Changeset 38c00dd


Ignore:
Timestamp:
04/06/16 13:08:30 (5 years ago)
Author:
Richard Sanger <rsanger@…>
Branches:
4.0.1-hotfixes, cachetimestamps, develop, dpdk-ndag, etsilive, master, ndag_format, rc-4.0.1, rc-4.0.2, rc-4.0.3, rc-4.0.4, ringdecrementfix, ringperformance, ringtimestampfixes
Children:
bb0a1f4
Parents:
13bcf9e (diff), fd4482d (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

Merge branch 'master' into develop

Conflicts:

lib/trace.c

Files:
1 added
6 deleted
6 edited

Legend:

Unmodified
Added
Removed
  • INSTALL

    rc24de65 r38c00dd  
    3939
    4040
     41Q. What operating systems do you support?
     42
     43A. Linux, FreeBSD, Mac OS X and OpenBSD. Windows is not supported.
     44
    4145----------------------------------
    4246Using libtrace:
     
    4448The best source of information on how to use libtrace and the tools that come
    4549with it is the libtrace wiki located at
    46 http://www.wand.net.nz/trac/libtrace/wiki
     50http://www.github.com/wanduow/libtrace/wiki
    4751
    4852
  • README

    r3e5518a rb6cbdaf  
    1313This directory contains source code for libtrace, a userspace library for
    1414processing of network traffic capture from live interfaces or from offline
    15 traces.
     15traces. 
    1616
    1717libtrace was primarily designed for use with the real-time interface to the
    1818Waikato DAG Capture Point software running at The University of Waikato,
    1919and has been since extended to a range of other trace and interface formats.
     20
     21Libtrace should build and run on Linux, Mac OS X, FreeBSD and OpenBSD systems.
    2022
    2123Further information about libtrace see
  • lib/libtrace.h.in

    r0277ab8 r38c00dd  
    14251425/** Create a new packet object
    14261426 *
    1427  * @return A pointer to an initialised libtrace_packet_t object
     1427 * @return A pointer to an initialised libtrace_packet_t object, or NULL if
     1428 * libtrace is unable to allocate space for a new packet.
    14281429 */
    14291430DLLEXPORT libtrace_packet_t *trace_create_packet(void);
  • lib/trace.c

    r584d907 r38c00dd  
    22 * This file is part of libtrace
    33 *
    4  * Copyright (c) 2007,2008,2009,2010 The University of Waikato, Hamilton, 
     4 * Copyright (c) 2007,2008,2009,2010 The University of Waikato, Hamilton,
    55 * New Zealand.
    66 *
    7  * Authors: Daniel Lawson 
     7 * Authors: Daniel Lawson
    88 *          Perry Lorier
    9  *          Shane Alcock 
    10  *         
     9 *          Shane Alcock
     10 *
    1111 * All rights reserved.
    1212 *
    13  * This code has been developed by the University of Waikato WAND 
     13 * This code has been developed by the University of Waikato WAND
    1414 * research group. For further information please see http://www.wand.net.nz/
    1515 *
     
    115115        dest[n]='\0';
    116116}
    117  
     117
    118118static char *xstrndup(const char *src,size_t n)
    119 {       
     119{
    120120        char *ret=(char*)malloc(n+1);
    121121        if (ret==NULL) {
     
    153153}
    154154
    155 /* Prints help information for libtrace 
     155/* Prints help information for libtrace
    156156 *
    157157 * Function prints out some basic help information regarding libtrace,
     
    176176{
    177177        struct libtrace_format_t *tmp;
    178        
     178
    179179        /* Try and guess based on filename */
    180180        for(tmp = formats_list; tmp; tmp=tmp->next) {
     
    198198                }
    199199        }
    200        
     200
    201201        /* No formats matched -- make sure we clean up the IO object we
    202202         * used to probe the file magic */
     
    213213 *  erf:/path/to/erf/file
    214214 *  erf:/path/to/erf/file.gz
    215  *  erf:-                       (stdin)
     215 *  erf:-                       (stdin)
    216216 *  dag:/dev/dagcard
    217  *  pcapint:pcapinterface               (eg: pcapint:eth0)
     217 *  pcapint:pcapinterface               (eg: pcapint:eth0)
    218218 *  pcapfile:/path/to/pcap/file
    219219 *  pcapfile:-
     
    226226 */
    227227DLLEXPORT libtrace_t *trace_create(const char *uri) {
    228         libtrace_t *libtrace = 
     228        libtrace_t *libtrace =
    229229                        (libtrace_t *)malloc(sizeof(libtrace_t));
    230230        char *scan = 0;
    231         const char *uridata = 0;                 
     231        const char *uridata = 0;
    232232
    233233        trace_init();
     
    239239                return NULL;
    240240        }
    241        
     241
    242242        libtrace->err.err_num = TRACE_ERR_NOERROR;
    243243        libtrace->format=NULL;
    244        
     244
    245245        libtrace->event.tdelta = 0.0;
    246246        libtrace->event.packet = NULL;
     
    289289         * libtrace->uridata contains the appropriate data for this
    290290         */
    291        
    292         /* Call the init_input function for the matching capture format */
     291
     292        /* Call the init_input function for the matching capture format */
    293293        if (libtrace->format->init_input) {
    294294                int err=libtrace->format->init_input(libtrace);
    295295                assert (err==-1 || err==0);
    296296                if (err==-1) {
    297                         /* init_input should call trace_set_err to set
    298                          * the error message
     297                        /* init_input should call trace_set_err to set the
     298                         * error message
    299299                         */
    300300                        return libtrace;
     
    305305                return libtrace;
    306306        }
    307        
     307
    308308        if (scan)
    309309                free(scan);
     
    328328
    329329        trace_init();
    330        
     330
    331331        libtrace->err.err_num = TRACE_ERR_NOERROR;
    332332
     
    336336                xstrncpy(scan,uri, (size_t)(uridata - uri));
    337337        }
    338        
     338
    339339        libtrace->err.err_num = TRACE_ERR_NOERROR;
    340340        libtrace->format=NULL;
    341        
     341
    342342        libtrace->event.tdelta = 0.0;
    343343        libtrace->event.packet = NULL;
     
    350350        libtrace->io = NULL;
    351351        libtrace->filtered_packets = 0;
    352        
     352
    353353        for(tmp=formats_list;tmp;tmp=tmp->next) {
    354354                if (strlen(scan) == strlen(tmp->name) &&
     
    371371}
    372372
    373 /* Creates an output trace from a URI. 
     373/* Creates an output trace from a URI.
    374374 *
    375375 * @param uri   the uri string describing the output format and destination
    376  * @returns opaque pointer to a libtrace_output_t 
     376 * @returns opaque pointer to a libtrace_output_t
    377377 *
    378378 *  If an error occured when attempting to open the output trace, NULL is
    379  *  returned and trace_errno is set. 
    380  */
    381        
     379 *  returned and trace_errno is set.
     380 */
     381
    382382DLLEXPORT libtrace_out_t *trace_create_output(const char *uri) {
    383         libtrace_out_t *libtrace = 
     383        libtrace_out_t *libtrace =
    384384                        (libtrace_out_t*)malloc(sizeof(libtrace_out_t));
    385        
     385
    386386        char *scan = 0;
    387387        const char *uridata = 0;
     
    394394        libtrace->format = NULL;
    395395        libtrace->uridata = NULL;
    396        
     396
    397397        /* Parse the URI to determine what capture format we want to write */
    398398
     
    402402                return libtrace;
    403403        }
    404        
     404
    405405        /* Attempt to find the format in the list of supported formats */
    406406        for(tmp=formats_list;tmp;tmp=tmp->next) {
     
    471471
    472472/* Start an output trace */
    473 DLLEXPORT int trace_start_output(libtrace_out_t *libtrace) 
     473DLLEXPORT int trace_start_output(libtrace_out_t *libtrace)
    474474{
    475475        assert(libtrace);
     
    507507                return -1;
    508508        }
    509        
     509
    510510        /* If the capture format supports configuration, try using their
    511511         * native configuration first */
     
    517517
    518518        /* If we get here, either the native configuration failed or the
    519          * format did not support configuration. However, libtrace can 
     519         * format did not support configuration. However, libtrace can
    520520         * deal with some options itself, so give that a go */
    521521        switch(option) {
     
    525525                                trace_get_err(libtrace);
    526526                        }
    527                         if (*(int*)value<0 
     527                        if (*(int*)value<0
    528528                                || *(int*)value>LIBTRACE_PACKET_BUFSIZE) {
    529529                                trace_set_err(libtrace,TRACE_ERR_BAD_STATE,
     
    547547                case TRACE_OPTION_META_FREQ:
    548548                        if (!trace_is_err(libtrace)) {
    549                                 trace_set_err(libtrace, 
     549                                trace_set_err(libtrace,
    550550                                                TRACE_ERR_OPTION_UNAVAIL,
    551551                                                "This format does not support meta-data gathering");
     
    554554                case TRACE_OPTION_EVENT_REALTIME:
    555555                        if (!trace_is_err(libtrace)) {
    556                                 trace_set_err(libtrace, 
     556                                trace_set_err(libtrace,
    557557                                                TRACE_ERR_OPTION_UNAVAIL,
    558558                                                "This format does not support realtime events");
    559559                        }
    560560                        return -1;
    561                        
     561
    562562        }
    563563        if (!trace_is_err(libtrace)) {
     
    568568}
    569569
    570 DLLEXPORT int trace_config_output(libtrace_out_t *libtrace, 
     570DLLEXPORT int trace_config_output(libtrace_out_t *libtrace,
    571571                trace_option_output_t option,
    572572                void *value) {
    573        
     573
    574574        /* Unlike the input options, libtrace does not natively support any of
    575575         * the output options - the format module must be able to deal with
     
    625625 * @param libtrace      the output trace file to be destroyed
    626626 */
    627 DLLEXPORT void trace_destroy_output(libtrace_out_t *libtrace) 
     627DLLEXPORT void trace_destroy_output(libtrace_out_t *libtrace)
    628628{
    629629        assert(libtrace);
     
    635635}
    636636
    637 DLLEXPORT libtrace_packet_t *trace_create_packet(void) 
    638 {
    639         libtrace_packet_t *packet = 
     637DLLEXPORT libtrace_packet_t *trace_create_packet(void)
     638{
     639        libtrace_packet_t *packet =
    640640                (libtrace_packet_t*)calloc((size_t)1,sizeof(libtrace_packet_t));
     641
     642        if (packet == NULL)
     643                return NULL;
    641644
    642645        packet->buf_control=TRACE_CTRL_PACKET;
     
    646649
    647650DLLEXPORT libtrace_packet_t *trace_copy_packet(const libtrace_packet_t *packet) {
    648         libtrace_packet_t *dest = 
     651        libtrace_packet_t *dest =
    649652                (libtrace_packet_t *)malloc(sizeof(libtrace_packet_t));
    650653        if (!dest) {
     
    665668        /* Reset the cache - better to recalculate than try to convert
    666669         * the values over to the new packet */
    667         trace_clear_cache(dest);       
     670        trace_clear_cache(dest);
    668671        /* Ooooh nasty memcpys! This is why we want to avoid copying packets
    669672         * as much as possible */
     
    680683                free(packet->buffer);
    681684        }
    682         packet->buf_control=(buf_control_t)'\0'; 
     685        packet->buf_control=(buf_control_t)'\0';
    683686                                /* A "bad" value to force an assert
    684687                                 * if this packet is ever reused
    685688                                 */
    686689        free(packet);
    687 }       
     690}
    688691
    689692/* Read one packet from the trace into buffer. Note that this function will
    690693 * block until a packet is read (or EOF is reached).
    691694 *
    692  * @param libtrace      the libtrace opaque pointer
    693  * @param packet        the packet opaque pointer
     695 * @param libtrace      the libtrace opaque pointer
     696 * @param packet        the packet opaque pointer
    694697 * @returns 0 on EOF, negative value on error
    695698 *
     
    704707                return -1;
    705708        }
    706         if (!(packet->buf_control==TRACE_CTRL_PACKET || packet->buf_control==TRACE_CTRL_EXTERNAL)) {
     709        if (!(packet->buf_control==TRACE_CTRL_PACKET
     710                    || packet->buf_control==TRACE_CTRL_EXTERNAL)) {
    707711                trace_set_err(libtrace,TRACE_ERR_BAD_STATE,"Packet passed to trace_read_packet() is invalid\n");
    708712                return -1;
    709713        }
    710714        assert(packet);
    711      
    712         /* Store the trace we are reading from into the packet opaque 
     715
     716        /* Store the trace we are reading from into the packet opaque
    713717         * structure */
    714718        packet->trace = libtrace;
     
    741745                                        return ~0U;
    742746                                }
    743                                
     747
    744748                                if (filtret == 0) {
    745749                                        ++libtrace->filtered_packets;
     
    765769 * appropriate capture format header for the format type that the packet is
    766770 * being converted to. This also allows for a packet to be converted into
    767  * just about capture format that is supported by libtrace, provided the 
     771 * just about capture format that is supported by libtrace, provided the
    768772 * format header is present in the buffer.
    769773 *
    770774 * This function is primarily used to convert packets received via the RT
    771775 * protocol back into their original capture format. The RT header encapsulates
    772  * the original capture format header, so after removing it the packet must 
     776 * the original capture format header, so after removing it the packet must
    773777 * have it's header and payload pointers updated and the packet format and type
    774778 * changed, amongst other things.
    775779 *
    776  * Intended only for internal use at this point - this function is not 
     780 * Intended only for internal use at this point - this function is not
    777781 * available through the external libtrace API.
    778782 */
     
    782786        assert(packet);
    783787        assert(trace);
    784        
     788
    785789        /* XXX Proper error handling?? */
    786790        if (buffer == NULL)
     
    791795                return -1;
    792796        }
    793        
     797
    794798        packet->trace = trace;
    795        
     799
    796800        /* Clear packet cache */
    797801        trace_clear_cache(packet);
     
    801805                                buffer, rt_type, flags);
    802806        }
    803         trace_set_err(trace, TRACE_ERR_UNSUPPORTED, 
     807        trace_set_err(trace, TRACE_ERR_UNSUPPORTED,
    804808                        "This format does not support preparing packets\n");
    805809        return -1;
     
    815819DLLEXPORT int trace_write_packet(libtrace_out_t *libtrace, libtrace_packet_t *packet) {
    816820        assert(libtrace);
    817         assert(packet); 
     821        assert(packet);
    818822        /* Verify the packet is valid */
    819823        if (!libtrace->started) {
     
    843847                 * wire lengths to be the "remaining" value. If the packet has
    844848                 * been padded to increase the capture length, we don't want
    845                  * to allow subsequent protocol decoders to consider the 
     849                 * to allow subsequent protocol decoders to consider the
    846850                 * padding as part of the packet.
    847851                 *
     
    853857                 * better off returning an incomplete TCP header in that case.
    854858                 */
    855                
     859
    856860                cap_len = trace_get_capture_length(packet);
    857861                wire_len = trace_get_wire_length(packet);
     
    862866                 * massively negative wire lens. We could assert fail here on
    863867                 * them, but we could at least try the capture length instead.
    864                  * 
     868                 *
    865869                 * You may still run into problems if you try to write that
    866870                 * packet, but at least reading should work OK.
     
    878882
    879883
    880 /* Get a pointer to the first byte of the packet payload 
     884/* Get a pointer to the first byte of the packet payload
    881885 *
    882886 * DEPRECATED - use trace_get_packet_buffer() instead */
     
    885889}
    886890
    887 /* Get the current time in DAG time format 
    888  * @param packet        a pointer to a libtrace_packet structure
     891/* Get the current time in DAG time format
     892 * @param packet        a pointer to a libtrace_packet structure
    889893 * @returns a 64 bit timestamp in DAG ERF format (upper 32 bits are the seconds
    890894 * past 1970-01-01, the lower 32bits are partial seconds)
    891  */ 
     895 */
    892896DLLEXPORT uint64_t trace_get_erf_timestamp(const libtrace_packet_t *packet) {
    893897        if (packet->trace->format->get_erf_timestamp) {
     
    915919                return (uint64_t)0;
    916920        }
    917                      
    918921}
    919922
     
    924927 * @author Daniel Lawson
    925928 * @author Perry Lorier
    926  */ 
     929 */
    927930DLLEXPORT struct timeval trace_get_timeval(const libtrace_packet_t *packet) {
    928931        struct timeval tv;
     
    936939                tv.tv_sec = ts >> 32;
    937940                tv.tv_usec = ((ts&0xFFFFFFFF)*1000000)>>32;
    938                 if (tv.tv_usec >= 1000000) {
    939                         tv.tv_usec -= 1000000;
    940                         tv.tv_sec += 1;
    941                 }
     941                if (tv.tv_usec >= 1000000) {
     942                        tv.tv_usec -= 1000000;
     943                        tv.tv_sec += 1;
     944                }
    942945        } else if (packet->trace->format->get_timespec) {
    943946                struct timespec ts = packet->trace->format->get_timespec(packet);
     
    968971                ts.tv_sec = erfts >> 32;
    969972                ts.tv_nsec = ((erfts&0xFFFFFFFF)*1000000000)>>32;
    970                 if (ts.tv_nsec >= 1000000000) {
    971                         ts.tv_nsec -= 1000000000;
    972                         ts.tv_sec += 1;
    973                 }
     973                if (ts.tv_nsec >= 1000000000) {
     974                        ts.tv_nsec -= 1000000000;
     975                        ts.tv_sec += 1;
     976                }
    974977                return ts;
    975978        } else if (packet->trace->format->get_timeval) {
     
    995998
    996999/* Get the current time in floating point seconds
    997  * @param packet        a pointer to a libtrace_packet structure
     1000 * @param packet        a pointer to a libtrace_packet structure
    9981001 * @returns time that this packet was seen in 64bit floating point seconds
    999  */ 
     1002 */
    10001003DLLEXPORT double trace_get_seconds(const libtrace_packet_t *packet) {
    10011004        double seconds = 0.0;
     
    10241027}
    10251028
    1026 DLLEXPORT size_t trace_get_capture_length(const libtrace_packet_t *packet) 
     1029DLLEXPORT size_t trace_get_capture_length(const libtrace_packet_t *packet)
    10271030{
    10281031        /* Cache the capture length */
     
    10311034                        return ~0U;
    10321035                /* Cast away constness because this is "just" a cache */
    1033                 ((libtrace_packet_t*)packet)->capture_length = 
     1036                ((libtrace_packet_t*)packet)->capture_length =
    10341037                        packet->trace->format->get_capture_length(packet);
    10351038        }
     
    10391042        return packet->capture_length;
    10401043}
    1041        
     1044
    10421045/* Get the size of the packet as it was seen on the wire.
    10431046 * @param packet        a pointer to a libtrace_packet structure
     
    10461049 * @note Due to the trace being a header capture, or anonymisation this may
    10471050 * not be the same as the Capture Len.
    1048  */ 
     1051 */
    10491052DLLEXPORT size_t trace_get_wire_length(const libtrace_packet_t *packet){
    1050        
     1053
    10511054        if (packet->wire_length == -1) {
    1052                 if (!packet->trace->format->get_wire_length) 
     1055                if (!packet->trace->format->get_wire_length)
    10531056                        return ~0U;
    1054                 ((libtrace_packet_t *)packet)->wire_length = 
     1057                ((libtrace_packet_t *)packet)->wire_length =
    10551058                        packet->trace->format->get_wire_length(packet);
    10561059        }
     
    10621065
    10631066/* Get the length of the capture framing headers.
    1064  * @param packet        the packet opaque pointer
     1067 * @param packet        the packet opaque pointer
    10651068 * @returns the size of the packet as it was on the wire.
    1066  * @note this length corresponds to the difference between the size of a 
     1069 * @note this length corresponds to the difference between the size of a
    10671070 * captured packet in memory, and the captured length of the packet
    1068  */ 
     1071 */
    10691072DLLEXPORT SIMPLE_FUNCTION
    10701073size_t trace_get_framing_length(const libtrace_packet_t *packet) {
     
    10771080
    10781081/* Get the type of the link layer
    1079  * @param packet        a pointer to a libtrace_packet structure
     1082 * @param packet        a pointer to a libtrace_packet structure
    10801083 * @returns libtrace_linktype_t
    10811084 */
     
    11031106 * which in turn is stored inside the new packet object...
    11041107 */
    1105 DLLEXPORT libtrace_eventobj_t trace_event(libtrace_t *trace, 
     1108DLLEXPORT libtrace_eventobj_t trace_event(libtrace_t *trace,
    11061109                libtrace_packet_t *packet) {
    11071110        libtrace_eventobj_t event = {TRACE_EVENT_IOWAIT,0,0.0,0};
     
    11151118        /* Clear the packet cache */
    11161119        trace_clear_cache(packet);
    1117        
     1120
    11181121        /* Store the trace we are reading from into the packet opaque
    11191122         * structure */
     
    11221125        if (packet->trace->format->trace_event) {
    11231126                /* Note: incrementing accepted, filtered etc. packet
    1124                  * counters is handled by the format-specific 
     1127                 * counters is handled by the format-specific
    11251128                 * function so don't increment them here.
    11261129                 */
     
    11491152        filter->filter.bf_insns = (struct bpf_insn *)
    11501153                malloc(sizeof(struct bpf_insn) * bf_len);
    1151        
     1154
    11521155        memcpy(filter->filter.bf_insns, bf_insns,
    11531156                        bf_len * sizeof(struct bpf_insn));
    1154        
     1157
    11551158        filter->filter.bf_len = bf_len;
    11561159        filter->filterstring = NULL;
    11571160        filter->jitfilter = NULL;
    11581161        /* "flag" indicates that the filter member is valid */
    1159         filter->flag = 1; 
    1160        
     1162        filter->flag = 1;
     1163
    11611164        return filter;
    11621165#endif
     
    11881191                pcap_freecode(&filter->filter);
    11891192#ifdef HAVE_LLVM
    1190         if (filter->jitfilter) 
     1193        if (filter->jitfilter)
    11911194                destroy_program(filter->jitfilter);
    11921195#endif
     
    12061209static int trace_bpf_compile(libtrace_filter_t *filter,
    12071210                const libtrace_packet_t *packet,
    1208                 void *linkptr, 
     1211                void *linkptr,
    12091212                libtrace_linktype_t linktype    ) {
    12101213#ifdef HAVE_BPF_FILTER
     
    12171220                return -1;
    12181221        }
    1219        
     1222
    12201223        if (filter->filterstring && ! filter->flag) {
    12211224                pcap_t *pcap = NULL;
     
    12361239                /* build filter */
    12371240                assert(pcap);
    1238                 if (pcap_compile( pcap, &filter->filter, filter->filterstring, 
     1241                if (pcap_compile( pcap, &filter->filter, filter->filterstring,
    12391242                                        1, 0)) {
    12401243                        trace_set_err(packet->trace,TRACE_ERR_BAD_FILTER,
    1241                                         "Unable to compile the filter \"%s\": %s", 
     1244                                        "Unable to compile the filter \"%s\": %s",
    12421245                                        filter->filterstring,
    12431246                                        pcap_geterr(pcap));
     
    12751278
    12761279        if (linktype == TRACE_TYPE_NONDATA)
    1277                 return 1;       
     1280                return 1;
    12781281
    12791282        if (libtrace_to_pcap_dlt(linktype)==TRACE_DLT_ERROR) {
    1280                
     1283
    12811284                /* If we cannot get a suitable DLT for the packet, it may
    12821285                 * be because the packet is encapsulated in a link type that
     
    12841287                 * popping off headers until we either can find a suitable
    12851288                 * link type or we can't do any more sensible decapsulation. */
    1286                
     1289
    12871290                /* Copy the packet, as we don't want to trash the one we
    12881291                 * were passed in */
     
    12921295                while (libtrace_to_pcap_dlt(linktype) == TRACE_DLT_ERROR) {
    12931296                        if (!demote_packet(packet_copy)) {
    1294                                 trace_set_err(packet->trace, 
     1297                                trace_set_err(packet->trace,
    12951298                                                TRACE_ERR_NO_CONVERSION,
    12961299                                                "pcap does not support this format");
     
    13041307
    13051308        }
    1306        
     1309
    13071310        linkptr = trace_get_packet_buffer(packet_copy,NULL,&clen);
    13081311        if (!linkptr) {
     
    13131316        }
    13141317
    1315         /* We need to compile the filter now, because before we didn't know 
     1318        /* We need to compile the filter now, because before we didn't know
    13161319         * what the link type was
    13171320         */
     
    13541357 * @returns a signed value containing the direction flag, or -1 if this is not supported
    13551358 */
    1356 DLLEXPORT libtrace_direction_t trace_set_direction(libtrace_packet_t *packet, 
    1357                 libtrace_direction_t direction) 
     1359DLLEXPORT libtrace_direction_t trace_set_direction(libtrace_packet_t *packet,
     1360                libtrace_direction_t direction)
    13581361{
    13591362        assert(packet);
     
    13721375 * for a special trace.
    13731376 */
    1374 DLLEXPORT libtrace_direction_t trace_get_direction(const libtrace_packet_t *packet) 
     1377DLLEXPORT libtrace_direction_t trace_get_direction(const libtrace_packet_t *packet)
    13751378{
    13761379        assert(packet);
     
    13871390#define DYNAMIC(x) ((49152 < (x)) && ((x) < 65535))
    13881391#define SERVER(x) ROOT_SERVER(x) || NONROOT_SERVER(x)
    1389 #define CLIENT(x) ROOT_CLIENT(x) || NONROOT_CLIENT(x) 
     1392#define CLIENT(x) ROOT_CLIENT(x) || NONROOT_CLIENT(x)
    13901393
    13911394/* Attempt to deduce the 'server' port
     
    13951398 * @returns a hint as to which port is the server port
    13961399 */
    1397 DLLEXPORT int8_t trace_get_server_port(UNUSED uint8_t protocol, 
    1398                 uint16_t source, uint16_t dest) 
     1400DLLEXPORT int8_t trace_get_server_port(UNUSED uint8_t protocol,
     1401                uint16_t source, uint16_t dest)
    13991402{
    14001403        /*
     
    14091412         * * flip a coin.
    14101413         */
    1411        
     1414
    14121415        /* equal */
    14131416        if (source == dest)
     
    14551458                return USE_SOURCE;
    14561459        }
    1457        
     1460
    14581461        /* nonroot client */
    14591462        if (NONROOT_CLIENT(source) && NONROOT_CLIENT(dest)) {
    1460                 if (source < dest) 
     1463                if (source < dest)
    14611464                        return USE_SOURCE;
    14621465                return USE_DEST;
     
    14781481                return USE_SOURCE;
    14791482        /*
    1480         if (SERVER(source) && CLIENT(dest)) 
     1483        if (SERVER(source) && CLIENT(dest))
    14811484                return USE_SOURCE;
    1482        
    1483         if (SERVER(dest) && CLIENT(source)) 
     1485
     1486        if (SERVER(dest) && CLIENT(source))
    14841487                return USE_DEST;
    1485         if (ROOT_SERVER(source) && !ROOT_SERVER(dest)) 
     1488        if (ROOT_SERVER(source) && !ROOT_SERVER(dest))
    14861489                return USE_SOURCE;
    1487         if (ROOT_SERVER(dest) && !ROOT_SERVER(source)) 
     1490        if (ROOT_SERVER(dest) && !ROOT_SERVER(source))
    14881491                return USE_DEST;
    14891492        */
     
    14911494        if (source < dest) {
    14921495                return USE_SOURCE;
    1493         } 
     1496        }
    14941497        return USE_DEST;
    1495        
     1498
    14961499}
    14971500
     
    15221525 *
    15231526 * Returns a pointer to the URI data, but updates the format parameter to
    1524  * point to a copy of the format component. 
     1527 * point to a copy of the format component.
    15251528 */
    15261529
    15271530DLLEXPORT const char * trace_parse_uri(const char *uri, char **format) {
    15281531        const char *uridata = 0;
    1529        
     1532
    15301533        if((uridata = strchr(uri,':')) == NULL) {
    15311534                /* Badly formed URI - needs a : */
     
    15441547        /* Push uridata past the delimiter */
    15451548        uridata++;
    1546        
     1549
    15471550        return uridata;
    15481551}
    15491552
    1550 enum base_format_t trace_get_format(libtrace_packet_t *packet) 
     1553enum base_format_t trace_get_format(libtrace_packet_t *packet)
    15511554{
    15521555        assert(packet);
     
    15541557        return packet->trace->format->type;
    15551558}
    1556        
     1559
    15571560DLLEXPORT libtrace_err_t trace_get_err(libtrace_t *trace)
    15581561{
     
    16521655                }
    16531656                if (trace->format->seek_seconds) {
    1654                         double seconds = 
     1657                        double seconds =
    16551658                                (ts>>32) + ((ts & UINT_MAX)*1.0 / UINT_MAX);
    16561659                        return trace->format->seek_seconds(trace,seconds);
     
    16761679                }
    16771680                if (trace->format->seek_erf) {
    1678                         uint64_t timestamp = 
     1681                        uint64_t timestamp =
    16791682                                ((uint64_t)((uint32_t)seconds) << 32) + \
    16801683                            (uint64_t)(( seconds - (uint32_t)seconds   ) * UINT_MAX);
     
    17391742
    17401743
    1741 /* Creates a libtrace packet from scratch using the contents of the provided 
     1744/* Creates a libtrace packet from scratch using the contents of the provided
    17421745 * buffer as the packet payload.
    17431746 *
    17441747 * Unlike trace_prepare_packet(), the buffer should not contain any capture
    1745  * format headers; instead this function will add the PCAP header to the 
     1748 * format headers; instead this function will add the PCAP header to the
    17461749 * packet record. This also means only PCAP packets can be constructed using
    17471750 * this function.
     
    17651768        /* We need a trace to attach the constructed packet to (and it needs
    17661769         * to be PCAP) */
    1767         if (NULL == deadtrace) 
     1770        if (NULL == deadtrace)
    17681771                deadtrace=trace_create_dead("pcapfile");
    17691772
     
    17831786
    17841787        /* Now fill in the libtrace packet itself */
     1788        assert(deadtrace);
    17851789        packet->trace=deadtrace;
    17861790        size=len+sizeof(hdr);
     1791        if (size < LIBTRACE_PACKET_BUFSIZE)
     1792            size = LIBTRACE_PACKET_BUFSIZE;
    17871793        if (packet->buf_control==TRACE_CTRL_PACKET) {
    1788                 packet->buffer=realloc(packet->buffer,size);
     1794            packet->buffer = realloc(packet->buffer, size);
    17891795        }
    17901796        else {
    1791                 packet->buffer=malloc(size);
     1797                packet->buffer = malloc(size);
    17921798        }
    17931799        packet->buf_control=TRACE_CTRL_PACKET;
    17941800        packet->header=packet->buffer;
    17951801        packet->payload=(void*)((char*)packet->buffer+sizeof(hdr));
    1796        
    1797         /* Ugh, memcpy - sadly necessary */
    1798         memcpy(packet->header,&hdr,sizeof(hdr));
    1799         memcpy(packet->payload,data,(size_t)len);
     1802
     1803        /* Ugh, memmove - sadly necessary, also beware that we might be
     1804         * moving data around within this packet, so ordering is important.
     1805         */
     1806        memmove(packet->payload, data, (size_t)len);
     1807        memmove(packet->header, &hdr, sizeof(hdr));
    18001808        packet->type=pcap_linktype_to_rt(libtrace_to_pcap_linktype(linktype));
    18011809
     
    18651873
    18661874        /* Now, verify that the format has at least the minimum functionality.
    1867          * 
     1875         *
    18681876         * This #if can be changed to a 1 to output warnings about inconsistent
    18691877         * functions being provided by format modules.  This generally is very
    18701878         * noisy, as almost all modules don't implement one or more functions
    1871          * for various reasons.  This is very useful when checking a new 
     1879         * for various reasons.  This is very useful when checking a new
    18721880         * format module is sane.
    1873          */ 
     1881         */
    18741882#if 0
    18751883        if (f->init_input) {
     
    18851893                REQUIRE(get_framing_length);
    18861894                REQUIRE(trace_event);
    1887                 if (!f->get_erf_timestamp 
     1895                if (!f->get_erf_timestamp
    18881896                        && !f->get_seconds
    18891897                        && !f->get_timeval) {
  • tools/tracesplit/tracesplit.1

    r17f954f r7affaae  
    55.B tracesplit
    66[ \fB-f \fRbpf | \fB--filter=\fRbpf]
     7[ \fB-j \fRnumhdrs | \fB--jump=\fRnumhdrs]
    78[ \fB-c \fRcount | \fB--count=\fRcount]
    89[ \fB-b \fRbytes | \fB--bytes=\fRbytes]
     
    2021\fB\-f\fR bpf filter
    2122output only packets that match tcpdump style bpf filter
     23
     24.TP
     25\fB\-j\fR numhdrs
     26Strip headers before the numhdrs layer 3 header.  For example, \-j1 will strip
     27off all the layer 2 headers, \-j2 will strip off all the l2 headers, the first
     28l3 header, any transport headers, and return a trace that starts at the next
     29l3 header.
    2230
    2331.TP
  • tools/tracesplit/tracesplit.c

    r17f954f ra1935fa  
    2525uint64_t filescreated = 0;
    2626uint16_t snaplen = 0;
     27int jump=0;
    2728int verbose=0;
    2829int compress_level=-1;
     
    5657        "-e --endtime=time      End at time\n"
    5758        "-m --maxfiles=n        Create a maximum of n trace files\n"
     59        "-j --jump=n            Jump to the nth IP header\n"
    5860        "-H --libtrace-help     Print libtrace runtime documentation\n"
    5961        "-S --snaplen           Snap packets at the specified length\n"
     
    7577
    7678
     79static libtrace_packet_t *perform_jump(libtrace_packet_t *packet, int jump)
     80{
     81    uint16_t ethertype;
     82    uint32_t remaining;
     83    uint8_t ipproto;
     84    void *offset = trace_get_layer3(packet, &ethertype, &remaining);
     85    while(jump > 0 && offset) {
     86        --jump;
     87        switch (ethertype) {
     88            case TRACE_ETHERTYPE_IP:
     89                if (jump <= 0) {
     90                    void *newpacket = trace_create_packet();
     91                    trace_construct_packet(newpacket,
     92                            TRACE_TYPE_NONE,
     93                            offset,
     94                            remaining);
     95                    return newpacket;
     96                }
     97                offset = trace_get_payload_from_ip(offset,
     98                        &ipproto,
     99                        &remaining);
     100                if (!offset)
     101                    return NULL;
     102                break;
     103            case TRACE_ETHERTYPE_IPV6:
     104                if (jump <= 0) {
     105                    void *newpacket = trace_create_packet();
     106                    trace_construct_packet(newpacket,
     107                            TRACE_TYPE_NONE,
     108                            offset,
     109                            remaining);
     110                    return newpacket;
     111                }
     112                offset = trace_get_payload_from_ip6(offset,
     113                        &ipproto,
     114                        &remaining);
     115                if (!offset)
     116                    return NULL;
     117                break;
     118            /* TODO: vlan, etc */
     119            default:
     120                return NULL;
     121        }
     122        if (!offset)
     123            return false;
     124        switch (ipproto) {
     125            case TRACE_IPPROTO_IPV6:
     126                ethertype = TRACE_ETHERTYPE_IPV6;
     127                continue;
     128            case TRACE_IPPROTO_IPIP:
     129                ethertype = TRACE_ETHERTYPE_IP;
     130                continue;
     131            case TRACE_IPPROTO_GRE:
     132                if (remaining < sizeof(libtrace_gre_t)) {
     133                    return NULL;
     134                }
     135                ethertype = ((libtrace_gre_t *)offset)->ethertype;
     136                offset = trace_get_payload_from_gre(offset, &remaining);
     137                continue;
     138            case TRACE_IPPROTO_UDP:
     139                offset = trace_get_vxlan_from_udp(offset, &remaining);
     140                if (!offset)
     141                    return NULL;
     142                offset = trace_get_payload_from_vxlan(offset, &remaining);
     143                if (!offset)
     144                    return NULL;
     145                offset = trace_get_payload_from_layer2(offset,
     146                        TRACE_TYPE_ETH,
     147                        &ethertype,
     148                        &remaining);
     149                if (!offset)
     150                    return NULL;
     151                continue;
     152        }
     153        return NULL;
     154    }
     155    return NULL;
     156}
     157
     158
    77159/* Return values:
    78160 *  1 = continue reading packets
     
    80162 *  -1 = stop reading packets, we've got an error
    81163 */
    82 static int per_packet(libtrace_packet_t *packet) {
    83 
    84         if (trace_get_link_type(packet) == ~0U) {
     164static int per_packet(libtrace_packet_t **packet) {
     165
     166        if (trace_get_link_type(*packet) == -1) {
    85167                fprintf(stderr, "Halted due to being unable to determine linktype - input trace may be corrupt.\n");
    86168                return -1;
     
    88170
    89171        if (snaplen>0) {
    90                 trace_set_capture_length(packet,snaplen);
    91         }
    92 
    93         if (trace_get_seconds(packet)<starttime) {
     172                trace_set_capture_length(*packet,snaplen);
     173        }
     174
     175        if (trace_get_seconds(*packet)<starttime) {
    94176                return 1;
    95177        }
    96178
    97         if (trace_get_seconds(packet)>endtime) {
     179        if (trace_get_seconds(*packet)>endtime) {
    98180                return 0;
    99181        }
    100182
    101183        if (firsttime==0) {
    102                 time_t now = trace_get_seconds(packet);
     184                time_t now = trace_get_seconds(*packet);
    103185                if (starttime != 0) {
    104186                        firsttime=now-((now - starttime)%interval);
     
    109191        }
    110192
    111         if (output && trace_get_seconds(packet)>firsttime+interval) {
     193        if (output && trace_get_seconds(*packet)>firsttime+interval) {
    112194                trace_destroy_output(output);
    113195                output=NULL;
     
    121203
    122204        pktcount++;
    123         totbytes+=trace_get_capture_length(packet);
     205        totbytes+=trace_get_capture_length(*packet);
    124206        if (output && totbytes-totbyteslast>=bytes) {
    125207                trace_destroy_output(output);
     
    198280        }
    199281
    200         /* Some traces we have are padded (usually with 0x00), so 
     282        /* Some traces we have are padded (usually with 0x00), so
    201283         * lets sort that out now and truncate them properly
    202284         */
    203285
    204         if (trace_get_capture_length(packet)
    205                         > trace_get_wire_length(packet)) {
    206                 trace_set_capture_length(packet,trace_get_wire_length(packet));
    207         }
    208 
    209         if (trace_write_packet(output,packet)==-1) {
     286        if (trace_get_capture_length(*packet)
     287                        > trace_get_wire_length(*packet)) {
     288                trace_set_capture_length(*packet,
     289                        trace_get_wire_length(*packet));
     290        }
     291
     292        /* Support "jump"ping to the nth IP header. */
     293        if (jump) {
     294            /* Skip headers */
     295            void *newpacket = perform_jump(*packet, jump);
     296            if (newpacket) {
     297                trace_destroy_packet(*packet);
     298                *packet = newpacket;
     299            }
     300            else /* Skip packet */
     301                return 1;
     302        }
     303
     304        if (trace_write_packet(output, *packet)==-1) {
    210305                trace_perror_output(output,"write_packet");
    211306                return -1;
     
    223318        struct libtrace_packet_t *packet = trace_create_packet();
    224319        struct sigaction sigact;
    225         int i; 
    226        
     320        int i;
     321
    227322        if (argc<2) {
    228323                usage(argv[0]);
     
    240335                        { "endtime",       1, 0, 'e' },
    241336                        { "interval",      1, 0, 'i' },
     337                        { "jump",          1, 0, 'j' },
    242338                        { "libtrace-help", 0, 0, 'H' },
    243339                        { "maxfiles",      1, 0, 'm' },
     
    249345                };
    250346
    251                 int c=getopt_long(argc, argv, "f:c:b:s:e:i:m:S:Hvz:Z:",
     347                int c=getopt_long(argc, argv, "j:f:c:b:s:e:i:m:S:Hvz:Z:",
    252348                                long_options, &option_index);
    253349
     
    268364                        case 'i': interval=atoi(optarg);
    269365                                  break;
     366                        case 'j': jump=atoi(optarg);
     367                                  break;
    270368                        case 'm': maxfiles=atoi(optarg);
    271369                                  break;
     
    283381                                  if (compress_level<0 || compress_level>9) {
    284382                                        usage(argv[0]);
    285                                         exit(1);
     383                                        exit(1);
    286384                                  }
    287385                                  break;
    288386                        case 'Z':
    289387                                  compress_type_str=optarg;
    290                                   break;       
     388                                  break;
    291389                        default:
    292390                                fprintf(stderr,"Unknown option: %c\n",c);
     
    321419                compress_type = TRACE_OPTION_COMPRESSTYPE_NONE;
    322420        } else {
    323                 fprintf(stderr, "Unknown compression type: %s\n", 
     421                fprintf(stderr, "Unknown compression type: %s\n",
    324422                        compress_type_str);
    325423                return 1;
     
    348446
    349447
    350                 input = trace_create(argv[i]); 
    351                
     448                input = trace_create(argv[i]);
     449
    352450                if (trace_is_err(input)) {
    353451                        trace_perror(input,"%s",argv[i]);
     
    356454
    357455                if (filter && trace_config(input, TRACE_OPTION_FILTER, filter) == 1) {
    358                         trace_perror(input, "Configuring filter for %s", 
     456                        trace_perror(input, "Configuring filter for %s",
    359457                                        argv[i]);
    360458                        return 1;
     
    367465
    368466                while (trace_read_packet(input,packet)>0) {
    369                         if (per_packet(packet) < 1)
     467                        if (per_packet(&packet) < 1)
    370468                                done = 1;
    371469                        if (done)
Note: See TracChangeset for help on using the changeset viewer.