656 | trace->trace_last_ts = ts; |
---|
1657 | |
---|
1658 | return event; |
---|
1659 | } |
---|
1660 | default: |
---|
1661 | assert(0); |
---|
1662 | } |
---|
1663 | assert(0); |
---|
1664 | } |
---|
1665 | |
---|
1666 | /** setup a BPF filter |
---|
1667 | * @param filterstring a char * containing the bpf filter string |
---|
1668 | * @returns opaque pointer pointer to a libtrace_filter_t object |
---|
1669 | * @author Daniel Lawson |
---|
1670 | */ |
---|
1671 | struct libtrace_filter_t *trace_bpf_setfilter(const char *filterstring) { |
---|
1672 | #if HAVE_BPF |
---|
1673 | struct libtrace_filter_t *filter = malloc(sizeof(struct libtrace_filter_t)); |
---|
1674 | filter->filterstring = strdup(filterstring); |
---|
1675 | filter->filter = 0; |
---|
1676 | return filter; |
---|
1677 | #else |
---|
1678 | fprintf(stderr,"This version of libtrace does not have bpf filter support\n"); |
---|
1679 | return 0; |
---|
1680 | #endif |
---|
1681 | } |
---|
1682 | |
---|
1683 | /** apply a BPF filter |
---|
1684 | * @param filter the filter opaque pointer |
---|
1685 | * @param packet the packet opaque pointer |
---|
1686 | * @returns 0 if the filter fails, 1 if it succeeds |
---|
1687 | * @author Daniel Lawson |
---|
1688 | */ |
---|
1689 | int trace_bpf_filter(struct libtrace_filter_t *filter, |
---|
1690 | const struct libtrace_packet_t *packet) { |
---|
1691 | #if HAVE_BPF |
---|
1692 | void *linkptr = 0; |
---|
1693 | int clen = 0; |
---|
1694 | assert(filter); |
---|
1695 | assert(packet); |
---|
1696 | linkptr = trace_get_link(packet); |
---|
1697 | if (!linkptr) { |
---|
1698 | return 0; |
---|
1699 | } |
---|
1700 | |
---|
1701 | clen = trace_get_capture_length(packet); |
---|
1702 | |
---|
1703 | |
---|
1704 | if (filter->filterstring && ! filter->filter) { |
---|
1705 | pcap_t *pcap; |
---|
1706 | struct bpf_program bpfprog; |
---|
1707 | |
---|
1708 | switch (trace_get_link_type(packet)) { |
---|
1709 | case TRACE_TYPE_ETH: |
---|
1710 | pcap = (pcap_t *)pcap_open_dead(DLT_EN10MB, 1500); |
---|
1711 | break; |
---|
1712 | #ifdef DLT_LINUX_SLL |
---|
1713 | case TRACE_TYPE_LINUX_SLL: |
---|
1714 | pcap = (pcap_t *)pcap_open_dead(DLT_LINUX_SLL, 1500); |
---|
1715 | break; |
---|
1716 | #endif |
---|
1717 | #ifdef DLT_PFLOG |
---|
1718 | case TRACE_TYPE_PFLOG: |
---|
1719 | pcap = (pcap_t *)pcap_open_dead(DLT_PFLOG, 1500); |
---|
1720 | break; |
---|
1721 | #endif |
---|
1722 | default: |
---|
1723 | printf("only works for ETH and LINUX_SLL (ppp) at the moment\n"); |
---|
1724 | assert(0); |
---|
1725 | } |
---|
1726 | |
---|
1727 | // build filter |
---|
1728 | if (pcap_compile( pcap, &bpfprog, filter->filterstring, 1, 0)) { |
---|
1729 | printf("bpf compilation error: %s: %s\n", |
---|
1730 | pcap_geterr(pcap),filter->filterstring); |
---|
1731 | assert(0); |
---|
1732 | } |
---|
1733 | pcap_close(pcap); |
---|
1734 | filter->filter = bpfprog.bf_insns; |
---|
1735 | } |
---|
1736 | |
---|
1737 | assert(filter->filter); |
---|
1738 | return bpf_filter(filter->filter, linkptr, clen, clen); |
---|
1739 | #else |
---|
1740 | fprintf(stderr,"This version of libtrace does not have bpf filter support\n"); |
---|
1741 | return 0; |
---|
1742 | #endif |
---|
1743 | } |
---|
1744 | |
---|
1745 | /** Set the direction flag, if it has one |
---|
1746 | * @param packet the packet opaque pointer |
---|
1747 | * @param direction the new direction (0,1,2,3) |
---|
1748 | * @returns a signed value containing the direction flag, or -1 if this is not supported |
---|
1749 | * @author Daniel Lawson |
---|
1750 | */ |
---|
1751 | int8_t trace_set_direction(struct libtrace_packet_t *packet, int8_t direction) { |
---|
1752 | |
---|
1753 | dag_record_t *erfptr = 0; |
---|
1754 | assert(packet); |
---|
1755 | |
---|
1756 | switch(packet->trace->format) { |
---|
1757 | case DAG: |
---|
1758 | case ERF: |
---|
1759 | case RTCLIENT: |
---|
1760 | erfptr = (dag_record_t *)packet->buffer; |
---|
1761 | erfptr->flags.iface = direction; |
---|
1762 | break; |
---|
1763 | default: |
---|
1764 | direction = -1; |
---|
1765 | } |
---|
1766 | |
---|
1767 | return direction; |
---|
1768 | |
---|
1769 | |
---|
1770 | } |
---|
1771 | |
---|
1772 | /** Get the direction flag, if it has one |
---|
1773 | * @param packet a pointer to a libtrace_packet structure |
---|
1774 | * @returns a signed value containing the direction flag, or -1 if this is not supported |
---|
1775 | * The direction is defined as 0 for packets originating locally (ie, outbound) |
---|
1776 | * and 1 for packets originating remotely (ie, inbound). |
---|
1777 | * Other values are possible, which might be overloaded to mean special things |
---|
1778 | * for a special trace. |
---|
1779 | * @author Daniel Lawson |
---|
1780 | */ |
---|
1781 | int8_t trace_get_direction(const struct libtrace_packet_t *packet) { |
---|
1782 | |
---|
1783 | int8_t direction; |
---|
1784 | dag_record_t *erfptr = 0; |
---|
1785 | assert(packet); |
---|
1786 | direction = -1; |
---|
1787 | |
---|
1788 | switch(packet->trace->format) { |
---|
1789 | case DAG: |
---|
1790 | case ERF: |
---|
1791 | case RTCLIENT: |
---|
1792 | erfptr = (dag_record_t *)packet->buffer; |
---|
1793 | direction = erfptr->flags.iface; |
---|
1794 | break; |
---|
1795 | case PCAP: |
---|
1796 | case PCAPINT: |
---|
1797 | switch (trace_get_link_type(packet)) { |
---|
1798 | case TRACE_TYPE_LINUX_SLL: |
---|
1799 | { |
---|
1800 | struct trace_sll_header_t *sll; |
---|
1801 | sll = trace_get_link(packet); |
---|
1802 | if (!sll) { |
---|
1803 | return -1; |
---|
1804 | } |
---|
1805 | /* 0 == LINUX_SLL_HOST */ |
---|
1806 | /* the Waikato Capture point defines "packets |
---|
1807 | * originating locally" (ie, outbound), with a |
---|
1808 | * direction of 0, and "packets destined locally" |
---|
1809 | * (ie, inbound), with a direction of 1. |
---|
1810 | * This is kind-of-opposite to LINUX_SLL. |
---|
1811 | * We return consistent values here, however |
---|
1812 | * |
---|
1813 | * Note that in recent versions of pcap, you can |
---|
1814 | * use "inbound" and "outbound" on ppp in linux |
---|
1815 | */ |
---|
1816 | if (ntohs(sll->pkttype==0)) { |
---|
1817 | |
---|
1818 | direction = 1; |
---|
1819 | } |
---|
1820 | else { |
---|
1821 | direction = 0; |
---|
1822 | } |
---|
1823 | break; |
---|
1824 | } |
---|
1825 | case TRACE_TYPE_PFLOG: |
---|
1826 | { |
---|
1827 | struct trace_pflog_header_t *pflog; |
---|
1828 | pflog = trace_get_link(packet); |
---|
1829 | if (!pflog) { |
---|
1830 | return -1; |
---|
1831 | } |
---|
1832 | /* enum { PF_IN=0, PF_OUT=1 }; */ |
---|
