int process_file(char *filename, lnf_filter_t *filterp) {
lnf_file_t *filep;
lnf_rec_t *recp;
// lnf_brec1_t brec;
int i = 0;
int tid;
int match;
tid = (int)pthread_self();
if (lnf_open(&filep, filename, LNF_READ, NULL) != LNF_OK) {
fprintf(stderr, "[#%x] Can not open file %s\n", tid, filename);
return 0;
}
lnf_rec_init(&recp);
while (lnf_read(filep, recp) != LNF_EOF) {
i++;
match = 1;
if ( filterp != NULL ) {
match = lnf_filter_match(filterp, recp);
}
/* add to memory heap */
if ( match ) {
if (memp != NULL) {
lnf_mem_write(memp, recp);
} else {
print_row(recp);
outputflows++;
}
}
}
lnf_close(filep);
// printf("[#%x] Total input records in file %s : %d\n", tid, filename, i);
return i;
}
int main(int argc, char **argv) {
lnf_file_t *filep;
lnf_rec_t *recp;
lnf_mem_t *memp;
lnf_mem_cursor_t *cursor;
lnf_brec1_t brec;
int i = 0;
int print = 1;
int printa = 1;
char *filename = FILENAME;
char c;
while ((c = getopt (argc, argv, "pPAf:")) != -1) {
switch (c) {
case 'p':
print = 0;
break;
case 'P':
print = 0;
break;
case 'f':
filename = optarg;
break;
case 'A':
printa = 0;
break;
case '?':
printf("Usage: %s [ -P ] [ -A ] [ -f <input file name> ] \n", argv[0]);
printf(" -P : do not print input records to stdout\n");
printf(" -A : do not aggregated records to stdout\n");
exit(1);
}
}
if (lnf_open(&filep, filename, LNF_READ, NULL) != LNF_OK) {
fprintf(stderr, "Can not open file %s\n", filename);
exit(1);
}
lnf_rec_init(&recp);
lnf_mem_init(&memp);
/* set rules for aggregation srcip/24,srcport,dstas */
lnf_mem_fadd(memp, LNF_FLD_SRCADDR, LNF_AGGR_KEY|LNF_SORT_DESC, 24, 64);
lnf_mem_fadd(memp, LNF_FLD_SRCPORT, LNF_AGGR_KEY, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_DSTAS, LNF_AGGR_KEY, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_FIRST, LNF_AGGR_MIN, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_LAST, LNF_AGGR_MAX, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_TCP_FLAGS, LNF_AGGR_OR, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_DOCTETS, LNF_AGGR_SUM, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_DPKTS, LNF_AGGR_SUM, 0, 0);
while (lnf_read(filep, recp) != LNF_EOF) {
i++;
/* add to memory heap */
lnf_mem_write(memp,recp);
if (print) {
char sbuf[INET6_ADDRSTRLEN];
char dbuf[INET6_ADDRSTRLEN];
lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
inet_ntop(AF_INET6, &brec.srcaddr, sbuf, INET6_ADDRSTRLEN);
inet_ntop(AF_INET6, &brec.dstaddr, dbuf, INET6_ADDRSTRLEN);
printf(" %s :%d -> %s :%d %llu %llu %llu\n",
sbuf, brec.srcport,
dbuf, brec.dstport,
(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
}
}
printf("Total input records: %d\n", i);
i = 0;
printf("First read\n");
lnf_mem_first_c(memp, &cursor);
while (cursor != NULL) {
i++;
lnf_mem_read_c(memp, cursor, recp);
if (printa) {
char sbuf[INET6_ADDRSTRLEN];
char dbuf[INET6_ADDRSTRLEN];
lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
inet_ntop(AF_INET6, &brec.srcaddr, sbuf, INET6_ADDRSTRLEN);
inet_ntop(AF_INET6, &brec.dstaddr, dbuf, INET6_ADDRSTRLEN);
printf(" %s :%d -> %s :%d %llu %llu %llu\n",
sbuf, brec.srcport,
dbuf, brec.dstport,
(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
}
lnf_mem_next_c(memp, &cursor);
}
printf("Second read\n");
lnf_mem_first_c(memp, &cursor);
while (cursor != NULL) {
i++;
lnf_mem_read_c(memp, cursor, recp);
if (printa) {
char sbuf[INET6_ADDRSTRLEN];
char dbuf[INET6_ADDRSTRLEN];
lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
inet_ntop(AF_INET6, &brec.srcaddr, sbuf, INET6_ADDRSTRLEN);
inet_ntop(AF_INET6, &brec.dstaddr, dbuf, INET6_ADDRSTRLEN);
printf(" %s :%d -> %s :%d %llu %llu %llu\n",
sbuf, brec.srcport,
dbuf, brec.dstport,
(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
}
lnf_mem_next_c(memp, &cursor);
}
printf("Total aggregated records: %d\n", i);
lnf_mem_free(memp);
lnf_rec_free(recp);
lnf_close(filep);
return 0;
}
int main(int argc, char **argv) {
lnf_file_t *filep;
lnf_rec_t *recp, *recp2;
lnf_mem_t *memp;
lnf_mem_cursor_t *cursor, *cursor2;
lnf_brec1_t brec;
uint16_t port;
int i = 0;
int print = 1;
int printa = 1;
int len;
char *filename = FILENAME;
char c;
char buff[1024];
while ((c = getopt (argc, argv, "pPAf:")) != -1) {
switch (c) {
case 'p':
print = 0;
break;
case 'P':
print = 0;
break;
case 'f':
filename = optarg;
break;
case 'A':
printa = 0;
break;
case '?':
printf("Usage: %s [ -P ] [ -A ] [ -f <input file name> ] \n", argv[0]);
printf(" -P : do not print input records to stdout\n");
printf(" -A : do not aggregated records to stdout\n");
exit(1);
}
}
if (lnf_open(&filep, filename, LNF_READ, NULL) != LNF_OK) {
fprintf(stderr, "Can not open file %s\n", filename);
exit(1);
}
lnf_rec_init(&recp);
lnf_mem_init(&memp);
/* set rules for aggregation srcip/24,srcport,dstas */
lnf_mem_fadd(memp, LNF_FLD_SRCPORT, LNF_AGGR_KEY, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_FIRST, LNF_AGGR_MIN, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_DOCTETS, LNF_AGGR_SUM|LNF_SORT_DESC, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_DPKTS, LNF_AGGR_SUM, 0, 0);
while (lnf_read(filep, recp) != LNF_EOF) {
i++;
/* add to memory heap */
lnf_mem_write(memp,recp);
}
printf("Total input records: %d\n", i);
i = 0;
while (lnf_mem_read(memp, recp) != LNF_EOF) {
i++;
if (printa) {
lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
printf(" %d - %llu %llu %llu\n",
brec.srcport,
(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
}
}
printf("Total aggregated records: %d\n", i);
printf("Lookup for src port 1123\n");
lnf_rec_init(&recp2);
/* set key field in record */
port = 1123;
lnf_rec_fset(recp2, LNF_FLD_SRCPORT, &port);
if (lnf_mem_lookup_c(memp, recp2, &cursor) == LNF_OK) {
lnf_mem_read_c(memp, cursor, recp);
lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
printf(" %d - %llu %llu %llu\n",
brec.srcport,
(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
} else {
printf("Record not found\n");
}
/* additional testion of lnf_mem_lookup_raw_c */
/* it's just testing - doesn't make any sense */
if (cursor != NULL && lnf_mem_read_raw_c(memp, cursor, buff, &len, sizeof(buff)) == LNF_OK) {
if (lnf_mem_lookup_raw_c(memp, buff, len, &cursor2) == LNF_OK) {
