📄 flow-print.c
字号:
{ struct ftsym *sym_asn; struct fts3rec_all cur; struct fts3rec_offsets fo; struct ftver ftv; char fmt_buf1[64], fmt_buf2[64], fmt_buf3[32], fmt_buf4[32]; char fmt_buf5[32], fmt_buf6[32], fmt_buf7[32], fmt_buf8[32], fmt_buf9[32]; char *rec; if (ftio_check_xfield(ftio, FT_XFIELD_DFLOWS | FT_XFIELD_DPKTS | FT_XFIELD_DOCTETS | FT_XFIELD_FIRST | FT_XFIELD_LAST | FT_XFIELD_INPUT | FT_XFIELD_OUTPUT | FT_XFIELD_SRC_AS | FT_XFIELD_DST_AS | FT_XFIELD_TOS )) { fterr_warnx("Flow record missing required field for format."); return -1; } ftio_get_ver(ftio, &ftv); fts3rec_compute_offsets(&fo, &ftv); sym_asn = (struct ftsym*)0L; if (options & FT_OPT_NAMES) { sym_asn = ftsym_new(FT_PATH_SYM_ASN); } if (options & FT_OPT_WIDE) puts("ToS srcAS dstAS in out flows octets packets duration"); else puts("ToS srcAS dstAS in out flows octets packets duration"); while ((rec = ftio_read(ftio))) { cur.dFlows = ((u_int32*)(rec+fo.dFlows)); cur.dOctets = ((u_int32*)(rec+fo.dOctets)); cur.dPkts = ((u_int32*)(rec+fo.dPkts)); cur.First = ((u_int32*)(rec+fo.First)); cur.Last = ((u_int32*)(rec+fo.Last)); cur.input = ((u_int16*)(rec+fo.input)); cur.output = ((u_int16*)(rec+fo.output)); cur.src_as = ((u_int16*)(rec+fo.src_as)); cur.dst_as = ((u_int16*)(rec+fo.dst_as)); cur.tos = ((u_int8*)(rec+fo.tos)); fmt_uint8(fmt_buf1, *cur.tos, FMT_JUST_LEFT); fmt_uint16s(sym_asn, 18, fmt_buf2, (u_int16)*cur.src_as, FMT_JUST_LEFT); fmt_uint16s(sym_asn, 18, fmt_buf3, (u_int16)*cur.dst_as, FMT_JUST_LEFT); fmt_uint16(fmt_buf4, *cur.input, FMT_JUST_LEFT); fmt_uint16(fmt_buf5, *cur.output, FMT_JUST_LEFT); fmt_uint32(fmt_buf6, *cur.dFlows, FMT_JUST_LEFT); fmt_uint32(fmt_buf7, *cur.dOctets, FMT_JUST_LEFT); fmt_uint32(fmt_buf8, *cur.dPkts, FMT_JUST_LEFT); fmt_uint32(fmt_buf9, *cur.Last - *cur.First, FMT_JUST_LEFT); if (options & FT_OPT_WIDE) printf( "%-3.3s %-16.16s %-16.16s %-7.7s%-7.7s%-12.12s%-12.12s%-12.12s%-12.12s\n", fmt_buf1, fmt_buf2, fmt_buf3, fmt_buf4, fmt_buf5, fmt_buf6, fmt_buf7, fmt_buf8, fmt_buf9); else printf("%-3.3s %-5.5s %-5.5s %-7.7s%-7.7s%-12.12s%-12.12s%-12.12s%-12.12s\n", fmt_buf1, fmt_buf2, fmt_buf3, fmt_buf4, fmt_buf5, fmt_buf6, fmt_buf7, fmt_buf8, fmt_buf9); if (options & FT_OPT_NOBUF) fflush(stdout); } ftsym_free(sym_asn); return 0;} /* format18 *//* * 8.10 ToS Protocol Port aggregation */int format19(struct ftio *ftio, int options){ struct ftsym *sym_tcp, *sym_prot; struct fts3rec_all cur; struct fts3rec_offsets