print-sflow.c
来自「TCPDUMP的C语言源代码,是在数据链路层的应用」· C语言 代码 · 共 578 行 · 第 1/2 页
C
578 行
return; } if (vflag < 1) { printf("sFlowv%u, %s agent %s, agent-id %u, length %u", EXTRACT_32BITS(sflow_datagram->version), EXTRACT_32BITS(sflow_datagram->ip_version) == 1 ? "IPv4" : "IPv6", ipaddr_string(sflow_datagram->agent), EXTRACT_32BITS(sflow_datagram->samples), len); return; } /* ok they seem to want to know everything - lets fully decode it */ nsamples=EXTRACT_32BITS(sflow_datagram->samples); printf("sFlowv%u, %s agent %s, agent-id %u, seqnum %u, uptime %u, samples %u, length %u", EXTRACT_32BITS(sflow_datagram->version), EXTRACT_32BITS(sflow_datagram->ip_version) == 1 ? "IPv4" : "IPv6", ipaddr_string(sflow_datagram->agent), EXTRACT_32BITS(sflow_datagram->agent_id), EXTRACT_32BITS(sflow_datagram->seqnum), EXTRACT_32BITS(sflow_datagram->uptime), nsamples, len); /* skip Common header */ tptr+=sizeof(const struct sflow_datagram_t); tlen-=sizeof(const struct sflow_datagram_t); while (nsamples > 0 && tlen > 0) { sflow_sample = (const struct sflow_sample_header *)tptr; sflow_sample_type = (EXTRACT_32BITS(sflow_sample->format)&0x0FFF); sflow_sample_len = EXTRACT_32BITS(sflow_sample->len); tptr+=sizeof(struct sflow_sample_header); tlen-=sizeof(struct sflow_sample_header); printf("\n\t%s (%u), length %u,", tok2str(sflow_format_values, "Unknown", sflow_sample_type), sflow_sample_type, sflow_sample_len); /* basic sanity check */ if (sflow_sample_type == 0 || sflow_sample_len ==0) { return; } /* did we capture enough for fully decoding the sample ? */ if (!TTEST2(*tptr, sflow_sample_len)) goto trunc; switch(sflow_sample_type) { case SFLOW_FLOW_SAMPLE: /* XXX */ break; case SFLOW_COUNTER_SAMPLE: /* XXX */ break; case SFLOW_EXPANDED_FLOW_SAMPLE: sflow_expanded_flow_sample = (const struct sflow_expanded_flow_sample_t *)tptr; nrecords = EXTRACT_32BITS(sflow_expanded_flow_sample->records); printf(" seqnum %u, type %u, idx %u, rate %u, pool %u, drops %u, records %u", EXTRACT_32BITS(sflow_expanded_flow_sample->seqnum), EXTRACT_32BITS(sflow_expanded_flow_sample->type), EXTRACT_32BITS(sflow_expanded_flow_sample->index), EXTRACT_32BITS(sflow_expanded_flow_sample->rate), EXTRACT_32BITS(sflow_expanded_flow_sample->pool), EXTRACT_32BITS(sflow_expanded_flow_sample->drops), EXTRACT_32BITS(sflow_expanded_flow_sample->records)); tptr+= sizeof(struct sflow_expanded_flow_sample_t); tlen-= sizeof(struct sflow_expanded_flow_sample_t); while ( nrecords > 0 && tlen > 0) { /* decode Flow record - 2 bytes */ flow_type = EXTRACT_32BITS(tptr)&0x0FFF; flow_len = EXTRACT_32BITS(tptr+4); printf("\n\t %s (%u) length %u", tok2str(sflow_flow_type_values,"Unknown",flow_type), flow_type, flow_len); tptr += 8; tlen -= 8; /* did we capture enough for fully decoding the flow ? */ if (!TTEST2(*tptr, flow_len)) goto trunc; switch(flow_type) { case SFLOW_FLOW_RAW_PACKET: sflow_flow_raw = (const struct sflow_expanded_flow_raw_t *)tptr; printf("\n\t protocol %s (%u), length %u, stripped bytes %u, header_size %u", tok2str(sflow_flow_raw_protocol_values,"Unknown",EXTRACT_32BITS(sflow_flow_raw->protocol)), EXTRACT_32BITS(sflow_flow_raw->protocol), EXTRACT_32BITS(sflow_flow_raw->length), EXTRACT_32BITS(sflow_flow_raw->stripped_bytes), EXTRACT_32BITS(sflow_flow_raw->header_size)); break; /* * FIXME those are the defined flow types that lack a decoder */ case SFLOW_FLOW_ETHERNET_FRAME: case SFLOW_FLOW_IPV4_DATA: case SFLOW_FLOW_IPV6_DATA: case SFLOW_FLOW_EXTENDED_SWITCH_DATA: case SFLOW_FLOW_EXTENDED_ROUTER_DATA: case SFLOW_FLOW_EXTENDED_GATEWAY_DATA: case SFLOW_FLOW_EXTENDED_USER_DATA: case SFLOW_FLOW_EXTENDED_URL_DATA: case SFLOW_FLOW_EXTENDED_MPLS_DATA: case SFLOW_FLOW_EXTENDED_NAT_DATA: case SFLOW_FLOW_EXTENDED_MPLS_TUNNEL: case SFLOW_FLOW_EXTENDED_MPLS_VC: case SFLOW_FLOW_EXTENDED_MPLS_FEC: case SFLOW_FLOW_EXTENDED_MPLS_LVP_FEC: case SFLOW_FLOW_EXTENDED_VLAN_TUNNEL: break; default: if (vflag <= 1) print_unknown_data(tptr, "\n\t ", flow_len); break; } tptr += flow_len; tlen -= flow_len; nrecords--; } break; case SFLOW_EXPANDED_COUNTER_SAMPLE: sflow_expanded_counter_sample = (const struct sflow_expanded_counter_sample_t *)tptr; nrecords = EXTRACT_32BITS(sflow_expanded_counter_sample->records); printf(" seqnum %u, type %u, idx %u, records %u", EXTRACT_32BITS(sflow_expanded_counter_sample->seqnum), EXTRACT_32BITS(sflow_expanded_counter_sample->type), EXTRACT_32BITS(sflow_expanded_counter_sample->index), nrecords); tptr+= sizeof(struct sflow_expanded_counter_sample_t); tlen-= sizeof(struct sflow_expanded_counter_sample_t); while ( nrecords > 0 && tlen > 0) { /* decode counter record - 2 bytes */ counter_type = EXTRACT_32BITS(tptr)&0x0FFF; counter_len = EXTRACT_32BITS(tptr+4); printf("\n\t %s (%u) length %u", tok2str(sflow_counter_type_values,"Unknown",counter_type), counter_type, counter_len); tptr += 8; tlen -= 8; /* did we capture enough for fully decoding the counter ? */ if (!TTEST2(*tptr, counter_len)) goto trunc; switch(counter_type) { case SFLOW_COUNTER_GENERIC: sflow_gen_counter = (const struct sflow_generic_counter_t *)tptr; printf("\n\t ifindex %u, iftype %u, ifspeed %u, ifdirection %u (%s)", EXTRACT_32BITS(sflow_gen_counter->ifindex), EXTRACT_32BITS(sflow_gen_counter->iftype), EXTRACT_32BITS(sflow_gen_counter->ifspeed), EXTRACT_32BITS(sflow_gen_counter->ifdirection), tok2str(sflow_iface_direction_values, "Unknown", EXTRACT_32BITS(sflow_gen_counter->ifdirection))); printf("\n\t ifstatus %u, adminstatus: %s, operstatus: %s", EXTRACT_32BITS(sflow_gen_counter->ifstatus), EXTRACT_32BITS(sflow_gen_counter->ifstatus)&1 ? "up" : "down", (EXTRACT_32BITS(sflow_gen_counter->ifstatus)>>1)&1 ? "up" : "down"); printf("\n\t In octets %" PRIu64 ", unicast pkts %u, multicast pkts %u, broadcast pkts %u, discards %u", EXTRACT_64BITS(sflow_gen_counter->ifinoctets), EXTRACT_32BITS(sflow_gen_counter->ifinunicastpkts), EXTRACT_32BITS(sflow_gen_counter->ifinmulticastpkts), EXTRACT_32BITS(sflow_gen_counter->ifinbroadcastpkts), EXTRACT_32BITS(sflow_gen_counter->ifindiscards)); printf("\n\t In errors %u, unknown protos %u", EXTRACT_32BITS(sflow_gen_counter->ifinerrors), EXTRACT_32BITS(sflow_gen_counter->ifinunkownprotos)); printf("\n\t Out octets %" PRIu64 ", unicast pkts %u, multicast pkts %u, broadcast pkts %u, discards %u", EXTRACT_64BITS(sflow_gen_counter->ifoutoctets), EXTRACT_32BITS(sflow_gen_counter->ifoutunicastpkts), EXTRACT_32BITS(sflow_gen_counter->ifoutmulticastpkts), EXTRACT_32BITS(sflow_gen_counter->ifoutbroadcastpkts), EXTRACT_32BITS(sflow_gen_counter->ifoutdiscards)); printf("\n\t Out errors %u, promisc mode %u", EXTRACT_32BITS(sflow_gen_counter->ifouterrors), EXTRACT_32BITS(sflow_gen_counter->ifpromiscmode)); break; case SFLOW_COUNTER_ETHERNET: sflow_eth_counter = (const struct sflow_ethernet_counter_t *)tptr; printf("\n\t align errors %u, fcs errors %u, single collision %u, multiple collision %u, test error %u", EXTRACT_32BITS(sflow_eth_counter->alignerrors), EXTRACT_32BITS(sflow_eth_counter->fcserrors), EXTRACT_32BITS(sflow_eth_counter->single_collision_frames), EXTRACT_32BITS(sflow_eth_counter->multiple_collision_frames), EXTRACT_32BITS(sflow_eth_counter->test_errors)); printf("\n\t deferred %u, late collision %u, excessive collision %u, mac trans error %u", EXTRACT_32BITS(sflow_eth_counter->deferred_transmissions), EXTRACT_32BITS(sflow_eth_counter->late_collisions), EXTRACT_32BITS(sflow_eth_counter->excessive_collisions), EXTRACT_32BITS(sflow_eth_counter->mac_transmit_errors)); printf("\n\t carrier error %u, frames too long %u, mac receive errors %u, symbol errors %u", EXTRACT_32BITS(sflow_eth_counter->carrier_sense_errors), EXTRACT_32BITS(sflow_eth_counter->frame_too_longs), EXTRACT_32BITS(sflow_eth_counter->mac_receive_errors), EXTRACT_32BITS(sflow_eth_counter->symbol_errors)); break; case SFLOW_COUNTER_TOKEN_RING: /* XXX */ break; case SFLOW_COUNTER_BASEVG: sflow_100basevg_counter = (const struct sflow_100basevg_counter_t *)tptr; printf("\n\t in high prio frames %u, in high prio octets %" PRIu64, EXTRACT_32BITS(sflow_100basevg_counter->in_highpriority_frames), EXTRACT_64BITS(sflow_100basevg_counter->in_highpriority_octets)); printf("\n\t in norm prio frames %u, in norm prio octets %" PRIu64, EXTRACT_32BITS(sflow_100basevg_counter->in_normpriority_frames), EXTRACT_64BITS(sflow_100basevg_counter->in_normpriority_octets)); printf("\n\t in ipm errors %u, oversized %u, in data errors %u, null addressed frames %u", EXTRACT_32BITS(sflow_100basevg_counter->in_ipmerrors), EXTRACT_32BITS(sflow_100basevg_counter->in_oversized), EXTRACT_32BITS(sflow_100basevg_counter->in_data_errors), EXTRACT_32BITS(sflow_100basevg_counter->in_null_addressed_frames)); printf("\n\t out high prio frames %u, out high prio octets %" PRIu64 ", trans into frames %u", EXTRACT_32BITS(sflow_100basevg_counter->out_highpriority_frames), EXTRACT_64BITS(sflow_100basevg_counter->out_highpriority_octets), EXTRACT_32BITS(sflow_100basevg_counter->transitioninto_frames)); printf("\n\t in hc high prio octets %" PRIu64 ", in hc norm prio octets %" PRIu64 ", out hc high prio octets %" PRIu64, EXTRACT_64BITS(sflow_100basevg_counter->hc_in_highpriority_octets), EXTRACT_64BITS(sflow_100basevg_counter->hc_in_normpriority_octets), EXTRACT_64BITS(sflow_100basevg_counter->hc_out_highpriority_octets)); break; case SFLOW_COUNTER_VLAN: sflow_vlan_counter = (const struct sflow_vlan_counter_t *)tptr; printf("\n\t vlan_id %u, octets %" PRIu64 ", unicast_pkt %u, multicast_pkt %u, broadcast_pkt %u, discards %u", EXTRACT_32BITS(sflow_vlan_counter->vlan_id), EXTRACT_64BITS(sflow_vlan_counter->octets), EXTRACT_32BITS(sflow_vlan_counter->unicast_pkt), EXTRACT_32BITS(sflow_vlan_counter->multicast_pkt), EXTRACT_32BITS(sflow_vlan_counter->broadcast_pkt), EXTRACT_32BITS(sflow_vlan_counter->discards)); break; case SFLOW_COUNTER_PROCESSOR: /* XXX */ break; default: if (vflag <= 1) print_unknown_data(tptr, "\n\t\t", counter_len); break; } tptr += counter_len; tlen -= counter_len; nrecords--; } break; default: if (vflag <= 1) print_unknown_data(tptr, "\n\t ", sflow_sample_len); break; } tptr += sflow_sample_len; tlen -= sflow_sample_len; nsamples--; } return; trunc: printf("[|SFLOW]");}/* * Local Variables: * c-style: whitesmith * c-basic-offset: 4 * End: */⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?