int output_row_line(output_t *output, lnf_rec_t *rec) {
int i;
char buf[MAX_STR];
char str[MAX_STR];
char str2[MAX_STR];
char row[MAX_STR_LONG];
row[0] = '\0';
for (i = 0; i < output->numfields; i++) {
lnf_rec_fget(rec, output->fields[i].field, buf);
if (output->fields[i].format_func != NULL) {
output->fields[i].format_func(str, buf);
} else {
strcpy(str, "<?>");
}
sprintf(str2, output->fields[i].format, str);
strcat(row, str2);
}
strcat(row, "\n");
pthread_mutex_lock(&print_mutex);
//printf("%s\n", row);
fputs(row, stdout);
pthread_mutex_unlock(&print_mutex);
return 1;
}
int output_row_raw(output_t *output, lnf_rec_t *rec) {
int i;
char buf[MAX_STR];
char str[MAX_STR];
char str2[MAX_STR];
char row[MAX_STR_LONG];
pthread_mutex_lock(&print_mutex);
fputs("\nFlow Record:\n", stdout);
pthread_mutex_unlock(&print_mutex);
for (i = 0; i < output->numfields; i++) {
row[0] = '\0';
lnf_rec_fget(rec, output->fields[i].field, buf);
if (output->fields[i].format_func != NULL) {
output->fields[i].format_func(str, buf);
} else {
strcpy(str, "<?>");
}
sprintf(str2, " %-10s = ", output->fields[i].name);
strcat(row, str2);
sprintf(str2, output->fields[i].format, str);
strcat(row, str2);
strcat(row, "\n");
pthread_mutex_lock(&print_mutex);
fputs(row, stdout);
pthread_mutex_unlock(&print_mutex);
}
return 1;
}
int main(int argc, char **argv) {
lnf_file_t *filep;
lnf_rec_t *recp;
lnf_mem_t *memp;
lnf_mem_cursor_t *cursor;
lnf_brec1_t brec;
int i = 0;
int print = 1;
int printa = 1;
char *filename = FILENAME;
char c;
while ((c = getopt (argc, argv, "pPAf:")) != -1) {
switch (c) {
case 'p':
print = 0;
break;
case 'P':
print = 0;
break;
case 'f':
filename = optarg;
break;
case 'A':
printa = 0;
break;
case '?':
printf("Usage: %s [ -P ] [ -A ] [ -f <input file name> ] \n", argv[0]);
printf(" -P : do not print input records to stdout\n");
printf(" -A : do not aggregated records to stdout\n");
exit(1);
}
}
if (lnf_open(&filep, filename, LNF_READ, NULL) != LNF_OK) {
fprintf(stderr, "Can not open file %s\n", filename);
exit(1);
}
lnf_rec_init(&recp);
lnf_mem_init(&memp);
/* set rules for aggregation srcip/24,srcport,dstas */
lnf_mem_fadd(memp, LNF_FLD_SRCADDR, LNF_AGGR_KEY|LNF_SORT_DESC, 24, 64);
lnf_mem_fadd(memp, LNF_FLD_SRCPORT, LNF_AGGR_KEY, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_DSTAS, LNF_AGGR_KEY, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_FIRST, LNF_AGGR_MIN, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_LAST, LNF_AGGR_MAX, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_TCP_FLAGS, LNF_AGGR_OR, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_DOCTETS, LNF_AGGR_SUM, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_DPKTS, LNF_AGGR_SUM, 0, 0);
while (lnf_read(filep, recp) != LNF_EOF) {
i++;
/* add to memory heap */
lnf_mem_write(memp,recp);
if (print) {
char sbuf[INET6_ADDRSTRLEN];
char dbuf[INET6_ADDRSTRLEN];
lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
inet_ntop(AF_INET6, &brec.srcaddr, sbuf, INET6_ADDRSTRLEN);
inet_ntop(AF_INET6, &brec.dstaddr, dbuf, INET6_ADDRSTRLEN);
printf(" %s :%d -> %s :%d %llu %llu %llu\n",
sbuf, brec.srcport,
dbuf, brec.dstport,
(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
}
}
printf("Total input records: %d\n", i);
i = 0;
printf("First read\n");
lnf_mem_first_c(memp, &cursor);
while (cursor != NULL) {
i++;
lnf_mem_read_c(memp, cursor, recp);
if (printa) {
char sbuf[INET6_ADDRSTRLEN];
char dbuf[INET6_ADDRSTRLEN];
lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
inet_ntop(AF_INET6, &brec.srcaddr, sbuf, INET6_ADDRSTRLEN);
inet_ntop(AF_INET6, &brec.dstaddr, dbuf, INET6_ADDRSTRLEN);
printf(" %s :%d -> %s :%d %llu %llu %llu\n",
sbuf, brec.srcport,
dbuf, brec.dstport,
(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
}
lnf_mem_next_c(memp, &cursor);
}
printf("Second read\n");
lnf_mem_first_c(memp, &cursor);
while (cursor != NULL) {
i++;
lnf_mem_read_c(memp, cursor, recp);
if (printa) {
char sbuf[INET6_ADDRSTRLEN];
char dbuf[INET6_ADDRSTRLEN];
lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
inet_ntop(AF_INET6, &brec.srcaddr, sbuf, INET6_ADDRSTRLEN);
inet_ntop(AF_INET6, &brec.dstaddr, dbuf, INET6_ADDRSTRLEN);
printf(" %s :%d -> %s :%d %llu %llu %llu\n",
sbuf, brec.srcport,
dbuf, brec.dstport,
(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
}
lnf_mem_next_c(memp, &cursor);
}
printf("Total aggregated records: %d\n", i);
lnf_mem_free(memp);
lnf_rec_free(recp);
lnf_close(filep);
return 0;
}
int main(int argc, char **argv) {
lnf_file_t *filep;
lnf_rec_t *recp, *recp2;
lnf_mem_t *memp;
lnf_mem_cursor_t *cursor, *cursor2;
lnf_brec1_t brec;
uint16_t port;
int i = 0;
int print = 1;
int printa = 1;
int len;
char *filename = FILENAME;
char c;
char buff[1024];
while ((c = getopt (argc, argv, "pPAf:")) != -1) {
switch (c) {
case 'p':
print = 0;
break;
case 'P':
print = 0;
break;
case 'f':
filename = optarg;
break;
case 'A':
printa = 0;
break;
case '?':
printf("Usage: %s [ -P ] [ -A ] [ -f <input file name> ] \n", argv[0]);
printf(" -P : do not print input records to stdout\n");
printf(" -A : do not aggregated records to stdout\n");
exit(1);
}
}
if (lnf_open(&filep, filename, LNF_READ, NULL) != LNF_OK) {
fprintf(stderr, "Can not open file %s\n", filename);
exit(1);
}
lnf_rec_init(&recp);
lnf_mem_init(&memp);
/* set rules for aggregation srcip/24,srcport,dstas */
lnf_mem_fadd(memp, LNF_FLD_SRCPORT, LNF_AGGR_KEY, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_FIRST, LNF_AGGR_MIN, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_DOCTETS, LNF_AGGR_SUM|LNF_SORT_DESC, 0, 0);
lnf_mem_fadd(memp, LNF_FLD_DPKTS, LNF_AGGR_SUM, 0, 0);
while (lnf_read(filep, recp) != LNF_EOF) {
i++;
/* add to memory heap */
lnf_mem_write(memp,recp);
}
printf("Total input records: %d\n", i);