fo; struct ftver ftv; char fmt_buf1[32], fmt_buf2[32], fmt_buf3[32], fmt_buf4[32]; char fmt_buf5[32], fmt_buf6[32], fmt_buf7[32], fmt_buf8[32]; char *rec; if (ftio_check_xfield(ftio, FT_XFIELD_DFLOWS | FT_XFIELD_DPKTS | FT_XFIELD_DOCTETS | FT_XFIELD_FIRST | FT_XFIELD_LAST | FT_XFIELD_SRCPORT | FT_XFIELD_DSTPORT | FT_XFIELD_PROT | FT_XFIELD_TOS)) { fterr_warnx("Flow record missing required field for format."); return -1; } ftio_get_ver(ftio, &ftv); fts3rec_compute_offsets(&fo, &ftv); sym_tcp = sym_prot = (struct ftsym*)0L; if (options & FT_OPT_NAMES) { sym_tcp = ftsym_new(FT_PATH_SYM_TCP_PORT); sym_prot = ftsym_new(FT_PATH_SYM_IP_PROT); } if (options & FT_OPT_WIDE) puts("ToS srcPort dstPort prot flows octets packets duration"); else puts("ToS srcPort dstPort prot flows octets packets duration"); while ((rec = ftio_read(ftio))) { cur.dFlows = ((u_int32*)(rec+fo.dFlows)); cur.dOctets = ((u_int32*)(rec+fo.dOctets)); cur.dPkts = ((u_int32*)(rec+fo.dPkts)); cur.First = ((u_int32*)(rec+fo.First)); cur.Last = ((u_int32*)(rec+fo.Last)); cur.srcport = ((u_int16*)(rec+fo.srcport)); cur.dstport = ((u_int16*)(rec+fo.dstport)); cur.prot = ((u_int8*)(rec+fo.prot)); cur.tos = ((u_int8*)(rec+fo.prot)); fmt_uint8(fmt_buf1, *cur.tos, FMT_PAD_RIGHT); fmt_uint16s(sym_tcp, 16, fmt_buf2, (u_int16)*cur.srcport, FMT_PAD_RIGHT); fmt_uint16s(sym_tcp, 16, fmt_buf3, (u_int16)*cur.dstport, FMT_PAD_RIGHT); fmt_uint16s(sym_prot, 5, fmt_buf4, (u_int16)*cur.prot, FMT_PAD_RIGHT); fmt_uint32(fmt_buf5, *cur.dFlows, FMT_JUST_LEFT); fmt_uint32(fmt_buf6, *cur.dOctets, FMT_JUST_LEFT); fmt_uint32(fmt_buf7, *cur.dPkts, FMT_JUST_LEFT); fmt_uint32(fmt_buf8, *cur.Last - *cur.First, FMT_JUST_LEFT); if (options & FT_OPT_WIDE) printf("%-3.3s %-16.16s %-16.16s %-5.5s %-12.12s%-12.12s%-12.12s%-12.12s\n", fmt_buf1, fmt_buf2, fmt_buf3, fmt_buf4, fmt_buf5, fmt_buf6, fmt_buf7, fmt_buf8); else printf("%-3.3s %-7.7s %-7.7s %-5.5s %-12.12s%-12.12s%-12.12s%-12.12s\n", fmt_buf1, fmt_buf2, fmt_buf3, fmt_buf4, fmt_buf5, fmt_buf6, fmt_buf7, fmt_buf8); if (options & FT_OPT_NOBUF) fflush(stdout); } ftsym_free(sym_tcp); ftsym_free(sym_prot); return 0;} /* format19 *//* * 8.11 ToS Source Prefix aggregation */int format20(struct ftio *ftio, int options){ struct ftsym *sym_asn; struct fts3rec_all cur; struct fts3rec_offsets fo; struct ftver ftv; char fmt_buf1[32], fmt_buf2[32], fmt_buf3[32], fmt_buf4[32]; char fmt_buf5[32], fmt_buf6[32], fmt_buf7[32], fmt_buf8[32]; char *rec; if (ftio_check_xfield(ftio, FT_XFIELD_DFLOWS | FT_XFIELD_DPKTS | FT_XFIELD_DOCTETS | FT_XFIELD_FIRST | FT_XFIELD_LAST | FT_XFIELD_INPUT | FT_XFIELD_SRCADDR | FT_XFIELD_SRC_MASK | FT_XFIELD_SRC_AS | FT_XFIELD_TOS)) { fterr_warnx("Flow record missing required field for format."); return -1; } ftio_get_ver(ftio, &ftv); fts3rec_compute_offsets(&fo, &ftv); sym_asn = (struct ftsym*)0L; if (options & FT_OPT_NAMES) { sym_asn = ftsym_new(FT_PATH_SYM_ASN); } if (options & FT_OPT_WIDE) puts("ToS srcPrefix srcAS input flows octets packets duration"); else puts("ToS srcPrefix srcAS input flows octets packets duration"); while ((rec = ftio_read(ftio))) { cur.dFlows = ((u_int32*)(rec+fo.dFlows)); cur.dOctets = ((u_int32*)(rec+fo.dOctets)); cur.dPkts = ((u_int32*)(rec+fo.dPkts)); cur.First = ((u_int32*)(rec+fo.First)); cur.Last = ((u_int32*)(rec+fo.Last)); cur.srcaddr = ((u_int32*)(rec+fo.srcaddr)); cur.dstaddr = ((u_int32*)(rec+fo.dstaddr)); cur.input = ((u_int16*)(rec+fo.input)); cur.src_as = ((u_int16*)(rec+fo.src_as)); cur.src_mask = ((u_int8*)(rec+fo.src_mask)); cur.tos = ((u_int8*)(rec+fo.tos)); fmt_uint8(fmt_buf1, *cur.tos, FMT_JUST_LEFT); fmt_ipv4prefix(fmt_buf2, *cur.srcaddr, *cur.src_mask, FMT_JUST_LEFT); fmt_uint16s(sym_asn, 18, fmt_buf3, *cur.src_as, FMT_JUST_LEFT); fmt_uint16(fmt_buf4, *cur.input, FMT_JUST_LEFT); fmt_uint32(fmt_buf5, *cur.dFlows, FMT_JUST_LEFT); fmt_uint32(fmt_buf6, *cur.dOctets, FMT_JUST_LEFT); fmt_uint32(fmt_buf7, *cur.dPkts, FMT_JUST_LEFT); fmt_uint32(fmt_buf8, *cur.Last - *cur.First, FMT_JUST_LEFT); if (options & FT_OPT_WIDE) printf("%-3.3s %-18.18s %-16.16s %-7.7s%-12.12s%-12.12s%-12.12s%-12.12s\n", fmt_buf1, fmt_buf2, fmt_buf3, fmt_buf4, fmt_buf5, fmt_buf6, fmt_buf7, fmt_buf8); else printf("%-3.3s %-18.18s %-5.5s %-7.7s%-12.12s%-12.12s%-12.12s%-12.12s\n", fmt_buf1, fmt_buf2, fmt_buf3, fmt_buf4, fmt_buf5, fmt_buf6, fmt_buf7, fmt_buf8); if (options & FT_OPT_NOBUF) fflush(stdout); } /* while */ ftsym_free(sym_asn); return 0;} /* format20 *//* * 8.12 ToS Destination Prefix aggregation */int format21(struct ftio *ftio, int options){ struct ftsym *sym_asn; struct fts3rec_all cur; struct fts3rec_offsets fo; struct ftver ftv; char fmt_buf1[32], fmt_buf2[32], fmt_buf3[32], fmt_buf4[32]; char fmt_buf5[32], fmt_buf6[32], fmt_buf7[32], fmt_buf8[32]; char *rec; if (ftio_check_xfield(ftio, FT_XFIELD_DFLOWS | FT_XFIELD_DPKTS | FT_XFIELD_DOCTETS | FT_XFIELD_FIRST | FT_XFIELD_LAST | FT_XFIELD_OUTPUT | FT_XFIELD_DSTADDR | FT_XFIELD_DST_MASK | FT_XFIELD_DST_AS | FT_XFIELD_TOS)) { fterr_warnx("Flow record missing required field for format."); return -1; } sym_asn = (struct ftsym*)0L; ftio_get_ver(ftio, &ftv); fts3rec_compute_offsets(&fo, &ftv); if (options & FT_OPT_NAMES) { sym_asn = ftsym_new(FT_PATH_SYM_ASN); } if (options & FT_OPT_WIDE) puts("ToS dstPrefix dstAS input flows octets packets duration"); else puts("ToS dst/mask dstAS input flows octets packets duration"); while ((rec = ftio_read(ftio))) { cur.dFlows = ((u_int32*)(rec+fo.dFlows)); cur.dOctets = ((u_int32*)(rec+fo.dOctets)); cur.dPkts = ((u_int32*)(rec+fo.dPkts)); cur.First = ((u_int32*)(rec+fo.First)); cur.Last = ((u_int32*)(rec+fo.Last)); cur.dstaddr = ((u_int32*)(rec+fo.dstaddr)); cur.output = ((u_int16*)(rec+fo.output)); cur.dst_as = ((u_int16*)(rec+fo.dst_as)); cur.dst_mask = ((u_int8*)(rec+fo.dst_mask)); cur.tos = ((u_int8*)(rec+fo.tos)); fmt_uint8(fmt_buf1, *cur.tos, FMT_JUST_LEFT); fmt_ipv4prefix(fmt_buf2, *cur.dstaddr, *cur.dst_mask, FMT_JUST_LEFT); fmt_uint16s(sym_asn, 18, fmt_buf3, *cur.dst_as, FMT_JUST_LEFT); fmt_uint16(fmt_buf4, *cur.output, FMT_JUST_LEFT); fmt_uint32(fmt_buf5, *cur.dFlows, FMT_JUST_LEFT); fmt_uint32(fmt_buf6, *cur.dOctets, FMT_JUST_LEFT); fmt_uint32(fmt_buf7, *cur.dPkts, FMT_JUST_LEFT); fmt_uint32(fmt_buf8, *cur.Last - *cur.First, FMT_JUST_LEFT); if (options & FT_OPT_WIDE) printf("%-3.3s %-18.18s %-16.16s %-7.7s%-12.12s%-12.12s%-12.12s%-12.12s\n", fmt_buf1, fmt_buf2, fmt_buf3, fmt_buf4, fmt_buf5, fmt_buf6, fmt_buf7, fmt_buf8); else printf("%-3.3s %-18.18s %-5.5s %-7.7s%-12.12s%-12.12s%-12.12s%-12.12s\n", fmt_buf1, fmt_buf2, fmt_buf3, fmt_buf4, fmt_buf5, fmt_buf6, fmt_buf7, fmt_buf8); if (options & FT_OPT_NOBUF) fflush(stdout); } /* while */ ftsym_free(sym_asn); return 0;} /* format21 *//* * 8.13 ToS Prefix aggregation */int format22(struct ftio *ftio, int options){ struct ftsym *sym_asn; struct fts3rec_all cur; struct fts3rec_offsets fo; struct ftver ftv; char fmt_buf1[32], fmt_buf2[32], fmt_buf3[32], fmt_buf4[32]; char fmt_buf5[32], fmt_buf6[32], fmt_buf7[32], fmt_buf8[32]; char fmt_buf9[32], fmt_buf10[32], fmt_buf11[32]; char *rec; if (ftio_check_xfield(ftio, FT_XFIELD_DFLOWS | FT_XFIELD_DPKTS | FT_XFIELD_DOCTETS | FT_XFIELD_FIRST | FT_XFIELD_LAST | FT_XFIELD_INPUT | FT_XFIELD_OUTPUT | FT_XFIELD_SRCADDR | FT_XFIELD_DSTADDR | FT_XFIELD_SRC_MASK | FT_XFIELD_DST_MASK | FT_XFIELD_SRC_AS | FT_XFIELD_DST_AS | FT_XFIELD_TOS)) { fterr_warnx("Flow record missing required field for format."); return -1; } ftio_get_ver(ftio, &ftv); fts3rec_compute_offsets(&fo, &ftv); sym_asn = (struct ftsym*)0L; if (options & FT_OPT_NAMES) { sym_asn = ftsym_new(FT_PATH_SYM_ASN); } if (options & FT_OPT_WIDE) puts("ToS srcPrefix srcAS dstPrefix dstAS input output flows octets packets duration"); else puts("ToS srcPrefix srcAS dstPrefix dstAS input output flows octets packets duration"); while ((rec = ftio_read(ftio))) { cur.dFlows = ((u_int32*)(rec+fo.dFlows)); cur.dOctets = ((u_int32*)(rec+fo.dOctets)); cur.dPkts = ((u_int32*)(rec+fo.dPkts)); cur.First = ((u_int32*)(rec+fo.First)); cur.Last = ((u_int32*)(rec+fo.Last)); cur.srcaddr = ((u_int32*)(rec+fo.srcaddr)); cur.dstaddr = ((u_int32*)(rec+fo.dstaddr)); cur.input = ((u_int16*)(rec+fo.input)); cur.output = ((u_int16*)(rec+fo.output)); cur.src_as = ((u_int16*)(rec+fo.src_as)); cur.dst_as = ((u_int16*)(rec+fo.dst_as)); cur.src_mask = ((u_int8*)(rec+fo.src_mask)); cur.dst_mask = ((u_int8*)(rec+fo.dst_mask)); cur.tos = ((u_int8*)(rec+fo.tos)); fmt_uint8(fmt_buf1, *cur.tos, FMT_JUST_LEFT); fmt_ipv4prefix(fmt_buf2, *cur.srcaddr, *cur.src_mask, FMT_JUST_LEFT); fmt_ipv4prefix(fmt_buf3, *cur.dstaddr, *cur.dst_mask, FMT_JUST_LEFT); fmt_uint16s(sym_asn, 18, fmt_buf4, *cur.src_as, FMT_JUST_LEFT); fmt_uint16s(sym_asn, 18, fmt_buf5, *cur.dst_as, FMT_JUST_LEFT); fmt_uint16(fmt_buf6, *cur.input, FMT_JUST_LEFT); fmt_uint16(fmt_buf7, *cur.output, FMT_JUST_LEFT); fmt_uint32(fmt_buf8, *cur.dFlows, FMT_JUST_LEFT); fmt_uint32(fmt_buf9, *cur.dOctets, FMT_JUST_LEFT); fmt_uint32(fmt_buf10, *cur.dPkts, FMT_JUST_LEFT); fmt_uint32(fmt_buf11, *cur.Last - *cur.First, FMT_JUST_LEFT); if (options & FT_OPT_WIDE) printf("%-3.3s %-18.18s %-16.16s %-18.18s %-16.16s %-7.7s%-7.7s%-12.12s%-12.12s%-12.12s%-12.12s\n", fmt_buf1, fmt_buf2, fmt_buf3, fmt_buf4, fmt_buf5, fmt_buf6, fmt_buf7, fmt_buf8, fmt_buf9, fmt_buf10, fmt_buf11); else printf("%-3.3s %-18.18s %-5.5s %-18.18s %-5.5s %-7.7s%-7.7s%-12.12s%-12.12s%-12.12s%-12.12s\n", fmt_buf1, fmt_buf2, fmt_buf3, fmt_buf4, fmt_buf5, fmt_buf6, fmt_buf7, fmt_buf8, fmt_buf9, fmt_buf10, fmt_buf11); if (options & FT_OPT_NOBUF) fflush(stdout); } /* while */ ftsym_free(sym_asn); return 0;} /* format22 *//* * 8.14 ToS Port Prefix aggregation */int format23(struct ftio *ftio, int options){ struct ftsym *sym_tcp, *sym_prot; struct f⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -