Пример #1
0
/**
 * Prints a string representation of FieldData to stdout.
 */
void printFieldData(FieldType type, FieldData* pattern) {
	char* s;
	
	switch (type.id) {
		case IPFIX_TYPEID_protocolIdentifier:
			printf("protocolIdentifier:");
			printProtocol(type, pattern);
			break;
		case IPFIX_TYPEID_sourceIPv4Address:
			printf("sourceIPv4Address:");
			printIPv4(type, pattern);
			break;
		case IPFIX_TYPEID_destinationIPv4Address:
			printf("destinationIPv4Address:");
			printIPv4(type, pattern);
			break;				
		case IPFIX_TYPEID_sourceTransportPort:
			printf("sourceTransportPort:");
			printPort(type, pattern);
			break;
		case IPFIX_TYPEID_destinationtransportPort:
			printf("destinationtransportPort:");
			printPort(type, pattern);
			break;
		default:
			s = typeid2string(type.id);
			if (s != NULL) {
				printf("%s:", s);
				printUint(type, pattern);
				} else {
				DPRINTF("Field with ID %d unparseable\n", type.id);
				}
			break;
		}
}
Пример #2
0
/**
 * Prints a string representation of IpfixRecord::Data to stdout.
 */
void printFieldData(IpfixRecord::FieldInfo::Type type, IpfixRecord::Data* pattern) {
	char* s;
	timeval t;
	uint64_t hbnum;

	switch (type.id) {
	case IPFIX_TYPEID_protocolIdentifier:
		printf("protocolIdentifier: ");
		printProtocol(type, pattern);
		break;
	case IPFIX_TYPEID_sourceIPv4Address:
		printf("sourceIPv4Address: ");
		printIPv4(type, pattern);
		break;
	case IPFIX_TYPEID_destinationIPv4Address:
		printf("destinationIPv4Address: ");
		printIPv4(type, pattern);
		break;
	case IPFIX_TYPEID_sourceTransportPort:
		printf("sourceTransportPort: ");
		printPort(type, pattern);
		break;
	case IPFIX_TYPEID_destinationTransportPort:
		printf("destinationTransportPort: ");
		printPort(type, pattern);
		break;
	case IPFIX_TYPEID_flowStartNanoSeconds:
	case IPFIX_TYPEID_flowEndNanoSeconds:
	case IPFIX_ETYPEID_revFlowStartNanoSeconds:
	case IPFIX_ETYPEID_revFlowEndNanoSeconds:
		printf("%s: ", typeid2string(type.id));
		hbnum = ntohll(*(uint64_t*)pattern);
		if (hbnum>0) {
			t = timentp64(*((ntp64*)(&hbnum)));
			printf("%d.%06d seconds", (int32_t)t.tv_sec, (int32_t)t.tv_usec);
		} else {
			printf("no value (only zeroes in field)");
		}
		break;
	case IPFIX_ETYPEID_frontPayload:
	case IPFIX_ETYPEID_revFrontPayload:
		printf("%s: ", typeid2string(type.id));
		printFrontPayload(type, pattern);
		break;
	default:
		s = typeid2string(type.id);
		if (s != NULL) {
			printf("%s: ", s);
			printUint(type, pattern);
		} else {
			DPRINTF("Field with ID %d unparseable\n", type.id);
		}
		break;
	}
}
Пример #3
0
/**
 * Prints a DataTemplate
 * @param sourceID SourceID of the exporting process
 * @param dataTemplateInfo Pointer to a structure defining the DataTemplate used
 */
void IpfixPrinter::onTemplate(IpfixTemplateRecord* record)
{
	int i;

