/**
* Prints a DataTemplate
* @param sourceID SourceID of the exporting process
* @param dataTemplateInfo Pointer to a structure defining the DataTemplate used
*/
void IpfixPrinter::onTemplate(IpfixTemplateRecord* record)
{
int i;
/* we need a FieldInfo for printIPv4 */
IpfixRecord::FieldInfo::Type tmpInfo = {0, 4, false, 0}; // length=4 for IPv4 address
printf("\n-+--- Template (id=%u) from ", record->templateInfo->templateId);
if (record->sourceID) {
if (record->sourceID->exporterAddress.len == 4)
printIPv4(tmpInfo, &record->sourceID->exporterAddress.ip[0]);
else
printf("non-IPv4 address");
printf(":%d (", record->sourceID->exporterPort);
tmpInfo.length = 1; // length=1 for protocol identifier
printProtocol(tmpInfo, &record->sourceID->protocol);
printf(")\n");
} else {
printf("no sourceID given in template");
}
printf(" `- fixed data\n");
for (i = 0; i < record->templateInfo->dataCount; i++) {
printf(" ' `- ");
printFieldData(record->templateInfo->dataInfo[i].type,
(record->templateInfo->data + record->templateInfo->dataInfo[i].offset));
printf("\n");
}
printf(" `---\n\n");
record->removeReference();
}
/**
* Prints a DataDataRecord
* @param sourceID SourceID of the exporting process
* @param dataTemplateInfo Pointer to a structure defining the DataTemplate used
* @param length Length of the data block supplied
* @param data Pointer to a data block containing all variable fields
*/
void IpfixPrinter::onDataDataRecord(IpfixDataDataRecord* record)
{
boost::shared_ptr<IpfixRecord::DataTemplateInfo> dataTemplateInfo = record->dataTemplateInfo;
int i;
/* we need a FieldInfo for printIPv4 */
IpfixRecord::FieldInfo::Type tmpInfo = {0, 4, false, 0}; // length=4 for IPv4 address
printf("\n-+--- DataDataRecord (Template id=%u from ", dataTemplateInfo->templateId);
if(record->sourceID->exporterAddress.len == 4)
printIPv4(tmpInfo, &record->sourceID->exporterAddress.ip[0]);
else
printf("non-IPv4 address");
printf(":%d (", record->sourceID->exporterPort);
tmpInfo.length = 1; // length=1 for protocol identifier
printProtocol(tmpInfo, &record->sourceID->protocol);
printf(") )\n");
printf(" `- fixed data\n");
for (i = 0; i < dataTemplateInfo->dataCount; i++) {
printf(" ' `- ");
printFieldData(dataTemplateInfo->dataInfo[i].type,
(dataTemplateInfo->data + dataTemplateInfo->dataInfo[i].offset));
printf("\n");
}
printf(" `- variable data\n");
for (i = 0; i < dataTemplateInfo->fieldCount; i++) {
printf(" ' `- ");
printFieldData(dataTemplateInfo->fieldInfo[i].type,
(record->data + dataTemplateInfo->fieldInfo[i].offset));
printf("\n");
}
printf(" `---\n\n");
record->removeReference();
}
/**
* Prints a string representation of FieldData to stdout.
*/
void printFieldData(FieldType type, FieldData* pattern) {
char* s;
switch (type.id) {
case IPFIX_TYPEID_protocolIdentifier:
printf("protocolIdentifier:");
printProtocol(type, pattern);
break;
case IPFIX_TYPEID_sourceIPv4Address:
printf("sourceIPv4Address:");
printIPv4(type, pattern);
break;
case IPFIX_TYPEID_destinationIPv4Address:
printf("destinationIPv4Address:");
printIPv4(type, pattern);
break;
case IPFIX_TYPEID_sourceTransportPort:
printf("sourceTransportPort:");
printPort(type, pattern);
break;
case IPFIX_TYPEID_destinationtransportPort:
printf("destinationtransportPort:");
printPort(type, pattern);
break;
default:
s = typeid2string(type.id);
if (s != NULL) {
printf("%s:", s);
printUint(type, pattern);
} else {
DPRINTF("Field with ID %d unparseable\n", type.id);
}
break;
}
}
/**
* Prints a DataRecord
* @param sourceID SourceID of the exporting process
* @param dataTemplateInfo Pointer to a structure defining the DataTemplate used
* @param length Length of the data block supplied
* @param data Pointer to a data block containing all variable fields
*/
void IpfixPrinter::onDataRecord(IpfixDataRecord* record)
{
if (lineOutput) {
printOneLineRecord(record);
} else {
int i;
/* we need a FieldInfo for printIPv4 */
IpfixRecord::FieldInfo::Type tmpInfo = {0, 4, false, 0}; // length=4 for IPv4 address
printf("\n-+--- DataRecord (Template id=%u from ", record->templateInfo->templateId);
if(record->sourceID->exporterAddress.len == 4)
printIPv4(tmpInfo, &record->sourceID->exporterAddress.ip[0]);
else
printf("non-IPv4 address");
printf(":%d (", record->sourceID->exporterPort);
tmpInfo.length = 1; // length=1 for protocol identifier
printProtocol(tmpInfo, &record->sourceID->protocol);
printf(") )\n");
printf(" `- variable data\n");
for (i = 0; i < record->templateInfo->fieldCount; i++) {
printf(" ' `- ");
printFieldData(record->templateInfo->fieldInfo[i].type, (record->data + record->templateInfo->fieldInfo[i].offset));
printf("\n");
}
}
record->removeReference();
}
/**
* Prints a string representation of IpfixRecord::Data to stdout.
*/
void printFieldData(IpfixRecord::FieldInfo::Type type, IpfixRecord::Data* pattern) {
char* s;
timeval t;
uint64_t hbnum;
switch (type.id) {
case IPFIX_TYPEID_protocolIdentifier:
printf("protocolIdentifier: ");
printProtocol(type, pattern);
break;
case IPFIX_TYPEID_sourceIPv4Address:
printf("sourceIPv4Address: ");
printIPv4(type, pattern);
break;
case IPFIX_TYPEID_destinationIPv4Address:
printf("destinationIPv4Address: ");
printIPv4(type, pattern);
break;
case IPFIX_TYPEID_sourceTransportPort:
printf("sourceTransportPort: ");
printPort(type, pattern);
break;
case IPFIX_TYPEID_destinationTransportPort:
printf("destinationTransportPort: ");
printPort(type, pattern);
break;
case IPFIX_TYPEID_flowStartNanoSeconds:
case IPFIX_TYPEID_flowEndNanoSeconds:
case IPFIX_ETYPEID_revFlowStartNanoSeconds:
case IPFIX_ETYPEID_revFlowEndNanoSeconds:
printf("%s: ", typeid2string(type.id));
hbnum = ntohll(*(uint64_t*)pattern);
if (hbnum>0) {
t = timentp64(*((ntp64*)(&hbnum)));
printf("%d.%06d seconds", (int32_t)t.tv_sec, (int32_t)t.tv_usec);
} else {
printf("no value (only zeroes in field)");
}
break;
case IPFIX_ETYPEID_frontPayload:
case IPFIX_ETYPEID_revFrontPayload:
printf("%s: ", typeid2string(type.id));
printFrontPayload(type, pattern);
break;
default:
s = typeid2string(type.id);
if (s != NULL) {
printf("%s: ", s);
printUint(type, pattern);
} else {
DPRINTF("Field with ID %d unparseable\n", type.id);
}
break;
}
}
/**
* Prints a DataRecord
* @param sourceID SourceID of the exporting process
* @param dataTemplateInfo Pointer to a structure defining the DataTemplate used
* @param length Length of the data block supplied
* @param data Pointer to a data block containing all variable fields
*/
void IpfixPrinter::onDataRecord(IpfixDataRecord* record)
{
int i;
/* we need a FieldInfo for printIPv4 */
IpfixRecord::FieldInfo::Type tmpInfo = {0, 4, false, 0}; // length=4 for IPv4 address
boost::shared_ptr<IpfixRecord::DataTemplateInfo> dataTemplateInfo;
switch (outputType) {
case LINE:
printf("ERROR: one line record not implemented for IpfixDataRecords\n");
//printOneLineRecord(record);
break;
case TREE:
dataTemplateInfo = record->templateInfo;
printf("\n-+--- DataRecord (Template id=%u from ", dataTemplateInfo->templateId);
if(record->sourceID->exporterAddress.len == 4)
printIPv4(tmpInfo, &record->sourceID->exporterAddress.ip[0]);
else
printf("non-IPv4 address");
printf(":%d (", record->sourceID->exporterPort);
tmpInfo.length = 1; // length=1 for protocol identifier
printProtocol(tmpInfo, &record->sourceID->protocol);
printf(") )\n");
printf(" `- fixed data\n");
for (i = 0; i < dataTemplateInfo->dataCount; i++) {
printf(" ' `- ");
printFieldData(dataTemplateInfo->dataInfo[i].type,
(dataTemplateInfo->data + dataTemplateInfo->dataInfo[i].offset));
printf("\n");
}
printf(" `- variable data\n");
for (i = 0; i < dataTemplateInfo->fieldCount; i++) {
printf(" ' `- ");
printFieldData(dataTemplateInfo->fieldInfo[i].type,
(record->data + dataTemplateInfo->fieldInfo[i].offset));
printf("\n");
}
printf(" `---\n\n");
break;
case TABLE:
printTableRecord(record);
break;
case NONE:
break;
}
record->removeReference();
}
/**
* Prints a DataTemplate that was announced to be destroyed
* @param sourceID SourceID of the exporting process
* @param dataTemplateInfo Pointer to a structure defining the DataTemplate used
*/
