📄 flow-stat.c
字号:
/* ports only make sense for TCP and UDP */ if ((prot != IPPROTO_UDP) && (prot != IPPROTO_TCP)) continue; CUR_GET_PLUS_FLOWS; TOTAL_INC; dstport = *((u_int16*)(rec+fo.dstport)); STAT_INCA(dstport); } /* while */ tbl_out1(args, 65536, &stat, &total, "port ", FT_PATH_SYM_TCP_PORT); fopdi_free(&stat); return 0;} /* format5 *//* * function: format6 * * UDP/TCP source port flows,octets,packets,duration * * returns 0 for success. */int format6(struct fmtargs *args){ struct fts3rec_offsets fo; struct fopd32 cur; struct fopdi stat; struct fopd total; struct ftver ftv; char *rec; u_int8 prot; u_int16 srcport; ftio_get_ver(&args->ftio, &ftv); if (ftio_check_xfield(&args->ftio, FT_XFIELD_DPKTS | FT_XFIELD_DOCTETS | FT_XFIELD_FIRST | FT_XFIELD_LAST | FT_XFIELD_PROT | FT_XFIELD_SRCPORT)) { fterr_warnx("Flow record missing required field for format."); return -1; } fts3rec_compute_offsets(&fo, &ftv); if (fopdi_alloc(&stat, 65536) < 0) return -1; bzero(&total, sizeof total); cur.flows = 1; while ((rec = ftio_read(&args->ftio))) { prot = *((u_int8*)(rec+fo.prot)); /* ports only make sense for TCP and UDP */ if ((prot != IPPROTO_UDP) && (prot != IPPROTO_TCP)) continue; CUR_GET_PLUS_FLOWS; TOTAL_INC; srcport = *((u_int16*)(rec+fo.srcport)); STAT_INCA(srcport); } /* while */ tbl_out1(args, 65536, &stat, &total, "port ", FT_PATH_SYM_TCP_PORT); fopdi_free(&stat); return 0;} /* format6 *//* * function: format7 * * UDP/TCP port flows,octets,packets,duration histogram * * returns 0 for success. */int format7(struct fmtargs *args){ struct fts3rec_offsets fo; struct fopd32 cur; struct ftver ftv; struct fopdi stat; struct fopd total; char *rec; u_int8 prot; u_int16 srcport, dstport; ftio_get_ver(&args->ftio, &ftv); if (ftio_check_xfield(&args->ftio, FT_XFIELD_DPKTS | FT_XFIELD_DOCTETS | FT_XFIELD_FIRST | FT_XFIELD_LAST | FT_XFIELD_PROT | FT_XFIELD_SRCPORT | FT_XFIELD_DSTPORT)) { fterr_warnx("Flow record missing required field for format."); return -1; } fts3rec_compute_offsets(&fo, &ftv); if (fopdi_alloc(&stat, 65536) < 0) return -1; bzero(&total, sizeof total); cur.flows = 1; while ((rec = ftio_read(&args->ftio))) { prot = *((u_int8*)(rec+fo.prot)); /* ports only make sense for TCP and UDP */ if ((prot != IPPROTO_UDP) && (prot != IPPROTO_TCP)) continue; CUR_GET_PLUS_FLOWS; TOTAL_INC; TOTAL_INC; srcport = *((u_int16*)(rec+fo.srcport)); dstport = *((u_int16*)(rec+fo.dstport)); STAT_INCA(srcport); STAT_INCA(dstport); } tbl_out1(args, 65536, &stat, &total, "port ", FT_PATH_SYM_TCP_PORT); fopdi_free(&stat); return 0;} /* format7 *//* * function: format8 * * Destination IP flows,octets,packets,duration * * returns 0 for success. */int format8(struct fmtargs *args){ struct fts3rec_offsets fo; struct fopd32 cur; struct ftver ftv; struct ftchash *ftch; struct ftchash_rec_ip ftch_recip, *ftch_recipp; struct fopd total; u_int32 hash; char *rec; ftio_get_ver(&args->ftio, &ftv); if (ftio_check_xfield(&args->ftio, FT_XFIELD_DPKTS | FT_XFIELD_DOCTETS | FT_XFIELD_FIRST | FT_XFIELD_LAST | FT_XFIELD_DSTADDR)) { fterr_warnx("Flow record missing required field for format."); return -1; } fts3rec_compute_offsets(&fo, &ftv); bzero(&total, sizeof total); bzero(&ftch_recip, sizeof ftch_recip); if (!(ftch = ftchash_new(65536, sizeof (struct ftchash_rec_ip), 4, 65536))) { fterr_warnx("ftchash_new(): failed"); return -1; } cur.flows = 1; while ((rec = ftio_read(&args->ftio))) { CUR_GET_PLUS_FLOWS; TOTAL_INC; ftch_recip.addr = *((u_int32*)(rec+fo.dstaddr)); hash = (ftch_recip.addr>>16) ^ (ftch_recip.addr & 0xFFFF); if (!(ftch_recipp = ftchash_update(ftch, &ftch_recip, hash))) { fterr_warnx("ftch_update(): failed"); ftchash_free(ftch); return -1; } STAT_INCP(ftch_recipp); } chash_ip_dump(ftch, args->cc, args->sort_order, args->options, &total); ftchash_free(ftch); return 0;} /* format8 *//* * function: format9 * * Source IP flows,octets,packets,duration * * returns 0 for success. */int format9(struct fmtargs *args){ struct fts3rec_offsets fo; struct fopd32 cur; struct ftver ftv; struct ftchash *ftch; struct ftchash_rec_ip ftch_recip, *ftch_recipp; struct fopd total; u_int32 hash; char *rec; ftio_get_ver(&args->ftio, &ftv); if (ftio_check_xfield(&args->ftio, FT_XFIELD_DPKTS | FT_XFIELD_DOCTETS | FT_XFIELD_FIRST | FT_XFIELD_LAST | FT_XFIELD_SRCADDR)) { fterr_warnx("Flow record missing required field for format."); return -1; } fts3rec_compute_offsets(&fo, &ftv); bzero(&total, sizeof total); bzero(&ftch_recip, sizeof ftch_recip); if (!(ftch = ftchash_new(65536, sizeof (struct ftchash_rec_ip), 4, 65536))) { fterr_warnx("ftchash_new(): failed"); return -1; } cur.flows = 1; while ((rec = ftio_read(&args->ftio))) { CUR_GET_PLUS_FLOWS; TOTAL_INC; ftch_recip.addr = *((u_int32*)(rec+fo.srcaddr)); hash = (ftch_recip.addr>>16) ^ (ftch_recip.addr & 0xFFFF); if (!(ftch_recipp = ftchash_update(ftch, &ftch_recip, hash))) { fterr_warnx("ftch_update(): failed"); ftchash_free(ftch); return -1; } STAT_INCP(ftch_recipp); } chash_ip_dump(ftch, args->cc, args->sort_order, args->options, &total); ftchash_free(ftch); return 0;} /* format9 *//* * function: format10 * * Source/Destination IP flows,octets,packets,duration * * returns 0 for success. */int format10(struct fmtargs *args){ struct fts3rec_offsets fo; struct fopd32 cur; struct ftver ftv; struct ftchash *ftch; struct ftchash_rec_ip2 ftch_recip2, *ftch_recip2p; struct fopd total; u_int32 hash; char *rec; ftio_get_ver(&args->ftio, &ftv); if (ftio_check_xfield(&args->ftio, FT_XFIELD_DPKTS | FT_XFIELD_DOCTETS | FT_XFIELD_FIRST | FT_XFIELD_LAST | FT_XFIELD_SRCADDR | FT_XFIELD_DSTADDR)) { fterr_warnx("Flow record missing required field for format."); return -1; } fts3rec_compute_offsets(&fo, &ftv); bzero(&total, sizeof total); bzero(&ftch_recip2, sizeof ftch_recip2); if (!(ftch = ftchash_new(65536, sizeof (struct ftchash_rec_ip2), 8, 65536))) { fterr_warnx("ftchash_new(): failed"); return -1; } cur.flows = 1; while ((rec = ftio_read(&args->ftio))) { CUR_GET_PLUS_FLOWS; TOTAL_INC; ftch_recip2.src_addr = *((u_int32*)(rec+fo.srcaddr)); ftch_recip2.dst_addr = *((u_int32*)(rec+fo.dstaddr)); hash = (ftch_recip2.src_addr>>16) ^ (ftch_recip2.src_addr & 0xFFFF) ^ (ftch_recip2.dst_addr>>16) ^ (ftch_recip2.dst_addr & 0xFFFF); if (!(ftch_recip2p = ftchash_update(ftch, &ftch_recip2, hash))) { fterr_warnx("ftch_update(): failed"); ftchash_free(ftch); return -1; } STAT_INCP(ftch_recip2p); } chash_ip2_dump(ftch, args->cc, args->sort_order, args->options, &total); ftchash_free(ftch); return 0;} /* format10 *//* * function: format11 * * IP flows,octets,packets,duration * * returns 0 for success. */int format11(struct fmtargs *args){ struct fts3rec_offsets fo; struct fopd32 cur; struct ftchash *ftch; struct ftchash_rec_ip ftch_recip, *ftch_recipp; struct ftver ftv; struct fopd total; u_int32 hash; char *rec; ftio_get_ver(&args->ftio, &ftv); if (ftio_check_xfield(&args->ftio, FT_XFIELD_DPKTS | FT_XFIELD_DOCTETS | FT_XFIELD_FIRST | FT_XFIELD_LAST | FT_XFIELD_SRCADDR | FT_XFIELD_DSTADDR)) { fterr_warnx("Flow record missing required field for format."); return -1; } fts3rec_compute_offsets(&fo, &ftv); bzero(&total, sizeof total); bzero(&ftch_recip, sizeof ftch_recip); if (!(ftch = ftchash_new(65536, sizeof (struct ftchash_rec_ip), 4, 65536))) { fterr_warnx("ftchash_new(): failed"); return -1; } cur.flows = 1; while ((rec = ftio_read(&args->ftio))) { CUR_GET_PLUS_FLOWS; TOTAL_INC; ftch_recip.addr = *((u_int32*)(rec+fo.srcaddr)); hash = (ftch_recip.addr>>16) ^ (ftch_recip.addr & 0xFFFF); if (!(ftch_recipp = ftchash_update(ftch, &ftch_recip, hash))) { fterr_warnx("ftch_update(): failed"); ftchash_free(ftch); return -1; } STAT_INCP(ftch_recipp); ftch_recip.addr = *((u_int32*)(rec+fo.dstaddr)); hash = (ftch_recip.addr>>16) ^ (ftch_recip.addr & 0xFFFF); if (!(ftch_recipp = ftchash_update(ftch, &ftch_recip, hash))) { fterr_warnx("ftch_update(): failed"); ftchash_free(ftch); return -1; } STAT_INCP(ftch_recipp); } chash_ip_dump(ftch, args->cc, args->sort_order, args->options, &total); ftchash_free(ftch); return 0;}/* * function: format12 * * flows,octets,packets,duration by IP protocol * * returns 0 for success. */int format12(struct fmtargs *args){ struct fts3rec_offsets fo; struct fopd32 cur; struct ftver ftv; struct fopdi stat; struct fopd total; char *rec; u_int8 prot; ftio_get_ver(&args->ftio, &ftv); if (ftio_check_xfield(&args->ftio, FT_XFIELD_DPKTS | FT_XFIELD_DOCTETS | FT_XFIELD_FIRST | FT_XFIELD_LAST | FT_XFIELD_PROT)) { fterr_warnx("Flow record missing required field for format."); return -1; } fts3rec_compute_offsets(&fo, &ftv); if (fopdi_alloc(&stat, 256) < 0) return -1; bzero(&total, sizeof total); cur.flows = 1; while ((rec = ftio_read(&args->ftio))) { CUR_GET_PLUS_FLOWS; TOTAL_INC; prot = *((u_int8*)(rec+fo.prot)); STAT_INCA(prot); } tbl_out1(args, 256, &stat, &total, "protocol ", FT_PATH_SYM_IP_PROT); fopdi_free(&stat); return 0;} /* format12 *//* * function: format13 * * octets for flow duration plot data * * returns 0 for success. */int format13(struct fmtargs *args){ struct fts3rec_offsets fo; struct fopd32 cur; struct ftver ftv; u_long ymin, ymax; u_long xmin, xmax; u_int32 First, Last; u_int64 nflows; char *rec; ftio_get_ver(&args->ftio, &ftv); if (ftio_check_xfield(&args->ftio, FT_XFIELD_DPKTS | FT_XFIELD_DOCTETS | FT_XFIELD_FIRST | FT_XFIELD_LAST)) { fterr_warnx("Flow record missing required field for format."); return -1; } fts3rec_compute_offsets(&fo, &ftv); nflows = 0; xmin = ymin = 0xFFFFFFFF; xmax = ymax = 0; printf("%c\n%c start octets\n%c end octets\n%c\n", args->cc, args->cc, args->cc, args->cc); while ((rec = ftio_read(&args->ftio))) { CUR_GET_PLUS_FLOWS; Last = *((u_int32*)(rec+fo.Last)); First = *((u_int32*)(rec+fo.First));⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -