/* * Unpack the array of bytes 'ar' into a record 'rwrec' */ static int augsnmpoutioRecordUnpack_V4( skstream_t *stream, rwGenericRec_V5 *rwrec, uint8_t *ar) { /* swap if required */ if (stream->swapFlag) { augsnmpoutioRecordSwap_V4(ar); } /* sTime, elapsed, pkts, bytes, proto, tcp-flags, state, application */ rwpackUnpackFlagsTimesVolumes(rwrec, ar, stream->hdr_starttime, 16, 0); /* sPort, dPort */ rwRecMemSetSPort(rwrec, &ar[16]); rwRecMemSetDPort(rwrec, &ar[18]); /* sIP, dIP */ rwRecMemSetSIPv4(rwrec, &ar[20]); rwRecMemSetDIPv4(rwrec, &ar[24]); /* output */ rwRecMemSetOutput(rwrec, &ar[28]); /* sensor, flow_type from file name/header */ rwRecSetSensor(rwrec, stream->hdr_sensor); rwRecSetFlowType(rwrec, stream->hdr_flowtype); return SKSTREAM_OK; }
/* * Unpack the array of bytes 'ar' into a record 'rwrec' */ static int genericioRecordUnpack_V3( skstream_t *rwIOS, rwGenericRec_V5 *rwrec, uint8_t *ar) { uint32_t quot; uint16_t rem; /* swap if required */ if (rwIOS->swapFlag) { genericioRecordSwap_V3(ar); } /* sIP, dIP, sPort, dPort, nhIP, input, output */ rwRecMemSetSIPv4(rwrec, &ar[0]); rwRecMemSetDIPv4(rwrec, &ar[4]); rwRecMemSetSPort(rwrec, &ar[8]); rwRecMemSetDPort(rwrec, &ar[10]); rwRecMemSetNhIPv4(rwrec, &ar[12]); rwRecMemSetInput(rwrec, &ar[16]); rwRecMemSetOutput(rwrec, &ar[18]); /* sTime, sTime_msec */ memcpy(", &ar[20], 4); memcpy(&rem, &ar[48], 2); rwRecSetStartTime(rwrec, sktimeCreate(quot, rem)); /* elapsed, elapsed_msec */ memcpy(", &ar[24], 4); memcpy(&rem, &ar[50], 2); rwRecSetElapsed(rwrec, (1000 * quot + rem)); /* pkts, bytes */ rwRecMemSetPkts(rwrec, &ar[28]); rwRecMemSetBytes(rwrec, &ar[32]); /* proto, flowtype, sensor, flags, init_flags, rest_flags, tcp_state */ rwRecMemSetProto(rwrec, &ar[36]); rwRecMemSetFlowType(rwrec, &ar[37]); rwRecMemSetSensor(rwrec, &ar[38]); rwRecMemSetFlags(rwrec, &ar[40]); rwRecMemSetInitFlags(rwrec, &ar[41]); rwRecMemSetRestFlags(rwrec, &ar[42]); rwRecMemSetTcpState(rwrec, &ar[43]); /* bpp field no longer exists */ /* sTime_msec (above), elapsed_msec (above) */ /* application */ rwRecMemSetApplication(rwrec, &ar[52]); RWREC_MAYBE_CLEAR_TCPSTATE_EXPANDED(rwrec); return SKSTREAM_OK; }