void IpfixPrinter::onTemplateDestruction(IpfixTemplateDestructionRecord* record)
{
/* we need a FieldInfo for printIPv4 */
IpfixRecord::FieldInfo::Type tmpInfo = {0, 4, false, 0}; // length=4 for IPv4 address
printf("Destroyed a Template (id=%u) from ", record->templateInfo->templateId);
if(record->sourceID->exporterAddress.len == 4)
printIPv4(tmpInfo, &record->sourceID->exporterAddress.ip[0]);
else
printf("non-IPv4 address");
printf(":%d (", record->sourceID->exporterPort);
tmpInfo.length = 1; // length=1 for protocol identifier
printProtocol(tmpInfo, &record->sourceID->protocol);
printf(")\n");
record->removeReference();
}
/**
* Prints an OptionsRecord
* @param sourceID SourceID of the exporting process
* @param dataTemplateInfo Pointer to a structure defining the DataTemplate used
* @param length Length of the data block supplied
* @param data Pointer to a data block containing all variable fields
*/
void IpfixPrinter::onOptionsRecord(IpfixOptionsRecord* record)
{
/* we need a FieldInfo for printIPv4 */
IpfixRecord::FieldInfo::Type tmpInfo = {0, 4, false, 0}; // length=4 for IPv4 address
printf("\n-+--- OptionsDataRecord (Template id=%u from ", record->optionsTemplateInfo->templateId);
if (record->sourceID->exporterAddress.len == 4)
printIPv4(tmpInfo, &record->sourceID->exporterAddress.ip[0]);
else
printf("non-IPv4 address");
printf(":%d (", record->sourceID->exporterPort);
tmpInfo.length = 1; // length=1 for protocol identifier
printProtocol(tmpInfo, &record->sourceID->protocol);
printf(") )\n");
printf(" `---\n\n");
record->removeReference();
}
/**
* Prints a Template that was announced to be destroyed
* @param sourceID SourceID of the exporting process
* @param dataTemplateInfo Pointer to a structure defining the DataTemplate used
*/
void IpfixPrinter::onTemplateDestruction(IpfixTemplateDestructionRecord* record)
{
boost::shared_ptr<TemplateInfo> templateInfo = record->templateInfo;
switch(templateInfo->setId) {
case TemplateInfo::NetflowTemplate:
fprintf(fh, "\n-+--- Destroyed Netflow Template (id=%u, uniqueId=%u) from ", templateInfo->templateId, templateInfo->getUniqueId());
break;
case TemplateInfo::NetflowOptionsTemplate:
fprintf(fh, "\n-+--- Destroyed Netflow Options Template (id=%u, uniqueId=%u) from ", templateInfo->templateId, templateInfo->getUniqueId());
break;
case TemplateInfo::IpfixTemplate:
fprintf(fh, "\n-+--- Destroyed Ipfix Template (id=%u, uniqueId=%u) from ", templateInfo->templateId, templateInfo->getUniqueId());
break;
case TemplateInfo::IpfixOptionsTemplate:
fprintf(fh, "\n-+--- Destroyed Ipfix Options Template (id=%u, uniqueId=%u) from ", templateInfo->templateId, templateInfo->getUniqueId());
break;
case TemplateInfo::IpfixDataTemplate:
fprintf(fh, "\n-+--- Destroyed Ipfix Data Template (id=%u, uniqueId=%u) from ", templateInfo->templateId, templateInfo->getUniqueId());
break;
default:
msg(MSG_ERROR, "IpfixPrinter: Template destruction recordwith unknown setId=%u, uniqueId=%u", templateInfo->setId, templateInfo->getUniqueId());
}
if (record->sourceID) {
if (record->sourceID->exporterAddress.len == 4)
printIPv4(*(uint32_t*)(&record->sourceID->exporterAddress.ip[0]));
else
fprintf(fh, "non-IPv4 address");
fprintf(fh, ":%u (", record->sourceID->exporterPort);
printProtocol(record->sourceID->protocol);
fprintf(fh, ")\n");
} else {
fprintf(fh, "no sourceID given in template");
}
record->removeReference();
}
/**
* prints record as a tree
*/
void IpfixPrinter::printTreeRecord(IpfixDataRecord* record)
{
int i;
switch(record->templateInfo->setId) {
case TemplateInfo::NetflowTemplate:
fprintf(fh, "\n-+--- Netflow Data Record (id=%u) from ", record->templateInfo->templateId);
break;
case TemplateInfo::NetflowOptionsTemplate:
fprintf(fh, "\n-+--- Netflow Options Data Record (id=%u) from ", record->templateInfo->templateId);
break;
case TemplateInfo::IpfixTemplate:
fprintf(fh, "\n-+--- Ipfix Data Record (id=%u) from ", record->templateInfo->templateId);
break;
case TemplateInfo::IpfixOptionsTemplate:
fprintf(fh, "\n-+--- Ipfix Options Data Record (id=%u) from ", record->templateInfo->templateId);
break;
case TemplateInfo::IpfixDataTemplate:
fprintf(fh, "\n-+--- Ipfix Data Data Record (id=%u, preceding=%u) from ", record->templateInfo->templateId, record->templateInfo->preceding);
break;
default:
msg(MSG_ERROR, "IpfixPrinter: Template with unknown setid=%u", record->templateInfo->setId);
}
if (record->sourceID) {
if (record->sourceID->exporterAddress.len == 4)
printIPv4(*(uint32_t*)(&record->sourceID->exporterAddress.ip[0]));
else
fprintf(fh, "non-IPv4 address");
fprintf(fh, ":%u (", record->sourceID->exporterPort);
printProtocol(record->sourceID->protocol);
fprintf(fh, ")\n");
} else {
fprintf(fh, "no sourceID given");
}
if(record->templateInfo->setId == TemplateInfo::IpfixDataTemplate) {
fprintf(fh, " `- fixed data\n");
for (i = 0; i < record->templateInfo->dataCount; i++) {
fprintf(fh, " ' `- ");
printFieldData(record->templateInfo->dataInfo[i].type,
(record->templateInfo->data + record->templateInfo->dataInfo[i].offset));
fprintf(fh, "\n");
}
}
if(record->templateInfo->setId == TemplateInfo::IpfixOptionsTemplate) {
fprintf(fh, " `- variable scope data\n");
for(i = 0; i < record->templateInfo->scopeCount; i++) {
fprintf(fh, " ' `- ");
printFieldData(record->templateInfo->scopeInfo[i].type, (record->data + record->templateInfo->scopeInfo[i].offset));
fprintf(fh, "\n");
}
}
fprintf(fh, " `- variable data\n");
for (i = 0; i < record->templateInfo->fieldCount; i++) {
fprintf(fh, " ' `- ");
printFieldData(record->templateInfo->fieldInfo[i].type, (record->data + record->templateInfo->fieldInfo[i].offset));
fprintf(fh, "\n");
}
fprintf(fh, " `---\n\n");
}
/**
* Prints a Template
* @param sourceID SourceID of the exporting process
* @param templateInfo Pointer to a structure defining the Template used
*/
void IpfixPrinter::onTemplate(IpfixTemplateRecord* record)
{
boost::shared_ptr<TemplateInfo> templateInfo;
switch (outputType) {
case LINE:
case TREE:
templateInfo = record->templateInfo;
switch(templateInfo->setId) {
case TemplateInfo::NetflowTemplate:
fprintf(fh, "\n-+--- Netflow Template (id=%u, uniqueId=%u) from ", templateInfo->templateId, templateInfo->getUniqueId());
break;
case TemplateInfo::NetflowOptionsTemplate:
fprintf(fh, "\n-+--- Netflow Options Template (id=%u, uniqueId=%u) from ", templateInfo->templateId, templateInfo->getUniqueId());
break;
case TemplateInfo::IpfixTemplate:
fprintf(fh, "\n-+--- Ipfix Template (id=%u, uniqueId=%u) from ", templateInfo->templateId, templateInfo->getUniqueId());
break;
case TemplateInfo::IpfixOptionsTemplate:
fprintf(fh, "\n-+--- Ipfix Options Template (id=%u, uniqueId=%u) from ", templateInfo->templateId, templateInfo->getUniqueId());
break;
