void Connection::convertNtp64(uint64_t ntptime, uint64_t& result)
{
uint64_t hbnum = ntohll(*(uint64_t*)&ntptime);
if (hbnum>0) {
timeval t = timentp64(*((ntp64*)(&hbnum)));
result = (uint64_t)t.tv_sec*1000+(uint64_t)t.tv_usec/1000;
} else {
result = 0;
}
}
/**
* Prints a string representation of IpfixRecord::Data to stdout.
*/
void printFieldData(IpfixRecord::FieldInfo::Type type, IpfixRecord::Data* pattern) {
char* s;
timeval t;
uint64_t hbnum;
switch (type.id) {
case IPFIX_TYPEID_protocolIdentifier:
printf("protocolIdentifier: ");
printProtocol(type, pattern);
break;
case IPFIX_TYPEID_sourceIPv4Address:
printf("sourceIPv4Address: ");
printIPv4(type, pattern);
break;
case IPFIX_TYPEID_destinationIPv4Address:
printf("destinationIPv4Address: ");
printIPv4(type, pattern);
break;
case IPFIX_TYPEID_sourceTransportPort:
printf("sourceTransportPort: ");
printPort(type, pattern);
break;
case IPFIX_TYPEID_destinationTransportPort:
printf("destinationTransportPort: ");
printPort(type, pattern);
break;
case IPFIX_TYPEID_flowStartNanoSeconds:
case IPFIX_TYPEID_flowEndNanoSeconds:
case IPFIX_ETYPEID_revFlowStartNanoSeconds:
case IPFIX_ETYPEID_revFlowEndNanoSeconds:
printf("%s: ", typeid2string(type.id));
hbnum = ntohll(*(uint64_t*)pattern);
if (hbnum>0) {
t = timentp64(*((ntp64*)(&hbnum)));
printf("%d.%06d seconds", (int32_t)t.tv_sec, (int32_t)t.tv_usec);
} else {
printf("no value (only zeroes in field)");
}
break;
case IPFIX_ETYPEID_frontPayload:
case IPFIX_ETYPEID_revFrontPayload:
printf("%s: ", typeid2string(type.id));
printFrontPayload(type, pattern);
break;
default:
s = typeid2string(type.id);
if (s != NULL) {
printf("%s: ", s);
printUint(type, pattern);
} else {
DPRINTF("Field with ID %d unparseable\n", type.id);
}
break;
}
}
/**
* prints a datarecord in a special, easy-to-read data format in one line
*/
void IpfixPrinter::printOneLineRecord(IpfixDataRecord* record)
{
boost::shared_ptr<IpfixRecord::DataTemplateInfo> dataTemplateInfo = record->templateInfo;
char buf[100], buf2[100];
if (linesPrinted==0 || linesPrinted>50) {
printf("%22s %20s %8s %5s %21s %21s %5s %5s\n", "Flow recvd.", "Flow start", "Duratn", "Prot", "Src IP:Port", "Dst IP:Port", "Pckts", "Bytes");
printf("-----------------------------------------------------------------------------------------------------------------\n");
linesPrinted = 0;
}
struct tm* tm;
struct timeval tv;
gettimeofday(&tv, 0);
tm = localtime(reinterpret_cast<time_t*>(&tv.tv_sec));
strftime(buf, ARRAY_SIZE(buf), "%F %T", tm);
snprintf(buf2, ARRAY_SIZE(buf2), "%s.%03ld", buf, tv.tv_usec/1000);
printf("%22s ", buf2);
uint32_t timetype = 0;
uint32_t starttime = 0;
IpfixRecord::FieldInfo* fi = dataTemplateInfo->getFieldInfo(IPFIX_TYPEID_flowStartSeconds, 0);
if (fi != NULL) {
timetype = IPFIX_TYPEID_flowStartSeconds;
time_t t = ntohl(*reinterpret_cast<time_t*>(record->data+fi->offset));
starttime = t;
tm = localtime(&t);
strftime(buf, 50, "%F %T", tm);
} else {
fi = dataTemplateInfo->getFieldInfo(IPFIX_TYPEID_flowStartMilliSeconds, 0);
if (fi != NULL) {
timetype = IPFIX_TYPEID_flowStartMilliSeconds;
uint64_t t2 = ntohll(*reinterpret_cast<uint64_t*>(record->data+fi->offset));
time_t t = t2/1000;
starttime = t;
tm = localtime(&t);
strftime(buf, 50, "%F %T", tm);
} else {
fi = dataTemplateInfo->getFieldInfo(IPFIX_TYPEID_flowStartSysUpTime, 0);
if (fi != NULL) {
timetype = IPFIX_TYPEID_flowStartSysUpTime;
starttime = ntohl(*reinterpret_cast<uint32_t*>(record->data+fi->offset));
snprintf(buf, 50, "%u:%02u.%04u", starttime/60000, (starttime%60000)/1000, starttime%1000);
} else {
fi = dataTemplateInfo->getFieldInfo(IPFIX_TYPEID_flowStartSeconds, 0);
if (fi != NULL) {
timetype = IPFIX_TYPEID_flowStartNanoSeconds;
uint64_t t2 = ntohll(*reinterpret_cast<uint64_t*>(record->data+fi->offset));
timeval t = timentp64(*((ntp64*)(&t2)));
tm = localtime(&t.tv_sec);
strftime(buf, 50, "%F %T", tm);
starttime = t.tv_sec;
}
}
}
}
if (timetype != 0) {
printf("%20s ", buf);
uint32_t dur = 0;
switch (timetype) {
case IPFIX_TYPEID_flowStartSeconds:
fi = dataTemplateInfo->getFieldInfo(IPFIX_TYPEID_flowEndSeconds, 0);
if (fi != NULL) {
dur = ntohl(*reinterpret_cast<uint32_t*>(record->data+fi->offset)) - starttime;
dur *= 1000;
}
break;
case IPFIX_TYPEID_flowStartMilliSeconds:
fi = dataTemplateInfo->getFieldInfo(IPFIX_TYPEID_flowEndMilliSeconds, 0);
if (fi != NULL) {
dur = ntohll(*reinterpret_cast<uint64_t*>(record->data+fi->offset)) - starttime;
dur *= 1000;
}
break;
case IPFIX_TYPEID_flowStartSysUpTime:
fi = dataTemplateInfo->getFieldInfo(IPFIX_TYPEID_flowEndSysUpTime, 0);
if (fi != NULL) {
dur = ntohl(*reinterpret_cast<uint32_t*>(record->data+fi->offset)) - starttime;
dur *= 1000;
}
break;
case IPFIX_TYPEID_flowStartNanoSeconds:
fi = dataTemplateInfo->getFieldInfo(IPFIX_TYPEID_flowEndNanoSeconds, 0);
if (fi != NULL) {
uint64_t t2 = ntohll(*reinterpret_cast<uint64_t*>(record->data+fi->offset));
timeval t = timentp64(*((ntp64*)(&t2)));
dur = t.tv_sec*1000+t.tv_usec/1000 - starttime;
}
}
snprintf(buf, 50, "%u.%04u", (dur)/1000, dur%1000);
printf("%8s ", buf);
}
else {
printf("%20s %8s ", "---", "---");
}
fi = dataTemplateInfo->getFieldInfo(IPFIX_TYPEID_protocolIdentifier, 0);
if (fi != NULL && fi->type.length==1) {
snprintf(buf, ARRAY_SIZE(buf), "%hhu", *reinterpret_cast<uint8_t*>(record->data+fi->offset));
} else {
snprintf(buf, ARRAY_SIZE(buf), "---");
}
printf("%5s ", buf);
fi = dataTemplateInfo->getFieldInfo(IPFIX_TYPEID_sourceIPv4Address, 0);
uint32_t srcip = 0;
if (fi != NULL && fi->type.length>=4) {
srcip = *reinterpret_cast<uint32_t*>(record->data+fi->offset);
}
fi = dataTemplateInfo->getFieldInfo(IPFIX_TYPEID_sourceTransportPort, 0);
uint32_t srcport = 0;
if (fi != NULL && fi->type.length==2) {
srcport = *reinterpret_cast<uint16_t*>(record->data+fi->offset);
}
snprintf(buf, ARRAY_SIZE(buf), "%hhu.%hhu.%hhu.%hhu:%hu", (srcip>>0)&0xFF, (srcip>>8)&0xFF, (srcip>>16)&0xFF, (srcip>>24)&0xFF, srcport);
printf("%21s ", buf);