/* * Unpack the array of bytes 'ar' into a record 'rwrec' */ static int ipv6ioRecordUnpack_V2( skstream_t *rwIOS, rwGenericRec_V5 *rwrec, uint8_t *ar) { uint32_t ip; /* swap if required */ if (rwIOS->swapFlag) { ipv6ioRecordSwap_V2(ar); } /* Start time, TCP flags, Protocol, TCP State */ rwpackUnpackTimesFlagsProto(rwrec, ar, rwIOS->hdr_starttime); /* application */ rwRecMemSetApplication(rwrec, &ar[ 6]); /* sPort, dPort */ rwRecMemSetSPort(rwrec, &ar[ 8]); rwRecMemSetDPort(rwrec, &ar[10]); /* Elapsed */ rwRecMemSetElapsed(rwrec, &ar[12]); /* packets, bytes */ rwRecMemSetPkts(rwrec, &ar[16]); rwRecMemSetBytes(rwrec, &ar[20]); /* sIP, dIP */ if (ar[5] & 0x80) { /* Record is IPv6 */ #if !SK_ENABLE_IPV6 return SKSTREAM_ERR_UNSUPPORT_IPV6; #else rwRecSetIPv6(rwrec); rwRecMemSetSIPv6(rwrec, &ar[24]); rwRecMemSetDIPv6(rwrec, &ar[40]); #endif /* SK_ENABLE_IPV6 */ } else { /* Record is IPv4 */ memcpy(&ip, &ar[24+12], sizeof(ip)); rwRecSetSIPv4(rwrec, ntohl(ip)); memcpy(&ip, &ar[40+12], sizeof(ip)); rwRecSetDIPv4(rwrec, ntohl(ip)); } /* sensor, flow_type from file name/header */ rwRecSetSensor(rwrec, rwIOS->hdr_sensor); rwRecSetFlowType(rwrec, rwIOS->hdr_flowtype); return SKSTREAM_OK; }
/* * Unpack the array of bytes 'ar' into a record 'rwrec' */ static int ipv6ioRecordUnpack_V1( skstream_t *rwIOS, rwGenericRec_V5 *rwrec, uint8_t *ar) { uint32_t ip; /* swap if required */ if (rwIOS->swapFlag) { ipv6ioRecordSwap_V1(ar); } rwRecMemSetStartTime(rwrec, &ar[0]); rwRecMemSetElapsed(rwrec, &ar[8]); rwRecMemSetSPort(rwrec, &ar[12]); rwRecMemSetDPort(rwrec, &ar[14]); rwRecMemSetProto(rwrec, &ar[16]); rwRecMemSetFlowType(rwrec, &ar[17]); rwRecMemSetSensor(rwrec, &ar[18]); rwRecMemSetFlags(rwrec, &ar[20]); rwRecMemSetInitFlags(rwrec, &ar[21]); rwRecMemSetRestFlags(rwrec, &ar[22]); rwRecMemSetTcpState(rwrec, &ar[23]); rwRecMemSetApplication(rwrec, &ar[24]); rwRecMemSetMemo(rwrec, &ar[26]); rwRecMemSetPkts(rwrec, &ar[28]); rwRecMemSetBytes(rwrec, &ar[32]); if (ar[23] & 0x80) { /* Record is IPv6 */ #if !SK_ENABLE_IPV6 return SKSTREAM_ERR_UNSUPPORT_IPV6; #else rwRecSetIPv6(rwrec); rwRecMemSetSIPv6(rwrec, &ar[36]); rwRecMemSetDIPv6(rwrec, &ar[52]); #endif /* SK_ENABLE_IPV6 */ } else { /* Record is IPv4 */ /* sIP */ memcpy(&ip, &ar[48], sizeof(ip)); rwRecSetSIPv4(rwrec, ntohl(ip)); /* dIP */ memcpy(&ip, &ar[64], sizeof(ip)); rwRecSetDIPv4(rwrec, ntohl(ip)); } RWREC_MAYBE_CLEAR_TCPSTATE_EXPANDED(rwrec); return SKSTREAM_OK; }
