int process_file(char *filename, lnf_filter_t *filterp) {
lnf_file_t *filep;
lnf_rec_t *recp;
// lnf_brec1_t brec;
int i = 0;
int tid;
int match;
tid = (int)pthread_self();
if (lnf_open(&filep, filename, LNF_READ, NULL) != LNF_OK) {
fprintf(stderr, "[#%x] Can not open file %s\n", tid, filename);
return 0;
}
lnf_rec_init(&recp);
while (lnf_read(filep, recp) != LNF_EOF) {
i++;
match = 1;
if ( filterp != NULL ) {
match = lnf_filter_match(filterp, recp);
}
/* add to memory heap */
if ( match ) {
if (memp != NULL) {
lnf_mem_write(memp, recp);
} else {
print_row(recp);
outputflows++;
}
}
}
lnf_close(filep);
// printf("[#%x] Total input records in file %s : %d\n", tid, filename, i);
return i;
}
int main(int argc, char **argv) {
lnf_file_t *filep;
lnf_rec_t *recp;
lnf_mem_t *memp;
lnf_mem_cursor_t *cursor;
lnf_brec1_t brec;
int i = 0;
int print = 1;
int printa = 1;
char *filename = FILENAME;
char c;
while ((c = getopt (argc, argv, "pPAf:")) != -1) {
switch (c) {
case 'p':
print = 0;
break;
case 'P':
print = 0;
break;
case 'f':
filename = optarg;
break;
case 'A':
printa = 0;
break;
case '?':
printf("Usage: %s [ -P ] [ -A ] [ -f <input file name> ] \n", argv[0]);
printf(" -P : do not print input records to stdout\n");
printf(" -A : do not aggregated records to stdout\n");
exit(1);
}
}
if (lnf_open(&filep, filename, LNF_READ, NULL) != LNF_OK) {
fprintf(stderr, "Can not open file %s\n", filename);
exit(1);
}
lnf_rec_init(&recp);
lnf_mem_init(&memp);
/* set rules for aggregation srcip/24,srcport,dstas */
lnf_mem_fadd(memp, LNF_FLD_SRCADDR, LNF_AGGR_KEY|LNF_SORT_DESC, 24, 64);
lnf_mem_fadd(memp, LNF_FLD_SRCPORT, LNF_AGGR_KEY, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_DSTAS, LNF_AGGR_KEY, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_FIRST, LNF_AGGR_MIN, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_LAST, LNF_AGGR_MAX, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_TCP_FLAGS, LNF_AGGR_OR, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_DOCTETS, LNF_AGGR_SUM, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_DPKTS, LNF_AGGR_SUM, 0, 0);
while (lnf_read(filep, recp) != LNF_EOF) {
i++;
/* add to memory heap */
lnf_mem_write(memp,recp);
if (print) {
char sbuf[INET6_ADDRSTRLEN];
char dbuf[INET6_ADDRSTRLEN];
lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
inet_ntop(AF_INET6, &brec.srcaddr, sbuf, INET6_ADDRSTRLEN);
inet_ntop(AF_INET6, &brec.dstaddr, dbuf, INET6_ADDRSTRLEN);
printf(" %s :%d -> %s :%d %llu %llu %llu\n",
sbuf, brec.srcport,
dbuf, brec.dstport,
(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
}
}
printf("Total input records: %d\n", i);
i = 0;
printf("First read\n");
lnf_mem_first_c(memp, &cursor);
while (cursor != NULL) {
i++;
lnf_mem_read_c(memp, cursor, recp);
if (printa) {
char sbuf[INET6_ADDRSTRLEN];
char dbuf[INET6_ADDRSTRLEN];
lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
inet_ntop(AF_INET6, &brec.srcaddr, sbuf, INET6_ADDRSTRLEN);
inet_ntop(AF_INET6, &brec.dstaddr, dbuf, INET6_ADDRSTRLEN);
printf(" %s :%d -> %s :%d %llu %llu %llu\n",
sbuf, brec.srcport,
dbuf, brec.dstport,
(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
}
lnf_mem_next_c(memp, &cursor);
}
printf("Second read\n");
lnf_mem_first_c(memp, &cursor);
while (cursor != NULL) {
i++;
lnf_mem_read_c(memp, cursor, recp);
if (printa) {
char sbuf[INET6_ADDRSTRLEN];
char dbuf[INET6_ADDRSTRLEN];
lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
inet_ntop(AF_INET6, &brec.srcaddr, sbuf, INET6_ADDRSTRLEN);
inet_ntop(AF_INET6, &brec.dstaddr, dbuf, INET6_ADDRSTRLEN);
printf(" %s :%d -> %s :%d %llu %llu %llu\n",
sbuf, brec.srcport,
dbuf, brec.dstport,
(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
}
lnf_mem_next_c(memp, &cursor);
}
printf("Total aggregated records: %d\n", i);
lnf_mem_free(memp);
lnf_rec_free(recp);
lnf_close(filep);
return 0;
}
int main(int argc, char **argv) {
lnf_file_t *filep;
lnf_rec_t *recp, *recp2;
lnf_mem_t *memp;
lnf_mem_cursor_t *cursor, *cursor2;
lnf_brec1_t brec;
uint16_t port;
int i = 0;
int print = 1;
int printa = 1;
int len;
char *filename = FILENAME;
char c;
char buff[1024];
while ((c = getopt (argc, argv, "pPAf:")) != -1) {
switch (c) {
case 'p':
print = 0;
break;
case 'P':
print = 0;
break;
case 'f':
filename = optarg;
break;
case 'A':
printa = 0;
break;
case '?':
printf("Usage: %s [ -P ] [ -A ] [ -f <input file name> ] \n", argv[0]);
printf(" -P : do not print input records to stdout\n");
printf(" -A : do not aggregated records to stdout\n");
exit(1);
}
}
if (lnf_open(&filep, filename, LNF_READ, NULL) != LNF_OK) {
fprintf(stderr, "Can not open file %s\n", filename);
exit(1);
}
lnf_rec_init(&recp);
lnf_mem_init(&memp);
/* set rules for aggregation srcip/24,srcport,dstas */
lnf_mem_fadd(memp, LNF_FLD_SRCPORT, LNF_AGGR_KEY, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_FIRST, LNF_AGGR_MIN, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_DOCTETS, LNF_AGGR_SUM|LNF_SORT_DESC, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_DPKTS, LNF_AGGR_SUM, 0, 0);
while (lnf_read(filep, recp) != LNF_EOF) {
i++;
/* add to memory heap */
lnf_mem_write(memp,recp);
}
printf("Total input records: %d\n", i);
i = 0;
while (lnf_mem_read(memp, recp) != LNF_EOF) {
i++;
if (printa) {
lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
printf(" %d - %llu %llu %llu\n",
brec.srcport,
(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
}
}
printf("Total aggregated records: %d\n", i);
printf("Lookup for src port 1123\n");
lnf_rec_init(&recp2);
/* set key field in record */
port = 1123;
lnf_rec_fset(recp2, LNF_FLD_SRCPORT, &port);
if (lnf_mem_lookup_c(memp, recp2, &cursor) == LNF_OK) {
lnf_mem_read_c(memp, cursor, recp);
lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
printf(" %d - %llu %llu %llu\n",
brec.srcport,
(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
} else {
printf("Record not found\n");
}
/* additional testion of lnf_mem_lookup_raw_c */
/* it's just testing - doesn't make any sense */
if (cursor != NULL && lnf_mem_read_raw_c(memp, cursor, buff, &len, sizeof(buff)) == LNF_OK) {
if (lnf_mem_lookup_raw_c(memp, buff, len, &cursor2) == LNF_OK) {
if (cursor == cursor2) {
printf("Read through lnf_lookup_raw_c is ok \n");
}
}
}
lnf_mem_free(memp);
lnf_rec_free(recp);
lnf_close(filep);
return 0;
}
void store_record(struct metadata* mdata, struct lnfstore_conf *conf)
{
static uint8_t buffer[(uint16_t)-1];
static lnf_rec_t *recp = NULL;
static lnf_file_t *lfp = NULL;
stack_t *smap = conf->pst;
if( conf->profiles && !mdata->channels ){
//Record wont be stored, it does not belong to any channel and profiling is activated
return;
}
if(recp == NULL) {
lnf_rec_init(&recp);
} else {
lnf_rec_clear(recp);
}
uint16_t offset, length;
offset = 0;
struct ipfix_template *templ = mdata->record.templ;
uint8_t *data_record = (uint8_t*) mdata->record.record;
/* get all fields */
for (uint16_t count = 0, index = 0; count < templ->field_count; ++count, ++index) {
struct ipfix_lnf_map *item, key;
/* Get Enterprise number and ID */
key.ie = templ->fields[index].ie.id;
length = templ->fields[index].ie.length;
key.en = 0;
if (key.ie & 0x8000) {
key.ie &= 0x7fff;
key.en = templ->fields[++index].enterprise_number;
}
item = bsearch(&key, tr_table, MAX_TABLE , sizeof(struct ipfix_lnf_map), ipfix_lnf_map_compare);
int problem = 1;
if(item != NULL){
problem = item->func(data_record, &offset, &length, buffer, item);
lnf_rec_fset(recp, item->lnf_id, buffer);
}
if(problem){
length = real_length(data_record, &offset, length);
}
offset += length;
} //end of element processing
//!< Decide whether close close files and create new time window
time_t now = time(NULL);
if(difftime(now, conf->t_vars->window_start) > conf->time_window){
mktime_window(now, conf);
if( conf->profiles ){
prec_t* item = NULL;
//Close all old files
for(unsigned x = 0; x < smap->top; x += al4B(sizeof(prec_t))){
item = (prec_t*)smap->data + x;
if(item->lfp == NULL)
continue;
lnf_close(item->lfp);
item->lfp = NULL;
}
} else {
lnf_close(lfp);
lfp = NULL;
}
}
if( conf->profiles ){
//On stack allocation of bit array
int ba_size = smap->top/(8*sizeof(int))+1;
int ba[ba_size];
memset(&ba[0], 0, ba_size*sizeof(int));
int status = 0;
prec_t *item = NULL;
for( int i = 0; mdata->channels[i] != 0; i++ ){
void* rec_prof = channel_get_profile(mdata->channels[i]);
item = bsearch(&rec_prof, smap->data, smap->top/al4B(sizeof(prec_t)),
al4B(sizeof(prec_t)), prec_compare);
if( item == NULL ){
//Profile is not in configuration
prec_t entry;
entry.address = rec_prof;
entry.lfp = NULL;
const char* prpath = profile_get_path(rec_prof);
char* path = mkpath_string(conf, prpath);
mkdir_hierarchy(path);
status = lnf_open(&entry.lfp, path, LNF_WRITE | (conf->compress? LNF_COMP : 0), (char*)conf->ident);
stack_push(smap, &entry, sizeof(prec_t));
//Add resilience
qsort(smap->data, smap->top/al4B(sizeof(prec_t)),
al4B(sizeof(prec_t)), prec_compare);
free(path);
} else if( item->lfp == NULL ){
//Profile file is closed
const char* prpath = profile_get_path(rec_prof);
char* path = mkpath_string(conf, prpath);
mkdir_hierarchy(path);
status = lnf_open(&item->lfp, path, LNF_WRITE | (conf->compress? LNF_COMP : 0), (char*)conf->ident);
//Get prof name and open aprop file
free(path);
}
}
void* profile = NULL;
int i = 0;
for(profile = channel_get_profile(mdata->channels[i=0]);
mdata->channels[i] != 0;
profile = channel_get_profile(mdata->channels[i++]) ){
item = bsearch(&profile, smap->data, smap->top/al4B(sizeof(prec_t)),
al4B(sizeof(prec_t)), prec_compare);
int index = (((base_t*)item) - smap->data)/al4B(sizeof(prec_t));
if( !GETb(ba, index) ){ //And profile is not shadow
status = lnf_write(item->lfp, recp);
SETb(ba, index, 1);
}
}
} else {
if( lfp == NULL ){
int status;
char* path = mkpath_string(conf, NULL);
status = mkdir_hierarchy(path);
status |= lnf_open(&lfp, path, LNF_WRITE | (conf->compress ? LNF_COMP : 0), (char*)conf->ident);
if(status != LNF_OK) {
MSG_ERROR(msg_module, "Failed to open file! ...at path: %s \n", path);
}
free(path);
}
lnf_write(lfp, recp);
}
return;
}
error_code_t print_mem(lnf_mem_t *mem, size_t limit)
{
lnf_rec_t *rec; //record = line
size_t rec_cntr = 0; //aka lines counter
lnf_mem_cursor_t *cursor; //current record (line) cursor
size_t fld_max_size = 0; //maximum data size length in bytes
size_t data_max_strlen[LNF_FLD_TERM_] = {0}; //maximum data string len
if (output_params.print_records != OUTPUT_ITEM_YES) {
return E_OK;
}
first_item = first_item ? false : (putchar('\n'), false);
secondary_errno = lnf_rec_init(&rec);
if (secondary_errno != LNF_OK) {
print_err(E_LNF, secondary_errno, "lnf_rec_init()");
return E_LNF;
}
/*
* Find out maximum data type size of present fields, length of headers
* and last present field ID.
*/
for (size_t i = 0; i < fields_cnt; ++i) {
size_t header_str_len = strlen(field_get_name(fields[i].id));
MAX_ASSIGN(fld_max_size, fields[i].size);
MAX_ASSIGN(data_max_strlen[fields[i].id], header_str_len);
}
/* Find out max data length, converted to string. */
lnf_mem_first_c(mem, &cursor);
while (cursor != NULL) { //row loop
char buff[fld_max_size];
lnf_mem_read_c(mem, cursor, rec);
for (size_t i = 0; i < fields_cnt; ++i) { //column loop
size_t data_str_len;
//XXX: lnf_rec_fget() may return LNF_ERR_UNKFLD even if
//field is present (e.g. if duration is zero).
lnf_rec_fget(rec, fields[i].id, buff);
data_str_len = strlen(field_to_str(fields[i].id, buff));
MAX_ASSIGN(data_max_strlen[fields[i].id], data_str_len);
}
if (++rec_cntr == limit) {
break;
}
lnf_mem_next_c(mem, &cursor);
}
rec_cntr = 0;
/* Actual printing: header. */
for (size_t i = 0; i < fields_cnt; ++i) { //column loop
print_field(field_get_name(fields[i].id),
data_max_strlen[fields[i].id],
PRETTY_PRINT_COL_WIDTH, i == (fields_cnt - 1));
}
/* Actual printing: field data converted to string. */
lnf_mem_first_c(mem, &cursor);
while (cursor != NULL) { //row loop
char buff[fld_max_size];
lnf_mem_read_c(mem, cursor, rec);
for (size_t i = 0; i < fields_cnt; ++i) { //column loop
//XXX: see above lnf_rec_fget()
lnf_rec_fget(rec, fields[i].id, buff);
print_field(field_to_str(fields[i].id, buff),
data_max_strlen[fields[i].id],
PRETTY_PRINT_COL_WIDTH,
i == (fields_cnt - 1));
}
if (++rec_cntr == limit) {
break;
}
lnf_mem_next_c(mem, &cursor);
}
lnf_rec_free(rec);
return E_OK;
}
int main(int argc, char **argv) {
lnf_file_t *filep;
lnf_rec_t *recp;
lnf_mem_t *memp1;
lnf_mem_t *memp2;
lnf_mem_cursor_t *cursor;
lnf_brec1_t brec;
int i = 0;
int print = 1;
int printa = 1;
char *filename = FILENAME;
int c;
char buff[LNF_MAX_RAW_LEN];
int datasize;
while ((c = getopt (argc, argv, "pPAf:")) != -1) {
switch (c) {
case 'p':
print = 0;
break;
case 'P':
print = 0;
break;
case 'f':
filename = optarg;
break;
case 'A':
printa = 0;
break;
case '?':
printf("Usage: %s [ -P ] [ -A ] [ -f <input file name> ] \n", argv[0]);
printf(" -P : do not print input records to stdout\n");
printf(" -A : do not aggregated records to stdout\n");
exit(1);
}
}
if (lnf_open(&filep, filename, LNF_READ, NULL) != LNF_OK) {
fprintf(stderr, "Can not open file %s\n", filename);
exit(1);
}
lnf_rec_init(&recp);
lnf_mem_init(&memp1);
lnf_mem_init(&memp2);
lnf_mem_fastaggr(memp1, LNF_FAST_AGGR_BASIC);
lnf_mem_fastaggr(memp2, LNF_FAST_AGGR_BASIC);
/* set rules for aggregation srcip/24,srcport,dstas */
lnf_mem_fadd(memp1, LNF_FLD_SRCADDR, LNF_AGGR_KEY|LNF_SORT_DESC, 24, 64);
lnf_mem_fadd(memp2, LNF_FLD_SRCADDR, LNF_AGGR_KEY|LNF_SORT_DESC, 24, 64);
while (lnf_read(filep, recp) != LNF_EOF) {
i++;
/* add to memory heap */
lnf_mem_write(memp1, recp);
if (print) {
char sbuf[INET6_ADDRSTRLEN];
char dbuf[INET6_ADDRSTRLEN];
lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
inet_ntop(AF_INET6, &brec.srcaddr, sbuf, INET6_ADDRSTRLEN);
inet_ntop(AF_INET6, &brec.dstaddr, dbuf, INET6_ADDRSTRLEN);
printf(" %s :%d -> %s :%d %llu %llu %llu\n",
sbuf, brec.srcport,
dbuf, brec.dstport,
(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
}
}
printf("Total input records: %d\n", i);
/* transfer data from memp1 to memp2 */
lnf_mem_first_c(memp1, &cursor);
while (cursor != NULL) {
lnf_mem_read_raw_c(memp1, cursor, buff, &datasize, LNF_MAX_RAW_LEN);
lnf_mem_write_raw(memp2, buff, datasize);
lnf_mem_next_c(memp1, &cursor);
}
/* all data are now in memp2) */
i = 0;
lnf_mem_first_c(memp2, &cursor);
while (cursor != NULL) {
i++;
lnf_mem_read_c(memp2, cursor, recp);
if (printa) {
char sbuf[INET6_ADDRSTRLEN];
char dbuf[INET6_ADDRSTRLEN];
lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
inet_ntop(AF_INET6, &brec.srcaddr, sbuf, INET6_ADDRSTRLEN);
inet_ntop(AF_INET6, &brec.dstaddr, dbuf, INET6_ADDRSTRLEN);
printf(" %s :%d -> %s :%d %llu %llu %llu\n",
sbuf, brec.srcport,
dbuf, brec.dstport,
(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
}
lnf_mem_next_c(memp2, &cursor);
}
printf("Total aggregated records: %d\n", i);
lnf_mem_free(memp1);
lnf_mem_free(memp2);
lnf_rec_free(recp);
lnf_close(filep);
return 0;
}
int main(int argc, char **argv) {
lnf_rec_t *recp;
pthread_t th[MAX_THREADS];
int i = 0;
int numthreads = 1;
int sortfield = 0;
int sortbits4 = 0;
int sortbits6 = 0;
char c;
// lnf_filter_t *filterp;
flist_init(&flist);
numthreads = get_cpu_cores() * NUM_THREADS_FACTOR;
/* initalise one instance of memory heap (share by all threads) */
memp = NULL;
filterp = NULL;
progressp = NULL;
recp = NULL;
filter[0] = '\0';
/* fields in all outpusts */
fields_add(LNF_FLD_FIRST);
fields_add(LNF_FLD_CALC_DURATION);
while ((c = getopt_long(argc, argv, "A:O:r:R:T:W;", longopts, NULL)) != -1) {
switch (c) {
case 1:
case 'T': /* T option will be removed in future */
numthreads = atoi(optarg);
if (numthreads > MAX_THREADS) {
fprintf(stderr, "Maximim allowed threads is %d\n", MAX_THREADS);
exit(1);
// numthreads = MAX_THREADS - 1;
}
break;
case 2:
if (strcmp(optarg, "nfdump") == 0) {
filter_type = NFDUMPP_FILTER_NFDUMP;
} else if (strcmp(optarg, "libnf") == 0) {
filter_type = NFDUMPP_FILTER_LIBNF;
} else {
fprintf(stderr, "Invalid filter type \"%s\". Allowed options nfdump or libnf. \n", optarg);
exit(1);
}
break;
case 'r':
case 'R':
flist_lookup_dir(&flist, optarg);
break;
case 'A':
if (memp == NULL) {
lnf_mem_init(&memp);
}
parse_aggreg(memp, optarg);
break;
case 'O':
sortfield = lnf_fld_parse(optarg, &sortbits4, &sortbits6);
if (sortfield == 0) {
fprintf(stderr, "Unknow or unsupported sort field: %s\n", optarg);
exit(1);
}
break;
case '?':
printf("Usage: %s [ -A ] [ -R -r ] [ <filter> ] \n", argv[0]);
printf(" -r : \n");
printf(" -R : Input file or directory (multiple -r -R options is allowed)\n");
printf(" -A : aggregation\n");
printf(" -O : sort order\n");
printf(" --num-threads = <num> : num threads (default: %.0f%% number of CPU cores, %d on this system)\n",
NUM_THREADS_FACTOR * 100, numthreads);
printf(" --filter-type = nfdump|libnf : use original nfdump filter or new libnf implementation \n");
printf("\n");
exit(1);
}
}
/* set filter */
if (optind < argc ) {
for ( ; optind < argc; optind++) {
if (strlen(filter) + strlen(argv[optind]) > MAX_FILTER_LEN) {
fprintf(stderr, "Not enough space for filter in buffer\n");
exit(1);
}
strcat(filter, argv[optind]);
strcat(filter, " ");
printf("filter: %s \n", filter);
}
filterp = NULL;
switch (filter_type) {
case NFDUMPP_FILTER_DEFAULT:
lnf_filter_init(&filterp, filter);
break;
case NFDUMPP_FILTER_NFDUMP:
lnf_filter_init_v1(&filterp, filter);
break;
case NFDUMPP_FILTER_LIBNF:
lnf_filter_init_v2(&filterp, filter);
break;
default:
fprintf(stderr, "This should never hapen line: %d\n", __LINE__);
exit(1);
break;
}
if (filterp == NULL) {
fprintf(stderr, "Can not compile filter: %s\n", filter);
exit(1);
}
// lnf_filter_free(filterp);
}
/* init progress bar */
if (progress_init(&progressp, 0, NULL) != NULL) {
progress_steps(progressp, flist_count(&flist));
}
/* aggregated or not aggregated records */
if (memp == NULL) {
/* not aggregated, but sorted */
if (sortfield > 0) {
lnf_mem_init(&memp);
/* switch memp into list mode */
lnf_mem_setopt(memp, LNF_OPT_LISTMODE, NULL, 0);
lnf_mem_fastaggr(memp, LNF_FAST_AGGR_BASIC);
lnf_mem_fadd(memp, LNF_FLD_PROT, LNF_AGGR_KEY, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_SRCADDR, LNF_AGGR_KEY, 24, 128);
lnf_mem_fadd(memp, LNF_FLD_SRCPORT, LNF_AGGR_KEY, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_DSTADDR, LNF_AGGR_KEY, 24, 128);
lnf_mem_fadd(memp, LNF_FLD_DSTPORT, LNF_AGGR_KEY, 0, 0);
}
fields_add(LNF_FLD_PROT);
fields_add(LNF_FLD_SRCADDR);
fields_add(LNF_FLD_SRCPORT);
fields_add(LNF_FLD_DSTADDR);
fields_add(LNF_FLD_DSTPORT);
}
/* default fields on the ond of the list */
fields_add(LNF_FLD_DPKTS);
fields_add(LNF_FLD_DOCTETS);
fields_add(LNF_FLD_CALC_BPS);
fields_add(LNF_FLD_CALC_BPP);
fields_add(LNF_FLD_AGGR_FLOWS);
/* set sort firld */
if (sortfield > 0) {
int defaultaggr = 0;
int defaultsort = 0;
lnf_fld_info(sortfield, LNF_FLD_INFO_AGGR, &defaultaggr, sizeof(int));
lnf_fld_info(sortfield, LNF_FLD_INFO_SORT, &defaultsort, sizeof(int));
lnf_mem_fadd(memp, sortfield, defaultaggr|defaultsort, sortbits4, sortbits6);
}
print_header();
/* prepare and run threads */
pthread_mutex_init(&mutex, NULL);
for ( i = 0 ; i < numthreads ; i++ ) {
if ( pthread_create(&th[i], NULL, process_thread, NULL) < 0) {
fprintf(stderr, "Can not create thread for %d\n", i);
break;
}
}
/* wait for threads */
for ( i = 0; i < numthreads; i++ ) {
if( pthread_join(th[i], NULL) ) {
fprintf(stderr, "Error joining thread\n");
break;
}
}
/* print the records out */
if (memp != NULL) {
i = 0;
lnf_rec_init(&recp);
while (lnf_mem_read(memp, recp) != LNF_EOF) {
i++;
print_row(recp);
outputflows++;
}
}
/* header */
printf("Total input flows %d, output flows: %lu\n", totalrows, outputflows);
lnf_mem_free(memp);
lnf_rec_free(recp);
if (filterp != NULL) {
lnf_filter_free(filterp);
}
}
int main(int argc, char **argv) {
lnf_file_t *filep;
lnf_rec_t *recp;
lnf_filter_t *filterp1, *filterp2;
lnf_brec1_t brec;
char *filter1 = FILTER1;
char *filter2 = FILTER2;
uint32_t input, output;
char buf[LNF_MAX_STRING];
int res;
int i = 0;
int match1 = 0;
int match2 = 0;
int if1 = 0;
int if2 = 0;
int print = 1;
int filter = 1;
int fget = 1;
char *filename = FILENAME;
char c;
while ((c = getopt (argc, argv, "pPFGf:1:2:")) != -1) {
switch (c) {
case 'p':
print = 0;
break;
case 'P':
print = 0;
break;
case 'G':
fget = 0;
break;
case 'F':
filter = 0;
break;
case 'f':
filename = optarg;
break;
case '1':
filter1 = optarg;
break;
case '2':
filter2 = optarg;
break;
case '?':
printf("Usage: %s [ -p ] [ -f <output file name> ] [ -1 <filter1> ] [ -2 <filter2> ]\n", argv[0]);
printf(" -P : do not print records to stdout\n");
printf(" -F : do not use filters\n");
printf(" -G : do not use lng_rec_fget\n");
exit(1);
}
}
if (lnf_open(&filep, filename, LNF_READ, NULL) != LNF_OK) {
fprintf(stderr, "Can not open file %s\n", filename);
exit(1);
}
if ((res = lnf_filter_init(&filterp1, filter1)) != LNF_OK) {
fprintf(stderr, "Can not init filter1 '%s'\n", filter1);
if (res == LNF_ERR_OTHER_MSG) {
lnf_error(buf, LNF_MAX_STRING);
fprintf(stderr, "%s\n", buf);
}
exit(1);
}
if ((res = lnf_filter_init(&filterp2, filter2)) != LNF_OK) {
fprintf(stderr, "Can not init filter2 '%s'\n", filter2);
lnf_error(buf, LNF_MAX_STRING);
if (res == LNF_ERR_OTHER_MSG) {
lnf_error(buf, LNF_MAX_STRING);
fprintf(stderr, "%s\n", buf);
}
exit(1);
}
lnf_rec_init(&recp);
while (lnf_read(filep, recp) != LNF_EOF) {
if (fget) {
lnf_rec_fget(recp, LNF_FLD_INPUT, &input);
lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
lnf_rec_fget(recp, LNF_FLD_INPUT, &input);
lnf_rec_fget(recp, LNF_FLD_OUTPUT, &output);
}
i++;
match1 = 0;
match2 = 0;
if (filter) {
if (lnf_filter_match(filterp1, recp)) {
if1++;
match1 = 1;
}
if (lnf_filter_match(filterp2, recp)) {
if2++;
match2 = 1;
}
}
if (print) {
char sbuf[INET6_ADDRSTRLEN];
char dbuf[INET6_ADDRSTRLEN];
inet_ntop(AF_INET6, &brec.srcaddr, sbuf, INET6_ADDRSTRLEN);
inet_ntop(AF_INET6, &brec.dstaddr, dbuf, INET6_ADDRSTRLEN);
printf(" %s :%d -> %s :%d %d -> %d %llu %llu %llu [%d %d]\n",
sbuf, brec.srcport,
dbuf, brec.dstport,
input, output,
(LLUI)brec.pkts, (LLUI)brec.bytes, (LLUI)brec.flows,
match1, match2);
}
}
printf("Total records: %d\n", i);
printf("%d records matched by filter1 '%s'\n", if1, filter1);
printf("%d records matched by filter2 '%s'\n", if2, filter2);
lnf_rec_free(recp);
lnf_filter_free(filterp1);
lnf_filter_free(filterp2);
lnf_close(filep);
return 0;
}