📄 ftio.c
字号:
if ((fields & FT_FIELD_EX_VER) && (fields & FT_FIELD_AGG_METHOD)) { if (fth->d_version == 8) { agg_ver = ftio->fth.agg_version; agg_method = ftio->fth.agg_method; switch (agg_method) { case 1: agg_name = "AS"; break; case 2: agg_name = "Protocol Port"; break; case 3: agg_name = "Source Prefix"; break; case 4: agg_name = "Destination Prefix"; break; case 5: agg_name = "Prefix"; break; case 6: agg_name = "Destination"; break; case 7: agg_name = "Source Destination"; break; case 8: agg_name = "Full Flow"; break; case 9: agg_name = "ToS AS"; break; case 10: agg_name = "ToS Proto Port"; break; case 11: agg_name = "ToS Source Prefix"; break; case 12: agg_name = "ToS Destination Prefix"; break; case 13: agg_name = "ToS Prefix"; break; case 14: agg_name = "ToS Prefix Port"; break; default: agg_name = "Unknown"; } /* switch */ if (fields & FT_FIELD_AGG_VER) fprintf(std, "%c export agg_version: %u\n", cc, (int)agg_ver); fprintf(std, "%c export agg_method: %u (%s)\n", cc, (int)agg_method, agg_name); } } if (!streaming2) if (fields & FT_FIELD_FLOW_LOST) fprintf(std, "%c lost flows: %lu\n", cc, (u_long)fth->flows_lost); if (!streaming2) if (fields & FT_FIELD_FLOW_MISORDERED) fprintf(std, "%c misordered flows: %lu\n", cc, (u_long)fth->flows_misordered); if (!streaming2) if (fields & FT_FIELD_PKT_CORRUPT) fprintf(std, "%c corrupt packets: %lu\n", cc, (u_long)fth->pkts_corrupt); if (!streaming2) if (fields & FT_FIELD_SEQ_RESET) fprintf(std, "%c sequencer resets: %lu\n", cc, (u_long)fth->seq_reset); if (fields & FT_FIELD_COMMENTS) fprintf(std, "%c comments: %s\n", cc, fth->comments); if (!streaming2) { if ((flags & FT_HEADER_FLAG_DONE) || (flags & FT_HEADER_FLAG_PRELOADED)) { if (fields & FT_FIELD_FLOW_COUNT) fprintf(std, "%c capture flows: %lu\n", cc, (unsigned long)fth->flows_count); } else fprintf(std, "%c note, incomplete flow file\n", cc); } if (fields & FT_FIELD_IF_NAME) { fprintf(std, "%c\n", cc); FT_LIST_FOREACH(ftmin, &fth->ftmap->ifname, chain) { fmt_ipv4(fmt_buf, ftmin->ip, FMT_JUST_LEFT); fprintf(std, "%c ifname %s %d %s\n", cc, fmt_buf, (int)ftmin->ifIndex, ftmin->name); } } /* FT_FIELD_IF_NAME */ if (fields & FT_FIELD_IF_ALIAS) { fprintf(std, "%c\n", cc); FT_LIST_FOREACH(ftmia, &fth->ftmap->ifalias, chain) { fmt_ipv4(fmt_buf, ftmia->ip, FMT_JUST_LEFT); fprintf(std, "%c ifalias %s ", cc, fmt_buf); for (n = 0; n < ftmia->entries; ++n) fprintf(std, "%d ", (int)ftmia->ifIndex_list[n]); fprintf(std, "%s\n", ftmia->name); } } /* FT_FIELD_IF_ALIAS */ fprintf(std, "%c\n", cc);} /* ftio_header_print *//* * function: ftio_rec_swapfunc * * Return the function required to swap a record. Used to create * jump table based on the d_version and agg_method * */void *ftio_rec_swapfunc(struct ftio *ftio){ u_int8 s_ver, d_ver, agg_ver, agg_method; void *ret; s_ver = ftio->fth.s_version; d_ver = ftio->fth.d_version; agg_ver = ftio->fth.agg_version; agg_method = ftio->fth.agg_method; switch (s_ver) { case 1: ret = fts1rec_swap_compat; break; case 3: switch (ftio->fth.d_version) { case 1: ret = fts3rec_swap_v1; break; case 5: ret = fts3rec_swap_v5; break; case 6: ret = fts3rec_swap_v6; break; case 7: ret = fts3rec_swap_v7; break; case 8: if (agg_ver != 2) { fterr_warnx("Unsupported agg_version %d", (int)agg_ver); ret = (void*)0L; break; } switch (agg_method) { case 1: ret = fts3rec_swap_v8_1; break; case 2: ret = fts3rec_swap_v8_2; break; case 3: ret = fts3rec_swap_v8_3; break; case 4: ret = fts3rec_swap_v8_4; break; case 5: ret = fts3rec_swap_v8_5; break; case 6: ret = fts3rec_swap_v8_6; break; case 7: ret = fts3rec_swap_v8_7; break; case 8: ret = fts3rec_swap_v8_8; break; case 9: ret = fts3rec_swap_v8_9; break; case 10: ret = fts3rec_swap_v8_10; break; case 11: ret = fts3rec_swap_v8_11; break; case 12: ret = fts3rec_swap_v8_12; break; case 13: ret = fts3rec_swap_v8_13; break; case 14: ret = fts3rec_swap_v8_14; break; default: fterr_warnx("Unsupported agg_method %d", (int)agg_method); ret = (void*)0L; break; } /* switch agg_method */ break; case 1005: ret = fts3rec_swap_v1005; break; default: fterr_warnx("Unsupported d_version %d", (int)ftio->fth.d_version); ret = (void*)0L; break; } /* switch v8 export */ break; default: fterr_warnx("Unsupported s_version %d", (int)s_ver); ret = (void*)0L; break; } /* switch s_version */ return ret;}/* * function: ftrec_size * * Return the size of a fts3rec_* based on the d_version and agg_method * */int ftrec_size(struct ftver *ver){ int ret; switch (ver->s_version) { case 1: ret = sizeof (struct fts1rec_compat); break; case 3: switch (ver->d_version) { case 1: ret = sizeof (struct fts3rec_v1); break; case 5: ret = sizeof (struct fts3rec_v5); break; case 6: ret = sizeof (struct fts3rec_v6); break; case 7: ret = sizeof (struct fts3rec_v7); break; case 8: if (ver->agg_version != 2) { fterr_warnx("Unsupported agg_version %d", (int)ver->agg_version); ret = -1; break; } switch (ver->agg_method) { case 1: ret = sizeof (struct fts3rec_v8_1); break; case 2: ret = sizeof (struct fts3rec_v8_2); break; case 3: ret = sizeof (struct fts3rec_v8_3); break; case 4: ret = sizeof (struct fts3rec_v8_4); break; case 5: ret = sizeof (struct fts3rec_v8_5); break; case 6: ret = sizeof (struct fts3rec_v8_6); break; case 7: ret = sizeof (struct fts3rec_v8_7); break; case 8: ret = sizeof (struct fts3rec_v8_8); break; case 9: ret = sizeof (struct fts3rec_v8_9); break; case 10: ret = sizeof (struct fts3rec_v8_10); break; case 11: ret = sizeof (struct fts3rec_v8_11); break; case 12: ret = sizeof (struct fts3rec_v8_12); break; case 13: ret = sizeof (struct fts3rec_v8_13); break; case 14: ret = sizeof (struct fts3rec_v8_14); break; default: fterr_warnx("Unsupported agg_method %d", (int)ver->agg_method); ret = -1; break; } /* switch agg_method */ break; case 1005: ret = sizeof (struct fts3rec_v1005); break; default: fterr_warnx("Unsupported d_version %d", (int)ver->d_version); ret = -1; break; } /* switch v8 export */ break; default: fterr_warnx("Unsupported s_version %d", (int)ver->s_version); ret = -1; break; } /* switch s_version */ return ret;}/* * function: ftrec_xfield * * Return the FT_XFIELD* based on the d_version and agg_method * */u_int64 ftrec_xfield(struct ftver *ver){ u_int64 ret; switch (ver->d_version) { case 1: ret = FT_XFIELD_V1_MASK; break; case 5: ret = FT_XFIELD_V5_MASK; break; case 6: ret = FT_XFIELD_V6_MASK; break; case 7: ret = FT_XFIELD_V7_MASK; break; case 8: if (ver->agg_version != 2) { fterr_warnx("Unsupported agg_version %d", (int)ver->agg_version); ret = -1; break; } switch (ver->agg_method) { case 1: ret = FT_XFIELD_V8_1_MASK; break; case 2: ret = FT_XFIELD_V8_2_MASK; break; case 3: ret = FT_XFIELD_V8_3_MASK; break; case 4: ret = FT_XFIELD_V8_4_MASK; break; case 5: ret = FT_XFIELD_V8_5_MASK; break; case 6: ret = FT_XFIELD_V8_6_MASK; break; case 7: ret = FT_XFIELD_V8_7_MASK; break; case 8: ret = FT_XFIELD_V8_8_MASK; break; case 9: ret = FT_XFIELD_V8_9_MASK; break; case 10: ret = FT_XFIELD_V8_10_MASK; break; case 11: ret = FT_XFIELD_V8_11_MASK; break; case 12: ret = FT_XFIELD_V8_12_MASK; break; case 13: ret = FT_XFIELD_V8_13_MASK; break; case 14: ret = FT_XFIELD_V8_14_MASK; break; default: fterr_warnx("Unsupported agg_method %d", (int)ver->agg_method); ret = -1; break; } /* switch agg_method */ break; case 1005: ret = FT_XFIELD_V1005_MASK; break; default: fterr_warnx("Unsupported d_version %d", (int)ver->d_version); ret = -1; break; } /* switch v8 export */ return ret;} /* ftrec_xfield *//* * function: ftio_xfield * * Return the FT_XFIELD* * */u_int64 ftio_xfield(struct ftio *ftio){ struct ftver ver; ver.d_version = ftio->fth.d_version; ver.s_version = ftio->fth.s_version; ver.agg_method = ftio->fth.agg_method; ver.agg_version = ftio->fth.agg_version; return ftrec_xfield(&ver);}/* * function: ftio_rec_size * * Return the size of a fts3rec_* based on the initialized ftio * stream. * */int ftio_rec_size(struct ftio *ftio){ struct ftver ver; ver.d_version = ftio->fth.d_version; ver.s_version = ftio->fth.s_version; ver.agg_method = ftio->fth.agg_method; ver.agg_version = ftio->fth.agg_version;⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -