⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 flow-import.c

📁 netflow,抓包
💻 C
📖 第 1 页 / 共 3 页
字号:
🔍
123 
/* * Copyright (c) 2001 Mark Fullmer and The Ohio State University * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright *    notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright *    notice, this list of conditions and the following disclaimer in the *    documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * *      $Id: flow-import.c,v 1.13 2003/04/02 18:03:02 maf Exp $ */#include "ftconfig.h"#include <ftlib.h>#include <sys/time.h>#include <sys/types.h>#include <sys/param.h>#include <sys/uio.h>#include <ctype.h>#include <unistd.h>#include <stdio.h>#include <stddef.h>#include <stdlib.h>#include <time.h>#include <fcntl.h>#if HAVE_STRINGS_H #include <strings.h>#endif#if HAVE_STRING_H  #include <string.h>#endif#include "ftbuild.h"#include "cflowd.h"struct options {  struct ftver ftv;  struct ftset ftset;  u_int64 ft_mask;  int set_format;  u_long records;};struct jump {    int (*where)(struct ftio *ftio, struct options *opt);};int format0(struct ftio *ftio, struct options *opt);int format1(struct ftio *ftio, struct options *opt);int format2(struct ftio *ftio, struct options *opt);int format_NFCollector1(struct ftio *ftio, struct options *opt);int format4(struct ftio *ftio, struct options *opt);void usage(void);struct jump format[] = {{format0}, {format1}, {format2},			{ format_NFCollector1 }, {format4} };static u_int64 vXmask[] = {  0,  FT_XFIELD_V1_MASK,  0, 0, 0,  FT_XFIELD_V5_MASK,  FT_XFIELD_V6_MASK,  FT_XFIELD_V7_MASK };static u_int64 v8mask[] = {  0,  FT_XFIELD_V8_1_MASK,  FT_XFIELD_V8_2_MASK,  FT_XFIELD_V8_3_MASK,  FT_XFIELD_V8_4_MASK,  FT_XFIELD_V8_5_MASK,  FT_XFIELD_V8_6_MASK,  FT_XFIELD_V8_7_MASK,  FT_XFIELD_V8_8_MASK,  FT_XFIELD_V8_9_MASK,  FT_XFIELD_V8_10_MASK,  FT_XFIELD_V8_11_MASK,  FT_XFIELD_V8_12_MASK,  FT_XFIELD_V8_13_MASK,  FT_XFIELD_V8_14_MASK };#define NFORMATS 5 /* nformats + 1 */#if HAVE_LL_STRTOUL  #define strtoull strtoul#endif /* HAVE_LL_STRTOULL */int main(int argc, char **argv){  struct ftio ftio;  struct options opt;  int i, n, format_index, ret;  unsigned int v1, v2;  int debug;  /* init fterr */  fterr_setid(argv[0]);  debug = 0;  format_index = 0;  bzero(&opt, sizeof opt);  /* defaults + no compression */  ftset_init(&opt.ftset, 0);  opt.ft_mask = 0xFFFFFFFFFFFFFFFFLL;  while ((i = getopt(argc, argv, "b:d:f:h?m:V:z:")) != -1)    switch (i) {    case 'b': /* output byte order */      if (!strcasecmp(optarg, "little"))        opt.ftset.byte_order = FT_HEADER_LITTLE_ENDIAN;      else if (!strcasecmp(optarg, "big"))        opt.ftset.byte_order = FT_HEADER_BIG_ENDIAN;      else        fterr_errx(1, "expecting \"big\" or \"little\"");      break;    case 'd': /* debug */      debug = atoi(optarg);      break;    case 'f': /* format */      format_index = atoi(optarg);      break;    case 'h': /* help */    case '?':      usage();      exit (0);      break;    case 'm': /* mask */      if (isalpha((int)optarg[0])) {        if (ftxfield_parse(optarg, &opt.ft_mask) < 0)          fterr_errx(1, "ftxfield_parse(): failed");      } else {        opt.ft_mask = strtoull(optarg, (char **)0L, 0);      }      opt.set_format = 1;      break;   case 'V': /* PDU version */      n = sscanf(optarg, "%u.%u", &v1, &v2);      if (n == 1) {        opt.ftv.s_version = FT_IO_SVERSION;        opt.ftv.d_version = v1;        opt.ftv.set = 1;      } else if (n == 2) {        opt.ftv.s_version = FT_IO_SVERSION;        opt.ftv.d_version = v1;        opt.ftv.agg_method = v2;        opt.ftv.agg_version = 2;        opt.ftv.set = 1;      } else        fterr_errx(1, "Version scan failed");      break;    case 'z': /* compress level */      opt.ftset.z_level = atoi(optarg);      if ((opt.ftset.z_level < 0) || (opt.ftset.z_level > 9))        fterr_errx(1, "Compression level must be between 0 and 9");      break;    default:      usage();      exit (1);      break;    } /* switch */  if (argc - optind)    fterr_errx(1, "Extra arguments starting with %s.", argv[optind]);  if (format_index >= NFORMATS)    fterr_errx(1, "No such format, %d", format_index);  if (!opt.ftv.set)    fterr_errx(1, "Must specify export version to store flows");  /* output to stdout */  if (ftio_init(&ftio, 1, FT_IO_FLAG_WRITE |    ((opt.ftset.z_level) ? FT_IO_FLAG_ZINIT : 0) ) < 0)    fterr_errx(1, "ftio_init(): failed");      ftio_set_comment(&ftio, "flow-import");  ftio_set_cap_hostname(&ftio, "flow-import");  ftio_set_byte_order(&ftio, opt.ftset.byte_order);  ftio_set_z_level(&ftio, opt.ftset.z_level);  ftio_set_streaming(&ftio, 1);  ftio_set_debug(&ftio, debug);  if (ftio_set_ver(&ftio, &opt.ftv) < 0)    fterr_errx(1, "ftio_set_ver(): failed");  /* header first */  if (ftio_write_header(&ftio) < 0)    fterr_errx(1, "ftio_write_header(): failed");  ret = format[format_index].where(&ftio, &opt);  if (ftio_close(&ftio) < 0)    fterr_errx(1, "ftio_close(): failed");  fprintf(stderr, "%s: Imported %lu records.\n", argv[0], opt.records);  return ret;} /* main *//* * function: format0 * * import from cflowd files*/int format0(struct ftio *ftio, struct options *opt){  struct fts3rec_offsets fo;  size_t rlen;  u_char buf[FT_IO_MAXREC];  char *rec;  u_int32 ui32, Start;  u_int16 ui16;  u_int8 ui8;  u_int32 cfdmask, index;  int ret;  rec = (char*)&buf;  fts3rec_compute_offsets(&fo, &opt->ftv);  switch (opt->ftv.d_version) {    case 1:      cfdmask = CF_INDEX_V1_MASK;      break;    case 5:      cfdmask = CF_INDEX_V5_MASK;      break;    case 6:      cfdmask = CF_INDEX_V6_MASK;      break;    case 7:      cfdmask = CF_INDEX_V7_MASK;      break;    case 8:      switch (opt->ftv.agg_method) {        case 1:          cfdmask = CF_INDEX_V8_1_MASK;          break;        case 2:          cfdmask = CF_INDEX_V8_2_MASK;          break;        case 3:          cfdmask = CF_INDEX_V8_3_MASK;          break;        case 4:          cfdmask = CF_INDEX_V8_4_MASK;          break;        case 5:          cfdmask = CF_INDEX_V8_5_MASK;          break;        case 6:          cfdmask = CF_INDEX_V8_6_MASK;          break;        case 7:          cfdmask = CF_INDEX_V8_7_MASK;          break;        case 8:          cfdmask = CF_INDEX_V8_8_MASK;          break;        case 9:          cfdmask = CF_INDEX_V8_9_MASK;          break;        case 10:          cfdmask = CF_INDEX_V8_10_MASK;          break;        case 11:          cfdmask = CF_INDEX_V8_11_MASK;          break;        case 12:          cfdmask = CF_INDEX_V8_12_MASK;          break;        case 13:          cfdmask = CF_INDEX_V8_13_MASK;          break;        case 14:          cfdmask = CF_INDEX_V8_14_MASK;          break;        default:          fterr_warnx("Unsupported export version");          return -1;       } /* switch */       break;    default:      fterr_warnx("Unsupported export version");      return -1;  } /* switch */  ret = -1;  while (!(feof(stdin))) {    ret = -1;    bzero(rec, FT_IO_MAXREC);    Start = 0;    if ((rlen = fread(&index, sizeof (index), 1, stdin) != 1))      goto done;    index = ntohl(index);    if (index & CF_ROUTERMASK) {      if ((rlen = fread(&ui32, sizeof (ui32), 1, stdin) != 1))        goto done;      ui32 = ntohl(ui32);      if (cfdmask & CF_ROUTERMASK)        *((u_int32*)(rec+fo.exaddr)) = ui32;    }    if (index & CF_SRCIPADDRMASK) {      if ((rlen = fread(&ui32, sizeof (ui32), 1, stdin) != 1))        goto done;      ui32 = ntohl(ui32);      if (cfdmask & CF_SRCIPADDRMASK)        *((u_int32*)(rec+fo.srcaddr)) = ui32;    }    if (index & CF_DSTIPADDRMASK) {      if ((rlen = fread(&ui32, sizeof (ui32), 1, stdin) != 1))        goto done;      ui32 = ntohl(ui32);      if (cfdmask & CF_DSTIPADDRMASK)        *((u_int32*)(rec+fo.dstaddr)) = ui32;    }    if (index & CF_INPUTIFINDEXMASK) {      if ((rlen = fread(&ui16, sizeof (ui16), 1, stdin) != 1))        goto done;      ui16 = ntohs(ui16);      if (cfdmask & CF_DSTIPADDRMASK)        *((u_int16*)(rec+fo.input)) = ui16;    }    if (index & CF_OUTPUTIFINDEXMASK) {      if ((rlen = fread(&ui16, sizeof (ui16), 1, stdin) != 1))        goto done;      ui16 = ntohs(ui16);      if (cfdmask & CF_OUTPUTIFINDEXMASK)        *((u_int16*)(rec+fo.output)) = ui16;    }    if (index & CF_SRCPORTMASK) {      if ((rlen = fread(&ui16, sizeof (ui16), 1, stdin) != 1))        goto done;      ui16 = ntohs(ui16);      if (cfdmask & CF_SRCPORTMASK)        *((u_int16*)(rec+fo.srcport)) = ui16;    }    if (index & CF_DSTPORTMASK) {      if ((rlen = fread(&ui16, sizeof (ui16), 1, stdin) != 1))        goto done;      ui16 = ntohs(ui16);      if (cfdmask & CF_DSTPORTMASK)        *((u_int16*)(rec+fo.dstport)) = ui16;    }    if (index & CF_PKTSMASK) {      if ((rlen = fread(&ui32, sizeof (ui32), 1, stdin) != 1))        goto done;      ui32 = ntohl(ui32);      if (cfdmask & CF_PKTSMASK)        *((u_int32*)(rec+fo.dPkts)) = ui32;    }    if (index & CF_BYTESMASK) {      if ((rlen = fread(&ui32, sizeof (ui32), 1, stdin) != 1))        goto done;      ui32 = ntohl(ui32);
123

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -