WAND Trace processing  4.0.5
libtrace_int.h File Reference

Header file containing definitions for structures and functions that are internal. More...

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  libtrace_event_status_t
 Data about the most recent event from a trace file. More...
 
struct  libtrace_thread_t
 Information of this thread. More...
 
struct  first_packets
 Storage to note time value against each. More...
 
struct  user_configuration
 Tuning the parallel sizes See the user documentation trace_set_x. More...
 
struct  callback_set
 
struct  libtrace_t
 A libtrace input trace. More...
 
struct  libtrace_out_t
 A libtrace output trace. More...
 
struct  libtrace_pflog_header_t
 A local definition of a PFLOG header. More...
 
struct  libtrace_format_t
 A libtrace capture format module. More...
 
struct  libtrace_filter_t
 BPF not supported by this system, but we still need to define a structure for the filter. More...
 
struct  libtrace_pcapfile_pkt_hdr_t
 Local definition of a PCAP header. More...
 

Macros

#define LIBTRACE_MAX_REPLAY_SPEEDUP   1000
 
#define TRACE_STATES
 
#define X(a)   a,
 
#define X(a)   case a: return #a;
 
#define READ_EOF   0
 
#define READ_ERROR   -1
 
#define READ_MESSAGE   -2
 
#define READ_TICK   -3
 
#define ZERO_USER_CONFIG(config)   memset(&config, 0, sizeof(struct user_configuration));
 
#define LIBTRACE_STAT_MAGIC   0x41
 
#define PF_RULESET_NAME_SIZE   16
 
#define IFNAMSIZ   16
 
#define NON_PARALLEL(live)
 Macro to zero out a single thread format. More...
 
#define TRACE_RADIOTAP_F_FCS   0x10
 

Typedefs

typedef struct
libtrace_pflog_header_t 
libtrace_pflog_header_t
 A local definition of a PFLOG header. More...
 
typedef struct
libtrace_pcapfile_pkt_hdr_t 
libtrace_pcapfile_pkt_hdr_t
 Local definition of a PCAP header. More...
 

Enumerations

enum  thread_types {
  THREAD_EMPTY, THREAD_HASHER, THREAD_PERPKT, THREAD_REPORTER,
  THREAD_KEEPALIVE
}
 
enum  thread_states {
  THREAD_RUNNING, THREAD_FINISHING, THREAD_FINISHED, THREAD_PAUSED,
  THREAD_STATE_MAX
}
 
enum  hash_owner { HASH_OWNED_LIBTRACE, HASH_OWNED_EXTERNAL }
 
enum  trace_state { TRACE_STATES }
 

Functions

char * strndup (const char *s, size_t size)
 
int strncasecmp (const char *str1, const char *str2, size_t n)
 A local implementation of strncasecmp (as some systems do not have it) More...
 
int snprintf (char *str, size_t size, const char *format,...)
 A local implementation of snprintf (as some systems do not have it) More...
 
struct libtrace_thread_t ALIGN_STRUCT (CACHE_LINE_SIZE)
 
void trace_fin_packet (libtrace_packet_t *packet)
 Removes any possible data stored againt the trace and releases any data. More...
 
void libtrace_zero_thread (libtrace_thread_t *t)
 
void store_first_packet (libtrace_t *libtrace, libtrace_packet_t *packet, libtrace_thread_t *t)
 For the first packet of each queue we keep a copy and note the system time it was received at. More...
 
libtrace_thread_tget_thread_table (libtrace_t *libtrace)
 
void send_message (libtrace_t *trace, libtrace_thread_t *target, const enum libtrace_messages type, libtrace_generic_t data, libtrace_thread_t *sender)
 
void trace_set_err (libtrace_t *trace, int errcode, const char *msg,...) PRINTF(3
 Sets the error status on an input trace. More...
 
void void trace_set_err_out (libtrace_out_t *trace, int errcode, const char *msg,...) PRINTF(3
 Sets the error status on an output trace. More...
 
