summaryrefslogtreecommitdiffstats
path: root/contrib/tcpdump/print-sflow.c
diff options
context:
space:
mode:
authordelphij <delphij@FreeBSD.org>2012-05-17 05:11:57 +0000
committerdelphij <delphij@FreeBSD.org>2012-05-17 05:11:57 +0000
commit661b9d94414ea6d11d5b7960aef1f172975ce52b (patch)
tree1720d207a135a239a304163c4635810a1094209a /contrib/tcpdump/print-sflow.c
parent63ab347efe2621fc79f689a92c4bbda531593626 (diff)
parentd36dcecdb3228d24b199eb51cfd7ac666f5b8eb8 (diff)
downloadFreeBSD-src-661b9d94414ea6d11d5b7960aef1f172975ce52b.zip
FreeBSD-src-661b9d94414ea6d11d5b7960aef1f172975ce52b.tar.gz
Merge tcpdump 4.2.1.
MFC after: 2 weeks
Diffstat (limited to 'contrib/tcpdump/print-sflow.c')
-rw-r--r--contrib/tcpdump/print-sflow.c805
1 files changed, 581 insertions, 224 deletions
diff --git a/contrib/tcpdump/print-sflow.c b/contrib/tcpdump/print-sflow.c
index baa5530..79a3fdf 100644
--- a/contrib/tcpdump/print-sflow.c
+++ b/contrib/tcpdump/print-sflow.c
@@ -15,6 +15,8 @@
* The SFLOW protocol as per http://www.sflow.org/developers/specifications.php
*
* Original code by Carles Kishimoto <carles.kishimoto@gmail.com>
+ *
+ * Expansion and refactoring by Rick Jones <rick.jones2@hp.com>
*/
#ifndef lint
@@ -87,6 +89,18 @@ static const struct tok sflow_format_values[] = {
{ 0, NULL}
};
+struct sflow_flow_sample_t {
+ u_int8_t seqnum[4];
+ u_int8_t typesource[4];
+ u_int8_t rate[4];
+ u_int8_t pool[4];
+ u_int8_t drops[4];
+ u_int8_t in_interface[4];
+ u_int8_t out_interface[4];
+ u_int8_t records[4];
+
+};
+
struct sflow_expanded_flow_sample_t {
u_int8_t seqnum[4];
u_int8_t type[4];
@@ -156,6 +170,36 @@ struct sflow_expanded_flow_raw_t {
u_int8_t header_size[4];
};
+struct sflow_ethernet_frame_t {
+ u_int8_t length[4];
+ u_int8_t src_mac[8];
+ u_int8_t dst_mac[8];
+ u_int8_t type[4];
+};
+
+struct sflow_extended_switch_data_t {
+ u_int8_t src_vlan[4];
+ u_int8_t src_pri[4];
+ u_int8_t dst_vlan[4];
+ u_int8_t dst_pri[4];
+};
+
+struct sflow_counter_record_t {
+ u_int8_t format[4];
+ u_int8_t length[4];
+};
+
+struct sflow_flow_record_t {
+ u_int8_t format[4];
+ u_int8_t length[4];
+};
+
+struct sflow_counter_sample_t {
+ u_int8_t seqnum[4];
+ u_int8_t typesource[4];
+ u_int8_t records[4];
+};
+
struct sflow_expanded_counter_sample_t {
u_int8_t seqnum[4];
u_int8_t type[4];
@@ -259,24 +303,525 @@ struct sflow_vlan_counter_t {
u_int8_t discards[4];
};
-void
-sflow_print(const u_char *pptr, u_int len) {
+static int
+print_sflow_counter_generic(const u_char *pointer, u_int len) {
- const struct sflow_datagram_t *sflow_datagram;
- const struct sflow_sample_header *sflow_sample;
- const struct sflow_expanded_flow_sample_t *sflow_expanded_flow_sample;
- const struct sflow_expanded_flow_raw_t *sflow_flow_raw;
- const struct sflow_expanded_counter_sample_t *sflow_expanded_counter_sample;
const struct sflow_generic_counter_t *sflow_gen_counter;
+
+ if (len < sizeof(struct sflow_generic_counter_t))
+ return 1;
+
+
+ sflow_gen_counter = (const struct sflow_generic_counter_t *)pointer;
+ printf("\n\t ifindex %u, iftype %u, ifspeed %" PRIu64 ", ifdirection %u (%s)",
+ EXTRACT_32BITS(sflow_gen_counter->ifindex),
+ EXTRACT_32BITS(sflow_gen_counter->iftype),
+ EXTRACT_64BITS(sflow_gen_counter->ifspeed),
+ EXTRACT_32BITS(sflow_gen_counter->ifdirection),
+ tok2str(sflow_iface_direction_values, "Unknown",
+ EXTRACT_32BITS(sflow_gen_counter->ifdirection)));
+ printf("\n\t ifstatus %u, adminstatus: %s, operstatus: %s",
+ EXTRACT_32BITS(sflow_gen_counter->ifstatus),
+ EXTRACT_32BITS(sflow_gen_counter->ifstatus)&1 ? "up" : "down",
+ (EXTRACT_32BITS(sflow_gen_counter->ifstatus)>>1)&1 ? "up" : "down");
+ printf("\n\t In octets %" PRIu64
+ ", unicast pkts %u, multicast pkts %u, broadcast pkts %u, discards %u",