if (cursor == cursor2) {
printf("Read through lnf_lookup_raw_c is ok \n");
}
}
}
lnf_mem_free(memp);
lnf_rec_free(recp);
lnf_close(filep);
return 0;
}
void store_record(struct metadata* mdata, struct lnfstore_conf *conf)
{
static uint8_t buffer[(uint16_t)-1];
static lnf_rec_t *recp = NULL;
static lnf_file_t *lfp = NULL;
stack_t *smap = conf->pst;
if( conf->profiles && !mdata->channels ){
//Record wont be stored, it does not belong to any channel and profiling is activated
return;
}
if(recp == NULL) {
lnf_rec_init(&recp);
} else {
lnf_rec_clear(recp);
}
uint16_t offset, length;
offset = 0;
struct ipfix_template *templ = mdata->record.templ;
uint8_t *data_record = (uint8_t*) mdata->record.record;
/* get all fields */
for (uint16_t count = 0, index = 0; count < templ->field_count; ++count, ++index) {
struct ipfix_lnf_map *item, key;
/* Get Enterprise number and ID */
key.ie = templ->fields[index].ie.id;
length = templ->fields[index].ie.length;
key.en = 0;
if (key.ie & 0x8000) {
key.ie &= 0x7fff;
key.en = templ->fields[++index].enterprise_number;
}
item = bsearch(&key, tr_table, MAX_TABLE , sizeof(struct ipfix_lnf_map), ipfix_lnf_map_compare);
int problem = 1;
if(item != NULL){
problem = item->func(data_record, &offset, &length, buffer, item);
lnf_rec_fset(recp, item->lnf_id, buffer);
}
if(problem){
length = real_length(data_record, &offset, length);
}
offset += length;
} //end of element processing
//!< Decide whether close close files and create new time window
time_t now = time(NULL);
if(difftime(now, conf->t_vars->window_start) > conf->time_window){
mktime_window(now, conf);
if( conf->profiles ){
prec_t* item = NULL;
//Close all old files
for(unsigned x = 0; x < smap->top; x += al4B(sizeof(prec_t))){
item = (prec_t*)smap->data + x;
if(item->lfp == NULL)
continue;
lnf_close(item->lfp);
item->lfp = NULL;
}
} else {
lnf_close(lfp);
lfp = NULL;
}
}
if( conf->profiles ){
//On stack allocation of bit array
int ba_size = smap->top/(8*sizeof(int))+1;
int ba[ba_size];
memset(&ba[0], 0, ba_size*sizeof(int));
int status = 0;
prec_t *item = NULL;
for( int i = 0; mdata->channels[i] != 0; i++ ){
void* rec_prof = channel_get_profile(mdata->channels[i]);
item = bsearch(&rec_prof, smap->data, smap->top/al4B(sizeof(prec_t)),
al4B(sizeof(prec_t)), prec_compare);
if( item == NULL ){
//Profile is not in configuration
prec_t entry;
entry.address = rec_prof;
entry.lfp = NULL;
const char* prpath = profile_get_path(rec_prof);
char* path = mkpath_string(conf, prpath);
mkdir_hierarchy(path);
status = lnf_open(&entry.lfp, path, LNF_WRITE | (conf->compress? LNF_COMP : 0), (char*)conf->ident);
stack_push(smap, &entry, sizeof(prec_t));
//Add resilience
qsort(smap->data, smap->top/al4B(sizeof(prec_t)),
al4B(sizeof(prec_t)), prec_compare);
free(path);
} else if( item->lfp == NULL ){
//Profile file is closed
const char* prpath = profile_get_path(rec_prof);
char* path = mkpath_string(conf, prpath);
mkdir_hierarchy(path);
status = lnf_open(&item->lfp, path, LNF_WRITE | (conf->compress? LNF_COMP : 0), (char*)conf->ident);
