예제 #1
0
int main(int argc, char **argv) {

	lnf_file_t *filep;
	lnf_rec_t *recp;
	lnf_mem_t *memp;
	lnf_mem_cursor_t *cursor;

	lnf_brec1_t brec;

	int i = 0;

    int print = 1;
    int printa = 1;
    char *filename = FILENAME;
    char c;

	while ((c = getopt (argc, argv, "pPAf:")) != -1) {
		switch (c) {
			case 'p':
				print = 0;
				break;
			case 'P':
				print = 0;
				break;
			case 'f':
				filename = optarg;
				break;
			case 'A':
				printa = 0;
				break;
			case '?':
				printf("Usage: %s [ -P ] [ -A ] [ -f <input file name> ] \n", argv[0]);
				printf(" -P : do not print input records to stdout\n");
				printf(" -A : do not aggregated records to stdout\n");
				exit(1);
		}
	}

	
	if (lnf_open(&filep, filename, LNF_READ, NULL) != LNF_OK) {
		fprintf(stderr, "Can not open file %s\n", filename);
		exit(1);
	}


	lnf_rec_init(&recp);
	lnf_mem_init(&memp);

	/* set rules for aggregation srcip/24,srcport,dstas */
	lnf_mem_fadd(memp, LNF_FLD_SRCADDR, LNF_AGGR_KEY|LNF_SORT_DESC, 24, 64);
	lnf_mem_fadd(memp, LNF_FLD_SRCPORT, LNF_AGGR_KEY, 0, 0); 
	lnf_mem_fadd(memp, LNF_FLD_DSTAS, LNF_AGGR_KEY, 0, 0);


	lnf_mem_fadd(memp, LNF_FLD_FIRST, LNF_AGGR_MIN, 0, 0);
	lnf_mem_fadd(memp, LNF_FLD_LAST, LNF_AGGR_MAX, 0, 0);
	lnf_mem_fadd(memp, LNF_FLD_TCP_FLAGS, LNF_AGGR_OR, 0, 0);
	lnf_mem_fadd(memp, LNF_FLD_DOCTETS, LNF_AGGR_SUM, 0, 0);
	lnf_mem_fadd(memp, LNF_FLD_DPKTS, LNF_AGGR_SUM, 0, 0);



	while (lnf_read(filep, recp) != LNF_EOF) {

		i++;

		/* add to memory heap */
		lnf_mem_write(memp,recp);

		if (print) {
			char sbuf[INET6_ADDRSTRLEN];
			char dbuf[INET6_ADDRSTRLEN];

			lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
	
			inet_ntop(AF_INET6, &brec.srcaddr, sbuf, INET6_ADDRSTRLEN);
			inet_ntop(AF_INET6, &brec.dstaddr, dbuf, INET6_ADDRSTRLEN);

			printf(" %s :%d -> %s :%d %llu %llu %llu\n", 
					sbuf, brec.srcport, 
					dbuf, brec.dstport,  
					(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
		}
	}

	printf("Total input records: %d\n", i);


	i = 0;
	printf("First read\n");
	lnf_mem_first_c(memp, &cursor);
	while (cursor != NULL) {

		i++;
		lnf_mem_read_c(memp, cursor, recp);

		if (printa) {
			char sbuf[INET6_ADDRSTRLEN];
			char dbuf[INET6_ADDRSTRLEN];

			lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
	
			inet_ntop(AF_INET6, &brec.srcaddr, sbuf, INET6_ADDRSTRLEN);
			inet_ntop(AF_INET6, &brec.dstaddr, dbuf, INET6_ADDRSTRLEN);

			printf(" %s :%d -> %s :%d %llu %llu %llu\n", 
					sbuf, brec.srcport, 
					dbuf, brec.dstport,  
					(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
		}

		lnf_mem_next_c(memp, &cursor);
	}

	printf("Second read\n");
	lnf_mem_first_c(memp, &cursor);