/* * Unpack the array of bytes 'ar' into a record 'rwrec' */ static int genericioRecordUnpack_V2( skstream_t *rwIOS, rwGenericRec_V5 *rwrec, uint8_t *ar) { uint32_t tmp32; /* swap if required */ if (rwIOS->swapFlag) { genericioRecordSwap_V2(ar); } /* sIP, dIP, sPort, dPort, nhIP, input, output */ rwRecMemSetSIPv4(rwrec, &ar[0]); rwRecMemSetDIPv4(rwrec, &ar[4]); rwRecMemSetSPort(rwrec, &ar[8]); rwRecMemSetDPort(rwrec, &ar[10]); rwRecMemSetNhIPv4(rwrec, &ar[12]); rwRecMemSetInput(rwrec, &ar[16]); rwRecMemSetOutput(rwrec, &ar[18]); /* sTime, elapsed */ memcpy(&tmp32, &ar[20], 4); rwRecSetStartTime(rwrec, sktimeCreate(tmp32, 0)); memcpy(&tmp32, &ar[24], 4); rwRecSetElapsed(rwrec, (1000 * tmp32)); /* pkts, bytes */ rwRecMemSetPkts(rwrec, &ar[28]); rwRecMemSetBytes(rwrec, &ar[32]); /* proto, flow_type, sID, flags, init_flags, rest_flags, tcp_state */ rwRecMemSetProto(rwrec, &ar[36]); rwRecMemSetFlowType(rwrec, &ar[37]); rwRecMemSetSensor(rwrec, &ar[38]); rwRecMemSetFlags(rwrec, &ar[40]); rwRecMemSetInitFlags(rwrec, &ar[41]); rwRecMemSetRestFlags(rwrec, &ar[42]); rwRecMemSetTcpState(rwrec, &ar[43]); /* bpp field no longer exists */ RWREC_MAYBE_CLEAR_TCPSTATE_EXPANDED(rwrec); return SKSTREAM_OK; }
/* * Unpack the array of bytes 'ar' into a record 'rwrec' */ static int augsnmpoutioRecordUnpack_V1( skstream_t *stream, rwGenericRec_V5 *rwrec, uint8_t *ar) { uint32_t msec_flags; uint8_t is_tcp, prot_flags; /* swap if required */ if (stream->swapFlag) { augsnmpoutioRecordSwap_V1(ar); } /* sIP, dIP, sPort, dPort */ rwRecMemSetSIPv4(rwrec, &ar[0]); rwRecMemSetDIPv4(rwrec, &ar[4]); rwRecMemSetSPort(rwrec, &ar[8]); rwRecMemSetDPort(rwrec, &ar[10]); /* msec times, proto or flags */ memcpy(&msec_flags, &ar[20], 4); /* application */ rwRecMemSetApplication(rwrec, &ar[24]); /* sTime, pkts, bytes, elapsed, proto, tcp-flags, bpp */ rwpackUnpackTimeBytesPktsFlags(rwrec, stream->hdr_starttime, (uint32_t*)&ar[12], (uint32_t*)&ar[16], &msec_flags); /* extra TCP information */ is_tcp = (uint8_t)GET_MASKED_BITS(msec_flags, 10, 1); prot_flags = (uint8_t)GET_MASKED_BITS(msec_flags, 0, 8); rwpackUnpackProtoFlags(rwrec, is_tcp, prot_flags, ar[26], ar[27]); /* output interfaces */ rwRecMemSetOutput(rwrec, &ar[28]); /* sensor, flow_type from file name/header */ rwRecSetSensor(rwrec, stream->hdr_sensor); rwRecSetFlowType(rwrec, stream->hdr_flowtype); return SKSTREAM_OK; }