	/* we need a FieldInfo for printIPv4 */
	IpfixRecord::FieldInfo::Type tmpInfo = {0, 4, false, 0}; // length=4 for IPv4 address
	printf("\n-+--- Template (id=%u) from ", record->templateInfo->templateId);
	if (record->sourceID) {
		if (record->sourceID->exporterAddress.len == 4)
			printIPv4(tmpInfo, &record->sourceID->exporterAddress.ip[0]);
		else
			printf("non-IPv4 address");
		printf(":%d (", record->sourceID->exporterPort);
		tmpInfo.length = 1; // length=1 for protocol identifier
		printProtocol(tmpInfo, &record->sourceID->protocol);
		printf(")\n");
	} else {
		printf("no sourceID given in template");
	}

	printf(" `- fixed data\n");
	for (i = 0; i < record->templateInfo->dataCount; i++) {
		printf(" '   `- ");
		printFieldData(record->templateInfo->dataInfo[i].type,
				(record->templateInfo->data + record->templateInfo->dataInfo[i].offset));
		printf("\n");
	}
	printf(" `---\n\n");
	record->removeReference();
}
Пример #4
0
/**
 * Prints a DataDataRecord
 * @param sourceID SourceID of the exporting process
 * @param dataTemplateInfo Pointer to a structure defining the DataTemplate used
 * @param length Length of the data block supplied
 * @param data Pointer to a data block containing all variable fields
 */
void IpfixPrinter::onDataDataRecord(IpfixDataDataRecord* record)
{
	boost::shared_ptr<IpfixRecord::DataTemplateInfo> dataTemplateInfo = record->dataTemplateInfo;
	int i;
	/* we need a FieldInfo for printIPv4 */
	IpfixRecord::FieldInfo::Type tmpInfo = {0, 4, false, 0}; // length=4 for IPv4 address
	printf("\n-+--- DataDataRecord (Template id=%u from ", dataTemplateInfo->templateId);
	if(record->sourceID->exporterAddress.len == 4)
		printIPv4(tmpInfo, &record->sourceID->exporterAddress.ip[0]);
	else
		printf("non-IPv4 address");
	printf(":%d (", record->sourceID->exporterPort);
	tmpInfo.length = 1; // length=1 for protocol identifier
	printProtocol(tmpInfo, &record->sourceID->protocol);
	printf(") )\n");

	printf(" `- fixed data\n");
	for (i = 0; i < dataTemplateInfo->dataCount; i++) {
		printf(" '   `- ");
		printFieldData(dataTemplateInfo->dataInfo[i].type,
				(dataTemplateInfo->data + dataTemplateInfo->dataInfo[i].offset));
		printf("\n");
	}
	printf(" `- variable data\n");
	for (i = 0; i < dataTemplateInfo->fieldCount; i++) {
		printf(" '   `- ");
		printFieldData(dataTemplateInfo->fieldInfo[i].type,
				(record->data + dataTemplateInfo->fieldInfo[i].offset));
		printf("\n");
	}
	printf(" `---\n\n");
	record->removeReference();
}
Пример #5
0
/**
 * Prints a DataRecord
 * @param sourceID SourceID of the exporting process
 * @param dataTemplateInfo Pointer to a structure defining the DataTemplate used
 * @param length Length of the data block supplied
 * @param data Pointer to a data block containing all variable fields
 */
void IpfixPrinter::onDataRecord(IpfixDataRecord* record)
{
	if (lineOutput) {
		printOneLineRecord(record);
	} else {
		int i;
		/* we need a FieldInfo for printIPv4 */
		IpfixRecord::FieldInfo::Type tmpInfo = {0, 4, false, 0}; // length=4 for IPv4 address
		printf("\n-+--- DataRecord (Template id=%u from ", record->templateInfo->templateId);
		if(record->sourceID->exporterAddress.len == 4)
			printIPv4(tmpInfo, &record->sourceID->exporterAddress.ip[0]);
		else
			printf("non-IPv4 address");
		printf(":%d (", record->sourceID->exporterPort);
		tmpInfo.length = 1; // length=1 for protocol identifier
		printProtocol(tmpInfo, &record->sourceID->protocol);
		printf(") )\n");

		printf(" `- variable data\n");
		for (i = 0; i < record->templateInfo->fieldCount; i++) {
			printf(" '   `- ");
			printFieldData(record->templateInfo->fieldInfo[i].type, (record->data + record->templateInfo->fieldInfo[i].offset));
			printf("\n");
		}
	}

	record->removeReference();
}
Пример #6
0
/**
 * Prints a DataRecord
 * @param sourceID SourceID of the exporting process
 * @param dataTemplateInfo Pointer to a structure defining the DataTemplate used
 * @param length Length of the data block supplied
 * @param data Pointer to a data block containing all variable fields
 */
void IpfixPrinter::onDataRecord(IpfixDataRecord* record)
{
	int i;
	/* we need a FieldInfo for printIPv4 */
	IpfixRecord::FieldInfo::Type tmpInfo = {0, 4, false, 0}; // length=4 for IPv4 address
	boost::shared_ptr<IpfixRecord::DataTemplateInfo> dataTemplateInfo;

	switch (outputType) {
		case LINE:
			printf("ERROR: one line record not implemented for IpfixDataRecords\n");
			//printOneLineRecord(record);
			break;

		case TREE:
			dataTemplateInfo = record->templateInfo;
			printf("\n-+--- DataRecord (Template id=%u from ", dataTemplateInfo->templateId);
			if(record->sourceID->exporterAddress.len == 4)
				printIPv4(tmpInfo, &record->sourceID->exporterAddress.ip[0]);
			else
				printf("non-IPv4 address");
			printf(":%d (", record->sourceID->exporterPort);
			tmpInfo.length = 1; // length=1 for protocol identifier
			printProtocol(tmpInfo, &record->sourceID->protocol);
			printf(") )\n");

			printf(" `- fixed data\n");
			for (i = 0; i < dataTemplateInfo->dataCount; i++) {
				printf(" '   `- ");
				printFieldData(dataTemplateInfo->dataInfo[i].type,
						(dataTemplateInfo->data + dataTemplateInfo->dataInfo[i].offset));
				printf("\n");
			}
			printf(" `- variable data\n");
			for (i = 0; i < dataTemplateInfo->fieldCount; i++) {
				printf(" '   `- ");
				printFieldData(dataTemplateInfo->fieldInfo[i].type,
						(record->data + dataTemplateInfo->fieldInfo[i].offset));
				printf("\n");
			}
			printf(" `---\n\n");
			break;

		case TABLE:
			printTableRecord(record);
			break;

		case NONE:
			break;
	}

	record->removeReference();
}
Пример #7
0
/**
 * Prints a DataTemplate that was announced to be destroyed
 * @param sourceID SourceID of the exporting process
 * @param dataTemplateInfo Pointer to a structure defining the DataTemplate used
 */
void IpfixPrinter::onTemplateDestruction(IpfixTemplateDestructionRecord* record)
{
	/* we need a FieldInfo for printIPv4 */
	IpfixRecord::FieldInfo::Type tmpInfo = {0, 4, false, 0}; // length=4 for IPv4 address
	printf("Destroyed a Template (id=%u) from ", record->templateInfo->templateId);
	if(record->sourceID->exporterAddress.len == 4)
		printIPv4(tmpInfo, &record->sourceID->exporterAddress.ip[0]);
	else
		printf("non-IPv4 address");
	printf(":%d (", record->sourceID->exporterPort);
	tmpInfo.length = 1; // length=1 for protocol identifier
	printProtocol(tmpInfo, &record->sourceID->protocol);
	printf(")\n");
	record->removeReference();
}
Пример #8
0
/**
 * Prints an OptionsRecord
 * @param sourceID SourceID of the exporting process
 * @param dataTemplateInfo Pointer to a structure defining the DataTemplate used
 * @param length Length of the data block supplied
 * @param data Pointer to a data block containing all variable fields
 */
void IpfixPrinter::onOptionsRecord(IpfixOptionsRecord* record)
{
	/* we need a FieldInfo for printIPv4 */
	IpfixRecord::FieldInfo::Type tmpInfo = {0, 4, false, 0}; // length=4 for IPv4 address
	printf("\n-+--- OptionsDataRecord (Template id=%u from ", record->optionsTemplateInfo->templateId);
	if (record->sourceID->exporterAddress.len == 4)
		printIPv4(tmpInfo, &record->sourceID->exporterAddress.ip[0]);
	else
		printf("non-IPv4 address");
	printf(":%d (", record->sourceID->exporterPort);
	tmpInfo.length = 1; // length=1 for protocol identifier
	printProtocol(tmpInfo, &record->sourceID->protocol);
	printf(") )\n");

	printf(" `---\n\n");
	record->removeReference();
}
Пример #9
0
/**
 * Prints a Template that was announced to be destroyed
 * @param sourceID SourceID of the exporting process
 * @param dataTemplateInfo Pointer to a structure defining the DataTemplate used
 */
void IpfixPrinter::onTemplateDestruction(IpfixTemplateDestructionRecord* record)
{
	boost::shared_ptr<TemplateInfo> templateInfo = record->templateInfo;
	switch(templateInfo->setId) {
		case TemplateInfo::NetflowTemplate:
			fprintf(fh, "\n-+--- Destroyed Netflow Template (id=%u, uniqueId=%u) from ", templateInfo->templateId, templateInfo->getUniqueId());
			break;
		case TemplateInfo::NetflowOptionsTemplate:
			fprintf(fh, "\n-+--- Destroyed Netflow Options Template (id=%u, uniqueId=%u) from ", templateInfo->templateId, templateInfo->getUniqueId());
			break;
		case TemplateInfo::IpfixTemplate:
			fprintf(fh, "\n-+--- Destroyed Ipfix Template (id=%u, uniqueId=%u) from ", templateInfo->templateId, templateInfo->getUniqueId());
			break;
		case TemplateInfo::IpfixOptionsTemplate:
			fprintf(fh, "\n-+--- Destroyed Ipfix Options Template (id=%u, uniqueId=%u) from ", templateInfo->templateId, templateInfo->getUniqueId());
			break;
		case TemplateInfo::IpfixDataTemplate:
			fprintf(fh, "\n-+--- Destroyed Ipfix Data Template (id=%u, uniqueId=%u) from ", templateInfo->templateId, templateInfo->getUniqueId());
			break;
		default:
			msg(MSG_ERROR, "IpfixPrinter: Template destruction recordwith unknown setId=%u, uniqueId=%u", templateInfo->setId, templateInfo->getUniqueId());

	}
	if (record->sourceID) {
		if (record->sourceID->exporterAddress.len == 4)
			printIPv4(*(uint32_t*)(&record->sourceID->exporterAddress.ip[0]));
		else
			fprintf(fh, "non-IPv4 address");
		fprintf(fh, ":%u (", record->sourceID->exporterPort);
		printProtocol(record->sourceID->protocol);
		fprintf(fh, ")\n");
	} else {
		fprintf(fh, "no sourceID given in template");
	}
	record->removeReference();
}
Пример #10
0
/**
 * prints record as a tree
 */
void IpfixPrinter::printTreeRecord(IpfixDataRecord* record)
{
	int i;

	switch(record->templateInfo->setId) {
		case TemplateInfo::NetflowTemplate:
			fprintf(fh, "\n-+--- Netflow Data Record (id=%u) from ", record->templateInfo->templateId);
			break;
		case TemplateInfo::NetflowOptionsTemplate:
			fprintf(fh, "\n-+--- Netflow Options Data Record (id=%u) from ", record->templateInfo->templateId);
			break;
		case TemplateInfo::IpfixTemplate:
			fprintf(fh, "\n-+--- Ipfix Data Record (id=%u) from ", record->templateInfo->templateId);
			break;
		case TemplateInfo::IpfixOptionsTemplate:
			fprintf(fh, "\n-+--- Ipfix Options Data Record (id=%u) from ", record->templateInfo->templateId);
			break;
		case TemplateInfo::IpfixDataTemplate:
			fprintf(fh, "\n-+--- Ipfix Data Data Record (id=%u, preceding=%u) from ", record->templateInfo->templateId, record->templateInfo->preceding);
			break;
		default:
			msg(MSG_ERROR, "IpfixPrinter: Template with unknown setid=%u", record->templateInfo->setId);