fi = dataTemplateInfo->getFieldInfo(IPFIX_TYPEID_destinationIPv4Address, 0);
uint32_t dstip = 0;
if (fi != NULL && fi->type.length>=4) {
dstip = *reinterpret_cast<uint32_t*>(record->data+fi->offset);
}
fi = dataTemplateInfo->getFieldInfo(IPFIX_TYPEID_destinationTransportPort, 0);
uint32_t dstport = 0;
if (fi != NULL && fi->type.length==2) {
dstport = *reinterpret_cast<uint16_t*>(record->data+fi->offset);
}
snprintf(buf, ARRAY_SIZE(buf), "%hhu.%hhu.%hhu.%hhu:%hu", (dstip>>0)&0xFF, (dstip>>8)&0xFF, (dstip>>16)&0xFF, (dstip>>24)&0xFF, dstport);
printf("%21s ", buf);
fi = dataTemplateInfo->getFieldInfo(IPFIX_TYPEID_packetDeltaCount, 0);
if (fi != NULL) {
printUint(buf, fi->type, record->data+fi->offset);
} else {
snprintf(buf, ARRAY_SIZE(buf), "---");
}
printf("%5s ", buf);
fi = dataTemplateInfo->getFieldInfo(IPFIX_TYPEID_octetDeltaCount, 0);
if (fi != NULL) {
printUint(buf, fi->type, record->data+fi->offset);
} else {
snprintf(buf, ARRAY_SIZE(buf), "---");
}
printf("%5s \n", buf);
linesPrinted++;
}
/**
* Prints a string representation of IpfixRecord::Data to stdout.
*/
void PrintHelpers::printFieldData(InformationElement::IeInfo type, IpfixRecord::Data* pattern) {
timeval t;
uint64_t hbnum;
string typeStr = type.toString();
// try to get the values aligned
if (typeStr.length() < 60)
fprintf(fh, "%-60s: ", type.toString().c_str());
else
fprintf(fh, "%s: ", type.toString().c_str());
switch (type.enterprise) {
case 0:
switch (type.id) {
case IPFIX_TYPEID_protocolIdentifier:
printProtocol(type, pattern);
return;
case IPFIX_TYPEID_sourceIPv4Address:
printIPv4(type, pattern);
return;
case IPFIX_TYPEID_destinationIPv4Address:
printIPv4(type, pattern);
return;
case IPFIX_TYPEID_sourceTransportPort:
printPort(type, pattern);
return;
case IPFIX_TYPEID_destinationTransportPort:
printPort(type, pattern);
return;
case IPFIX_TYPEID_flowStartSeconds:
case IPFIX_TYPEID_flowEndSeconds:
case IPFIX_TYPEID_flowStartMilliSeconds:
case IPFIX_TYPEID_flowEndMilliSeconds:
case PSAMP_TYPEID_observationTimeSeconds:
printLocaltime(type, pattern);
return;
case IPFIX_TYPEID_flowStartNanoSeconds:
case IPFIX_TYPEID_flowEndNanoSeconds:
hbnum = ntohll(*(uint64_t*)pattern);
if (hbnum>0) {
t = timentp64(*((ntp64*)(&hbnum)));
fprintf(fh, "%u.%06d seconds", (int32_t)t.tv_sec, (int32_t)t.tv_usec);
} else {
fprintf(fh, "no value (only zeroes in field)");
}
return;
}
break;
case IPFIX_PEN_reverse:
switch (type.id) {
case IPFIX_TYPEID_flowStartNanoSeconds:
case IPFIX_TYPEID_flowEndNanoSeconds:
hbnum = ntohll(*(uint64_t*)pattern);
if (hbnum>0) {
t = timentp64(*((ntp64*)(&hbnum)));
fprintf(fh, "%u.%06d seconds", (int32_t)t.tv_sec, (int32_t)t.tv_usec);
} else {
fprintf(fh, "no value (only zeroes in field)");
}
return;
}
break;
default:
{
if (type==InformationElement::IeInfo(IPFIX_ETYPEID_frontPayload, IPFIX_PEN_vermont) ||
type==InformationElement::IeInfo(IPFIX_ETYPEID_frontPayload, IPFIX_PEN_vermont|IPFIX_PEN_reverse)) {
printFrontPayload(type, pattern);
return;
}
}
}
printUint(type, pattern);
}