+ EXTRACT_64BITS(sflow_gen_counter->ifinoctets),
+ EXTRACT_32BITS(sflow_gen_counter->ifinunicastpkts),
+ EXTRACT_32BITS(sflow_gen_counter->ifinmulticastpkts),
+ EXTRACT_32BITS(sflow_gen_counter->ifinbroadcastpkts),
+ EXTRACT_32BITS(sflow_gen_counter->ifindiscards));
+ printf("\n\t In errors %u, unknown protos %u",
+ EXTRACT_32BITS(sflow_gen_counter->ifinerrors),
+ EXTRACT_32BITS(sflow_gen_counter->ifinunkownprotos));
+ printf("\n\t Out octets %" PRIu64
+ ", unicast pkts %u, multicast pkts %u, broadcast pkts %u, discards %u",
+ EXTRACT_64BITS(sflow_gen_counter->ifoutoctets),
+ EXTRACT_32BITS(sflow_gen_counter->ifoutunicastpkts),
+ EXTRACT_32BITS(sflow_gen_counter->ifoutmulticastpkts),
+ EXTRACT_32BITS(sflow_gen_counter->ifoutbroadcastpkts),
+ EXTRACT_32BITS(sflow_gen_counter->ifoutdiscards));
+ printf("\n\t Out errors %u, promisc mode %u",
+ EXTRACT_32BITS(sflow_gen_counter->ifouterrors),
+ EXTRACT_32BITS(sflow_gen_counter->ifpromiscmode));
+
+ return 0;
+}
+
+static int
+print_sflow_counter_ethernet(const u_char *pointer, u_int len){
+
const struct sflow_ethernet_counter_t *sflow_eth_counter;
+
+ if (len < sizeof(struct sflow_ethernet_counter_t))
+ return 1;
+
+ sflow_eth_counter = (const struct sflow_ethernet_counter_t *)pointer;
+ printf("\n\t align errors %u, fcs errors %u, single collision %u, multiple collision %u, test error %u",
+ EXTRACT_32BITS(sflow_eth_counter->alignerrors),
+ EXTRACT_32BITS(sflow_eth_counter->fcserrors),
+ EXTRACT_32BITS(sflow_eth_counter->single_collision_frames),
+ EXTRACT_32BITS(sflow_eth_counter->multiple_collision_frames),
+ EXTRACT_32BITS(sflow_eth_counter->test_errors));
+ printf("\n\t deferred %u, late collision %u, excessive collision %u, mac trans error %u",
+ EXTRACT_32BITS(sflow_eth_counter->deferred_transmissions),
+ EXTRACT_32BITS(sflow_eth_counter->late_collisions),
+ EXTRACT_32BITS(sflow_eth_counter->excessive_collisions),
+ EXTRACT_32BITS(sflow_eth_counter->mac_transmit_errors));
+ printf("\n\t carrier error %u, frames too long %u, mac receive errors %u, symbol errors %u",
+ EXTRACT_32BITS(sflow_eth_counter->carrier_sense_errors),
+ EXTRACT_32BITS(sflow_eth_counter->frame_too_longs),
+ EXTRACT_32BITS(sflow_eth_counter->mac_receive_errors),
+ EXTRACT_32BITS(sflow_eth_counter->symbol_errors));
+
+ return 0;
+}
+
+static int
+print_sflow_counter_token_ring(const u_char *pointer _U_, u_int len _U_) {
+
+ return 0;
+}
+
+static int
+print_sflow_counter_basevg(const u_char *pointer, u_int len) {
+
const struct sflow_100basevg_counter_t *sflow_100basevg_counter;
+
+ if (len < sizeof(struct sflow_100basevg_counter_t))
+ return 1;
+
+ sflow_100basevg_counter = (const struct sflow_100basevg_counter_t *)pointer;
+ printf("\n\t in high prio frames %u, in high prio octets %" PRIu64,
+ EXTRACT_32BITS(sflow_100basevg_counter->in_highpriority_frames),
+ EXTRACT_64BITS(sflow_100basevg_counter->in_highpriority_octets));
+ printf("\n\t in norm prio frames %u, in norm prio octets %" PRIu64,
+ EXTRACT_32BITS(sflow_100basevg_counter->in_normpriority_frames),
+ EXTRACT_64BITS(sflow_100basevg_counter->in_normpriority_octets));
+ printf("\n\t in ipm errors %u, oversized %u, in data errors %u, null addressed frames %u",
+ EXTRACT_32BITS(sflow_100basevg_counter->in_ipmerrors),
+ EXTRACT_32BITS(sflow_100basevg_counter->in_oversized),
+ EXTRACT_32BITS(sflow_100basevg_counter->in_data_errors),
+ EXTRACT_32BITS(sflow_100basevg_counter->in_null_addressed_frames));
+ printf("\n\t out high prio frames %u, out high prio octets %" PRIu64
+ ", trans into frames %u",
+ EXTRACT_32BITS(sflow_100basevg_counter->out_highpriority_frames),
+ EXTRACT_64BITS(sflow_100basevg_counter->out_highpriority_octets),