	}
	if (record->sourceID) {
		if (record->sourceID->exporterAddress.len == 4)
			printIPv4(*(uint32_t*)(&record->sourceID->exporterAddress.ip[0]));
		else
			fprintf(fh, "non-IPv4 address");
		fprintf(fh, ":%u (", record->sourceID->exporterPort);
		printProtocol(record->sourceID->protocol);
		fprintf(fh, ")\n");
	} else {
		fprintf(fh, "no sourceID given");
	}

	if(record->templateInfo->setId == TemplateInfo::IpfixDataTemplate) {
		fprintf(fh, " `- fixed data\n");
		for (i = 0; i < record->templateInfo->dataCount; i++) {
			fprintf(fh, " '   `- ");
			printFieldData(record->templateInfo->dataInfo[i].type,
					(record->templateInfo->data + record->templateInfo->dataInfo[i].offset));
			fprintf(fh, "\n");
		}
	}

	if(record->templateInfo->setId == TemplateInfo::IpfixOptionsTemplate) {
		fprintf(fh, " `- variable scope data\n");
		for(i = 0; i < record->templateInfo->scopeCount; i++) {
			fprintf(fh, " '   `- ");
			printFieldData(record->templateInfo->scopeInfo[i].type, (record->data + record->templateInfo->scopeInfo[i].offset));
			fprintf(fh, "\n");
		}
	}
	fprintf(fh, " `- variable data\n");
	for (i = 0; i < record->templateInfo->fieldCount; i++) {
		fprintf(fh, " '   `- ");
		printFieldData(record->templateInfo->fieldInfo[i].type, (record->data + record->templateInfo->fieldInfo[i].offset));
		fprintf(fh, "\n");
	}
	fprintf(fh, " `---\n\n");
}
Пример #11
0
/**
 * Prints a Template
 * @param sourceID SourceID of the exporting process
 * @param templateInfo Pointer to a structure defining the Template used
 */
void IpfixPrinter::onTemplate(IpfixTemplateRecord* record)
{
	boost::shared_ptr<TemplateInfo> templateInfo;
	switch (outputType) {
		case LINE:
		case TREE:
			templateInfo = record->templateInfo;
			switch(templateInfo->setId) {
				case TemplateInfo::NetflowTemplate:
					fprintf(fh, "\n-+--- Netflow Template (id=%u, uniqueId=%u) from ", templateInfo->templateId, templateInfo->getUniqueId());
					break;
				case TemplateInfo::NetflowOptionsTemplate:
					fprintf(fh, "\n-+--- Netflow Options Template (id=%u, uniqueId=%u) from ", templateInfo->templateId, templateInfo->getUniqueId());
					break;
				case TemplateInfo::IpfixTemplate:
					fprintf(fh, "\n-+--- Ipfix Template (id=%u, uniqueId=%u) from ", templateInfo->templateId, templateInfo->getUniqueId());
					break;
				case TemplateInfo::IpfixOptionsTemplate:
					fprintf(fh, "\n-+--- Ipfix Options Template (id=%u, uniqueId=%u) from ", templateInfo->templateId, templateInfo->getUniqueId());
					break;
				case TemplateInfo::IpfixDataTemplate:
					fprintf(fh, "\n-+--- Ipfix Data Template (id=%u, preceding=%u, uniqueId=%u) from ", templateInfo->templateId, templateInfo->preceding, templateInfo->getUniqueId());
					break;
				default:
					msg(MSG_ERROR, "IpfixPrinter: Template with unknown setId=%u, uniqueId=%u", templateInfo->setId, templateInfo->getUniqueId());