//Get prof name and open aprop file
free(path);
}
}
void* profile = NULL;
int i = 0;
for(profile = channel_get_profile(mdata->channels[i=0]);
mdata->channels[i] != 0;
profile = channel_get_profile(mdata->channels[i++]) ){
item = bsearch(&profile, smap->data, smap->top/al4B(sizeof(prec_t)),
al4B(sizeof(prec_t)), prec_compare);
int index = (((base_t*)item) - smap->data)/al4B(sizeof(prec_t));
if( !GETb(ba, index) ){ //And profile is not shadow
status = lnf_write(item->lfp, recp);
SETb(ba, index, 1);
}
}
} else {
if( lfp == NULL ){
int status;
char* path = mkpath_string(conf, NULL);
status = mkdir_hierarchy(path);
status |= lnf_open(&lfp, path, LNF_WRITE | (conf->compress ? LNF_COMP : 0), (char*)conf->ident);
if(status != LNF_OK) {
MSG_ERROR(msg_module, "Failed to open file! ...at path: %s \n", path);
}
free(path);
}
lnf_write(lfp, recp);
}
return;
}
int main(int argc, char **argv) {
lnf_file_t *filep;
lnf_rec_t *recp;
lnf_mem_t *memp1;
lnf_mem_t *memp2;
lnf_mem_cursor_t *cursor;
lnf_brec1_t brec;
int i = 0;
int print = 1;
int printa = 1;
char *filename = FILENAME;
int c;
char buff[LNF_MAX_RAW_LEN];
int datasize;
while ((c = getopt (argc, argv, "pPAf:")) != -1) {
switch (c) {
case 'p':
print = 0;
break;
case 'P':
print = 0;
break;
case 'f':
filename = optarg;
break;
case 'A':
printa = 0;
break;
case '?':
printf("Usage: %s [ -P ] [ -A ] [ -f <input file name> ] \n", argv[0]);
printf(" -P : do not print input records to stdout\n");
printf(" -A : do not aggregated records to stdout\n");
exit(1);
}
}
if (lnf_open(&filep, filename, LNF_READ, NULL) != LNF_OK) {
fprintf(stderr, "Can not open file %s\n", filename);
exit(1);
}
lnf_rec_init(&recp);
lnf_mem_init(&memp1);
lnf_mem_init(&memp2);
lnf_mem_fastaggr(memp1, LNF_FAST_AGGR_BASIC);
lnf_mem_fastaggr(memp2, LNF_FAST_AGGR_BASIC);
/* set rules for aggregation srcip/24,srcport,dstas */
lnf_mem_fadd(memp1, LNF_FLD_SRCADDR, LNF_AGGR_KEY|LNF_SORT_DESC, 24, 64);
lnf_mem_fadd(memp2, LNF_FLD_SRCADDR, LNF_AGGR_KEY|LNF_SORT_DESC, 24, 64);
while (lnf_read(filep, recp) != LNF_EOF) {
i++;
/* add to memory heap */
lnf_mem_write(memp1, recp);
if (print) {
char sbuf[INET6_ADDRSTRLEN];
char dbuf[INET6_ADDRSTRLEN];
lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
inet_ntop(AF_INET6, &brec.srcaddr, sbuf, INET6_ADDRSTRLEN);
inet_ntop(AF_INET6, &brec.dstaddr, dbuf, INET6_ADDRSTRLEN);
printf(" %s :%d -> %s :%d %llu %llu %llu\n",
sbuf, brec.srcport,
dbuf, brec.dstport,
(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
}
}
printf("Total input records: %d\n", i);
/* transfer data from memp1 to memp2 */
lnf_mem_first_c(memp1, &cursor);
while (cursor != NULL) {
lnf_mem_read_raw_c(memp1, cursor, buff, &datasize, LNF_MAX_RAW_LEN);
lnf_mem_write_raw(memp2, buff, datasize);
lnf_mem_next_c(memp1, &cursor);
}
/* all data are now in memp2) */
i = 0;
lnf_mem_first_c(memp2, &cursor);
while (cursor != NULL) {
i++;
lnf_mem_read_c(memp2, cursor, recp);
if (printa) {
char sbuf[INET6_ADDRSTRLEN];
char dbuf[INET6_ADDRSTRLEN];
lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
