Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
att
GitHub Repository: att/ast
 Path: blob/master/src/cmd/dsslib/netflow/flow-flat.c
1810 views
1
/***********************************************************************

2
*                                                                      *

3
*               This software is part of the ast package               *

4
*          Copyright (c) 2002-2011 AT&T Intellectual Property          *

5
*                      and is licensed under the                       *

6
*                 Eclipse Public License, Version 1.0                  *

7
*                    by AT&T Intellectual Property                     *

8
*                                                                      *

9
*                A copy of the License is available at                 *

10
*          http://www.eclipse.org/org/documents/epl-v10.html           *

11
*         (with md5 checksum b35adb5213ca9657e911e9befb180842)         *

12
*                                                                      *

13
*              Information and Software Systems Research               *

14
*                            AT&T Research                             *

15
*                           Florham Park NJ                            *

16
*                                                                      *

17
*                 Glenn Fowler <[email protected]>                  *

18
*                                                                      *

19
***********************************************************************/

20
#pragma prototyped

21
/*

22
 * netflow dump type

23
 *

24
 * Glenn Fowler

25
 * AT&T Research

26
 */

27


28
#include "flowlib.h"

29


30
typedef struct State_s

31
{

32
	Netflow_t	record;

33
} State_t;

34


35
/*

36
 * identf

37
 */

38


39
static int

40
flatident(Dssfile_t* file, void* buf, size_t n, Dssdisc_t* disc)

41
{

42
	register char*	s = buf;

43
	register char*	e = s + n;

44
	register int	d = 0;

45


46
	while (s < e)

47
		switch (*s++)

48
		{

49
		case '\n':

50
			return d == 19;

51
		case '|':

52
			d++;

53
			break;

54
		case '0': case '1': case '2': case '3': case '4':

55
		case '5': case '6': case '7': case '8': case '9':

56
		case '.': case '-': case '+': case ':':

57
			break;

58
		default:

59
			return 0;

60
		}

61
	return 0;

62
}

63


64
/*

65
 * openf

66
 */

67


68
static int

69
flatopen(Dssfile_t* file, Dssdisc_t* disc)

70
{

71
	if ((file->flags & DSS_FILE_READ) && !(file->data = (void*)vmnewof(file->dss->vm, 0, State_t, 1, 0)))

72
	{

73
		if (disc->errorf)

74
			(*disc->errorf)(NiL, disc, ERROR_SYSTEM|2, "out of space");

75
		return -1;

76
	}

77
	return 0;

78
}

79


80
/*

81
 * readf

82
 */

83


84
static int

85
flatread(Dssfile_t* file, Dssrecord_t* record, Dssdisc_t* disc)

86
{

87
	register Netflow_t*	rp = &((State_t*)file->data)->record;

88
	char*			a;

89
	char*			b;

90
	char*			s;

91


92
	if (!(a = s = sfgetr(file->io, '\n', 0)))

93
	{

94
		if (sfvalue(file->io))

95
		{

96
			if (disc->errorf)

97
				(*disc->errorf)(NiL, disc, 2, "%slast record incomplete", cxlocation(file->dss->cx, record));

98
			return -1;

99
		}

100
		return 0;

101
	}

102
	if (strtoip4(a, &b, &rp->src_addrv4, NiL) || *b++ != '|')

103
		goto bad;

104
	if (strtoip4(b, &a, &rp->dst_addrv4, NiL) || *a++ != '|')

105
		goto bad;

106
	if (strtoip4(a, &b, &rp->hopv4, NiL) || *b++ != '|')

107
		goto bad;

108
	rp->input = strtoul(b, &a, 10);

109
	if (*a++ != '|')

110
		goto bad;

111
	rp->output = strtoul(a, &b, 10);

112
	if (*b++ != '|')

113
		goto bad;

114
	rp->packets = strtoul(b, &a, 10);

115
	if (*a++ != '|')

116
		goto bad;

117
	rp->bytes = strtoul(a, &b, 10);

118
	if (*b++ != '|')

119
		goto bad;

120
	rp->first = strtoul(b, &a, 10);

121
	if (*a++ != '|')

122
		goto bad;

123
	rp->last = strtoul(a, &b, 10);

124
	if (*b++ != '|')

125
		goto bad;

126
	rp->src_port = strtoul(b, &a, 10);