			}
			if (record->sourceID) {
				if (record->sourceID->exporterAddress.len == 4)
					printIPv4(*(uint32_t*)(&record->sourceID->exporterAddress.ip[0]));
				else
					fprintf(fh, "non-IPv4 address");
				fprintf(fh, ":%u (", record->sourceID->exporterPort);
				printProtocol(record->sourceID->protocol);
				fprintf(fh, ")\n");
			} else {
				fprintf(fh, "no sourceID given in template");
			}


			if (templateInfo->setId == TemplateInfo::IpfixTemplate) {
				for (int i = 0; i < templateInfo->fieldCount; i++) {
					TemplateInfo::FieldInfo* fi = &templateInfo->fieldInfo[i];
			                fprintf(fh, " '   `- %s\n", fi->type.toString().c_str());

				}
			}

			// print fixed data in the case of a data template
			if(templateInfo->setId == TemplateInfo::IpfixDataTemplate) {
				fprintf(fh, " `- fixed data\n");
				for (int i = 0; i < templateInfo->dataCount; i++) {
					fprintf(fh, " '   `- ");
					printFieldData(templateInfo->dataInfo[i].type,
							(templateInfo->data + templateInfo->dataInfo[i].offset));
					fprintf(fh, "\n");
				}
			}
			fprintf(fh, " `---\n\n");
			break;

		case TABLE:
		case NONE:
			break;
	}
	record->removeReference();
}
Пример #12
0
/**
 * Prints a string representation of IpfixRecord::Data to stdout.
 */
void PrintHelpers::printFieldData(InformationElement::IeInfo type, IpfixRecord::Data* pattern) {

	timeval t;
	uint64_t hbnum;
	string typeStr = type.toString();

	// try to get the values aligned
	if (typeStr.length() < 60)
		fprintf(fh, "%-60s: ", type.toString().c_str());
	else
		fprintf(fh, "%s: ", type.toString().c_str());

	switch (type.enterprise) {
		case 0:
			switch (type.id) {
				case IPFIX_TYPEID_protocolIdentifier:
					printProtocol(type, pattern);
					return;
				case IPFIX_TYPEID_sourceIPv4Address:
					printIPv4(type, pattern);
					return;
				case IPFIX_TYPEID_destinationIPv4Address:
					printIPv4(type, pattern);
					return;
				case IPFIX_TYPEID_sourceTransportPort:
					printPort(type, pattern);
					return;
				case IPFIX_TYPEID_destinationTransportPort:
					printPort(type, pattern);
					return;
				case IPFIX_TYPEID_flowStartSeconds:
				case IPFIX_TYPEID_flowEndSeconds:
				case IPFIX_TYPEID_flowStartMilliSeconds:
				case IPFIX_TYPEID_flowEndMilliSeconds:
				case PSAMP_TYPEID_observationTimeSeconds:
					printLocaltime(type, pattern);
					return;
				case IPFIX_TYPEID_flowStartNanoSeconds:
				case IPFIX_TYPEID_flowEndNanoSeconds:
					hbnum = ntohll(*(uint64_t*)pattern);
					if (hbnum>0) {
						t = timentp64(*((ntp64*)(&hbnum)));
						fprintf(fh, "%u.%06d seconds", (int32_t)t.tv_sec, (int32_t)t.tv_usec);
					} else {
						fprintf(fh, "no value (only zeroes in field)");
					}
					return;
			}
			break;

		case IPFIX_PEN_reverse:
			switch (type.id) {
				case IPFIX_TYPEID_flowStartNanoSeconds:
				case IPFIX_TYPEID_flowEndNanoSeconds:
					hbnum = ntohll(*(uint64_t*)pattern);
					if (hbnum>0) {
						t = timentp64(*((ntp64*)(&hbnum)));
						fprintf(fh, "%u.%06d seconds", (int32_t)t.tv_sec, (int32_t)t.tv_usec);
					} else {
						fprintf(fh, "no value (only zeroes in field)");
					}
					return;
			}
			break;

		default:
		{
			if (type==InformationElement::IeInfo(IPFIX_ETYPEID_frontPayload, IPFIX_PEN_vermont) ||
				type==InformationElement::IeInfo(IPFIX_ETYPEID_frontPayload, IPFIX_PEN_vermont|IPFIX_PEN_reverse)) {
				printFrontPayload(type, pattern);
				return;
			}
		}
	}

	printUint(type, pattern);
}