Libtrace Structure

Libtrace has several conceptual parts:

Format files

These are found in lib/format_*.c. These files know about trace formats. Generally they define some private data about the trace file, some private data about each packet, and some accessor functions to get timestamps, capture/wire lengths and so on. These are all listed in a structure describing the format. Note that the format of this structure often changes between versions of libtrace and no attempt at backwards compatibility is made as this is a libtrace internal data structure.

trace.c figures out which format function should be used to perform the requested operation and calls it via the appropriate entry in the format structure. trace.c can also synthesize methods that the format can't support natively, but can be done by libtrace (eg conversion of timestamps from one format to another, and dealing with filters applied to traces).

Some helper functions for format files are in format_helper.c. This is probably poorly named.

wandio files

These are found in libwandio/ior_*.c and libwandio/iow-*.c. These methods say how to read traces, they are built in a pipeline in wandio.c.

ior_*.c deals with reading files.

iow_*.c deals with writing files.

wandio.c deals with building up pipelines of ior/iow modules to decompress/compress a file by figuring out what modules need to be called in what order.

Some interesting ior_* modules are ior_peek, which lets you "peek" into a packet without reading/consuming the data. This can be used to read ahead to find magic(5). ior_thread.c will place things before it in the pipeline in a seperate thread. This can be used to move compression and IO off the main thread.

An interesting iow_* module are iow_thread which moves everything after it into a separate thread. This can be used to do compression and writing on a separate thread, rather than holding up the main program.

protocol files

These are called protocol_*.c or link_*.c and handle the protocol decoding logic in libtrace.