📄 flow-print.c
字号:
sym_prot = ftsym_new(FT_PATH_SYM_IP_PROT); } puts("srcIP dstIP router_sc prot srcPort dstPort octets packets"); while ((rec = ftio_read(ftio))) { cur.dOctets = ((u_int32*)(rec+fo.dOctets)); cur.dPkts = ((u_int32*)(rec+fo.dPkts)); cur.srcaddr = ((u_int32*)(rec+fo.srcaddr)); cur.dstaddr = ((u_int32*)(rec+fo.dstaddr)); cur.router_sc = ((u_int32*)(rec+fo.router_sc)); cur.srcport = ((u_int16*)(rec+fo.srcport)); cur.dstport = ((u_int16*)(rec+fo.dstport)); cur.prot = ((u_int8*)(rec+fo.prot)); cur.src_mask = ((u_int8*)(rec+fo.src_mask)); cur.dst_mask = ((u_int8*)(rec+fo.dst_mask)); fmt_ipv4prefix(fmt_buf1, *cur.srcaddr, *cur.src_mask, FMT_PAD_RIGHT); fmt_ipv4prefix(fmt_buf2, *cur.dstaddr, *cur.dst_mask, FMT_PAD_RIGHT); fmt_ipv4(fmt_buf3, *cur.router_sc, FMT_PAD_RIGHT); fmt_uint16s(sym_prot, 5, fmt_buf4, (u_int16)*cur.prot, FMT_PAD_RIGHT); fmt_uint16s(sym_tcp, 16, fmt_buf5, (u_int16)*cur.srcport, FMT_PAD_RIGHT); fmt_uint16s(sym_tcp, 16, fmt_buf6, (u_int16)*cur.dstport, FMT_PAD_RIGHT); printf("%-18.18s %-18.18s %-15.15s %-5.5s %-14.14s %-14.14s %-10lu %-10lu\n", fmt_buf1, fmt_buf2, fmt_buf3, fmt_buf4, fmt_buf5, fmt_buf6, (u_long)*cur.dOctets, (u_long)*cur.dPkts); if (options & FT_OPT_NOBUF) fflush(stdout); } /* while */ ftsym_free(sym_tcp); ftsym_free(sym_prot); return 0;} /* format7 *//* * function: format8 * * 1 line, 132 column -- includes encapsulation size from v6 format */int format8(struct ftio *ftio, int options){ struct ftsym *sym_tcp, *sym_prot; struct fts3rec_all cur; struct fts3rec_offsets fo; struct ftver ftv; char fmt_buf1[64], fmt_buf2[64], fmt_buf3[64], fmt_buf4[64], fmt_buf5[64]; char fmt_buf6[64]; char *rec; if (ftio_check_xfield(ftio, FT_XFIELD_DPKTS | FT_XFIELD_DOCTETS | FT_XFIELD_PROT | FT_XFIELD_SRCADDR | FT_XFIELD_DSTADDR | FT_XFIELD_SRC_MASK | FT_XFIELD_DST_MASK | FT_XFIELD_PEER_NEXTHOP | FT_XFIELD_SRCPORT | FT_XFIELD_DSTPORT | FT_XFIELD_IN_ENCAPS | FT_XFIELD_OUT_ENCAPS)) { fterr_warnx("Flow record missing required field for format."); return -1; } ftio_get_ver(ftio, &ftv); fts3rec_compute_offsets(&fo, &ftv); sym_tcp = sym_prot = (struct ftsym*)0L; if (options & FT_OPT_NAMES) { sym_tcp = ftsym_new(FT_PATH_SYM_TCP_PORT); sym_prot = ftsym_new(FT_PATH_SYM_IP_PROT); } puts("srcIP dstIP peer_nexthop encap i/o prot srcPort dstPort octets packets"); while ((rec = ftio_read(ftio))) { cur.dOctets = ((u_int32*)(rec+fo.dOctets)); cur.dPkts = ((u_int32*)(rec+fo.dPkts)); cur.srcaddr = ((u_int32*)(rec+fo.srcaddr)); cur.dstaddr = ((u_int32*)(rec+fo.dstaddr)); cur.peer_nexthop = ((u_int32*)(rec+fo.peer_nexthop)); cur.srcport = ((u_int16*)(rec+fo.srcport)); cur.dstport = ((u_int16*)(rec+fo.dstport)); cur.prot = ((u_int8*)(rec+fo.prot)); cur.src_mask = ((u_int8*)(rec+fo.src_mask)); cur.dst_mask = ((u_int8*)(rec+fo.dst_mask)); cur.in_encaps = ((u_int8*)(rec+fo.in_encaps)); cur.out_encaps = ((u_int8*)(rec+fo.out_encaps)); fmt_ipv4prefix(fmt_buf1, *cur.srcaddr, *cur.src_mask, FMT_PAD_RIGHT); fmt_ipv4prefix(fmt_buf2, *cur.dstaddr, *cur.dst_mask, FMT_PAD_RIGHT); fmt_ipv4(fmt_buf3, *cur.peer_nexthop, FMT_PAD_RIGHT); fmt_uint16s(sym_prot, 5, fmt_buf4, (u_int16)*cur.prot, FMT_PAD_RIGHT); fmt_uint16s(sym_tcp, 16, fmt_buf5, (u_int16)*cur.srcport, FMT_PAD_RIGHT); fmt_uint16s(sym_tcp, 16, fmt_buf6, (u_int16)*cur.dstport, FMT_PAD_RIGHT); printf("%-18.18s %-18.18s %-15.15s %-4d %-4d %-5.5s %-14.14s %-14.14s %-10lu %-10lu\n", fmt_buf1, fmt_buf2, fmt_buf3, (int)*cur.in_encaps, (int)*cur.out_encaps, fmt_buf4, fmt_buf5, fmt_buf6, (u_long)*cur.dOctets, (u_long)*cur.dPkts); if (options & FT_OPT_NOBUF) fflush(stdout); } /* while */ ftsym_free(sym_tcp); ftsym_free(sym_prot); return 0;} /* format8 *//* * 1 line, include src and dst tag */int format9(struct ftio *ftio, int options){ struct ftsym *sym_tag; struct fts3rec_all cur; struct fts3rec_offsets fo; struct ftver ftv; char fmt_buf1[64], fmt_buf2[64], fmt_buf3[64], fmt_buf4[64]; char *fmt_src, *fmt_dst; char *rec; if (ftio_check_xfield(ftio, FT_XFIELD_DPKTS | FT_XFIELD_DOCTETS | FT_XFIELD_SRCADDR | FT_XFIELD_DSTADDR | FT_XFIELD_SRC_TAG | FT_XFIELD_DST_TAG | FT_XFIELD_PROT)) { fterr_warnx("Flow record missing required field for format."); return -1; } sym_tag = (struct ftsym*)0L; if (options & FT_OPT_NAMES) { sym_tag = ftsym_new(FT_PATH_SYM_TAG); } ftio_get_ver(ftio, &ftv); fts3rec_compute_offsets(&fo, &ftv); if (options & FT_OPT_WIDE) puts("srcTag dstTag srcIP dstIP octets packets"); else puts("srcTag dstTag srcIP dstIP octets packets"); while ((rec = ftio_read(ftio))) { cur.dOctets = ((u_int32*)(rec+fo.dOctets)); cur.dPkts = ((u_int32*)(rec+fo.dPkts)); cur.srcaddr = ((u_int32*)(rec+fo.srcaddr)); cur.dstaddr = ((u_int32*)(rec+fo.dstaddr)); cur.src_tag = ((u_int32*)(rec+fo.src_tag)); cur.dst_tag = ((u_int32*)(rec+fo.dst_tag)); fmt_ipv4(fmt_buf1, *cur.srcaddr, FMT_PAD_RIGHT); fmt_ipv4(fmt_buf2, *cur.dstaddr, FMT_PAD_RIGHT); sprintf(fmt_buf3, "0x%-8.8lx", (u_long)*cur.src_tag); sprintf(fmt_buf4, "0x%-8.8lx", (u_long)*cur.dst_tag); if (options & FT_OPT_NAMES) { if (ftsym_findbyval(sym_tag, (u_int32)*cur.src_tag, &fmt_src) != 1) { sprintf(fmt_buf3, "0x%-8.8lx", (u_long)*cur.src_tag); fmt_src = fmt_buf3; } if (ftsym_findbyval(sym_tag, (u_int32)*cur.dst_tag, &fmt_dst) != 1) { sprintf(fmt_buf4, "0x%-8.8lx", (u_long)*cur.dst_tag); fmt_dst = fmt_buf4; } } else { sprintf(fmt_buf3, "0x%-8.8lx", (u_long)*cur.src_tag); sprintf(fmt_buf4, "0x%-8.8lx", (u_long)*cur.dst_tag); fmt_src = fmt_buf3; fmt_dst = fmt_buf4; } if (options & FT_OPT_WIDE) printf("%-15.15s %-15.15s %-15.15s %-15.15s %-10lu %-10lu\n", fmt_src, fmt_dst, fmt_buf1, fmt_buf2, (u_long)*cur.dOctets, (u_long)*cur.dPkts); else printf("%-10.10s %-10.10s %-15.15s %-15.15s %-10lu %-10lu\n", fmt_src, fmt_dst, fmt_buf1, fmt_buf2, (u_long)*cur.dOctets, (u_long)*cur.dPkts); if (options & FT_OPT_NOBUF) fflush(stdout); } /* while */ ftsym_free(sym_tag); return 0;} /* format9 *//* * 8.1 AS aggregation */int format10(struct ftio *ftio, int options){ struct ftsym *sym_asn; struct fts3rec_all cur; struct fts3rec_offsets fo; struct ftver ftv; char fmt_buf1[64], fmt_buf2[64], fmt_buf3[32], fmt_buf4[32]; char fmt_buf5[32], fmt_buf6[32], fmt_buf7[32], fmt_buf8[32]; char *rec; if (ftio_check_xfield(ftio, FT_XFIELD_DFLOWS | FT_XFIELD_DPKTS | FT_XFIELD_DOCTETS | FT_XFIELD_FIRST | FT_XFIELD_LAST | FT_XFIELD_INPUT | FT_XFIELD_OUTPUT | FT_XFIELD_SRC_AS | FT_XFIELD_DST_AS)) { fterr_warnx("Flow record missing required field for format."); return -1; } ftio_get_ver(ftio, &ftv); fts3rec_compute_offsets(&fo, &ftv); sym_asn = (struct ftsym*)0L; if (options & FT_OPT_NAMES) { sym_asn = ftsym_new(FT_PATH_SYM_ASN); } if (options & FT_OPT_WIDE) puts("srcAS dstAS in out flows octets packets duration"); else puts("srcAS dstAS in out flows octets packets duration"); while ((rec = ftio_read(ftio))) { cur.dFlows = ((u_int32*)(rec+fo.dFlows)); cur.dOctets = ((u_int32*)(rec+fo.dOctets)); cur.dPkts = ((u_int32*)(rec+fo.dPkts)); cur.First = ((u_int32*)(rec+fo.First)); cur.Last = ((u_int32*)(rec+fo.Last)); cur.input = ((u_int16*)(rec+fo.input)); cur.output = ((u_int16*)(rec+fo.output)); cur.src_as = ((u_int16*)(rec+fo.src_as)); cur.dst_as = ((u_int16*)(rec+fo.dst_as)); fmt_uint16s(sym_asn, 18, fmt_buf1, (u_int16)*cur.src_as, FMT_JUST_LEFT); fmt_uint16s(sym_asn, 18, fmt_buf2, (u_int16)*cur.dst_as, FMT_JUST_LEFT); fmt_uint16(fmt_buf3, *cur.input, FMT_JUST_LEFT); fmt_uint16(fmt_buf4, *cur.output, FMT_JUST_LEFT); fmt_uint32(fmt_buf5, *cur.dFlows, FMT_JUST_LEFT); fmt_uint32(fmt_buf6, *cur.dOctets, FMT_JUST_LEFT); fmt_uint32(fmt_buf7, *cur.dPkts, FMT_JUST_LEFT); fmt_uint32(fmt_buf8, *cur.Last - *cur.First, FMT_JUST_LEFT); if (options & FT_OPT_WIDE) printf( "%-16.16s %-16.16s %-7.7s%-7.7s%-12.12s%-12.12s%-12.12s%-12.12s\n", fmt_buf1, fmt_buf2, fmt_buf3, fmt_buf4, fmt_buf5, fmt_buf6, fmt_buf7, fmt_buf8); else printf("%-5.5s %-5.5s %-7.7s%-7.7s%-12.12s%-12.12s%-12.12s%-12.12s\n", fmt_buf1, fmt_buf2, fmt_buf3, fmt_buf4, fmt_buf5, fmt_buf6, fmt_buf7, fmt_buf8); if (options & FT_OPT_NOBUF) fflush(stdout); } ftsym_free(sym_asn); return 0;} /* format10 *//* * 8.2 Protocol Port aggregation */int format11(struct ftio *ftio, int options){ struct ftsym *sym_tcp, *sym_prot; struct fts3rec_all cur; struct fts3rec_offsets fo; struct ftver ftv; char fmt_buf1[32], fmt_buf2[32], fmt_buf3[32], fmt_buf4[32]; char fmt_buf5[32], fmt_buf6[32], fmt_buf7[32]; char *rec; if (ftio_check_xfield(ftio, FT_XFIELD_DFLOWS | FT_XFIELD_DPKTS | FT_XFIELD_DOCTETS | FT_XFIELD_FIRST | FT_XFIELD_LAST | FT_XFIELD_SRCPORT | FT_XFIELD_DSTPORT | FT_XFIELD_PROT)) { fterr_warnx("Flow record missing required field for format."); return -1; } ftio_get_ver(ftio, &ftv); fts3rec_compute_offsets(&fo, &ftv); sym_tcp = sym_prot = (struct ftsym*)0L; if (options & FT_OPT_NAMES) { sym_tcp = ftsym_new(FT_PATH_SYM_TCP_PORT); sym_prot = ftsym_new(FT_PATH_SYM_IP_PROT); } if (options & FT_OPT_WIDE) puts("srcPort dstPort prot flows octets packets duration"); else puts("srcPort dstPort prot flows octets packets duration"); while ((rec = ftio_read(ftio))) { cur.dFlows = ((u_int32*)(rec+fo.dFlows)); cur.dOctets = ((u_int32*)(rec+fo.dOctets)); cur.dPkts = ((u_int32*)(rec+fo.dPkts)); cur.First = ((u_int32*)(rec+fo.First)); cur.Last = ((u_int32*)(rec+fo.Last)); cur.srcport = ((u_int16*)(rec+fo.srcport)); cur.dstport = ((u_int16*)(rec+fo.dstport)); cur.prot = ((u_int8*)(rec+fo.prot)); fmt_uint16s(sym_tcp, 16, fmt_buf1, (u_int16)*cur.srcport, FMT_PAD_RIGHT); fmt_uint16s(sym_tcp, 16, fmt_buf2, (u_int16)*cur.dstport, FMT_PAD_RIGHT); fmt_uint16s(sym_prot, 5, fmt_buf3, (u_int16)*cur.prot, FMT_PAD_RIGHT); fmt_uint32(fmt_buf4, *cur.dFlows, FMT_JUST_LEFT); fmt_uint32(fmt_buf5, *cur.dOctets, FMT_JUST_LEFT); fmt_uint32(fmt_buf6, *cur.dPkts, FMT_JUST_LEFT); fmt_uint32(fmt_buf7, *cur.Last - *cur.First, FMT_JUST_LEFT); if (options & FT_OPT_WIDE) printf("%-16.16s %-16.16s %-5.5s %-12.12s%-12.12s%-12.12s%-12.12s\n", fmt_buf1, fmt_buf2, fmt_buf3, fmt_buf4, fmt_buf5, fmt_buf6, fmt_buf7); else printf("%-7.7s %-7.7s %-5.5s %-12.12s%-12.12s%-12.12s%-12.12s\n", fmt_buf1, fmt_buf2, fmt_buf3, fmt_buf4, fmt_buf5, fmt_buf6, fmt_buf7); if (options & FT_OPT_NOBUF) fflush(stdout); } ftsym_free(sym_tcp); ftsym_free(sym_prot); return 0;} /* format11 *//* * 8.3 Source Prefix aggregation */int format12(struct ftio *ftio, int options){ struct ftsym *sym_asn; struct fts3rec_all cur; struct fts3rec_offsets fo; struct ftver ftv; char fmt_buf1[32], fmt_buf3[32], fmt_buf4[32], fmt_buf5[32]; char fmt_buf6[32], fmt_buf7[32], fmt_buf8[32]; char *rec; if (ftio_check_xfield(ftio, FT_XFIELD_DFLOWS | FT_XFIELD_DPKTS | FT_XFIELD_DOCTETS | FT_XFIELD_FIRST | FT_XFIELD_LAST | FT_XFIELD_INPUT | FT_XFIELD_SRCADDR | FT_XFIELD_SRC_MASK | FT_XFIELD_SRC_AS)) { fterr_warnx("Flow record missing required field for format."); return -1; } ftio_get_ver(ftio, &ftv); fts3rec_compute_offsets(&fo, &ftv); sym_asn = (struct ftsym*)0L; if (options & FT_OPT_NAMES) { sym_asn = ftsym_new(FT_PATH_SYM_ASN); } if (options & FT_OPT_WIDE) puts("srcPrefix srcAS input flows octets packets duration"); else puts("src/mask srcAS input flows octets packets duration"); while ((rec = ftio_read(ftio))) { cur.dFlows = ((u_int32*)(rec+fo.dFlows)); cur.dOctets = ((u_int32*)(rec+fo.dOctets));⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -