print-sflow.c

来自「TCPDUMP的C语言源代码,是在数据链路层的应用」· C语言 代码 · 共 578 行 · 第 1/2 页

/*
 * Copyright (c) 1998-2007 The TCPDUMP project
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that: (1) source code
 * distributions retain the above copyright notice and this paragraph
 * in its entirety, and (2) distributions including binary code include
 * the above copyright notice and this paragraph in its entirety in
 * the documentation or other materials provided with the distribution.
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND
 * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
 * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 * FOR A PARTICULAR PURPOSE.
 *
 * The SFLOW protocol as per http://www.sflow.org/developers/specifications.php
 *
 * Original code by Carles Kishimoto <carles.kishimoto@gmail.com>
 */

#ifndef lint
static const char rcsid[] _U_ =
"@(#) $Header: /tcpdump/master/tcpdump/print-sflow.c,v 1.1 2007-08-08 17:20:58 hannes Exp $";
#endif

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#include <tcpdump-stdinc.h>

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include "interface.h"
#include "extract.h"
#include "addrtoname.h"

/* 
 * sFlow datagram
 * 
 * 0                   1                   2                   3
 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 * |                     Sflow version (2,4,5)                     |
 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 * |               IP version (1 for IPv4 | 2 for IPv6)            |
 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 * |                     IP Address AGENT (4 or 16 bytes)          |
 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 * |                          Sub agent ID                         |
 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 * |                      Datagram sequence number                 |
 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 * |                      Switch uptime in ms                      |
 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 * |                    num samples in datagram                    |
 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 * 
 */

struct sflow_datagram_t {
    u_int8_t 	version[4];
    u_int8_t 	ip_version[4];
    u_int8_t 	agent[4];
    u_int8_t 	agent_id[4];
    u_int8_t 	seqnum[4];
    u_int8_t 	uptime[4];
    u_int8_t 	samples[4];
};

struct sflow_sample_header {
    u_int8_t	format[4];
    u_int8_t	len[4];
};

#define		SFLOW_FLOW_SAMPLE		1
#define		SFLOW_COUNTER_SAMPLE		2
#define		SFLOW_EXPANDED_FLOW_SAMPLE	3
#define		SFLOW_EXPANDED_COUNTER_SAMPLE	4

static const struct tok sflow_format_values[] = {
    { SFLOW_FLOW_SAMPLE, "flow sample" },
    { SFLOW_COUNTER_SAMPLE, "counter sample" },
    { SFLOW_EXPANDED_FLOW_SAMPLE, "expanded flow sample" },
    { SFLOW_EXPANDED_COUNTER_SAMPLE, "expanded counter sample" },
    { 0, NULL}
};

struct sflow_expanded_flow_sample_t {
    u_int8_t    seqnum[4];
    u_int8_t    type[4];
    u_int8_t    index[4];
    u_int8_t    rate[4];
    u_int8_t    pool[4];
    u_int8_t    drops[4];
    u_int8_t    in_interface_format[4];
    u_int8_t    in_interface_value[4];
    u_int8_t    out_interface_format[4];
    u_int8_t    out_interface_value[4];
    u_int8_t    records[4];
};

#define 	SFLOW_FLOW_RAW_PACKET			1
#define 	SFLOW_FLOW_ETHERNET_FRAME		2
#define 	SFLOW_FLOW_IPV4_DATA			3
#define 	SFLOW_FLOW_IPV6_DATA			4
#define 	SFLOW_FLOW_EXTENDED_SWITCH_DATA		1001
#define 	SFLOW_FLOW_EXTENDED_ROUTER_DATA		1002
#define 	SFLOW_FLOW_EXTENDED_GATEWAY_DATA 	1003
#define 	SFLOW_FLOW_EXTENDED_USER_DATA		1004
#define 	SFLOW_FLOW_EXTENDED_URL_DATA		1005
#define 	SFLOW_FLOW_EXTENDED_MPLS_DATA		1006
#define 	SFLOW_FLOW_EXTENDED_NAT_DATA		1007
#define 	SFLOW_FLOW_EXTENDED_MPLS_TUNNEL		1008
#define 	SFLOW_FLOW_EXTENDED_MPLS_VC		1009
#define 	SFLOW_FLOW_EXTENDED_MPLS_FEC		1010
#define 	SFLOW_FLOW_EXTENDED_MPLS_LVP_FEC	1011
#define 	SFLOW_FLOW_EXTENDED_VLAN_TUNNEL		1012

static const struct tok sflow_flow_type_values[] = {
    { SFLOW_FLOW_RAW_PACKET, "Raw packet"},
    { SFLOW_FLOW_ETHERNET_FRAME, "Ethernet frame"},
    { SFLOW_FLOW_IPV4_DATA, "IPv4 Data"},
    { SFLOW_FLOW_IPV6_DATA, "IPv6 Data"},
    { SFLOW_FLOW_EXTENDED_SWITCH_DATA, "Extended Switch data"},
    { SFLOW_FLOW_EXTENDED_ROUTER_DATA, "Extended Router data"},
    { SFLOW_FLOW_EXTENDED_GATEWAY_DATA, "Extended Gateway data"},
    { SFLOW_FLOW_EXTENDED_USER_DATA, "Extended User data"},
    { SFLOW_FLOW_EXTENDED_URL_DATA, "Extended URL data"},
    { SFLOW_FLOW_EXTENDED_MPLS_DATA, "Extended MPLS data"},
    { SFLOW_FLOW_EXTENDED_NAT_DATA, "Extended NAT data"},
    { SFLOW_FLOW_EXTENDED_MPLS_TUNNEL, "Extended MPLS tunnel"},
    { SFLOW_FLOW_EXTENDED_MPLS_VC, "Extended MPLS VC"},
    { SFLOW_FLOW_EXTENDED_MPLS_FEC, "Extended MPLS FEC"},
    { SFLOW_FLOW_EXTENDED_MPLS_LVP_FEC, "Extended MPLS LVP FEC"},
    { SFLOW_FLOW_EXTENDED_VLAN_TUNNEL, "Extended VLAN Tunnel"},
    { 0, NULL}
};

#define		SFLOW_HEADER_PROTOCOL_ETHERNET	1
#define		SFLOW_HEADER_PROTOCOL_IPV4	11
#define		SFLOW_HEADER_PROTOCOL_IPV6	12

static const struct tok sflow_flow_raw_protocol_values[] = {
    { SFLOW_HEADER_PROTOCOL_ETHERNET, "Ethernet"},
    { SFLOW_HEADER_PROTOCOL_IPV4, "IPv4"},
    { SFLOW_HEADER_PROTOCOL_IPV6, "IPv6"},
    { 0, NULL}
};
	
struct sflow_expanded_flow_raw_t {
    u_int8_t    protocol[4];
    u_int8_t    length[4];
    u_int8_t    stripped_bytes[4];
    u_int8_t    header_size[4];
};

struct sflow_expanded_counter_sample_t {
    u_int8_t    seqnum[4];
    u_int8_t    type[4];
    u_int8_t    index[4];
    u_int8_t    records[4];
};

#define         SFLOW_COUNTER_GENERIC           1
#define         SFLOW_COUNTER_ETHERNET          2
#define         SFLOW_COUNTER_TOKEN_RING        3
#define         SFLOW_COUNTER_BASEVG            4
#define         SFLOW_COUNTER_VLAN              5
#define         SFLOW_COUNTER_PROCESSOR         1001

static const struct tok sflow_counter_type_values[] = {
    { SFLOW_COUNTER_GENERIC, "Generic counter"},
    { SFLOW_COUNTER_ETHERNET, "Ethernet counter"},
    { SFLOW_COUNTER_TOKEN_RING, "Token ring counter"},
    { SFLOW_COUNTER_BASEVG, "100 BaseVG counter"},
    { SFLOW_COUNTER_VLAN, "Vlan counter"},
    { SFLOW_COUNTER_PROCESSOR, "Processor counter"},
    { 0, NULL}
};

#define		SFLOW_IFACE_DIRECTION_UNKNOWN		0
#define		SFLOW_IFACE_DIRECTION_FULLDUPLEX	1
#define		SFLOW_IFACE_DIRECTION_HALFDUPLEX	2
#define		SFLOW_IFACE_DIRECTION_IN		3
#define		SFLOW_IFACE_DIRECTION_OUT		4

static const struct tok sflow_iface_direction_values[] = {
    { SFLOW_IFACE_DIRECTION_UNKNOWN, "unknown"},
    { SFLOW_IFACE_DIRECTION_FULLDUPLEX, "full-duplex"},
    { SFLOW_IFACE_DIRECTION_HALFDUPLEX, "half-duplex"},
    { SFLOW_IFACE_DIRECTION_IN, "in"},
    { SFLOW_IFACE_DIRECTION_OUT, "out"},
    { 0, NULL}
};  

struct sflow_generic_counter_t {
    u_int8_t    ifindex[4];
    u_int8_t    iftype[4];
    u_int8_t    ifspeed[8];
    u_int8_t    ifdirection[4];	
    u_int8_t    ifstatus[4];
    u_int8_t    ifinoctets[8];	
    u_int8_t    ifinunicastpkts[4];	
    u_int8_t    ifinmulticastpkts[4];	
    u_int8_t    ifinbroadcastpkts[4];	
    u_int8_t    ifindiscards[4];	
    u_int8_t    ifinerrors[4];	
    u_int8_t    ifinunkownprotos[4];	
    u_int8_t    ifoutoctets[8];
    u_int8_t    ifoutunicastpkts[4];     
    u_int8_t    ifoutmulticastpkts[4];   
    u_int8_t    ifoutbroadcastpkts[4];         
    u_int8_t    ifoutdiscards[4];             
    u_int8_t    ifouterrors[4];        
    u_int8_t    ifpromiscmode[4];        
};

struct sflow_ethernet_counter_t {
    u_int8_t    alignerrors[4];
    u_int8_t    fcserrors[4];
    u_int8_t    single_collision_frames[4];
    u_int8_t    multiple_collision_frames[4];
    u_int8_t    test_errors[4];
    u_int8_t    deferred_transmissions[4];
    u_int8_t    late_collisions[4];
    u_int8_t    excessive_collisions[4];
    u_int8_t    mac_transmit_errors[4];
    u_int8_t    carrier_sense_errors[4];
    u_int8_t    frame_too_longs[4];
    u_int8_t    mac_receive_errors[4];
    u_int8_t    symbol_errors[4];
};

struct sflow_100basevg_counter_t {
    u_int8_t    in_highpriority_frames[4];
    u_int8_t    in_highpriority_octets[8];
    u_int8_t    in_normpriority_frames[4];
    u_int8_t    in_normpriority_octets[8];
    u_int8_t    in_ipmerrors[4]; 
    u_int8_t    in_oversized[4]; 
    u_int8_t    in_data_errors[4];
    u_int8_t    in_null_addressed_frames[4];
    u_int8_t    out_highpriority_frames[4];
    u_int8_t    out_highpriority_octets[8];
    u_int8_t    transitioninto_frames[4];
    u_int8_t    hc_in_highpriority_octets[8];
    u_int8_t    hc_in_normpriority_octets[8];
    u_int8_t    hc_out_highpriority_octets[8];
};

struct sflow_vlan_counter_t {
    u_int8_t    vlan_id[4];
    u_int8_t    octets[8];
    u_int8_t    unicast_pkt[4];
    u_int8_t    multicast_pkt[4];
    u_int8_t    broadcast_pkt[4];
    u_int8_t    discards[4];
};

void
sflow_print(const u_char *pptr, u_int len) {

    const struct sflow_datagram_t *sflow_datagram;
    const struct sflow_sample_header *sflow_sample;
    const struct sflow_expanded_flow_sample_t *sflow_expanded_flow_sample;
    const struct sflow_expanded_flow_raw_t *sflow_flow_raw;
    const struct sflow_expanded_counter_sample_t *sflow_expanded_counter_sample;
    const struct sflow_generic_counter_t *sflow_gen_counter;
    const struct sflow_ethernet_counter_t *sflow_eth_counter;
    const struct sflow_100basevg_counter_t *sflow_100basevg_counter;
    const struct sflow_vlan_counter_t *sflow_vlan_counter;
    const u_char *tptr;
    int tlen;
    u_int32_t sflow_sample_type, sflow_sample_len;
    int nsamples, nrecords, counter_len, counter_type, flow_len, flow_type;

    tptr=pptr;
    tlen = len;
    sflow_datagram = (const struct sflow_datagram_t *)pptr;
    TCHECK(*sflow_datagram);

    /*
     * Sanity checking of the header.
     */
    if (EXTRACT_32BITS(sflow_datagram->version) != 5) {
        printf("sFlow version %u packet not supported",
               EXTRACT_32BITS(sflow_datagram->version));