WAND Trace processing  4.0.5
format_helper.h File Reference

Header file containing prototypes for functions that are useful for multiple format modules. More...

Go to the source code of this file.

Functions

struct libtrace_eventobj_t trace_event_device (libtrace_t *trace, libtrace_packet_t *packet)
 Generic event function for a live capture device. More...
 
struct libtrace_eventobj_t trace_event_trace (libtrace_t *trace, libtrace_packet_t *packet)
 Generic event function for a offline trace file. More...
 
io_t * trace_open_file (libtrace_t *libtrace)
 Opens an input trace file for reading. More...
 
iow_t * trace_open_file_out (libtrace_out_t *libtrace, int compress_type, int level, int filemode)
 Opens an output trace file for writing. More...
 
libtrace_direction_t pcap_get_direction (const libtrace_packet_t *packet)
 Attempts to determine the direction for a pcap (or pcapng) packet. More...
 

Detailed Description

Header file containing prototypes for functions that are useful for multiple format modules.

Author
Daniel Lawson
Perry Lorier
Shane Alcock
Version
$Id$

Function Documentation

libtrace_direction_t pcap_get_direction ( const libtrace_packet_t packet)

Attempts to determine the direction for a pcap (or pcapng) packet.

Parameters
packetThe packet in question.
Returns
A valid libtrace_direction_t describing the direction that the packet was travelling, if direction can be determined. Otherwise returns TRACE_DIR_UNKNOWN.

Note that we can determine the direction for only certain types of packets if they are captured using pcap/pcapng, specifically SLL and PFLOG captures.

Parameters
packetThe packet in question.
Returns
A valid libtrace_direction_t describing the direction that the packet was travelling, if direction can be determined. Otherwise returns TRACE_DIR_UNKNOWN.

References pcap_linktype_to_libtrace(), libtrace_sll_header_t::pkttype, rt_to_pcap_linktype(), libtrace_packet_t::trace, TRACE_DIR_INCOMING, TRACE_DIR_OUTGOING, TRACE_ERR_BAD_PACKET, trace_get_packet_buffer(), trace_set_err(), TRACE_TYPE_LINUX_SLL, TRACE_TYPE_PFLOG, and libtrace_packet_t::type.

struct libtrace_eventobj_t trace_event_device ( libtrace_t trace,
libtrace_packet_t packet 
)

Generic event function for a live capture device.

Parameters
traceThe input trace for the live capture device
packetA libtrace packet to read the next available packet into
Returns
A libtrace event describing the next event of interest

Any live capture format that does not require a custom event handler should use this function.

References libtrace_eventobj_t::fd, libtrace_eventobj_t::size, TRACE_EVENT_IOWAIT, TRACE_EVENT_PACKET, TRACE_EVENT_TERMINATE, trace_is_err(), trace_perror(), trace_read_packet(), and libtrace_eventobj_t::type.

struct libtrace_eventobj_t trace_event_trace ( libtrace_t trace,
libtrace_packet_t packet 
)

Generic event function for a offline trace file.

Parameters
traceThe input trace for the trace file
packetA libtrace packet to read the next available packet into
Returns
A libtrace event describing the next event of interest

Any trace file format that does not require a custom event handler should use this function

References trace_create_packet(), TRACE_CTRL_EXTERNAL, trace_destroy_packet(), TRACE_EVENT_PACKET, TRACE_EVENT_SLEEP, TRACE_EVENT_TERMINATE, trace_get_seconds(), trace_is_err(), trace_perror(), trace_read_packet(), and libtrace_eventobj_t::type.

Referenced by register_format().

io_t* trace_open_file ( libtrace_t libtrace)

Opens an input trace file for reading.

Parameters
libtraceThe input trace to be opened
Returns
A libtrace IO reader for the newly opened file or NULL if the file was unable to be opened

References TRACE_ERR_UNSUPPORTED_COMPRESS, trace_set_err(), and libtrace_t::uridata.

iow_t* trace_open_file_out ( libtrace_out_t libtrace,
int  compress_type,
int  level,
int  filemode 
)

Opens an output trace file for writing.

Parameters
libtraceThe output trace to be opened
compress_typeThe compression type to use when writing
levelThe compression level to use when writing, ranging from 0 to 9
filemodeThe file status flags for the file, bitwise-ORed.
Returns
A libtrace IO writer for the newly opened file or NULL if the file was unable to be opened

References TRACE_ERR_UNSUPPORTED_COMPRESS, trace_set_err_out(), and libtrace_out_t::uridata.