	while (cursor != NULL) {

		i++;
		lnf_mem_read_c(memp, cursor, recp);

		if (printa) {
			char sbuf[INET6_ADDRSTRLEN];
			char dbuf[INET6_ADDRSTRLEN];

			lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
	
			inet_ntop(AF_INET6, &brec.srcaddr, sbuf, INET6_ADDRSTRLEN);
			inet_ntop(AF_INET6, &brec.dstaddr, dbuf, INET6_ADDRSTRLEN);

			printf(" %s :%d -> %s :%d %llu %llu %llu\n", 
					sbuf, brec.srcport, 
					dbuf, brec.dstport,  
					(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
		}
		lnf_mem_next_c(memp, &cursor);
	}
	printf("Total aggregated records: %d\n", i);

	lnf_mem_free(memp);
	lnf_rec_free(recp);
	lnf_close(filep);

	return 0;
}
예제 #2
0
int main(int argc, char **argv) {

	lnf_file_t *filep;
	lnf_rec_t *recp;
	lnf_mem_t *memp1;
	lnf_mem_t *memp2;
	lnf_mem_cursor_t *cursor;

	lnf_brec1_t brec;

	int i = 0;

    int print = 1;
    int printa = 1;
    char *filename = FILENAME;
    int c;

	char buff[LNF_MAX_RAW_LEN];
	int datasize;

	while ((c = getopt (argc, argv, "pPAf:")) != -1) {
		switch (c) {
			case 'p':
				print = 0;
				break;
			case 'P':
				print = 0;
				break;
			case 'f':
				filename = optarg;
				break;
			case 'A':
				printa = 0;
				break;
			case '?':
				printf("Usage: %s [ -P ] [ -A ] [ -f <input file name> ] \n", argv[0]);
				printf(" -P : do not print input records to stdout\n");
				printf(" -A : do not aggregated records to stdout\n");
				exit(1);
		}
	}

	
	if (lnf_open(&filep, filename, LNF_READ, NULL) != LNF_OK) {
		fprintf(stderr, "Can not open file %s\n", filename);
		exit(1);
	}


	lnf_rec_init(&recp);
	lnf_mem_init(&memp1);
	lnf_mem_init(&memp2);

	lnf_mem_fastaggr(memp1, LNF_FAST_AGGR_BASIC);
	lnf_mem_fastaggr(memp2, LNF_FAST_AGGR_BASIC);

	/* set rules for aggregation srcip/24,srcport,dstas */
	lnf_mem_fadd(memp1, LNF_FLD_SRCADDR, LNF_AGGR_KEY|LNF_SORT_DESC, 24, 64);
	lnf_mem_fadd(memp2, LNF_FLD_SRCADDR, LNF_AGGR_KEY|LNF_SORT_DESC, 24, 64);

	while (lnf_read(filep, recp) != LNF_EOF) {

		i++;

		/* add to memory heap */
		lnf_mem_write(memp1, recp);

		if (print) {
			char sbuf[INET6_ADDRSTRLEN];
			char dbuf[INET6_ADDRSTRLEN];

			lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
	
			inet_ntop(AF_INET6, &brec.srcaddr, sbuf, INET6_ADDRSTRLEN);
			inet_ntop(AF_INET6, &brec.dstaddr, dbuf, INET6_ADDRSTRLEN);

			printf(" %s :%d -> %s :%d %llu %llu %llu\n", 
					sbuf, brec.srcport, 
					dbuf, brec.dstport,  
					(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
		}
	}

	printf("Total input records: %d\n", i);

	/* transfer data from memp1 to memp2 */
	lnf_mem_first_c(memp1, &cursor);
	while (cursor != NULL) {
		lnf_mem_read_raw_c(memp1, cursor, buff, &datasize, LNF_MAX_RAW_LEN);
		lnf_mem_write_raw(memp2, buff, datasize);
		lnf_mem_next_c(memp1, &cursor);
	}


	/* all data are now in memp2) */


	i = 0;
	lnf_mem_first_c(memp2, &cursor);
	while (cursor != NULL) {

		i++;
		lnf_mem_read_c(memp2, cursor, recp);

		if (printa) {
			char sbuf[INET6_ADDRSTRLEN];
			char dbuf[INET6_ADDRSTRLEN];

			lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
	
			inet_ntop(AF_INET6, &brec.srcaddr, sbuf, INET6_ADDRSTRLEN);
			inet_ntop(AF_INET6, &brec.dstaddr, dbuf, INET6_ADDRSTRLEN);

			printf(" %s :%d -> %s :%d %llu %llu %llu\n", 
					sbuf, brec.srcport, 
					dbuf, brec.dstport,  
					(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
		}
		lnf_mem_next_c(memp2, &cursor);
	}

	printf("Total aggregated records: %d\n", i);

	lnf_mem_free(memp1);
	lnf_mem_free(memp2);
	lnf_rec_free(recp);
	lnf_close(filep);

	return 0;
}
예제 #3
0
int main(int argc, char **argv) {

	lnf_file_t *filep;
	lnf_rec_t *recp, *recp2;
	lnf_mem_t *memp;
	lnf_mem_cursor_t *cursor, *cursor2;

	lnf_brec1_t brec;
	uint16_t port;

	int i = 0;

    int print = 1;
    int printa = 1;
	int len;
    char *filename = FILENAME;
    char c;
	char buff[1024];

	while ((c = getopt (argc, argv, "pPAf:")) != -1) {
		switch (c) {
			case 'p':
				print = 0;
				break;
			case 'P':
				print = 0;
				break;
			case 'f':
				filename = optarg;
				break;
			case 'A':
				printa = 0;
				break;
			case '?':
				printf("Usage: %s [ -P ] [ -A ] [ -f <input file name> ] \n", argv[0]);
				printf(" -P : do not print input records to stdout\n");
				printf(" -A : do not aggregated records to stdout\n");
				exit(1);
		}
	}

	
	if (lnf_open(&filep, filename, LNF_READ, NULL) != LNF_OK) {
		fprintf(stderr, "Can not open file %s\n", filename);
		exit(1);
	}


	lnf_rec_init(&recp);
	lnf_mem_init(&memp);

	/* set rules for aggregation srcip/24,srcport,dstas */
	lnf_mem_fadd(memp, LNF_FLD_SRCPORT, LNF_AGGR_KEY, 0, 0); 

	lnf_mem_fadd(memp, LNF_FLD_FIRST, LNF_AGGR_MIN, 0, 0);
	lnf_mem_fadd(memp, LNF_FLD_DOCTETS, LNF_AGGR_SUM|LNF_SORT_DESC, 0, 0);
	lnf_mem_fadd(memp, LNF_FLD_DPKTS, LNF_AGGR_SUM, 0, 0);



	while (lnf_read(filep, recp) != LNF_EOF) {
		i++;
		/* add to memory heap */
		lnf_mem_write(memp,recp);
	}

	printf("Total input records: %d\n", i);


	i = 0;
	while (lnf_mem_read(memp, recp) != LNF_EOF) {

		i++;

		if (printa) {
			lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
			printf(" %d - %llu %llu %llu\n", 
					brec.srcport, 
					(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
		}
	}

	printf("Total aggregated records: %d\n", i);
	printf("Lookup for src port 1123\n");

	lnf_rec_init(&recp2);

	/* set key field in record */
	port = 1123;
	lnf_rec_fset(recp2, LNF_FLD_SRCPORT, &port);
	
	if (lnf_mem_lookup_c(memp, recp2, &cursor) == LNF_OK) {
		lnf_mem_read_c(memp, cursor, recp);

		lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);	
		printf(" %d - %llu %llu %llu\n", 
			brec.srcport, 
			(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
	} else {
		printf("Record not found\n");
	}

	/* additional testion of lnf_mem_lookup_raw_c */
	/* it's just testing - doesn't make any sense */
	if (cursor != NULL && lnf_mem_read_raw_c(memp, cursor, buff, &len, sizeof(buff)) == LNF_OK) {
		if (lnf_mem_lookup_raw_c(memp, buff, len, &cursor2) == LNF_OK) {
			if (cursor == cursor2) {
				printf("Read through lnf_lookup_raw_c is ok \n");
			}	
		} 
	} 
	

	lnf_mem_free(memp);
	lnf_rec_free(recp);
	lnf_close(filep);

	return 0;
}
예제 #4
0
파일: nfdumpp.c 프로젝트: Lukas955/nf-tools
int main(int argc, char **argv) {

    lnf_rec_t *recp;
    pthread_t th[MAX_THREADS];
    int i = 0;
    int numthreads = 1;
    int sortfield = 0;
    int sortbits4 = 0;
    int sortbits6 = 0;
    char c;
//	lnf_filter_t *filterp;


    flist_init(&flist);

    numthreads = get_cpu_cores() * NUM_THREADS_FACTOR;

    /* initalise one instance of memory heap (share by all threads) */
    memp = NULL;
    filterp = NULL;
    progressp = NULL;
    recp = NULL;
    filter[0] = '\0';

    /* fields in all outpusts */
    fields_add(LNF_FLD_FIRST);
    fields_add(LNF_FLD_CALC_DURATION);


    while ((c = getopt_long(argc, argv, "A:O:r:R:T:W;", longopts, NULL)) != -1) {
        switch (c) {
        case 1:
        case 'T': 	/* T option will be removed in future */
            numthreads = atoi(optarg);
            if (numthreads > MAX_THREADS) {
                fprintf(stderr, "Maximim allowed threads is %d\n", MAX_THREADS);
                exit(1);
                //	numthreads = MAX_THREADS - 1;
            }
            break;
        case 2:
            if (strcmp(optarg, "nfdump") == 0) {
                filter_type = NFDUMPP_FILTER_NFDUMP;
            } else if (strcmp(optarg, "libnf") == 0) {
                filter_type = NFDUMPP_FILTER_LIBNF;
            } else {
                fprintf(stderr, "Invalid filter type \"%s\". Allowed options nfdump or libnf. \n", optarg);
                exit(1);
            }
            break;
        case 'r':
        case 'R':
            flist_lookup_dir(&flist, optarg);
            break;
        case 'A':
            if (memp == NULL) {
                lnf_mem_init(&memp);
            }
            parse_aggreg(memp, optarg);
            break;
        case 'O':
            sortfield = lnf_fld_parse(optarg, &sortbits4, &sortbits6);
            if (sortfield == 0) {
                fprintf(stderr, "Unknow or unsupported sort field: %s\n", optarg);
                exit(1);
            }
            break;
        case '?':
            printf("Usage: %s [ -A ] [ -R -r ] [ <filter> ] \n", argv[0]);
            printf(" -r : \n");
            printf(" -R : Input file or directory  (multiple -r -R options is allowed)\n");
            printf(" -A : aggregation\n");
            printf(" -O : sort order\n");
            printf(" --num-threads = <num> : num threads (default: %.0f%% number of CPU cores, %d on this system)\n",
                   NUM_THREADS_FACTOR * 100, numthreads);
            printf(" --filter-type = nfdump|libnf : use original nfdump filter or new libnf implementation \n");
            printf("\n");
            exit(1);
        }
    }