+ EXTRACT_32BITS(sflow_100basevg_counter->transitioninto_frames));
+ printf("\n\t in hc high prio octets %" PRIu64
+ ", in hc norm prio octets %" PRIu64
+ ", out hc high prio octets %" PRIu64,
+ EXTRACT_64BITS(sflow_100basevg_counter->hc_in_highpriority_octets),
+ EXTRACT_64BITS(sflow_100basevg_counter->hc_in_normpriority_octets),
+ EXTRACT_64BITS(sflow_100basevg_counter->hc_out_highpriority_octets));
+
+ return 0;
+}
+
+static int
+print_sflow_counter_vlan(const u_char *pointer, u_int len) {
+
const struct sflow_vlan_counter_t *sflow_vlan_counter;
+
+ if (len < sizeof(struct sflow_vlan_counter_t))
+ return 1;
+
+ sflow_vlan_counter = (const struct sflow_vlan_counter_t *)pointer;
+ printf("\n\t vlan_id %u, octets %" PRIu64
+ ", unicast_pkt %u, multicast_pkt %u, broadcast_pkt %u, discards %u",
+ EXTRACT_32BITS(sflow_vlan_counter->vlan_id),
+ EXTRACT_64BITS(sflow_vlan_counter->octets),
+ EXTRACT_32BITS(sflow_vlan_counter->unicast_pkt),
+ EXTRACT_32BITS(sflow_vlan_counter->multicast_pkt),
+ EXTRACT_32BITS(sflow_vlan_counter->broadcast_pkt),
+ EXTRACT_32BITS(sflow_vlan_counter->discards));
+
+ return 0;
+}
+
+struct sflow_processor_counter_t {
+ u_int8_t five_sec_util[4];
+ u_int8_t one_min_util[4];
+ u_int8_t five_min_util[4];
+ u_int8_t total_memory[8];
+ u_int8_t free_memory[8];
+};
+
+static int
+print_sflow_counter_processor(const u_char *pointer, u_int len) {
+
+ const struct sflow_processor_counter_t *sflow_processor_counter;
+
+ if (len < sizeof(struct sflow_processor_counter_t))
+ return 1;
+
+ sflow_processor_counter = (const struct sflow_processor_counter_t *)pointer;
+ printf("\n\t 5sec %u, 1min %u, 5min %u, total_mem %" PRIu64
+ ", total_mem %" PRIu64,
+ EXTRACT_32BITS(sflow_processor_counter->five_sec_util),
+ EXTRACT_32BITS(sflow_processor_counter->one_min_util),
+ EXTRACT_32BITS(sflow_processor_counter->five_min_util),
+ EXTRACT_64BITS(sflow_processor_counter->total_memory),
+ EXTRACT_64BITS(sflow_processor_counter->free_memory));
+
+ return 0;
+}
+
+static int
+sflow_print_counter_records(const u_char *pointer, u_int len, u_int records) {
+
+ u_int nrecords;
const u_char *tptr;
- int tlen;
+ u_int tlen;
+ u_int counter_type;
+ u_int counter_len;
+ u_int enterprise;
+ const struct sflow_counter_record_t *sflow_counter_record;
+
+ nrecords = records;
+ tptr = pointer;
+ tlen = len;
+
+ while (nrecords > 0) {
+ /* do we have the "header?" */
+ if (tlen < sizeof(struct sflow_counter_record_t))
+ return 1;
+ sflow_counter_record = (const struct sflow_counter_record_t *)tptr;
+
+ enterprise = EXTRACT_32BITS(sflow_counter_record->format);
+ counter_type = enterprise & 0x0FFF;
+ enterprise = enterprise >> 20;
+ counter_len = EXTRACT_32BITS(sflow_counter_record->length);
+ printf("\n\t enterprise %u, %s (%u) length %u",
+ enterprise,
+ (enterprise == 0) ? tok2str(sflow_counter_type_values,"Unknown",counter_type) : "Unknown",
+ counter_type,
+ counter_len);
+
+ tptr += sizeof(struct sflow_counter_record_t);
+ tlen -= sizeof(struct sflow_counter_record_t);
+
+ if (tlen < counter_len)
+ return 1;
+ if (enterprise == 0) {
+ switch (counter_type) {
+ case SFLOW_COUNTER_GENERIC:
+ if (print_sflow_counter_generic(tptr,tlen))
+ return 1;
+ break;
+ case SFLOW_COUNTER_ETHERNET:
+ if (print_sflow_counter_ethernet(tptr,tlen))
+ return 1;
+ break;
+ case SFLOW_COUNTER_TOKEN_RING:
+ if (print_sflow_counter_token_ring(tptr,tlen))
+ return 1;
+ break;
+ case SFLOW_COUNTER_BASEVG:
+ if (print_sflow_counter_basevg(tptr,tlen))
+ return 1;
+ break;
+ case SFLOW_COUNTER_VLAN:
+ if (print_sflow_counter_vlan(tptr,tlen))
+ return 1;
+ break;
+ case SFLOW_COUNTER_PROCESSOR:
+ if (print_sflow_counter_processor(tptr,tlen))
+ return 1;
+ break;
+ default:
+ if (vflag <= 1)
+ print_unknown_data(tptr, "\n\t\t", counter_len);
+ break;
+ }
+ }
+ tptr += counter_len;
+ tlen -= counter_len;
+ nrecords--;
+
+ }
+
+ return 0;
+}
+
+
+static int
+sflow_print_counter_sample(const u_char *pointer, u_int len) {
+
+ const struct sflow_counter_sample_t *sflow_counter_sample;
+ u_int nrecords;
+ u_int typesource;
+ u_int type;
+ u_int index;
+
+
+ if (len < sizeof(struct sflow_counter_sample_t))
+ return 1;
+
+ sflow_counter_sample = (const struct sflow_counter_sample_t *)pointer;
+
+ typesource = EXTRACT_32BITS(sflow_counter_sample->typesource);
+ nrecords = EXTRACT_32BITS(sflow_counter_sample->records);
+ type = typesource >> 24;
+ index = typesource & 0x0FFF;
+
+ printf(" seqnum %u, type %u, idx %u, records %u",
+ EXTRACT_32BITS(sflow_counter_sample->seqnum),
+ type,
+ index,
+ nrecords);
+
+ return sflow_print_counter_records(pointer + sizeof(struct sflow_counter_sample_t),
+ len - sizeof(struct sflow_counter_sample_t),
+ nrecords);
+
+}
+
+static int
+sflow_print_expanded_counter_sample(const u_char *pointer, u_int len) {
+
+ const struct sflow_expanded_counter_sample_t *sflow_expanded_counter_sample;
+ u_int nrecords;
+
+
+ if (len < sizeof(struct sflow_expanded_counter_sample_t))
+ return 1;
+
+ sflow_expanded_counter_sample = (const struct sflow_expanded_counter_sample_t *)pointer;
+
+ nrecords = EXTRACT_32BITS(sflow_expanded_counter_sample->records);
+
+ printf(" seqnum %u, type %u, idx %u, records %u",
+ EXTRACT_32BITS(sflow_expanded_counter_sample->seqnum),
+ EXTRACT_32BITS(sflow_expanded_counter_sample->type),
+ EXTRACT_32BITS(sflow_expanded_counter_sample->index),
+ nrecords);
+
+ return sflow_print_counter_records(pointer + sizeof(struct sflow_expanded_counter_sample_t),
+ len - sizeof(struct sflow_expanded_counter_sample_t),
+ nrecords);
+
+}
+
+static int
+print_sflow_raw_packet(const u_char *pointer, u_int len) {
+
+ const struct sflow_expanded_flow_raw_t *sflow_flow_raw;
+
+ if (len < sizeof(struct sflow_expanded_flow_raw_t))
+ return 1;
+
+ sflow_flow_raw = (const struct sflow_expanded_flow_raw_t *)pointer;
+ printf("\n\t protocol %s (%u), length %u, stripped bytes %u, header_size %u",
+ tok2str(sflow_flow_raw_protocol_values,"Unknown",EXTRACT_32BITS(sflow_flow_raw->protocol)),
+ EXTRACT_32BITS(sflow_flow_raw->protocol),
+ EXTRACT_32BITS(sflow_flow_raw->length),
+ EXTRACT_32BITS(sflow_flow_raw->stripped_bytes),
+ EXTRACT_32BITS(sflow_flow_raw->header_size));
+
+ /* QUESTION - should we attempt to print the raw header itself?
+ assuming of course there is wnough data present to do so... */
+
+ return 0;
+}
+
+static int
+print_sflow_ethernet_frame(const u_char *pointer, u_int len) {
+
+ const struct sflow_ethernet_frame_t *sflow_ethernet_frame;
+
+ if (len < sizeof(struct sflow_ethernet_frame_t))
+ return 1;
+
+ sflow_ethernet_frame = (const struct sflow_ethernet_frame_t *)pointer;
+
+ printf("\n\t frame len %u, type %u",
+ EXTRACT_32BITS(sflow_ethernet_frame->length),
+ EXTRACT_32BITS(sflow_ethernet_frame->type));
+
+ return 0;
+}
+
+static int
+print_sflow_extended_switch_data(const u_char *pointer, u_int len) {
+
+ const struct sflow_extended_switch_data_t *sflow_extended_sw_data;
+
+ if (len < sizeof(struct sflow_extended_switch_data_t))
+ return 1;
+
+ sflow_extended_sw_data = (const struct sflow_extended_switch_data_t *)pointer;
+ printf("\n\t src vlan %u, src pri %u, dst vlan %u, dst pri %u",
+ EXTRACT_32BITS(sflow_extended_sw_data->src_vlan),
+ EXTRACT_32BITS(sflow_extended_sw_data->src_pri),
+ EXTRACT_32BITS(sflow_extended_sw_data->dst_vlan),
+ EXTRACT_32BITS(sflow_extended_sw_data->dst_pri));
+
+ return 0;
+}
+
+static int
+sflow_print_flow_records(const u_char *pointer, u_int len, u_int records) {
+
+ u_int nrecords;
+ const u_char *tptr;
+ u_int tlen;
+ u_int flow_type;
+ u_int enterprise;
+ u_int flow_len;
+ const struct sflow_flow_record_t *sflow_flow_record;
+
+ nrecords = records;
+ tptr = pointer;
+ tlen = len;
+
+ while (nrecords > 0) {
+ /* do we have the "header?" */
+ if (tlen < sizeof(struct sflow_flow_record_t))
+ return 1;
+
+ sflow_flow_record = (const struct sflow_flow_record_t *)tptr;
+
+ /* so, the funky encoding means we cannot blythly mask-off
+ bits, we must also check the enterprise. */
+
+ enterprise = EXTRACT_32BITS(sflow_flow_record->format);
+ flow_type = enterprise & 0x0FFF;
+ enterprise = enterprise >> 12;
+ flow_len = EXTRACT_32BITS(sflow_flow_record->length);
+ printf("\n\t enterprise %u %s (%u) length %u",
+ enterprise,
+ (enterprise == 0) ? tok2str(sflow_flow_type_values,"Unknown",flow_type) : "Unknown",
+ flow_type,
+ flow_len);
+
+ tptr += sizeof(struct sflow_flow_record_t);
+ tlen -= sizeof(struct sflow_flow_record_t);
+
+ if (tlen < flow_len)
+ return 1;
+
+ if (enterprise == 0) {
+ switch (flow_type) {
+ case SFLOW_FLOW_RAW_PACKET:
+ if (print_sflow_raw_packet(tptr,tlen))
+ return 1;
+ break;
+ case SFLOW_FLOW_EXTENDED_SWITCH_DATA:
+ if (print_sflow_extended_switch_data(tptr,tlen))
+ return 1;
+ break;
+ case SFLOW_FLOW_ETHERNET_FRAME:
+ if (print_sflow_ethernet_frame(tptr,tlen))
+ return 1;
+ break;
+ /* FIXME these need a decoder */
+ case SFLOW_FLOW_IPV4_DATA:
+ case SFLOW_FLOW_IPV6_DATA:
+ case SFLOW_FLOW_EXTENDED_ROUTER_DATA:
+ case SFLOW_FLOW_EXTENDED_GATEWAY_DATA:
+ case SFLOW_FLOW_EXTENDED_USER_DATA:
+ case SFLOW_FLOW_EXTENDED_URL_DATA:
+ case SFLOW_FLOW_EXTENDED_MPLS_DATA:
+ case SFLOW_FLOW_EXTENDED_NAT_DATA:
+ case SFLOW_FLOW_EXTENDED_MPLS_TUNNEL:
+ case SFLOW_FLOW_EXTENDED_MPLS_VC:
+ case SFLOW_FLOW_EXTENDED_MPLS_FEC:
+ case SFLOW_FLOW_EXTENDED_MPLS_LVP_FEC:
+ case SFLOW_FLOW_EXTENDED_VLAN_TUNNEL:
+ break;
+ default:
+ if (vflag <= 1)
+ print_unknown_data(tptr, "\n\t\t", flow_len);
+ break;
+ }
+ }
+ tptr += flow_len;
+ tlen -= flow_len;
+ nrecords--;
+
+ }
+
+ return 0;
+}
+
+static int
+sflow_print_flow_sample(const u_char *pointer, u_int len) {
+
+ const struct sflow_flow_sample_t *sflow_flow_sample;
+ u_int nrecords;
+ u_int typesource;
+ u_int type;
+ u_int index;
+
+ if (len < sizeof(struct sflow_flow_sample_t))
+ return 1;
+
+ sflow_flow_sample = (struct sflow_flow_sample_t *)pointer;
+
+ typesource = EXTRACT_32BITS(sflow_flow_sample->typesource);
+ nrecords = EXTRACT_32BITS(sflow_flow_sample->records);
+ type = typesource >> 24;
+ index = typesource & 0x0FFF;
+
+ printf(" seqnum %u, type %u, idx %u, rate %u, pool %u, drops %u, input %u output %u records %u",
+ EXTRACT_32BITS(sflow_flow_sample->seqnum),
+ type,
+ index,
+ EXTRACT_32BITS(sflow_flow_sample->rate),
+ EXTRACT_32BITS(sflow_flow_sample->pool),
+ EXTRACT_32BITS(sflow_flow_sample->drops),
+ EXTRACT_32BITS(sflow_flow_sample->in_interface),
+ EXTRACT_32BITS(sflow_flow_sample->out_interface),
+ nrecords);
+
+ return sflow_print_flow_records(pointer + sizeof(struct sflow_flow_sample_t),
+ len - sizeof(struct sflow_flow_sample_t),
+ nrecords);
+
+}
+
+static int
+sflow_print_expanded_flow_sample(const u_char *pointer, u_int len) {
+
+ const struct sflow_expanded_flow_sample_t *sflow_expanded_flow_sample;
+ u_int nrecords;
+
+ if (len < sizeof(struct sflow_expanded_flow_sample_t))
+ return 1;
+
+ sflow_expanded_flow_sample = (const struct sflow_expanded_flow_sample_t *)pointer;
+
+ nrecords = EXTRACT_32BITS(sflow_expanded_flow_sample->records);
+
+ printf(" seqnum %u, type %u, idx %u, rate %u, pool %u, drops %u, records %u",
+ EXTRACT_32BITS(sflow_expanded_flow_sample->seqnum),
+ EXTRACT_32BITS(sflow_expanded_flow_sample->type),
+ EXTRACT_32BITS(sflow_expanded_flow_sample->index),
+ EXTRACT_32BITS(sflow_expanded_flow_sample->rate),
+ EXTRACT_32BITS(sflow_expanded_flow_sample->pool),
+ EXTRACT_32BITS(sflow_expanded_flow_sample->drops),
+ EXTRACT_32BITS(sflow_expanded_flow_sample->records));
+
+ return sflow_print_flow_records(pointer + sizeof(struct sflow_expanded_flow_sample_t),
+ len - sizeof(struct sflow_expanded_flow_sample_t),
+ nrecords);
+
+}
+
+void
+sflow_print(const u_char *pptr, u_int len) {
+
+ const struct sflow_datagram_t *sflow_datagram;
+ const struct sflow_sample_header *sflow_sample;
+
+ const u_char *tptr;
+ u_int tlen;
u_int32_t sflow_sample_type, sflow_sample_len;
- int nsamples, nrecords, counter_len, counter_type, flow_len, flow_type;
+ u_int32_t nsamples;
+
- tptr=pptr;
+ tptr = pptr;
tlen = len;
sflow_datagram = (const struct sflow_datagram_t *)pptr;
TCHECK(*sflow_datagram);
@@ -313,16 +858,21 @@ sflow_print(const u_char *pptr, u_int len) {
len);
/* skip Common header */
- tptr+=sizeof(const struct sflow_datagram_t);
- tlen-=sizeof(const struct sflow_datagram_t);
+ tptr += sizeof(const struct sflow_datagram_t);
+ tlen -= sizeof(const struct sflow_datagram_t);
while (nsamples > 0 && tlen > 0) {
sflow_sample = (const struct sflow_sample_header *)tptr;
+ TCHECK(*sflow_sample);
+
sflow_sample_type = (EXTRACT_32BITS(sflow_sample->format)&0x0FFF);
sflow_sample_len = EXTRACT_32BITS(sflow_sample->len);
- tptr+=sizeof(struct sflow_sample_header);
- tlen-=sizeof(struct sflow_sample_header);
+ if (tlen < sizeof(struct sflow_sample_header))
+ goto trunc;
+
+ tptr += sizeof(struct sflow_sample_header);
+ tlen -= sizeof(struct sflow_sample_header);
printf("\n\t%s (%u), length %u,",
tok2str(sflow_format_values, "Unknown", sflow_sample_type),
@@ -334,226 +884,33 @@ sflow_print(const u_char *pptr, u_int len) {
return;
}
+ if (tlen < sflow_sample_len)
+ goto trunc;
+
/* did we capture enough for fully decoding the sample ? */
- if (!TTEST2(*tptr, sflow_sample_len))
- goto trunc;
+ TCHECK2(*tptr, sflow_sample_len);
switch(sflow_sample_type) {
- case SFLOW_FLOW_SAMPLE: /* XXX */
+ case SFLOW_FLOW_SAMPLE:
+ if (sflow_print_flow_sample(tptr,tlen))
+ goto trunc;
break;
- case SFLOW_COUNTER_SAMPLE: /* XXX */
+ case SFLOW_COUNTER_SAMPLE:
+ if (sflow_print_counter_sample(tptr,tlen))
+ goto trunc;
break;
case SFLOW_EXPANDED_FLOW_SAMPLE:
- sflow_expanded_flow_sample = (const struct sflow_expanded_flow_sample_t *)tptr;
- nrecords = EXTRACT_32BITS(sflow_expanded_flow_sample->records);
-
- printf(" seqnum %u, type %u, idx %u, rate %u, pool %u, drops %u, records %u",
- EXTRACT_32BITS(sflow_expanded_flow_sample->seqnum),
- EXTRACT_32BITS(sflow_expanded_flow_sample->type),
- EXTRACT_32BITS(sflow_expanded_flow_sample->index),
- EXTRACT_32BITS(sflow_expanded_flow_sample->rate),
- EXTRACT_32BITS(sflow_expanded_flow_sample->pool),
- EXTRACT_32BITS(sflow_expanded_flow_sample->drops),
- EXTRACT_32BITS(sflow_expanded_flow_sample->records));
-
- tptr+= sizeof(struct sflow_expanded_flow_sample_t);
- tlen-= sizeof(struct sflow_expanded_flow_sample_t);
-
- while ( nrecords > 0 && tlen > 0) {
-
- /* decode Flow record - 2 bytes */
- flow_type = EXTRACT_32BITS(tptr)&0x0FFF;
- flow_len = EXTRACT_32BITS(tptr+4);
- printf("\n\t %s (%u) length %u",
- tok2str(sflow_flow_type_values,"Unknown",flow_type),
- flow_type,
- flow_len);
-
- tptr += 8;
- tlen -= 8;
-
- /* did we capture enough for fully decoding the flow ? */
- if (!TTEST2(*tptr, flow_len))
- goto trunc;
-
- switch(flow_type) {
- case SFLOW_FLOW_RAW_PACKET:
- sflow_flow_raw = (const struct sflow_expanded_flow_raw_t *)tptr;
- printf("\n\t protocol %s (%u), length %u, stripped bytes %u, header_size %u",
- tok2str(sflow_flow_raw_protocol_values,"Unknown",EXTRACT_32BITS(sflow_flow_raw->protocol)),
- EXTRACT_32BITS(sflow_flow_raw->protocol),
- EXTRACT_32BITS(sflow_flow_raw->length),
- EXTRACT_32BITS(sflow_flow_raw->stripped_bytes),
- EXTRACT_32BITS(sflow_flow_raw->header_size));
- break;
-
- /*
- * FIXME those are the defined flow types that lack a decoder
- */
- case SFLOW_FLOW_ETHERNET_FRAME:
- case SFLOW_FLOW_IPV4_DATA:
- case SFLOW_FLOW_IPV6_DATA:
- case SFLOW_FLOW_EXTENDED_SWITCH_DATA:
- case SFLOW_FLOW_EXTENDED_ROUTER_DATA:
- case SFLOW_FLOW_EXTENDED_GATEWAY_DATA:
- case SFLOW_FLOW_EXTENDED_USER_DATA:
- case SFLOW_FLOW_EXTENDED_URL_DATA:
- case SFLOW_FLOW_EXTENDED_MPLS_DATA:
- case SFLOW_FLOW_EXTENDED_NAT_DATA:
- case SFLOW_FLOW_EXTENDED_MPLS_TUNNEL:
- case SFLOW_FLOW_EXTENDED_MPLS_VC:
- case SFLOW_FLOW_EXTENDED_MPLS_FEC:
- case SFLOW_FLOW_EXTENDED_MPLS_LVP_FEC:
- case SFLOW_FLOW_EXTENDED_VLAN_TUNNEL:
- break;
- default:
- if (vflag <= 1)
- print_unknown_data(tptr, "\n\t ", flow_len);
- break;
-
- }
- tptr += flow_len;
- tlen -= flow_len;
- nrecords--;
- }
- break;
+ if (sflow_print_expanded_flow_sample(tptr,tlen))
+ goto trunc;
+ break;
case SFLOW_EXPANDED_COUNTER_SAMPLE:
- sflow_expanded_counter_sample = (const struct sflow_expanded_counter_sample_t *)tptr;
- nrecords = EXTRACT_32BITS(sflow_expanded_counter_sample->records);
-
- printf(" seqnum %u, type %u, idx %u, records %u",
- EXTRACT_32BITS(sflow_expanded_counter_sample->seqnum),
- EXTRACT_32BITS(sflow_expanded_counter_sample->type),
- EXTRACT_32BITS(sflow_expanded_counter_sample->index),
- nrecords);
-
- tptr+= sizeof(struct sflow_expanded_counter_sample_t);
- tlen-= sizeof(struct sflow_expanded_counter_sample_t);
-
- while ( nrecords > 0 && tlen > 0) {
-
- /* decode counter record - 2 bytes */
- counter_type = EXTRACT_32BITS(tptr)&0x0FFF;
- counter_len = EXTRACT_32BITS(tptr+4);
- printf("\n\t %s (%u) length %u",
- tok2str(sflow_counter_type_values,"Unknown",counter_type),
- counter_type,
- counter_len);
-
- tptr += 8;
- tlen -= 8;
-
- /* did we capture enough for fully decoding the counter ? */
- if (!TTEST2(*tptr, counter_len))
- goto trunc;
-
- switch(counter_type) {
- case SFLOW_COUNTER_GENERIC:
- sflow_gen_counter = (const struct sflow_generic_counter_t *)tptr;
- printf("\n\t ifindex %u, iftype %u, ifspeed %u, ifdirection %u (%s)",
- EXTRACT_32BITS(sflow_gen_counter->ifindex),
- EXTRACT_32BITS(sflow_gen_counter->iftype),
- EXTRACT_32BITS(sflow_gen_counter->ifspeed),
- EXTRACT_32BITS(sflow_gen_counter->ifdirection),
- tok2str(sflow_iface_direction_values, "Unknown",
- EXTRACT_32BITS(sflow_gen_counter->ifdirection)));
- printf("\n\t ifstatus %u, adminstatus: %s, operstatus: %s",
- EXTRACT_32BITS(sflow_gen_counter->ifstatus),
- EXTRACT_32BITS(sflow_gen_counter->ifstatus)&1 ? "up" : "down",
- (EXTRACT_32BITS(sflow_gen_counter->ifstatus)>>1)&1 ? "up" : "down");
- printf("\n\t In octets %" PRIu64
- ", unicast pkts %u, multicast pkts %u, broadcast pkts %u, discards %u",
- EXTRACT_64BITS(sflow_gen_counter->ifinoctets),
- EXTRACT_32BITS(sflow_gen_counter->ifinunicastpkts),
- EXTRACT_32BITS(sflow_gen_counter->ifinmulticastpkts),
- EXTRACT_32BITS(sflow_gen_counter->ifinbroadcastpkts),
- EXTRACT_32BITS(sflow_gen_counter->ifindiscards));
- printf("\n\t In errors %u, unknown protos %u",
- EXTRACT_32BITS(sflow_gen_counter->ifinerrors),
- EXTRACT_32BITS(sflow_gen_counter->ifinunkownprotos));
- printf("\n\t Out octets %" PRIu64
- ", unicast pkts %u, multicast pkts %u, broadcast pkts %u, discards %u",
- EXTRACT_64BITS(sflow_gen_counter->ifoutoctets),
- EXTRACT_32BITS(sflow_gen_counter->ifoutunicastpkts),
- EXTRACT_32BITS(sflow_gen_counter->ifoutmulticastpkts),
- EXTRACT_32BITS(sflow_gen_counter->ifoutbroadcastpkts),
- EXTRACT_32BITS(sflow_gen_counter->ifoutdiscards));
- printf("\n\t Out errors %u, promisc mode %u",
