-
Notifications
You must be signed in to change notification settings - Fork 1
Home
Mark Weiman edited this page Dec 17, 2018
·
6 revisions
libflowtuple is a C library that helps read CAIDA's corsaro v2 files (global and flowtuple files).
This Wiki is to help get familiar with libflowtuple and how to use the library.
To build, you will need to have git, libwandio, and cmake installed.
$ git clone https://github.com/Merit-Research/libflowtuple.git
$ cd libflowtuple
$ mkdir build
$ cd build
$ cmake ..
$ make
$ sudo make installTo use the library, you will need to include the flowtuple.h in your C code
and link the library to your program.
For example in gcc:
$ gcc -lflowtuple -o program program.cHere is an example program to open a flowtuple file and get the interval times:
#include <stdio.h> /* printf */
/* flowtuple header */
#include <flowtuple.h>
int main(int argc, char *argv[]) {
/* error code in case flowtuple initialization fails */
flowtuple_errno_t errno;
/* initialize handle for file (argv[1] is the file) */
flowtuple_handle_t *h = flowtuple_initialize(argv[1], &errno);
/* record object for use later */
flowtuple_record_t *rec = NULL;
/* record type enum */
flowtuple_record_type_t type;
/* interval object */
flowtuple_interval_t *interval;
/* uint32_t for time */
uint32_t time;
/* track whether interval is the start or end */
int start = 1;
printf("Intervals in file %s:\n", argv[1]);
/* loop through records */
while ((rec = flowtuple_get_next(h)) != NULL) {
/* get record's type */
type = flowtuple_record_get_type(rec);
/* is this an interval? */
if (type == FLOWTUPLE_RECORD_TYPE_INTERVAL) {
/* get the interval object from the record */
interval = flowtuple_record_get_interval(rec);
/* get timestamp from interval */
time = flowtuple_interval_get_time(interval);
/* is this the start? */
if (start) {
printf("Start: %u; ", time);
} else {
printf("End: %u\n", time);
}
/* flip the start variable */
start = !start;
}
/* we must free the record now
* don't worry about the interval, it get's freed in the process
*/
flowtuple_record_free(rec);
}
/* release the handle object */
flowtuple_release(h);
/* exit */
return 0;
}Then when run:
$ ./program flowtuple.gz
Intervals in file flowtuple.gz:
Start: 1539709003; End: 1539709062
Start: 1539709063; End: 1539709122
Start: 1539709123; End: 1539709182
Start: 1539709183; End: 1539709242
Start: 1539709243; End: 1539709302
Start: 1539709303; End: 1539709362
Start: 1539709363; End: 1539709422
Start: 1539709423; End: 1539709482
Start: 1539709483; End: 1539709542
Start: 1539709543; End: 1539709602
Start: 1539709603; End: 1539709662
Start: 1539709663; End: 1539709674
Take a look at Getting Started for more more detailed information on how to use this library.