    /* set filter */
    if (optind < argc ) {
        for ( ; optind < argc; optind++) {
            if (strlen(filter) + strlen(argv[optind]) > MAX_FILTER_LEN) {
                fprintf(stderr, "Not enough space for filter in buffer\n");
                exit(1);
            }
            strcat(filter, argv[optind]);
            strcat(filter, " ");
            printf("filter: %s \n", filter);
        }

        filterp = NULL;
        switch (filter_type) {
        case NFDUMPP_FILTER_DEFAULT:
            lnf_filter_init(&filterp, filter);
            break;
        case NFDUMPP_FILTER_NFDUMP:
            lnf_filter_init_v1(&filterp, filter);
            break;
        case NFDUMPP_FILTER_LIBNF:
            lnf_filter_init_v2(&filterp, filter);
            break;
        default:
            fprintf(stderr, "This should never hapen line: %d\n", __LINE__);
            exit(1);
            break;
        }

        if (filterp == NULL) {
            fprintf(stderr, "Can not compile filter: %s\n", filter);
            exit(1);
        }
//		lnf_filter_free(filterp);
    }


    /* init progress bar */
    if  (progress_init(&progressp, 0, NULL) != NULL) {
        progress_steps(progressp,  flist_count(&flist));
    }

    /* aggregated or not aggregated records */
    if (memp == NULL) {
        /* not aggregated, but sorted */
        if (sortfield > 0) {
            lnf_mem_init(&memp);
            /* switch memp into list mode */
            lnf_mem_setopt(memp, LNF_OPT_LISTMODE, NULL, 0);
            lnf_mem_fastaggr(memp, LNF_FAST_AGGR_BASIC);
            lnf_mem_fadd(memp, LNF_FLD_PROT, LNF_AGGR_KEY, 0, 0);
            lnf_mem_fadd(memp, LNF_FLD_SRCADDR, LNF_AGGR_KEY, 24, 128);
            lnf_mem_fadd(memp, LNF_FLD_SRCPORT, LNF_AGGR_KEY, 0, 0);
            lnf_mem_fadd(memp, LNF_FLD_DSTADDR, LNF_AGGR_KEY, 24, 128);
            lnf_mem_fadd(memp, LNF_FLD_DSTPORT, LNF_AGGR_KEY, 0, 0);
        }
        fields_add(LNF_FLD_PROT);
        fields_add(LNF_FLD_SRCADDR);
        fields_add(LNF_FLD_SRCPORT);
        fields_add(LNF_FLD_DSTADDR);
        fields_add(LNF_FLD_DSTPORT);
    }

    /* default fields on the ond of the list */
    fields_add(LNF_FLD_DPKTS);
    fields_add(LNF_FLD_DOCTETS);
    fields_add(LNF_FLD_CALC_BPS);
    fields_add(LNF_FLD_CALC_BPP);
    fields_add(LNF_FLD_AGGR_FLOWS);

    /* set sort firld */
    if (sortfield > 0) {
        int defaultaggr = 0;
        int defaultsort = 0;
        lnf_fld_info(sortfield, LNF_FLD_INFO_AGGR, &defaultaggr, sizeof(int));
        lnf_fld_info(sortfield, LNF_FLD_INFO_SORT, &defaultsort, sizeof(int));
        lnf_mem_fadd(memp, sortfield, defaultaggr|defaultsort, sortbits4, sortbits6);
    }


    print_header();

    /*  prepare and run threads */
    pthread_mutex_init(&mutex, NULL);

    for ( i = 0 ; i < numthreads ; i++ ) {
        if ( pthread_create(&th[i], NULL, process_thread, NULL) < 0) {
            fprintf(stderr, "Can not create thread for %d\n", i);
            break;
        }
    }

    /* wait for threads */
    for ( i = 0; i < numthreads; i++ ) {
        if( pthread_join(th[i], NULL) ) {
            fprintf(stderr, "Error joining thread\n");
            break;
        }
    }

    /* print the records out */
    if (memp != NULL) {
        i = 0;
        lnf_rec_init(&recp);
        while (lnf_mem_read(memp, recp) != LNF_EOF) {
            i++;
            print_row(recp);
            outputflows++;
        }
    }

    /* header */
    printf("Total input flows %d, output flows: %lu\n", totalrows, outputflows);

    lnf_mem_free(memp);
    lnf_rec_free(recp);
    if (filterp != NULL) {
        lnf_filter_free(filterp);
    }


}