i = 0;
while (lnf_mem_read(memp, recp) != LNF_EOF) {
i++;
if (printa) {
lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
printf(" %d - %llu %llu %llu\n",
brec.srcport,
(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
}
}
printf("Total aggregated records: %d\n", i);
printf("Lookup for src port 1123\n");
lnf_rec_init(&recp2);
/* set key field in record */
port = 1123;
lnf_rec_fset(recp2, LNF_FLD_SRCPORT, &port);
if (lnf_mem_lookup_c(memp, recp2, &cursor) == LNF_OK) {
lnf_mem_read_c(memp, cursor, recp);
lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
printf(" %d - %llu %llu %llu\n",
brec.srcport,
(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
} else {
printf("Record not found\n");
}
/* additional testion of lnf_mem_lookup_raw_c */
/* it's just testing - doesn't make any sense */
if (cursor != NULL && lnf_mem_read_raw_c(memp, cursor, buff, &len, sizeof(buff)) == LNF_OK) {
if (lnf_mem_lookup_raw_c(memp, buff, len, &cursor2) == LNF_OK) {
if (cursor == cursor2) {
printf("Read through lnf_lookup_raw_c is ok \n");
}
}
}
lnf_mem_free(memp);
lnf_rec_free(recp);
lnf_close(filep);
return 0;
}
error_code_t print_mem(lnf_mem_t *mem, size_t limit)
{
lnf_rec_t *rec; //record = line
size_t rec_cntr = 0; //aka lines counter
lnf_mem_cursor_t *cursor; //current record (line) cursor
size_t fld_max_size = 0; //maximum data size length in bytes
size_t data_max_strlen[LNF_FLD_TERM_] = {0}; //maximum data string len
if (output_params.print_records != OUTPUT_ITEM_YES) {
return E_OK;
}
first_item = first_item ? false : (putchar('\n'), false);
secondary_errno = lnf_rec_init(&rec);
if (secondary_errno != LNF_OK) {
print_err(E_LNF, secondary_errno, "lnf_rec_init()");
return E_LNF;
}
/*
* Find out maximum data type size of present fields, length of headers
* and last present field ID.
*/
for (size_t i = 0; i < fields_cnt; ++i) {
size_t header_str_len = strlen(field_get_name(fields[i].id));
MAX_ASSIGN(fld_max_size, fields[i].size);
MAX_ASSIGN(data_max_strlen[fields[i].id], header_str_len);
}
/* Find out max data length, converted to string. */
lnf_mem_first_c(mem, &cursor);
while (cursor != NULL) { //row loop
char buff[fld_max_size];
lnf_mem_read_c(mem, cursor, rec);
for (size_t i = 0; i < fields_cnt; ++i) { //column loop
size_t data_str_len;
//XXX: lnf_rec_fget() may return LNF_ERR_UNKFLD even if
//field is present (e.g. if duration is zero).
lnf_rec_fget(rec, fields[i].id, buff);
data_str_len = strlen(field_to_str(fields[i].id, buff));
MAX_ASSIGN(data_max_strlen[fields[i].id], data_str_len);
}
if (++rec_cntr == limit) {
break;
}
lnf_mem_next_c(mem, &cursor);
}
rec_cntr = 0;
/* Actual printing: header. */
for (size_t i = 0; i < fields_cnt; ++i) { //column loop
print_field(field_get_name(fields[i].id),
data_max_strlen[fields[i].id],
PRETTY_PRINT_COL_WIDTH, i == (fields_cnt - 1));
}
/* Actual printing: field data converted to string. */
lnf_mem_first_c(mem, &cursor);
while (cursor != NULL) { //row loop
char buff[fld_max_size];
lnf_mem_read_c(mem, cursor, rec);
for (size_t i = 0; i < fields_cnt; ++i) { //column loop
//XXX: see above lnf_rec_fget()
lnf_rec_fget(rec, fields[i].id, buff);
print_field(field_to_str(fields[i].id, buff),
data_max_strlen[fields[i].id],
PRETTY_PRINT_COL_WIDTH,
i == (fields_cnt - 1));
}
if (++rec_cntr == limit) {
break;
}
lnf_mem_next_c(mem, &cursor);
}
lnf_rec_free(rec);
return E_OK;
}
int main(int argc, char **argv) {
lnf_file_t *filep;
lnf_rec_t *recp;
lnf_mem_t *memp1;
lnf_mem_t *memp2;
lnf_mem_cursor_t *cursor;
lnf_brec1_t brec;
int i = 0;
int print = 1;
int printa = 1;
char *filename = FILENAME;
int c;
char buff[LNF_MAX_RAW_LEN];
int datasize;
while ((c = getopt (argc, argv, "pPAf:")) != -1) {
switch (c) {
case 'p':
print = 0;
break;
case 'P':
print = 0;
break;
case 'f':
filename = optarg;
break;
case 'A':
printa = 0;
break;
case '?':
printf("Usage: %s [ -P ] [ -A ] [ -f <input file name> ] \n", argv[0]);
printf(" -P : do not print input records to stdout\n");
printf(" -A : do not aggregated records to stdout\n");
exit(1);
}
}
if (lnf_open(&filep, filename, LNF_READ, NULL) != LNF_OK) {
fprintf(stderr, "Can not open file %s\n", filename);
exit(1);
}
lnf_rec_init(&recp);
lnf_mem_init(&memp1);
lnf_mem_init(&memp2);
lnf_mem_fastaggr(memp1, LNF_FAST_AGGR_BASIC);
lnf_mem_fastaggr(memp2, LNF_FAST_AGGR_BASIC);
/* set rules for aggregation srcip/24,srcport,dstas */
lnf_mem_fadd(memp1, LNF_FLD_SRCADDR, LNF_AGGR_KEY|LNF_SORT_DESC, 24, 64);
lnf_mem_fadd(memp2, LNF_FLD_SRCADDR, LNF_AGGR_KEY|LNF_SORT_DESC, 24, 64);
while (lnf_read(filep, recp) != LNF_EOF) {
i++;
/* add to memory heap */
lnf_mem_write(memp1, recp);
if (print) {
char sbuf[INET6_ADDRSTRLEN];
char dbuf[INET6_ADDRSTRLEN];
lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
inet_ntop(AF_INET6, &brec.srcaddr, sbuf, INET6_ADDRSTRLEN);
inet_ntop(AF_INET6, &brec.dstaddr, dbuf, INET6_ADDRSTRLEN);
printf(" %s :%d -> %s :%d %llu %llu %llu\n",
sbuf, brec.srcport,
dbuf, brec.dstport,
(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
}
}
printf("Total input records: %d\n", i);
/* transfer data from memp1 to memp2 */
lnf_mem_first_c(memp1, &cursor);
while (cursor != NULL) {
lnf_mem_read_raw_c(memp1, cursor, buff, &datasize, LNF_MAX_RAW_LEN);
lnf_mem_write_raw(memp2, buff, datasize);
lnf_mem_next_c(memp1, &cursor);
}
/* all data are now in memp2) */
i = 0;
lnf_mem_first_c(memp2, &cursor);
while (cursor != NULL) {
i++;
lnf_mem_read_c(memp2, cursor, recp);
if (printa) {
char sbuf[INET6_ADDRSTRLEN];
char dbuf[INET6_ADDRSTRLEN];
lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
inet_ntop(AF_INET6, &brec.srcaddr, sbuf, INET6_ADDRSTRLEN);
inet_ntop(AF_INET6, &brec.dstaddr, dbuf, INET6_ADDRSTRLEN);
printf(" %s :%d -> %s :%d %llu %llu %llu\n",