inet_ntop(AF_INET6, &brec.srcaddr, sbuf, INET6_ADDRSTRLEN);
inet_ntop(AF_INET6, &brec.dstaddr, dbuf, INET6_ADDRSTRLEN);
printf(" %s :%d -> %s :%d %llu %llu %llu\n",
sbuf, brec.srcport,
dbuf, brec.dstport,
(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
}
lnf_mem_next_c(memp2, &cursor);
}
printf("Total aggregated records: %d\n", i);
lnf_mem_free(memp1);
lnf_mem_free(memp2);
lnf_rec_free(recp);
lnf_close(filep);
return 0;
}
int main(int argc, char **argv) {
lnf_file_t *filep;
lnf_rec_t *recp;
lnf_filter_t *filterp1, *filterp2;
lnf_brec1_t brec;
char *filter1 = FILTER1;
char *filter2 = FILTER2;
uint32_t input, output;
char buf[LNF_MAX_STRING];
int res;
int i = 0;
int match1 = 0;
int match2 = 0;
int if1 = 0;
int if2 = 0;
int print = 1;
int filter = 1;
int fget = 1;
char *filename = FILENAME;
char c;
while ((c = getopt (argc, argv, "pPFGf:1:2:")) != -1) {
switch (c) {
case 'p':
print = 0;
break;
case 'P':
print = 0;
break;
case 'G':
fget = 0;
break;
case 'F':
filter = 0;
break;
case 'f':
filename = optarg;
break;
case '1':
filter1 = optarg;
break;
case '2':
filter2 = optarg;
break;
case '?':
printf("Usage: %s [ -p ] [ -f <output file name> ] [ -1 <filter1> ] [ -2 <filter2> ]\n", argv[0]);
printf(" -P : do not print records to stdout\n");
printf(" -F : do not use filters\n");
printf(" -G : do not use lng_rec_fget\n");
exit(1);
}
}
if (lnf_open(&filep, filename, LNF_READ, NULL) != LNF_OK) {
fprintf(stderr, "Can not open file %s\n", filename);
exit(1);
}
if ((res = lnf_filter_init(&filterp1, filter1)) != LNF_OK) {
fprintf(stderr, "Can not init filter1 '%s'\n", filter1);
if (res == LNF_ERR_OTHER_MSG) {
lnf_error(buf, LNF_MAX_STRING);
fprintf(stderr, "%s\n", buf);
}
exit(1);
}
if ((res = lnf_filter_init(&filterp2, filter2)) != LNF_OK) {
fprintf(stderr, "Can not init filter2 '%s'\n", filter2);
lnf_error(buf, LNF_MAX_STRING);
if (res == LNF_ERR_OTHER_MSG) {
lnf_error(buf, LNF_MAX_STRING);
fprintf(stderr, "%s\n", buf);
}
exit(1);
}
lnf_rec_init(&recp);
while (lnf_read(filep, recp) != LNF_EOF) {
if (fget) {
lnf_rec_fget(recp, LNF_FLD_INPUT, &input);
lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
lnf_rec_fget(recp, LNF_FLD_INPUT, &input);
lnf_rec_fget(recp, LNF_FLD_OUTPUT, &output);
}
i++;
match1 = 0;
match2 = 0;
if (filter) {
if (lnf_filter_match(filterp1, recp)) {
if1++;
match1 = 1;
}
if (lnf_filter_match(filterp2, recp)) {
if2++;
match2 = 1;
}
}
if (print) {
char sbuf[INET6_ADDRSTRLEN];
char dbuf[INET6_ADDRSTRLEN];
inet_ntop(AF_INET6, &brec.srcaddr, sbuf, INET6_ADDRSTRLEN);
inet_ntop(AF_INET6, &brec.dstaddr, dbuf, INET6_ADDRSTRLEN);
printf(" %s :%d -> %s :%d %d -> %d %llu %llu %llu [%d %d]\n",
sbuf, brec.srcport,
dbuf, brec.dstport,
input, output,
(LLUI)brec.pkts, (LLUI)brec.bytes, (LLUI)brec.flows,
match1, match2);
}
}
printf("Total records: %d\n", i);
printf("%d records matched by filter1 '%s'\n", if1, filter1);
printf("%d records matched by filter2 '%s'\n", if2, filter2);
lnf_rec_free(recp);
lnf_filter_free(filterp1);
lnf_filter_free(filterp2);
lnf_close(filep);
return 0;
}