- EXTRACT_32BITS(sflow_gen_counter->ifouterrors),
- EXTRACT_32BITS(sflow_gen_counter->ifpromiscmode));
- break;
- case SFLOW_COUNTER_ETHERNET:
- sflow_eth_counter = (const struct sflow_ethernet_counter_t *)tptr;
- printf("\n\t align errors %u, fcs errors %u, single collision %u, multiple collision %u, test error %u",
- EXTRACT_32BITS(sflow_eth_counter->alignerrors),
- EXTRACT_32BITS(sflow_eth_counter->fcserrors),
- EXTRACT_32BITS(sflow_eth_counter->single_collision_frames),
- EXTRACT_32BITS(sflow_eth_counter->multiple_collision_frames),
- EXTRACT_32BITS(sflow_eth_counter->test_errors));
- printf("\n\t deferred %u, late collision %u, excessive collision %u, mac trans error %u",
- EXTRACT_32BITS(sflow_eth_counter->deferred_transmissions),
- EXTRACT_32BITS(sflow_eth_counter->late_collisions),
- EXTRACT_32BITS(sflow_eth_counter->excessive_collisions),
- EXTRACT_32BITS(sflow_eth_counter->mac_transmit_errors));
- printf("\n\t carrier error %u, frames too long %u, mac receive errors %u, symbol errors %u",
- EXTRACT_32BITS(sflow_eth_counter->carrier_sense_errors),
- EXTRACT_32BITS(sflow_eth_counter->frame_too_longs),
- EXTRACT_32BITS(sflow_eth_counter->mac_receive_errors),
- EXTRACT_32BITS(sflow_eth_counter->symbol_errors));
- break;
- case SFLOW_COUNTER_TOKEN_RING: /* XXX */
- break;
- case SFLOW_COUNTER_BASEVG:
- sflow_100basevg_counter = (const struct sflow_100basevg_counter_t *)tptr;
- printf("\n\t in high prio frames %u, in high prio octets %" PRIu64,
- EXTRACT_32BITS(sflow_100basevg_counter->in_highpriority_frames),
- EXTRACT_64BITS(sflow_100basevg_counter->in_highpriority_octets));
- printf("\n\t in norm prio frames %u, in norm prio octets %" PRIu64,
- EXTRACT_32BITS(sflow_100basevg_counter->in_normpriority_frames),
- EXTRACT_64BITS(sflow_100basevg_counter->in_normpriority_octets));
- printf("\n\t in ipm errors %u, oversized %u, in data errors %u, null addressed frames %u",
- EXTRACT_32BITS(sflow_100basevg_counter->in_ipmerrors),
- EXTRACT_32BITS(sflow_100basevg_counter->in_oversized),
- EXTRACT_32BITS(sflow_100basevg_counter->in_data_errors),
- EXTRACT_32BITS(sflow_100basevg_counter->in_null_addressed_frames));
- printf("\n\t out high prio frames %u, out high prio octets %" PRIu64
- ", trans into frames %u",
- EXTRACT_32BITS(sflow_100basevg_counter->out_highpriority_frames),
- EXTRACT_64BITS(sflow_100basevg_counter->out_highpriority_octets),
- EXTRACT_32BITS(sflow_100basevg_counter->transitioninto_frames));
- printf("\n\t in hc high prio octets %" PRIu64
- ", in hc norm prio octets %" PRIu64
- ", out hc high prio octets %" PRIu64,
- EXTRACT_64BITS(sflow_100basevg_counter->hc_in_highpriority_octets),
- EXTRACT_64BITS(sflow_100basevg_counter->hc_in_normpriority_octets),
- EXTRACT_64BITS(sflow_100basevg_counter->hc_out_highpriority_octets));
- break;
- case SFLOW_COUNTER_VLAN:
- sflow_vlan_counter = (const struct sflow_vlan_counter_t *)tptr;
- printf("\n\t vlan_id %u, octets %" PRIu64
- ", unicast_pkt %u, multicast_pkt %u, broadcast_pkt %u, discards %u",
- EXTRACT_32BITS(sflow_vlan_counter->vlan_id),
- EXTRACT_64BITS(sflow_vlan_counter->octets),
- EXTRACT_32BITS(sflow_vlan_counter->unicast_pkt),
- EXTRACT_32BITS(sflow_vlan_counter->multicast_pkt),
- EXTRACT_32BITS(sflow_vlan_counter->broadcast_pkt),
- EXTRACT_32BITS(sflow_vlan_counter->discards));
- break;
- case SFLOW_COUNTER_PROCESSOR: /* XXX */
- break;
- default:
- if (vflag <= 1)
- print_unknown_data(tptr, "\n\t\t", counter_len);
- break;
- }
- tptr += counter_len;
- tlen -= counter_len;
- nrecords--;
- }
- break;
+ if (sflow_print_expanded_counter_sample(tptr,tlen))
+ goto trunc;
+ break;
+
default:
if (vflag <= 1)
print_unknown_data(tptr, "\n\t ", sflow_sample_len);
OpenPOWER on IntegriCloud