Introduction
============

Airframe is an application utility library designed to ease the creation of
command-line applications written in C that process data from a variety of
input sources to a variety of output sources. It builds atop the fundamental
data structures and utilities in glib (http://www.gtk.org) 2.0, adding
additional higher-level functionality.

All of the Airframe modules provide their own command-line processing atop 
the GOption facility; in this way, all Airframe applications have similar 
command-line user interfaces.

Airframe was originally developed for NAF and is the mechanism by which the 
NAF tools have a common interface. It evolved from the libair common library 
used by the AirCERT project (http://aircert.sourceforge.net). It is released 
as a separate library in the hopes that other applications developers may 
find it useful.

Modules
=======

Airframe provides four modules which may be used to ease application
creation. The daeconfig module (defined in daeconfig.h) handles 
user-controlled daemonization, compatible with the filedaemon pattern. 
The privconfig module (defined in privconfig.h) handles
user-controlled privilege management. The logconfig module (defined in 
logconfig.h) handles user-controlled log message routing. The mio module 
(defined in mio.h and mio_config.h) handles user-controlled file, network, 
and packet capture I/O and record-oriented dispatch. 

Utilities
=========

Additional utility functions we've found useful in building applications 
for handling network event data are defined in airutil.h. airopt.h defines 
a command-line options processing layer atop glib-2 or popt, and is used 
by Airframe's modules and client applications. Also, airlock.h allows 
applications not using MIO for I/O and dispatch to interoperate with 
filedaemon-style locking.

The filedaemon pattern implemented by MIO may be wrapped around any 
stdin-to-stdout filter application using the filedaemon application
built and installed with Airframe.

Airframe also includes an application called airdaemon which simply invokes a
child process and restarts it after a configurable delay if it exits
abnormally.  airdaemon can retry after a fixed delay, or use a binary
exponential backoff strategy to increase the retry delay.

Downloading
===========

Airframe is now distributed with the tools that utilize it, but can still
be downloaded separately here:
http://tools.netsa.cert.org/defunct-projects.html#release-airframe-0.7.2

Building
========

Airframe uses a reasonably standard autotools-based build system. 
The customary build procedure (./configure && make 
&& make install) should work in most environments. 

Packet capture sources require libpcap; airframe's ./configure script 
should find libpcap automatically. If not, you may need to supply the path to 
pcap's headers and libraries in CFLAGS and LDFLAGS on the ./configure command 
line, respectively. Note that YAF and NAF 0.7.0 or later do _not_ use
airframe as a packet capture source.

MIO UDP and TCP sources and sinks support IPv6 on dual-stack machines out 
of the box; this support is only enabled if the configure script can find
the getaddrinfo(3) function.

Copyright
=========
@DISTRIBUTION_STATEMENT_BEGIN@
YAF 2.15.0

Copyright 2023 Carnegie Mellon University.

NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING
INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON
UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED,
AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR
PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF
THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF
ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT
INFRINGEMENT.

Licensed under a GNU GPL 2.0-style license, please see LICENSE.txt or
contact permission@sei.cmu.edu for full terms.

[DISTRIBUTION STATEMENT A] This material has been approved for public
release and unlimited distribution.  Please see Copyright notice for
non-US Government use and distribution.

GOVERNMENT PURPOSE RIGHTS - Software and Software Documentation
Contract No.: FA8702-15-D-0002
Contractor Name: Carnegie Mellon University
Contractor Address: 4500 Fifth Avenue, Pittsburgh, PA 15213

The Government's rights to use, modify, reproduce, release, perform,
display, or disclose this software are restricted by paragraph (b)(2) of
the Rights in Noncommercial Computer Software and Noncommercial Computer
Software Documentation clause contained in the above identified
contract. No restrictions apply after the expiration date shown
above. Any reproduction of the software or portions thereof marked with
this legend must also reproduce the markings.

This Software includes and/or makes use of Third-Party Software each
subject to its own license.

DM23-2313
@DISTRIBUTION_STATEMENT_END@