/* * Unpack the array of bytes 'ar' into a record 'rwrec' */ static int genericioRecordUnpack_V1( skstream_t *rwIOS, rwGenericRec_V5 *rwrec, uint8_t *ar) { uint32_t tmp32; /* swap if required */ if (rwIOS->swapFlag) { genericioRecordSwap_V1(ar); } /* sIP, dIP, sPort, dPort */ rwRecMemSetSIPv4(rwrec, &ar[0]); rwRecMemSetDIPv4(rwrec, &ar[4]); rwRecMemSetSPort(rwrec, &ar[8]); rwRecMemSetDPort(rwrec, &ar[10]); /* proto, flags, input, output */ rwRecSetProto(rwrec, ar[12]); rwRecSetFlags(rwrec, ar[13]); rwRecSetInput(rwrec, ar[14]); rwRecSetOutput(rwrec, ar[15]); /* nhIP */ rwRecMemSetNhIPv4(rwrec, &ar[16]); /* sTime */ memcpy(&tmp32, &ar[20], 4); rwRecSetStartTime(rwrec, sktimeCreate(tmp32, 0)); /* pkts, bytes */ rwRecMemSetPkts(rwrec, &ar[24]); rwRecMemSetBytes(rwrec, &ar[28]); /* elapsed */ memcpy(&tmp32, &ar[32], 4); rwRecSetElapsed(rwrec, (1000 * tmp32)); /* sID */ rwRecSetSensor(rwrec, ar[36]); return SKSTREAM_OK; }
/* * Unpack the array of bytes 'ar' into a record 'rwrec' */ static int augsnmpoutioRecordUnpack_V5( skstream_t *stream, rwGenericRec_V5 *rwrec, uint8_t *ar) { /* swap if required */ if (stream->swapFlag) { augsnmpoutioRecordSwap_V5(ar); } /* Start time, TCP flags, Protocol, TCP State */ rwpackUnpackTimesFlagsProto(rwrec, ar, stream->hdr_starttime); /* application */ rwRecMemSetApplication(rwrec, &ar[ 6]); /* sPort, dPort */ rwRecMemSetSPort(rwrec, &ar[ 8]); rwRecMemSetDPort(rwrec, &ar[10]); /* Elapsed */ rwRecMemSetElapsed(rwrec, &ar[12]); /* packets, bytes */ rwRecMemSetPkts(rwrec, &ar[16]); rwRecMemSetBytes(rwrec, &ar[20]); /* sIP, dIP */ rwRecMemSetSIPv4(rwrec, &ar[24]); rwRecMemSetDIPv4(rwrec, &ar[28]); /* output */ rwRecMemSetOutput(rwrec, &ar[32]); /* sensor, flow_type from file name/header */ rwRecSetSensor(rwrec, stream->hdr_sensor); rwRecSetFlowType(rwrec, stream->hdr_flowtype); return SKSTREAM_OK; }
/* * Unpack the array of bytes 'ar' into a record 'rwrec' */ static int genericioRecordUnpack_V5( skstream_t *rwIOS, rwGenericRec_V5 *rwrec, uint8_t *ar) { /* swap if required */ if (rwIOS->swapFlag) { genericioRecordSwap_V5(ar); } #if !SK_ENABLE_IPV6 memcpy(rwrec, ar, RECLEN_RWGENERIC_V5); #else rwRecMemSetStartTime(rwrec, &ar[0]); rwRecMemSetElapsed(rwrec, &ar[8]); rwRecMemSetSPort(rwrec, &ar[12]); rwRecMemSetDPort(rwrec, &ar[14]); rwRecMemSetProto(rwrec, &ar[16]); rwRecMemSetFlowType(rwrec, &ar[17]); rwRecMemSetSensor(rwrec, &ar[18]); rwRecMemSetFlags(rwrec, &ar[20]); rwRecMemSetInitFlags(rwrec, &ar[21]); rwRecMemSetRestFlags(rwrec, &ar[22]); rwRecMemSetTcpState(rwrec, &ar[23]); rwRecMemSetApplication(rwrec, &ar[24]); rwRecMemSetMemo(rwrec, &ar[26]); rwRecMemSetInput(rwrec, &ar[28]); rwRecMemSetOutput(rwrec, &ar[30]); rwRecMemSetPkts(rwrec, &ar[32]); rwRecMemSetBytes(rwrec, &ar[36]); rwRecMemSetSIPv4(rwrec, &ar[40]); rwRecMemSetDIPv4(rwrec, &ar[44]); rwRecMemSetNhIPv4(rwrec, &ar[48]); #endif RWREC_MAYBE_CLEAR_TCPSTATE_EXPANDED(rwrec); return SKSTREAM_OK; }
/* * Unpack the array of bytes 'ar' into a record 'rwrec' */ static int ipv6routingioRecordUnpack_V3( skstream_t *stream, rwRec *rwrec, uint8_t *ar) { uint32_t u32; uint64_t u64; #if !SK_ENABLE_IPV6 if (ar[23] & 0x80) { /* Record is IPv6 */ return SKSTREAM_ERR_UNSUPPORT_IPV6; } #endif /* swap if required */ if (stream->swapFlag) { ipv6routingioRecordSwap_V3(ar); } rwRecMemSetStartTime(rwrec, &ar[0]); rwRecMemSetElapsed(rwrec, &ar[8]); rwRecMemSetSPort(rwrec, &ar[12]); rwRecMemSetDPort(rwrec, &ar[14]); rwRecMemSetProto(rwrec, &ar[16]); rwRecMemSetFlowType(rwrec, &ar[17]); rwRecMemSetSensor(rwrec, &ar[18]); rwRecMemSetFlags(rwrec, &ar[20]); rwRecMemSetInitFlags(rwrec, &ar[21]); rwRecMemSetRestFlags(rwrec, &ar[22]); rwRecMemSetTcpState(rwrec, &ar[23]); rwRecMemSetApplication(rwrec, &ar[24]); rwRecMemSetMemo(rwrec, &ar[26]); /* Input; set to UINT16_MAX if too large */ memcpy(&u32, &ar[28], sizeof(u32)); if (u32 > UINT16_MAX) { rwRecSetInput(rwrec, UINT16_MAX); } else { rwRecSetInput(rwrec, (uint16_t)u32); } /* Packets; set to UINT32_MAX if too large */ memcpy(&u64, &ar[32], sizeof(u64)); if (u64 > UINT32_MAX) { rwRecSetPkts(rwrec, UINT32_MAX); } else { rwRecSetPkts(rwrec, (uint32_t)u64); } /* Bytes; set to UINT32_MAX if too large */ memcpy(&u64, &ar[40], sizeof(u64)); if (u64 > UINT32_MAX) { rwRecSetBytes(rwrec, UINT32_MAX); } else { rwRecSetBytes(rwrec, (uint32_t)u64); } /* Output; set to UINT16_MAX if too large */ memcpy(&u32, &ar[96], sizeof(u32)); if (u32 > UINT16_MAX) { rwRecSetOutput(rwrec, UINT16_MAX); } else { rwRecSetOutput(rwrec, (uint16_t)u32); } #if SK_ENABLE_IPV6 if (ar[23] & 0x80) { /* Record is IPv6 */ rwRecSetIPv6(rwrec); rwRecMemSetSIPv6(rwrec, &ar[48]); rwRecMemSetDIPv6(rwrec, &ar[64]); rwRecMemSetNhIPv6(rwrec, &ar[80]); } else #endif /* SK_ENABLE_IPV6 */ { /* Record is IPv4, but data encoded as IPv6 */ uint32_t ip; /* sIP */ memcpy(&ip, &ar[60], sizeof(ip)); rwRecSetSIPv4(rwrec, ntohl(ip)); /* dIP */ memcpy(&ip, &ar[76], sizeof(ip)); rwRecSetDIPv4(rwrec, ntohl(ip)); /* nhIP */ memcpy(&ip, &ar[92], sizeof(ip)); rwRecSetNhIPv4(rwrec, ntohl(ip)); } /* * No need for this; file format is post SiLK-3.6.0 * RWREC_MAYBE_CLEAR_TCPSTATE_EXPANDED(rwrec); */ return SKSTREAM_OK; }