void void void trace_clear_cache (libtrace_packet_t *packet)
 Clears the cached values for a libtrace packet. More...
 
void register_format (struct libtrace_format_t *format)
 Registers a new capture format module. More...
 
uint64_t tv_to_usec (const struct timeval *tv)
 Converts a timeval into a timestamp in microseconds since the epoch. More...
 
libtrace_linktype_t pcap_linktype_to_libtrace (libtrace_dlt_t linktype)
 Converts a PCAP DLT into a libtrace link type. More...
 
libtrace_rt_types_t pcap_linktype_to_rt (libtrace_dlt_t linktype)
 Converts a PCAP DLT into an RT protocol type. More...
 
libtrace_rt_types_t pcapng_linktype_to_rt (libtrace_dlt_t linktype)
 Converts a PCAP-NG DLT into an RT protocol type. More...
 
libtrace_dlt_t libtrace_to_pcap_linktype (libtrace_linktype_t type)
 Converts a libtrace link type into a PCAP linktype. More...
 
libtrace_dlt_t libtrace_to_pcap_dlt (libtrace_linktype_t type)
 Converts a libtrace link type into a PCAP DLT. More...
 
libtrace_dlt_t rt_to_pcap_linktype (libtrace_rt_types_t rt_type)
 Converts an RT protocol type into a PCAP DLT. More...
 
libtrace_rt_types_t bpf_linktype_to_rt (libtrace_dlt_t linktype)
 Converts a PCAP DLT into an RT protocol type for the BPF format. More...
 
libtrace_linktype_t erf_type_to_libtrace (uint8_t erf)
 Converts an ERF type into a libtrace link type. More...
 
uint8_t libtrace_to_erf_type (libtrace_linktype_t linktype)
 Converts a libtrace link type into an ERF type. More...
 
libtrace_linktype_t arphrd_type_to_libtrace (unsigned int arphrd)
 Converts an ARPHRD type into a libtrace link type. More...
 
unsigned int libtrace_to_arphrd_type (libtrace_linktype_t type)
 Converts a libtrace link type into an ARPHRD type. More...
 
void promote_packet (libtrace_packet_t *packet)
 Converts a libtrace packet to the Linux SLL type. More...
 
bool demote_packet (libtrace_packet_t *packet)
 Attempts to demote a packet by removing the first header. More...
 
void * trace_get_payload_from_linux_sll (const void *link, uint16_t *arphrd_type, uint16_t *next_header, uint32_t *remaining)
 Returns a pointer to the header following a Linux SLL header. More...
 
DLLEXPORT void * trace_get_payload_from_atm (void *link, uint8_t *type, uint32_t *remaining)
 Returns a pointer to the header following an ATM header. More...
 
void erf_constructor (void)
 Constructor for the ERF format module. More...
 
void tsh_constructor (void)
 Constructor for the TSH format module. More...
 
void legacy_constructor (void)
 Constructor for the Legacy DAG format module. More...
 
void linuxnative_constructor (void)
 Constructor for the Linux Native format module. More...
 
void linuxring_constructor (void)
 Constructor for the Linux Ring format module. More...
 
void pcap_constructor (void)
 Constructor for the PCAP format module. More...
 
void pcapfile_constructor (void)
 Constructor for the PCAP File format module. More...
 
void pcapng_constructor (void)
 Constructor for the PCAP-NG File format module. More...
 
void rt_constructor (void)
 Constructor for the RT format module. More...
 
void duck_constructor (void)
 Constructor for the DUCK format module. More...
 
void atmhdr_constructor (void)
 Constructor for the ATM Header format module. More...
 
void ndag_constructor (void)
 Constructor for the network DAG format module. More...
 
void etsilive_constructor (void)
 Constructor for the live ETSI over TCP format module. More...
 
bool trace_get_wireless_flags (void *link, libtrace_linktype_t linktype, uint8_t *flags)
 Extracts the RadioTap flags from a wireless link header. More...
 

Variables

uint64_t accepted_packets
 
uint64_t filtered_packets
 
bool recorded_first
 
int64_t tracetime_offset_usec
 
void * user_data
 
void * format_data
 
libtrace_message_queue_t messages
 
libtrace_ringbuffer_t rbuffer
 
libtrace_ttrace
 
void * ret
 
enum thread_types type
 
enum thread_states state
 
pthread_t tid
 
int perpkt_num
 
struct first_packets ALIGN_STRUCT
 
volatile int libtrace_halt
 The list of registered capture formats. More...
 

Detailed Description

Header file containing definitions for structures and functions that are internal.

Author
Daniel Lawson
Perry Lorier
Shane Alcock
Version
$Id$

All of the structures and functions defined in this header file are intended for internal use within Libtrace only. They should not be exported as part of the library API as we don't want users accessing things like the contents of the libtrace packet structure directly!

Macro Definition Documentation

#define NON_PARALLEL (   live)
Value:
{live, 1}, /* trace info */ \
NULL, /* pstart_input */ \
NULL, /* pread_packet */ \
NULL, /* ppause_input */ \
NULL, /* pfin_input */ \
NULL, /* pregister_thread */ \
NULL, /* punregister_thread */ \
NULL, /* get_thread_statistics */

Macro to zero out a single thread format.

#define TRACE_STATES
Value:
X(STATE_NEW) \
X(STATE_RUNNING) \
X(STATE_PAUSING) \
X(STATE_PAUSED) \
X(STATE_FINISHED) \
X(STATE_FINISHING) \
X(STATE_DESTROYED) \
X(STATE_JOINED) \
X(STATE_ERROR)

Typedef Documentation

Local definition of a PCAP header.

A local definition of a PFLOG header.

Function Documentation

void atmhdr_constructor ( void  )

Constructor for the ATM Header format module.

References register_format().

libtrace_rt_types_t bpf_linktype_to_rt ( libtrace_dlt_t  linktype)

Converts a PCAP DLT into an RT protocol type for the BPF format.

Parameters
linktypeThe PCAP DLT to be converted
Returns
The RT type that is equivalent to the provided DLT for BPF

References TRACE_RT_DATA_BPF.

void duck_constructor ( void  )

Constructor for the DUCK format module.

References register_format().

void erf_constructor ( void  )

Constructor for the ERF format module.

References register_format().

libtrace_linktype_t erf_type_to_libtrace ( uint8_t  erf)

Converts an ERF type into a libtrace link type.

Parameters
erfThe ERF type to be converted
Returns
The libtrace link type that is equivalent to the provided ERF type, or -1 if the ERF type is unknown

References TRACE_TYPE_AAL5, TRACE_TYPE_ATM, TRACE_TYPE_ERF_META, TRACE_TYPE_ETH, TRACE_TYPE_HDLC_POS, TRACE_TYPE_NONE, TYPE_AAL5, TYPE_ATM, TYPE_COLOR_ETH, TYPE_COLOR_HASH_ETH, TYPE_DSM_COLOR_ETH, TYPE_ETH, TYPE_HDLC_POS, TYPE_IPV4, and TYPE_IPV6.

void etsilive_constructor ( void  )

Constructor for the live ETSI over TCP format module.

References register_format().

void legacy_constructor ( void  )

Constructor for the Legacy DAG format module.

References register_format().

unsigned int libtrace_to_arphrd_type ( libtrace_linktype_t  type)

Converts a libtrace link type into an ARPHRD type.

Parameters
typeThe libtrace link type to be converted
Returns
The ARPHRD type that is equivalent to the provided libtrace link type, or -1 if the link type cannot be matched to an ARPHRD type

References TRACE_TYPE_80211, TRACE_TYPE_80211_RADIO, and TRACE_TYPE_ETH.

uint8_t libtrace_to_erf_type ( libtrace_linktype_t  linktype)

Converts a libtrace link type into an ERF type.

Parameters
linktypeThe libtrace link type to be converted
Returns
The ERF type that is equivalent to the provided libtrace link type, or -1 if the link type cannot be matched to an ERF type.

References TRACE_TYPE_80211, TRACE_TYPE_80211_PRISM, TRACE_TYPE_80211_RADIO, TRACE_TYPE_AAL5, TRACE_TYPE_ATM, TRACE_TYPE_CONTENT_INVALID, TRACE_TYPE_DUCK, TRACE_TYPE_ERF_META, TRACE_TYPE_ETH, TRACE_TYPE_ETSILI, TRACE_TYPE_HDLC_POS, TRACE_TYPE_LINUX_SLL, TRACE_TYPE_LLCSNAP, TRACE_TYPE_METADATA, TRACE_TYPE_NONDATA, TRACE_TYPE_NONE, TRACE_TYPE_OPENBSD_LOOP, TRACE_TYPE_PFLOG, TRACE_TYPE_POS, TRACE_TYPE_PPP, TRACE_TYPE_UNKNOWN, TYPE_AAL5, TYPE_ATM, TYPE_ETH, TYPE_HDLC_POS, and TYPE_IPV4.

libtrace_dlt_t libtrace_to_pcap_linktype ( libtrace_linktype_t  type)

Converts a libtrace link type into a PCAP linktype.

Parameters
typeThe libtrace link type to be converted
Returns
The PCAP linktype that is equivalent to the provided libtrace link type, or -1 if the link type is unknown

References libtrace_to_pcap_dlt().

Referenced by trace_construct_packet().

void linuxnative_constructor ( void  )

Constructor for the Linux Native format module.

References register_format().

void linuxring_constructor ( void  )

Constructor for the Linux Ring format module.

References register_format().

void ndag_constructor ( void  )

Constructor for the network DAG format module.

References register_format().

void pcap_constructor ( void  )

Constructor for the PCAP format module.

libtrace_linktype_t pcap_linktype_to_libtrace ( libtrace_dlt_t  linktype)

Converts a PCAP DLT into a libtrace link type.

Parameters
linktypeThe PCAP DLT to be converted
Returns
The libtrace link type that is equivalent to the provided DLT, or -1 if the DLT is unknown

References TRACE_DLT_IEEE802_11_RADIO, TRACE_DLT_LINKTYPE_RAW, TRACE_DLT_NULL, TRACE_DLT_RAW, TRACE_TYPE_80211, TRACE_TYPE_80211_RADIO, TRACE_TYPE_ETH, TRACE_TYPE_HDLC_POS, TRACE_TYPE_LINUX_SLL, TRACE_TYPE_LLCSNAP, TRACE_TYPE_NONE, TRACE_TYPE_OPENBSD_LOOP, TRACE_TYPE_PFLOG, TRACE_TYPE_POS, TRACE_TYPE_PPP, and TRACE_TYPE_UNKNOWN.

Referenced by pcap_get_direction(), and promote_packet().

libtrace_rt_types_t pcap_linktype_to_rt ( libtrace_dlt_t  linktype)

Converts a PCAP DLT into an RT protocol type.

Parameters
linktypeThe PCAP DLT to be converted
Returns
The RT type that is equivalent to the provided DLT

References TRACE_RT_DATA_DLT.

Referenced by demote_packet(), promote_packet(), and trace_construct_packet().

void pcapfile_constructor ( void  )

Constructor for the PCAP File format module.

References register_format().

void pcapng_constructor ( void  )

Constructor for the PCAP-NG File format module.

References register_format().

libtrace_rt_types_t pcapng_linktype_to_rt ( libtrace_dlt_t  linktype)

Converts a PCAP-NG DLT into an RT protocol type.

Parameters
linktypeThe PCAP DLT to be converted
Returns
The RT type that is equivalent to the provided DLT
void promote_packet ( libtrace_packet_t packet)

Converts a libtrace packet to the Linux SLL type.

Parameters
packetThe packet to be promoted
Note
This will involve memcpy() so use sparingly.

This function prepends a Linux SLL header to a packet so that we can store direction tagging information.

Converts a libtrace packet to the Linux SLL type.

Packets that don't support direction tagging are annoying, especially when we have direction tagging information! So this converts the packet to TRACE_TYPE_LINUX_SLL which does support direction tagging. This is a pcap style packet for the reason that it means it works with bpf filters.

Note
this will copy the packet, so use sparingly if possible.

References libtrace_packet_t::buf_control, libtrace_packet_t::buffer, libtrace_t::format, libtrace_sll_header_t::halen, libtrace_sll_header_t::hatype, libtrace_packet_t::header, libtrace_packet_t::payload, pcap_linktype_to_libtrace(), pcap_linktype_to_rt(), libtrace_sll_header_t::pkttype, libtrace_sll_header_t::protocol, rt_to_pcap_linktype(), libtrace_packet_t::trace, trace_clear_cache(), TRACE_CTRL_EXTERNAL, TRACE_CTRL_PACKET, TRACE_FORMAT_PCAP, trace_get_capture_length(), trace_get_framing_length(), trace_get_layer3(), TRACE_SLL_OUTGOING, TRACE_TYPE_ETH, TRACE_TYPE_LINUX_SLL, TRACE_TYPE_NONE, libtrace_format_t::type, and libtrace_packet_t::type.

void rt_constructor ( void  )

Constructor for the RT format module.

References register_format().

libtrace_dlt_t rt_to_pcap_linktype ( libtrace_rt_types_t  rt_type)

Converts an RT protocol type into a PCAP DLT.

Parameters
rt_typeThe RT type to be converted
Returns
The PCAP DLT that is equivalent to the provided RT protocol

References TRACE_RT_DATA_BPF, TRACE_RT_DATA_DLT, and TRACE_RT_DATA_DLT_END.

Referenced by pcap_get_direction(), and promote_packet().

int snprintf ( char *  str,
size_t  size,
const char *  format,
  ... 
)

A local implementation of snprintf (as some systems do not have it)

Referenced by trace_ether_ntoa(), and trace_pstart().

void store_first_packet ( libtrace_t libtrace,
libtrace_packet_t packet,
libtrace_thread_t t 
)

For the first packet of each queue we keep a copy and note the system time it was received at.

This is used for finding the first packet when playing back a trace in trace time. And can be used by real time applications to print results out every XXX seconds.

References ASSERT_RET, libtrace_message_t::code, MESSAGE_FIRST_PACKET, trace_copy_packet(), trace_get_timeval(), trace_message_perpkts(), and trace_message_reporter().

int strncasecmp ( const char *  str1,
const char *  str2,
size_t  n 
)

A local implementation of strncasecmp (as some systems do not have it)

Referenced by trace_create(), trace_create_dead(), and trace_create_output().

DLLEXPORT void* trace_get_payload_from_atm ( void *  link,
uint8_t *  type,
uint32_t *  remaining 
)

Returns a pointer to the header following an ATM header.

Parameters
linkA pointer to the ATM header to be skipped
[out]typeThe ethertype of the next header
[in,out]remainingUpdated with the number of captured bytes remaining
Returns
A pointer to the header following the ATM header, or NULL if no subsequent header is present.

Remaining must point to the number of bytes captured from the ATM header and beyond. It will be decremented by the number of bytes skipped to find the payload.

If the ATM header is complete but there are zero bytes of payload after the end of the header, a pointer to where the payload would be is returned and remaining will be set to zero. If the ATM header is incomplete (truncated), then NULL is returned and remaining will be set to 0. Therefore, it is very important to check the value of remaining after calling this function.

References libtrace_atm_capture_cell::pt.

Referenced by demote_packet(), and trace_get_payload_from_layer2().

void* trace_get_payload_from_linux_sll ( const void *  link,
uint16_t *  arphrd_type,
uint16_t *  next_header,
uint32_t *  remaining 
)

Returns a pointer to the header following a Linux SLL header.

Parameters
linkA pointer to the Linux SLL header to be skipped
[out]arphrd_typeThe arp hardware type of the packet
[out]next_headerThe ethertype of the next header
[in,out]remainingUpdated with the number of captured bytes remaining
Returns
A pointer to the header following the Linux SLL header, or NULL if no subsequent header is present.

Remaining must point to the number of bytes captured from the Linux SLL header and beyond. It will be decremented by the number of bytes skipped to find the payload.

If the Linux SLL header is complete but there are zero bytes of payload after the end of the header, a pointer to where the payload would be is returned and remaining will be set to zero. If the Linux SLL header is incomplete (truncated), then NULL is returned and remaining will be set to 0. Therefore, it is very important to check the value of remaining after calling this function.

References libtrace_sll_header_t::hatype, and libtrace_sll_header_t::protocol.

Referenced by trace_get_payload_from_meta(), trace_get_wireless_antenna(), trace_get_wireless_flags(), trace_get_wireless_freq(), trace_get_wireless_noise_strength_db(), trace_get_wireless_noise_strength_dbm(), trace_get_wireless_rate(), trace_get_wireless_signal_strength_db(), trace_get_wireless_signal_strength_dbm(), trace_get_wireless_tsft(), trace_get_wireless_tx_attenuation(), trace_get_wireless_tx_attenuation_db(), and trace_get_wireless_tx_power_dbm().

bool trace_get_wireless_flags ( void *  link,
libtrace_linktype_t  linktype,
uint8_t *  flags 
)

Extracts the RadioTap flags from a wireless link header.

Parameters
linkA pointer to the wireless link header
linktypeThe link type of the wireless header
[out]flagsSpace to store the extracted flags
Returns
True if libtrace was able to extract flags from the link header, false otherwise.

This function has been left internal because it is not portable across drivers.

References arphrd_type_to_libtrace(), trace_get_payload_from_linux_sll(), TRACE_RADIOTAP_FLAGS, TRACE_TYPE_80211_RADIO, and TRACE_TYPE_LINUX_SLL.

void trace_set_err ( libtrace_t trace,
int  errcode,
const char *  msg,
  ... 
)

Sets the error status on an input trace.

Parameters
traceThe input trace to set the error status for
errcodeThe code for the error - can be a libtrace error code or a regular errno value
msgA message to print when reporting the error

Referenced by pcap_get_direction(), trace_apply_filter(), trace_config(), trace_create(), trace_create_dead(), trace_open_file(), trace_pause(), trace_ppause(), trace_prepare_packet(), trace_pstart(), trace_read_packet(), trace_seek_erf_timestamp(), trace_seek_seconds(), and trace_seek_timeval().

void void trace_set_err_out ( libtrace_out_t trace,
int  errcode,
const char *  msg,
  ... 
)

Sets the error status on an output trace.

Parameters
traceThe output trace to set the error status for
errcodeThe code for the error - can be a libtrace error code or a regular errno value
msgA message to print when reporting the error

Referenced by trace_create_output(), trace_open_file_out(), and trace_write_packet().

void tsh_constructor ( void  )

Constructor for the TSH format module.

References register_format().

uint64_t tv_to_usec ( const struct timeval *  tv)

Converts a timeval into a timestamp in microseconds since the epoch.

Parameters
tvThe timeval to be converted.
Returns
A 64 bit timestamp in microseconds since the epoch.

Variable Documentation

volatile int libtrace_halt

The list of registered capture formats.

Specifies whether any blocking packet readers should cease reading immediately

Referenced by trace_interrupt().