case TemplateInfo::IpfixDataTemplate:
fprintf(fh, "\n-+--- Ipfix Data Template (id=%u, preceding=%u, uniqueId=%u) from ", templateInfo->templateId, templateInfo->preceding, templateInfo->getUniqueId());
break;
default:
msg(MSG_ERROR, "IpfixPrinter: Template with unknown setId=%u, uniqueId=%u", templateInfo->setId, templateInfo->getUniqueId());
}
if (record->sourceID) {
if (record->sourceID->exporterAddress.len == 4)
printIPv4(*(uint32_t*)(&record->sourceID->exporterAddress.ip[0]));
else
fprintf(fh, "non-IPv4 address");
fprintf(fh, ":%u (", record->sourceID->exporterPort);
printProtocol(record->sourceID->protocol);
fprintf(fh, ")\n");
} else {
fprintf(fh, "no sourceID given in template");
}
if (templateInfo->setId == TemplateInfo::IpfixTemplate) {
for (int i = 0; i < templateInfo->fieldCount; i++) {
TemplateInfo::FieldInfo* fi = &templateInfo->fieldInfo[i];
fprintf(fh, " ' `- %s\n", fi->type.toString().c_str());
}
}
// print fixed data in the case of a data template
if(templateInfo->setId == TemplateInfo::IpfixDataTemplate) {
fprintf(fh, " `- fixed data\n");
for (int i = 0; i < templateInfo->dataCount; i++) {
fprintf(fh, " ' `- ");
printFieldData(templateInfo->dataInfo[i].type,
(templateInfo->data + templateInfo->dataInfo[i].offset));
fprintf(fh, "\n");
}
}
fprintf(fh, " `---\n\n");
break;
case TABLE:
case NONE:
break;
}
record->removeReference();
}
/**
* Prints a string representation of IpfixRecord::Data to stdout.
*/
void PrintHelpers::printFieldData(InformationElement::IeInfo type, IpfixRecord::Data* pattern) {
timeval t;
uint64_t hbnum;
string typeStr = type.toString();
// try to get the values aligned
if (typeStr.length() < 60)
fprintf(fh, "%-60s: ", type.toString().c_str());
else
fprintf(fh, "%s: ", type.toString().c_str());
switch (type.enterprise) {
case 0:
switch (type.id) {
case IPFIX_TYPEID_protocolIdentifier:
printProtocol(type, pattern);
return;
case IPFIX_TYPEID_sourceIPv4Address:
printIPv4(type, pattern);
return;
case IPFIX_TYPEID_destinationIPv4Address:
printIPv4(type, pattern);
return;
case IPFIX_TYPEID_sourceTransportPort:
printPort(type, pattern);
return;
case IPFIX_TYPEID_destinationTransportPort:
printPort(type, pattern);
return;
case IPFIX_TYPEID_flowStartSeconds:
case IPFIX_TYPEID_flowEndSeconds:
case IPFIX_TYPEID_flowStartMilliSeconds:
case IPFIX_TYPEID_flowEndMilliSeconds:
case PSAMP_TYPEID_observationTimeSeconds:
printLocaltime(type, pattern);
return;
case IPFIX_TYPEID_flowStartNanoSeconds:
case IPFIX_TYPEID_flowEndNanoSeconds:
hbnum = ntohll(*(uint64_t*)pattern);
if (hbnum>0) {
t = timentp64(*((ntp64*)(&hbnum)));
fprintf(fh, "%u.%06d seconds", (int32_t)t.tv_sec, (int32_t)t.tv_usec);
} else {
fprintf(fh, "no value (only zeroes in field)");
}
return;
}
break;
case IPFIX_PEN_reverse:
switch (type.id) {
case IPFIX_TYPEID_flowStartNanoSeconds:
case IPFIX_TYPEID_flowEndNanoSeconds:
hbnum = ntohll(*(uint64_t*)pattern);
if (hbnum>0) {
t = timentp64(*((ntp64*)(&hbnum)));
fprintf(fh, "%u.%06d seconds", (int32_t)t.tv_sec, (int32_t)t.tv_usec);
} else {
fprintf(fh, "no value (only zeroes in field)");
}
return;
}
break;
default:
{
if (type==InformationElement::IeInfo(IPFIX_ETYPEID_frontPayload, IPFIX_PEN_vermont) ||
type==InformationElement::IeInfo(IPFIX_ETYPEID_frontPayload, IPFIX_PEN_vermont|IPFIX_PEN_reverse)) {
printFrontPayload(type, pattern);
return;
}
}
}
printUint(type, pattern);
}