127
	if (*a++ != '|')

128
		goto bad;

129
	rp->dst_port = strtoul(a, &b, 10);

130
	if (*b++ != '|')

131
		goto bad;

132
	rp->flags = strtoul(b, &a, 10);

133
	if (*a++ != '|')

134
		goto bad;

135
	rp->tcp_flags = strtoul(a, &b, 10);

136
	if (*b++ != '|')

137
		goto bad;

138
	rp->protocol = strtoul(b, &a, 10);

139
	if (*a++ != '|')

140
		goto bad;

141
	rp->src_tos = strtoul(a, &b, 10);

142
	if (*b++ != '|')

143
		goto bad;

144
	rp->src_as16 = strtoul(b, &a, 10);

145
	if (*a++ != '|')

146
		goto bad;

147
	rp->dst_as16 = strtoul(a, &b, 10);

148
	if (*b++ != '|')

149
		goto bad;

150
	rp->src_maskv4 = strtoul(b, &a, 10);

151
	if (*a++ != '|')

152
		goto bad;

153
	rp->dst_maskv4 = strtoul(a, &b, 10);

154
	if (*b++ != '|')

155
		goto bad;

156
	rp->flow_sequence = strtoul(b, &a, 10);

157
	if (*a++ != '\n')

158
		goto bad;

159
	rp->start = (Nftime_t)rp->first * NS;

160
	rp->end = (Nftime_t)rp->last * NS;

161
	record->data = rp;

162
	record->size = sizeof(*rp);

163
	return 1;

164
 bad:

165
	if (disc->errorf)

166
	{

167
		if (a < b)

168
			a = b;

169
		(*disc->errorf)(NiL, disc, 2, "%s%-.*s<<<: invalid %s record field", cxlocation(file->dss->cx, record), a - s, s, file->format->name);

170
	}

171
	return -1;

172
}

173


174
/*

175
 * writef

176
 */

177


178
#define IPQ(a)	(a>>24)&0xff, (a>>16)&0xff, (a>>8)&0xff, (a)&0xff

179


180
static int

181
flatwrite(Dssfile_t* file, Dssrecord_t* record, Dssdisc_t* disc)

182
{

183
	register Netflow_t*	rp = (Netflow_t*)record->data;

184


185
	if (sfprintf(file->io, "%d.%d.%d.%d|%d.%d.%d.%d|%d.%d.%d.%d|%u|%u|%u|%u|%u|%u|%u|%u|%u|%u|%u|%u|%u|%u|%u|%u|%u\n"

186
		, IPQ(rp->src_addrv4)

187
		, IPQ(rp->dst_addrv4)

188
		, IPQ(rp->hopv4)

189
		, rp->input

190
		, rp->output

191
		, rp->packets

192
		, rp->bytes

193
		, (unsigned long)(rp->start / NS)

194
		, (unsigned long)(rp->end / NS)

195
		, rp->src_port

196
		, rp->dst_port

197
		, rp->flags

198
		, rp->tcp_flags

199
		, rp->protocol

200
		, rp->src_tos

201
		, rp->src_as16

202
		, rp->dst_as16

203
		, rp->src_maskv4

204
		, rp->dst_maskv4

205
		, rp->flow_sequence

206
			) < 0)

207
	{

208
		if (disc->errorf)

209
			(*disc->errorf)(NiL, disc, 2, "%s: write error", file->format->name);

210
		return -1;

211
	}

212
	return 0;

213
}

214


215
/*

216
 * closef

217
 */

218


219
static int

220
flatclose(Dssfile_t* file, Dssdisc_t* disc)

221
{

222
	if (file->data)

223
		vmfree(file->dss->vm, file->data);

224
	return 0;

225
}

226


227
Dssformat_t netflow_flat_format =

228
{

229
	"flat",

230
	"Cisco netflow flat format (2008-06-21) |-separated, \\n-terminated record of these fields: src_addr, dst_addr, hop, input, output, packets, bytes, first, last, src_port, dst_port, flags, tcp_flags, prot, tos, src_as, dst_as, src_mask, dst_mask, flow_sequence",

231
	CXH,

232
	flatident,

233
	flatopen,

234
	flatread,

235
	flatwrite,

236
	0,

237
	flatclose,

238
	0,

239
	0,

240
	netflow_flat_next

241
};

242


243