sbuf, brec.srcport,
dbuf, brec.dstport,
(LLUI)brec.first, (LLUI)brec.bytes, (LLUI)brec.pkts);
}
lnf_mem_next_c(memp2, &cursor);
}
printf("Total aggregated records: %d\n", i);
lnf_mem_free(memp1);
lnf_mem_free(memp2);
lnf_rec_free(recp);
lnf_close(filep);
return 0;
}
int main(int argc, char **argv) {
lnf_file_t *filep;
lnf_rec_t *recp;
lnf_filter_t *filterp1, *filterp2;
lnf_brec1_t brec;
char *filter1 = FILTER1;
char *filter2 = FILTER2;
uint32_t input, output;
char buf[LNF_MAX_STRING];
int res;
int i = 0;
int match1 = 0;
int match2 = 0;
int if1 = 0;
int if2 = 0;
int print = 1;
int filter = 1;
int fget = 1;
char *filename = FILENAME;
char c;
while ((c = getopt (argc, argv, "pPFGf:1:2:")) != -1) {
switch (c) {
case 'p':
print = 0;
break;
case 'P':
print = 0;
break;
case 'G':
fget = 0;
break;
case 'F':
filter = 0;
break;
case 'f':
filename = optarg;
break;
case '1':
filter1 = optarg;
break;
case '2':
filter2 = optarg;
break;
case '?':
printf("Usage: %s [ -p ] [ -f <output file name> ] [ -1 <filter1> ] [ -2 <filter2> ]\n", argv[0]);
printf(" -P : do not print records to stdout\n");
printf(" -F : do not use filters\n");
printf(" -G : do not use lng_rec_fget\n");
exit(1);
}
}
if (lnf_open(&filep, filename, LNF_READ, NULL) != LNF_OK) {
fprintf(stderr, "Can not open file %s\n", filename);
exit(1);
}
if ((res = lnf_filter_init(&filterp1, filter1)) != LNF_OK) {
fprintf(stderr, "Can not init filter1 '%s'\n", filter1);
if (res == LNF_ERR_OTHER_MSG) {
lnf_error(buf, LNF_MAX_STRING);
fprintf(stderr, "%s\n", buf);
}
exit(1);
}
if ((res = lnf_filter_init(&filterp2, filter2)) != LNF_OK) {
fprintf(stderr, "Can not init filter2 '%s'\n", filter2);
lnf_error(buf, LNF_MAX_STRING);
if (res == LNF_ERR_OTHER_MSG) {
lnf_error(buf, LNF_MAX_STRING);
fprintf(stderr, "%s\n", buf);
}
exit(1);
}
lnf_rec_init(&recp);
while (lnf_read(filep, recp) != LNF_EOF) {
if (fget) {
lnf_rec_fget(recp, LNF_FLD_INPUT, &input);
lnf_rec_fget(recp, LNF_FLD_BREC1, &brec);
lnf_rec_fget(recp, LNF_FLD_INPUT, &input);
lnf_rec_fget(recp, LNF_FLD_OUTPUT, &output);
}
i++;
match1 = 0;
match2 = 0;
if (filter) {
if (lnf_filter_match(filterp1, recp)) {
if1++;
match1 = 1;
}
if (lnf_filter_match(filterp2, recp)) {
if2++;
match2 = 1;
}
}
if (print) {
char sbuf[INET6_ADDRSTRLEN];
char dbuf[INET6_ADDRSTRLEN];
inet_ntop(AF_INET6, &brec.srcaddr, sbuf, INET6_ADDRSTRLEN);
inet_ntop(AF_INET6, &brec.dstaddr, dbuf, INET6_ADDRSTRLEN);
printf(" %s :%d -> %s :%d %d -> %d %llu %llu %llu [%d %d]\n",
sbuf, brec.srcport,
dbuf, brec.dstport,
input, output,
(LLUI)brec.pkts, (LLUI)brec.bytes, (LLUI)brec.flows,
match1, match2);
}
}
printf("Total records: %d\n", i);
printf("%d records matched by filter1 '%s'\n", if1, filter1);
printf("%d records matched by filter2 '%s'\n", if2, filter2);
lnf_rec_free(recp);
lnf_filter_free(filterp1);
lnf_filter_free(filterp2);
lnf_close(filep);
return 0;
}