1833 | if (ntohs(pflog->dir==0)) { |
---|
1834 | |
---|
1835 | direction = 1; |
---|
1836 | } |
---|
1837 | else { |
---|
1838 | direction = 0; |
---|
1839 | } |
---|
1840 | break; |
---|
1841 | } |
---|
1842 | default: |
---|
1843 | /* pass */ |
---|
1844 | break; |
---|
1845 | } |
---|
1846 | default: |
---|
1847 | /* pass */ |
---|
1848 | break; |
---|
1849 | } |
---|
1850 | |
---|
1851 | return direction; |
---|
1852 | |
---|
1853 | |
---|
1854 | } |
---|
1855 | |
---|
1856 | struct ports_t { |
---|
1857 | uint16_t src; |
---|
1858 | uint16_t dst; |
---|
1859 | }; |
---|
1860 | |
---|
1861 | /* Return the client port |
---|
1862 | */ |
---|
1863 | uint16_t trace_get_source_port(const struct libtrace_packet_t *packet) |
---|
1864 | { |
---|
1865 | struct libtrace_ip *ip = trace_get_ip(packet); |
---|
1866 | struct ports_t *port; |
---|
1867 | if (6 != ip->ip_p |
---|
1868 | && 17 != ip->ip_p) |
---|
1869 | return 0; |
---|
1870 | if (0 != (ip->ip_off & SW_IP_OFFMASK)) |
---|
1871 | return 0; |
---|
1872 | |
---|
1873 | port = (struct ports_t *)((ptrdiff_t)ip + (ip->ip_hl * 4)); |
---|
1874 | |
---|
1875 | return htons(port->src); |
---|
1876 | } |
---|
1877 | |
---|
1878 | /* Same as get_source_port except use the destination port */ |
---|
1879 | uint16_t trace_get_destination_port(const struct libtrace_packet_t *packet) |
---|
1880 | { |
---|
1881 | struct libtrace_ip *ip = trace_get_ip(packet); |
---|
1882 | struct ports_t *port; |
---|
1883 | |
---|
1884 | if (6 != ip->ip_p |
---|
1885 | && 17 != ip->ip_p) |
---|
1886 | return 0; |
---|
1887 | |
---|
1888 | if (0 != (ip->ip_off & SW_IP_OFFMASK)) |
---|
1889 | return 0; |
---|
1890 | |
---|
1891 | port = (struct ports_t *)((ptrdiff_t)ip + (ip->ip_hl * 4)); |
---|
1892 | |
---|
1893 | return htons(port->dst); |
---|
1894 | } |
---|
1895 | |
---|
1896 | #define ROOT_SERVER(x) ((x) < 512) |
---|
1897 | #define ROOT_CLIENT(x) ((512 <= (x)) && ((x) < 1024)) |
---|
1898 | #define NONROOT_SERVER(x) ((x) >= 5000) |
---|
1899 | #define NONROOT_CLIENT(x) ((1024 <= (x)) && ((x) < 5000)) |
---|
1900 | #define DYNAMIC(x) ((49152 < (x)) && ((x) < 65535)) |
---|
1901 | #define SERVER(x) ROOT_SERVER(x) || NONROOT_SERVER(x) |
---|
1902 | #define CLIENT(x) ROOT_CLIENT(x) || NONROOT_CLIENT(x) |
---|
1903 | |
---|
1904 | /* Attempt to deduce the 'server' port |
---|
1905 | * @param protocol the IP protocol (eg, 6 or 17 for TCP or UDP) |
---|
1906 | * @param source the TCP or UDP source port |
---|
1907 | * @param dest the TCP or UDP destination port |
---|
1908 | * @returns a hint as to which port is the server port |
---|
1909 | * @author Daniel Lawson |
---|
1910 | */ |
---|
1911 | int8_t trace_get_server_port(uint8_t protocol, uint16_t source, uint16_t dest) { |
---|
1912 | /* |
---|
1913 | * * If the ports are equal, return DEST |
---|
1914 | * * Check for well-known ports in the given protocol |
---|
1915 | * * Root server ports: 0 - 511 |
---|
1916 | * * Root client ports: 512 - 1023 |
---|
1917 | * * non-root client ports: 1024 - 4999 |
---|
1918 | * * non-root server ports: 5000+ |
---|
1919 | * * Check for static ranges: 1024 - 49151 |
---|
1920 | * * Check for dynamic ranges: 49152 - 65535 |
---|
1921 | * * flip a coin. |
---|
1922 | */ |
---|
1923 | |
---|
1924 | uint16_t server, client; |
---|
1925 | |
---|
1926 | /* equal */ |
---|
1927 | if (source == client) |
---|
1928 | return USE_DEST; |
---|
1929 | |
---|
1930 | /* root server port, 0 - 511 */ |
---|
1931 | if (ROOT_SERVER(source) && ROOT_SERVER(dest)) { |
---|
1932 | if (source < dest) |
---|
1933 | return USE_SOURCE; |
---|
1934 | return USE_DEST; |
---|
1935 | } |
---|
1936 | |
---|
1937 | if (ROOT_SERVER(source) && !ROOT_SERVER(dest)) |
---|
1938 | return USE_SOURCE; |
---|
1939 | if (!ROOT_SERVER(source) && ROOT_SERVER(dest)) |
---|
1940 | return USE_DEST; |
---|
1941 | |
---|
1942 | /* non-root server */ |
---|
1943 | if (NONROOT_SERVER(source) && NONROOT_SERVER(dest)) { |
---|
1944 | if (source < dest) |
---|
1945 | return USE_SOURCE; |
---|
1946 | return USE_DEST; |
---|
1947 | } |
---|
1948 | if (NONROOT_SERVER(source) && !NONROOT_SERVER(dest)) |
---|
1949 | return USE_SOURCE; |
---|
1950 | if (!NONROOT_SERVER(source) && NONROOT_SERVER(dest)) |
---|
1951 | return USE_DEST; |
---|
1952 | |
---|
1953 | /* root client */ |
---|
1954 | if (ROOT_CLIENT(source) && ROOT_CLIENT(dest)) { |
---|
1955 | if (source < dest) |
---|
1956 | return USE_SOURCE; |
---|
1957 | return USE_DEST; |
---|
1958 | } |
---|
1959 | if (ROOT_CLIENT(source) && !ROOT_CLIENT(dest)) { |
---|
1960 | /* prefer root-client over nonroot-client */ |
---|
1961 | if (NONROOT_CLIENT(dest)) |
---|
1962 | return USE_SOURCE; |
---|
1963 | return USE_DEST; |
---|
1964 | } |
---|
1965 | if (!ROOT_CLIENT(source) && ROOT_CLIENT(dest)) { |
---|
1966 | /* prefer root-client over nonroot-client */ |
---|
1967 | if (NONROOT_CLIENT(source)) |
---|
1968 | return USE_DEST; |
---|
1969 | return USE_SOURCE; |
---|
1970 | } |
---|
1971 | |
---|
1972 | /* nonroot client */ |
---|
1973 | if (NONROOT_CLIENT(source) && NONROOT_CLIENT(dest)) { |
---|
1974 | if (source < dest) |
---|
1975 | return USE_SOURCE; |
---|
1976 | return USE_DEST; |
---|
1977 | } |
---|
1978 | if (NONROOT_CLIENT(source) && !NONROOT_CLIENT(dest)) |
---|
1979 | return USE_DEST; |
---|
1980 | if (!NONROOT_CLIENT(source) && NONROOT_CLIENT(dest)) |
---|
1981 | return USE_SOURCE; |
---|
1982 | |
---|
1983 | /* dynamic range */ |
---|
1984 | if (DYNAMIC(source) && DYNAMIC(dest)) |
---|
1985 | if (source < dest) |
---|
1986 | return USE_SOURCE; |
---|
1987 | return USE_DEST; |
---|
1988 | if (DYNAMIC(source) && !DYNAMIC(dest)) |
---|
1989 | return USE_DEST; |
---|
1990 | if (!DYNAMIC(source) && DYNAMIC(dest)) |
---|
1991 | return USE_SOURCE; |
---|
1992 | /* |
---|
1993 | if (SERVER(source) && CLIENT(dest)) |
---|
1994 | return USE_SOURCE; |
---|
1995 | |
---|
1996 | if (SERVER(dest) && CLIENT(source)) |
---|
1997 | return USE_DEST; |
---|
1998 | if (ROOT_SERVER(source) && !ROOT_SERVER(dest)) |
---|
1999 | return USE_SOURCE; |
---|
2000 | if (ROOT_SERVER(dest) && !ROOT_SERVER(source)) |
---|
2001 | return USE_DEST; |
---|
2002 | */ |
---|
2003 | // failing that test... |
---|
2004 | if (source < dest) { |
---|
2005 | return USE_SOURCE; |
---|
2006 | } |
---|
2007 | return USE_DEST; |
---|
2008 | |
---|
2009 | } |
---|
2010 | |
---|
2011 | /** Truncate the packet at the suggested length |
---|
2012 | * @param packet the packet opaque pointer |
---|
2013 | * @param size the new length of the packet |
---|
2014 | * @returns the new length of the packet, or the original length of the |
---|
2015 | * packet if unchanged |
---|
2016 | * NOTE: len refers to the network-level payload of the packet, and not |
---|
2017 | * any capture headers included as well. For example, to truncate a packet |
---|
2018 | * after the IP header, set scan to sizeof(ethernet_header) + sizeof(ip_header) |
---|
2019 | * @author Daniel Lawson |
---|
2020 | */ |
---|
2021 | size_t trace_truncate_packet(struct libtrace_packet_t *packet, size_t size) { |
---|
2022 | dag_record_t *erfptr; |
---|
2023 | #if HAVE_PCAP |
---|
2024 | struct pcap_pkthdr *pcaphdr; |
---|
2025 | #endif |
---|
2026 | |
---|
2027 | assert(packet); |
---|
2028 | |
---|
2029 | if (size > packet->size) { |
---|
2030 | // can't make a packet larger |
---|
2031 | return packet->size; |
---|
2032 | } |
---|
2033 | switch (packet->trace->format) { |
---|
2034 | #if HAVE_PCAP |
---|
2035 | case PCAPINT: |
---|
2036 | case PCAP: |
---|
2037 | pcaphdr = (struct pcap_pkthdr *)packet->buffer; |
---|
2038 | pcaphdr->caplen = size + sizeof(struct pcap_pkthdr); |
---|
2039 | packet->size = pcaphdr->caplen; |
---|
2040 | break; |
---|
2041 | #endif |
---|
2042 | case ERF: |
---|
2043 | case DAG: |
---|
2044 | case RTCLIENT: |
---|
2045 | erfptr = (dag_record_t *)packet->buffer; |
---|
2046 | erfptr->rlen = ntohs(size + sizeof(dag_record_t)); |
---|
2047 | packet->size = size + sizeof(dag_record_t); |
---|
2048 | break; |
---|
2049 | case WAGINT: |
---|
2050 | case WAG: |
---|
2051 | // don't know how to do this? |
---|
2052 | break; |
---|
2053 | } |
---|
2054 | return packet->size; |
---|
2055 | } |
---|
2056 | |
---|
2057 | //#ifdef HAVE_ZLIB |
---|
2058 | /* uncompr.c -- decompress a memory buffer |
---|
2059 | * Copyright (C) 1995-2003 Jean-loup Gailly. |
---|
2060 | * For conditions of distribution and use, see copyright notice in zlib.h |
---|
2061 | */ |
---|
2062 | |
---|
2063 | |
---|
2064 | /* =========================================================================== |
---|
2065 | Decompresses the source buffer into the destination buffer. sourceLen is |
---|
2066 | the byte length of the source buffer. Upon entry, destLen is the total |
---|
2067 | size of the destination buffer, which must be large enough to hold the |
---|
2068 | entire uncompressed data. (The size of the uncompressed data must have |
---|
2069 | been saved previously by the compressor and transmitted to the decompressor |
---|
2070 | by some mechanism outside the scope of this compression library.) |
---|
2071 | Upon exit, destLen is the actual size of the compressed buffer. |
---|
2072 | This function can be used to decompress a whole file at once if the |
---|
2073 | input file is mmap'ed. |
---|
2074 | |
---|
2075 | uncompress returns Z_OK if success, Z_MEM_ERROR if there was not |
---|
2076 | enough memory, Z_BUF_ERROR if there was not enough room in the output |
---|
2077 | buffer, or Z_DATA_ERROR if the input data was corrupted. |
---|
2078 | */ |
---|
2079 | int trace_uncompress (void *dest, size_t destLen, const void *source, size_t sourceLen) |
---|
2080 | { |
---|
2081 | z_stream stream; |
---|
2082 | int err; |
---|
2083 | |
---|
2084 | stream.next_in = (Bytef*)source; |
---|
2085 | stream.avail_in = (uInt)sourceLen; |
---|
2086 | /* Check for source > 64K on 16-bit machine: */ |
---|
2087 | if ((uLong)stream.avail_in != sourceLen) return Z_BUF_ERROR; |
---|
2088 | |
---|
2089 | stream.next_out = dest; |
---|
2090 | stream.avail_out = destLen; |
---|
2091 | if ((uLong)stream.avail_out != destLen) return Z_BUF_ERROR; |
---|
2092 | |
---|
2093 | stream.zalloc = (alloc_func)0; |
---|
2094 | stream.zfree = (free_func)0; |
---|
2095 | |
---|
2096 | err = inflateInit(&stream); |
---|
2097 | if (err != Z_OK) return err; |
---|
2098 | |
---|
2099 | err = inflate(&stream, Z_FINISH); |
---|
2100 | if (err != Z_STREAM_END) { |
---|
2101 | inflateEnd(&stream); |
---|
2102 | if (err == Z_NEED_DICT || (err == Z_BUF_ERROR && stream.avail_in == 0)) |
---|
2103 | return Z_DATA_ERROR; |
---|
2104 | return err; |
---|
2105 | } |
---|
2106 | destLen = stream.total_out; |
---|
2107 | |
---|
2108 | err = inflateEnd(&stream); |
---|
2109 | return err; |
---|
2110 | } |
---|
2111 | |
---|
2112 | |
---|
2113 | int trace_comp_read(struct libtrace_t *trace, void *buffer, size_t len) { |
---|
2114 | //we want to read len bytes out of the compressed file stored in *fh. |
---|
2115 | //store this in buffer, and return the number of bytes read. |
---|
2116 | |
---|
2117 | size_t numbytes = 0; |
---|
2118 | size_t ret = 0; |
---|
2119 | |
---|
2120 | if (trace->comp.ibuf == 0) { |
---|
2121 | trace->comp.ibuf = malloc(COMP_IBUF_SIZE); |
---|
2122 | trace->comp.cbuf_max = COMP_IBUF_SIZE * 3; |
---|
2123 | trace->comp.cbuf = malloc(trace->comp.cbuf_max); |
---|
2124 | } |
---|
2125 | |
---|
2126 | if (fifo_out_available(trace->comp.cfifo) < len) { |
---|
2127 | |
---|
2128 | if ((numbytes = fread(trace->comp.ibuf, |
---|
2129 | COMP_IBUF_SIZE, |
---|
2130 | 1, |
---|
2131 | trace->input.file)) == 0 ) { |
---|
2132 | if (feof(trace->input.file)) { |
---|
2133 | return 0; |
---|
2134 | } |
---|
2135 | if (ferror(trace->input.file)) { |
---|
2136 | perror("fread"); |
---|
2137 | return -1; |
---|
2138 | } |
---|
2139 | } |
---|
2140 | |
---|
2141 | // attempt to uncompress. This is wrapped up so |
---|
2142 | // that if the buffer is too small, it resizes |
---|
2143 | // and loops until it isn't too small |
---|
2144 | do { |
---|
2145 | trace->comp.cbuf_pos = trace->comp.cbuf_max; |
---|
2146 | // trace->comp.cbuf_pos is the size of the compression buffer |
---|
2147 | ret = trace_incompress(trace->comp.cbuf, |
---|
2148 | trace->comp.cbuf_pos, |
---|
2149 | trace->comp.ibuf, |
---|
2150 | COMP_IBUF_SIZE); |
---|
2151 | // trace->comp.cbuf_pos is NOW how much of the compression buffer is used; |
---|
2152 | if (ret == Z_BUF_ERROR) { |
---|
2153 | trace->comp.cbuf_max *= 2; |
---|
2154 | trace->comp.cbuf = realloc(trace->comp.cbuf,trace->comp.cbuf_max); |
---|
2155 | } |
---|
2156 | } while(ret == Z_BUF_ERROR); |
---|
2157 | |
---|
2158 | // bad. Exit. |
---|
2159 | if (ret == Z_DATA_ERROR || ret == Z_MEM_ERROR) { |
---|
2160 | return -1; |
---|
2161 | } |
---|
2162 | |
---|
2163 | fifo_write(trace->comp.cfifo,trace->comp.cbuf,trace->comp.cbuf_pos); |
---|
2164 | } |
---|
2165 | |
---|
2166 | if ((numbytes = fifo_out_read(trace->comp.cfifo, buffer, len)) == 0 ) { |
---|
2167 | fprintf(stderr,"Couldn't read from compressed file, bailing\n"); |
---|
2168 | return -1; |
---|
2169 | } |
---|
2170 | |
---|
2171 | return len; |
---|
2172 | } |
---|
2173 | //#endif |
---|