Airframe Application Utility Library
0.7.2
Introduction
Airframe is an application utility library designed to ease the creation of command-line applications written in C that process data from a variety of input sources to a variety of output sources. It builds atop the fundamental data structures and utilities in glib (http://www.gtk.org) 2.0, adding additional higher-level functionality.All of the Airframe modules provide their own command-line processing atop the GOption facility; in this way, all Airframe applications have similar command-line user interfaces.
Airframe was originally developed for NAF (http://tools.netsa.cert.org/naf), and is the mechanism by which the NAF tools have a common interface. It evolved from the libair common library used by the AirCERT project (http://aircert.sourceforge.net). It is released as a separate library in the hopes that other applications developers may find it useful.
Modules
Airframe provides four modules which may be used to ease application creation. The daeconfig module (defined in daeconfig.h) handles user-controlled daemonization, compatible with the filedaemon pattern. The privconfig module (defined in privconfig.h) handles user-controlled privilege management. The logconfig module (defined in logconfig.h) handles user-controlled log message routing. The mio module (defined in mio.h and mio_config.h) handles user-controlled file, network, and packet capture I/O and record-oriented dispatch.Utilities
Additional utility functions we've found useful in building applications for handling network event data are defined in airutil.h. airopt.h defines a command-line options processing layer atop glib-2 or popt, and is used by Airframe's modules and client applications. Also, airlock.h allows applications not using MIO for I/O and dispatch to interoperate with filedaemon-style locking.The filedaemon pattern implemented by MIO may be wrapped around any stdin-to-stdout filter application using the filedaemon application built and installed with Airframe.
Airframe also includes an application called airdaemon which simply invokes a child process and restarts it after a configurable delay if it exits abnormally. airdaemon can retry after a fixed delay, or use a binary exponential backoff strategy to increase the retry delay.
Copyright
Airframe is copyright 2006-2008 Carnegie Mellon University, and is released under the GNU Lesser General Public License. See the COPYING file in the distribution for details.Airframe was developed at the CERT Network Situational Awareness Group by Brian Trammell <bht@cert.org> for use in the NAF tools; certain modules were written by Tony Cebzanov <tonyc@cert.org>